Store Dynatrace images in private registries - OpenShift

You can store Dynatrace containers in private registries in OpenShift environments using either a lightweight or an immutable OneAgent container image.

  • The lightweight image consists of a OneAgent installer, which downloads necessary binaries from a Dynatrace cluster.
  • The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.
  1. Pull the OneAgent Operator image.
    Example command:
docker pull docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest OneAgent Operator version.

  1. Pull a specific immutable OneAgent image version.
    Example command:
docker pull <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_ENVIRONMENT_DOMAIN_NAME> with your own environment domain name (the URL without https://), and <x.y.z> with your desired OneAgent version.

  1. Tag each image for your own registry.
    Example command:
docker tag docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker tag <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z> <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace:

  • <X.Y.Z> with the latest OneAgent Operator version.
  • <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the OneAgent Operator address from your private registry.
  • <YOUR_ENVIRONMENT_DOMAIN_NAME> with your environment domain name (the URL without https://).
  • <x.y.z> with your desired OneAgent version.
  • <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.
  1. Push both images to your own registry.
    Example command:
docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>, <X.Y.Z>, and <x.y.z> with your own values.

  1. Download the latest openshift.yaml file from the Dynatrace GitHub repository.
wget https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/openshift.yaml
  1. If your registries need authentication, update imagePullSecrets on different service accounts.
    For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.

  2. Deploy OneAgent Operator.

oc adm new-project --node-selector="" dynatrace
oc apply -f openshift.yaml
  1. Download the cr.yaml file for OneAgent custom resource.
wget https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
  1. Open cr.yaml in a text editor and make the following changes:
  • Change useImmutableImage to true.
  • Adapt other values according to the parameters section of the OneAgent Operator deployment page.
    Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.
  1. Deploy the OneAgent custom resource.
oc apply -f cr.yaml