Migrate Dynatrace Operator
If you deployed Dynatrace Operator to a Kubernetes cluster, the easiest way to migrate Kubernetes monitoring from your Managed cluster to your SaaS environment is to reconfigure the Dynatrace Operator deployment. You'll need to update a single configuration to perform Dynatrace Operator reconfiguration at the environment level.
Before you begin
Before installing Dynatrace on your Kubernetes cluster, ensure that you meet the following requirements:
kubectlCLI is connected to the Kubernetes cluster that you want to monitor.
- You have sufficient privileges on the monitored cluster to run
Cluster setup and configuration
- You must allow egress for Dynatrace pods (default: Dynatrace namespace) to your Dynatrace environment or to your Environment ActiveGate
- For OpenShift Dedicated, you need the cluster-admin role.
- Helm installation Use Helm version 3.
Generate a token
To generate an access token in the target SaaS environment,
- In the Dynatrace menu, select Access tokens.
- Select Generate new token.
- Enter a name for your token.
Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper naming helps you to efficiently manage your tokens and perhaps delete them when they're no longer needed.
- Select the template Kubernetes: Dynatrace Operator.
This will automatically add the required scopes (see Operator token).
- Select Generate token.
- Copy the generated token to the clipboard. Store the token in a password manager for future use.
You can only access your token once upon creation. You can't reveal it afterward.
Generating a token in the target SaaS environment won't affect your Kubernetes cluster nor your Managed cluster.
Create a new secret
To create a new secret (
saasdynakube) holding the new token in the Kubernetes cluster, replace the placeholders in the code sample below (
<API-TOKEN>) with your own values, then run the command.
kubectl -n dynatrace create secret generic saasdynakube --from-literal="apiToken=<API-TOKEN>"
oc -n dynatrace create secret generic saasdynakube --from-literal="apiToken=<API-TOKEN>"
Your Kubernetes cluster will then contain the new secret
saasdynakube holding the new token.
Update DynaKube custom resource file
To update an existing DynaKube custom resource file with the new secret,
To start modifying
dynakubecustom resource file, run the command belowbash
kubectl edit dynakube dynakube -n dynatracebash
oc edit dynakube dynakube -n dynatrace
Update the configuration parameter values as follows, making sure to replace the placeholders (
saasdynakube) with your own values
Parameter Updated value
Your existing DynaKube custom resource file will then be updated to reference the new secret
saasdynakubeand the SaaS environment.
Restart your applications.
Your OneAgents will then point to the SaaS environment. Because existing connections to the Dynatrace Managed cluster will no longer be active, we recommend deleting any existing secret that is no longer used for this connection.