• Home
  • Upgrade to SaaS
  • Upgrade your deployment
  • Migrate Dynatrace Operator

Migrate Dynatrace Operator

If you deployed Dynatrace Operator to a Kubernetes cluster, the easiest way to migrate Kubernetes monitoring from your Managed cluster to your SaaS environment is to reconfigure the Dynatrace Operator deployment. You'll need to update a single configuration to perform Dynatrace Operator reconfiguration at the environment level.

Prerequisites

Before you begin

Before installing Dynatrace on your Kubernetes cluster, ensure that you meet the following requirements:

  • Your kubectl CLI is connected to the Kubernetes cluster that you want to monitor.
  • You have sufficient privileges on the monitored cluster to run kubectl or oc commands.

Cluster setup and configuration

  • You must allow egress for Dynatrace pods (default: Dynatrace namespace) to your Dynatrace environment or to your Environment ActiveGate
  • For OpenShift Dedicated, you need the cluster-admin role.
  • Helm installation Use Helm version 3.

Supported versions

See supported Kubernetes/OpenShift platform versions and distributions.

Generate a token

Create a new secret

Update DynaKube custom resource file

Generate a token

To generate an access token in the target SaaS environment,

  1. In the Dynatrace menu, select Access tokens.
  2. Select Generate new token.
  3. Enter a name for your token.
    Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper naming helps you to efficiently manage your tokens and perhaps delete them when they're no longer needed.
  4. Select the template Kubernetes: Dynatrace Operator.
    This will automatically add the required scopes (see Operator token).
  5. Select Generate token.
  6. Copy the generated token to the clipboard. Store the token in a password manager for future use.

    You can only access your token once upon creation. You can't reveal it afterward.

Generating a token in the target SaaS environment won't affect your Kubernetes cluster nor your Managed cluster.

Create a new secret

To create a new secret (saasdynakube) holding the new token in the Kubernetes cluster, replace the placeholders in the code sample below (saasdynakube and <API-TOKEN>) with your own values, then run the command.

bash
kubectl -n dynatrace create secret generic saasdynakube --from-literal="apiToken=<API-TOKEN>"
bash
oc -n dynatrace create secret generic saasdynakube --from-literal="apiToken=<API-TOKEN>"

Your Kubernetes cluster will then contain the new secret saasdynakube holding the new token.

Update DynaKube custom resource file

To update an existing DynaKube custom resource file with the new secret,

  1. Learn your SaaS Environment ID by going to User menu > Account settings.

  2. To start modifying dynakube custom resource file, run the command below

    bash
    kubectl edit dynakube dynakube -n dynatrace
    bash
    oc edit dynakube dynakube -n dynatrace

  3. Update the configuration parameter values as follows, making sure to replace the placeholders ({your-saas-environment-id} and saasdynakube) with your own values

    ParameterUpdated value

    apiUrl

    https://{your-saas-environment-id}.live.dynatrace.com/api

    token

    saasdynakube

    Your existing DynaKube custom resource file will then be updated to reference the new secret saasdynakube and the SaaS environment.

  4. Restart your applications.
    Your OneAgents will then point to the SaaS environment. Because existing connections to the Dynatrace Managed cluster will no longer be active, we recommend deleting any existing secret that is no longer used for this connection.