Set up Kubernetes Connector
- Latest Dynatrace
- How-to guide
- 3-min read
Learn how to set up Kubernetes Connector, including EdgeConnect. After this setup, you can start using Kubernetes actions in your workflow.
Prerequisite
-
Access to a Kubernetes (K8s) cluster.
-
Kubernetes cluster version 1.22 or higher
Steps
Deploy EdgeConnect for Kubernetes Connector
Follow the steps described in EdgeConnect for Kubernetes Connector.
Create the connection
The Kubernetes workflow actions require a connection to select the Kubernetes cluster where the workflow actions operate. A connection selects the Kubernetes cluster, specifically the deployed EdgeConnect used to send requests to the Kubernetes API. A connection consists of the following fields:
| Field Name | Description |
|---|---|
| EdgeConnect Name | The name of EdgeConnect. The name has to match the EdgeConnect configuration in the Dynatrace platform. |
| K8s Cluster UID | The UID of the kube-system namespace used as a pseudo-ID for the cluster. |
| Namespace | The namespace where EdgeConnect is deployed. |
| Token | The token required by EdgeConnect to access the ServiceAccount token. |
You can skip the following steps using the Operator-supported setup of EdgeConnect because the Operator automates these.
To add a new Kubernetes Connector connection
-
Go to Settings and select Connections > Connectors > Kubernetes.
-
Select
Connection -
Enter the name of the EdgeConnect deployment in EdgeConnect Name. You can find the name of EdgeConnect in your EdgeConnect configuration.
-
Enter in K8s Cluster UID the UID returned by this command:
kubectl get namespace kube-system --output jsonpath={.metadata.uid} -
Enter the Kubernetes namespace where the EdgeConnect is deployed in Namespace.
-
Enter the token used in your EdgeConnect configuration in Token.
-
optional Select Validate Connection to check if your new connection is valid.
-
Select Create.
Dynatrace Account Management supports controlling what groups can use a connection. You need to define a policy with the statement ALLOW app-settings:objects:read WHERE settings:schemaId = "app:dynatrace.kubernetes.connector:connection" and assign this policy to a group that should be allowed to use the connections.
All users within this group can then use all the connections.
Dynatrace Account Management permission does not support controlling the access for single connections.
Grant permissions to Workflows
Some permissions are required by Workflows to run actions on your behalf.
To fine-tune permissions granted to Workflows
-
Go to Workflows and select Settings > Authorization settings.
-
Select the following permissions besides the general Workflows permission.
app-settings:objects:readstate:app-states:readstate:app-states:write
For more on general Workflows user permissions, see User permissions for workflows.