Set up Kubernetes Connector

  • Latest Dynatrace
  • How-to guide
  • 3-min read

Learn how to set up Kubernetes Connector, including EdgeConnect. After this setup, you can start using Kubernetes actions in your workflow.

Prerequisite

  • Access to a Kubernetes (K8s) cluster.

  • Kubernetes cluster version 1.22 or higher

Steps

Step 1

Deploy EdgeConnect

Step 2

Create the connection

Step 3

Grant permissions to Workflows

Step 1 Deploy EdgeConnect for Kubernetes Connector

Follow the steps described in EdgeConnect for Kubernetes Connector.

Step 2 Create the connection

The Kubernetes workflow actions require a connection to select the Kubernetes cluster where the workflow actions operate. A connection selects the Kubernetes cluster, specifically the deployed EdgeConnect used to send requests to the Kubernetes API. A connection consists of the following fields:

Field Name
Description
EdgeConnect Name
The name of EdgeConnect. The name has to match the EdgeConnect configuration in the Dynatrace platform.
K8s Cluster UID
The UID of the kube-system namespace used as a pseudo-ID for the cluster.
Namespace
The namespace where EdgeConnect is deployed.
Token
The token required by EdgeConnect to access the ServiceAccount token.

You can skip the following steps using the Operator-supported setup of EdgeConnect because the Operator automates these.

To add a new Kubernetes Connector connection

  1. Go to Settings and select Connections > Connectors > Kubernetes.

  2. Select Add Connection

  3. Enter the name of the EdgeConnect deployment in EdgeConnect Name. You can find the name of EdgeConnect in your EdgeConnect configuration.

  4. Enter in K8s Cluster UID the UID returned by this command:

    kubectl get namespace kube-system --output jsonpath={.metadata.uid}

  5. Enter the Kubernetes namespace where the EdgeConnect is deployed in Namespace.

  6. Enter the token used in your EdgeConnect configuration in Token.

  7. optional Select Validate Connection to check if your new connection is valid.

  8. Select Create.

Dynatrace Account Management supports controlling what groups can use a connection. You need to define a policy with the statement ALLOW app-settings:objects:read WHERE settings:schemaId = "app:dynatrace.kubernetes.connector:connection" and assign this policy to a group that should be allowed to use the connections. All users within this group can then use all the connections.

Dynatrace Account Management permission does not support controlling the access for single connections.

Step 4 Grant permissions to Workflows

Some permissions are required by Workflows to run actions on your behalf.

To fine-tune permissions granted to Workflows

  1. Go to Workflows and select Settings > Authorization settings.

  2. Select the following permissions besides the general Workflows permission.

    • app-settings:objects:read
    • state:app-states:read
    • state:app-states:write

For more on general Workflows user permissions, see User permissions for workflows.

Related tags
Software Delivery