While running, the ActiveGate container writes data to certain directories within the root filesystem.
Purpose of directory
Default path
ActiveGate configuration
/var/lib/dynatrace/gateway/config
ActiveGate SSL directory
/var/lib/dynatrace/gateway/ssl
ActiveGate temporary files
/var/tmp/dynatrace/gateway
ActiveGate logs
/var/log/dynatrace/gateway
Environment data
/var/lib/dynatrace/gateway/data
Dump files uploaded to ActiveGate by OneAgent
/var/lib/dynatrace/gateway/dump
ActiveGate temporary files
/var/lib/dynatrace/gateway/temp
See ActiveGate directories for estimated size requirements for each directory.
The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem
is set to true
.
This prevents the container from modifying any image content, so directories need to be set up using volumes.
securityContext:allowPrivilegeEscalation: falsecapabilities:drop:- allprivileged: falsereadOnlyRootFilesystem: truerunAsNonRoot: trueseccompProfile:type: RuntimeDefault
volumeMounts:- name: server-certs-storagemountPath: /var/lib/dynatrace/gateway/ssl- name: ag-lib-gateway-configmountPath: /var/lib/dynatrace/gateway/config- name: ag-lib-gateway-tempmountPath: /var/lib/dynatrace/gateway/temp- name: ag-lib-gateway-datamountPath: /var/lib/dynatrace/gateway/data- name: ag-log-gatewaymountPath: /var/log/dynatrace/gateway- name: ag-tmp-gatewaymountPath: /var/tmp/dynatrace/gateway
Refer to ActiveGate storage requirements for volume sizing.