Containerized ActiveGate volumes

  • Latest Dynatrace
  • 3-min read
  • Published Sep 01, 2023

While running, the ActiveGate container writes data to certain directories within the root filesystem.

Writeable directories

Size requirements

See ActiveGate directories for estimated size requirements for each directory.

Hardened security

The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem is set to true.

This prevents the container from modifying any image content, so directories need to be set up using volumes.

Security context

securityContext:
  allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault

Volumes

volumeMounts:
  - name: server-certs-storage
    mountPath: /var/lib/dynatrace/gateway/ssl
  - name: ag-lib-gateway-config
    mountPath: /var/lib/dynatrace/gateway/config
  - name: ag-lib-gateway-temp
    mountPath: /var/lib/dynatrace/gateway/temp
  - name: ag-lib-gateway-data
    mountPath: /var/lib/dynatrace/gateway/data
  - name: ag-log-gateway
    mountPath: /var/log/dynatrace/gateway
  - name: ag-tmp-gateway
    mountPath: /var/tmp/dynatrace/gateway

Refer to ActiveGate storage requirements for volume sizing.