Set up the Dynatrace Google Cloud metric integration on a GKE cluster

Dynatrace version 1.230+

As an alternative to the main deployment, that provides Google Cloud monitoring for both metrics and logs, you can choose to set up monitoring for metrics only. In this scenario, you'll run the deployment script in Google Cloud Shell. Instructions will depend on the location where you want the deployment script to run:

  • On a new GKE Autopilot cluster created automatically recommended

  • On an existing GKE standard or GKE Autopilot cluster

During setup, GKE will run a metric forwarder container. After installation, you'll get metrics, dashboards, and alerts for your configured services in Dynatrace.

For other deployment options, see Alternative deployment scenarios.

This page describes how to install version 1.0 of the Google Cloud integration on a GKE cluster.

Limitations

Dynatrace Google Cloud metric integration supports up to 50 Google Cloud projects with the standard deployment. To monitor larger environments, you need to enable metrics scope. See Monitor multiple Google Cloud projects - Large environments.

Prerequisites

To deploy the integration, you need to make sure the following requirements are met on the machine where you are running the installation.

  • Linux OS only

  • Internet access

  • GKE Cluster access

  • Dynatrace environment access

    You need to configure the Dynatrace endpoint (environment, cluster or ActiveGate URL) to which the GKE cluster should send metrics and logs. Make sure that you have direct network access or, if there is a proxy or any other component present in between, that communication is not affected.

Tools

You can deploy the Dynatrace GCP integration in Google Cloud Shell or in bash.

If you use bash, you need to install:

Google Cloud permissions

Running the deployment script requires a list of permissions. You need to create a custom role (see below) and use it to deploy dynatrace-gcp-monitor.

  1. Create a YAML file named dynatrace-gcp-monitor-helm-deployment-role.yaml with the following content:
title: Dynatrace GCP Monitor helm deployment role
description: Role for Dynatrace GCP Monitor helm and pubsub deployment
stage: GA
includedPermissions:
  - container.clusters.get
  - container.configMaps.create
  - container.configMaps.delete
  - container.configMaps.get
  - container.configMaps.update
  - container.deployments.create
  - container.deployments.delete
  - container.deployments.get
  - container.deployments.update
  - container.namespaces.create
  - container.namespaces.get
  - container.pods.get
  - container.pods.list
  - container.secrets.create
  - container.secrets.delete
  - container.secrets.get
  - container.secrets.list
  - container.secrets.update
  - container.serviceAccounts.create
  - container.serviceAccounts.delete
  - container.serviceAccounts.get
  - iam.roles.create
  - iam.roles.list
  - iam.roles.update
  - iam.serviceAccounts.actAs
  - iam.serviceAccounts.create
  - iam.serviceAccounts.getIamPolicy
  - iam.serviceAccounts.list
  - iam.serviceAccounts.setIamPolicy
  - resourcemanager.projects.get
  - resourcemanager.projects.getIamPolicy
  - resourcemanager.projects.setIamPolicy
  - serviceusage.services.enable
  - serviceusage.services.get
  - serviceusage.services.list
  - serviceusage.services.use

Each group of permissions is used to handle the different resources included in the integration. Creation and access are for new resources, update is for reusing existing resources, and deletion is for uninstalling.

  • container.configMaps: for mapping secrets and other variables used by the containers.
  • container.deployments: for the K8s' deployment within the cluster (which includes the pods, containers, etc.).
  • container.namespaces: for the K8s namespace in which we are deploying the resources.
  • container.pods: for the K8s pods.
  • container.secrets: for the K8s secrets in which to store the data-sensitive variables.
  • container.serviceAccounts: for the SA to be taken in the K8s context.
  • iam.roles: for the necessary permissions for metrics collection.
  • iam.serviceAccounts: for the general context SA.
  • resourcemanager.projects: for handling the project in which we are deploying our integration.
  • serviceusage.services: for handling the services' APIs.
  1. Run the command below, replacing <your_project_ID> with the project ID where you want to deploy the Dynatrace integration.
gcloud iam roles create dynatrace_monitor.helm_deployment --project=<your_project_ID> --file=dynatrace-gcp-monitor-helm-deployment-role.yaml

Be sure to add this role to your Google Cloud user. For details, see Grant or revoke a single role.

Google Cloud settings

The location where you deploy the integration determines whether you need to change additional settings.

Deploy on a GKE Autopilot cluster

If you deploy the integration on an existing GKE Autopilot cluster or on a new Autopilot cluster that will be automatically created by the deployment script, you don't need to make any additional settings.

Deploy on a GKE standard cluster

If you deploy the integration on an existing GKE standard cluster, you need to:

Dynatrace permissions

You need to create a token with a set of permissions.

  1. Go to Access tokens.
  2. Select Generate new token.
  3. Enter a name for your token.
  4. Under Template, select GCP Services Monitoring.
  5. Select Generate.
  6. Copy the generated token to the clipboard. Store the token in a password manager for future use.

Alternatively, you can create the token and add permissions manually.

Create an API token and enable the following permissions:

  • API v1:
    • Read configuration
    • Write configuration
  • API v2:
    • Ingest metrics
    • Read extensions
    • Write extensions
    • Read extensions monitoring configuration
    • Write extensions monitoring configuration
    • Read extensions environment configuration
    • Write extensions environment configuration
    • Manage metadata of Hub items
    • Read Hub related data
    • Install and update Hub items

Install

Complete the steps below to finish your setup.

Step 1

Download the Helm deployment package in Google Cloud Shell

Step 2

Configure parameter values

Step 3

Connect your Kubernetes cluster

Step 4

Run the deployment script

Step 1 Download the Helm deployment package in Google Cloud Shell 

wget -q "https://github.com/dynatrace-oss/dynatrace-gcp-monitor/releases/latest/download/helm-deployment-package.tar"; tar -xvf helm-deployment-package.tar; chmod +x helm-deployment-package/deploy-helm.sh

Step 2 Configure parameter values

  1. The Helm deployment package contains a values.yaml file with the necessary configuration for this deployment. Go to helm-deployment-package/dynatrace-gcp-monitorand edit the values.yaml file, setting the required and optional parameter values as follows.

    You might want to store this file somewhere for future updates, since it will be needed in case of redeployments. Also, keep in mind that its schema can change. In such case, you should use the new file and only copy over the parameter values.

    Parameter nameDescriptionDefault value

    gcpProjectId

    required The ID of the Google Cloud project you've selected for deployment.

    Your current project ID

    deploymentType

    required Set to metrics.

    all

    dynatraceAccessKey

    required Your Dynatrace API token with the required permissions.

    dynatraceAccessKeySecretName

    optional You can specify the key to fetch the endpoint from Google Cloud Secret Manager, instead of using dynatraceAccessKey.

    dynatraceUrlSecretName

    optional You can specify the key to fetch the endpoint from Google Cloud Secret Manager, instead of using dynatraceUrl.

    dtSecurityContext

    optional Assign the attribute value used for data segmentation, analysis, and permission mapping within the Dynatrace platform. Refer to Grant access to entities with security context for more information. If left empty, the value of gcpProjectId will be assigned automatically.

    Value of gcpProjectId

    dynatraceUrl

    required For SaaS log ingestion, it's your environment URL (https://<your-environment-id>.live.dynatrace.com).

    requireValidCertificate

    optional If set to true, Dynatrace requires the SSL certificate of your Dynatrace environment.
    For SaaS log ingestion, we recommend leaving the default value.

    true

    selfMonitoringEnabled

    optional Send custom metrics to Google Cloud to quickly diagnose if dynatrace-gcp-monitor processes and sends logs to Dynatrace properly.For details, see Self-monitoring metrics for the Dynatrace Google Cloud integration.

    false

    serviceAccount

    optional Name of the service account to be created.

    dockerImage

    optionalDynatrace Google Cloud Monitor Docker image. We recommend using the default value, but you can adapt it if needed.

    dynatrace/dynatrace-gcp-monitor:v1-latest

    printMetricIngestInput

    optional If set to true, the Google Cloud Monitor outputs the lines of metrics to stdout.?????

    false

    serviceUsageBooking

    optional Service usage booking is used for metrics and determines a caller-specified project for quota and billing purposes.If set to source, monitoring API calls are booked in the project where the Kubernetes container is running.If set to destination, monitoring API calls are booked in the project that is monitored.For details, see Monitor multiple Google Cloud projects - Standard environments - Step 4.

    source

    useProxy

    optional Depending on the value you set for this flag, the Google Cloud Monitor will use the following proxy settings: Dynatrace (set to DT_ONLY), Google Cloud API (set to GCP_ONLY), or both (set to ALL).

    By default, proxy settings are not used.

    httpProxy

    optional The proxy HTTP address; use this flag in conjunction with USE_PROXY.

    httpsProxy

    optional The proxy HTTPS address; use this flag in conjunction with USE_PROXY.

    gcpServicesYaml

    optional Configuration file for Google Cloud services.

    queryInterval

    optional Metrics polling interval in minutes. Allowed values: 1 - 6

    3

    scopingProjectSupportEnabled

    optional Set to true when metrics scope is configured, so metrics will be collected from all projects added to the metrics scope. For details, see Monitor multiple Google Cloud projects - Large environments.

    false

    excludedProjects

    optional Comma-separated list of projects to be excluded from monitoring (for example, <project_A>,<project_B>)

    excludedMetricsAndDimensions

    optional Yaml formatted list of metrics and their dimensions to be excluded for monitoring.

    metricAutodiscovery

    optional If set to true, the Google Cloud Monitor will run in metric auto-discovery mode, expanding your options for selecting metrics to monitor. For more information, see Monitor Google Cloud projects using auto-discovery.

    clusterIpv4Cidr

    optional Set the IP address range for the pods in this cluster in CIDR notation, if you want to use a custom range.

    servicesIpv4Cidr

    optional Set the IP range for the services IPs. It can be specified as a netmask size or as in the CIDR notion.

    useCustomMasterCidr

    optional If set to true, you can specify the IPv4 CIDR range to use for the master network.

    false

    masterIpv4Cidr

    optional IPv4 CIDR range to use for the master network requires the useCustomMasterCidr value to be true.

  2. Choose which services you want Dynatrace to monitor.

    By default, the Dynatrace Google Cloud integration starts monitoring a set of selected services. Go to Google Cloud supported services for a list of supported services.

For DDU consumption information, see Monitoring consumption.

Step 3 Connect your Kubernetes cluster

  • If you want to have a new GKE Autopilot cluster created by the deployment script, add --create-autopilot-cluster to the script. Setting up a connection to the cluster will happen automatically in this case and you can proceed to step 4.
  • If you run the deployment script on an existing standard GKE or GKE Autopilot cluster, you can connect to your cluster from the Google Cloud console or via terminal. Follow the instructions below.

Step 4 Run the deployment script

  • If you run the deployment script on an existing standard GKE or GKE Autopilot cluster, the deployment script will create an IAM service account with the necessary roles and deploy dynatrace-gcp-monitor to your Kubernetes cluster.
  • If you run the deployment script with the --create-autopilot-cluster option, the deployment script will automatically create the new GKE Autopilot cluster and deploy dynatrace-gcp-monitor to it.

To run the deployment script, follow the instructions below.

Verify installation

To check whether installation was successful

  1. Check if the container is running.

    After the installation, it may take a couple of minutes before the container is up and running.

    kubectl -n dynatrace get pods

  2. Check the container logs for errors or exceptions. You have two options:

  1. Check if dashboards are imported.

    Go to Dashboards or Dashboards Classic (latest Dynatrace) and filter by Tag for Google Cloud. A number of dashboards for Google Cloud Services should be available.

Choose services for metrics monitoring

Services enabled by default

Monitoring of following services will be enabled during deployment of Google Cloud Monitor:

There are more service integrations available, but need to be enabled. Go to Google Cloud supported services for a list of supported services. The next section describes how to manage them. For an alternative approach, consider leveraging auto-discovery to extend your metric coverage.

Manage enabled services

You can manage enabled services via Dynatrace Hub.

Filter for "gcp"—you'll find annotations in the results for items that are already available in your environment.

To enable a new service, select it in Hub and then install it.

You can also disable a service via Dynatrace Hub.

To see if the services need updating, open them in Hub and check release notes. The updates can include new metrics, new assets like dashboards, or other changes.

All changes to enabled services are applied to Google Cloud Monitor within few minutes.

Feature sets & available metrics

To see what metrics are included for specific service, check Google Cloud supported services. By default, only defaultMetrics feature set is enabled. To enable additional feature sets, you have to uncomment them in values.yaml file and redeploy whole Google Cloud Monitor.

Current configuration of feature sets can be found in cluster's ConfigMap named dynatrace-gcp-function-config.

Advanced scope management

To further refine monitoring scope, you can use filter_conditions field in values.yaml file. This requires Google Cloud Monitor to be redeployed. See Google Cloud Monitoring filters for syntax.

Example:

filter_conditions:
resource.labels.location = "us-central1-c" AND resource.labels.namespace_name = "dynatrace"

Enable alerting

To activate alerting, you need to enable metric events for alerting in Dynatrace.

To enable metric events

  1. Go to Settings.
  2. In Anomaly detection, select Metric events.
  3. Filter for Google Cloud alerts and turn on On/Off for the alerts you want to activate.

View metrics

After deploying the integration, you can see metrics from monitored services (go to Metrics and filter by gcp).

Change deployment settings

Change parameters from values.yaml

To load a new values.yaml file, you need to upgrade your Helm release.

To update your Helm release

  1. Find out what Helm release version you're using.

    helm ls -n dynatrace

  2. Run the command below, making sure to replace <your-helm-release> with the value from the previous step.

    helm upgrade <your-helm-release> dynatrace-gcp-monitor -n dynatrace

For details, see Helm upgrade.

Change deployment type

To change the deployment type (all, metrics, or logs)

  1. Find out what helm release version you're using.

    helm ls -n dynatrace

  2. Uninstall the release.

    Be sure to replace <your-helm-release> with the release name from the previous output.

    helm uninstall <your-helm-release> -n dynatrace

  3. Edit deploymentType in values.yaml with the new value and save the file.

  4. Run the deployment command again. For details, see Run the deployment script.

Verification

To investigate potential deployment and connectivity issues

  1. Verify installation
  2. Enable self-monitoring optional
  3. Check the dynatrace_gcp_<date_time>.log log file created during the installation process.
  • This file will be created each time the installation script runs.
  • The debug information won't contain sensitive data such as the Dynatrace access key.
  • If you are contacting a Dynatrace product expert via live chat:
    • Make sure to provide the dynatrace_gcp_<date_time>.log log file described in the previous step.
    • Provide version information.
      • For issues during installation, check the version.txt file.
      • For issues during runtime, check container logs.

Uninstall

  1. Find out what Helm release version you're using.
helm ls -n dynatrace
  1. Uninstall the release.

Be sure to replace <your-helm-release> with the release name from the previous output.

helm uninstall <your-helm-release> -n dynatrace

Alternatively, you can delete the namespace.

kubectl delete namespace dynatrace
  1. To remove all monitoring assets (such as dashboards and alerts) from Dynatrace, you need to remove all Google Cloud extensions.

You can find and delete relevant extensions via Dynatrace Hub.

Make sure to uninstall the initial Role created and attached to the Service Account that you used to deploy the integration.

Monitoring consumption

All cloud services consume DDUs. The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs). For details, see Extending Dynatrace (Davis data units).

Related topics