Deploy OneAgent on Kubernetes for application-only monitoring by automatic injection using OneAgent Operator (deprecated)

This procedure is deprecated.

If you are making a fresh installation, you should deploy OneAgent for application-only monitoring by automatic injection using Dynatrace Operator.
If you already have OneAgent installed via automatic injection using OneAgent Operator, please see the instructions for migrating to Dynatrace Operator.

Dynatrace offers the option to inject OneAgent into Kubernetes pods. OneAgent Operator runs an admission controller that can modify pods to inject OneAgent by adding an init container. This init container will download the OneAgent package and configure the other containers to be monitored.

When deployed in application-only mode, OneAgent monitors the memory, disk, CPU, and networking of processes within the container only. Host metrics aren't monitored.

Prerequisites

Create a PaaS Token.
Review the list of supported applications and versions.
Kubernetes version 1.14+
OneAgent Operator version 0.8.0+

This deployment strategy requires extra ephemeral storage:

~325 MB for glibc
~290 MB for musl
~650 MB for glibc and musl combined

Deploy OneAgent

Create a Dynatrace namespace.
```
kubectl create namespace dynatrace
```

Install OneAgent Operator.

OneAgent Operator acts on its dynatrace namespace. You can also observe the logs of OneAgent Operator.

kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator

Create the secret holding the PaaS token for authentication to the Dynatrace Cluster.

kubectl -n dynatrace create secret generic oneagent --from-literal="paasToken=PAAS_TOKEN"

Save the OneAgent custom resource definition. The rollout of Dynatrace OneAgent for application-only installations is governed by the custom resource type OneAgentAPM. Retrieve the cr-apm.yaml file from the GitHub repository.
```
curl -o cr-apm.yaml https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr-apm.yaml
```
Adapt the values of the custom resource as follows:
- required Specify the spec.apiUrl parameter, which is the URL of your Dynatrace environment, for your SaaS, Managed, or ActiveGate instance.
- optional Configure spec.useImmutableImage to true to pull a OneAgent Docker image from your Dynatrace environment. Use this parameter together with the agentVersion parameter to control the version of OneAgent.
- optional Configure spec.agentVersion using semantic versioning (major.minor.patch - example: 1.203.0). If no version is specified, the OneAgent defaults to the latest version available.
- optional Configure network zones by setting the spec.networkZone parameter to your network zone.
```
spec:
  networkZone: <your_network_zone>
```
See network zones for more information.
Label your namespaces.

OneAgent Operator injects into all pods that belong to namespaces labeled oneagent.dynatrace.com/instance. The value for this label must be the name of the OneAgentAPM instance that you want to use to configure the corresponding namespaces. You must label all namespaces you want to monitor. Note that the namespaces can point to different OneAgentAPM instances.
```
kubectl label namespace default oneagent.dynatrace.com/instance=oneagentapm
```
Configure the injection.

You can configure the injection through Kubernetes annotations.

These settings apply to all containers running on the corresponding pods.
oneagent.dynatrace.com/inject: <"true"> or <"false">. Sets the default injection for pods on the namespace. Can be overridden by adding the annotation to the pods themselves. It defaults to true.
Example
kubectl annotate namespace default oneagent.dynatrace.com/inject=false
namespace/default annotated
oneagent.dynatrace.com/inject: <"true"> or <"false">. If set to false, no modifications will be applied to the pod. If not set, the default on the namespace is used.

oneagent.dynatrace.com/flavor: <"default"> or <"musl">. If set, it indicates whether binaries for glibc or musl are to be downloaded. It defaults to glibc.

If your container uses musl (for example, Alpine base image), you must add the flavor annotation in order to monitor it.

oneagent.dynatrace.com/technologies: <"comma-separated technologies list">. If set, it filters which code modules are to be downloaded. It defaults to "all".

oneagent.dynatrace.com/install-path: <"path">. If set, it indicates the path where the unpacked OneAgent directory will be mounted. It defaults to "/opt/dynatrace/oneagent-paas".

oneagent.dynatrace.com/installer-url: <"url">. If set, it indicates the URL from where the OneAgent app-only package will be downloaded. It defaults to the Dynatrace environment API configured on the API URL of OneAgentAPM.

Example
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-app
spec:
selector:
matchLabels:
app: sample-app
strategy:
type: Recreate
template:
metadata:
annotations:
# The configuration for app-only injection should be set here.
oneagent.dynatrace.com/technologies: "java,nginx"
oneagent.dynatrace.com/flavor: "musl"
oneagent.dynatrace.com/inject: "true"
oneagent.dynatrace.com/install-path: "/dynatrace"
oneagent.dynatrace.com/installer-url: "https://my-custom-url/route/file.zip"
labels:
app: sample-app
spec:
containers:
- command: [ "java", "-jar", "/app/app.jar" ]
image: "my-image"
# ...
Create the custom resource
```
kubectl apply -f cr-apm.yaml
```
Deploy your applications.

All deployed pods will then be monitored.
For troubleshooting purposes, you can view OneAgent logs, which by default are on /opt/dynatrace/oneagent-paas/log inside the instrumented containers.

Uninstall OneAgent

Uninstall OneAgent Operator.

kubectl delete -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml

Delete the dynatrace namespace. This will also delete OneAgentAPM objects.
optional Remove the corresponding labels and annotations from namespaces/pods.
Redeploy your pods.