Set up Kubernetes monitoring (deprecated)

Latest Dynatrace
11-min read
Published Dec 02, 2021

This page describes how to set up Kubernetes monitoring using Dynatrace Operator versions 0.2.0 and earlier.

If you are making a fresh installation, we recommend that you set up Kubernetes monitoring using Dynatrace Operator version 0.3.0+.
If you already set up monitoring with Dynatrace Operator version 0.2.0 or earlier, we recommend that you upgrade.
Upgrade to Dynatrace Operator version 0.3.0+
Run the following command.
```
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml
```
For preview features, where you use the CSI driver to provide binaries to pods, use the command below instead.
```
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes-csi.yaml
```

Deploy Dynatrace Operator and enable Kubernetes API monitoring

There are two ways to configure Dynatrace Operator to monitor your Kubernetes cluster, (automated or manual. See below for instructions.

Prerequisites

Dynatrace Cluster version 1.215
Kubernetes versions 1.19+
Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
See Support lifecycle for supported Kubernetes versions.

Automated

In Dynatrace Hub, select Kubernetes.
Select Set up.
On the Monitor Kubernetes / OpenShift page, follow the on-screen deployment instructions.
- Name: This name is used by various Dynatrace settings, including Kubernetes cluster name, Network Zone, ActiveGate Group, and Host Group
- Platform: Kubernetes
- PaaS token and API token: To create these tokens automatically, select Create tokens
Under Execute the following command in your terminal, Dynatrace creates a command based on your input in the previous steps. After you have set all of the preceding parameters, select Copy to copy the command to your clipboard.
Paste the command to your terminal and run it.

Manual

Generate an API token and a PaaS token in your Dynatrace environment.

Make sure you have the following permissions enabled for the API token in the API v1 section:
- Access problem and event feed, metrics, and topology
- Read configuration
- Write configuration
Create the necessary objects for Dynatrace Operator.
Dynatrace Operator acts on its separate namespace, dynatrace. It holds the operator deployment and all dependent objects, such as permissions, custom resources, and the corresponding DaemonSet and StatefulSet. You can also observe the logs of Dynatrace Operator.
```
kubectl create namespace dynatrace
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.2.2/kubernetes.yaml
kubectl -n dynatrace logs -f deployment/dynatrace-operator
```
Create the secret holding Dynatrace Operator and Data Ingest tokens for authentication to the Dynatrace Cluster.
The name of the secret is important in a later step when you configure the custom resource (.spec.tokens). In the following code snippet, the name is dynakube. Be sure to replace OPERATOR_TOKEN and PAAS_TOKEN with the values explained in the prerequisites.
```
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=OPERATOR_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
```

Get the DynaKube custom resource from the GitHub repository.

curl -Lo cr.yaml https://github.com/Dynatrace/dynatrace-operator/blob/release-0.2/config/samples/cr.yaml

Adapt the values of the custom resource as indicated below.

Example of a basic configuration:

apiVersion: dynatrace.com/v1alpha1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  # Dynatrace apiUrl including the `/api` path at the end.
  # For SaaS, set `YOUR_ENVIRONMENT_ID` to your environment ID.
  # For Managed, change the apiUrl address.
  # For instructions on how to determine the environment ID and how to configure the apiUrl address, see environment-id.
  #
  apiUrl: https://YOUR_ENVIRONMENT_ID.live.dynatrace.com/api

  # Name of the secret holding the API and PaaS tokens.
  # If unset, Dynatrace Operator uses the name of the custom resource.
  #
  # tokens: ""

  # Enables and configures an ActiveGate instance that allows monitoring
  # of Kubernetes environments.
  #
  kubernetesMonitoring:
    #   Enable Kubernetes monitoring functionality.
    #
    enabled: true
  classicFullStack:
    # Enable classic oneagent monitoring
    enabled: true
    tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists

Apply the custom resource.
```
kubectl apply -f cr.yaml
```

If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.

Example:

args:

"–set-proxy="

Parameters

For a complete list of parameters, see the list below.

Global parameters

Parameter	Description	Default value
`apiUrl`	Required Dynatrace apiUrl, including the `/api` path at the end. - For SaaS, set `YOUR_ENVIRONMENT_ID` to your environment ID. - For instructions on how to determine the environment ID and how to configure the apiUrl address, see Environment ID.
`tokens`	Optional Name of the secret holding the API and PaaS tokens.	Name of custom resource (`.metadata.name`) if unset
`skipCertCheck`	Optional Disable certificate check for the connection between Dynatrace Operator and the Dynatrace Cluster. Set to `true` if you want to skip certification validation checks.	`false`
`proxy`	Optional Set custom proxy settings either directly or from a secret with the field `proxy`. Note: Only Dynatrace Operator traffic runs through this proxy; ActiveGate traffic doesn't.
`trustedCAs`	Optional Adds custom RootCAs from a configmap. Put the certificate under `certs` within your configmap. Note: Applies only to Dynatrace Operator, not to ActiveGate.
`networkZone`	Optional Sets a network zone for the OneAgent and ActiveGate pods.
`customPullSecret`	Optional Defines a custom pull secret in case you use a private registry when pulling images from the Dynatrace environment.
`enableIstio`	Optional When enabled, and if Istio is installed on the Kubernetes environment, Dynatrace Operator will create the corresponding VirtualService and ServiceEntry objects to allow access to the Dynatrace Cluster from the OneAgent or ActiveGate. Disabled by default.	`false`

ActiveGate parameters

Parameter	Description	Default value
`activeGate.image`	Optional Configuration for ActiveGate instances (to use a custom ActiveGate Docker image).

OneAgent parameters

Parameter	Description	Default value
`oneAgent.version`	Optional The OneAgent version to be used when `useImmutableImage` is enabled. The latest version is used by default.
`oneAgent.image`	Optional Use a custom OneAgent Docker image. Defaults to `docker.io/dynatrace/oneagent` in Kubernetes and `registry.connect.redhat.com/dynatrace/oneagent` in OpenShift.
`oneAgent.autoUpdate`	Optional Disables automatic restarts of OneAgent pods in case a new version is available. True by default.	`true`

Classic full-stack observability parameters

Parameter	Description	Default value
`classicFullStack.enabled`	Optional Enables classic OneAgent monitoring.	`false`
`classicFullStack.nodeSelector`	Optional Specify the node selector that controls on which nodes OneAgent will be deployed.
`classicFullStack.tolerations`	Optional Tolerations to include with the OneAgent DaemonSet. For details, see Taints and Tolerations.
`classicFullStack.resources`	Optional Resource settings for OneAgent container. Consumption of the OneAgent heavily depends on the workload to monitor. You can use the default settings in the CR. Note: `resource.requests` shows the values needed to run; `resource.limits` shows the maximum limits for the pod.
`classicFullStack.args`	Optional Set additional arguments to the OneAgent installer. For available options, see Linux custom installation. For the list of limitations, see Limitations.	`"--set-app-log-content-access=true"`
`classicFullStack.env`	Optional Set additional environment variables for the OneAgent pods.
`classicFullStack.priorityClassName`	Optional Assign a priority class to the OneAgent pods. By default, no class is set. For details, see Pod Priority and Preemption.
`classicFullStack.dnsPolicy`	Optional Set the DNS Policy for OneAgent pods. For details, see Pods DNS Policy.	`ClusterFirstWithHostNet`
`classicFullStack.serviceAccountName`	Optional The name of the ServiceAccount to assign to the OneAgent pods.	`"dynatrace-dynakube-oneagent"`
`classicFullStack.labels`	Optional Your defined labels for OneAgent pods in order to structure workloads as desired.
`classicFullStack.useUnprivilegedMode`	Optional When enabled, the OneAgent pods will run as unprivileged. Enabled by default.	`true`
`classicFullStack.useImmutableImage`	Optional When enabled, the Operator will use the immutable image from the Dynatrace environment or from your custom registry. Otherwise, an installer image is used. Disabled by default.	`false`

Kubernetes API Monitoring parameters

Parameter	Description	Default value
`kubernetesMonitoring.enabled`	Optional Enable Kubernetes monitoring functionality.	`false`
`kubernetesMonitoring.replicas`	Optional Number of replicas of ActiveGate pods.	`1`
`kubernetesMonitoring.tolerations`	Optional Tolerations to include with the ActiveGate StatefulSet. For details, see Taints and Tolerations.
`kubernetesMonitoring.nodeSelector`	Optional Node selector to control on which nodes the ActiveGate will be deployed.	{}
`kubernetesMonitoring.resources`	Optional Resource settings for ActiveGate container. Consumption of the ActiveGate heavily depends on the workload to monitor. You can use the default settings in the CR. Note: `resource.requests` shows the values needed to run; `resource.limits` shows the maximum limits for the pod.
`kubernetesMonitoring.labels`	Optional Your defined labels for ActiveGate pods in order to structure workloads as desired.
`kubernetesMonitoring.args`	Optional Set additional arguments to the ActiveGate pods.
`kubernetesMonitoring.env`	Optional Set additional environment variables to the ActiveGate pods.
`kubernetesMonitoring.group`	Optional Set activation group for ActiveGate. See Customize ActiveGate properties for details.
`kubernetesMonitoring.customProperties`	Optional Add a custom properties file by providing it as a value or reference it from a secret. Note: when referencing it from a secret, make sure the key is called `customProperties`. See Customize ActiveGate properties for details.

Routing parameters

Parameter	Description	Default value
`routing.enabled`	Optional Enable routing functionality.	`false`

For a complete file with all the properties, see the custom resource file on GitHub.

Configuration for Anthos, SUSE CaaS, GKE, IKS, and TKGI

For Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the env section in the cr.yaml file:

Anthos and GKE

classicFullStack:
 env:
  - name: ONEAGENT_ENABLE_VOLUME_STORAGE
    value: "true"

TKGI

classicFullStack:
 env:
  - name: ONEAGENT_ENABLE_VOLUME_STORAGE
    value: "true"
  - name: ONEAGENT_CONTAINER_STORAGE_PATH
    value: /var/vcap/store

IKS

classicFullStack:
 env:
  - name: ONEAGENT_ENABLE_VOLUME_STORAGE
    value: "true"
  - name: ONEAGENT_CONTAINER_STORAGE_PATH
    value: /opt

SUSE CaaS

classicFullStack:
 env:
  - name: ONEAGENT_ENABLE_VOLUME_STORAGE
    value: "true"

Configure proxy Optional

You can configure optional parameters like proxy settings in the cr.yaml file in order to
- Download the OneAgent installer
- Ensure communication between the OneAgent and your Dynatrace environment
- Ensure communication between Dynatrace Operator and the Dynatrace API.

There are two ways to provide the proxy, depending on whether your proxy uses credentials.

No credentials

If you have a proxy that doesn't use credentials, enter your proxy URL directly in the value field for the proxy.

Example

apiVersion: dynatrace.com/v1alpha1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://environmentid.live.dynatrace.com/api
  proxy:
    value: http://mysuperproxy

With credentials

If your proxy uses credentials

Create a secret with a field called proxy that holds your encrypted proxy URL with the credentials.
Example.

kubectl -n dynatrace create secret generic myproxysecret --from-literal="proxy=http://<user>:<password>@<IP>:<PORT>"

Provide the name of the secret in the valueFrom section.
Example.

apiVersion: dynatrace.com/v1alpha1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://environmentid.live.dynatrace.com/api
  proxy:
    valueFrom: myproxysecret

Connect your Kubernetes cluster to Dynatrace

Some Kubernetes pages require that your Kubernetes cluster is connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.

See Connect your Kubernetes clusters to Dynatrace for instructions on how to connect your cluster to Dynatrace.

If you want to monitor several Kubernetes clusters with one ActiveGate and don't care about network isolation, you can install an ActiveGate on a virtual machine using a conventional installer to connect your clusters to Dynatrace.

Monitor large Kubernetes environments

Contact a Dynatrace product expert via live chat if you want to monitor environments that are larger than:

50 Kubernetes clusters per Dynatrace environment.
500 nodes per Kubernetes cluster.
50,000 pods per Kubernetes cluster.

Uninstall Dynatrace Operator

Remove DynaKube custom resources and clean all remaining Dynatrace Operator–specific objects.

kubectl delete -n dynatrace dynakube --all
kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml

Kubernetes Classic