Get started with Kubernetes platform monitoring + Application observability
- Latest Dynatrace
- Getting started guide
- 7-min read
Deploy Dynatrace Operator to monitor your Kubernetes cluster and gain deep visibility into your containerized applications.
Explore use cases
With Kubernetes platform monitoring + Application observability deployed, you can use the 
Kubernetes to:
- Assess and troubleshoot Kubernetes cluster and workload health
- Optimize Kubernetes workload resource usage
- Receive alerts and events to detect and respond to cluster anomalies
- Explore metrics, events, and logs your Pods and nodes in a single interface
- Troubleshoot common health problems of Kubernetes workloads
- Automatic distributed tracing across containers
- Code-level and service insights in application containers
- Profiling and thread analysis
If you’re looking to gain a complete view of your Kubernetes environment, check out the deployment overview to learn about Full-Stack observability. You can further expand your Kubernetes observability on Log Analytics, Digital Experience, and Application Security.
Who is this for?
This tutorial is intended for platform engineers, site reliability engineers (SREs), and Kubernetes administrators.
What will you learn?
By the end of this tutorial, you'll have Dynatrace monitoring both your Kubernetes cluster and the applications running on it. Along the way, you'll:
- Install Dynatrace Operator via Helm or manifest.
- Configure the DynaKube custom resource.
- Verify your deployment.
Before you begin
Before installing Dynatrace on your Kubernetes cluster, ensure that you meet the following requirements:
- Your
kubectlCLI is connected to the Kubernetes cluster that you want to monitor. - You have sufficient privileges on the monitored cluster to run
kubectloroccommands.
Cluster setup and configuration
-
You must allow egress for Dynatrace pods (default: Dynatrace namespace) to your Dynatrace environment URL.
-
For OpenShift Dedicated, you need the cluster-admin role.
-
Helm installation Use Helm version 3.
Supported versions
See supported Kubernetes/OpenShift platform versions and distributions.
If you're deploying to OpenShift, configure SCC before proceeding–it's required for applicationMonitoring deployments with the CSI driver.
Note that combining hostMonitoring and applicationMonitoring in the same Kubernetes cluster and environment is not supported.
Licensing
Kubernetes platform monitoring + Application observability requires Dynatrace Platform Subscription (DPS). Kubernetes platform monitoring is licensed by number of Pods per hour (pod-hours) and Application observability by the sum of container memory (GiB-hours).
Get started with Application observability
Select the installation method that works best for you: Helm or manifest.
Install with Helm 
Dynatrace Operator version 0.8.0+
These instructions use Dynatrace's Helm chart from an OCI registry. If you have the Dynatrace repository in your local Helm repositories, you can remove it before proceeding:
helm repo remove dynatrace
-
Install Dynatrace Operator
If you're using Helm 4.0+, replace
--atomicwith--rollback-on-failurein the commands below.You have two options:
Default installation / OCI registry installation
The following command works for both default installations and installations using an OCI registry.
helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \--create-namespace \--namespace dynatrace \--atomicInstallation with additional configuration of the Helm chart
Edit the
values.yaml sample from GitHub, and then run the install command, passing the YAML file as an argument:helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \--create-namespace \--namespace dynatrace \--atomic \-f values.yamlIf
installCRDis set tofalse, you need to create the custom resource definition manually before starting the Helm installation:kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.9.0/dynatrace-operator-crd.yamlVMware Tanzu Kubernetes (TKGI) and IBM Kubernetes Service (IKS) require additional configuration.
-
Create a secret named
dynakubefor the Dynatrace Operator token and data ingest token obtained in Tokens and permissions required.kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>" -
Create your DynaKube custom resource YAML file.
DynaKube custom resource sample for application monitoring
You can review the available parameters or how-to guides, and adapt the DynaKube custom resource according to your requirements.
apiVersion: dynatrace.com/v1beta5kind: DynaKubemetadata:name: dynakubenamespace: dynatraceannotations:feature.dynatrace.com/k8s-app-enabled: "true"feature.dynatrace.com/injection-readonly-volume: "true"spec:# For detailed instructions on DynaKube parameters in the spec section, visit https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parameters# Dynatrace apiUrl including the /api path at the end.# Replace 'ENVIRONMENTID' with your environment ID.# For instructions on how to determine the environment ID and how to configure the apiUrl address, see https://www.dynatrace.com/support/help/reference/dynatrace-concepts/environment-id/.apiUrl: https://ENVIRONMENTID.live.dynatrace.com/apimetadataEnrichment:enabled: trueoneAgent:applicationMonitoring: {}activeGate:capabilities:- routing- kubernetes-monitoringresources:requests:cpu: 500mmemory: 512Milimits:cpu: 1000mmemory: 1.5Gi -
Optional Monitor potentially sensitive data
To monitor potentially sensitive data such as Secrets (values are masked before ingest) and ConfigMaps, you need to create a ClusterRole that allows access to these resources. Add the following snippet at the end of your DynaKube custom resource YAML file.
Installation with sensitive data monitoring
---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:labels:rbac.dynatrace.com/aggregate-to-monitoring: "true"name: dynatrace-kubernetes-monitoring-sensitiverules:- apiGroups:- ""resources:- configmaps- secretsverbs:- list- watch- getIn Dynatrace Operator version 1.8.x, the role is automatically bound to the
dynatrace-kubernetes-monitoringClusterRole via aggregation rules. For more information, see ClusterRole aggregation documentation. Starting with Dynatrace Operator version 1.9.0, aggregated ClusterRoles are no longer used. Create a ClusterRoleBinding to bind this ClusterRole to thedynatrace-activegateservice account directly. -
Apply the DynaKube custom resource
Run the command below to apply the DynaKube custom resource, making sure to replace
<your-DynaKube-CR>with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem.kubectl apply -f <your-DynaKube-CR>.yaml -
Optional Verify deployment
Verify that your DynaKube is running and all Pods in your Dynatrace namespace are running and ready.
> kubectl get dynakube -n dynatraceNAME APIURL STATUS AGEdynakube https://<ENVIRONMENTID>.live.dynatrace.com/api Running 45sIn a default DynaKube configuration with CSI driver, you should see the following Pods:
> kubectl get pods -n dynatraceNAME READY STATUS RESTARTS AGEdynakube-activegate-0 1/1 Running 0 50sdynatrace-oneagent-csi-driver-qxfwx 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-xk5c4 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-mz6ch 4/4 Running 0 2m49sdynatrace-operator-7dc8dc7d8c-wmh4z 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-l8fsq 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-rqnqk 1/1 Running 0 2m59sCSI driver is optional (see Step 2). If enabled, it gets deployed as DaemonSet and results in a CSI driver Pod on each node.
Install with manifest
Kubernetes
-
Create a
dynatracenamespacekubectl create namespace dynatrace -
Install Dynatrace Operator
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.9.0/kubernetes-csi.yamlWithout CSI driver
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.9.0/kubernetes.yamlVMware Tanzu Kubernetes (TKGI) and IBM Kubernetes Service (IKS) require additional configuration.
Run the following command to see when Dynatrace Operator components finish initialization:
kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s -
Create a secret named
dynakubefor the Dynatrace Operator token and data ingest token obtained in Tokens and permissions required.kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>" -
Create your DynaKube custom resource YAML file.
DynaKube custom resource sample for application monitoring
You can review the available parameters or how-to guides, and adapt the DynaKube custom resource according to your requirements.
apiVersion: dynatrace.com/v1beta5kind: DynaKubemetadata:name: dynakubenamespace: dynatraceannotations:feature.dynatrace.com/k8s-app-enabled: "true"feature.dynatrace.com/injection-readonly-volume: "true"spec:# For detailed instructions on DynaKube parameters in the spec section, visit https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parameters# Dynatrace apiUrl including the /api path at the end.# Replace 'ENVIRONMENTID' with your environment ID.# For instructions on how to determine the environment ID and how to configure the apiUrl address, see https://www.dynatrace.com/support/help/reference/dynatrace-concepts/environment-id/.apiUrl: https://ENVIRONMENTID.live.dynatrace.com/apimetadataEnrichment:enabled: trueoneAgent:applicationMonitoring: {}activeGate:capabilities:- routing- kubernetes-monitoringresources:requests:cpu: 500mmemory: 512Milimits:cpu: 1000mmemory: 1.5Gi -
Optional Monitor potentially sensitive data
To monitor potentially sensitive data such as Secrets (values are masked before ingest) and ConfigMaps, you need to create a ClusterRole that allows access to these resources. Add the following snippet at the end of your DynaKube custom resource YAML file.
Installation with sensitive data monitoring
---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:labels:rbac.dynatrace.com/aggregate-to-monitoring: "true"name: dynatrace-kubernetes-monitoring-sensitiverules:- apiGroups:- ""resources:- configmaps- secretsverbs:- list- watch- getIn Dynatrace Operator version 1.8.x, the role is automatically bound to the
dynatrace-kubernetes-monitoringClusterRole via aggregation rules. For more information, see ClusterRole aggregation documentation. Starting with Dynatrace Operator version 1.9.0, aggregated ClusterRoles are no longer used. Create a ClusterRoleBinding to bind this ClusterRole to thedynatrace-activegateservice account directly.Run the command below to apply the DynaKube custom resource, making sure to replace
<your-DynaKube-CR>with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem. -
Apply the DynaKube custom resource
kubectl apply -f <your-DynaKube-CR>.yaml -
Optional Verify deployment
Verify that your DynaKube is running and all Pods in your Dynatrace namespace are running and ready.
> kubectl get dynakube -n dynatraceNAME APIURL STATUS AGEdynakube https://<ENVIRONMENTID>.live.dynatrace.com/api Running 45sIn a default DynaKube configuration with CSI driver, you should see the following Pods:
> kubectl get pods -n dynatraceNAME READY STATUS RESTARTS AGEdynakube-activegate-0 1/1 Running 0 50sdynatrace-oneagent-csi-driver-qxfwx 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-xk5c4 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-mz6ch 4/4 Running 0 2m49sdynatrace-operator-7dc8dc7d8c-wmh4z 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-l8fsq 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-rqnqk 1/1 Running 0 2m59sCSI driver is optional (see Step 2). If enabled, it gets deployed as DaemonSet and results in a CSI driver Pod on each node.
OpenShift
-
Add a
dynatraceprojectoc adm new-project --node-selector="" dynatrace -
Install Dynatrace Operator
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.9.0/openshift-csi.yamlWithout CSI driver
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.9.0/openshift.yamlRun the following command to see when Dynatrace Operator components finish initialization:
oc -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s -
Create a secret named
dynakubefor the Dynatrace Operator token and data ingest token obtained in Tokens and permissions required.oc -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>" -
Create your DynaKube custom resource YAML file.
DynaKube custom resource sample for application monitoring
You can review the available parameters or how-to guides, and adapt the DynaKube custom resource according to your requirements.
apiVersion: dynatrace.com/v1beta5kind: DynaKubemetadata:name: dynakubenamespace: dynatraceannotations:feature.dynatrace.com/k8s-app-enabled: "true"feature.dynatrace.com/injection-readonly-volume: "true"spec:# For detailed instructions on DynaKube parameters in the spec section, visit https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parameters# Dynatrace apiUrl including the /api path at the end.# Replace 'ENVIRONMENTID' with your environment ID.# For instructions on how to determine the environment ID and how to configure the apiUrl address, see https://www.dynatrace.com/support/help/reference/dynatrace-concepts/environment-id/.apiUrl: https://ENVIRONMENTID.live.dynatrace.com/apimetadataEnrichment:enabled: trueoneAgent:applicationMonitoring: {}activeGate:capabilities:- routing- kubernetes-monitoringresources:requests:cpu: 500mmemory: 512Milimits:cpu: 1000mmemory: 1.5Gi -
Optional Monitor potentially sensitive data
To monitor potentially sensitive data such as Secrets (values are masked before ingest) and ConfigMaps, you need to create a ClusterRole that allows access to these resources. Add the following snippet at the end of your DynaKube custom resource YAML file.
Installation with sensitive data monitoring
---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:labels:rbac.dynatrace.com/aggregate-to-monitoring: "true"name: dynatrace-kubernetes-monitoring-sensitiverules:- apiGroups:- ""resources:- configmaps- secretsverbs:- list- watch- getIn Dynatrace Operator version 1.8.x, the role is automatically bound to the
dynatrace-kubernetes-monitoringClusterRole via aggregation rules. For more information, see ClusterRole aggregation documentation. Starting with Dynatrace Operator version 1.9.0, aggregated ClusterRoles are no longer used. Create a ClusterRoleBinding to bind this ClusterRole to thedynatrace-activegateservice account directly.Run the command below to apply the DynaKube custom resource, making sure to replace
<your-DynaKube-CR>with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem. -
Apply the DynaKube custom resource
oc apply -f <your-DynaKube-CR>.yaml -
Optional Verify deployment
Verify that your DynaKube is running and all Pods in your Dynatrace namespace are running and ready.
> oc get dynakube -n dynatraceNAME APIURL STATUS AGEdynakube https://<ENVIRONMENTID>.live.dynatrace.com/api Running 45sIn a default DynaKube configuration with CSI driver, you should see the following Pods:
> oc get pods -n dynatraceNAME READY STATUS RESTARTS AGEdynakube-activegate-0 1/1 Running 0 50sdynatrace-oneagent-csi-driver-qxfwx 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-xk5c4 4/4 Running 0 2m49sdynatrace-oneagent-csi-driver-mz6ch 4/4 Running 0 2m49sdynatrace-operator-7dc8dc7d8c-wmh4z 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-l8fsq 1/1 Running 0 2m59sdynatrace-webhook-7bb6957fb5-rqnqk 1/1 Running 0 2m59sCSI driver is optional (see Step 2). If enabled, it gets deployed as DaemonSet and results in a CSI driver Pod on each node.
Congratulations!
You've successfully set up Kubernetes platform monitoring and Application observability! In this tutorial, you:
- Installed Dynatrace Operator (with optional CSI driver) on your cluster.
- Configured and applied a DynaKube custom resource.
Next steps
Kubernetes
Monitor and optimize Kubernetes with Dynatrace. Get real-time insights and health for clusters and workloads.
Guides
Detailed description of installation and configuration options for specific use-cases
Troubleshooting
This page will assist you in navigating any challenges you may encounter while working with the Dynatrace Operator and its various components.
How it works
In-depth description on how the deployment on Kubernetes works.
Reference
Contains a reference page with configuration options for each Dynatrace component
Dynatrace Operator release notes
Release notes for Dynatrace Operator
Update or uninstall Dynatrace Operator
Upgrade and uninstallation procedures for Dynatrace Operator
Sizing guide for Dynatrace ActiveGates in the Kubernetes monitoring use-case
Set resource limits for Dynatrace ActiveGates