Application observability with Pod runtime injection

7-min read

Inject Dynatrace code modules into a container during its deployment.

This method of application instrumentation may not fully link Kubernetes workloads with monitored containers/processes. For comprehensive relationships and linking, consider using the automatic application-only injection.

Prerequisites

Review the list of supported applications and versions.
Create an access token with PaaS Integration - InstallerDownload scope.
Storage requirements:
- ~325 MB for glibc
- ~290 MB for musl
- ~650 MB for glibc and musl combined

Pod runtime injection and cgroup v2

If Pod runtime injection is used with cgroup v2, the builtin:containers.* metrics are reported to Dynatrace only if the pod runs a single container.

Deploy

To integrate OneAgent into your application at runtime, select one of the options below based on your platform.

OneAgent is made available to the application container via an initContainer—your application image remains unaffected.

To integrate OneAgent into your application at runtime, extend your deployment template as follows.

# your application containers
      containers:
      - name: customer-app
        image: tomcat
        env:
        - name: LD_PRELOAD
          value: /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
        - name: DT_NETWORK_ZONE
          value: <your_network_zone>
        volumeMounts:
        - mountPath: /opt/dynatrace/oneagent
          name: oneagent

# initcontainer to download OneAgent
      initContainers:
      - name: install-oneagent
        image: alpine:latest
        command:
        - /bin/sh
        args:
        - -c
        - ARCHIVE=$(mktemp) && wget -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE
        env:
        - name: DT_API_URL
          value: https://<your-environment-id>.live.dynatrace.com/api
        - name: DT_PAAS_TOKEN
          value: <Access token with PaaS integration scopes (Dynatrace -> Access tokens)>
        - name: DT_ONEAGENT_OPTIONS
          value: flavor=<FLAVOR>&include=<TECHNOLOGY>
        volumeMounts:
        - mountPath: /opt/dynatrace/oneagent
          name: oneagent

# Make OneAgent available as a volume
      volumes:
      - name: oneagent
        emptyDir: {}

In the # initContainer to download OneAgent and # Make OneAgent available as a volume sections, add the initContainer, which will download OneAgent and make it available as a volume.
In the DT_ONEAGENT_OPTIONS section, set the OneAgent code module required for your compiler flavor (FLAVOR) and application (TECHNOLOGY).
- Valid options for flavor are default, musl, or multidistro. Set default to download glibc binaries or set musl to download musl binaries. Set multidistro to download both the musl and glibc binaries and subsequently autodetect which binaries to use. Note that image size will be larger in this case, as it includes both flavors.
- Valid options for technology are all, java, apache, nginx, nodejs, dotnet, php, go, and sdk.
- For ARM, use the following value: flavor=default&arch=arm&include=<TECHNOLOGY>. For other architectures, see the list of valid values (scroll down to the arch parameter).
- If you want to specify several code modules, use the following syntax: &include=technology1&include=technology2.

If you include specific technology-support options rather than 'support for all technologies' options, you'll get a smaller OneAgent package.

What if my Docker image is based on Alpine Linux?

Dynatrace OneAgent supports the flavor musl for Alpine Linux based environments.
Valid options for technology are all, dotnet, go, php, java, apache, nginx, and nodejs.

In the # your application containers section, add the newly created volume to the container of your application. Also add the LD_PRELOAD environment variable.
optional In the # your application containers section, configure network zones:

containers:
  env:
  - name: DT_NETWORK_ZONE
    value: <your_network_zone>

See network zones for more information.

optional Configure a proxy address.

In case you run an environment with proxy, you need to set the DT_PROXY environment variable in the application container to pass the proxy credentials to OneAgent.

For Alpine Linux-based containers, you might need to update the wget shipped with the Alpine image to allow for proxy authentication for the download of OneAgent.

Update

Each time you want to leverage a new OneAgent version, you only need to redeploy your Pods. In runtime injections, OneAgent is downloaded and injected within an initContainer. By default, the latest version of OneAgent is downloaded, but you can control which OneAgent version is downloaded by specifying it in the download URL.

Uninstall

To uninstall OneAgent from application-only monitoring

Remove the install-oneagent YAML from your deployment template.

# your application containers
containers:
  - name: customer-app
    image: tomcat
    env:
      - name: LD_PRELOAD
        value: /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
    volumeMounts:
      - mountPath: /opt/dynatrace/oneagent
        name: oneagent

# initContainer to download OneAgent
initContainers:
  - name: install-oneagent
    image: alpine:3.8
    command:
      - /bin/sh
    args:
      - -c
      - ARCHIVE=$(mktemp) && wget -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE
    env:
      - name: DT_API_URL
        value: https://<Your-environment-ID>.live.dynatrace.com/api
      - name: DT_PAAS_TOKEN
        value: <paastoken>
      - name: DT_ONEAGENT_OPTIONS
        value: flavor=<FLAVOR>&include=<TECHNOLOGY>
    volumeMounts:
      - mountPath: /opt/dynatrace/oneagent
        name: oneagent

# Make OneAgent available as a volume
volumes:
  - name: oneagent
    emptyDir: {}

Redeploy your application.