Set up EdgeConnect for Kubernetes Connector using the Dynatrace Operator

  • 2min

This guide provides detailed steps for provisioning EdgeConnect for Kubernetes Connector using the Dynatrace Operator.

Prerequisites

Step 1

Create OAuth client

Step 2

Create OAuth credentials secret

Step 3

Configure EdgeConnect

Step 1 Create OAuth client

Create a new OAuth client the Dynatrace Operator uses

  1. Go to Account Management > Identity & access management > OAuth clients.
  2. Select Create client
  3. Create an OAuth client by specifying a user email and selecting the following scopes.
    • Connect EdgeConnect (app-engine:edge-connects:connect)
    • Read EdgeConnects (app-engine:edge-connects:write)
    • Write EdgeConnects (app-engine:edge-connects:read)
    • Delete EdgeConnects (app-engine:edge-connects:delete)
    • Manage OAuth2 clients for EdgeConnect configuration (oauth2:clients:manage)
    • View settings objects for schema (settings:objects:read)
    • Create settings objects for schema (settings:objects:write)
  4. After selecting Create client, the client is created and the following details visible on a subsequent page are generated by Dynatrace
    • Client ID
    • Client secret
    • Dynatrace account URN (in the format urn:dtaccount:<your-account-uuid>)

Step 2 Create OAuth credentials secret

Store the newly created OAuth client as a Kubernetes secret

  1. Create a secret with the OAuth credentials.

    apiVersion: v1
    kind: Secret
    metadata:
      name: edgeconnect-oauth
      namespace: dynatrace
    stringData:
      oauth-client-id: <client id>
      oauth-client-secret: <client secret>

  2. Apply the secret.

    kubectl apply -f edgeconnect-oauth-secret.yaml

Step 3 Configure and Deploy EdgeConnect

You need to configure and deploy EdgeConnect via the Dynatrace Operator. The Dynatrace Operator prepares EdgeConnect for Kubernetes Connector and configures the required connection in your Dynatrace tenant.

  1. Configure the EdgeConnect custom resource file with serviceAccountName (using the ServiceAccount deployed here), provisioner: true, and kubernetesAutomation.enabled: true properties.

    apiVersion: dynatrace.com/v1alpha2
    kind: EdgeConnect
    metadata:
      name: edgeconnect-deployment-rollout-restarter
      namespace: dynatrace
    spec:
      apiServer: "<environment-id>.apps.dynatrace.com"
      serviceAccountName: edgeconnect-deployment-rollout-restarter
      oauth:
        provisioner: true
        clientSecret: edgeconnect-oauth
        endpoint: https://sso.dynatrace.com/sso/oauth2/token
        resource: urn:dtaccount:<your-account-uuid>
      kubernetesAutomation:
        enabled: true

  2. Apply the EdgeConnect custom resource.

    kubectl apply -f edgeconnect.yaml

Rotating the OAuth credentials is not immediately reflected in the EdgeConnect deployment. This may lead to authentication issues until the Dynatrace Operator reconciles the EdgeConnect deployment.