Install Operator in FIPS mode

  • Page has not been published yet

Dynatrace Operator version 1.6+

The Dynatrace Operator supports FIPS mode in Kubernetes, enabling deployment in environments that require compliance with the Federal Information Processing Standards (FIPS). FIPS is a set of U.S. government standards used to ensure the security and integrity of cryptographic modules for sensitive data protection.

Prerequisites

  • Dynatrace Operator version 1.6.0 or newer

Limitations

Note that the following configurations are temporarily not supported:

  • Cloud-native full-stack mode
  • Application monitoring mode

With a future OneAgent release, FIPS mode will additionally become available for cloud-native full-stack and application monitoring mode.

Deployment

To deploy the Dynatrace Operator in FIPS mode, a respective FIPS-compliant image of the Dynatrace Operator must be used. FIPS-enabled images are tagged with a -fips suffix (e.g., v1.6.0-fips). For more details on repositories and tag information, explore our supported public registries.

You can specify operator images for FIPS as shown in the following Helm command:

helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \
  --version 1.6.0 \
  --set "imageRef.repository=public.ecr.aws/dynatrace/dynatrace-operator" \
  --set "imageRef.tag=v1.6.0-fips" \
  --create-namespace --namespace dynatrace \
  --atomic

To deploy the ActiveGate in FIPS mode, a FIPS-compliant image of the Dynatrace ActiveGate must be used. FIPS-enabled images are tagged with a -fips suffix (e.g., 1.315.25.20250527-232755-fips). For more details on repositories and tag information, explore our supported public registries.

apiVersion: dynatrace.com/v1beta5
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://<tenant-uid>.live.dynatrace.com/api
  tokens: dynakube


  activeGate:
    capabilities:
      - routing
      - kubernetes-monitoring


    image: "public.ecr.aws/dynatrace/dynatrace-activegate:1.315.25.20250527-232755-fips"
  ...

classicFullStackhostMonitoring 1

With a future OneAgent release, FIPS mode will additionally become available for cloud-native full-stack and application monitoring mode.

To deploy OneAgents in FIPS mode, a command line argument must be set.

apiVersion: dynatrace.com/v1beta5
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://<tenant-uid>.live.dynatrace.com/api
  tokens: dynakube


  oneAgent:
    classicFullStack:
      args:
        - --set-fips-enabled=true
  ...
1

Works only with images sourced from the Dynatrace built-in registry (i.e., no image specified in image fields).