Setting appropriate resource requests (and limits, when needed) keeps Dynatrace ActiveGate instances stable and predictable. This guide details sizing methods based on scale and workload.
A stable, healthy ActiveGate ensures continuous gap‑free monitoring data.
Actual required resources increase with:
We recommend a setup where one containerized ActiveGate is monitoring one Kubernetes cluster.
This ensures optimal performance and reliability. This approach simplifies troubleshooting, avoids resource contention, and ensures predictable scaling as each ActiveGate handles only one cluster’s workload.
These symptoms indicate exhausted resources and potential data loss.
ActiveGate collects different types of data independently (for example, Prometheus metrics, Kubernetes events, entities). If one collection task takes longer than 1 minute, only that data type experiences a gap for that window. Other collection tasks continue operating normally.
Sustained high throttling means insufficient CPU. Heavy throttling can cause gaps. Minor throttling is usually harmless. If the throttling affects the pod serving the monitoring ActiveGate this can cause data gaps.
If the ActiveGate is OOM-killed, data becomes unavailable until it restarts. After a restart, repeated OOM kills are likely to occur.
The following indicators can be tracked to understand if the ActiveGate is in a healthy operational state.
The indicators for unhealthy ActiveGates are as following:
| Indicator | Platform metrics for validation | Classic metrics for validation | Detail level |
|---|---|---|---|
| CPU usage | dt.kubernetes.container.cpu_usage | builtin:kubernetes.node.cpu_usagebuiltin:kubernetes.workload.cpu_usage | ActiveGate pod |
| CPU requests | dt.kubernetes.resourcequota.requests_cpu | builtin:kubernetes.node.requests_cpubuiltin:kubernetes.workload.requests_cpu | ActiveGate pod |
| CPU throttling | dt.kubernetes.container.cpu_throttled | builtin:kubernetes.workload.cpu_throttledbuiltin:kubernetes.node.cpu_throttled | ActiveGate pod |
| Memory working set | dt.kubernetes.container.memory_working_set | builtin:kubernetes.node.memory_working_setbuiltin:kubernetes.workload.memory_working_set | ActiveGate pod |
| Memory requests | dt.kubernetes.resourcequota.requests_memory | builtin:kubernetes.node.requests_memorybuiltin:kubernetes.workload.requests_memory | ActiveGate pod |
| Restart count | dt.kubernetes.container.restarts | builtin:kubernetes.container.restarts | ActiveGate pod |
| OOM kills | dt.kubernetes.container.oom_kills | builtin:kubernetes.container.oom_kills | ActiveGate pod |
| Processing duration | dt.sfm.active_gate.kubernetes.pipeline_duration | dsfm:active_gate.kubernetes.pipeline_duration | ActiveGate ID |
| Garbage collection times | dt.sfm.active_gate.jvm.gc.major_collection_time | dsfm:active_gate.jvm.gc.major_collection_time | ActiveGate ID |
Start with the recommended values below.
Splitting ActiveGate responsibilities into two groups is recommended: One group handling everything related to Kubernetes platform monitoring, including KSPM, and the other managing Agent traffic routing, telemetry ingest, and extensions. This separation provides several advantages:
Isolation–Resource contention in one module doesn't affect the other. A spike in OneAgent traffic won't slow down Kubernetes metrics collection, and vice versa.
Independent scaling–Traffic forwarding and platform monitoring have fundamentally different scaling characteristics:
Separate ActiveGates let you scale each dimension independently without over‑provisioning resources. For example, you can add 3 more routing replicas to handle increased application traffic without unnecessarily increasing resources for platform monitoring.
Easier troubleshooting — When issues occur, you can immediately identify whether they originate from platform monitoring or OneAgent traffic, reducing diagnosis time.
Scenarios are established based on the number of pods that are monitored by a single ActiveGate. The necessary resources can be taken from the following tables.
Scenario S: <1000 pods
Scenario M: 1000–5000 pods
Scenario L: 5000–20000 pods
This guide does not cover environments with more than 20,000 pods. Due to the many variables involved, providing precise recommendations for such large-scale setups isn’t feasible. As a starting point, you can use the guidance for the L scenario and gradually increase resources until stable gap-free monitoring is established. For tailored advice, we recommend reaching out to Dynatrace Support to ensure the best configuration for your environment.
As the number of nodes in your Kubernetes cluster increases, the ActiveGate needs more CPU and memory resources to handle the extra monitoring workload. This includes processing data from node-level system components and events, which adds up proportionally. We group node counts into these categories for sizing guidance:
If your cluster has more than 100 nodes, you'll need to adjust the resource allocations upward to account for the additional demands, ensuring stable and gap-free monitoring. For clusters beyond 500 nodes, consult Dynatrace Support for tailored recommendations.
Dynatrace supports up to 1000 pod exporters, with each exporter able to provide up to 1000 metrics. If your environment approaches these limits, you'll need to increase the resources allocated to the ActiveGate to ensure reliable performance.
All the following use cases have actually the same requirements on the ActiveGate taking over the Kubernetes platform monitoring part.
| Pod count | CPU resource | Memory resource |
|---|---|---|
| < 1000 ( Small ) | requests: 200m (limits: 1000m) | requests: 6Gi limits: 6Gi |
| < 5000 ( Medium ) | requests: 1000m (limits: 2000m) | requests: 10Gi limits: 10Gi |
| < 20000 ( Large ) | requests: 2000m (limits: 4000m) | requests: 12Gi limits: 12Gi |
We recommend running ActiveGates without CPU limits.
The second ActiveGate does not actively participate in Kubernetes platform monitoring but is instead used as a router/proxy on behalf of data streams originating from the OneAgent. We recommend to use separate ActiveGates for traffic forwarding and platform monitoring. Traffic forwarding scales horizontally by adding replicas. Kubernetes monitoring itself does not scale horizontally; instead increase resources.
This setup is required in the following use-cases:
| Pod count | CPU resource | Memory resource | replicas |
|---|---|---|---|
| < 1000 ( Small ) | requests: 250m (limits: 1000m) | requests: 2Gi limits: 2Gi | 3 |
| < 5000 ( Medium ) | requests: 500m (limits: 2000m) | requests: 4Gi limits: 4Gi | 3 |
| < 20000 ( Large ) | requests: 1000m (limits: 4000m) | requests: 6Gi limits: 6Gi | 6 |
We recommend running ActiveGates without CPU limits.
The following examples apply the reasoning of splitting the ActiveGates into units with separate concerns. One ActiveGate is responsible for Kubernetes platform monitoring and Kubernetes security posture management, whereas the 2nd ActiveGate is then responsible for agent traffic routing, telemetry ingest and extensions. Adjust requests (and limits if required) to fit your environment.
This Dynakube resource declares the ActiveGate that is used for the Kubernetes platform monitoring.
CPU limits are commented out. We recommend defining requests only so the ActiveGate can use additional CPU when available. If limits are required, set them equal to or higher than requests.
This snippet includes configuration for Kubernetes Security Posture Management. It's a complementing, opt-in security feature next to Kubernetes platform monitoring.
apiVersion: dynatrace.com/v1beta5kind: DynaKubemetadata:name: k8s-monitoringnamespace: dynatraceannotations:feature.dynatrace.com/k8s-app-enabled: "true"spec:apiUrl: https://ENVIRONMENTID.live.dynatrace.com/apitokens: <SECRET NAME>metadataEnrichment:enabled: true# Link to api reference for further information: https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parametersactiveGate:capabilities:- kubernetes-monitoringresources:requests:cpu: 1000mmemory: 10Gilimits:# cpu: 2000mmemory: 10Gi#kspm:#mappedHostPaths:#- /boot#- /etc#- /proc/sys/kernel#- /sys/fs#- /sys/kernel/security/apparmor#- /usr/lib/systemd/system#- /var/lib#templates:#kspmNodeConfigurationCollector:#imageRef:#repository: public.ecr.aws/dynatrace/dynatrace-k8s-node-config-collector#tag: 1.5.2
This Dynakube resource declares the ActiveGate that is taking over the OneAgent traffic routing function and other features (except Kubernetes platform monitoring and KSPM).
CPU limits are commented out. We recommend defining requests only so the ActiveGate can use additional CPU when available. If limits are required, set them equal to or higher than requests.
This snippet includes configurations for log monitoring, extensions and telemetry ingest. These sections are considered optional on a per-section basis.
apiVersion: dynatrace.com/v1beta5kind: DynaKubemetadata:name: agentsnamespace: dynatrace# Link to api reference for further information: https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parametersspec:apiUrl: https://ENVIRONMENTID.live.dynatrace.com/apitokens: <SECRET NAME>metadataEnrichment:enabled: trueoneAgent:applicationMonitoring: {}activeGate:capabilities:- routing- debuggingresources:requests:cpu: 1000mmemory: 6Gilimits:# cpu: 4000mmemory: 6Gireplicas: 6#customProperties:#value: |#[otlp_ingest]#otlp_ingest_enabled = true#logMonitoring: {}#extensions: {}#telemetryIngest:#protocols:#- jaeger#- otlp#- statsd#- zipkin#serviceName: telemetry-ingesttemplates:#logMonitoring:#imageRef:#repository: public.ecr.aws/dynatrace/dynatrace-logmodule#tag: <>#tolerations:#- effect: NoSchedule# key: node-role.kubernetes.io/master# operator: Exists#- effect: NoSchedule# key: node-role.kubernetes.io/control-plane# operator: Exists#extensionExecutionController:#imageRef:#repository: <ENVIRONMENTID>/dynatrace/linux/dynatrace-eec#tag: latest#otelCollector:#replicas: 1#imageRef:#repository: public.ecr.aws/dynatrace/dynatrace-otel-collector#tag: <tag>