Metadata enrichment of all telemetry originating from kubernetes workloads
Prerequisites
- Dynatrace Operator is installed and running in your Kubernetes cluster.
- A valid DynaKube is applied to your cluster.
- Metadata enrichment is enabled.
Use cases
- Enhance your metrics, logs, trace data, events and entities with information about Kubernetes cluster, namespace, and workload
- Enhance your metrics, logs, trace data, events and entities with additional information using Kubernetes annotations and labels.
- Enhance your metrics, logs, trace data, events and entities with additional information using OpenTelemetry environment variables
- Enriched data can be used for defining access control to users, or for solving cost allocation in DPS.
Automatic enrichment of telemetry data with information about Kubernetes cluster, namespace, and workload
When following the Dynatrace deployment models with enabled metadata enrichment, all your telemetry (metrics, logs, and trace data) will be automatically enriched with the following Kubernetes metadata information:
- k8s.cluster.name
- k8s.cluster.uid
- k8s.namespace.name
- k8s.workload.name
- k8s.workload.kind
- dt.entity.kubernetes_cluster
Metrics that are about Kubernetes nodes, pods, and containers, as well as host and process metrics, additionally get the following information:
- k8s.pod.name
- k8s.pod.uuid
- k8s.node.name
- dt.entity.kubernetes_node
This enables you to always associate any kind of telemetry with the underlying Kubernetes deployment and infrastructure.
Security context and cost allocation
In Dynatrace you can set up policy boundaries, for fine-granular restrictions on the data level. Per default you can use k8s.namespace.name and k8s.cluster.name, but sometimes this is not enough and you need a more fine grained way to set up your boundries. You might already have defined such boundaries for yourself and defined them as Kubernetes labels or annotations. This feature enables you to use these at the source for your security context in Dynatrace. If you have not done so already Dynatrace does recommend to either use cluster or namespace name or setup a dedicated annotation for your Kubernetes workloads that serves as your security context.
Similarly Dynatrace provides a solution for cost allocation in DPS. You might already have the necessary data like department and product available in your existing Kubernetes labels or annotations. Even if not you might find it very convenient to setup up cost allocation as a Kubernetes annotation or label, which is what Dynatrace recommends. This feature then enables you to use these labels and annotations as the means to solving cost allocation in DPS.
The following attributes are supported:
If annotations with the same keys are specified in both the namespace and pod, the pod annotations will take precedence.
Prerequisites
Operator version 1.3.0+, ActiveGate version 1.305+, OneAgent version 1.303+
Which data will be enriched
Icon
Meaning
GA
Generally available.
Future
A feature or technology support that is on the roadmap.
Data
Availability
Kubernetes metrics via ActiveGate monitoring
Kubernetes monitored entities (dt.security_context only)
Kubernetes events
Cost Allocation
OneAgent events
OneAgent metrics
Service/JMX/Prometheus metrics
Service/Process entities
Enrichment options
Depending on the specific use case, the following enrichment options are supported:
Use existing labels and annotations
You can enrich your data using existing Kubernetes namespace labels and annotations via Kubernetes enrichment rules. You can define up to 20 rules on a tenant or Kubernetes cluster level that define the labels or annotations for your security context or cost allocation.
This requires a pod restart.
-
Go to Kubernetes App > Namespace > Select your namespace to have an overview of your existing namespace labels.
-
Go to Settings > Cloud and virtualization > Kubernetes telemetry enrichment.
To configure the data enrichment on the Kubernetes cluster level, go to Kubernetes > [Kubernetes Cluster] > Settings > Telemetry enrichment.
Global enrichment settings will not apply to Kubernetes clusters that have cluster-specific rules set.
-
Select Add rule.
-
Select
AnnotationorLabelin the Metadata type dropdown. -
Enter the annotation/label key in the Source field, following Kubernetes conventions:
source := (prefix/)?nameprefix := [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*name := ([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]The
sourcemaximum length is 75 characters. Thenamemaximum length is 63 characters. -
Select the Target - the name of the attribute on the Dynatrace data.
-
Select Save changes.
-
Wait for up to 45 minutes and restart your pods.
-
Navigate to one of your spans and verify that the metadata is successfully enriched.
In order for all data enrichment to work the Dynatrace Operator stores the values of the namespace annotations and labels on pods as special annotations using the following conventions:
annotations:metadata.dynatrace.com/<target>: <value> # created by the Operator
The pod annotation will be used to enrich the Dynatrace data with attributes:
<target>: <value>
Example
Rules
"rules":[{# rule #1"type": "Annotation","source": "metadata.example.com/team","target": "dt.security_context"},{# rule #2"type": "Label","source": "department","target": "dt.cost.costcenter"},{# rule #3"type": "Label","source": "app/name","target": "dt.cost.product"}]
Namespace
metadata:annotations:metadata.example.com/team: srelabels:department: it_servicesapp/name: fin_app
Pod
The Operator will create pod annotations:
metadata:annotations:metadata.dynatrace.com/dt.security_context: sre # created by the Operator from metadata.example.com/team namespace annotation by rule #1metadata.dynatrace.com/dt.cost.costcenter: it_services # created by the Operator from department namespace label by rule #2metadata.dynatrace.com/dt.cost.product: fin_app # created by the Operator from app/name namespace label by rule #3
Attributes on the telemetry data
The following attributes will enrich the data:
# come from pod annotations with the metadata.dynatrace.com prefixdt.security_context: sredt.cost.costcenter: it_servicesdt.cost.product: fin_app
Use dedicated dynatrace metadata pod annotations
You can enrich your data using dedicate pod annotations. You might create the following annotations at the pod level
metadata:annotations:metadata.dynatrace.com/dt.security_context: sremetadata.dynatrace.com/dt.cost.costcenter: it_servicesmetadata.dynatrace.com/dt.cost.product: fin_appmetadata.dynatrace.com/my.own.attribute: my_value
The following attributes will enrich the data:
dt.security_context: sredt.cost.costcenter: it_servicesdt.cost.product: fin_appmy.own.attribute: my_value
Manually added custom attributes, so anything that is not dt.security_context, dt.cost.costcenter or dt.cost.product, do not yet enrich K8s events and metrics.
Use OpenTelemetry environment variables
You can also choose to enrich your data via OpenTelemetry environment variable (without using Dynatrace Operator).
Enrichment via environment variables can be utilized in the following scenarios:
-
You do not have Dynatrace Operator installed and one of the following is true:
-
Your application is instrumented by OpenTelemetry and does not use the Extension Execution Controller.
With the Dynatrace OTLP metrics ingest API, you can send attributes of types string, Boolean, and integer.
-
OneAgent is used in the Application-only monitoring mode.
-
How it works
You can use the OTEL_RESOURCE_ATTRIBUTES environment variable to configure attributes.
Both OneAgent and OpenTelemetry will enrich your data with the attributes defined in OTEL_RESOURCE_ATTRIBUTES.
See the Resource semantic conventions for details.
Example
Pod
spec:containers:env:- name: OTEL_RESOURCE_ATTRIBUTESvalue: "dt.security_context=sre,dt.cost.costcenter=it_services,dt.cost.product=fin_app"
Attributes on the telemetry data
The following attributes will enrich the data:
dt.security_context: sredt.cost.costcenter: it_servicesdt.cost.product: fin_app