Provision EdgeConnect for Dynatrace environment

EdgeConnect facilitates secure interactions between applications, workflows, and internal systems within a Kubernetes environment. This guide provides detailed steps for provisioning EdgeConnect for a Dynatrace environment.

Step 1

Create OAuth client

Step 2

Configure EdgeConnect

Step 3

Create OAuth credentials secret

Step 1 Create OAuth client

  1. Go to Account Management > Identity & access management > OAuth clients.
  2. Create an OAuth client with the following scopes.
    • app-engine:edge-connects:connect
    • app-engine:edge-connects:write
    • app-engine:edge-connects:read
    • app-engine:edge-connects:delete
    • oauth2:clients:manage
  3. Save the ID, secret, and your Dynatrace account URN.

Step 2 Configure EdgeConnect

  1. Configure the EdgeConnect custom resource file with provisioner: true and hostPatterns properties.

    apiVersion: dynatrace.com/v1alpha2
    kind: EdgeConnect
    metadata:
      name: sample-edge-connect-name
      namespace: dynatrace
    spec:
      apiServer: "<environment-id>.apps.dynatrace.com"
      hostPatterns:
        - '*.mycompany.org'
      oauth:
        provisioner: true
        clientSecret: edgeconnect-oauth
        endpoint: https://sso.dynatrace.com/sso/oauth2/token
        resource: urn:dtenvironment:<tenant>

  2. Apply the EdgeConnect custom resource.

    kubectl apply -f edgeconnect.yaml

Rotating the OAuth credentials is not immediately reflected in the EdgeConnect deployment. This may lead to authentication issues until Dynatrace Operator reconciles the EdgeConnect deployment.

Step 3 Create OAuth credentials secret

  1. Create a secret with the OAuth credentials.

    apiVersion: v1
    kind: Secret
    metadata:
      name: edgeconnect-oauth
      namespace: dynatrace
    data:
      oauth-client-id: <base64 encoded client id>
      oauth-client-secret: <base64 encoded client secret>

  2. Apply the secret.

    kubectl apply -f edgeconnect-oauth-secret.yaml

Related topics