DynaKube parameters for Dynatrace Operator

This page will help you to understand and configure the Kubernetes Custom Resource "DynaKube", enabling you to optimize your Dynatrace Operator setup according to your specific requirements.

The following table lists the minimum required Dynatrace Operator versions for each DynaKube API version.

DynaKube API version
Minimum Dynatrace Operator version
v1beta3
1.4.0+
v1beta2
1.2.0+
v1beta1
All versions

See the DynaKube YAML samples on GitHub.

Dynatrace Operator version 1.4.0+

.spec

  • apiUrl parameter is required.
  • All other parameters are optional.
Parameter
Description
Default value
Data type
apiUrl
Dynatrace apiUrl, including the /api path at the end.
- For SaaS, set YOUR_ENVIRONMENT_ID to your environment ID.
- For Managed, change the apiUrl address.
For instructions on how to determine the environment ID and how to configure the apiUrl address, see Environment ID
-
string
customPullSecret
Defines a custom pull secret in case you use a private registry when pulling images from the Dynatrace environment.
To define a custom pull secret and learn about the expected behavior, see Configure customPullSecret.
-
string
dynatraceApiRequestThreshold
Minimum minutes between Dynatrace API requests.
15
integer
enableIstio
When enabled, and if Istio is installed on the Kubernetes environment, Dynatrace Operator will create the corresponding VirtualService and ServiceEntry objects to allow access to the Dynatrace Cluster from the OneAgent or ActiveGate.
Disabled by default.
-
boolean
networkZone
Sets a network zone for the OneAgent and ActiveGate pods.
-
string
proxy
Set custom proxy settings either directly or from a secret with the field proxy.
Applies to Dynatrace Operator, ActiveGate, and OneAgents.
-
DynaKubeProxy
skipCertCheck
Disable certificate check for the connection between Dynatrace Operator and the Dynatrace Cluster.
Set to true if you want to skip certification validation checks.
-
boolean
tokens
Name of the secret holding the tokens used for connecting to Dynatrace.
-
string
trustedCAs
Adds custom RootCAs from a configmap.
The key to the data must be certs.
This applies to Dynatrace Operator, OneAgent, and ActiveGate.
-
string

.spec.oneAgent

Parameter
Description
Default value
Data type
hostGroup
Specify the name of the group to which you want to assign the host. This method is preferred over the now obsolete --set-host-group argument. If both settings are used, this field takes precedence over the --set-host-group argument.
Not applicable
string

.spec.oneAgent.cloudNativeFullStack

  • All parameters are optional.

recommended

Parameter
Description
Default value
Data type
annotations
Add custom OneAgent annotations.
Not applicable
map[string]string
args
Set additional arguments to the OneAgent installer.
For available options, see Linux custom installation.
For the list of limitations, see Limitations.
Not applicable
[]string
autoUpdate
true
boolean
codeModulesImage
The OneAgent image that is used to inject into pods
Not applicable
string
dnsPolicy
Set the DNS Policy for OneAgent pods.
For details, see Pods DNS Policy.
ClusterFirstWithHostNet
string
env
Set additional environment variables for the OneAgent pods.
Not applicable
[]EnvVar
image
Use a custom OneAgent Docker image.
The image from the Dynatrace cluster.
string
initResources
Define resources requests and limits for the initContainer. For details, see Managing resources for containers.
Not applicable
ResourceRequirements
labels
Your defined labels for OneAgent pods in order to structure workloads as desired.
Not applicable
map[string]string
namespaceSelector
The namespaces where you want Dynatrace Operator to inject.
For more information, see Configure monitoring for namespaces and pods.
Not applicable
LabelSelector
nodeSelector
Specify the node selector that controls on which nodes OneAgent will be deployed.
Not applicable
map[string]string
oneAgentResources
Resource settings for OneAgent container. Consumption of the OneAgent heavily depends on the workload to monitor. You can use the default settings in the CR.
resource.requests shows the values needed to run; resource.limits shows the maximum limits for the pod.
Not applicable
ResourceRequirements
priorityClassName
Assign a priority class to the OneAgent pods. By default, no class is set.
For details, see Pod Priority and Preemption.
Not applicable
string
secCompProfile
The SecComp Profile that will be configured in order to run in secure computing mode.
-
string
tolerations
Tolerations to include with the OneAgent DaemonSet.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
version
The OneAgent version to be used for host monitoring OneAgents running in the dedicated pod. This setting doesn't affect the OneAgent version used for application monitoring.
The latest version is used by default.
string

.spec.oneAgent.classicFullStack

  • All parameters are optional.
Parameter
Description
Default value
Data type
annotations
Add custom OneAgent annotations.
Not applicable
map[string]string
args
Set additional arguments to the OneAgent installer.
For available options, see Linux custom installation.
For the list of limitations, see Limitations.
Not applicable
[]string
autoUpdate
true
boolean
dnsPolicy
Set the DNS Policy for OneAgent pods.
For details, see Pods DNS Policy.
ClusterFirstWithHostNet
string
env
Set additional environment variables for the OneAgent pods.
Not applicable
[]EnvVar
image
Use a custom OneAgent Docker image. Defaults to the image from the Dynatrace cluster.
Name of the image.
string
labels
Your defined labels for OneAgent pods in order to structure workloads as desired.
Not applicable
map[string]string
nodeSelector
Specify the node selector that controls on which nodes OneAgent will be deployed.
Not applicable
map[string]string
oneAgentResources
Resource settings for OneAgent container. Consumption of the OneAgent heavily depends on the workload to monitor. You can use the default settings in the CR.
resource.requests shows the values needed to run; resource.limits shows the maximum limits for the pod.
Not applicable
ResourceRequirements
priorityClassName
Assign a priority class to the OneAgent pods. By default, no class is set.
For details, see Pod Priority and Preemption.
Not applicable
string
secCompProfile
The SecComp Profile that will be configured in order to run in secure computing mode.
-
string
tolerations
Tolerations to include with the OneAgent DaemonSet.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
version
The OneAgent version to be used.
The latest version is used by default.
string

.spec.oneAgent.applicationMonitoring

  • All parameters are optional.
Parameter
Description
Default value
Data type
codeModulesImage
The OneAgent image that is used to inject into pods
Not applicable
string
initResources
Define resources requests and limits for the initContainer. For details, see Managing resources for containers.
Not applicable
ResourceRequirements
namespaceSelector
The namespaces where you want Dynatrace Operator to inject.
For more information, see Configure monitoring for namespaces and pods.
-
LabelSelector
version
The OneAgent version to be used.
The latest version is used by default.
string

.spec.oneAgent.hostMonitoring

  • All parameters are optional.
Parameter
Description
Default value
Data type
annotations
Add custom OneAgent annotations.
Not applicable
map[string]string
args
Set additional arguments to the OneAgent installer.
For available options, see Linux custom installation.
For the list of limitations, see Limitations.
Not applicable
[]string
autoupdate
true
boolean
dnsPolicy
Set the DNS Policy for OneAgent pods.
For details, see Pods DNS Policy.
ClusterFirstWithHostNet
string
env
Set additional environment variables for the OneAgent pods.
Not applicable
[]EnvVar
image
Use a custom OneAgent Docker image.
The image from the Dynatrace cluster.
string
labels
Your defined labels for OneAgent pods in order to structure workloads as desired.
Not applicable
map[string]string
nodeSelector
Specify the node selector that controls on which nodes OneAgent will be deployed.
Not applicable
map[string]string
oneAgentResources
Resource settings for OneAgent container. Consumption of the OneAgent heavily depends on the workload to monitor. You can use the default settings in the CR.
resource.requests shows the values needed to run; resource.limits shows the maximum limits for the pod.
Not applicable
ResourceRequirements
priorityClassName
Assign a priority class to the OneAgent pods. By default, no class is set.
For details, see Pod Priority and Preemption.
Not applicable
string
secCompProfile
The SecComp Profile that will be configured in order to run in secure computing mode.
-
string
tolerations
Tolerations to include with the OneAgent DaemonSet.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
version
The OneAgent version to be used.
The latest version is used by default.
string

.spec.activeGate

  • capabilities parameter is required.
  • resources and group parameters are recommended.
  • All other parameters are optional.
Parameter
Description
Default value
Data type
annotations
Add custom ActiveGate annotations.
Not applicable
map[string]string
capabilities
Defines the ActiveGate pod capabilities: what functionality should be enabled.
Possible values:
- routing enables OneAgent routing.
- kubernetes-monitoring enables Kubernetes API monitoring.
- metrics-ingest1 opens the metrics ingest endpoint on the DynaKube ActiveGate and redirects all pods to it.
- dynatrace-api1 enables calling the Dynatrace API via ActiveGate.
Not applicable
string
customProperties
Add a custom properties file by providing it as a value or by referencing it from a secret.
When referencing a custom properties file from a secret, make sure that the key is named customProperties. See How to add a custom properties file for details.
Not applicable
string
dnsPolicy
Set the DNS policy for ActiveGate pods.
ClusterFirstWithHostNet
string
env
Set additional environment variables for the ActiveGate pods.
Not applicable
[]EnvVar
group
Set ActiveGate group. See Customize ActiveGate properties for details.
Not applicable
string
image
Use a custom ActiveGate image. Defaults to the latest ActiveGate image from the Dynatrace cluster.
Not applicable
string
labels
Your defined labels for ActiveGate pods in order to structure workloads as desired.
Not applicable
map[string]string
nodeSelector
Specify the node selector that controls on which nodes ActiveGate will be deployed.
Not applicable
map[string]string
priorityClassName
Assign a priority class to the ActiveGate pods. By default, no class is set.
For details, see Pod Priority and Preemption.
Not applicable
string
replicas
Amount of replicas of ActiveGate pods.
1
int
resources
Resource settings for ActiveGate container. Consumption of the ActiveGate heavily depends on the workload to monitor; adjust values accordingly.
Not applicable
ResourceRequirements
tlsSecretName
Name of a secret containing ActiveGate TLS certificate, key, and password. If not set, a self-signed certificate is used. For details, see How to add a custom certificate for ActiveGate.
Not applicable
string
tolerations
Set tolerations for the ActiveGate pods.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
topologySpreadConstraints
Adds topology spread constraints to the ActiveGate pods.
Not applicable
[]corev1.TopologySpreadConstraint
1

A custom certificate is required for this capability. See the tlsSecretName parameter for details.

.spec.metadataEnrichment

  • All parameters are optional.
Parameter
Description
Default value
Data type
enabled
Enables MetadataEnrichment, false by default.
false
boolean
namespaceSelector
The namespaces where you want Dynatrace Operator to inject. For more information, see Configure monitoring for namespaces and pods.
Not applicable
LabelSelector

.spec.extensions

Available with a future Dynatrace version (CQ2/2025).

Adding this section enables extension support in Kubernetes. To use extensions

  • kubernetes_monitoring is mandatory and has to be added to the list of ActiveGate capabilities in .spec.activeGate.capabilities and
  • The feature flag feature.dynatrace.com/automatic-kubernetes-api-monitoring must not be set to false.

.spec.kspm

Adding this section enables Kubernetes Security Posture Management (KSPM). To use KSPM

  • kubernetes_monitoring is mandatory and has to be added to the list of ActiveGate capabilities in .spec.activeGate.capabilities and
  • The feature flag feature.dynatrace.com/automatic-kubernetes-api-monitoring must not be set to false.

.spec.logMonitoring

Available with Dynatrace version 1.306 and OneAgent 1.305

To use Log Monitoring

  • kubernetes_monitoring is mandatory and has to be added to the list of ActiveGate capabilities in .spec.activeGate.capabilities

  • The feature flag feature.dynatrace.com/automatic-kubernetes-api-monitoring must not be set to false.

  • All parameters in .spec.logMonitoring are optional.

Parameter
Description
Default value
Data type
ingestRuleMatchers
Specifies the rules and conditions for matching ingest attributes.
Not applicable

.spec.logMonitoring.ingestRuleMatchers

Parameter
Description
Default value
Data type
attribute
Specifies the attribute name for matching ingest rules.
Not applicable
string
values
Lists the values that the attribute must match for an ingest rule to apply.
Not applicable
[]string

Example:

ingestRuleMatchers:
  - attribute: "k8s.namespace.name"
    values:
    - "kube-system"
    - "dynatrace"
    - "default"
  - attribute: "k8s.pod.annotation",
    values:
    - "logs.dynatrace.com/ingest=true"
    - "category=security"

.spec.templates

.spec.templates.kspmNodeConfigurationCollector

Parameter
Description
Default value
Data type
updateStrategy
Define the Node Configuration Collector daemonSet updateStrategy
Not applicable
DaemonSetUpdateStrategy
labels
Add custom labels to the Node Configuration Collector pods.
Not applicable
map[string]string
annotations
Add custom annotations to the Node Configuration Collector pods.
Not applicable
map[string]string
nodeSelector
Specify the node selector that controls on which nodes the Node Configuration Collector pods will be deployed.
Not applicable
map[string]string
imageRef
Overrides the default image.
Not applicable
priorityClassName
If specified, indicates the pod's priority. Name must be defined by creating a PriorityClass object wiht that name. If not specified the setting will be removed from the DaemonSet.
Not applicable
string
resources
Define resource requests and limits for Node Configuration Collector pods.
Not applicable
ResourceRequirements
nodeAffinity
Define the nodeAffinity for the DaemonSet of the Node Configuration Collector
Not applicable
NodeAffinity
tolerations
Set tolerations for the Node Configuration Collector pods.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
args
Set additional arguments for the Node Configuration Collector main container.
Not applicable
[]string
env
Set additional environment variables for the Node Configuration Collector main container.
Not applicable
[]string

.spec.templates.kspmNodeConfigurationCollector.imageRef

Parameter
Description
Default value
Data type
repository
URL of Node Configuration Collector image.
Not applicable
string
tag
Tag for Node Configuration Collector image.
Not applicable
string

.spec.templates.logMonitoring

Available with Dynatrace version 1.306 and OneAgent 1.305

  • imageRef parameter is required.
Parameter
Description
Default value
Data type
annotations
Add custom annotations to the LogMonitoring pods.
Not applicable
map[string]string
labels
Add custom labels to the LogMonitoring pods.
Not applicable
map[string]string
nodeSelector
Specify the node selector that controls on which nodes the LogMonitoring pods will be deployed.
Not applicable
map[string]string
imageRef
Overrides the default image for the LogMonitoring pods.
Not applicable
dnsPolicy
Set the DNS policy for LogMonitoring pods.
ClusterFirst
string
priorityClassName
Assign a priority class to the LogMonitoring pods. By default, no class is set.
Not applicable
string
secCompProfile
Configures a SecComp profile to enable secure computing mode for the LogMonitoring pods.
Not applicable
string
resources
Define resource requests and limits for LogMonitoring pods.
Not applicable
ResourceRequirements
nodeAffinity
Define the nodeAffinity for the DaemonSet of the NodeConfigurationCollector
Not applicable
corev1.NodeAffinity
tolerations
Set tolerations for the LogMonitoring pods.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
args
Set additional arguments for the LogMonitoring main container.
Not applicable
[]string
updateStrategy
Define the NodeConfigurationCollector daemonSet updateStrategy.
Not applicable
appsv1.DaemonSetUpdateStrategy

.spec.templates.logMonitoring.imageRef

Available with Dynatrace version 1.306 and OneAgent 1.305

Parameter
Description
Default value
Data type
repository
URL of LogMonitoring image.
Not applicable
string
tag
Tag for LogMonitoring image.
Not applicable
string

.spec.templates.extensionExecutionController

Available with a future Dynatrace version in (CQ2/2025).

  • imageRef parameter is required.
  • All other parameters are optional.
Parameter
Description
Default value
Data type
imageRef
Image that is used for Extension Execution Controller. This field is mandatory.
Not applicable
persistentVolumeClaim
PVC for the Extension Execution Controller. If not specified a default PVC is used.
Not applicable
PersistentVolumeClaim
labels
Lables applied to Extension Execution Controller pod.
Not applicable
map[string]string
annotations
Annotations applied to Extension Execution Controller pod.
Not applicable
map[string]string
tlsRefName
Secret containing a TLS certificate for communication between Extension Execution Controller and OpenTelemetry Collector.
Not applicable
string
customConfig
ConfigMap holding a custom Extension Execution Controller configuration.
Not applicable
string
customExtensionCertificates
Secret holding certificates that have been used to sign custom extensions. Needed for extensions signature validation by Extension Execution Controller.
Not applicable
string
resources
Resource settings for Extension Execution Controller pod.
Not applicable
ResourceRequirements
tolerations
Tolerations for Extension Execution Controller pod.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
topologySpreadConstraints
Topology spread constraints for Extension Execution Controller pod.
Not applicable
[]corev1.TopologySpreadConstraint

.spec.templates.extensionExecutionController.imageRef

Available with a future Dynatrace version (CQ2/2025).

Parameter
Description
Default value
Data type
repository
URL of Extension Execution Controller image.
Not applicable
string
tag
Tag for Extension Execution Controller image.
Not applicable
string

.spec.templates.openTelemetryCollector

Available with a future Dynatrace version (CQ2/2025).

  • All parameters are optional.
Parameter
Description
Default value
Data type
imageRef
Image that is used for OpenTelemetry Collector.
Not applicable
replicas
Number of OpenTelemetry Collector replicas.
1
int32
labels
Labels applied to OpenTelemetry Collector pod.
Not applicable
map[string]string
annotations
Annotations applied to OpenTelemetry Collector pod.
Not applicable
map[string]string
tlsRefName
Secret containing a TLS certificate used by OpenTelemetry Collector to verify connections to endpoints of other components.
Not applicable
string
resources
Resource settings for OpenTelemetry Collector pod.
Not applicable
ResourceRequirements
tolerations
Tolerations for OpenTelemetry Collector pod.
For details, see Taints and Tolerations.
Not applicable
[]Toleration
topologySpreadConstraints
Topology spread constraints for OpenTelemetry Collector pod.
Not applicable
[]corev1.TopologySpreadConstraint

.spec.templates.openTelemetryCollector.imageRef

Available with a future Dynatrace version (CQ2/2025).

Parameter
Description
Default value
Data type
repository
URL of OpenTelemetry Collector image.
public.ecr.aws/dynatrace/dynatrace-otel-collector
string
tag
Tag for OpenTelemetry Collector image.
latest
string