The Kubernetes Enhanced Object Visibility Preview introduces a new way to explore Kubernetes environments in Dynatrace, offering deeper visibility, improved performance, and powerful troubleshooting capabilities. This feature will be available as an opt-in preview and can be enabled per cluster or tenant. We aim to publish this preview in early October 2025.
Dynatrace SaaS environment powered by Grail and AppEngine
There is a very small exception for a few specific tenants that won't be able to access the preview. More information on that will be available within the product.
DPS license with the Kubernetes Platform Monitoring capability on your Rate Card
Visibility into additional Kubernetes objects: Ingress, NetworkPolicies, CRDs, PVCs, PVs, ConfigMaps, and more.
Access to YAML definitions to debug and validate configurations in real time.
Ability to query YAMLs across all clusters and namespaces using Dynatrace Query Language (DQL) to instantly surface misconfigurations, missing references, or policy violations across your Kubernetes environment
Specifically, this preview unlocks visibility into:
Secrets and ConfigMaps are not ingested by default due to potentially sensitive content. You can manually grant permissions to ingest these objects. Sensitive fields will be masked on ingest. To learn how to add also config maps and secrets, see the Setup tab.
This preview also adds insights into the YAML files of all Kubernetes objects, allowing you to inspect object configurations directly in Dynatrace. Turn on Watch to stream updates of these configurations within a few seconds to the web UI, allowing for fast validation of recent changes. The YAML is currently limited to a size of 32 kb, and we automatically strip less important fields (for example, /metadata/managedFields and kubectl.kubernetes.io/last-applied-configuration annotation).
These additions are available upon opt-in on the additional Explorer (Preview) tab of the Kubernetes app.
A variety of further use-cases are unlocked, by allowing users to query all YAML files also via DQL. You can find a notebook with different examples within our community.
To opt in to this preview, go to Settings > Cloud and virtualization > Kubernetes app. This setting is available within the scope of your tenant or within the scope a monitored Kubernetes cluster.
We recommend getting started by enabling the preview only for a single Kubernetes cluster first, as this new functionality might increase the load on the ActiveGate monitoring this cluster. To enable this only for one cluster, go to the Settings of a selected cluster within the Kubernetes app and select > Connection settings in the upper-right corner of the cluster's detail page.
If you've set tight resource constraints (CPU and memory limits) on the ActiveGate monitoring this cluster, this might cause interruptions in your monitoring. You can easily remedy that by increasing the configured limits, or by removing them temporarly to find a good fit for new limits. While the ingest of additional data can be controlled on a cluster-by-cluster basis, the additional Explorer (Preview) tab within the Kubernetes app is available as soon as any cluster is enabled for the preview.
Unlocking ConfigMaps and Secrets
To gain visibility into ConfigMaps and Secrets, you need to grant additional permissions to the ActiveGate, allowing it to access these objects. By default, this functionality is disabled because these objects might contain sensitive data. For Secrets, ActiveGate automatically applies data masking.
Apply the following YAML with kubectl to enable these objects:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-kubernetes-monitoring-sensitive
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-kubernetes-monitoring-sensitive
subjects:
-kind: ServiceAccount
name: dynatrace-kubernetes-monitoring
namespace: dynatrace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-kubernetes-monitoring-sensitive
labels:
rbac.dynatrace.com/aggregate-to-monitoring:"true"
name: dynatrace-kubernetes-monitoring-sensitive
rules:
-apiGroups:
-""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- get
Does this preview increase my DPS consumption?
The preview builds upon the existing Kubernetes app and the corresponding license based on pod-hours. The consumed pod-hours include insights into all newly added Kubernetes objects, meaning there won't be any increase in DPS consumption specific to this preview.
What happens technically by joining this preview?
Dynatrace starts to ingest Kubernetes objects additionally into the new Smartscape. The newly unlocked objects (for example, Ingress, Network Policies) will only be available in the new Smartscape. This unlocks easier DQL access, faster queries, and access to the YAML of these objects. We will continue to write the existing entities into the old storage. In our community, you also find a notebook that helps you get started working with Kubernetes objects stored in the new Smartscape using DQL. Within the Kubernetes app, the new Explorer (Preview) automatically leverages the new Smartscape in the background, while the already existing Explorer continues to operate on data stored in our old storage.
Where will this preview go from here?
The Explorer (Preview) will incrementally improve over the next months until it includes all the same features as the existing Explorer. With the GA of this new functionality, Explorer (Preview) will replace the existing Explorer for everyone, and we also plan to include more custom resources. We would be happy to hear your feedback on which ones would be most important to you.
We will continue for some time to offer the entities that powered the former Explorer via DQL (for example, fetch dt.entity.cloud_application).
What observability option do I need for this preview? Do I need Full-Stack observability?
This preview is based on Kubernetes platform monitoring, which is included in all observability options.
What are top-level workloads?
A top-level workload is the topmost controlling owner of a Pod.
Possible top-level workload types are: Deployment, ReplicaSet, StatefulSet, DaemonSet, Job, CronJob, ReplicationController, DeploymentConfig.
A list of those workloads can be found in the Top-level workloads menu entry.
Learn more
Dive deeper into the Kubernetes app with the following resources:
