Set up Kubernetes Automation

Preview release

Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.

For more information, see

After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.

Learn how to set up Kubernetes Automation for Workflows, including EdgeConnect. After this setup, you can start using Kubernetes actions in your workflow.

Prerequisite

Access to a Kubernetes (K8s) cluster.

Steps

Step 1

Install Kubernetes Automation for Workflows

Step 2

Deploy EdgeConnect

Step 3

Create the connection

Step 4

Grant permissions to Workflows

Step 1 Install Kubernetes Automation for Workflows

To use the Kubernetes Automation for Workflows actions, you need to install Kubernetes Automation for Workflows from Dynatrace Hub.

Ensure you join the Kubernetes Automation Preview program and activate the capability by following these steps.

  1. In Dynatrace Hub Hub, select Kubernetes Automation for Workflows.
  2. Select Install.

Step 2 Deploy EdgeConnect for Kubernetes Automation

Follow the steps described in EdgeConnect for Kubernetes Automation.

Step 3 Create the connection

The Kubernetes workflow actions require a connection to select the Kubernetes cluster where the workflow actions operate. A connection selects the Kubernetes cluster, specifically the deployed EdgeConnect used to send requests to the Kubernetes API. A connection consists of the following fields:

Field Name
Description
EdgeConnect Name
The name of EdgeConnect. The name has to match the EdgeConnect configuration in the Dynatrace platform.
K8s Cluster UID
The UID of the kube-system namespace used as a pseudo-ID for the cluster.
Namespace
The namespace where EdgeConnect is deployed.
Token
The token required by EdgeConnect to access the ServiceAccount token.

You can skip the following steps using the Operator-supported setup of EdgeConnect because the Operator automates these.

To add a new Kubernetes Automation connection

  1. Go to Settings Settings > Dynatrace Apps > Kubernetes Automation Connections.

  2. Select Add item to add a connection.

  3. Enter the name of the EdgeConnect deployment in EdgeConnect Name. You can find the name of EdgeConnect in your EdgeConnect configuration.

  4. Enter in K8s Cluster UID the UID returned by this command:

    kubectl get namespace kube-system --output jsonpath={.metadata.uid}

  5. Enter the Kubernetes namespace where the EdgeConnect is deployed in Namespace.

  6. Enter the token used in your EdgeConnect configuration in Token.

  7. optional Select Validate Connection to check if your new connection is valid.

  8. Select Save changes.

Dynatrace Account Management supports controlling what groups can use a connection. You need to define a policy with the statement ALLOW app-settings:objects:read WHERE settings:schemaId = "app:dynatrace.kubernetes.connector:connection" and assign this policy to a group that should be allowed to use the connections. All users within this group can then use all the connections.

Dynatrace Account Management permission does not support controlling the access for single connections.

Step 4 Grant permissions to Workflows

Some permissions are required by Workflows to run actions on your behalf.

To fine-tune permissions granted to Workflows

  1. Go to Workflows and select Settings > Authorization settings.

  2. Select the following permissions besides the general Workflows permission.

    • app-settings:objects:read
    • state:app-states:read
    • state:app-states:write

For more on general Workflows user permissions, see User permissions for workflows.

Related topics