Set up Kubernetes Automation
Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.
For more information, see
After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.
Learn how to set up Kubernetes Automation for Workflows, including EdgeConnect. After this setup, you can start using Kubernetes actions in your workflow.
Prerequisite
Access to a Kubernetes (K8s) cluster.
Steps
Install Kubernetes Automation for Workflows
Deploy EdgeConnect
Create the connection
Grant permissions to Workflows
Install Kubernetes Automation for Workflows
To use the Kubernetes Automation for Workflows actions, you need to install Kubernetes Automation for Workflows from Dynatrace Hub.
Ensure you join the Kubernetes Automation Preview program and activate the capability by following these steps.
- In Dynatrace Hub , select Kubernetes Automation for Workflows.
- Select Install.
Deploy EdgeConnect for Kubernetes Automation
Follow the steps described in EdgeConnect for Kubernetes Automation.
Create the connection
The Kubernetes workflow actions require a connection to select the Kubernetes cluster where the workflow actions operate. A connection selects the Kubernetes cluster, specifically the deployed EdgeConnect used to send requests to the Kubernetes API. A connection consists of the following fields:
kube-system
namespace used as a pseudo-ID for the cluster.You can skip the following steps using the Operator-supported setup of EdgeConnect because the Operator automates these.
To add a new Kubernetes Automation connection
-
Go to Settings and select Connections > Connectors > Kubernetes.
-
Select Connection
-
Enter the name of the EdgeConnect deployment in EdgeConnect Name. You can find the name of EdgeConnect in your EdgeConnect configuration.
-
Enter in K8s Cluster UID the UID returned by this command:
kubectl get namespace kube-system --output jsonpath={.metadata.uid} -
Enter the Kubernetes namespace where the EdgeConnect is deployed in Namespace.
-
Enter the token used in your EdgeConnect configuration in Token.
-
optional Select Validate Connection to check if your new connection is valid.
-
Select Create.
Dynatrace Account Management supports controlling what groups can use a connection. You need to define a policy with the statement ALLOW app-settings:objects:read WHERE settings:schemaId = "app:dynatrace.kubernetes.connector:connection"
and assign this policy to a group that should be allowed to use the connections.
All users within this group can then use all the connections.
Dynatrace Account Management permission does not support controlling the access for single connections.
Grant permissions to Workflows
Some permissions are required by Workflows to run actions on your behalf.
To fine-tune permissions granted to Workflows
-
Go to Workflows and select Settings > Authorization settings.
-
Select the following permissions besides the general Workflows permission.
app-settings:objects:read
state:app-states:read
state:app-states:write
For more on general Workflows user permissions, see User permissions for workflows.