Containerized ActiveGate volumes

While running, the ActiveGate container writes data to certain directories within the root filesystem.

Writeable directories

Purpose of directory	Default path
ActiveGate configuration	`/var/lib/dynatrace/gateway/config`
ActiveGate SSL directory	`/var/lib/dynatrace/gateway/ssl`
ActiveGate temporary files	`/var/tmp/dynatrace/gateway`
ActiveGate logs	`/var/log/dynatrace/gateway`
Environment data	`/var/lib/dynatrace/gateway/data`
Dump files uploaded to ActiveGate by OneAgent	`/var/lib/dynatrace/gateway/dump`
ActiveGate temporary files	`/var/lib/dynatrace/gateway/temp`

Size requirements

See ActiveGate directories for estimated size requirements for each directory.

Hardened security

The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem is set to true.

This prevents the container from modifying any image content, so directories need to be set up using volumes.

Security context

securityContext:
  allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault

Volumes

volumeMounts:
  - name: server-certs-storage
    mountPath: /var/lib/dynatrace/gateway/ssl
  - name: ag-lib-gateway-config
    mountPath: /var/lib/dynatrace/gateway/config
  - name: ag-lib-gateway-temp
    mountPath: /var/lib/dynatrace/gateway/temp
  - name: ag-lib-gateway-data
    mountPath: /var/lib/dynatrace/gateway/data
  - name: ag-log-gateway
    mountPath: /var/log/dynatrace/gateway
  - name: ag-tmp-gateway
    mountPath: /var/tmp/dynatrace/gateway

Refer to ActiveGate storage requirements for volume sizing.