Containerized ActiveGate volumes

While running, the ActiveGate container writes data to certain directories within the root filesystem.

Writeable directories

Purpose of directory

Default path

ActiveGate configuration

/var/lib/dynatrace/gateway/config

ActiveGate SSL directory

/var/lib/dynatrace/gateway/ssl

ActiveGate temporary files

/var/tmp/dynatrace/gateway

ActiveGate logs

/var/log/dynatrace/gateway

Environment data

/var/lib/dynatrace/gateway/data

Dump files uploaded to ActiveGate by OneAgent

/var/lib/dynatrace/gateway/dump

ActiveGate temporary files

/var/lib/dynatrace/gateway/temp

Size requirements

See ActiveGate directories for estimated size requirements for each directory.

Hardened security

The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem is set to true.

This prevents the container from modifying any image content, so directories need to be set up using volumes.

Security context

securityContext:
  allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault

Volumes

volumeMounts:
  - name: server-certs-storage
    mountPath: /var/lib/dynatrace/gateway/ssl
  - name: ag-lib-gateway-config
    mountPath: /var/lib/dynatrace/gateway/config
  - name: ag-lib-gateway-temp
    mountPath: /var/lib/dynatrace/gateway/temp
  - name: ag-lib-gateway-data
    mountPath: /var/lib/dynatrace/gateway/data
  - name: ag-log-gateway
    mountPath: /var/log/dynatrace/gateway
  - name: ag-tmp-gateway
    mountPath: /var/tmp/dynatrace/gateway

Refer to ActiveGate storage requirements for volume sizing.