Containerized ActiveGate volumes

While running, the ActiveGate container writes data to certain directories within the root filesystem.

Writeable directories

Purpose of directory	Default path
ActiveGate configuration	`/var/lib/dynatrace/gateway/config`
ActiveGate SSL directory	`/var/lib/dynatrace/gateway/ssl`
ActiveGate temporary files	`/var/tmp/dynatrace/gateway`
ActiveGate logs	`/var/log/dynatrace/gateway`
Environment data	`/var/lib/dynatrace/gateway/data`
Dump files uploaded to ActiveGate by OneAgent	`/var/lib/dynatrace/gateway/dump`
ActiveGate temporary files	`/var/lib/dynatrace/gateway/temp`

Size requirements

See ActiveGate directories for estimated size requirements for each directory.

Hardened security

The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem is set to true.

This prevents the container from modifying any image content, so directories need to be set up using volumes.

Security context

1securityContext:
2  allowPrivilegeEscalation: false
3    capabilities:
4      drop:
5      - all
6      privileged: false
7      readOnlyRootFilesystem: true
8      runAsNonRoot: true
9      seccompProfile:
10        type: RuntimeDefault

Volumes

1volumeMounts:
2  - name: server-certs-storage
3    mountPath: /var/lib/dynatrace/gateway/ssl
4  - name: ag-lib-gateway-config
5    mountPath: /var/lib/dynatrace/gateway/config
6  - name: ag-lib-gateway-temp
7    mountPath: /var/lib/dynatrace/gateway/temp
8  - name: ag-lib-gateway-data
9    mountPath: /var/lib/dynatrace/gateway/data
10  - name: ag-log-gateway
11    mountPath: /var/log/dynatrace/gateway
12  - name: ag-tmp-gateway
13    mountPath: /var/tmp/dynatrace/gateway

Refer to ActiveGate storage requirements for volume sizing.