OCP version 3.11 Provide image pull secrets.
Skip this step if you're using a later version.
In order to use the certified OneAgent Operator and OneAgent images from Red Hat Container Catalog (RHCC), you need to provide image pull secrets. The Service Accounts on the openshift.yaml manifest already have links to the secrets to be created below.
For OpenShift versions earlier than 3.11.188 you need to delete thetype: objectline beneath the required spec validation inopenshift.yamlbefore deploying theCustomResourceDefinition (OpenShift known bug).
required:
- spec
type: object # delete this line, which is a validation rule
Create the secret that holds the API and PaaS tokens for authenticating to the Dynatrace Cluster.
The name of the secret will be important in a later step when you configure the custom resource (.spec.tokens). In the following code-snippet the name is oneagent. Be sure to replace API_TOKEN and PAAS_TOKEN with the values mentioned in prerequisites.
Save the custom resource.
The rollout of Dynatrace OneAgent is governed by a custom resource of type OneAgent. Retrieve the cr.yaml file from the GitHub repository.
If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.
Example:
args:
- "--set-proxy="
Parameter
Description
Default value
apiUrl
required For Dynatrace SaaS, where OneAgent can connect to the internet, replace the Dynatrace ENVIRONMENTID in https://ENVIRONMENTID.live.dynatrace.com/api. For Environment ActiveGates (SaaS or Managed), use the following to download the OneAgent, as well as to communicate OneAgent traffic through the ActiveGate: https://YourActiveGateIP or FQDN:9999/e/<ENVIRONMENTID>/api.
optional Name of the secret that holds the API and PaaS tokens from above.
Name of custom resource (.metadata.name) if unset
useImmutableImage
optional Set to true if you want to pull a OneAgent Docker image from your Dynatrace environment. Use this parameter together with the agentVersion parameter to control the version of OneAgent.
false
agentVersion
optional Set this value to the OneAgent version using semantic versioning (major.minor.patch). Example: 1.203.0
optional Environment variables for OneAgent container.
skipCertCheck
optional Disable certificate validation checks for installer download and API communication. Set to true if you want to skip any certification validation checks.
false
nodeSelector
optional Keep empty default value. If you want to roll out OneAgent to specific nodes only, provide the nodeSelectors here. Refer to Kubernetes docs for details.
tolerations
optional Keep default value to also roll out the OneAgent to master nodes if possible. If you want to apply additional tolerations to OneAgent pods for tainted nodes, provide them here. Refer to Kubernetes docs for details.
image
optional Define the OneAgent image to be taken. Defaults to the publicly available OneAgent image on Docker Hub. In order to use the certified OneAgent image from Red Hat Container Catalog you need to set .spec.image to registry.connect.redhat.com/dynatrace/oneagent in the custom resource and provide image pull secrets as shown in the next step.
docker.io/dynatrace/oneagent:latest if unset
resources
optional Resource requests/limits for the OneAgent pods. These settings heavily depend on size of worker nodes and workloads. Please adjust to fit your needs.
optional Disable the Operator's auto-update feature for OneAgent pods.
false
enableIstio
optional Enable management of Istio service entries and virtual services for Dynatrace endpoints to allow for OneAgent monitoring egress traffic to your Dynatrace environment
false
trustedCAs
optional Name of the ConfigMap containing the custom CA certificates. The ConfigMap must have a field called certs with the content of the PEM bundle. These custom certificates will be used by both the OneAgent Operator and the OneAgent.
If not set, the default embedded certificates on the images will be used.
Create the custom resource.
oc apply -f cr.yaml
optional Configure proxy.
You can configure optional parameters like proxy settings in the cr.yaml file in order to
download the OneAgent installer
ensure the communication between the OneAgent and your Dynatrace environment
ensure the communication between the Dynatrace OneAgent Operator and the Dynatrace API.
There are two ways to provide the proxy, depending on whether or not your proxy uses credentials.
If you have a proxy that doesn't use credentials, enter your proxy URL directly in the value field for the proxy.
Example
apiVersion: dynatrace.com/v1alpha1
kind: OneAgent
metadata:
name: oneagent
namespace: dynatrace
spec:
apiUrl: https://environmentid.dynatrace.com/api
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
args: []
enableIstio: true
proxy:
value: http://mysuperproxy
If your proxy uses credentials
Create a secret with a field called proxy which holds your encrypted proxy URL with the credentials.
Example.
For OpenShift versions earlier than 3.11.188 you need to delete thetype: objectline beneath the required spec validation inopenshift.yamlbefore deploying theCustomResourceDefinition (OpenShift known bug).
required:
- spec
type: object # delete this line, which is a validation rule
To apply the YAML parameters, run the following command:
Find out how to troubleshoot issues that you may encounter when deploying OneAgent on OpenShift.
Deploy an ActiveGate and connect your Kubernetes API to Dynatrace
Now that you have OneAgent running on your OpenShift nodes, you're able to monitor those nodes, and the applications running in OpenShift. The next step is to deploy an ActiveGate and connect your Kubernetes API to Dynatrace in order to get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.
For further instructions see Deploy ActiveGate in OpenShift as a StatefulSet.
Update OneAgent Operator with oc
OneAgent Operator for OpenShift version 3.9+ automatically takes care of the lifecycle of the deployed OneAgents, so you don't need to update OneAgent pods yourself.
Review the release notes of the Operator for any breaking changes of the custom resource.
To update OneAgent Operator, run the following command:
optional After you delete OneAgent Operator, the OneAgent binary remains on the node in an inactive state. To uninstall it completely, run the uninstall.sh script and delete logs and configuration files.
See Linux related information.
Remove OneAgent custom resources and clean up all remaining OneAgent Operator–specific objects: