Configure read-only CSI volumes

Dynatrace Operator version 0.12.0+

Prerequisites

The Dynatrace CSI driver installed on the Kubernetes cluster.
DynaKube configured to use the CSI driver. For example, ensure that applicationMonitoring is enabled with useCSIDriver: true.

cloudNativeFullStack is not supported on BottleRocket.

Enable feature flag

To enable the injection of read-only CSI volumes, set the feature.dynatrace.com/injection-readonly-volume feature flag to true. When the feature flag is enabled, the injected CSI volume becomes read-only.

apiVersion: dynatrace.com/v1beta2
kind: DynaKube
metadata:
  annotations:
    feature.dynatrace.com/injection-readonly-volume: "true"

This enables usage of the CSI driver even on BottleRocket platforms where host monitoring OneAgents don't work. To accommodate this feature, extra ephemeral storage is added to allow the injected OneAgent to store logs and additional configurations.

A drawback to this approach is that if your pods terminate unexpectedly or are otherwise deleted, any logs stored in ephemeral storage will be lost.