Configure monitoring for namespaces and pods

cloudNativeFullStack

applicationMonitoring

As part of getting started with Kubernetes monitoring, you might want to configure monitoring for namespaces and pods.

By default, Dynatrace Operator injects OneAgent into all namespaces, with the following exceptions:

Namespaces starting with kube-or openshift-.
The namespace where Dynatrace Operator was installed.

For more configuration options, see below.

Monitor all namespaces except selected pods

To disable monitoring for selected pods, annotate the pods that should be excluded, as in the example below.

1...
2metadata:
3  annotations:
4    ...
5    oneagent.dynatrace.com/inject: "false"

For more pod annotation options, see Pod annotation list.

Monitor only specific namespaces

If you don't want Dynatrace Operator to inject OneAgent in all namespaces, you can set the namespaceSelector parameter in the DynaKube custom resource, and enable monitoring for specific namespaces that have the chosen label.

To label namespaces, use the command below, making sure to replace the placeholder with your own value.

1kubectl label namespace <my_namespace> monitor=app

To enable monitoring for the namespace that was just labelled, edit the DynaKube custom resource file as in the example below.

1...
2namespaceSelector:
3  matchLabels:
4    monitor: app

For details, see Labels and selectors.

To add exceptions for specific pods within the selected namespaces, you can annotate the respective pods.

Exclude specific namespaces from being monitored

To enable this option, edit the DynaKube custom resource file as in the example below.

key defines the key of the label. Starting with Kubernetes version 1.22, a default label kubernetes.io/metadata.name is added to namespaces.
values define the value of the label.

1...
2spec:
3  namespaceSelector:
4    matchExpressions:
5    - key: LabelKey
6      operator: NotIn
7      values:
8      - LabelValue

If you run kubectl describe namespace dynatrace, you'll see:

1metadata:
2  name: dynatrace
3  labels:
4    kubernetes.io/metadata.name=dynatrace

A valid selector example to exclude dynatrace would be:

1...
2spec:
3  namespaceSelector:
4    matchExpressions:
5    - key: kubernetes.io/metadata.name
6      operator: NotIn
7      values:
8      - dynatrace

The webhook will inject every namespace that matches all namespaceselector.

For details, see Resources that support set-based requirements.

Monitor only specific pods

Dynatrace Operator version 0.8.0+

Dynatrace Operator can be set to monitor namespaces without injecting into any pods, so you can choose which pods to monitor.

To enable this option

Disable automatic injection for namespaces that are monitored by this DynaKube.

1apiVersion: dynatrace.com/v1beta1
2kind: DynaKube
3metadata:
4  name: dynakube
5  namespace: dynatrace
6  annotations:
7    feature.dynatrace.com/automatic-injection: "false"
8spec:
9...

Annotate the pods that are to be monitored.

1...
2metadata:
3  annotations:
4    ...
5    oneagent.dynatrace.com/inject: "true"

Pod annotation list

All applicable pod annotations for applicationMonitoring without CSI driver:
- data-ingest.dynatrace.com/inject: <"false">. If set to false, no metric enrichment file will be added to the pod.
- oneagent.dynatrace.com/inject: <"false">. If set to false, no modifications regarding OneAgent will be applied to the pod.
- dynatrace.com/inject: <"false">. If set to false, the webhook will not modify the pod.
  - oneagent.dynatrace.com/inject: <"false">. If set to false, no modifications regarding OneAgent will be applied to the pod.
  - data-ingest.dynatrace.com/inject: <"false">. If set to false, no modifications regarding metric enrichment will be applied to the pod.
- oneagent.dynatrace.com/flavor: <"default"> or <"musl">. If set, it indicates whether binaries for glibc or musl are to be downloaded. It defaults to glibc.
  If your container uses musl (for example, Alpine base image), you must add the flavor annotation in order to monitor it.
- oneagent.dynatrace.com/technologies: <"comma-separated technologies list">. If set, it filters which code modules are to be downloaded. It defaults to "all".
- oneagent.dynatrace.com/install-path: <"path">. If set, it indicates the path where the unpacked OneAgent directory will be mounted. It defaults to "/opt/dynatrace/oneagent-paas".
- oneagent.dynatrace.com/installer-url: <"url">. If set, it indicates the URL from where the OneAgent app-only package will be downloaded. It defaults to the Dynatrace environment API configured on the API URL of DynaKube.
All applicable pod annotations for applicationMonitoring with CSI driver:
- data-ingest.dynatrace.com/inject: <"false">. If set to false, no metric enrichment file will be added to the pod.
- oneagent.dynatrace.com/inject: <"false">. If set to false, no modifications regarding OneAgent will be applied to the pod.
- dynatrace.com/inject: <"false">. If set to false, the webhook will not modify the pod.
To completely disable all pod modifications via webhook, set all three annotations to false.

Example annotations:

1...
2metadata:
3  annotations:
4    oneagent.dynatrace.com/technologies: "java,nginx"
5    oneagent.dynatrace.com/flavor: "musl"
6    oneagent.dynatrace.com/install-path: "/dynatrace"
7    oneagent.dynatrace.com/installer-url: "https://my-custom-url/route/file.zip"