Provision EdgeConnect for Dynatrace environment
EdgeConnect facilitates secure interactions between applications, workflows, and internal systems within a Kubernetes environment. This guide provides detailed steps for provisioning EdgeConnect for a Dynatrace environment.
Create OAuth client
- Go to Account Management > Identity & access management > OAuth clients.
- Create an OAuth client with the following scopes.
app-engine:edge-connects:connect
app-engine:edge-connects:write
app-engine:edge-connects:read
app-engine:edge-connects:delete
oauth2:clients:manage
- Save the ID, secret, and your Dynatrace account URN.
Configure EdgeConnect
-
Configure the EdgeConnect custom resource file with
provisioner: true
andhostPatterns
properties.apiVersion: dynatrace.com/v1alpha2kind: EdgeConnectmetadata:name: sample-edge-connect-namenamespace: dynatracespec:apiServer: "<environment-id>.apps.dynatrace.com"hostPatterns:- '*.mycompany.org'oauth:provisioner: trueclientSecret: edgeconnect-oauthendpoint: https://sso.dynatrace.com/sso/oauth2/tokenresource: urn:dtenvironment:<tenant> -
Apply the EdgeConnect custom resource.
kubectl apply -f edgeconnect.yaml
Rotating the OAuth credentials is not immediately reflected in the EdgeConnect deployment. This may lead to authentication issues until Dynatrace Operator reconciles the EdgeConnect deployment.
Create OAuth credentials secret
-
Create a secret with the OAuth credentials.
apiVersion: v1kind: Secretmetadata:name: edgeconnect-oauthnamespace: dynatracedata:oauth-client-id: <base64 encoded client id>oauth-client-secret: <base64 encoded client secret> -
Apply the secret.
kubectl apply -f edgeconnect-oauth-secret.yaml