Provision EdgeConnect for Dynatrace environment
EdgeConnect facilitates secure interactions between applications, workflows, and internal systems within a Kubernetes environment. This guide provides detailed steps for provisioning EdgeConnect for a Dynatrace environment.
Create OAuth client
- Go to Account Management > Identity & access management > OAuth clients.
- Create an OAuth client with the following scopes.
app-engine:edge-connects:connectapp-engine:edge-connects:writeapp-engine:edge-connects:readapp-engine:edge-connects:deleteoauth2:clients:manage
Save the ID, secret, and your Dynatrace account URN.
Configure EdgeConnect
-
Configure the EdgeConnect custom resource file with
provisioner: trueandhostPatternsproperties.apiVersion: dynatrace.com/v1alpha1kind: EdgeConnectmetadata:name: sample-edge-connect-namenamespace: dynatracespec:apiServer: "<environment-id>.apps.dynatrace.com"hostPatterns:- '*.mycompany.org'oauth:provisioner: trueclientSecret: edgeconnect-oauthendpoint: https://sso.dynatrace.com/sso/oauth2/tokenresource: urn:dtenvironment:<tenant> -
Apply the EdgeConnect custom resource.
kubectl apply -f edgeconnect.yaml
Rotating the OAuth credentials is not immediately reflected in the EdgeConnect deployment. This may lead to authentication issues until Dynatrace Operator reconciles the EdgeConnect deployment.
Create OAuth credentials secret
-
Create a secret with the OAuth credentials.
apiVersion: v1kind: Secretmetadata:name: edgeconnect-oauthnamespace: dynatracedata:oauth-client-id: <base64 encoded client id>oauth-client-secret: <base64 encoded client secret> -
Apply the secret.
kubectl apply -f edgeconnect-oauth-secret.yaml