Set up manually EdgeConnect for Kubernetes Automation

Preview release

Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.

For more information, see

After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.

This guide provides detailed steps for provisioning EdgeConnect for Kubernetes Automation without the Dynatrace Operator. This setup explains how to deploy EdgeConnect in your Kubernetes cluster and configure it for Kubernetes Automation for Workflows. After this setup, you can continue with setting up the connection.

Prerequisites

Finished the steps in EdgeConnect for Kubernetes Automation

Complete the following steps to deploy EdgeConnect on Kubernetes without the Dynatrace Operator.

Step 1 Ensure connectivity

EdgeConnect needs to be able to connect to Dynatrace and the Kubernetes API server.

Connectivity to Dynatrace

EdgeConnect initiates the following connections to operate

  • https://sso.dynatrace.com/sso/oauth2/token
  • https://<your environment ID>.apps.dynatrace.com

EdgeConnect does not require any inbound connection from Dynatrace.

Connectivity to the Kubernetes API server

EdgeConnect requires connectivity to the Kubernetes API server. EdgeConnect sends requests to the Kubernetes API using the fully qualified domain name kubernetes.default.svc.cluster.local.

Step 2 Create a new EdgeConnect configuration

  1. Open the EdgeConnect Management app.

  2. Select New EdgeConnect.

    • Enter a unique name for the EdgeConnect instance.
    • Enter the Host <Name of EdgeConnect>.<K8s Namespace>.<K8s Cluster UID>.kubernetes-automation but first replace the three placeholders:
      • <Name of EdgeConnect>: Name of the EdgeConnect
      • <K8s Namespace>: Kubernets namespace where EdgeConnect will be deployed. We recommend a namespace named dynatrace.
      • <K8s Cluster UID>: The UID of the kube-system namespace that is used as a pseudo-ID for the cluster. You can get the Cluster UID with the following command:
        kubectl get namespace kube-system --output jsonpath={.metadata.uid}
  3. Select Create.

  4. Download the created edgeConnect.yaml configuration file. This file contains the configurations for EdgeConnect used in the next section.

    Be aware that the OAuth client secret is only displayed once and can't be retrieved later. Subsequently, the configuration file can still be downloaded from the app, but the OAuth client secret won't be preset anymore.

  5. Edit the created EdgeConnect configuration and add a host mapping from the before composed host pattern to kubernetes.default.svc.cluster.local.

Step 3 Configure EdgeConnect deployment

  1. Save the YAML below in a file called deployment.yaml.

    apiVersion: v1
    kind: Secret
    metadata:
    name: edge-connect-kubernetes-automation-config
    namespace: dynatrace
    stringData:
    edge-connect-config-file: |
    name: <name form edgeConnect.yaml>
    api_endpoint_host: <api_endpoint_host from edgeConnect.yaml>
    oauth:
    client_id: <oauth.client_id from edgeConnect.yaml>
    client_secret: <oauth.client_secret from edgeConnect.yaml>
    resource: <oauth.resource from edgeConnect.yaml>
    endpoint: <oauth.endpoint from edgeConnect.yaml>
    root_certificate_paths:
    - "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
    secrets:
    - name: K8S_SERVICE_ACCOUNT_TOKEN
    token: <token generated in Step 2>
    from_file: /var/run/secrets/kubernetes.io/serviceaccount/token
    restrict_hosts_to:
    - kubernetes.default.svc.cluster.local
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: edge-connect-kubernetes-automation
    namespace: dynatrace
    spec:
    replicas: 1
    selector:
    matchLabels:
    app: edge-connect
    template:
    metadata:
    labels:
    app: edge-connect
    spec:
    serviceAccountName: <Name of the ServiceAccount>
    containers:
    - name: edge-connect
    image: dynatrace/edgeconnect:latest
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: config
    mountPath: "/edgeConnect.yaml"
    subPath: "edgeConnect.yaml"
    readOnly: true
    volumes:
    - name: config
    secret:
    secretName: edge-connect-kubernetes-automation-config
    items:
    - key: edge-connect-config-file
    path: edgeConnect.yaml
  2. Generate a secret token adhering to the following format: dt0e01.<token_name>.<token_secret>, where <token_name> has to be a base-32 string of length 15 and <token_secret> has to be a base-32 string of length 40. On Linux, you can use the following command to generate a cryptographically secure token:

    echo "dt0e01.`openssl rand -out /dev/stdout 15 \
    | base32 \
    | tr '[:lower:]' '[:upper:]'`.`\
    openssl rand -out /dev/stdout 40 \
    | base32 \
    | tr '[:lower:]' '[:upper:]'`"

    Note that this command requires openssl to be available on your system and the base32 utility (which is part of GNU coreutils and is typically pre-installed on popular distributions).

  3. Replace the values surrounded by < > with the values of the previously downloaded config edgeConnect.yaml, with the previously generated token, and with the Service Account created in this step.

Step 4 Apply the deployment

  1. Go to the directory containing the deployment.yaml file you created.
  2. Apply the deployment.
    kubectl apply -f ./deployment.yaml

Step 5 Validate the connection

Validate if EdgeConnect is successfully connected to the platform.

  1. Open the EdgeConnect Management app.

  2. Check the Availability column. It should be displayed online.

    • Check the Pod's logs for error messages if it's still offline.
    • If the app says that there are online EdgeConnect instances, that means that you have deployed and configured EdgeConnect for Kubernetes Automation for Workflows. The setup will be concluded by configuring the Kubernetes Automation connection described in Set up Kubernetes Automation.