Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.
For more information, see
After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.
This guide provides detailed steps for provisioning EdgeConnect for Kubernetes Automation without the Dynatrace Operator. This setup explains how to deploy EdgeConnect in your Kubernetes cluster and configure it for Kubernetes Automation. After this setup, you can continue with setting up the connection.
Finished the steps in EdgeConnect for Kubernetes Automation
Ensure connectivity
Create a new EdgeConnect configuration
Configure EdgeConnect deployment
Apply the deployment
Validate the connection
Complete the following steps to deploy EdgeConnect on Kubernetes without the Dynatrace Operator.
EdgeConnect needs to be able to connect to Dynatrace and the Kubernetes API server.
EdgeConnect initiates the following connections to operate
https://sso.dynatrace.com/sso/oauth2/token
https://<your environment ID>.apps.dynatrace.com
EdgeConnect does not require any inbound connection from Dynatrace.
EdgeConnect requires connectivity to the Kubernetes API server. EdgeConnect sends requests to the Kubernetes API using the fully qualified domain name kubernetes.default.svc.cluster.local
.
Open the EdgeConnect Management app.
Select New EdgeConnect.
<Name of EdgeConnect>.<K8s Namespace>.<K8s Cluster UID>.kubernetes-automation
but first replace the three placeholders:
<Name of EdgeConnect>
: Name of the EdgeConnect<K8s Namespace>
: Kubernets namespace where EdgeConnect will be deployed. We recommend a namespace named dynatrace
.<K8s Cluster UID>
: The UID of the kube-system namespace that is used as a pseudo-ID for the cluster. You can get the Cluster UID with the following command:
kubectl get namespace kube-system --output jsonpath={.metadata.uid}
Select Create.
Download the created edgeConnect.yaml configuration file. This file contains the configurations for EdgeConnect used in the next section.
Be aware that the OAuth client secret is only displayed once and can't be retrieved later. Subsequently, the configuration file can still be downloaded from the app, but the OAuth client secret won't be preset anymore.
Edit the created EdgeConnect configuration and add a host mapping from the before composed host pattern to kubernetes.default.svc.cluster.local
.
Save the YAML below in a file called deployment.yaml
.
apiVersion: v1kind: Secretmetadata:name: edge-connect-kubernetes-automation-confignamespace: dynatracestringData:edge-connect-config-file: |name: <name form edgeConnect.yaml>api_endpoint_host: <api_endpoint_host from edgeConnect.yaml>oauth:client_id: <oauth.client_id from edgeConnect.yaml>client_secret: <oauth.client_secret from edgeConnect.yaml>resource: <oauth.resource from edgeConnect.yaml>endpoint: <oauth.endpoint from edgeConnect.yaml>certificate_paths:- "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"secrets:- name: K8S_SERVICE_ACCOUNT_TOKENtoken: <token generated in Step 2>from_file: /var/run/secrets/kubernetes.io/serviceaccount/tokenrestrict_hosts_to:- kubernetes.default.svc.cluster.local---apiVersion: apps/v1kind: Deploymentmetadata:name: edge-connect-kubernetes-automationnamespace: dynatracespec:replicas: 1selector:matchLabels:app: edge-connecttemplate:metadata:labels:app: edge-connectspec:serviceAccountName: <Name of the ServiceAccount>containers:- name: edge-connectimage: dynatrace/edgeconnect:latestimagePullPolicy: IfNotPresentvolumeMounts:- name: configmountPath: "/edgeConnect.yaml"subPath: "edgeConnect.yaml"readOnly: truevolumes:- name: configsecret:secretName: edge-connect-kubernetes-automation-configitems:- key: edge-connect-config-filepath: edgeConnect.yaml
Generate a secret token adhering to the following format: dt0e01.<token_name>.<token_secret>
, where <token_name>
has to be a base-32 string of length 15 and <token_secret>
has to be a base-32 string of length 40.
On Linux, you can use the following command to generate a cryptographically secure token:
echo "dt0e01.`openssl rand -out /dev/stdout 15 \| base32 \| tr '[:lower:]' '[:upper:]'`.`\openssl rand -out /dev/stdout 40 \| base32 \| tr '[:lower:]' '[:upper:]'`"
Note that this command requires openssl
to be available on your system and the base32
utility (which is part of GNU coreutils and is typically pre-installed on popular distributions).
Replace the values surrounded by < >
with the values of the previously downloaded config edgeConnect.yaml
, with the previously generated token, and with the Service Account created in this step.
deployment.yaml
file you created.kubectl apply -f ./deployment.yaml
Validate if EdgeConnect is successfully connected to the platform.
Open the EdgeConnect Management app.
Check the Availability column. It should be displayed online.