Set up manually EdgeConnect for Kubernetes Automation
Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.
For more information, see
After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.
This guide provides detailed steps for provisioning EdgeConnect for Kubernetes Automation without the Dynatrace Operator. This setup explains how to deploy EdgeConnect in your Kubernetes cluster and configure it for Kubernetes Automation. After this setup, you can continue with setting up the connection.
Prerequisites
Finished the steps in EdgeConnect for Kubernetes Automation
Ensure connectivity
Create a new EdgeConnect configuration
Configure EdgeConnect deployment
Apply the deployment
Validate the connection
Complete the following steps to deploy EdgeConnect on Kubernetes without the Dynatrace Operator.
Ensure connectivity
EdgeConnect needs to be able to connect to Dynatrace and the Kubernetes API server.
Connectivity to Dynatrace
EdgeConnect initiates the following connections to operate
https://sso.dynatrace.com/sso/oauth2/tokenhttps://<your environment ID>.apps.dynatrace.com
EdgeConnect does not require any inbound connection from Dynatrace.
Connectivity to the Kubernetes API server
EdgeConnect requires connectivity to the Kubernetes API server. EdgeConnect sends requests to the Kubernetes API using the fully qualified domain name kubernetes.default.svc.cluster.local.
Create a new EdgeConnect configuration
-
Open the EdgeConnect Management app.
-
Select New EdgeConnect.
- Enter a unique name for the EdgeConnect instance.
- Name must be RFC 1123 Label Names compliant with a maximum length of 50 characters.
- Enter the Host
<Name of EdgeConnect>.<K8s Namespace>.<K8s Cluster UID>.kubernetes-automationbut first replace the three placeholders:<Name of EdgeConnect>: Name of the EdgeConnect<K8s Namespace>: Kubernets namespace where EdgeConnect will be deployed. We recommend a namespace nameddynatrace.<K8s Cluster UID>: The UID of the kube-system namespace that is used as a pseudo-ID for the cluster. You can get the Cluster UID with the following command:kubectl get namespace kube-system --output jsonpath={.metadata.uid}
- Enter a unique name for the EdgeConnect instance.
-
Select Create.
-
Download the created edgeConnect.yaml configuration file. This file contains the configurations for EdgeConnect used in the next section.
Be aware that the OAuth client secret is only displayed once and can't be retrieved later. Subsequently, the configuration file can still be downloaded from the app, but the OAuth client secret won't be preset anymore.
-
Edit the created EdgeConnect configuration and add a host mapping from the before composed host pattern to
kubernetes.default.svc.cluster.local.
Configure EdgeConnect deployment
-
Save the YAML below in a file called
deployment.yaml.apiVersion: v1kind: Secretmetadata:name: edge-connect-kubernetes-automation-confignamespace: dynatracestringData:edge-connect-config-file: |name: <name form edgeConnect.yaml>api_endpoint_host: <api_endpoint_host from edgeConnect.yaml>oauth:client_id: <oauth.client_id from edgeConnect.yaml>client_secret: <oauth.client_secret from edgeConnect.yaml>resource: <oauth.resource from edgeConnect.yaml>endpoint: <oauth.endpoint from edgeConnect.yaml>root_certificate_paths:- "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"secrets:- name: K8S_SERVICE_ACCOUNT_TOKENtoken: <token generated in Step 2>from_file: /var/run/secrets/kubernetes.io/serviceaccount/tokenrestrict_hosts_to:- kubernetes.default.svc.cluster.local---apiVersion: apps/v1kind: Deploymentmetadata:name: edge-connect-kubernetes-automationnamespace: dynatracespec:replicas: 1selector:matchLabels:app: edge-connecttemplate:metadata:labels:app: edge-connectspec:serviceAccountName: <Name of the ServiceAccount>containers:- name: edge-connectimage: dynatrace/edgeconnect:latestimagePullPolicy: IfNotPresentvolumeMounts:- name: configmountPath: "/edgeConnect.yaml"subPath: "edgeConnect.yaml"readOnly: truevolumes:- name: configsecret:secretName: edge-connect-kubernetes-automation-configitems:- key: edge-connect-config-filepath: edgeConnect.yaml -
Generate a secret token adhering to the following format:
dt0e01.<token_name>.<token_secret>, where<token_name>has to be a base-32 string of length 15 and<token_secret>has to be a base-32 string of length 40. On Linux, you can use the following command to generate a cryptographically secure token:echo "dt0e01.`openssl rand -out /dev/stdout 15 \| base32 \| tr '[:lower:]' '[:upper:]'`.`\openssl rand -out /dev/stdout 40 \| base32 \| tr '[:lower:]' '[:upper:]'`"Note that this command requires
opensslto be available on your system and thebase32utility (which is part of GNU coreutils and is typically pre-installed on popular distributions). -
Replace the values surrounded by
< >with the values of the previously downloaded configedgeConnect.yaml, with the previously generated token, and with the Service Account created in this step.
Apply the deployment
- Go to the directory containing the
deployment.yamlfile you created. - Apply the deployment.
kubectl apply -f ./deployment.yaml
Validate the connection
Validate if EdgeConnect is successfully connected to the platform.
-
Open the EdgeConnect Management app.
-
Check the Availability column. It should be displayed online.
- Check the Pod's logs for error messages if it's still offline.
- If the app says that there are online EdgeConnect instances, that means that you have deployed and configured EdgeConnect for Kubernetes Automation. The setup will be concluded by configuring the Kubernetes Automation connection described in Set up Kubernetes Automation.