Set up EdgeConnect for Kubernetes Automation using the Dynatrace Operator

Preview release

Kubernetes Automation is currently in Preview release and only accessible to selected customers. If you would like to share feedback or ideas, join the preview by signing up via this form or contacting your Customer Success Manager.

For more information, see

After you join the preview program for Kubernetes Automation, we'll provide Hub subscription details. With those subscription details, you can activate the capability by following these steps.

This guide provides detailed steps for provisioning EdgeConnect for Kubernetes Automation using the Dynatrace Operator.

Prerequisites

Step 1

Create OAuth client

Step 2

Create OAuth credentials secret

Step 3

Configure EdgeConnect

Step 1 Create OAuth client

Create a new OAuth client the Dynatrace Operator uses

  1. Go to Account Management > Identity & access management > OAuth clients.
  2. Create an OAuth client with the following scopes.
    • app-engine:edge-connects:connect
    • app-engine:edge-connects:write
    • app-engine:edge-connects:read
    • app-engine:edge-connects:delete
    • oauth2:clients:manage
    • settings:objects:read
    • settings:objects:write
  3. Save the ID, secret, and your Dynatrace account URN.

Step 2 Create OAuth credentials secret

Store the newly created OAuth client as a Kubernetes secret

  1. Create a secret with the OAuth credentials.

    apiVersion: v1
    kind: Secret
    metadata:
      name: edgeconnect-oauth
      namespace: dynatrace
    stringData:
      oauth-client-id: <client id>
      oauth-client-secret: <client secret>

  2. Apply the secret.

    kubectl apply -f edgeconnect-oauth-secret.yaml

Step 3 Configure and Deploy EdgeConnect

You need to configure and deploy EdgeConnect via the Dynatrace Operator. The Dynatrace Operator prepares EdgeConnect for Kubernetes Automation and configures the required connection in your Dynatrace tenant.

  1. Configure the EdgeConnect custom resource file with serviceAccountName (using the ServiceAccount deployed here), provisioner: true, and kubernetesAutomation.enabled: true properties.

    apiVersion: dynatrace.com/v1alpha2
    kind: EdgeConnect
    metadata:
      name: edgeconnect-deployment-rollout-restarter
      namespace: dynatrace
    spec:
      apiServer: "<environment-id>.apps.dynatrace.com"
      serviceAccountName: edgeconnect-deployment-rollout-restarter
      oauth:
        provisioner: true
        clientSecret: edgeconnect-oauth
        endpoint: https://sso.dynatrace.com/sso/oauth2/token
        resource: urn:dtenvironment:<tenant>
      kubernetesAutomation:
        enabled: true

  2. Apply the EdgeConnect custom resource.

    kubectl apply -f edgeconnect.yaml

Rotating the OAuth credentials is not immediately reflected in the EdgeConnect deployment. This may lead to authentication issues until the Dynatrace Operator reconciles the EdgeConnect deployment.

Related topics