How it works
This section provides an in-depth look at how Dynatrace components are deployed and how they interact with Kubernetes clusters and entities.
Classic full stack injection
Capabilities and limitations
Capabilities
It has a seamless host (Kubernetes node) integration. Instrumented pods maintain their taxonomic relationship with hosts and host metrics. Host agents complement code modules with OOM detection, disk and storage monitoring, network monitoring, and more.
It's comprehensive. This all-in-one approach includes Kubernetes cluster monitoring, distributed tracing, fault domain isolation, and deep code-level insights using a single deployment configuration across your clusters.
Limitations
There’s a startup dependency between the container in which OneAgent is deployed and application containers to be instrumented (for example, containers that have deep process monitoring enabled). The OneAgent container must be started and the oneagenthelper
process must be running before the application container is launched so that the application can be properly instrumented.
Deployed resources
Dynatrace Operator manages classic full stack injection after the following resources are deployed.
-
OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes. It also detects new containers and injects OneAgent code modules into application pods.
-
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.
-
Dynatrace webhook server validates DynaKube definitions for correctness.
Classic full stack injection requires write access from the OneAgent pod to the Kubernetes node filesystem to detect and inject into newly deployed containers.
Cloud native full stack injection
Capabilities and current limitations
Capabilities
Offers similar functionality as the classic full stack injection (see limitations below)
Uses mutating webhooks to inject code modules into application pods.
Current limitations
Diagnostic files (support archives) for application pods aren't yet supported.
Container monitoring rules aren't supported (the DynaKube label selector parameter provides similar functionality).
- Go static monitoring is partially supported.
Deployed resources
Dynatrace Operator manages cloud native full stack injection after the following Deployed resources are deployed.
-
OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes.
-
Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
-
Dynatrace CSI driver deployed as a DaemonSet, provides writable volume storage for OneAgent and OneAgent binaries to pods.
-
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.
Host monitoring
Capabilities and limitations
Capabilities
Collects node metrics and process data.
Limitations
Diagnostic files (support archives) for application pods aren't yet supported for read-only file systems.
Deployed resources
Dynatrace Operator manages host monitoring after the following Deployed resources are deployed:
-
OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes.
-
Dynatrace webhook server only validates DynaKube and verifies its correctness, without modifying pod definitions.
-
Dynatrace CSI driver provides writable volume storage for OneAgent.
-
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.
Application-only monitoring: Automatic injection
You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.
Capabilities and current limitations
Capabilities
It's engineered for Kubernetes. Dynatrace injects into pods using the Kubernetes admission controller, which injects a Dynatrace code module into application containers.
It's flexible. You get granular control over the instrumented pods using namespaces and annotations. You can easily route pod metrics to different Dynatrace environments within the same Kubernetes cluster.
Current limitations
Diagnostic files (support archives) for application pods aren't yet supported.
- Go static monitoring is partially supported.
When deployed in application-only mode, OneAgent monitors the memory, disk, CPU, and networking of processes within the container only. Host metrics aren't monitored. Topology is limited to pods and containers.
Deployed resources
Dynatrace Operator manages automatic application-only injection after the following resources are deployed.
- Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
- Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.
- optional Dynatrace CSI driver is an optional component that can be deployed alongside the Dynatrace Operator.
Application-only monitoring: Pod runtime injection
You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.
Capabilities
It's Kubernetes native. Dynatrace code modules are injected into pods using Kubernetes init containers.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments.
Application-only monitoring: Container build-time injection
You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.
Capabilities
It has a static container injection. Dynatrace code modules are embedded into container images as they are built.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments. You can use these images on any container platform or PaaS in addition to Kubernetes.
CSI Driver
The Dynatrace CSI Driver is a key component used to provide OneAgent CodeModules for the application pods, while minimising storage usage, and load on the Dynatrace environment. In addition, it provides a writable volume storage for OneAgent, code-module configurations, and logs.
Capabilities
-
Minimizes downloads
CSI Driver downloads the code modules once per node and stores them on the node's filesystem. For example, injecting 100 pods spread across 3 nodes would result in just 3 code modules downloads.
Without using the Dynatrace CSI Driver, each pod would need to download its own code modules. Therefore, injecting 100 pods would result in 100 code modules downloads.
-
Minimizes storage usage
CSI Driver enables the code modules to be stored on the node's filesystem, and the driver creates an OverlayFs mount for each injected pod. Therefore, injecting 100 pods spread across 3 nodes would only result in the storage of 3 code modules.
Without using the Dynatrace CSI Driver, each pod stores a code module. Therefore, injecting 100 pods would result in storage of 100 code modules.
Summary
Dynatrace CSI Driver significantly reduces network usage by downloading code modules once per node, as opposed to once per pod. It also optimizes storage by storing code modules once per node and providing the code modules to pods using OverlayFs mounts.
Privileges
CSI Driver requires elevated permissions to create and manage mounts on the host system. Specifically, the `mountPropagation: Bidirectional permission is needed on the volume where CSI Driver stores the code modules. This permission is only available for privileged containers.