Dynatrace Operator network policies and ports
To ensure Dynatrace Operator components work correctly in a Kubernetes cluster, you need to configure the right network policies and ports.
Kubernetes network policies
Dynatrace Operator follows certain network policies to maintain its operation.
- activegate-policy.yaml: Policy specific to ActiveGate components
- activegate-policy-external-only.yaml: Policy for ActiveGate components that only communicate externally
- agent-policy.yaml: Policy for Dynatrace OneAgent components
- dynatrace-policies.yaml: General policies for various Dynatrace components
Ports
Dynatrace Operator components communicate through specific ports.
Ingress ports
TCP 80: Default HTTP portTCP 443: Default HTTPS port
dynatrace-operator
TCP 8383: Metrics for the Webhook serverTCP 8384: Validation for the Webhook serverTCP 8443: Main port for the Webhook serverTCP 8080: Metrics for the CSI driver serverTCP 10080: Health check probe for the CSI driver
activegate
TCP 9999: HTTPS port for containersTCP 9998: HTTP port for containers
csi-driver
TCP 10090: CSI driver provisioner
Egress ports
TCP 80: Default HTTP portTCP 443: Default HTTPS port
dynatrace-operator
TCP 8383: Metrics for the Webhook serverTCP 8384: Validation for the Webhook serverTCP 8443: Main port for the Webhook serverTCP 8080: Metrics for the CSI driver serverTCP 10080: Health check probe for the CSI driver
kube-system
TCP 53: DNS lookupUPD 53: DNS lookup