Workload mutation on injection mode

When data ingest or OneAgent is enabled for application pods, webhook intercepts workload events and applies mutations to the resulting pods.

This guide outlines the specific mutations applied to application pods under two scenarios: data ingest mode and OneAgent injection mode.

Workload mutation on data ingest mode

In data ingest mode, Dynatrace Operator enhances pods with additional metadata, environment variables, volume mounts, and initiates an init container to inject the OneAgent into the application pod.

`metadata`

`annotations`

Parameter

Data type

Default value

metadata.dynatrace.com/k8s.workload.kind

string

metadata.dynatrace.com/k8s.workload.name

string

metadata-enrichment.dynatrace.com/injected

boolean

true

`spec.containers`

`env`

Parameter

Data type

Default value

DT_WORKLOAD_KIND

string

DT_WORKLOAD_NAME

string

METADATA_ENRICHMENT_INJECTED

boolean

true

`volumeMounts`

mountPath

name

/var/lib/dynatrace/enrichment/endpoint

metadata-enrichment-endpoint

/var/lib/dynatrace/enrichment

metadata-enrichment

`spec.volumes`

name

secret

metadata-enrichment-endpoint

secretName: dynatrace-metadata-enrichment-endpoint

name

emptyDir

metadata-enrichment

{}

`initContainers`

An init container named install-oneagent is added to inject the OneAgent with specific environment variables related to the pod and cluster configuration, including the pod name, UID, and cluster ID, among others. This container also specifies resource limits and security context configurations.

initContainers:
  - args:
    - init
    env:
    - name: FAILURE_POLICY
      value: silent
    - name: K8S_PODNAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: K8S_PODUID
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.uid
    - name: K8S_BASEPODNAME
      value: alpine
    - name: K8S_CLUSTER_ID
      value: b9c38fb3-6c0f-45f6-8c25-9eb3b4b5af2a
    - name: K8S_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: K8S_NODE_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.nodeName
    - name: FLAVOR
    - name: TECHNOLOGIES
      value: all
    - name: INSTALLPATH
      value: /opt/dynatrace/oneagent-paas
    - name: INSTALLER_URL
    - name: VERSION
      value: 1.289.0.20240313-145242
    - name: ONEAGENT_INJECTED
      value: "true"
    - name: CONTAINER_1_NAME
      value: alpine
    - name: CONTAINER_1_IMAGE
      value: alpine:3.2
    - name: CONTAINERS_COUNT
      value: "1"
    - name: DT_WORKLOAD_KIND
      value: Pod
    - name: DT_WORKLOAD_NAME
      value: alpine
    - name: METADATA_ENRICHMENT_INJECTED
      value: "true"
    image: quay.io/dynatrace/dynatrace-operator:snapshot
    imagePullPolicy: IfNotPresent
    name: install-oneagent
    resources:
      limits:
        cpu: 100m
        memory: 60Mi
      requests:
        cpu: 30m
        memory: 30Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsGroup: 1001
      runAsNonRoot: true
      runAsUser: 1001
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /mnt/bin
      name: oneagent-bin
    - mountPath: /mnt/share
      name: oneagent-share
    - mountPath: /mnt/config
      name: injection-config
    - mountPath: /var/lib/dynatrace/enrichment
      name: metadata-enrichment
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-r8mck
      readOnly: true

Workload mutation on OneAgent injection mode

In OneAgent injection mode, the mutations focus on enabling full-stack monitoring through OneAgent.

`metadata`

`annotations`

Parameter

Type

Value

dynakube.dynatrace.com/injected

boolean

true

oneagent.dynatrace.com/injected

boolean

true

`spec.containers`

`env`

name

value

DT_DEPLOYMENT_METADATA

orchestration_tech=Operator-cloud_native_fullstack;script_version=snapshot;orchestrator_id=b9c38fb3-6c0f-45f6-8c25-9eb3b4b5af2a

LD_PRELOAD

/opt/dynatrace/oneagent-paas/agent/lib64/liboneagentproc.so

`volumeMounts`

mountPath

name

subPath

/opt/dynatrace/oneagent-paas

oneagent-bin

/etc/ld.so.preload

oneagent-share

ld.so.preload

/etc/ld.so.preload

oneagent-share

container_alpine.conf

`spec.volumes`

name

secretName

injection-config

dynatrace-dynakube-config

name

emptyDir

oneagent-share

{}

`csi`

driver

csi.oneagent.dynatrace.com