Workload mutation on injection mode When data ingest or OneAgent is enabled for application pods, webhook intercepts workload events and applies mutations to the resulting pods.
This guide outlines the specific mutations applied to application pods under two scenarios: data ingest mode and OneAgent injection mode.
Workload mutation on data ingest mode In data ingest mode, Dynatrace Operator enhances pods with additional metadata, environment variables, volume mounts, and initiates an init container to inject the OneAgent into the application pod.
annotations
Parameter Data type Default value metadata.dynatrace.com/k8s.workload.kind
string metadata.dynatrace.com/k8s.workload.name
string metadata-enrichment.dynatrace.com/injected
boolean true
spec.containers
env
Parameter Data type Default value DT_WORKLOAD_KIND
string DT_WORKLOAD_NAME
string METADATA_ENRICHMENT_INJECTED
boolean true
volumeMounts
mountPath
name
/var/lib/dynatrace/enrichment/endpoint
metadata-enrichment-endpoint
/var/lib/dynatrace/enrichment
metadata-enrichment
spec.volumes
name
secret
metadata-enrichment-endpoint
secretName
: dynatrace-metadata-enrichment-endpoint
name
emptyDir
metadata-enrichment
{}
initContainers
An init container named install-oneagent
is added to inject the OneAgent with specific environment variables related to the pod and cluster configuration, including the pod name, UID, and cluster ID, among others. This container also specifies resource limits and security context configurations.
initContainers :
- args :
- init
env :
- name : FAILURE_POLICY
value : silent
- name : K8S_PODNAME
valueFrom :
fieldRef :
apiVersion : v1
fieldPath : metadata.name
- name : K8S_PODUID
valueFrom :
fieldRef :
apiVersion : v1
fieldPath : metadata.uid
- name : K8S_BASEPODNAME
value : alpine
- name : K8S_CLUSTER_ID
value : b9c38fb3 - 6c0f - 45f6 - 8c25 - 9eb3b4b5af2a
- name : K8S_NAMESPACE
valueFrom :
fieldRef :
apiVersion : v1
fieldPath : metadata.namespace
- name : K8S_NODE_NAME
valueFrom :
fieldRef :
apiVersion : v1
fieldPath : spec.nodeName
- name : FLAVOR
- name : TECHNOLOGIES
value : all
- name : INSTALLPATH
value : /opt/dynatrace/oneagent - paas
- name : INSTALLER_URL
- name : VERSION
value : 1.289.0.20240313 - 145242
- name : ONEAGENT_INJECTED
value : "true"
- name : CONTAINER_1_NAME
value : alpine
- name : CONTAINER_1_IMAGE
value : alpine : 3.2
- name : CONTAINERS_COUNT
value : "1"
- name : DT_WORKLOAD_KIND
value : Pod
- name : DT_WORKLOAD_NAME
value : alpine
- name : METADATA_ENRICHMENT_INJECTED
value : "true"
image : quay.io/dynatrace/dynatrace - operator : snapshot
imagePullPolicy : IfNotPresent
name : install - oneagent
resources :
limits :
cpu : 100m
memory : 60Mi
requests :
cpu : 30m
memory : 30Mi
securityContext :
allowPrivilegeEscalation : false
capabilities :
drop :
- ALL
privileged : false
readOnlyRootFilesystem : true
runAsGroup : 1001
runAsNonRoot : true
runAsUser : 1001
terminationMessagePath : /dev/termination - log
terminationMessagePolicy : File
volumeMounts :
- mountPath : /mnt/bin
name : oneagent - bin
- mountPath : /mnt/share
name : oneagent - share
- mountPath : /mnt/config
name : injection - config
- mountPath : /var/lib/dynatrace/enrichment
name : metadata - enrichment
- mountPath : /var/run/secrets/kubernetes.io/serviceaccount
name : kube - api - access - r8mck
readOnly : true
Workload mutation on OneAgent injection mode In OneAgent injection mode, the mutations focus on enabling full-stack monitoring through OneAgent.
annotations
Parameter Type Value dynakube.dynatrace.com/injected
boolean true
oneagent.dynatrace.com/injected
boolean true
spec.containers
env
name
value
DT_DEPLOYMENT_METADATA
orchestration_tech=Operator-cloud_native_fullstack;script_version=snapshot;orchestrator_id=b9c38fb3-6c0f-45f6-8c25-9eb3b4b5af2a
LD_PRELOAD
/opt/dynatrace/oneagent-paas/agent/lib64/liboneagentproc.so
volumeMounts
mountPath
name
subPath
/opt/dynatrace/oneagent-paas
oneagent-bin
/etc/ld.so.preload
oneagent-share
ld.so.preload
/etc/ld.so.preload
oneagent-share
container_alpine.conf
spec.volumes
name
secretName
injection-config
dynatrace-dynakube-config
name
emptyDir
oneagent-share
{}
csi
driver
csi.oneagent.dynatrace.com