Dynatrace Operator release notes version 0.11.0

Release date: Apr 20, 2023

Announcements

Token-based authentication

Dynatrace Operator now supports token-based authentication for pulling images from container registries that require custom authentication.

If you're using a container registry that requires custom authentication, you now need to provide the same credentials to Dynatrace Operator as you do to the node. This can be configured via the customPullSecret field in DynaKube.

Dynatrace Operator no longer assumes that the node is set up correctly and will therefore not ignore errors related to authentication.

New features and enhancements

  • Removed the forced OneAgent restart on the Dynatrace Operator upgrade.
  • Removed the liveness probe from the registrar container, as it was found to be redundant and consume unnecessary memory. Note that this change does not impact the functionality of the CSI driver or its ability to handle storage operations.
  • Removed the unused CSI driver manifests from the OLM package.
  • Updated the webhook injection process to automatically append the OneAgent path to the LD_PRELOAD environment variable.
  • Restricted the ports used by the ActiveGate Service and Statefulset to the minimum defaults required for the proper functioning of the system.
  • Added OwnerReferences to all Operator-created resources, ensuring that they are properly tracked and cleaned up when Dynatrace Operator is uninstalled.
  • Removed unused/deprecated information from DynaKube status, including:
    • communicationHostForClient
    • connectionInfo
    • lastClusterVersionProbeTimestamp
    • lastDataIngestTokenProbeTimestamp
    • lastPaaSTokenProbeTimestamp
    • latestAgentVersionUnixDefault
    • latestAgentVersionUnixPaas
    • tokens
  • Upgraded cosign to version 2.0, which promotes keyless sign-out of experimental.
  • Updated the description/summary labels for the image metadata.
  • Increased the minimum TLS version for the Dynatrace webhook to version 1.3.
  • Optimized network requests made by Dynatrace Operator to the Dynatrace environment: they will now occur no more often than every 15 minutes on success.
  • Added support for using any Docker authentication method (such as token-based authentication) for pulling Docker images and checking their versions in the Dynatrace Operator code.
  • Optimized the leader election lease configuration for the Dynatrace Operator pods to reduce the occurrence of leader election lost.
  • Updated image package index to correctly show additional installed dependencies.
  • Added OpenShift 4.12 as a supported version for OLM Marketplace releases.
  • The ActiveGate stateful set receives the following default topology spread constraints if none are set explicitly:

    topologySpreadConstraints:
    - labelSelector:
    matchLabels:
    app.kubernetes.io/created-by: dynakube
    app.kubernetes.io/managed-by: dynatrace-operator
    app.kubernetes.io/name: activegate
    maxSkew: 1
    topologyKey: topology.kubernetes.io/zone
    whenUnsatisfiable: ScheduleAnyway
    - labelSelector:
    matchLabels:
    app.kubernetes.io/created-by: dynakube
    app.kubernetes.io/managed-by: dynatrace-operator
    app.kubernetes.io/name: activegate
    maxSkew: 1
    topologyKey: kubernetes.io/hostname
    whenUnsatisfiable: DoNotSchedule
  • Added Istio/Envoy support for cloud-native full-stack and application-only deployments.

Feature flags

  • Added a feature flag that enables you to switch the default images used for OneAgent, ActiveGate, and Code Modules to the public registry on Dockerhub.
  • Added a new command to the Dynatrace Operator binary that allows you to create a support archive containing the following resources:
    • Output of the troubleshoot command
    • Logs of Dynatrace Operator components, such as Operator, Webhook and CSI driver
    • Manifests of Dynatrace Operator components
  • Added a feature flag that enables you to define a NO_PROXY value, which can be used in conjunction with the proxy field to enable certain requests to bypass the configured proxy.

Resolved issues

  • The ActiveGate SCC helm template has been updated to remove the obsolete activeGate.readOnlyFs value.
  • The troubleshoot subcommand now correctly handles the unset codeModules image and does not interpret it as an error.
  • A nil pointer error that could occur when the conversion configuration was disabled in the DynaKube CRD has been fixed.
  • Previously, if a sidecar container was injected after the Dynatrace injection, the reinvocation logic did not update the environment variables accordingly. This has now been fixed.