Dynatrace Operator release notes version 0.11.0
Release date: Apr 20, 2023
Announcements
Token-based authentication
Dynatrace Operator now supports token-based authentication for pulling images from container registries that require custom authentication.
If you're using a container registry that requires custom authentication, you now need to provide the same credentials to Dynatrace Operator as you do to the node. This can be configured via the customPullSecret
field in DynaKube.
Dynatrace Operator no longer assumes that the node is set up correctly and will therefore not ignore errors related to authentication.
New features and enhancements
- Removed the forced OneAgent restart on the Dynatrace Operator upgrade.
- Removed the liveness probe from the registrar container, as it was found to be redundant and consume unnecessary memory. Note that this change does not impact the functionality of the CSI driver or its ability to handle storage operations.
- Removed the unused CSI driver manifests from the OLM package.
- Updated the webhook injection process to automatically append the OneAgent path to the
LD_PRELOAD
environment variable.
- Restricted the ports used by the ActiveGate Service and Statefulset to the minimum defaults required for the proper functioning of the system.
- Added
OwnerReferences
to all Operator-created resources, ensuring that they are properly tracked and cleaned up when Dynatrace Operator is uninstalled.
- Removed unused/deprecated information from DynaKube status, including:
communicationHostForClient
connectionInfo
lastClusterVersionProbeTimestamp
lastDataIngestTokenProbeTimestamp
lastPaaSTokenProbeTimestamp
latestAgentVersionUnixDefault
latestAgentVersionUnixPaas
tokens
- Upgraded cosign to version 2.0, which promotes keyless sign-out of experimental.
- Updated the description/summary labels for the image metadata.
- Increased the minimum TLS version for the Dynatrace webhook to version 1.3.
- Optimized network requests made by Dynatrace Operator to the Dynatrace environment: they will now occur no more often than every 15 minutes on success.
- Added support for using any Docker authentication method (such as token-based authentication) for pulling Docker images and checking their versions in the Dynatrace Operator code.
- Optimized the leader election lease configuration for the Dynatrace Operator pods to reduce the occurrence of leader election lost.
- Updated image package index to correctly show additional installed dependencies.
- Added OpenShift 4.12 as a supported version for OLM Marketplace releases.
-
The ActiveGate stateful set receives the following default topology spread constraints if none are set explicitly:
topologySpreadConstraints:- labelSelector:matchLabels:app.kubernetes.io/created-by: dynakubeapp.kubernetes.io/managed-by: dynatrace-operatorapp.kubernetes.io/name: activegatemaxSkew: 1topologyKey: topology.kubernetes.io/zonewhenUnsatisfiable: ScheduleAnyway- labelSelector:matchLabels:app.kubernetes.io/created-by: dynakubeapp.kubernetes.io/managed-by: dynatrace-operatorapp.kubernetes.io/name: activegatemaxSkew: 1topologyKey: kubernetes.io/hostnamewhenUnsatisfiable: DoNotSchedule -
Added Istio/Envoy support for cloud-native full-stack and application-only deployments.
Feature flags
- Added a feature flag that enables you to switch the default images used for OneAgent, ActiveGate, and Code Modules to the public registry on Dockerhub.
- Added a new command to the Dynatrace Operator binary that allows you to create a support archive containing the following resources:
- Output of the
troubleshoot
command - Logs of Dynatrace Operator components, such as Operator, Webhook and CSI driver
- Manifests of Dynatrace Operator components
- Output of the
- Added a feature flag that enables you to define a
NO_PROXY
value, which can be used in conjunction with the proxy field to enable certain requests to bypass the configured proxy.
- Enabled the configuration of failure policy for injection per DynaKube in Dynatrace.
- Enabled configuration of the minimum time between Dynatrace Operator requests to the Dynatrace server.
Resolved issues
- The ActiveGate SCC helm template has been updated to remove the obsolete
activeGate.readOnlyFs
value.
- The troubleshoot subcommand now correctly handles the unset
codeModules
image and does not interpret it as an error.
- A nil pointer error that could occur when the conversion configuration was disabled in the DynaKube CRD has been fixed.
- Previously, if a sidecar container was injected after the Dynatrace injection, the reinvocation logic did not update the environment variables accordingly. This has now been fixed.