Dynatrace Operator release notes version 0.13.0

Release date: Aug 17, 2023

  • To use Dynatrace Operator version 0.13.0, a manual workaround is required if you're using a container runtime version older than the following:

    • Docker version 20.10.10
    • CRI-O version 1.22.0
    • Containerd version 1.4.10

    Adjust your helm instructions as follows:

    helm upgrade ...
        --set operator.securityContext.seccompProfile.type=Unconfined \
        --set webhook.securityContext.seccompProfile.type=Unconfined \
        --set csidriver.csiInit.securityContext.seccompProfile.type=Unconfined \

  • The CSI driver is now supported by GKE Autopilot version 1.26 and higher for application-only monitoring when installed using the Helm chart. This enhancement significantly speeds up pod startup.

New features and enhancements

  • Dynatrace version 1.270+ Kubernetes connection settings schema has been updated to 3.0.0. This schema is used to set up the connection between the ActiveGate and the monitored Kubernetes cluster. For older Dynatrace versions, the old settings schema will still be used.

  • The CSI driver now always uses unconfigured code modules, enabling them to be shared. This results in fewer downloads and less storage requirements. Each CSI driver pod now has an init container that verifies the correctness of metadata and stored code module versions.

  • Added a plain HTTP endpoint to the ActiveGate pod/service if the metrics-ingest ActiveGate capability is enabled.
  • Added the image digest to the operator release manifest in the format of repo:tag@digest.
  • The support archive format has been changed from Tarball to ZIP.
  • Removed the duplicated ClusterRole and ServiceAccount for the OneAgent. From now on, dynatrace-dynakube-oneagent ClusterRole, ClusterRoleBinding, and ServiceAccount will be used.
  • Added a startup-probe subcommand that resolves the https://kubernetes.default.svc.cluster.local hostname.
  • The following feature flags have been deprecated and their default values have been changed to enabled:
    • ActiveGate Auth Token
    • ActiveGate ReadOnly FS
    • ActiveGate Raw Image
    • ActiveGate Updates
    • ActiveGate Automatic K8S Monitoring
    • Hosts Request
    • OneAgent ReadOnly FS
    • Webhook Reinvocation Policy
    • Metadata Enrichment
    • Automatic Injection
    • Injection Failure Policy.
  • runAsNonRoot is set to false when the initContainer operates with the root user.

Resolved issues

  • The SecurityContext of base operator components can now be configured via Helm.
  • Resolved an issue where the matchSelector of the Webhook's topologySpreadConstraints was incorrect in case of a custom helm release name.
  • Resolved an issue where the query for support-archive collection was incorrect in case of a custom helm release name.
  • Resolved an issue where the feature.dynatrace.com/oneagent-ignore-proxy flag was overlooked when applicationMonitoring was used without the CSI Driver enabled.
  • Fixed the incorrect order of custom arguments and environment variables when set in the Dynakube custom resource. This ensures they take precedence over the default ones generated by the Dynatrace Operator pod.
  • Corrected an incorrect check that previously prevented the security.openshift.io/csi-ephemeral-volume-profile: "restricted" label from being incorporated into release manifests.
  • Resolved an issue where using an aliased apiUrl (for example, https://myalias.example.com/api) led to incorrect OneAgent configurations by the Dynatrace Operator.