Dynatrace Operator release notes version 1.4.1

Release date: Feb 12, 2025

Resolved issues

When Log Monitoring is activated, OneAgent containers now have the ServiceAccount token mounted, fixing the previous issue with accessing the Kubelet API.

The host path for Log Monitoring is now static (/tmp/dynatrace) and no longer includes the environment UUID, allowing for easier allowlisting on platforms like GKE Autopilot.

The base pod name is now passed to the Log Monitoring pod via an environment variable instead of the argument list (for example, -c k8s_basepodname gke-autopilot-my-cluster), resulting in a static argument string and resolving allowlisting issues on platforms like GKE Autopilot."

The k8s.workload.kind metadata enrichment attribute is now consistently lowercase across all annotations, environment variables, and the enrichment files, in line with the Dynatrace semantic dictionary.

From version 1.4.0, only one Dynatrace Operator manifest (kubernetes.yaml or kubernetes-csi.yaml) is needed for installation. The issue with the CSI Driver not enabling/disabling correctly when both manifests were applied sequentially, causing validation errors, has been fixed.

Image field validation in the Dynatrace Operator has been fixed to support URIs with IP addresses (for example, 127.0.0.1:5000/image:tag) and those pointing to the Dynatrace server registry, resolving previous errors in the validation webhook.

Custom arguments for the OneAgent (for example, .spec.oneAgent.cloudNativeFullstack.args) and default arguments set by the operator could cause argument duplications, leading to unwanted side effects. Now, except for --set-host-property and --set-host-tag, duplications are avoided, with custom arguments taking precedence.
- Providing a custom argument (for example, --set-server) multiple times will cause a DynaKube to be rejected, except for --set-host-property and --set-host-tag.
- Providing the same host tag multiple times (for example, --set-host-tag=tag1, --set-host-tag=tag1) will cause a DynaKube to be rejected."

The Dynatrace Operator support archive was corrupted, causing issues with some unzip utilities. This has been fixed.

Tenant tokens can be manually rotated using the Dynatrace API. Previously, this required a manual restart of the ActiveGate and OneAgent. Now, the restart is automatically initiated when a new tenant token is created.
- Please be aware that monitored applications need to be restarted once token rotation has been initiated.

The OTLP_TOKEN environment variable is redundant and obsolete and is no longer applied to the OpenTelemetry Collector pod for extensions. The same token is available in the EEC_DS_TOKEN environment variable.

To prevent premature kills in the CSI driver, the timeout values of the liveness probe for the CSI driver have been increased.

The retryTimeout attribute on CSI volumes, which was previously enforced but unused, has been removed to prevent issues during Dynatrace Operator upgrades.

Dependencies have been updated to mitigate
- CVE-2024-3154.
- SNYK-GOLANG-GOLANGORGXNETHTML-8535262 (also known as CVE-2024-45338).

Upgrade from Dynatrace Operator version 1.4.0

Several features introduced in Dynatrace Operator version 1.4.0 rely on the Kubernetes monitoring capability:

Kubernetes Security Posture Management (.spec.kspm)
Log Monitoring (.spec.logMonitoring)
Extensions for Kubernetes (.spec.extensions)

To use these features, add kubernetes-monitoring to the capabilities list in the ActiveGate section (.spec.activeGate.capabilities) and ensure the feature flag feature.dynatrace.com/automatic-kubernetes-api-monitoring is not set to false.