This is the home of Dynatrace OneAgent Operator which supports the rollout and lifecycle of Dynatrace OneAgent in Kubernetes and OpenShift clusters. Rolling out Dynatrace OneAgent via DaemonSet on a cluster is straightforward. Maintaining its lifecycle places a burden on the operational team. Dynatrace OneAgent Operator closes this gap by automating the repetitive steps involved in keeping Dynatrace OneAgent at its latest desired version.
Dynatrace OneAgent Operator is based on Operator SDK and uses its framework for interacting with Kubernetes and OpenShift environments.
It watches custom resources OneAgent and monitors the desired state constantly.
The rollout of Dynatrace OneAgent is managed by a DaemonSet initially.
From here on Dynatrace OneAgent Operator controlls the lifecycle and keeps track of new versions and triggers updates if required.
Dynatrace OneAgent Operator is supported on the following platforms:
- Kubernetes 1.9+
- OpenShift Container Platform 3.9+
Help topic How do I deploy Dynatrace OneAgent as a Docker container? lists compatible image and OneAgent versions in its requirements section.
The Dynatrace OneAgent Operator acts on its separate namespace dynatrace.
It holds the operator deployment and all dependent objects like permissions, custom resources and
corresponding DaemonSets.
Create neccessary objects and observe its logs:
$ kubectl create -f https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/kubernetes.yaml
$ kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator$ oc create -f https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/openshift.yaml
$ oc -n dynatrace logs -f deployment/dynatrace-oneagent-operatorThe rollout of Dynatrace OneAgent is governed by a custom resource of type OneAgent:
apiVersion: dynatrace.com/v1alpha1
kind: OneAgent
metadata:
# a descriptive name for this object.
# all created child objects will be based on it.
name: oneagent
namespace: dynatrace
spec:
# dynatrace api url including `/api` path at the end
apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api
# disable certificate validation checks for installer download and API communication
skipCertCheck: false
# name of secret holding `apiToken` and `paasToken`
# if unset, name of custom resource is used
tokens: ""
# node selector to control the selection of nodes (optional)
nodeSelector: {}
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ (optional)
tolerations: []
# oneagent installer image (optional)
# certified image from Red Hat Container Catalog for use on OpenShift: registry.connect.redhat.com/dynatrace/oneagent
# defaults to docker.io/dynatrace/oneagent
image: ""
# arguments to oneagent installer (optional)
# https://www.dynatrace.com/support/help/shortlink/oneagent-docker#limitations
args:
- APP_LOG_CONTENT_ACCESS=1
# environment variables for oneagent (optional)
env: []
# resource settings for oneagent pods (optional)
# consumption of oneagent heavily depends on the workload to monitor
# please adjust values accordingly
#resources:
# requests:
# cpu: 100m
# memory: 512Mi
# limits:
# cpu: 300m
# memory: 1.5GiSave the snippet to a file or use ./deploy/cr.yaml from this repository and adjust its values accordingly. A secret holding tokens for authenticating to the Dynatrace cluster needs to be created upfront. Create access tokens of type Dynatrace API and Platform as a Service and use its values in the following commands respectively. For assistance please refere to Create user-generated access tokens.
Note: .spec.tokens denotes the name of the secret holding access tokens. If not specified OneAgent Operator searches for a secret called like the OneAgent custom resource (.metadata.name).
$ kubectl -n dynatrace create secret generic oneagent --from-literal="apiToken=DYNATRACE_API_TOKEN" --from-literal="paasToken=PLATFORM_AS_A_SERVICE_TOKEN"
$ kubectl create -f cr.yamlIn order to use the certified OneAgent image
from Red Hat Container Catalog you need to set .spec.image to registry.connect.redhat.com/dynatrace/oneagent in the custom resource
and provide image pull secrets:
$ oc -n dynatrace create secret docker-registry redhat-connect --docker-server=registry.connect.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
$ oc -n dynatrace create secret docker-registry redhat-connect-sso --docker-server=sso.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
$ oc -n dynatrace secrets link dynatrace-oneagent redhat-connect --for=pull
$ oc -n dynatrace secrets link dynatrace-oneagent redhat-connect-sso --for=pull$ oc -n dynatrace create secret generic oneagent --from-literal="apiToken=DYNATRACE_API_TOKEN" --from-literal="paasToken=PLATFORM_AS_A_SERVICE_TOKEN"
$ oc create -f cr.yamlRemove OneAgent custom resources and clean-up all remaining OneAgent Operator specific objects:
$ kubectl delete -n dynatrace oneagent --all
$ kubectl delete -f https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/kubernetes.yaml$ oc delete -n dynatrace oneagent --all
$ oc delete -f https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/openshift.yamlSee HACKING for details on how to get started enhancing Dynatrace OneAgent Operator.
See CONTRIBUTING for details on submitting changes.
Dynatrace OneAgent Operator is under Apache 2.0 license. See LICENSE for details.