Query: Is it possible to deploy Dynatrace Operator in Cluster Scope?

[abhinavgargin]

Hi,

My organisation has a use case where we want to provide dynatrace as an offering to all the application teams for APM. We don't want each team to deploy their own instance.

Current state: As of now applying the CR is tightly coupled with the Operator namespace. The way we see the solution is either of the following ways:

1. To ask each application team to deploy their own instance of operator
2. Give every application team access to a common namespace where operator is running.

Query: Is it possible to provide operator at a cluster level so that each team can apply their CR in their respective namespaces without having to take the pain of deploying operator?

[DTMad]

Hey @abhinavgargin,

You don't necessarily need to deploy multiple CRs. That strongly depends on your use case. If you want to have fullstack monitoring you can deploy a OneAgent CR which automatically rolls out to every node of the cluster and monitors each node (host metrics) + the applications running on it.

If you're just looking for application monitoring you can use the OneAgentAPM CR and then label all the namespaces you want to monitor.

May I ask what exact use case you have?

-Marco

[abhinavgargin]

Hi @DTMad,

Thanks for replying. Here is our use case: Each application team creates their namespace and deploys their app. They should be able to monitor only their namespace.

If we apply OneAgentAPM CR and then label all the namespaces, there will be no segregation per namespace. Also, each team will be able to see other data which they are not required/ supposed to.

To resolve this, what we are thinking is to provision OneagentAPM CR for each application team so that they have restricted access.

After you suggested, I tried application only monitoring following this guide: https://www.dynatrace.com/support/help/technology-support/cloud-platforms/kubernetes/other-deployments-and-configurations/deploy-oneagent-on-kubernetes-for-application-only-monitoring/ I don't see any data in my dynatrace console. Am I missing something? I checked dynatrace operator controller's logs too. There is no error there. Here are the logs: ","logger":"oneagentapm.controller","msg":"Reconciling OneAgentAPM","namespace":"dynatrace","name":"oneagentapm"} {"level":"info","ts":"2021-03-04T06:46:30.541Z","logger":"oneagentapm.controller","msg":"Reconciling OneAgentAPM","namespace":"dynatrace","name":"oneagentapm"} {"level":"info","ts":"2021-03-04T06:46:31.144Z","logger":"oneagentapm.controller","msg":"Reconciling OneAgentAPM","namespace":"dynatrace","name":"oneagentapm"} {"level":"info","ts":"2021-03-04T06:47:23.162Z","logger":"namespaces.controller","msg":"reconciling Namespace","name":"default"} {"level":"info","ts":"2021-03-04T06:48:34.564Z","logger":"oneagentapm.controller","msg":"Reconciling OneAgentAPM","namespace":"dynatrace","name":"oneagentapm"} {"level":"info","ts":"2021-03-04T06:48:53.602Z","logger":"nodes.controller","msg":"reconciling nodes"} ~

Suggested on the page: For troubleshooting purposes, you can view OneAgent logs, which by default are on /opt/dynatrace/oneagent-paas/log inside the instrumented containers. I went inside the app container but I don't see anything under /opt/ directory. Red flag to me. Do you see any problem here?

[DTMad]

Hey @abhinavgargin,

Thanks for the reply.

Are you using one single Dynatrace tenant for this or do you have multiple tenants? If you're using a single tenant you can use management zones and restrict the access of users to only see specific management zones.

Did you follow the steps mentioned in the guide for automatic app-only injection? You should have the operator and the dynatrace-oneagent-webhook running, a OneAgentAPM instance created with all the necessary information and furthermore you need to label the namespace you want to inject into.

Thanks, Marco

[abhinavgargin]

As of now, I'm using the free Dynatrace plan offered.

Yes, I followed all the steps. I have controller and webhook running. I applied OneAgentAPM CR in the same namespace as operator with my dynatrace URL. I also labeled the namespace. Still no luck. Is there any video tutorial available by any chance? Maybe I'll be able to do a quick comparison. Whereas, OneAgent CR is working fine for me.

[abhinavgargin]

Hi @DTMad, Any idea on above?

[DTMad]

Hey @abhinavgargin,

sorry for my late reply. Ah I think I know the problem. Do you have the OneAgent running on the hosts where you now want to use the OneAgentAPM? If there's already a oneagent running on a host the OneAgentAPM won't inject anymore since the "normal" fullstack OneAgent automatically overrules and injects into all applications.

[abhinavgargin]

No @DTMad I don't have OneAgent running there. In fact, I did everything from scratch following the doc on a new cluster. Still the same result.

[DTMad]

Ok - then we need to have a deeper look into this. May I ask you to create a support ticket for us so we can dig deeper there? Thanks!

[abhinavgargin]

Thanks @DTMad , I have opened up a ticket. Closing this now.