01 Jul 2026
08:15 AM
- last edited on
02 Jul 2026
06:41 AM
by
MaciejNeumann
Hi everyone,
I'm using DynaKube in cloud-native full-stack monitoring mode on Kubernetes and need to confirm if I can set dt.security_context using OneAgent args.
What I want to do:
spec:
oneAgent:
hostGroup: SAMPLE
cloudNativeFullStack:
args:
- "--set-host-property=dt.security_context=my_security_value"
Questions:
Will this work in cloud-native full-stack mode on Kubernetes?
If not, what's the recommended way to set dt.security_context in DynaKube cloud-native full-stack mode?
I've seen oneagentctl --set-host-property mentioned for VMs (Linux/Windows), but I'm not sure if the same approach applies in the DynaKube args field.
Any help or experience with this would be appreciated!
Thanks
01 Jul 2026 03:13 PM
May I suggest you to check this link? You can use existing label, metadata, and also you can do set it up at pod level.
02 Jul 2026 08:44 AM
HI Paco,
Thanks for the input. Based on the Dynatrace documentation [https://docs.dynatrace.com/docs/shortlink/kubernetes-security-context#security-context-based-on-exis...], this is how I understand the setup:
First, label the namespaces you want to monitor, for example:
kubectl label namespace NS1 security-context=DEMO
kubectl label namespace NS1 dt-monitoring=true
Then in DynaKube, configure the namespace selector to pick up only those labeled namespaces
oneAgent:
hostGroup: DEMO
cloudNativeFullStack:
namespaceSelector:
matchExpressions dt-monitoring
operator: In
values: ["true"]
Finally, create an enrichment rule in Dynatrace with source security-context and target dt.security_context.
Let me know if my understanding is correct
Thanks
03 Jul 2026 02:16 AM
Hey Tahir,
That all looks correct to me! However the steps you have identified for limiting monitoring is optional. You do not have to restrict monitoring to specific pods unless you want to or have a use case to. You can still let the operator roam free.
Featured Posts