Cloud platforms
Questions about AWS, Azure, and Google Cloud Platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I Set dt.security_context via OneAgent args in DynaKube Cloud-Native Full-Stack Mode?

TahirJanwari
Participant

Hi everyone,

I'm using DynaKube in cloud-native full-stack monitoring mode on Kubernetes and need to confirm if I can set dt.security_context using OneAgent args.

What I want to do:
spec:
oneAgent:
hostGroup: SAMPLE
cloudNativeFullStack:
args:
- "--set-host-property=dt.security_context=my_security_value"

Questions:

  1. Will this work in cloud-native full-stack mode on Kubernetes?

  2. If not, what's the recommended way to set dt.security_context in DynaKube cloud-native full-stack mode?

I've seen oneagentctl --set-host-property mentioned for VMs (Linux/Windows), but I'm not sure if the same approach applies in the DynaKube args field.

Any help or experience with this would be appreciated!

Thanks

 

Certified Dynatrace Associate | Certified Dynatrace Professional
3 REPLIES 3

PacoPorro
Dynatrace Leader
Dynatrace Leader

May I suggest you to check this link? You can use existing label, metadata, and also you can do set it up at pod level.

https://docs.dynatrace.com/docs/shortlink/kubernetes-security-context#set-up-security-context-in-kub...

HI Paco,
Thanks for the input. Based on the Dynatrace documentation [https://docs.dynatrace.com/docs/shortlink/kubernetes-security-context#security-context-based-on-exis...], this is how I understand the setup:

First, label the namespaces you want to monitor, for example:
kubectl label namespace NS1 security-context=DEMO
kubectl label namespace NS1 dt-monitoring=true

Then in DynaKube, configure the namespace selector to pick up only those labeled namespaces

oneAgent:
hostGroup: DEMO
cloudNativeFullStack:
namespaceSelector:
matchExpressions dt-monitoring
operator: In
values: ["true"]

Finally, create an enrichment rule in Dynatrace with source security-context and target dt.security_context.

Let me know if my understanding is correct

Thanks



Certified Dynatrace Associate | Certified Dynatrace Professional

Hey Tahir,

That all looks correct to me! However the steps you have identified for limiting monitoring is optional. You do not have to restrict monitoring to specific pods unless you want to or have a use case to. You can still let the operator roam free.

 

Featured Posts