cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Kubenetes dynatrace-operator behind firewall and proxy

BevanBroun
Newcomer_

Hi All

Im very new to Dynatrace and Kubenetes

We have an activegate and I have installed one agent on several VMs. Everything is going via the proxy and working. 

However, Im having lots of trouble getting the monitoring of kubenetes working - most of the issue are about proxy and firewalls. What I would really love is the method of downloading separately so I can avoid these issues.

Eg: The instructions say "helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator" however despite adding public.ecr.aws to our proxy and firewall rules the traffic doesnt flow, we see from packet capture its being forwarded to another address - so we add that too and we still get nowhere.

At the moment I have downloaded the content from: Releases · Dynatrace/dynatrace-operator (github.com) and run

 

 

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml
apply -f kubernetes-csi.yaml

 

 

However, as expected the things are trying to download:

 

 

[root@prod-k8s-mast-n1a ~]# kubectl get pods -n dynatrace
NAME                                  READY   STATUS                  RESTARTS   AGE
dynatrace-oneagent-csi-driver-69v9k   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-b94zd   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-gwqx8   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-hzt7m   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-ll4l9   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-w7n2l   0/4     Init:ImagePullBackOff   0          19m
dynatrace-oneagent-csi-driver-z9sg4   0/4     Init:ImagePullBackOff   0          19m
dynatrace-operator-94d65c56c-k8xx6    0/1     ImagePullBackOff        0          19m
dynatrace-webhook-56bd655b8b-4rzhc    0/1     ImagePullBackOff        0          19m
dynatrace-webhook-56bd655b8b-h6hv4    0/1     ImagePullBackOff        0          19m

 

 

 

How can I do this in an offline mode

OR

tell this system to use a proxy and what URLs are needed in firewalls and proxy ACLs?

Thanks in advance.

2 REPLIES 2

Julius_Loman
DynaMight Legend
DynaMight Legend

@BevanBroun you need to copy the images to your local repository, where your k8s can download images as your environment cannot access public repositories directly. See https://docs.dynatrace.com/docs/shortlink/prepare-private-registry for details on how to copy images. 

After you have images in your repository, follow the steps herehttps://docs.dynatrace.com/docs/shortlink/use-private-registry for deploying the Dynatrace operator in an air-gapped environment.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

Thanks Julius - Ill be trying this shortly. BTW we are not completely air-gapped. The problem is redirects and proxy/firewall/url lists. 

Featured Posts