This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Kubernetes Monitoring || Firewall requirement

Go to solution
VenkataSainath
Helper

‎12 Sep 2022 10:59 AM - last edited on ‎12 Sep 2022 11:35 AM by

Hi All,

 

May I request which firewall ports need to take for enabling Kubernetes monitoring in Dynatrace Managed?

 

We have three master nodes and 20 worker nodes, and also we have a few DB worker nodes.

Source, destination, and port?

 

And if we want to enable only infra-level monitoring for DB worker nodes, Do we have other option?

 

Regards,

Venkat

Labels:
0 Kudos
Reply
4 REPLIES 4

Go to solution
Mizső
DynaMight Guru
DynaMight Guru

‎12 Sep 2022 11:35 AM

Hi VenkataSainat,

 

Maybe I wrong and other communinty member correct me but it depends on the instumnetation type. I have expereince with calssicfullstack becasue I always use this instrumentation type. I think in this case port 443 would be enough between Kubernetes range and DT managed (hosts or range). In classicfullstack instrumentation you can deploy a containered activegate. This AG should communicate with the DT managed servers (not the individual host agents with DT managed servers).

 

I hope it helps.

 

Br, Mizső

 

Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Reply

Go to solution
MarcosZ
Participant
In response to Mizső

‎24 May 2023 03:49 AM

hi Mizső,

hope you are doing well.

in your experience, do the both master node and work node need to setup the firewall on 443 port, or just config the master node is fine?

Regards,

Marcos

0 Kudos
Reply

Go to solution
Mizső
DynaMight Guru
DynaMight Guru

‎24 May 2023 02:42 PM

Hi @MarcosZ,

I think open fw for worker nodes are enough. Restric the active gate to the worker nodes, in this case containerized AG can connect to managed nodes and connect the cluster api interface.

nodeSelector:
      "node-role.kubernetes.io/worker": ""
 
I hope it helps.
Best regards,
Mizső
Dynatrace Community RockStar 2024, Certified Dynatrace Professional
Reply

Go to solution
MarcosZ
Participant
In response to Mizső

‎25 May 2023 03:08 AM

thank you for the information, im appreciated.

Reply
Ask a question

Featured Posts