30 Jul 2020 08:39 PM
Notice below that some of our tags are "applied by kubernetes". We cannot figure how this is done and are looking for insight. Can someone point me in the right direction to find out how these tags are applied by kubernetes.
Solved! Go to Solution.
30 Jul 2020 09:24 PM
These are tags that you have imported from Kubernetes. Hence why it has [Kubernetes] in brackets. You can see more of an explanation here: https://www.dynatrace.com/support/help/technology-support/cloud-platforms/kubernetes/other-deploymen...
30 Jul 2020 09:41 PM
Thanks for the response. I guess I'm missing something still though. I don't see where the doc mentions these tags being imported or created without an automated tagging rule in Dynatrace
30 Jul 2020 10:28 PM
Line 1: "Dynatrace automatically derives tags from your Kubernetes/OpenShift labels."
So, do you recognize these as Kubernetes labels defined in your k8s?
30 Jul 2020 10:54 PM
Ahh right there at the top, I see it now. I will ask the Kubernetes admin about it thank you....
31 Jul 2020 08:39 AM
Hi Jordan,
The OneAgent will use the Kuberentes REST API to read all the metadata at deployment time. So as long as the service accounts under which the pods are running are given view access (via rolebinding or clusterrolebinding objects) they are able to read labels and annotations and translate them automaticallly intro Dynatrace tags and metadata. Your labels will appear as tags with the [Kubernetes] context, whereas annotations will appear as custom metadata at the Process-level in Dynatrace.
The command you see at the at the bottom of the docs page is a generic one that can be used to give the viewer role to all default service accounts in a namespace. This works in most cases, but it will have to be tailored if non-default service accounts are used for any of the pods.
Best regards,
Radu
31 Jul 2020 01:09 PM
Thank you for the answer...
24 Sep 2020 06:22 PM
Hey
as long as the service accounts under which the pods are running are given view access
Can you clarify which pods? The OneAgent pods? Or all application pods?
Thanks
30 Aug 2023 04:13 PM
Hello, is this still possible and if so, can you report the link in your comment. It seems to go to a 404 page.
24 Apr 2024 07:30 PM - edited 25 Apr 2024 03:56 PM
I think this is the replacement page:
https://docs.dynatrace.com/docs/platform-modules/infrastructure-monitoring/container-platform-monito...
We may have a way to do this at a cluster level, rather than per namespace/account pair:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-metadata-viewer
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-metadata-viewer-binding
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: ""
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-metadata-viewer
apiGroup: ""
We just made sure to have the subjects include a list of groups (such as the built-in system:serviceaccounts one above)
25 Apr 2024 05:25 PM