cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tags applied by Kubernetes??

jordan_rose
Helper

Notice below that some of our tags are "applied by kubernetes". We cannot figure how this is done and are looking for insight. Can someone point me in the right direction to find out how these tags are applied by kubernetes.

11 REPLIES 11

ChadTurner
DynaMight Legend
DynaMight Legend

These are tags that you have imported from Kubernetes. Hence why it has [Kubernetes] in brackets. You can see more of an explanation here: https://www.dynatrace.com/support/help/technology-support/cloud-platforms/kubernetes/other-deploymen...

-Chad

Thanks for the response. I guess I'm missing something still though. I don't see where the doc mentions these tags being imported or created without an automated tagging rule in Dynatrace

Line 1: "Dynatrace automatically derives tags from your Kubernetes/OpenShift labels."

So, do you recognize these as Kubernetes labels defined in your k8s?



Ahh right there at the top, I see it now. I will ask the Kubernetes admin about it thank you....

Radu
Dynatrace Champion
Dynatrace Champion

Hi Jordan,

The OneAgent will use the Kuberentes REST API to read all the metadata at deployment time. So as long as the service accounts under which the pods are running are given view access (via rolebinding or clusterrolebinding objects) they are able to read labels and annotations and translate them automaticallly intro Dynatrace tags and metadata. Your labels will appear as tags with the [Kubernetes] context, whereas annotations will appear as custom metadata at the Process-level in Dynatrace.

The command you see at the at the bottom of the docs page is a generic one that can be used to give the viewer role to all default service accounts in a namespace. This works in most cases, but it will have to be tailored if non-default service accounts are used for any of the pods.

Best regards,

Radu

Thank you for the answer...

Hey


as long as the service accounts under which the pods are running are given view access

Can you clarify which pods? The OneAgent pods? Or all application pods?


Thanks

Hello, is this still possible and if so, can you report the link in your comment. It seems to go to a 404 page. 

I do see 404 error

I think this is the replacement page:
https://docs.dynatrace.com/docs/platform-modules/infrastructure-monitoring/container-platform-monito...

We may have a way to do this at a cluster level, rather than per namespace/account pair:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-metadata-viewer
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-metadata-viewer-binding
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: ""
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-metadata-viewer
apiGroup: ""

We just made sure to have the subjects include a list of groups (such as the built-in system:serviceaccounts one above)

I know the Dynatrace docs state "As a result, Kubernetes processes monitored in your Dynatrace environment will have Kubernetes labels attached as Kubernetes tags. For namespaces, pods, and workloads, Kubernetes tags are not evaluated."

 

As a result, Kubernetes processes monitored in your Dynatrace environment will have Kubernetes labels attached as Kubernetes tags. For namespaces, pods, and workloads, Kubernetes tags are not evaluated." for this "solution" if someone finds a way we can use it to apply labels to containers/pods, deployments, services and namespaces (to ingest lables the to make available in Dynatrace as tags.... I would be forever in your debt... We have been trying for just over a year to get this to work... We just want when a deployment or namespace crosses some threshold, when it throws an alert we can have tags attached to the CIs for we can do things like Pager Duty Orchestration to route the alert to the right teams, service now bucket, ms teams notification, PD alert group.... etc etc.... we were able to get the k8s labels to populate Dynatrace Ownership, and this is great... but ts GUI only, you cant use any of the ownership data (or even that label) in DT for 3rd party alerting.
If you have Dynatrace SaaS and are using the cloud agent to monitor k8s (in aws( ping me... maybe I can help set up a 15-30min test to see if SaaS fixes this... but our company is hung up still uing Managed with full stack One Agent clients.  😞

 

Thanks all!!
-John Sweeney 904-885-1666

Featured Posts