This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Token rotation dynatrace operator, oneAgents, activeGates for dynatrace managed.

Go to solution
ac300
Frequent Guest

‎23 Oct 2024 01:46 PM - edited ‎23 Oct 2024 01:49 PM

Hi,
We have a dynatrace environment in dynatrace managed, in which we have environment activeGates, oneAgents to monitor VMs and, dynatrace operator installed in K8s clusters with it´s own active gates.
We generated some tokens to install, however I would like to know which can be deleted, or which ones should be rotated and the procedure to do so without downtime.

Here the types of tokens that were created:

1. Paas Token for activeGate and OneAgent install
2. Dynatrace Operator token (for K8s operator)
3. Data Ingest token (for K8s operator)

I appreciate your insights.
Angela
Labels:
0 Kudos
Reply
2 REPLIES 2

Go to solution
Peter_Youssef
Champion

‎23 Oct 2024 03:39 PM

Hello @ac300 

Let's talk about each Point separately:

  • Paas Token for activeGate and OneAgent install: Required to authenticate the components and the monitoring tenants, so you won't be able to connect either OA or AG unless you have a valid PaaS tokens.
  • DT Operator: you have two types the operator one which is mandatory to proceed with K8s / OpenShift monitoring 
  • DT ingestion token for K8s / OpenShift is Optional 
  • Both data ingestion and Integration token can be deleted or updated via the attached commands here at https://docs.dynatrace.com/docs/shortlink/guides-k8s-update-uninstall-operator#update-tokens 

2024-10-23_18h37_28.png

  • Token rotation are related mainly to AG in case of migration.
  • You can set the token for OA and AG through the remote configurations Ui if you have admin permissions to authenticate the monitoring components against another monitoring tenant or to connect to another monitoring environment.
  • This URL guiding you how to set the token for OA : https://docs.dynatrace.com/docs/shortlink/windows-custom-installation#token

2024-10-23_18h34_57.png

hoping it adds value.

BR, 

Peter

Reply

Go to solution
MostafaHussein
Pro

‎23 Oct 2024 05:47 PM

in addition to what's @Peter_Youssef  has mentioned, when the authentication token get expired after 30 days and rotated, the affected ActiveGate is automatically deleted and redeployed by the operator as shown in the following figure within the `operator token scope` you've `activeGateTokenManagement.create`.

MostafaHussein_0-1729701970836.png

see this link https://docs.dynatrace.com/docs/shortlink/installation-k8s-tokens-permissions#operatorToken it's explaining more about the needed tokens and the rotation.

 

Certified Dynatrace Professional | Certified Dynatrace Services - Observability | Dynatrace Partner yourcompass.ca
Reply
Ask a question

Featured Posts