This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Proxy config for k8s synthetic metric adapter

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro

‎03 Oct 2024 02:32 PM - edited ‎03 Oct 2024 03:07 PM

Has anybody had any success with deploying containerized, auto-scalable private synthetic locations in "air-gapped" K8s namespaces where egress to the Dynatrace SaaS cloud is only possible via HTTP proxy?

I'm asking because it seems there are no instructions about how to configure a proxy with the metrics adapter template - only for the location template.

I'm referring to this documentation:

https://docs.dynatrace.com/docs/platform-modules/digital-experience/synthetic-monitoring/private-syn...

As per the generated metric adapter template the deployment "dynatrace-metrics-apiserver" obviously wants to communicate with the public API endpoint on SaaS configured via env var BASE_URL:

 

apiVersion: apps/v1
kind: Deployment
metadata:
  ...
spec:
  ...
  template:
    ...
    spec:
      ...
      containers:
        - name: dynatrace-metrics-apiserver
          image: dynatrace/dynatrace-synthetic-adapter:latest
          env:
            - name: BASE_URL
              value: "https://abcdef.live.dynatrace.com/e/abcdef"
          imagePullPolicy: Always
          args:
            - --secure-port=6443
            - --cert-dir=/tmp
          ports:
            - name: https
              containerPort: 6443
          volumeMounts:
            - name: temp-vol
              mountPath: /tmp
            - name: dynametric
              mountPath: /var/lib/dynatrace/secrets/dynametric
              readOnly: true
          ...
      ...

 

On our k8s cluster this will not work as direct egress is not allowed.

0 Kudos
Reply
12 REPLIES 12

Go to solution
HannahM
Dynatrace Leader
Dynatrace Leader

‎03 Oct 2024 03:00 PM

I don't believe that it is currently possible to add proxy settings for the metric adapter. I'm checking into it

Synthetic SME and community advocate.
Reply

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro
In response to HannahM

‎03 Oct 2024 03:15 PM - edited ‎03 Oct 2024 03:19 PM

Hi @HannahM 

Thanks for looking into this - appreciated!

If a proxy config is not currently supported the other option would be to connect to an internal API endpoint on one of our ActiveGates that is reachable directly from the namespace, but that would require either allowing insecure TLS comms or the configuration of a custom CA in the trust store (since our AG's use a server cert that is signed by a private CA).

Reply

Go to solution
Peter_Youssef
Champion

‎08 Oct 2024 12:43 PM

Hi @Enrico_F 

have you checked customizing proxy configurations in Dynakube.yaml on the K8s cluster.

2024-10-08_15h40_39.png

BR, 

Peter.

0 Kudos
Reply

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro
In response to Peter_Youssef

‎08 Oct 2024 12:59 PM - edited ‎08 Oct 2024 01:01 PM

No, because 

  1. our expectation is that containerized, auto-scalable private synthetic locations must be completely decoupled from the Dynatrace operator namespace.
  2. I don't see why that would have any effect as there is no requirement/dependency mentioned with regards to the Dynatrace operator in the documentation.
  3. we don't have direct access to the Dynatrace operator namespace (it's part of the OpenShift PaaS)
0 Kudos
Reply

Go to solution
Peter_Youssef
Champion

‎08 Oct 2024 01:37 PM

Hello @Enrico_F 

You can check the attached configurations: https://docs.dynatrace.com/docs/shortlink/sgw-configure#synth_mod 

2024-10-08_16h32_09.png

2024-10-08_16h34_55.png

Hoping it adds value.

BR,

Peter.

0 Kudos
Reply

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro
In response to Peter_Youssef

‎08 Oct 2024 02:01 PM - edited ‎08 Oct 2024 02:02 PM

Thanks. I'm already familiar with the ActivGate properties but IMO this is not really relevant here as my question is not specifically about the ActiveGate itself but rather about the synthetic (metric) adapter component that's required for auto-scaling containerized private locations on K8s.

0 Kudos
Reply

Go to solution
Peter_Youssef
Champion

‎08 Oct 2024 02:08 PM

Thanks @Enrico_F for feedback.

what about checking this section https://docs.dynatrace.com/docs/shortlink/sgw-proxy-authentication#advanced 

Regards,

0 Kudos
Reply

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro
In response to Peter_Youssef

‎08 Oct 2024 02:48 PM

Already checked - none of that applies to the synthetic adapter component. But thanks anyway.

0 Kudos
Reply

Go to solution
Enrico_F
DynaMight Pro
DynaMight Pro

‎17 Oct 2024 10:28 AM - edited ‎17 Oct 2024 12:02 PM

FWIW: In the meantime this was acknowledged by support as something that got missed during initial design and will be addressed in sprint 305 (expected for late January 2025).

Reply

Go to solution
Peter_Youssef
Champion
In response to Enrico_F

‎17 Oct 2024 11:17 AM

Thanks @Enrico_F for the update.

BR,

Peter

0 Kudos
Reply

Go to solution
HannahM
Dynatrace Leader
Dynatrace Leader

‎05 Nov 2024 09:29 AM

Some good news on this one, the fix has been backported to the 303 ActiveGate. So should be available in the next couple of weeks. :party_cat:

Synthetic SME and community advocate.
Reply

Go to solution
Peter_Youssef
Champion
In response to HannahM

‎05 Nov 2024 09:57 AM

Thanks @HannahM for the good news 🗞:dynaspin:😊

0 Kudos
Reply
Ask a question

Featured Posts