Merge pull request #316 from akirasoft1/dynatrace-1.3.2

Dynatrace 1.3.2

eks-anywhere-common/Addons/Partner/dynatrace/dynakube-operator.yaml

@@ -31,4 +31,6 @@ spec:
   postBuild:
     substituteFrom:
     - kind: ConfigMap
-      name: dynatrace-variables # Provides apiurl, dynatracesecretname, dynakubename, oneagentvolumestorage
+      name: dynatrace-variables # Provides dynatracesecretname, dynakubename, oneagentvolumestorage
+    - kind: Secret
+      name: dynatrace-apiurl # provides apiurl

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-dynakube/dynakube-cr.yaml

@@ -5,33 +5,33 @@ metadata:
   name: "${dynakubename}"
   namespace: dynatrace
   annotations:
-    feature.dynatrace.com/automatic-kubernetes-api-monitoring: "true"
+    feature.dynatrace.com/k8s-app-enabled: "true"
+    feature.dynatrace.com/no-proxy: "dynakube-activegate.dynatrace.svc.cluster.local,.svc.cluster.local,.dynatrace.svc"
+    feature.dynatrace.com/oneagent-ignore-proxy: "true"
+
 spec:
-  apiUrl: ${apiurl}
+  apiUrl: "${apiurl}"
   tokens: ${dynatracesecretname}
-  skipCertCheck: false
+  namespaceSelector:
+    matchLabels:
+      dynatrace.com/inject: "true"  
   oneAgent:
-    classicFullStack:
-      # image: ""
+    cloudNativeFullStack:
       tolerations:
         - effect: NoSchedule
           key: node-role.kubernetes.io/master
           operator: Exists
         - effect: NoSchedule
           key: node-role.kubernetes.io/control-plane
           operator: Exists
-      env:
-        - name: ONEAGENT_ENABLE_VOLUME_STORAGE
-          value: "${oneagentvolumestorage}"
   activeGate:
     capabilities:
       - routing
       - kubernetes-monitoring
       - dynatrace-api
-    #image: ""
     resources:
       requests:
-        cpu: 50m
+        cpu: 500m
         memory: 512Mi
       limits:
         cpu: 1000m

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-release.yaml

@@ -10,14 +10,14 @@ spec:
       chart: dynatrace-operator
       sourceRef:
         kind: HelmRepository
-        name: dynatrace-operator
+        name: dynatrace-operator-oci
         namespace: flux-system
-      version: 0.10.1
-  interval: 1m0s
-  values:
-    installCRD: true
+      # version: "1.3.2"
   install:
     crds: CreateReplace
+  interval: 1m0s
+  targetNamespace: dynatrace
   upgrade:
     crds: CreateReplace
-  targetNamespace: dynatrace
+  values:
+    installCRD: true

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-repository.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: dynatrace-operator-oci
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  type: "oci"
+  url: oci://public.ecr.aws/dynatrace

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secret.yaml → eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secrets.yaml

@@ -15,4 +15,21 @@ spec:
   - extract:
       # we expect an external secret in the following format
       # {"apiToken":"sometoken","dataIngestToken":"anothertoken"}
-      key: dt-tokens-secret
+      key: dt-tokens-secret
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: dynatrace-apiurl-external-secret
+  namespace: flux-system
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: eksa-secret-store #The secret store name we have just created.
+    kind: ClusterSecretStore
+  target:
+    name: dynatrace-apiurl # Secret name in k8s
+  data:
+  - secretKey: apiurl 
+    remoteRef:
+      key: dynatrace-apiurl

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/namespace.yaml

@@ -6,4 +6,4 @@ metadata:
   labels:
     aws.conformance.vendor: dynatrace
     aws.conformance.vendor-solution: dynatrace
-    aws.conformance.vendor-solution-version: 0.10.1
+    aws.conformance.vendor-solution-version: 1.3.0

eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-variables.yaml

@@ -5,12 +5,7 @@ metadata:
   name: dynatrace-variables
   namespace: flux-system
 data:
-  # api url for dynatrace environment 
-  apiurl: "https://syh360.dynatrace-managed.com/e/29143f4b-2894-450d-a1fc-89a197b68909/api"
-  # name of secret containing tokens
+  # name of secret containing tokens created by external-secret
   dynatracesecretname: "dt-secret"
   # name of cluster to be listed in Dynatrace
   dynakubename: "eks-flux-test-cluster"
-  # ONEAGENT_ENABLE_VOLUME_STORAGE should be false for EKS, the escaped are due to flux being weird
-  # and the value here isn't actually a boolean
-  oneagentvolumestorage: "\"false\""

eks-anywhere-common/Testers/dynatrace/testJob.yaml

@@ -0,0 +1,118 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: dynatrace-tester-cron
+  namespace: dynatrace
+spec:
+  schedule: "10 10 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: job
+              image: 'alpine/k8s:1.26.2'
+              command: ["/bin/bash", "-c"]
+              args:
+                - |
+                  #!/bin/bash
+
+                  PATTERN="Ping received: Healthy("
+                  DAEMONSET_INCLUDE_PATTERN="oneagent"
+                  DAEMONSET_EXCLUDE_PATTERN="csi"
+                  CUSTOM_RESOURCE="dynakubes.dynatrace.com"
+                  EXIT_STATUS=0  # Default to success
+                  echo "Starting search for Dynakubes..."
+                  # Get the list of namespaces
+                  NAMESPACES=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}')
+                  echo "NAMESPACES: $NAMESPACES"
+                  # Iterate over each namespace
+                  for NAMESPACE in $NAMESPACES; do
+                    echo "Checking namespace: $NAMESPACE"
+                    # Get the list of custom resources in the current namespace that match the pattern
+                    RESOURCES=$(kubectl get $CUSTOM_RESOURCE -n $NAMESPACE -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n')
+                    echo "RESOURCES: $RESOURCES"
+                    if [[ -z $RESOURCES ]]; then
+                      echo "No matching resources found in namespace: $NAMESPACE"
+                      continue
+                    fi
+                    # Iterate over each matching resource
+                    for RESOURCE in $RESOURCES; do
+                      echo "Found matching resource: $RESOURCE in namespace: $NAMESPACE"
+                      # Get the list of pods in the current namespace created by the custom resource
+                      echo "Checking pods created by the custom resource: $RESOURCE"
+                      PODS=$(kubectl get pods -n $NAMESPACE --selector=app.kubernetes.io/created-by=$RESOURCE,app.kubernetes.io/name=oneagent -o jsonpath='{.items[*].metadata.name}')
+                      echo "Oneagent pods: $PODS"
+                      ALL_PODS_VALID=true  # Assume all pods are valid initially
+                      # Iterate over each pod
+                          for POD in $PODS; do
+                          echo "Checking logs for oneagent pod: $POD in CustomResource: $RESOURCE"
+                          # Get the logs of the current pod
+                          LOGS=$(kubectl logs -n $NAMESPACE $POD)  
+                          # Check the logs for the pattern
+                          if ! echo "$LOGS" | grep -q "$PATTERN"; then
+                              echo "Pattern not found in pod: $POD"
+                              ALL_PODS_VALID=false  # Mark as invalid if the pattern is not found
+                              break
+                          fi
+                          done
+                      # If any pod in the DaemonSet does not have the pattern, set exit status to failure
+                      if ! $ALL_PODS_VALID; then
+                      EXIT_STATUS=1
+                      fi
+                  done
+                  done
+                  if [[ $EXIT_STATUS -eq 0 ]]; then
+                    echo "Search successful: Pattern found in all pods of all matching DaemonSets."
+                  else
+                    echo "Search complete: Pattern not found in all pods of one or more DaemonSets."
+                  fi
+                  exit $EXIT_STATUS
+          restartPolicy: Never
+          serviceAccountName: test-dynatrace
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynatrace-test-role
+rules:
+# Permissions for listing namespaces
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list", "watch"]
+# Permissions for listing pods and getting pod logs
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+# Permissions for getting pod logs
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get"]
+# Permissions for listing the custom resource dynakube from the dynatrace.com apigroup
+- apiGroups: ["dynatrace.com"]
+  resources: ["dynakubes"]
+  verbs: ["get", "list", "watch"]
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: test-dynatrace
+  namespace: dynatrace
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: custom-list-pods-logs-dynakube-binding
+subjects:
+- kind: ServiceAccount
+  name: test-dynatrace
+  namespace: dynatrace
+roleRef:
+  kind: ClusterRole
+  name: dynatrace-test-role
+  apiGroup: rbac.authorization.k8s.io