diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynakube-operator.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynakube-operator.yaml index 54da1f4c..fe0125e3 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynakube-operator.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynakube-operator.yaml @@ -31,4 +31,6 @@ spec: postBuild: substituteFrom: - kind: ConfigMap - name: dynatrace-variables # Provides apiurl, dynatracesecretname, dynakubename, oneagentvolumestorage \ No newline at end of file + name: dynatrace-variables # Provides dynatracesecretname, dynakubename, oneagentvolumestorage + - kind: Secret + name: dynatrace-apiurl # provides apiurl \ No newline at end of file diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-dynakube/dynakube-cr.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-dynakube/dynakube-cr.yaml index 0b4d8127..8124cb46 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-dynakube/dynakube-cr.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-dynakube/dynakube-cr.yaml @@ -5,14 +5,18 @@ metadata: name: "${dynakubename}" namespace: dynatrace annotations: - feature.dynatrace.com/automatic-kubernetes-api-monitoring: "true" + feature.dynatrace.com/k8s-app-enabled: "true" + feature.dynatrace.com/no-proxy: "dynakube-activegate.dynatrace.svc.cluster.local,.svc.cluster.local,.dynatrace.svc" + feature.dynatrace.com/oneagent-ignore-proxy: "true" + spec: - apiUrl: ${apiurl} + apiUrl: "${apiurl}" tokens: ${dynatracesecretname} - skipCertCheck: false + namespaceSelector: + matchLabels: + dynatrace.com/inject: "true" oneAgent: - classicFullStack: - # image: "" + cloudNativeFullStack: tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master @@ -20,18 +24,14 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists - env: - - name: ONEAGENT_ENABLE_VOLUME_STORAGE - value: "${oneagentvolumestorage}" activeGate: capabilities: - routing - kubernetes-monitoring - dynatrace-api - #image: "" resources: requests: - cpu: 50m + cpu: 500m memory: 512Mi limits: cpu: 1000m diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-release.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-release.yaml index 7bea5d14..5e47501e 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-release.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-release.yaml @@ -10,14 +10,14 @@ spec: chart: dynatrace-operator sourceRef: kind: HelmRepository - name: dynatrace-operator + name: dynatrace-operator-oci namespace: flux-system - version: 0.10.1 - interval: 1m0s - values: - installCRD: true + # version: "1.3.2" install: crds: CreateReplace + interval: 1m0s + targetNamespace: dynatrace upgrade: crds: CreateReplace - targetNamespace: dynatrace \ No newline at end of file + values: + installCRD: true diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-repository.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-repository.yaml new file mode 100644 index 00000000..449cc096 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-repository.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: dynatrace-operator-oci + namespace: flux-system +spec: + interval: 1m0s + type: "oci" + url: oci://public.ecr.aws/dynatrace diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-source.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-source.yaml deleted file mode 100644 index f570fc6d..00000000 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/dynatrace-source.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: dynatrace-operator - namespace: flux-system -spec: - interval: 1m0s - url: https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable \ No newline at end of file diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secret.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secrets.yaml similarity index 51% rename from eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secret.yaml rename to eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secrets.yaml index 6ebcb369..461523a5 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secret.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/external-secrets.yaml @@ -15,4 +15,21 @@ spec: - extract: # we expect an external secret in the following format # {"apiToken":"sometoken","dataIngestToken":"anothertoken"} - key: dt-tokens-secret \ No newline at end of file + key: dt-tokens-secret +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: dynatrace-apiurl-external-secret + namespace: flux-system +spec: + refreshInterval: 1m + secretStoreRef: + name: eksa-secret-store #The secret store name we have just created. + kind: ClusterSecretStore + target: + name: dynatrace-apiurl # Secret name in k8s + data: + - secretKey: apiurl + remoteRef: + key: dynatrace-apiurl \ No newline at end of file diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/namespace.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/namespace.yaml index a3be1d9c..79dfeecf 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/namespace.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-operator/namespace.yaml @@ -6,4 +6,4 @@ metadata: labels: aws.conformance.vendor: dynatrace aws.conformance.vendor-solution: dynatrace - aws.conformance.vendor-solution-version: 0.10.1 \ No newline at end of file + aws.conformance.vendor-solution-version: 1.3.0 \ No newline at end of file diff --git a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-variables.yaml b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-variables.yaml index f508c548..e106ddbc 100644 --- a/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-variables.yaml +++ b/eks-anywhere-common/Addons/Partner/dynatrace/dynatrace-variables.yaml @@ -5,12 +5,7 @@ metadata: name: dynatrace-variables namespace: flux-system data: - # api url for dynatrace environment - apiurl: "https://syh360.dynatrace-managed.com/e/29143f4b-2894-450d-a1fc-89a197b68909/api" - # name of secret containing tokens + # name of secret containing tokens created by external-secret dynatracesecretname: "dt-secret" # name of cluster to be listed in Dynatrace dynakubename: "eks-flux-test-cluster" - # ONEAGENT_ENABLE_VOLUME_STORAGE should be false for EKS, the escaped are due to flux being weird - # and the value here isn't actually a boolean - oneagentvolumestorage: "\"false\"" \ No newline at end of file diff --git a/eks-anywhere-common/Testers/dynatrace/testJob.yaml b/eks-anywhere-common/Testers/dynatrace/testJob.yaml new file mode 100644 index 00000000..a037eaed --- /dev/null +++ b/eks-anywhere-common/Testers/dynatrace/testJob.yaml @@ -0,0 +1,118 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: dynatrace-tester-cron + namespace: dynatrace +spec: + schedule: "10 10 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: job + image: 'alpine/k8s:1.26.2' + command: ["/bin/bash", "-c"] + args: + - | + #!/bin/bash + + PATTERN="Ping received: Healthy(" + DAEMONSET_INCLUDE_PATTERN="oneagent" + DAEMONSET_EXCLUDE_PATTERN="csi" + CUSTOM_RESOURCE="dynakubes.dynatrace.com" + EXIT_STATUS=0 # Default to success + echo "Starting search for Dynakubes..." + # Get the list of namespaces + NAMESPACES=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}') + echo "NAMESPACES: $NAMESPACES" + # Iterate over each namespace + for NAMESPACE in $NAMESPACES; do + echo "Checking namespace: $NAMESPACE" + # Get the list of custom resources in the current namespace that match the pattern + RESOURCES=$(kubectl get $CUSTOM_RESOURCE -n $NAMESPACE -o jsonpath='{.items[*].metadata.name}' | tr ' ' '\n') + echo "RESOURCES: $RESOURCES" + if [[ -z $RESOURCES ]]; then + echo "No matching resources found in namespace: $NAMESPACE" + continue + fi + # Iterate over each matching resource + for RESOURCE in $RESOURCES; do + echo "Found matching resource: $RESOURCE in namespace: $NAMESPACE" + # Get the list of pods in the current namespace created by the custom resource + echo "Checking pods created by the custom resource: $RESOURCE" + PODS=$(kubectl get pods -n $NAMESPACE --selector=app.kubernetes.io/created-by=$RESOURCE,app.kubernetes.io/name=oneagent -o jsonpath='{.items[*].metadata.name}') + echo "Oneagent pods: $PODS" + ALL_PODS_VALID=true # Assume all pods are valid initially + # Iterate over each pod + for POD in $PODS; do + echo "Checking logs for oneagent pod: $POD in CustomResource: $RESOURCE" + # Get the logs of the current pod + LOGS=$(kubectl logs -n $NAMESPACE $POD) + # Check the logs for the pattern + if ! echo "$LOGS" | grep -q "$PATTERN"; then + echo "Pattern not found in pod: $POD" + ALL_PODS_VALID=false # Mark as invalid if the pattern is not found + break + fi + done + # If any pod in the DaemonSet does not have the pattern, set exit status to failure + if ! $ALL_PODS_VALID; then + EXIT_STATUS=1 + fi + done + done + if [[ $EXIT_STATUS -eq 0 ]]; then + echo "Search successful: Pattern found in all pods of all matching DaemonSets." + else + echo "Search complete: Pattern not found in all pods of one or more DaemonSets." + fi + exit $EXIT_STATUS + restartPolicy: Never + serviceAccountName: test-dynatrace + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-test-role +rules: +# Permissions for listing namespaces +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] +# Permissions for listing pods and getting pod logs +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +# Permissions for getting pod logs +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] +# Permissions for listing the custom resource dynakube from the dynatrace.com apigroup +- apiGroups: ["dynatrace.com"] + resources: ["dynakubes"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-dynatrace + namespace: dynatrace + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: custom-list-pods-logs-dynakube-binding +subjects: +- kind: ServiceAccount + name: test-dynatrace + namespace: dynatrace +roleRef: + kind: ClusterRole + name: dynatrace-test-role + apiGroup: rbac.authorization.k8s.io