Dynatrace Kubernetes Configuration

This guide explains how to configure Dynatrace monitoring for your NGSS service using Kubernetes annotations, labels, and Kustomize components.

1. Overview

Dynatrace integration in NGSS consists of three main parts:

  1. Pod Annotations - Enable OneAgent injection and metrics scraping

  2. Labels - Identify services in Dynatrace dashboards

  3. Kustomize Component - Configure Micrometer metrics export

2. Pod Annotations

The base deployment template includes the following Dynatrace annotations on pod templates:

metadata:
  annotations:
    oneagent.dynatrace.com/inject: 'true'
    metrics.dynatrace.com/port: '15020'
    metrics.dynatrace.com/scrape: 'true'

2.1. Annotation Reference

Annotation Value Purpose

oneagent.dynatrace.com/inject

'true'

Enables automatic OneAgent injection into the pod. The Dynatrace Operator will inject a OneAgent sidecar to collect traces and metrics.

metrics.dynatrace.com/port

'15020'

Specifies the port where Istio Envoy sidecar exposes metrics. Dynatrace scrapes this port for service mesh metrics.

metrics.dynatrace.com/scrape

'true'

Enables Dynatrace metrics scraping from the pod.

2.2. Disabling OneAgent Injection

To disable Dynatrace monitoring for a specific deployment, add a patch in your overlay:

# kubernetes/<env>/deployment-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-service-v1
spec:
  template:
    metadata:
      annotations:
        oneagent.dynatrace.com/inject: 'false'

3. Labels

Dynatrace uses specific labels to identify and group services:

metadata:
  labels:
    DynatraceDeploymentName: MAP-DHAS-<PROJECT>-3443-my-service-v1
spec:
  template:
    metadata:
      labels:
        MAP-DHAS-ServiceName: MAP-DHAS-<PROJECT>-3443-my-service-v1

3.1. Label Reference

Label Purpose

DynatraceDeploymentName

Identifies the deployment in Dynatrace. Used for grouping related services and filtering in dashboards.

MAP-DHAS-ServiceName

Identifies the service name for MAP DHAS (Digital Health Application Services) tracking. Required for VA compliance dashboards.

3.2. Naming Convention

The label value follows this pattern:

MAP-DHAS-<PROJECT>-3443-<artifactId>-<majorVersion>

Where:

  • <PROJECT> - Your VA project identifier (replace <TODO_REPLACE_ME>)

  • 3443 - Standard MAP identifier

  • <artifactId> - Your service’s Maven artifact ID

  • <majorVersion> - Major version (e.g., v1)

You must replace <TODO_REPLACE_ME> with your actual project identifier in the generated deployment.yaml.

4. Dynatrace Secret Component

The dynatrace-secret Kustomize component configures Micrometer to export metrics directly to Dynatrace.

4.1. Adding the Component

Include the component in your overlay’s kustomization.yaml:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../base

components:
- ../components/dynatrace-secret

4.2. What It Does

The component adds environment variables that configure Spring Boot’s Micrometer Dynatrace exporter:

apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

patches:
- target:
    kind: Deployment
    name: <DEPLOYMENT-NAME>
  patch: |-
    - op: add
      path: /spec/template/spec/containers/0/env/-
      value:
        name: MANAGEMENT_DYNATRACE_METRICS_EXPORT_URI
        valueFrom:
          secretKeyRef:
            name: dynatrace-micrometer-ingest
            key: DT_METRICS_INGEST_URL
    - op: add
      path: /spec/template/spec/containers/0/env/-
      value:
        name: MANAGEMENT_DYNATRACE_METRICS_EXPORT_API_TOKEN
        valueFrom:
          secretKeyRef:
            name: dynatrace-micrometer-ingest
            key: DT_METRICS_INGEST_API_TOKEN

4.3. Environment Variables

Variable Purpose

MANAGEMENT_DYNATRACE_METRICS_EXPORT_URI

The Dynatrace metrics ingest API endpoint URL

MANAGEMENT_DYNATRACE_METRICS_EXPORT_API_TOKEN

API token for authenticating with Dynatrace metrics API

4.4. Prerequisites

The component requires a Kubernetes secret named dynatrace-micrometer-ingest to exist in the namespace with the following keys:

  • DT_METRICS_INGEST_URL

  • DT_METRICS_INGEST_API_TOKEN

This secret is typically created by cluster administrators or via External Secrets Operator.

4.5. Spring Boot Configuration

For the Micrometer exporter to work, ensure your application.yaml or application.properties includes, respectively (if using a recent Mobile Framework parent POM, this is set by default)

YAML
management:
  dynatrace:
    metrics:
      export:
        enabled: true
properties
management.dynatrace.metrics.export.enabled=true

5. Environment-Specific Configuration

5.1. SQA and Production

The dynatrace-secret component is included by default in SQA and Production overlays:

# kubernetes/sqa/kustomization.yaml
components:
- ../components/dynatrace-secret

# kubernetes/prod/kustomization.yaml
components:
- ../components/dynatrace-secret

5.2. Local Development

For local development (dev, dev-with-dependencies), the Dynatrace component is typically not included since:

  • Local clusters don’t have Dynatrace OneAgent

  • The dynatrace-micrometer-ingest secret doesn’t exist locally

If you need to test Dynatrace locally, you can:

  1. Create the secret manually with test values

  2. Add the component to your local overlay

6. Troubleshooting

6.1. OneAgent Not Injecting

Check that:

  1. The oneagent.dynatrace.com/inject: 'true' annotation is present

  2. The Dynatrace Operator is running in the cluster

  3. The namespace is not excluded from injection

# Check if Dynatrace operator is running
kubectl get pods -n dynatrace

# Check pod annotations
kubectl get pod <pod-name> -o jsonpath='{.metadata.annotations}'

6.2. Metrics Not Appearing

Verify the secret exists:

kubectl get secret dynatrace-micrometer-ingest -n <namespace>

Check the environment variables are set:

kubectl exec <pod-name> -- env | grep DYNATRACE

6.3. Service Not Appearing in Dashboard

Ensure the MAP-DHAS-ServiceName label is set correctly and matches the expected naming convention.

7. See Also