Update or uninstall Dynatrace Operator
- 9min
This page provides detailed instructions on how to update or uninstall Dynatrace Operator in Kubernetes and OpenShift environments.
Dynatrace Operator manages the deployment and lifecycle of all Dynatrace components in your Kubernetes clusters (for example, OneAgent, ActiveGate, and code modules). This includes, depending on the configuration, automatic updates for these components. Dynatrace Operator itself needs to be updated either by applying new manifests or by using helm charts.
We recommend using an up-to-date Operator version (at least version n-2) and always using the latest patch version of that Operator version (for example, 0.10.4 instead of 0.10.0).
Update Dynatrace Operator
To update Dynatrace Operator, select one of the following options, depending on your deployment approach:
Manifest
For classicFullStack, applicationMonitoring, or hostMonitoring without CSI driver execute the following command.
kubectl apply -f http://github.com/Dynatrace/dynatrace-operator/releases/download/v1.6.0/kubernetes.yaml
Starting with Dynatrace Operator version 1.4.0, the kubernetes-csi.yaml includes all Dynatrace Operator components. For more details, see Dynatrace Operator release notes version 1.4.0.
If you're using the CSI driver, use this command instead:
kubectl apply -f http://github.com/Dynatrace/dynatrace-operator/releases/download/v1.6.0/kubernetes-csi.yaml
Helm
-
Upgrade the Helm chart.
helm upgrade dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \--namespace dynatrace \--atomic \-f values.yamlThe
values.yamlfile may have changed in newer versions. If existing values are no longer valid, they will be silently ignored as there's no validation for this.To upgrade to the latest release from the OCI registry, run the following command.
helm upgrade dynatrace-operator dynatrace/dynatrace-operator \--namespace dynatrace \--atomic \-f values.yamlNote that the
helm repocommand does not support OCI registries. You can only use thehelm pull,helm show,helm install, andhelm upgradecommands with OCI.Upgrade from old Dynatrace Operator versions with Helm
If you use a Dynatrace Operator version earlier than v0.8.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.
Upgrade the custom resource definition According to your configuration of the
values.yamlfile, select one of the options below.-
If
installCRDis set totrue, the custom resource definition will be automatically upgraded and managed by Helm. -
If
installCRDis set tofalse, you need to upgrade the custom resource definition manually before starting the Helm installation:kubectl apply -f http://github.com/Dynatrace/dynatrace-operator/releases/download/v1.6.0/dynatrace-operator-crd.yaml
Upgrade the Helm chart Delete the CRD section and the secrets from your existing values.yaml file or use and customize the
values.yamlsample from GitHub. Upgrade the helm chart:helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatraceThe above changes make your old values unusable, therefore setting the
--reuse-valuesflag isn't possible for migration. -
Update ActiveGate pods
Typically, ActiveGate pods are updated automatically on pod restart whenever there is a new version available (unless the image already specifies a certain version). However, if you need to manually restart ActiveGate pods, run the command below.
kubectl -n dynatrace rollout restart statefulset/<ACTIVEGATE-STATEFULSET-NAME>
Update Access tokens
If you need to update your Dynatrace access tokens, follow the steps below.
Find current tokens
Delete your secret
Create new tokens
Create a new secret with updated tokens
Delete the old tokens
Find current access tokens
Find and save your currently used tokens.
After generating new tokens, you'll need to delete the old ones.
kubectl -n dynatrace get secrets <dynakube-name> -o yaml | yq '.data.apiToken' | base64 -d
Delete your secret
To delete the secret, run one of the commands below.
In Kubernetes, used tokens are stored in a secret named dynakube by default. If the DynaKube custom resource has a different name, or the tokens field in DynaKube is set, make sure that the new secret has the same name as defined there.
kubectl -n dynatrace delete secret dynakube
Create new access tokens
For instructions on how to create the tokens, see Access tokens and permissions.
Create a new secret with updated access tokens
To create a new secret with the updated tokens, run one of the commands below, making sure to replace the placeholders with the new tokens.
- For Dynatrace Operator token:
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>"
- For Dynatrace Operator and Data Ingest token:
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>" --from-literal="dataIngestToken=<DATA-INGEST-TOKEN>"
Dynatrace Operator picks up the updated secrets in approximately five minutes. Removing DynaKube and reapplying it forces an instant reconciliation.
Delete the old access token
After the new tokens are in place, delete the old ones.
- In Dynatrace, go to Access Tokens and look for the old token.
- Select Delete.
Uninstall Dynatrace Operator
The following guide outlines the recommended steps for a clean uninstallation of Dynatrace Operator.
Remove Dynatrace Operator–managed components
optional Restart your monitored applications
Remove Dynatrace Operator
Important for CRI-O Runtime users with classicFullStack
OneAgent version 1.279 and below
If you're using CRI-O as your cluster's container runtime with classicFullStack, complete the steps outlined in Migrate from classic full-stack to cloud-native full-stack mode as part of the uninstallation process.
Remove Dynatrace Operator–managed components
Delete DynaKube custom resources to allow Dynatrace Operator to fully delete all related Dynatrace Operator–managed components from your Kubernetes cluster. Wait for those components to be removed to make sure the cleanup is completed successfully.
kubectl delete dynakube -n dynatrace --allkubectl -n dynatrace wait pod --for=delete -l app.kubernetes.io/managed-by=dynatrace-operator --timeout=300s
Most resources related to a DynaKube are cleaned up automatically through the Kubernetes ownership system: when you delete a DynaKube, Kubernetes automatically removes all resources that have an OwnerReference pointing to that DynaKube.
However, some resources require additional cleanup steps due to Kubernetes limitations:
- CSI driver dependencies: Applications using the CSI driver must shut down before the CSI driver can be safely removed. This prevents potential data corruption or mounting issues.
- Cross-namespace resources: Kubernetes
OwnerReferencesonly work within the same namespace. Because Dynatrace Operator creates resources such asSecretsin your application namespaces, it must clean these up separately.
optional If you used the CSI driver: Restart your monitored applications
To ensure that CSI volumes are properly unmounted and disconnected from the CSI driver before proceeding with the uninstallation, use the following command to identify applications that use the CSI driver and need to be restarted.
The output will show a list of pods in the format namespace pod for each application that uses the CSI driver.
kubectl get pods --all-namespaces -o jsonpath='{range .items[?(@.spec.volumes[*].csi.driver=="csi.oneagent.dynatrace.com")]}{.metadata.namespace}{"\t"}{.metadata.name}{"\n"}{end}'
Remove Dynatrace Operator
After all Dynatrace Operator–managed components have been successfully removed, you can safely uninstall Dynatrace Operator.
-
Delete Dynatrace Operator.
helm uninstall dynatrace-operator -n dynatrace -
Delete the namespace.
kubectl delete namespace dynatrace