Solved: Re: Kubernetes Monitoring || Firewall requirement

VenkataSainath · ‎12 Sep 2022

Hi All,

May I request which firewall ports need to take for enabling Kubernetes monitoring in Dynatrace Managed?

We have three master nodes and 20 worker nodes, and also we have a few DB worker nodes.

Source, destination, and port?

And if we want to enable only infra-level monitoring for DB worker nodes, Do we have other option?

Regards,

Venkat

Mizső · ‎12 Sep 2022

Hi VenkataSainat,

Maybe I wrong and other communinty member correct me but it depends on the instumnetation type. I have expereince with calssicfullstack becasue I always use this instrumentation type. I think in this case port 443 would be enough between Kubernetes range and DT managed (hosts or range). In classicfullstack instrumentation you can deploy a containered activegate. This AG should communicate with the DT managed servers (not the individual host agents with DT managed servers).

I hope it helps.

Br, Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

MarcosZ · ‎24 May 2023

hi Mizső,

hope you are doing well.

in your experience, do the both master node and work node need to setup the firewall on 443 port, or just config the master node is fine?

Regards,

Marcos

Mizső · ‎24 May 2023

Hi @MarcosZ,

I think open fw for worker nodes are enough. Restric the active gate to the worker nodes, in this case containerized AG can connect to managed nodes and connect the cluster api interface.

nodeSelector:

"node-role.kubernetes.io/worker": ""

I hope it helps.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

MarcosZ · ‎25 May 2023

thank you for the information, im appreciated.