Install Java agent in Container Service ACK and Container Compute Service ACS through ack-onepilot component - Application Real-Time Monitoring Service

To monitor Java applications deployed in Container Service for KubernetesACK or Container Compute ServiceACS, simply install the ARMS application monitoring component ack-onepilot. This enables you to view monitoring data, including application topology, interface calls, and both abnormal and slow transactions. This topic explains the installation process for the Java application agent in Container Service for KubernetesACK and Container Compute ServiceACS.

Note

Both Container Service for Kubernetes ACK and Container Compute Service ACS follow the same agent installation process. This topic will use Container Service for Kubernetes ACK as the example for illustrating the installation steps.

ack-onepilot component description

The ARMS agent access assistant (ack-onepilot) is a crucial component for integrating probes in various programming languages. It streamlines the process for ARMS users by automatically preparing ARMS agent packages and establishing the agent's reporting environment within a containerized setting. For an understanding of the fundamental principles of the ARMS agent access assistant (ack-onepilot), refer to ack-onepilot component basic principles.

After integrating the agent, to maintain an optimal user experience, ack-onepilot will automatically upgrade the agent to the most recent version upon application restart whenever a new version is released. If you prefer not to update the agent automatically with each release, you can manage the agent version manually. For detailed instructions, see manually control the agent version.

Important

The legacy application monitoring component, arms-pilot, is no longer supported. To monitor your applications, you can upgrade to the ack-onepilot component. Ack-onepilot is fully compatible with arms-pilot and allows for seamless integration without the need to modify your application configurations. For more information, see how to replace arms-pilot with ack-onepilot.

Prerequisites

Create an ACK or an ACS cluster.

ACK clusters: create a managed cluster, register a cluster, create a dedicated cluster, or create a Serverless cluster.

ACS cluster: create an ACS cluster.
To create a namespace, refer to managing namespaces and quotas. In this example, the namespace is named arms-demo.
Verify your JDK version. For detailed requirements, refer to supported JDK versions.
Ensure the maximum heap memory of the process is over 256 MB.

Step 1: Install the ARMS agent access assistant (ack-onepilot)

Log on to the ACK console. On the Clusters page, click the name of the cluster.
In the left-side navigation pane, choose Operations > Add-ons. On the Add-ons page, search for ack-onepilot.
Click Install on the ack-onepilot card.
Note
By default, the ack-onepilot component supports 1,000 pods. For every additional 1,000 pods in the cluster, you need to add 0.5 CPU cores and 512 MB memory for the component.
In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.
Note
After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Grant access privileges on ARMS resources

ACK managed cluster

If the ACK managed cluster lacks an ARMS Addon Token, you can manually grant the cluster access privileges to ARMS resources by following the steps below. If the cluster already has an ARMS Addon Token, proceed directly to Step 3.

Check whether ARMS Addon Token exists in a cluster

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.
In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

Note

If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must manually authorize the cluster to access ARMS.

Manually add permission policies

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.
On the Basic Information tab of the Cluster Information page, click the link next to Worker RAM Role in the Cluster Resources section.
On the page that appears, click Grant Permission on the Permissions tab.
In the Grant Permission panel, add the following policies and click Grant permissions.
- AliyunTracingAnalysisFullAccess: full access to Managed Service for OpenTelemetry.
- AliyunARMSFullAccess: full access to ARMS.

Dedicated cluster/registered cluster

To monitor applications within ACK dedicated cluster and ACK One registered cluster, ensure that the associated Alibaba Cloud account possesses the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions. For instructions on how to add permissions, see granting permissions to RAM users.

After installing ack-onepilot, enter the AccessKey ID and AccessKey secret of the Alibaba Cloud account in the ack-onepilot agent's configuration file.

In the left-side navigation pane, select the Applications > Helm page, and click Update on the right side of the ack-onepilot component.
Replace accessKey and accessKeySecret with your current account's AccessKey, then click Confirm.

Note
To learn how to obtain an AccessKey, see Create an AccessKey.

The AccessKey secret of an Alibaba Cloud account is displayed only when you create the AccessKey pair for the Alibaba Cloud account. You cannot query the AccessKey secret in subsequent operations. This helps reduce the risks of AccessKey pair leaks. Record the AccessKey secret and keep it confidential.
Restart the Deployment application.

ASK/ECI cluster

To monitor ACK Serverless clusters or clusters with integrated ECI applications, you can authorize access on the cloud resource access authorization page. Afterward, restart all pods within the ack-onepilot component.

Step 3: Enable application monitoring for Java applications

Use the following YAML template to create a Deployment application and enable application monitoring:

Expand to see the full YAML file for Java

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match to receive traffic for this service
  selector:
    app: mysql
---

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Deployments.
On the Stateless page, select More > View Yaml on the right side of the target application.

If you need to create a new application, click Create Resource Using YAML.

In the YAML file, insert the following labels at the spec.template.metadata level.

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Note

For details about application security, see what is application security.
For billing information regarding application security, see billing description.

YAML Example

Click Create.

On the Stateless page, the Operation column for the desired application will show the ARMS Console button, signifying that the application is now integrated with ARMS.

Application Real-Time Monitoring Service:Install Java Agent in Container Service ACK and Container Compute Service ACS Through ack-onepilot Component

ack-onepilot component description

Prerequisites

Step 1: Install the ARMS agent access assistant (ack-onepilot)

Step 2: Grant access privileges on ARMS resources

ACK managed cluster

Dedicated cluster/registered cluster

ASK/ECI cluster

Step 3: Enable application monitoring for Java applications

FAQ