To monitor Java applications deployed in Container Service for KubernetesACK or Container Compute ServiceACS, simply install the ARMS application monitoring component ack-onepilot. This enables you to view monitoring data, including application topology, interface calls, and both abnormal and slow transactions. This topic explains the installation process for the Java application agent in Container Service for KubernetesACK and Container Compute ServiceACS.
Both Container Service for Kubernetes ACK and Container Compute Service ACS follow the same agent installation process. This topic will use Container Service for Kubernetes ACK as the example for illustrating the installation steps.
ack-onepilot component description
The ARMS agent access assistant (ack-onepilot) is a crucial component for integrating probes in various programming languages. It streamlines the process for ARMS users by automatically preparing ARMS agent packages and establishing the agent's reporting environment within a containerized setting. For an understanding of the fundamental principles of the ARMS agent access assistant (ack-onepilot), refer to ack-onepilot component basic principles.
After integrating the agent, to maintain an optimal user experience, ack-onepilot will automatically upgrade the agent to the most recent version upon application restart whenever a new version is released. If you prefer not to update the agent automatically with each release, you can manage the agent version manually. For detailed instructions, see manually control the agent version.
The legacy application monitoring component, arms-pilot, is no longer supported. To monitor your applications, you can upgrade to the ack-onepilot component. Ack-onepilot is fully compatible with arms-pilot and allows for seamless integration without the need to modify your application configurations. For more information, see how to replace arms-pilot with ack-onepilot.
Prerequisites
-
Create an ACK or an ACS cluster.
ACK clusters: create a managed cluster, register a cluster, create a dedicated cluster, or create a Serverless cluster.
ACS cluster: create an ACS cluster.
-
To create a namespace, refer to managing namespaces and quotas. In this example, the namespace is named arms-demo.
-
Verify your JDK version. For detailed requirements, refer to supported JDK versions.
-
Ensure the maximum heap memory of the process is over 256 MB.
Step 1: Install the ARMS agent access assistant (ack-onepilot)
Log on to the ACK console. On the Clusters page, click the name of the cluster.
In the left-side navigation pane, choose . On the Add-ons page, search for ack-onepilot.
Click Install on the ack-onepilot card.
NoteBy default, the ack-onepilot component supports 1,000 pods. For every additional 1,000 pods in the cluster, you need to add 0.5 CPU cores and 512 MB memory for the component.
In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.
NoteAfter you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.
Step 2: Grant access privileges on ARMS resources
ACK managed cluster
If the ACK managed cluster lacks an ARMS Addon Token, you can manually grant the cluster access privileges to ARMS resources by following the steps below. If the cluster already has an ARMS Addon Token, proceed directly to Step 3.
If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must manually authorize the cluster to access ARMS.
Dedicated cluster/registered cluster
To monitor applications within ACK dedicated cluster and ACK One registered cluster, ensure that the associated Alibaba Cloud account possesses the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions. For instructions on how to add permissions, see granting permissions to RAM users.
After installing ack-onepilot, enter the AccessKey ID and AccessKey secret of the Alibaba Cloud account in the ack-onepilot agent's configuration file.
-
In the left-side navigation pane, select the
page, and click Update on the right side of the ack-onepilot component. -
Replace
accessKey
andaccessKeySecret
with your current account's AccessKey, then click Confirm.NoteTo learn how to obtain an AccessKey, see Create an AccessKey.
The AccessKey secret of an Alibaba Cloud account is displayed only when you create the AccessKey pair for the Alibaba Cloud account. You cannot query the AccessKey secret in subsequent operations. This helps reduce the risks of AccessKey pair leaks. Record the AccessKey secret and keep it confidential.
-
Restart the Deployment application.
ASK/ECI cluster
To monitor ACK Serverless clusters or clusters with integrated ECI applications, you can authorize access on the cloud resource access authorization page. Afterward, restart all pods within the ack-onepilot component.
Step 3: Enable application monitoring for Java applications
Use the following YAML template to create a Deployment application and enable application monitoring:
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
-
On the Stateless page, select
on the right side of the target application.If you need to create a new application, click Create Resource Using YAML.
-
In the YAML file, insert the following
labels
at the spec.template.metadata level.labels: armsPilotAutoEnable: "on" armsPilotCreateAppName: "<your-deployment-name>" # Replace <your-deployment-name> with the actual application name. armsSecAutoEnable: "on" # If you want to connect the application to Application Security, you must configure this parameter.
Note-
For details about application security, see what is application security.
-
For billing information regarding application security, see billing description.
-
-
Click Create.
On the Stateless page, the Operation column for the desired application will show the ARMS Console button, signifying that the application is now integrated with ARMS.
FAQ
Why is the monitoring data abnormal after I change the cluster or namespace of an application?
How do I use ack-onepilot when a VPC connection cannot be established?
Why does an ARMS agent fail to be installed for an application in an ACK cluster?
Why are the suffixes of application names missing after I update the applications?