All Products
Search

This Product

    Application Real-Time Monitoring Service:Manually connect an application in an ACK cluster to Application Monitoring eBPF Edition

    Document Center

    Application Real-Time Monitoring Service:Manually connect an application in an ACK cluster to Application Monitoring eBPF Edition

    Last Updated:Jun 26, 2024

    Application Monitoring eBPF Edition of Application Real-Time Monitoring Service (ARMS) is an end-to-end observability service developed for Kubernetes clusters. You can manually install the ack-arms-cmonitor agent for a Kubernetes cluster to monitor the metrics, application traces, logs, and events of the cluster. This topic describes how to connect an application deployed in an Alibaba Cloud Container Service for Kubernetes (ACK) cluster to Application Monitoring eBPF Edition.

    Prerequisites

    Note

    Application Monitoring eBPF Edition is in public preview free of charge. If you have any questions, join the DingTalk group (ID: 35568145) to obtain technical support.

    Usage notes

    To connect an application deployed in an ACK cluster to Application Monitoring eBPF Edition, you need to install the ack-arms-cmonitor agent for a Kubernetes cluster to monitor the metrics.

    Before the installation, you must check whether the cluster has ARMS Addon Token. Otherwise, you have no sufficient permissions to perform subsequent operations. If ARMS Addon Token exists, you are authorized and can install the ack-arms-cmonitor agent without a password. Then, you can use Application Monitoring eBPF Edition. If the cluster does not have ARMS Addon Token, you need to manually attach the policies of ARMS and Managed Service for OpenTelemetry to your worker RAM role. Perform the following operations to check whether ARMS Addon Token exists and how to attach the policies to the worker RAM role:

    Check whether ARMS Addon Token exists in a cluster?

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

    Attach the policies.

    1. Log on to the ACK console.

    2. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

    3. On the details page of the cluster, click the Cluster Resources tab. On the tab, click the hyperlink next to Worker RAM Role.

    4. On the Permissions tab, click Grant Permission.

    5. Select the AliyunARMSFullAccess and AliyunTracingAnalysisFullAccess system policies and click Grant permissions.

    Note

    • ARMS Addon Token may not exist in specific ACK managed clusters. If you use an ACK managed cluster, we recommend that you first check whether ARMS Addon Token exists. If ARMS Addon Token does not exist, you must manually grant permissions.

    • By default, ACK dedicated clusters do not have ARMS Addon Token. You must manually grant permissions.

    Install the ack-arms-cmonitor agent

    Install the agent for an existing application

    If the ack-arms-cmonitor agent has been installed in your application, check whether the version is 4.0.0 or later. Log on to the ACK console, choose Operations > Add-ons in the left-side navigation pane of the cluster details page. If the version is earlier than 4.0.0, click Upgrade to upgrade the agent to the latest version. To install the ack-arms-cmonitor agent, perform the following steps:

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

    2. In the left-side navigation pane, choose Operations > Cluster Topology.

    3. On the Cluster Topology page, click Install. The ACK console automatically installs the agent.

      Note

      The default namespace is arms-prom.

    4. If you are using an ACK dedicated cluster, update the AccessKey pair.

      1. In the left-side navigation pane, choose Applications > Helm.

      2. Find arms-cmonitor and click Update. Set the accessKey and accessKeySecret parameters to the AccessKey ID and secret of your Alibaba Cloud account. For more information, see Obtain the AccessKey pair of the primary center.

        Important

        You must make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess policies are attached to your Alibaba Cloud account.

      3. Click OK.

    Install the agent while creating an application

    1. Log on to the ACK console. On the Clusters page, find the cluster and click Applications in the Actions column.

    2. On the Deployments page, click Create from YAML in the upper-right corner of the page.

    3. Select a template from the Sample Template drop-down list and add the following labels to the spec.template.metadata directory in the YAML template. 

      labels:
  armseBPFAutoEnable: "on"
  armseBPFCreateAppName: "<your-deployment-name>"    //Replace <your-deployment-name> with the application name.

      The following YAML template shows how to create a Deployment and enable Application Monitoring eBPF Edition:

      View YAML template 

      apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armseBPFAutoEnable: "on"
        armseBPFCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armseBPFAutoEnable: "on"
        armseBPFCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
--

    References

    After you connect your application in an ACK cluster to Application Monitoring eBPF Edition, you can monitor the metrics, upstream and downstream dependencies, and topology of the application. For more information, see Application details.