All Products
Search
Document Center

Application Real-Time Monitoring Service:Manually connect an application in an ACK cluster to Application Monitoring eBPF Edition

Last Updated:Jun 26, 2024

Application Monitoring eBPF Edition of Application Real-Time Monitoring Service (ARMS) is an end-to-end observability service developed for Kubernetes clusters. You can manually install the ack-arms-cmonitor agent for a Kubernetes cluster to monitor the metrics, application traces, logs, and events of the cluster. This topic describes how to connect an application deployed in an Alibaba Cloud Container Service for Kubernetes (ACK) cluster to Application Monitoring eBPF Edition.

Prerequisites

Note

Application Monitoring eBPF Edition is in public preview free of charge. If you have any questions, join the DingTalk group (ID: 35568145) to obtain technical support.

Usage notes

To connect an application deployed in an ACK cluster to Application Monitoring eBPF Edition, you need to install the ack-arms-cmonitor agent for a Kubernetes cluster to monitor the metrics.

Before the installation, you must check whether the cluster has ARMS Addon Token. Otherwise, you have no sufficient permissions to perform subsequent operations. If ARMS Addon Token exists, you are authorized and can install the ack-arms-cmonitor agent without a password. Then, you can use Application Monitoring eBPF Edition. If the cluster does not have ARMS Addon Token, you need to manually attach the policies of ARMS and Managed Service for OpenTelemetry to your worker RAM role. Perform the following operations to check whether ARMS Addon Token exists and how to attach the policies to the worker RAM role:

Check whether ARMS Addon Token exists in a cluster?

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.

  2. In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

Attach the policies.

  1. Log on to the ACK console.

  2. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

  3. On the details page of the cluster, click the Cluster Resources tab. On the tab, click the hyperlink next to Worker RAM Role.

  4. On the Permissions tab, click Grant Permission.

  5. Select the AliyunARMSFullAccess and AliyunTracingAnalysisFullAccess system policies and click Grant permissions.

Note
  • ARMS Addon Token may not exist in specific ACK managed clusters. If you use an ACK managed cluster, we recommend that you first check whether ARMS Addon Token exists. If ARMS Addon Token does not exist, you must manually grant permissions.

  • By default, ACK dedicated clusters do not have ARMS Addon Token. You must manually grant permissions.

Install the ack-arms-cmonitor agent

Install the agent for an existing application

If the ack-arms-cmonitor agent has been installed in your application, check whether the version is 4.0.0 or later. Log on to the ACK console, choose Operations > Add-ons in the left-side navigation pane of the cluster details page. If the version is earlier than 4.0.0, click Upgrade to upgrade the agent to the latest version. To install the ack-arms-cmonitor agent, perform the following steps:

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

  2. In the left-side navigation pane, choose Operations > Cluster Topology.

  3. On the Cluster Topology page, click Install. The ACK console automatically installs the agent.

    Note

    The default namespace is arms-prom.

  4. If you are using an ACK dedicated cluster, update the AccessKey pair.

    1. In the left-side navigation pane, choose Applications > Helm.

    2. Find arms-cmonitor and click Update. Set the accessKey and accessKeySecret parameters to the AccessKey ID and secret of your Alibaba Cloud account. For more information, see Obtain the AccessKey pair of the primary center.

      Important

      You must make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess policies are attached to your Alibaba Cloud account.

    3. Click OK.

Install the agent while creating an application

  1. Log on to the ACK console. On the Clusters page, find the cluster and click Applications in the Actions column.

  2. On the Deployments page, click Create from YAML in the upper-right corner of the page.

  3. Select a template from the Sample Template drop-down list and add the following labels to the spec.template.metadata directory in the YAML template.

    labels:
      armseBPFAutoEnable: "on"
      armseBPFCreateAppName: "<your-deployment-name>"    //Replace <your-deployment-name> with the application name.

    The following YAML template shows how to create a Deployment and enable Application Monitoring eBPF Edition:

    View YAML template

    apiVersion: v1
    kind: Namespace
    metadata:
      name: arms-demo
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo
      namespace: arms-demo
      labels:
        app: arms-springboot-demo
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo
      template:
        metadata:
          labels:
            app: arms-springboot-demo
            armseBPFAutoEnable: "on"
            armseBPFCreateAppName: "arms-k8s-demo"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "true"
                - name: COMPONENT_HOST
                  value: "arms-demo-component"
                - name: COMPONENT_PORT
                  value: "6666"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo-subcomponent
      namespace: arms-demo
      labels:
        app: arms-springboot-demo-subcomponent
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo-subcomponent
      template:
        metadata:
          labels:
            app: arms-springboot-demo-subcomponent
            armseBPFAutoEnable: "on"
            armseBPFCreateAppName: "arms-k8s-demo-subcomponent"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo-subcomponent
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "false"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: arms-demo-component
      name: arms-demo-component
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-demo-component-svc
          port: 6666
          targetPort: 8888
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: arms-springboot-demo-subcomponent
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-demo-mysql
      namespace: arms-demo
      labels:
        app: mysql
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: mysql
      template:
        metadata:
          labels:
            app: mysql
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
              name: mysql
              ports:
                - containerPort: 3306
                  name: mysql
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: mysql
      name: arms-demo-mysql
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-mysql-svc
          port: 3306
          targetPort: 3306
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: mysql
    --

References

After you connect your application in an ACK cluster to Application Monitoring eBPF Edition, you can monitor the metrics, upstream and downstream dependencies, and topology of the application. For more information, see Application details.