Application Real-Time Monitoring Service:Automatically install an ARMS agent for a Java application deployed in ACK

Step 1: Install ack-onepilot

1. Log on to the ACK console.

2. In the left-side navigation pane of the ACK console, click Clusters. On the Clusters page, click the name of the cluster.

3. In the left-side navigation pane, choose Operations > Add-ons. On the Add-ons page, enter ack-onepilot in the upper-right corner.

4. Click Install on the ack-onepilot card.

   Note

   By default, the ack-onepilot component supports 1,000 pods. For every additional 1,000 pods in the cluster, you need to add 0.5 CPU cores and 512 MB memory for the component.

5. In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.

   Note

   After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Grant access permissions on ARMS resources

• To monitor applications in a serverless Kubernetes (ASK) cluster or applications in a Kubernetes cluster connected to Elastic Container Instance (ECI), you must first authorize the cluster to access ARMS on the Cloud Resource Access Authorization page. Then, restart all pods on which the ack-onepilot component is deployed.

• To monitor an application deployed in an ACK cluster with no ARMS Addon Token, perform the following operations to authorize the ACK cluster to access ARMS. If ARMS Addon Token exists, go to Step 3.

  Check whether ARMS Addon Token exists in a cluster

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.

  2. In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

  Note

  If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must manually authorize the cluster to access ARMS.

  Manually add permission policies

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

  2. On the Basic Information tab of the Cluster Information page, click the link next to Worker RAM Role in the Cluster Resources section.

  3. On the page that appears, click Grant Permission on the Permissions tab.

  4. In the Grant Permission panel, add the following policies and click Grant permissions.

     • AliyunTracingAnalysisFullAccess: full access to Managed Service for OpenTelemetry.

     • AliyunARMSFullAccess: full access to ARMS.

• To monitor an application deployed in an ACK dedicated cluster or registered cluster, make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are granted to the Alibaba Cloud account. For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

  After you install the ack-onepilot component, you must enter the AccessKey ID and AccessKey secret of the Alibaba Cloud account in the configuration file of ack-onepilot.

  1. In the left-side navigation pane, choose Applications > Helm. Then, click Update next to ack-onepilot.

  2. Replace accessKey and accessKeySecret with the AccessKey ID and AccessKey secret of the Alibaba Cloud account and click OK.

     Note

     For more information about how to obtain an AccessKey pair, see Create an AccessKey pair.

     

  3. Restart the Deployment.

Step 3: Enable Application Monitoring for the application

To enable ARMS while creating the application, perform the following steps.

1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster, and click Applications in the Actions column.

2. On the Deployments page, click Create from YAML in the upper-right corner.

3. On the page that appears, select a template from the Sample Template drop-down list, and add the following labels to the spec > template > metadata parameter in the Template code editor.

   labels:
     armsPilotAutoEnable: "on"
     armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
     armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

   Note

   • To ensure your optimal user experience, after you install the ARMS agent, the ack-onepilot component automatically updates the agent to the latest version when your application restarts, following the release of a new agent version. If you do not want to automatically update the agent with each new release, you can manually control the version. For more information, see Control the agent version.

   • For information about Application Security, see What is Application Security?

   • For more information about the billing rules of Application Security, see Billing.

   

   The following YAML template shows how to create a Deployment and enable Application Monitoring for the application.

   YAML template

   apiVersion: v1
   kind: Namespace
   metadata:
     name: arms-demo
   ---
   apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
   kind: Deployment
   metadata:
     name: arms-springboot-demo
     namespace: arms-demo
     labels:
       app: arms-springboot-demo
   spec:
     replicas: 2
     selector:
       matchLabels:
         app: arms-springboot-demo
     template:
       metadata:
         labels:
           app: arms-springboot-demo
           armsPilotAutoEnable: "on"
           armsPilotCreateAppName: "arms-k8s-demo"
       spec:
         containers:
           - resources:
               limits:
                 cpu: 0.5
             image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
             imagePullPolicy: Always
             name: arms-springboot-demo
             env:
               - name: SELF_INVOKE_SWITCH
                 value: "true"
               - name: COMPONENT_HOST
                 value: "arms-demo-component"
               - name: COMPONENT_PORT
                 value: "6666"
               - name: MYSQL_SERVICE_HOST
                 value: "arms-demo-mysql"
               - name: MYSQL_SERVICE_PORT
                 value: "3306"
   ---
   apiVersion: apps/v1 
   kind: Deployment
   metadata:
     name: arms-springboot-demo-subcomponent
     namespace: arms-demo
     labels:
       app: arms-springboot-demo-subcomponent
   spec:
     replicas: 2
     selector:
       matchLabels:
         app: arms-springboot-demo-subcomponent
     template:
       metadata:
         labels:
           app: arms-springboot-demo-subcomponent
           armsPilotAutoEnable: "on"
           armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
       spec:
         containers:
           - resources:
               limits:
                 cpu: 0.5
             image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
             imagePullPolicy: Always
             name: arms-springboot-demo-subcomponent
             env:
               - name: SELF_INVOKE_SWITCH
                 value: "false"
               - name: MYSQL_SERVICE_HOST
                 value: "arms-demo-mysql"
               - name: MYSQL_SERVICE_PORT
                 value: "3306"
   ---
   apiVersion: v1
   kind: Service
   metadata:
     labels:
       name: arms-demo-component
     name: arms-demo-component
     namespace: arms-demo
   spec:
     ports:
       # the port that this service should serve on
       - name: arms-demo-component-svc
         port: 6666
         targetPort: 8888
     # label keys and values that must match in order to receive traffic for this service
     selector:
       app: arms-springboot-demo-subcomponent
   ---
   apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
   kind: Deployment
   metadata:
     name: arms-demo-mysql
     namespace: arms-demo
     labels:
       app: mysql
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: mysql
     template:
       metadata:
         labels:
           app: mysql
       spec:
         containers:
           - resources:
               limits:
                 cpu: 0.5
             image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
             name: mysql
             ports:
               - containerPort: 3306
                 name: mysql
   ---
   apiVersion: v1
   kind: Service
   metadata:
     labels:
       name: mysql
     name: arms-demo-mysql
     namespace: arms-demo
   spec:
     ports:
       # the port that this service should serve on
       - name: arms-mysql-svc
         port: 3306
         targetPort: 3306
     # label keys and values that must match in order to receive traffic for this service
     selector:
       app: mysql
   ---

Verify the result

On the Deployments page, find the application, and check whether the ARMS Console button appears in the Actions column.

FAQ

• Why is the monitoring data abnormal after I change the cluster or namespace of an application?

• How do I install ack-onepilot and uninstall arms-pilot?

• How do I use ack-onepilot when a VPC connection cannot be established?

• Why is monitoring data not displayed after an ARMS agent is installed on a Java application in an ACK cluster?

• Why does an ARMS agent fail to be installed for an application in an ACK cluster?

• How do I report ACK cluster data across regions?

• Why are the suffixes of application names missing after I update the applications?

• How do I rename an application?