All Products
Search
Document Center

Application Real-Time Monitoring Service:Install an ARMS agent for a Java application deployed in ACK

Last Updated:Nov 28, 2024

After you install an Application Monitoring component of Application Real-Time Monitoring Service (ARMS) ack-onepilot for a Java application that is deployed in Alibaba Cloud Container Service for Kubernetes (ACK), ARMS starts to monitor the Java application. You can view the monitoring data of application topology, API requests, abnormal transactions, and slow transactions. This topic describes how to install an ARMS agent using ack-onepilot for a Java application that is deployed in ACK.

Prerequisites

Step 1: Install an Application Monitoring component

Important

The old Application Monitoring component arms-pilot is no longer maintained. You can install the new component ack-onepilot to monitor your applications. ack-onepilot is fully compatible with arms-pilot. You can seamlessly install ack-onepilot without the need to modify application configurations. For more information, see How do I install ack-onepilot and uninstall arms-pilot?

  1. Log on to the ACK console.

  2. In the left-side navigation pane of the ACK console, click Clusters. On the Clusters page, click the name of the cluster.

  3. In the left-side navigation pane, choose Operations > Add-ons. On the Add-ons page, enter ack-onepilot in the upper-right corner.

  4. Click Install on the ack-onepilot card.

    Note

    By default, the ack-onepilot agent supports 1,000 pods. For every additional 1,000 pods in the cluster, you need to add 0.5 CPU cores and 512 MB memory for the agent.

  5. In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.

    Note

    After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Grant the cluster the permissions to access ARMS

  • To monitor applications in a serverless Kubernetes (ASK) cluster or applications in a Kubernetes cluster connected to Elastic Container Instance (ECI), you must first authorize the cluster to access ARMS on the Cloud Resource Access Authorization page. Then, restart all pods on which the ack-onepilot agent is deployed.

  • To monitor an application deployed in an ACK cluster with no ARMS Addon Token, perform the following operations to authorize the ACK cluster to access ARMS. If ARMS Addon Token exists, go to Step 3.

    Check whether ARMS Addon Token exists in a cluster

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

    Note

    If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must manually authorize the cluster to access ARMS.

    Manually add permission policies

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

    2. On the Basic Information tab of the Cluster Information page, click the link next to Worker RAM Role in the Cluster Resources section.

    3. On the page that appears, click Grant Permission on the Permissions tab.

    4. In the Grant Permission panel, add the following policies and click Grant permissions.

      • AliyunTracingAnalysisFullAccess: full access to Managed Service for OpenTelemetry.

      • AliyunARMSFullAccess: full access to ARMS.

  • To monitor an application deployed in an ACK dedicated cluster or registered cluster, make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are granted to the RAM user. For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

    After you install the ack-onepilot component, you must enter the AccessKey ID and AccessKey secret of the Alibaba Cloud account in the configuration file of the ack-onepilot component.

    1. In the left-side navigation pane, choose Applications > Helm. Then, click Update next to ack-onepilot.

    2. Replace accessKey and accessKeySecret with the AccessKey ID and AccessKey secret of the Alibaba Cloud account and click OK.

      Note

      For more information about how to obtain an AccessKey pair, see Create an AccessKey pair.

      image

    3. Restart the Deployment application.

Step 3: Enable Application Monitoring for the application

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that you want to manage, and click Applications in the Actions column.

  2. On the Deployments page, find the application and choose More > View in Yaml in the Actions column.

    To enable Application Monitoring for a new Java application, click Create from YAML on the Deployments page.

  3. Add the following labels to the spec > template > metadata section in the Template code editor:

    labels:
      armsPilotAutoEnable: "on"
      armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
      armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.
    Note
    • If a new version of the agent is released after the agent is installed, ack-onepilot automatically updates the agent to the latest version when the application restarts to optimize user experience. However, if you prefer to manage the agent version on your own, you can disable the automatic update feature. For more information, see Control the agent version.

    • For more information about Application Security, see What is Application Security?

    • For more information about the billing rules of Application Security, see Billing.

    YAML Example

    The following YAML template shows how to create a Deployment application and enable Application Monitoring for the application:

    Show the complete YAML file (Java)

    apiVersion: v1
    kind: Namespace
    metadata:
      name: arms-demo
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo
      namespace: arms-demo
      labels:
        app: arms-springboot-demo
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo
      template:
        metadata:
          labels:
            app: arms-springboot-demo
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "true"
                - name: COMPONENT_HOST
                  value: "arms-demo-component"
                - name: COMPONENT_PORT
                  value: "6666"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: apps/v1 
    kind: Deployment
    metadata:
      name: arms-springboot-demo-subcomponent
      namespace: arms-demo
      labels:
        app: arms-springboot-demo-subcomponent
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo-subcomponent
      template:
        metadata:
          labels:
            app: arms-springboot-demo-subcomponent
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo-subcomponent
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "false"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: arms-demo-component
      name: arms-demo-component
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-demo-component-svc
          port: 6666
          targetPort: 8888
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: arms-springboot-demo-subcomponent
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-demo-mysql
      namespace: arms-demo
      labels:
        app: mysql
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: mysql
      template:
        metadata:
          labels:
            app: mysql
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
              name: mysql
              ports:
                - containerPort: 3306
                  name: mysql
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: mysql
      name: arms-demo-mysql
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-mysql-svc
          port: 3306
          targetPort: 3306
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: mysql
    ---

Check the result

On the Deployments page, find your application, and check whether the ARMS Console button appears in the Actions column.

ARMS Console Button

FAQ