All Products
Search

This Product

    Application Real-Time Monitoring Service:Install the ARMS agent in a non-ACK Kubernetes cluster

    Document Center

    Application Real-Time Monitoring Service:Install the ARMS agent in a non-ACK Kubernetes cluster

    Last Updated:Mar 11, 2026

    Application Real-Time Monitoring Service (ARMS) monitors application topology, API calls, slow and abnormal transactions, and SQL queries for Java applications in general-purpose Kubernetes environments. This topic describes how to install the ARMS agent in a non-ACK Kubernetes cluster to enable automatic instrumentation.

    Note

    If your Kubernetes cluster runs on Container Service for Kubernetes (ACK), see Install the Java agent for ACK and ACS using the ack-onepilot component instead.

    Prerequisites

    Before you begin, make sure that you have:

    • A Kubernetes cluster running version 1.18 or later

    • Public network access from the cluster (for non-Alibaba Cloud clusters), or a Cloud Enterprise Network (CEN) connection to an Alibaba Cloud VPC

    • Your JDK version is supported by Application Monitoring

    • The JVM maximum heap memory (-Xmx) is at least 256 MB

    Choose an installation method

    Two methods are available. Method 1 is recommended because it provides more efficient O&M support, full monitoring capabilities, and access to additional cluster extensions.

    Method Best for Limitations
    Method 1: Register the cluster with ACK One (recommended) More efficient O&M support, full monitoring capabilities including container-level metrics (CPU, memory, disk, network), and access to ACK extensions such as logging, backup, and security Requires registering the cluster with ACK One
    Method 2: Connect directly to ARMS Lightweight setup without cluster registration Container-level metrics (CPU, memory, disk, network) are not available. Only ARMS-collected data is shown on the Application Instances page. Container data from Managed Service for Prometheus is not accessible.

    Method 1: Register the cluster with ACK One (recommended)

    Registering your Kubernetes cluster with Distributed Cloud Container Platform for Kubernetes (ACK One) provides more efficient O&M support and gives you access to monitoring, logging, backup and restore, security, and elastic cloud resources. For details, see Overview of registered clusters.

    1. Register your Kubernetes cluster with ACK One. See Create a registered cluster of ACK One.

    2. Install the ack-onepilot component for the registered cluster. See Connect ARMS to a registered cluster.

    Method 2: Connect directly to ARMS

    Important

    With this method, container metrics such as CPU, memory, disk, and network usage are not available on the Application Instances page. Only data collected by ARMS is shown. Container data from the Prometheus agent through Managed Service for Prometheus is not accessible. For details, see Java application instance monitoring.

    Step 1: Install Helm 3

    Install Helm 3 on your local machine. See the Helm installation guide.

    Step 2: Install the ack-onepilot agent

    ARMS supports both Deployment (stateless) and StatefulSet (stateful) workloads. The installation steps are identical for both.

    1. Download the ack-onepilot Helm chart.

      wget 'https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/ack-onepilot-5.1.1.tgz'

    2. Extract the chart.

      tar xvf ack-onepilot-5.1.1.tgz

    3. Edit ack-onepilot/values.yaml and configure the following parameters.

      registry: registry-<region-id>.ack.aliyuncs.com/acs/
cluster_id: <cluster-id>
accessKey: <your-access-key-id>
accessKeySecret: <your-access-key-secret>
uid: "<your-account-id>"
region_id: <region-id>

      Replace the following placeholders with your actual values:

      Placeholder Description Where to find it
      <region-id> Alibaba Cloud region ID, such as cn-hangzhou See Supported regions
      <cluster-id> A unique identifier for the Kubernetes cluster. Use the format <your-account-id>-<clusterid>. Define a custom ID
      <your-access-key-id> AccessKey ID of your Alibaba Cloud account See Create an AccessKey pair
      <your-access-key-secret> AccessKey secret of your Alibaba Cloud account See Create an AccessKey pair
      <your-account-id> Alibaba Cloud account ID Hover over your profile picture in the upper-right corner of the Alibaba Cloud Management Console
      Important
      Note

      For edge clusters, add a nodeSelector to schedule ack-onepilot on cloud nodes instead of edge nodes.

      kind: Deployment
apiVersion: apps/v1
metadata:
  name: xxx
  namespace: xxx
spec:
  template:
    spec:
      nodeSelector:
        # Replace with your actual node selector.
        alibabacloud.com/is-edge-worker: "false"

    4. From the directory that contains the ack-onepilot folder (not from inside it), run the Helm install command.

      Run this command outside the ack-onepilot installation package.

      helm3 upgrade --install ack-onepilot ack-onepilot --namespace ack-onepilot --create-namespace

    Step 3: Label your application for auto-instrumentation

    After ack-onepilot is installed, label your application pods so that the agent is automatically injected.

    1. Find the deployment name of your application.

      kubectl get deployments --all-namespaces

    2. (Optional) View the current YAML configuration.

      kubectl get deployment <deployment-name> -o yaml

    3. Edit the deployment.

      kubectl edit deployment <deployment-name> -o yaml

    4. Add the following labels under spec.template.metadata.labels:

      labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-app-name>"    # The name shown in ARMS Application Monitoring.
  aliyun.com/app-language: java
      Note

      For more information about application security, see What is application security?.

      For more information about application security billing, see Billing overview.

    5. Save the file. The application restarts automatically.

      After the application restarts, wait 2 to 5 minutes for data to appear. Then verify the connection:

    The following YAML creates a sample Spring Boot application with ARMS monitoring enabled:

    Complete sample YAML for a new deployment

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: arms-springboot-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: arms-demo-mysql
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
spec:
  ports:
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  selector:
    app: mysql
---

    Verify the connection

    1. Log on to the ARMS console.

    2. In the left-side navigation pane, choose Application Monitoring > Applications.

    3. Confirm that your application is listed and reporting data.

    If the application appears and reports data, the agent installation is complete.