All Products
Search
Document Center

Container Service for Kubernetes:Enable ARMS for a registered cluster

最終更新日:Mar 18, 2024

You can use Application Real-Time Monitoring Service (ARMS) to monitor the status of applications in real time. To monitor applications in a registered cluster, you need to install the ARMS application monitoring component in the registered cluster.

Prerequisites

Step 1: Install the ARMS application monitoring component

Use onectl

  1. Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.

  2. Run the following command to configure RAM permissions for the ack-onepilot component:

    onectl ram-user grant --addon ack-onepilot

    Expected output:

    Ram policy ack-one-registered-cluster-policy-ack-onepilot granted to ram user **** successfully.
  3. Run the following command to install the ack-onepilot component:

    onectl addon install ack-onepilot

    Expected output:

    Addon ack-onepilot, version **** installed.

Use the console

  1. Configure a RAM policy. Before you install the component, you must specify your AccessKey pair in the registered cluster. The AccessKey pair is used to acquire cloud service access permissions.

    1. Create a RAM user. For more information, see Create a RAM user.

    2. Create a custom policy. For more information, see Create custom policies.

      The ack-onepilot component requires the permissions in the following policy:

      {
          "Version": "1",
          "Statement": [
              {
                  "Action": "arms:*",
                  "Resource": "*",
                  "Effect": "Allow"
              }
          ]
      }
    3. Attach the custom policy to the RAM user. For more information, see Authorize a RAM user.

    4. Create an AccessKey pair for the RAM user. For more information, see Create an AccessKey pair.

    5. Use the AccessKey pair to create a Secret named alibaba-addon-secret in the registered cluster.

      Run the following command to create a Secret used by the ack-onepilot component.

      Note

      You need to replace access-key-id and access-key-secret in the command with the AccessKey ID and AccessKey secret you created in the previous step.

      kubectl -n ack-onepilot create secret generic alibaba-addon-secret --from-literal='access-key-id=<your AccessKey ID>' --from-literal='access-key-secret=<your AccessKey Secret>'
  2. Install the ack-onepilot component.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.

    3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot card, and then click Install in the lower-right corner.

    4. In the Install ack-onepilot dialog box, configure the parameters and click OK.

Step 2: Enable ARMS for a Java application

To enable Application Monitoring when you create an application, perform the following steps:

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that you want to manage, and click Applications in the Actions column.

  2. On the Deployments page, click Create from YAML in the upper-right corner of the page.

  3. On the page that appears, select a template from the Sample Template drop-down list, and add the following labels to the spec > template > metadata section in the Template code editor:

    labels:
      armsPilotAutoEnable: "on"
      armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
      armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.
    Note

    YAML Example

    The following YAML template shows how to create a Deployment application and enable Application Monitoring for the application:

    Show the complete YAML file (Java)

    apiVersion: v1
    kind: Namespace
    metadata:
      name: arms-demo
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo
      namespace: arms-demo
      labels:
        app: arms-springboot-demo
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo
      template:
        metadata:
          labels:
            app: arms-springboot-demo
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "true"
                - name: COMPONENT_HOST
                  value: "arms-demo-component"
                - name: COMPONENT_PORT
                  value: "6666"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: apps/v1 
    kind: Deployment
    metadata:
      name: arms-springboot-demo-subcomponent
      namespace: arms-demo
      labels:
        app: arms-springboot-demo-subcomponent
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo-subcomponent
      template:
        metadata:
          labels:
            app: arms-springboot-demo-subcomponent
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo-subcomponent
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "false"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: arms-demo-component
      name: arms-demo-component
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-demo-component-svc
          port: 6666
          targetPort: 8888
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: arms-springboot-demo-subcomponent
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-demo-mysql
      namespace: arms-demo
      labels:
        app: mysql
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: mysql
      template:
        metadata:
          labels:
            app: mysql
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
              name: mysql
              ports:
                - containerPort: 3306
                  name: mysql
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: mysql
      name: arms-demo-mysql
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-mysql-svc
          port: 3306
          targetPort: 3306
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: mysql
    ---

On the Deployments page, click ARMS Console in the Actions column of the Java application to navigate to the ARMS console and perform service governance.

What to do next

  • Uninstall ack-onepilot for all applications in the cluster

    Use onectl

    1. Run the following command to uninstall the ack-onepilot component:

      onectl addon uninstall ack-onepilot

      Expected output:

      Addon ack-onepilot uninstalled.
    2. Restart your application pod.

    Use the console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.

    3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot component, and then click Uninstall in the lower-right corner.

    4. In the message that appears, click OK.

    5. Restart your application pod.

  • Uninstall ack-onepilot for an application in the cluster

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the name of the desired cluster and choose Workloads > Deployments in the left-side navigation pane.

    3. On the Deployments page, choose More > View in YAML in the Actions column of the application that you want to manage. In the Edit YAML dialog box, delete the labels that you added in Step 2, and then click Update.

    4. Restart your application pod.