Connect Java applications in a generic Kubernetes environment to ARMS Application Monitoring - Application Real-Time Monitoring Service

Use Application Real-Time Monitoring Service (ARMS) to monitor applications in a generic Kubernetes environment. You can monitor application topology, API calls, track abnormal and slow transactions, and perform SQL analysis. This topic describes how to connect a Java application in a generic Kubernetes environment to ARMS.

Note

If you use a Kubernetes cluster provided by Container Service for Kubernetes (ACK), this topic does not apply. To connect an ACK cluster to ARMS, see Install the Java agent for Container Service for Kubernetes (ACK) and Container Compute Service (ACS) using the ack-onepilot component.

Prerequisites

Your Kubernetes cluster must be version 1.18 or later.
If your Kubernetes cluster is not deployed on Alibaba Cloud, ensure that it can connect to the internet. Alternatively, you can connect the cluster to an Alibaba Cloud VPC using services such as Cloud Enterprise Network (CEN).
Check your JDK version. For more information, see Supported JDK versions.
Ensure the maximum heap memory for the process is greater than 256 MB.

Option 1 (Recommended): Connect to ARMS through a registered ACK cluster

Advantages of using a registered ACK cluster:

More efficient operations and maintenance (O&M) support.
Access to more extension capabilities of ACK clusters, such as monitoring, logging, backup and recovery, security, and elastic cloud resources. For more information, see Overview of registered clusters.

Connect the Kubernetes cluster to ACK One. For more information, see Create a registered cluster in ACK One.
Install the ack-onepilot component for the registered cluster. For more information, see Connect Application Real-Time Monitoring Service (ARMS) to a registered cluster.

Option 2: Connect directly to ARMS

Important

This method does not use an ACK registered cluster. After integration, information related to containers, such as CPU, memory, disk, and network, cannot be correlated and displayed. This means that on the Application Instance page, only container environment data collected by the ARMS agent is displayed, and you cannot view container data obtained from Prometheus probes by integrating with Managed Service for Prometheus. For more information, see Java application instance monitoring.

Step 1: Install Helm 3

Step 2: Install the agent

ARMS Application Monitoring supports connecting both stateless (deployment) and stateful (StatefulSet) applications. The connection method is the same for both. This section shows how to connect a stateless (deployment) application as an example.

Run the following wget command to download the ack-onepilot installation package.

 wget 'https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/ack-onepilot-5.1.1.tgz'

Run the following command to decompress the ack-onepilot installation package.
```
tar xvf ack-onepilot-5.1.1.tgz                 
```
Edit the values.yaml file in the installation package. Modify the following parameters as needed, and then save the file.
```
registry: registry-__ACK_REGION_ID__.ack.aliyuncs.com/acs/
cluster_id: __ACK_CLUSTER_ID__
accessKey: __ACCESSKEY__
accessKeySecret: __ACCESSKEY_SECRET__
uid: "__ACK_UID__"
region_id: __ACK_REGION_ID__
```
- registry: The registry address of the ack-onepilot image.
- cluster_id: A custom ID for the Kubernetes cluster. This ID must be unique. The recommended format is <uid>-<clusterid>.
- accessKey and accessKeySecret: The AccessKey ID and AccessKey secret of your Alibaba Cloud account. To obtain them, see Create an AccessKey.
  Important
  Make sure the Alibaba Cloud account has the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions.
  If you are using a Resource Access Management (RAM) user, make sure the RAM user also has the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions. For more information, see Manage RAM user permissions.
  For better security, you can hide the AccessKey ID and AccessKey secret using a Kubernetes Secret. For more information, see Option 2: Import the AccessKey ID and AccessKey secret using a Kubernetes Secret.
- uid: The ID of your Alibaba Cloud account. You can find the ID by moving the mouse pointer over your profile picture in the upper-right corner of the Alibaba Cloud Management Console.
- region_id: The ID of the Alibaba Cloud region. For a list of regions where Application Monitoring is available, see Available regions.
Note
If the destination cluster is an edge cluster, add the nodeSelector annotation to schedule the ack-onepilot component to the cloud. This ensures that ack-onepilot works correctly.
```
kind: Deployment
apiVersion: apps/v1
metadata:
  name: xxx
  namespace: xxx
spec:
  template:
    spec:
      nodeSelector:
        # Replace with your actual node selector.
        alibabacloud.com/is-edge-worker: "false"
```
Run the following command to install ack-onepilot.
Run this command outside the ack-onepilot installation package directory.
```
helm3 upgrade --install ack-onepilot ack-onepilot --namespace ack-onepilot --create-namespace
```

Step 3: Modify the application's YAML file

Run the following command to view the YAML file of the destination stateless (deployment) application.
```
kubectl get deployment {deployment_name} -o yaml                            
```
Note
If you do not know the {deployment_name}, run the following command to view all stateless (deployment) applications. Find the destination application in the output, and then view its YAML file.
```
kubectl get deployments --all-namespace                
```
Run the following command to start editing the YAML file of the destination stateless (deployment) application.
```
kubectl edit deployment {deployment_name} -o yaml                        
```

In the YAML file, add the following content under the spec.template.metadata level.

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with your application name.
  aliyun.com/app-language: java

Note

For information about Application Security, see What is Application Security
For information about the billing rules of Application Security, see Billing.

To create a new stateless (deployment) application in a Kubernetes environment and connect it to ARMS, the complete YAML file for the application is as follows:

Expand to view the complete sample YAML file

apiVersion: apps/v1beta1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match to receive traffic for this service
  selector:
    app: mysql
---

After you save the configuration, the application automatically restarts for the changes to take effect.
After 2 to 5 minutes, if your application appears on the Application Monitoring > Application List page in the ARMS console and data is reported, the connection is successful.