By default, registered clusters do not have ARMS Addon Token and do not have a worker RAM role. Therefore, you cannot attach permission policies on Application Real-Time Monitoring Service (ARMS) and Tracing Analysis to the RAM role. However, you can configure the AccessKey pair of an account on the details page of ack-arms-cmonitor. This way, the account is authorized to install ack-arms-cmonitor. This topic describes how to install a Kubernetes Monitoring agent for a registered cluster.

Background information

Container Service for Kubernetes (ACK) allows you to register a Kubernetes cluster that is deployed in a data center or on a third-party cloud. This way, you can manage your clusters in Distributed Cloud Container Platform for Kubernetes (ACK One) in a centralized manner. For more information, see Overview.

(Optional) Step 1: Grant permissions to a RAM user

If you want to use a RAM user to install the Kubernetes Monitoring agent ack-arms-cmonitor for a registered cluster, make sure that the RAM user has the following permission policies:

  • AliyunARMSFullAccess: grants full permissions on ARMS.
  • AliyunTracingAnalysisFullAccess: grants full permissions on Tracing Analysis to the RAM role.

If the current RAM user does not have the permission policies, perform the following steps to attach the permission policies to the RAM user.

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to attach the authorization policy, and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, grant permissions to the RAM user.
    1. Set Authorized Scope to Alibaba Cloud Account.
    2. Specify the principal.
      The principal is the RAM user to which you want to grant permissions. By default, the current RAM user is specified. You can also specify another RAM user.
    3. In the Select Policy section, enter the keywords of the two policies that you want to attach to the RAM role in the search box. Click the policies to add them to the Selected list on the right side of the section. Then, click OK.
      • AliyunARMSFullAccess: grants full permissions on ARMS.
      • AliyunTracingAnalysisFullAccess: grants full permissions on Tracing Analysis.
  5. Click OK.

Step 2: Configure a Kubernetes Monitoring agent

  1. Log on to the ARMS console. In the left-side navigation pane, click Kubernetes Monitoring.
  2. On the Kubernetes Monitoring page, select a region from the top navigation bar and click the name of the cluster that you want to manage.
  3. On the Kubernetes Monitoring page, click View in the Actions column of your ACK cluster.
  4. In the Exporters dialog box, find Kubernetes Monitoring and click Install in the Actions column.
  5. On the Parameters tab of the View Details page, enter the AccessKey ID and AccessKey secret of your Alibaba Cloud account.
    Note For more information about how to obtain the AccessKey pair of an Alibaba Cloud account, see Obtain an AccessKey pair.
    Kubernetes agent authorization
  6. In the Deploy section, select the registered cluster and click Create.

Step 3: Install agents

After you install a Prometheus Monitoring agent and a Kubernetes Monitoring agent for the registered cluster, you can use Kubernetes Monitoring. For more information, see Enable for a Kubernetes cluster.