How to use Kubernetes Monitoring to monitor cluster topologies - Container Service for Kubernetes

Alibaba Cloud Kubernetes Monitoring is a collection of observability services that are developed based on the Extended Berkeley Packet Filter (eBPF) technology for Kubernetes clusters. Kubernetes Monitoring provides a comprehensive observability solution that allows IT developers and O&M engineers to monitor Kubernetes clusters based on metrics, traces, logs, and events. This topic describes how to use Kubernetes Monitoring to monitor cluster topologies.

Prerequisites

A Container Service for Kubernetes (ACK) cluster is created. For more information, see Create an ACK managed cluster.
Application Real-Time Monitoring Service (ARMS) is activated. For more information, see Activate ARMS.
The environment requirements and limits of Kubernetes Monitoring are met. For more information, see Environment requirements and limits.

Background information

Kubernetes workloads run in resource pools that consist of nodes. Therefore, the traces of pods are difficult to identify and the topology is complex. The greatest challenge is how to monitor the workloads in an ACK cluster in a visualized manner and how to visualize the throughput of the ACK cluster. Kubernetes Monitoring uses the eBPF technology to obtain the Rate, Errors, and Duration (RED) data of containers without code intrusion. Kubernetes Monitoring can efficiently identify performance issues in containers and pods. In addition, Kubernetes Monitoring can identify the Services and controller workloads that are related to the issues. This improves troubleshooting efficiency. The controller workloads include Deployments, StatefulSets, and DaemonSets. For more information, see What is Kubernetes Monitoring?.

Connect an ACK cluster to Kubernetes Monitoring

To connect an ACK cluster to Kubernetes Monitoring, install the following monitoring agents in the cluster.

Prometheus Monitoring agent: ack-arms-prometheus
Note
The metrics that are used in Kubernetes Monitoring are collected by Managed Service for Prometheus. Therefore, you must install the Managed Service for Prometheus agent. For more information about the comparison between Kubernetes Monitoring and Managed Service for Prometheus, see Comparison between Kubernetes Monitoring and other ARMS services.
Kubernetes Monitoring agent: ack-arms-cmonitor
Before you install ack-arms-cmonitor in a cluster, you must check whether ARMS Addon Token exists in the cluster. If ARMS Addon Token does not exist, an error occurs due to insufficient permissions. If ARMS Addon Token exists, ARMS performs password-free authorization. After the agent is installed, you can use Kubernetes Monitoring. If ARMS Addon Token does not exist, you must attach the policies that provide full permissions on ARMS and Tracing Analysis to the worker RAM role.
The following section describes how to check whether ARMS Addon Token exists and how to attach the policies to the worker RAM role:
Check whether ARMS Addon Token exists
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of the cluster that you want to manage and choose Configurations > Secrets in the left-side navigation pane.
3. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token exists.
Attach the policies that provide full permissions on ARMS and Tracing Analysis to the worker RAM role
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of the cluster that you want to manage and click Cluster Information in the left-side navigation pane.
3. Click Cluster Resources on the Cluster Information page. On the page that appears, click the hyperlink on the right side of Worker RAM Role.
4. On the Permission tab, click Add Permissions.
5. In the Select Policy section of the Add Permissions panel, enter the keywords of the following policies in the search box. Click the policies to add them to the right-side Selected list. Then, click OK.
  - AliyunTracingAnalysisFullAccess: provides full permissions on Tracing Analysis.
  - AliyunARMSFullAccess: provides full permissions on ARMS.
6. Click Complete.
Note
- ACK managed cluster: ARMS Addon Token may not exist in specific ACK managed clusters. If you use an ACK managed cluster, we recommend that you first check whether ARMS Addon Token exists. If ARMS Addon Token does not exist, you must manually complete authorization.
- ACK dedicated cluster: By default, ACK dedicated clusters do not have ARMS Addon Token. You must manually complete authorization.
- Registered cluster: By default, registered clusters do not have ARMS Addon Token. You must manually complete authorization. Registered clusters do not have a worker RAM role. You cannot manually attach the ARMS and Tracing Analysis permission policies to the RAM role. For more information about how to install the Kubernetes Monitoring agent ack-arms-cmonitor in a registered cluster, see Install a Kubernetes Monitoring agent for a registered cluster.

Enable Kubernetes Moniotring

Method 1: Use the ACK console to enable Kubernetes Monitoring

Install the Managed Service for Prometheus agent ack-arms-prometheus.
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
3. In the left-side navigation pane of the cluster details page, choose Operations > Prometheus Monitoring.
  If the Prometheus Monitoring page shows that the Managed Service for Prometheus agent is not installed, install the agent.
4. On the Prometheus Monitoring page, click Install.
  ACK automatically installs the Managed Service for Prometheus agent ack-arms-prometheus.
  Note
  The default namespace is arms-prom.
Install the Kubernetes Monitoring agent ack-arms-cmonitor.
1. In the left-side navigation pane of the cluster details page, choose Operations > Cluster Topology.
2. On the Cluster Topology page, click Install.
  ACK automatically installs the Kubernetes Monitoring agent ack-arms-cmonitor.
  Note
  The default namespace is arms-prom.

Method 2: Use the ARMS console to enable Kubernetes Monitoring

Install the Managed Service for Prometheus agent ack-arms-prometheus.
1. Log on to the ARMS console.
2. In the left-side navigation pane, click Kubernetes Monitoring.
3. In the top navigation bar, select a region.
4. On the Kubernetes Monitoring page, click Install in the Actions column of your ACK cluster.
5. In the dialog box that appears, click Install in the Actions column of Prometheus Monitoring.
  You are redirected to the ack-arms-prometheus details page of the ACK console.
6. In the Deploy panel on the right side of the ack-arms-prometheus details page, select your ACK cluster and click Create.
  Note
  The default namespace is arms-prom.
Install the Kubernetes Monitoring agent ack-arms-cmonitor.
1. On the Kubernetes Monitoring page of the ARMS console, click Install in the Actions column of your ACK cluster.
2. In the dialog box that appears, click Install in the Actions column of Kubernetes Monitoring.
  You are redirected to the ack-arms-cmonitor details page of the ACK console.
3. In the Deploy panel on the right side of the ack-arms-cmonitor details page, select your ACK cluster and click Create.
  Note
  The default namespace is arms-prom.