All Products
Search

This Product

    Container Service for Kubernetes:Cluster topology monitoring

    Document Center

    Container Service for Kubernetes:Cluster topology monitoring

    Last Updated:Mar 26, 2026

    Application Monitoring eBPF Edition is a set of observability services built on Extended Berkeley Packet Filter (eBPF) technology for Kubernetes clusters. It collects Rate, Errors, and Duration (RED) performance data from containers without code intrusion, and automatically correlates the relevant Services and controller workloads — such as Deployments, StatefulSets, and DaemonSets — to speed up troubleshooting.

    Prerequisites

    Before you begin, make sure you have:

    How it works

    Application Monitoring eBPF Edition requires two agents installed in your cluster:

    Agent Component ID Purpose
    Prometheus monitoring agent ack-arms-prometheus Collects cluster metrics via Managed Service for Prometheus
    Application Monitoring eBPF Edition component ack-arms-cmonitor Collects RED performance data from containers
    Metrics in Application Monitoring eBPF Edition are collected by Managed Service for Prometheus, so ack-arms-prometheus is required even if you only plan to use eBPF monitoring.

    Connect your ACK cluster

    Step 1: Check for the ARMS Addon Token

    Before installing ack-arms-cmonitor, check whether the cluster has an ARMS Addon Token (addon.arms.token). If the token exists, ARMS performs password-free authorization automatically. If it does not exist, you must attach the required RAM policies manually.

    1. Log on to the ACK console. In the left-side navigation pane, click ACK consoleClusters.

    2. Click the cluster name, then choose Configurations > Secrets in the left-side navigation pane.

    3. Select kube-system from the Namespace drop-down list and check whether addon.arms.token exists.

    Token status Next step
    Token exists Skip to Step 2: Install ack-arms-cmonitor
    Token does not exist Complete Step 1b: Attach RAM policies before proceeding
    ACK managed clusters: The ARMS Addon Token may not exist in specific ACK managed clusters. Check first, then complete authorization manually if needed.
    ACK dedicated clusters: The ARMS Addon Token does not exist by default. Manual authorization is always required.

    Step 1b: Attach RAM policies (if no token exists)

    Attach the following policies to the worker Resource Access Management (RAM) role:

    • AliyunARMSFullAccess — full permissions on ARMS

    • AliyunTracingAnalysisFullAccess — full permissions on Tracing Analysis

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. Click the cluster name. In the left-side navigation pane, click Cluster Information.

    3. On the Basic Information tab, find the Cluster Resources section and click the link next to Worker RAM Role.

    4. In the RAM console, on the Permission tab, click Grant Permission.

    5. In the Grant Permission panel, select both policies and click Grant permissions:

      • AliyunTracingAnalysisFullAccess

      • AliyunARMSFullAccess

    Step 2: Install ack-arms-cmonitor

    Important

    If ack-arms-cmonitor is already installed, check its version first. In the ACK console, choose Operations > Add-ons in the cluster's left-side navigation pane. If the version is earlier than 4.0.0, click Upgrade before proceeding.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters, then click the cluster name.

    2. In the left-side navigation pane, choose Operations > Cluster Topology.

    3. On the Cluster Topology page, click Install. The ACK console installs the agent automatically.

      The default namespace is arms-prom.

    4. (ACK dedicated clusters only) Update the AccessKey pair:

      1. In the left-side navigation pane, choose Applications > Helm.

      2. Find arms-cmonitor and click Update. Set accessKey and accessKeySecret to the AccessKey ID and AccessKey Secret of your Alibaba Cloud account. See Obtain the AccessKey pair of the primary account. > Important: Make sure the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess policies are attached to your Alibaba Cloud account.

      3. Click OK.

    Enable Application Monitoring eBPF Edition for your applications

    Choose the integration method that fits your workflow:

    Method Best for
    Manual integration via ACK console Existing applications, or new applications deployed via YAML
    Automatic integration via ARMS console Bulk onboarding of multiple applications

    Manual integration

    Add the following labels to the spec.template.metadata.labels section of your Deployment YAML:

    armseBPFAutoEnable: "on"
armseBPFCreateAppName: "<your-deployment-name>"    # Replace with your application name

    A complete example that creates a Deployment with Application Monitoring eBPF Edition enabled:

    apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armseBPFAutoEnable: "on"
        armseBPFCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armseBPFAutoEnable: "on"
        armseBPFCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  selector:
    app: mysql

    To deploy via the ACK console:

    1. Log on to the ACK console. On the Clusters page, find the cluster and click Applications in the Actions column.

    2. On the Deployments page, click Create from YAML.

    3. Select a template from the Sample Template drop-down list, add the labels to the spec.template.metadata section, and apply.

    Automatic integration

    1. Log on to the ARMS console.

    2. In the left-side navigation pane, click Integration Center. In the Server Applications section, click the eBPF Application Monitor card.

    3. In the panel that appears, set the parameters as prompted to complete integration.

    Verify the integration

    After integration, confirm that your applications and cluster are monitored:

    1. In the ARMS console, click Integration Management in the left-side navigation pane to view all applications and services integrated into ARMS.

    2. On the Integrated Environments tab, click the ACK cluster name to view:

      • Basic cluster information

      • Enabled components

      • Cluster metrics

    3. From this page, explore metrics or configure the ARMS agent as needed.

    What's next