All Products
Search

This Product

    Container Service for Kubernetes:Java Application Monitoring

    Document Center

    Container Service for Kubernetes:Java Application Monitoring

    Last Updated:Mar 26, 2026

    Application Real-Time Monitoring Service (ARMS) provides zero-code application performance management (APM) for Java applications running in Container Service for Kubernetes (ACK). Install the ack-onepilot add-on on your cluster, and ARMS automatically discovers your application topology, monitors interfaces, and captures failed and slow requests — without any code changes. For more information about ARMS Application Monitoring, see What is Application Monitoring.

    After setup, you can:

    • Identify failed requests and slow requests

    • Reproduce request parameters

    • Detect memory leaks

    • Discover system bottlenecks

    • Visualize service dependencies as a 3D topology map

    Prerequisites

    Before you begin, make sure you have:

    Supported JDK versions:

    JDK version Support status Notes
    1.7.0+ Deprecated ARMS agent V3.0.X and later will drop Java 7 support. Upgrade to a newer version. See Application Monitoring no longer supports Java 7.
    1.8.0_25 Not recommended Agent installation may fail. Upgrade to the latest 1.8.X.
    1.8.0_31 Not recommended Agent installation may fail. Upgrade to the latest 1.8.X.
    1.8.0_191+ Recommended Minimum recommended version for Kubernetes clusters.
    11.0.8+ Supported
    17 Supported

    Step 1: Install the ack-onepilot add-on

    Important

    The old arms-pilot component is no longer maintained. ack-onepilot is its replacement and is fully compatible — no application configuration changes are needed. To migrate from arms-pilot, see How do I uninstall arms-pilot and install ack-onepilot?

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, click the name of the target cluster. In the left navigation pane, click Add-ons.

    3. In the Logs and Monitoring section, find ack-onepilot and click Install. In the dialog box, keep the default parameter values and click OK.

    Note

    By default, ack-onepilot supports up to 1,000 pods. For every additional 1,000 pods, add 0.5 CPU cores and 512 MB of memory to the ack-onepilot component. After installation, you can upgrade, configure, or uninstall ack-onepilot from the Add-ons page.

    Step 2: Authorize ARMS to access resources

    The authorization method depends on whether your cluster has the addon.arms.token Secret. This Secret enables ARMS to perform password-free authorization automatically. Most recently created ACK managed clusters include it by default; some older clusters may not.

    Check whether your cluster has addon.arms.token:

    1. Log on to the ACK console and click Clusters.

    2. Click the cluster name. In the left navigation pane, choose Configurations > Secrets.

    3. Select kube-system from the Namespace drop-down list and check whether addon.arms.token is listed.

    If addon.arms.token exists: No further authorization is needed. Skip to Step 3.

    If addon.arms.token does not exist: Grant the cluster's Worker RAM Role access to ARMS:

    1. Log on to the ACK console and click Clusters.

    2. Click the cluster name. In the left navigation pane, click Cluster Information.

    3. On the Basic Information tab, go to the Cluster Resources section and click the link next to Worker RAM Role.

    4. On the Permissions tab, click Grant Permission.

    5. Select the AliyunARMSFullAccess policy and click Grant permissions.

    If your cluster connects to Elastic Container Instances (ECI): Go to the RAM Quick Authorization page to grant the AliyunMSEForECIRole role, then restart the ack-onepilot pods.

    Step 3: Enable ARMS monitoring for your Java deployment

    Add ARMS labels to the spec.template.metadata section of your Deployment YAML to enable monitoring when the application starts.

    1. Log on to the ACK console and click Clusters.

    2. Click the cluster name. In the left navigation pane, choose Workloads > Deployments.

    3. On the Deployments page, click Create from YAML.

    4. Select a template from the Sample Template drop-down list, then add the following labels to the spec.template.metadata section in the Template editor:

      armsSecAutoEnable: "on" connects the application to Application Security. This label is optional. For billing details, see Billing.
      labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace with your application name
  armsSecAutoEnable: "on"    # Include this label only if you want to enable Application Security

      Replace <your-deployment-name> with the actual name of your application.

      The following complete YAML template creates a namespace, two Deployments, and supporting services, with ARMS monitoring enabled on both Deployments:

      YAML Example

      Expand to view the full YAML template

      apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
        one-agent.jdk.version: "OpenJDK11"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        one-agent.jdk.version: "OpenJDK11"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # The port that this Service listens on.
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # Label keys and values must match in order to receive traffic.
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # The port that this Service listens on.
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # Label keys and values must match in order to receive traffic.
  selector:
    app: mysql
---

    Verify the setup

    After the Deployment starts, confirm that monitoring is active:

    1. On the Deployments page in the ACK console, find your application and click image > ARMS Console in the Actions column.

    2. In the ARMS console, confirm that your application name appears in the application list.

    image.png

    What's next

    • Application overview — Explore the ARMS Application Monitoring dashboard: request traces, topology maps, and performance metrics.

    FAQ