How to use ARMS to perform monitoring operations - Container Service for Kubernetes

After you install an Application Monitoring component of Application Real-Time Monitoring Service (ARMS), ack-onepilot, for a Java application that is deployed in Container Service for Kubernetes (ACK), ARMS starts to automatically discover application topology, generate 3D topology, monitor interfaces, and capture abnormal and slow transactions. This significantly enhances the efficiency of online problem diagnosis.

Background

ARMS is an application performance management (APM) service. It provides comprehensive monitoring for Java applications deployed in ACK without the need to modify code. By installing and authorizing ack-onepilot, you can efficiently identify failed requests and slow requests, reproduce request parameters, detect memory leaks, and discover system bottlenecks. For more information about ARMS Application Monitoring, see What is Application Monitoring.

Prerequisites

A namespace is created. For more information, see Manage namespaces and resource quotas. In this example, a namespace named arms-demo is used.
The version of the JDK is supported by Application Monitoring. ARMS supports the following JDK versions:
- JDK 1.7.0+
  Important
  The ARMS agent V3.0.X and later will no longer support Java 7. If you are still using Java 7, we recommend that you upgrade your Java version. For more information, see Application Monitoring no longer supports Java 7.
- JDK 1.8.0_25+
  Note
  - If you deploy applications in Kubernetes clusters, we recommend that you use JDK V1.8.0_191 or later.
  - Make sure that the JDK version is not 1.8.0_25 or 1.8.0_31. Otherwise, the ARMS agent may fail to be installed. In this case, we recommend that you upgrade JDK to the latest 1.8.X.
- JDK 11.0.8+
- JDK 17
ARMS is activated. For more information, see Activate ARMS.

Step 1: Install the ARMS Application Monitoring component

Important

The old component arms-pilot is no longer maintained. You can install the new component ack-onepilot to monitor your application. The ack-onepilot component is fully compatible with arms-pilot. You can seamlessly install ack-onepilot without the need to modify application configurations. For more information, see How do I uninstall arms-pilot and install ack-onepilot?

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the one you want to manage and click its name. In the left-side navigation pane, choose Operations > Add-ons.
On the Add-ons page, search for ack-onepilot.
On the ack-onepilot card, click Install. In the dialog box that appears, configure the parameters as needed. We recommend that you use the default values. Then, click OK.
Note
By default, ack-onepilot supports 1,000 pods. For every additional 1,000 pods in the cluster, you must add 0.5 CPU cores and 512 MB of memory for ack-onepilot.
After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Authorize ARMS to access resources

To monitor an application deployed in an ACK cluster with no addon.arms.token, perform the following operations to authorize the ACK cluster to access ARMS. If the addon.arms.token already exists, no further authorization is needed.
Note
In ACK clusters, addon.arms.token enables ARMS to automatically perform password-free authorization. Normally, ACK managed clusters have addon.arms.token by default. However, some of the ACK managed clusters created earlier may not include addon.arms.token.
1. Check whether the cluster has addon.arms.token.
  Check for the addon.arms.token secret in the cluster.
  Log on to the ACK console. In the left-side navigation pane, click Clusters.
  On the Clusters page, click the name of the one you want to change. In the left-side pane, choose Configurations > Secrets.
  In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token exists.
2. If addon.arms.token does not exist, perform the following these steps to manually authorize the cluster to access ARMS resources :
  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
  2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, click Cluster Information.
  3. Click the Basic Information tab. In the Cluster Resources section, click the link to the right side of Worker RAM Role.
  4. On the Permissions tab, click Grant Permission.
  5. Select the AliyunARMSFullAccess policy and click OK.
To monitor an application deployed in an ACK managed cluster that is connected to an elastic container instance, go to the RAM Quick Authorization page and complete the authorization. Then, restart the pods that are created for ack-onepilot.

Step 3: Enable ARMS to monitor a Java application

To enable Application Monitoring when you create a new application, perform the following steps:

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster you want to manage and click its name. In the left-side pane, choose Workloads > Deployments.
On the Deployments page, click Create from YAML in the upper part of the page.

On the Create page, select a template from the Sample Template drop-down list and add the following labels to the spec.template.metadata field in the Template code editor.

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Note

For more information about Application Security, see What is Application Security.
For more information about the billing of Application Security, see Billing.

YAML Example

The following YAML template shows how to create a Deployment application and enable Application Monitoring for the application:

Expand to view the full YAML template

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
        one-agent.jdk.version: "OpenJDK11"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        one-agent.jdk.version: "OpenJDK11"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # The port that this Service listen on.
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # Label keys and values must match in order to receive traffic.
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # For versions earlier than 1.8.0, use apps/v1beta1.
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # The port that this Service listen on.
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # Label keys and values must match in order to receive traffic.
  selector:
    app: mysql
---

Verify the result

On the Deployments page, find the application, and check whether the ARMS Console button appears in the Actions column.

ARMS Console Button

What to do next

After you complete the preceding steps, ARMS Application Monitoring is enabled for the application deployed in ACK. To access the Application Monitoring page in the ARMS console, click ARMS Console in the Actions column of the application. For more information, see Application overview.

Container Service for Kubernetes:Java Application Monitoring