All Products
Search

This Product

    Container Service for Kubernetes:Connect a registered cluster to Application Real-Time Monitoring Service

    Document Center

    Container Service for Kubernetes:Connect a registered cluster to Application Real-Time Monitoring Service

    Last Updated:Nov 20, 2025

    Application Real-Time Monitoring Service (ARMS) provides comprehensive monitoring to help you understand the health of your applications. You can install the ARMS application monitoring component in a registered Kubernetes cluster to monitor the applications that run in the cluster.

    Prerequisites

    Step 1: Install the ARMS application monitoring component

    Install using onectl

    1. Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.

    2. Run the following command to configure RAM permissions for the ack-onepilot component.

      onectl ram-user grant --addon ack-onepilot

      Expected output:

      Ram policy ack-one-registered-cluster-policy-ack-onepilot granted to ram user **** successfully.

    3. Run the following command to install the ack-onepilot component.

      onectl addon install ack-onepilot

      Expected output:

      Addon ack-onepilot, version **** installed.

    Install using the console

    1. Configure RAM permissions. Before you install the component in the registered cluster, you must set an AccessKey in the connected cluster to obtain permissions to access Alibaba Cloud services.

      1. Create a RAM user.

      2. Create a custom policy. The following policy document is required for the ack-onepilot component:

        {
    "Version": "1",
    "Statement": [
        {
            "Action": "arms:*",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "cms:*",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

      3. Grant permissions to the RAM user. Attach the custom policy that you created in the previous step to the RAM user.

      4. Create an AccessKey pair for the RAM user.

        Warning

        We recommend that you configure AccessKey pair-based policies for network access control, limiting AccessKey invocation sources to trusted network environments to enhance AccessKey security.

      5. Use the AccessKey to create a Secret resource named alibaba-addon-secret in the registered cluster.

        Run the following command to create the Secret for the ack-onepilot component.

        Note

        Before you run the command, replace the access-key-id and access-key-secret parameters with the AccessKey ID and AccessKey secret that you created in the previous step.

        kubectl -n ack-onepilot create secret generic alibaba-addon-secret --from-literal='access-key-id=<your AccessKey ID>' --from-literal='access-key-secret=<your AccessKey Secret>'

    2. Install the ack-onepilot component.

      1. Log on to the ACK console. In the left navigation pane, click Clusters.

      2. On the Clusters page, find the one you want to manage and click its name. In the left navigation pane, click Add-ons.

      3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot component, and click Install in the lower-right corner.

      4. In the Install ack-onepilot dialog box, set the configuration items and click OK.

    Step 2: Enable ARMS Application Monitoring for a Java application<YOUR-DEPLOYMENT-NAME>

    On the Stateless page, click ARMS Console in the Actions column of the target application. You are redirected to the ARMS console to manage your application.

    What to do next

    • Uninstall the agent for all applications in the cluster

      Uninstall using onectl

      1. Run the following command to uninstall the ack-onepilot component.

        onectl addon uninstall ack-onepilot

        Expected output:

        Addon ack-onepilot uninstalled.

      2. Restart the application pods.

      Uninstall using the console

      1. Log on to the ACK console. In the left navigation pane, click Clusters.

      2. On the Clusters page, find the one you want to manage and click its name. In the left navigation pane, click Add-ons.

      3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot component, and click Uninstall in the lower-right corner.

      4. In the dialog box that appears, click OK.

      5. Restart the application pods.

    • Uninstall the agent for a specific application in the cluster

      1. Log on to the ACK console. In the left navigation pane, click Clusters.

      2. On the Clusters page, click the name of the target cluster. In the navigation pane on the left, choose Workloads > Deployments.

      3. On the Deployments page, in the Actions column of the target application, choose image > Edit YAML. In the Edit YAML dialog box, delete the labels that you added in Step 2, and then click Update.

      4. Restart the application pods.