Install an ARMS agent for Java applications deployed in ACK - Application Real-Time Monitoring Service

After you install an Application Real-Time Monitoring Service (ARMS) agent (ack-onepilot) for a Java application that is deployed in Container Service for Kubernetes (ACK), ARMS starts to monitor the Java application. You can view the monitoring data of application topology, API requests, abnormal transactions, and slow transactions. This topic describes how to install an ARMS agent for Java applications that are deployed in ACK.

Prerequisites

An ACK cluster is created. For more information, see Create an ACK dedicated cluster, Create an ACK managed cluster, or Create an ASK cluster.
If you want to monitor applications in the ACK cluster, upgrade Helm to V3. For more information, see [Component Updates] Update Helm V2 to V3.
A namespace is created in the cluster. For more information, see Manage namespaces and resource quotas. The namespace used in this example is arms-demo.
The version of the JDK is supported by Application Monitoring. ARMS supports the following JDK versions:
- JDK 1.7.0+
- JDK 1.8.0_25+
  Note
  - If you deploy applications in Kubernetes clusters, we recommend that you use JDK V1.8.0_191 or later.
  - Make sure that the JDK version is not 1.8.0_25 or 1.8.0_31. Otherwise, the ARMS agent may fail to be installed. In this case, we recommend that you upgrade JDK to the latest 1.8.X.
- JDK 11.0.8+
- JDK 17
Note JDKs V11 and V1.8, and other JDKs earlier than V1.8 have different agent installation packages from JDK V17. You need to download an agent installation package based on the JDK version or adjust the configurations of the ARMS agent ack-onepilot.

Step 1: Install an ARMS agent

Important The old Application Monitoring agent arms-pilot is no longer maintained. You can install the new agent ack-onepilot to monitor your applications. ack-onepilot is fully compatible with arms-pilot. You can seamlessly install ack-onepilot without the need to modify application configurations. For more information, see How do I install ack-onepilot and uninstall arms-pilot?

Log on to the ACK console.
In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.
In the left-side navigation pane, choose Operations > Add-ons. On the Add-ons page, enter ack-onepilot in the upper-right corner.
Click Install on the ack-onepilot card.
In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.
Note After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Grant the cluster the permissions to access ARMS

To monitor applications in a serverless Kubernetes (ASK) cluster or applications in a Kubernetes cluster connected to Elastic Container Instance (ECI), you must first authorize the cluster to access ARMS on the Cloud Resource Access Authorization page. Then, restart all pods on which the ack-onepilot agent is deployed.
If you want to monitor applications in an ACK cluster but the ACK cluster has no ARMS Addon Token, perform the following operations to authorize the ACK cluster to access ARMS. If ARMS Addon Token exists, go to Step 3.
Note
For more information about how to check whether a cluster has ARMS Addon Token, see How do I check whether ARMS Addon Token exists in a cluster?
If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must manually authorize the cluster to access ARMS.
1. Log on to the ACK console.
2. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster in which your application is deployed. Click the cluster name or click Details in the Actions column.
3. On the details page of the cluster, click the Cluster Resources tab. On the Cluster Resources tab, click the hyperlink next to Worker RAM Role.
4. You are redirected to the Roles page in the RAM console. On the Roles page, click the policy name on the Permissions tab.
5. On the Policy Document tab, click Modify Policy Document.
6. On the JSON tab, add the following content and click Next to edit policy information:
```
{
   "Action": "arms:*",
   "Resource": "*",
   "Effect": "Allow"
}
```
7. Ensure that the policy content is updated and correct, and click OK.

Step 3: Enable Application Monitoring to monitor a Java application

To enable Application Monitoring when you create an application, perform the following steps:

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click Applications in the Actions column of the cluster where your application is deployed.
On the Deployments page, click Create from YAML in the upper-right corner of the page.

On the page that appears, select a template from the Sample Template drop-down list, and add the following labels to the spec > template > metadata section in the Template code editor:

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  one-agent.jdk.version: "OpenJDK17"    # If the application uses JDK 17, you must configure this parameter. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Note

For information about Application Security, see What is Application Security?
For information about the billing of Application Security, see Billing rules.

The following YAML template shows how to create a stateless application and enable Application Monitoring for the application:

Show the complete YAML file (Java)

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
---

Verify the result

On the Deployments page, find the application that you want to monitor, and check whether the ARMS Console button appears in the Actions column.

Uninstall the ARMS agent

Uninstall the ARMS agent for all applications in the cluster

Log on to the ACK console.
In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that contains the Java application from which you want to uninstall the ARMS agent, and click Applications in the Actions column.
In the left-side navigation pane, choose Applications > Helm.
On the Helm page, find the release named ack-onepilot of the ARMS agent, and click Delete in the Actions column.
In the Delete message, click OK.
Restart the pod of your service.

Uninstall the ARMS agent for an application in the cluster

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click Applications in the Actions column of the cluster in which your application is deployed.
On the Deployments page, choose More > View in YAML in the Actions column of the application that you want to manage.

In the Edit YAML dialog box, delete the labels that you added in Step 3, and then click Update.

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  one-agent.jdk.version: "OpenJDK17"    # If the application uses JDK 17, you must configure this parameter. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Restart the pods.

FAQ

How do I rename an application?

To rename an application, you must modify the armsPilotCreateAppName parameter in the Deployment. For more information, see How do I modify the name of a Java application deployed in an ACK cluster?

Why does an ARMS agent fail to be installed in an ACK cluster?

Possible cause: ARMS Addon Token is not enabled for the ACK cluster.

Solution: Check whether ARMS Addon Token is not enabled for the ACK cluster and grant ACK the permissions to access ARMS resources. For more information, see Why does an ARMS agent fail to be installed for an application in an ACK cluster?

How do I report data across regions?

In the ack-onepilot-ack-onepilot application in the ack-onepilot namespace of the ACK cluster, add the ARMS_REPORT_REGION environment variable. The value must be the ID of a region where ARMS is supported. For example, you can set the value to cn-hangzhou or cn-beijing. Then, restart the existing applications. For more information, see How do I report ACK cluster data across regions?