By default, registered clusters do not have ARMS Addon Token and do not have a worker RAM role. Therefore, you cannot attach permission policies on Application Real-Time Monitoring Service (ARMS) and Tracing Analysis to the RAM role. However, you can configure the AccessKey pair of an account on the details page of ack-arms-cmonitor. This way, the account is authorized to install ack-arms-cmonitor. This topic describes how to install the Kubernetes Monitoring agent for a registered cluster.

Background information

Container Service for Kubernetes (ACK) allows you to register a Kubernetes cluster that is deployed in a data center or on a third-party cloud. This allows you to centrally manage your clusters in the ACK console. For more information, see Overview.

(Optional) Step 1: Grant permissions to a RAM user

If you want to use a RAM user to install the Kubernetes Monitoring agent ack-arms-cmonitor for a registered cluster, make sure that the RAM user has the following permission policies:

  • AliyunARMSFullAccess: grants full permissions on ARMS.
  • AliyunTracingAnalysisFullAccess: grants full permissions on Tracing Analysis to the RAM role.

If the current RAM user does not have the permission policies, perform the following steps to attach the permission policies to the RAM user.

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, grant permissions to the RAM user.
    1. Set Authorized Scope to Alibaba Cloud Account.
    2. Specify a principal.
      The principal is the RAM user to which you want to grant permissions. By default, the current RAM user is specified. You can also specify another RAM user.
    3. In the Select Policy section, enter the keywords of the two policies that you want to attach to the RAM role in the search box. Click the policies to add them to the Selected list on the right side of the section. Then, click OK.
      • AliyunARMSFullAccess: grants full permissions on ARMS.
      • AliyunTracingAnalysisFullAccess: grants full permissions on Tracing Analysis.
  5. Click OK.

Step 2: Configure the Kubernetes Monitoring agent

  1. Log on to the ACK console.
  2. In the left-side navigation pane, choose Marketplace > Marketplace.
  3. On the Marketplace page in the ACK console, search for ack-arms-cmonitor, and then click ack-arms-cmonitor.
  4. On the ack-arms-cmonitor page, click Deploy in the upper-right corner.
  5. In the Deploy panel, select the cluster that you want to manage and click Next.
    Note The default namespace is arms-prom.
  6. In the Parameters section, enter the AccessKey ID and AccessKey Secret of the current account, and then click OK.
    Note For more information about how to obtain the AccessKey pair of an Alibaba Cloud account, see Obtain an AccessKey pair.
    Kubernetes agent authorization

Step 3: Install the agents

After you install the Prometheus Monitoring agent and the Kubernetes Monitoring agent for the registered cluster, you can use Kubernetes Monitoring. For more information, see Enable for a Kubernetes cluster.