By default, registered clusters do not have ARMS Addon Token and do not have a worker RAM role. Therefore, you cannot attach permission policies on Application Real-Time Monitoring Service (ARMS) and Tracing Analysis to the RAM role. However, you can configure the AccessKey pair of an account on the details page of ack-arms-cmonitor. This way, the account is authorized to install ack-arms-cmonitor. This topic describes how to install a Kubernetes Monitoring agent for a registered cluster.
Background information
Container Service for Kubernetes (ACK) allows you to register a Kubernetes cluster that is deployed in a data center or on a third-party cloud. This way, you can manage your clusters in Distributed Cloud Container Platform for Kubernetes (ACK One) in a centralized manner. For more information, see Overview.
(Optional) Step 1: Grant permissions to a RAM user
If you want to use a RAM user to install the Kubernetes Monitoring agent ack-arms-cmonitor for a registered cluster, make sure that the RAM user has the following permission policies:
- AliyunARMSFullAccess: grants full permissions on ARMS.
- AliyunTracingAnalysisFullAccess: grants full permissions on Tracing Analysis to the RAM role.
If the current RAM user does not have the permission policies, perform the following steps to attach the permission policies to the RAM user.
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to attach the authorization policy, and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM user.
- Click OK.
Step 2: Configure a Kubernetes Monitoring agent
- Log on to the ARMS console. In the left-side navigation pane, click Kubernetes Monitoring.
- On the Kubernetes Monitoring page, select a region from the top navigation bar and click the name of the cluster that you want to manage.
- On the Kubernetes Monitoring page, click View in the Actions column of your ACK cluster.
- In the Exporters dialog box, find Kubernetes Monitoring and click Install in the Actions column.
- On the Parameters tab of the View Details page, enter the AccessKey ID and AccessKey secret of your Alibaba Cloud account. Note For more information about how to obtain the AccessKey pair of an Alibaba Cloud account, see Obtain an AccessKey pair.
- In the Deploy section, select the registered cluster and click Create.
Step 3: Install agents
After you install a Prometheus Monitoring agent and a Kubernetes Monitoring agent for the registered cluster, you can use Kubernetes Monitoring. For more information, see Enable for a Kubernetes cluster.