Mount an ARMS agent for Java into services that use Istio - Application Real-Time Monitoring Service

Before a Java application is started, the ack-onepilot component uses init containers to prepare an ARMS agent for Java. If both ack-onepilot and Istio are used, you need to upgrade ack-onepilot to a later version or configure ack-onepilot of the earlier version, considering the different network settings in Istio and other clusters.

Step 1: Install the ack-onepilot component

For information about how to install the ack-onepilot component in a Container Service for Kubernetes (ACK) cluster, see Automatically install an ARMS agent in ACK.
For information about how to install the ack-onepilot component in a cluster registered in ACK One, see Enable ARMS for a registered cluster.
For information about how to install the ack-onepilot component in a Kubernetes environment, see Automatically install an ARMS agent in an open source Kubernetes cluster.

Important

If you upgrade the ack-onepilot component to 3.0.19 or later, the interception configurations of Istio Proxy are automatically modified. In this case, you do not need to perform Step 2. For information about how to upgrade the ack-onepilot component, see Manage components.

Step 2: Modify the interception configurations of Istio Proxy

Add the following VIP ranges to the annotation of the pod. Separate the CIDR blocks with commas (,).

View VIP ranges not intercepted by Istio Proxy

Region	Region ID	VPC endpoint	VIP range
China (Hangzhou)	oss-cn-hangzhou	oss-cn-hangzhou-internal.aliyuncs.com	100.118.28.0/24 100.114.102.0/24 100.98.170.0/24 100.118.31.0/24
China (Shanghai)	oss-cn-shanghai	oss-cn-shanghai-internal.aliyuncs.com	100.98.35.0/24 100.98.110.0/24 100.98.169.0/24 100.118.102.0/24
China (Qingdao)	oss-cn-qingdao	oss-cn-qingdao-internal.aliyuncs.com	100.115.173.0/24 100.99.113.0/24 100.99.114.0/24 100.99.115.0/24
China (Beijing)	oss-cn-beijing	oss-cn-beijing-internal.aliyuncs.com	100.118.58.0/24 100.118.167.0/24 100.118.170.0/24 100.118.171.0/24 100.118.172.0/24 100.118.173.0/24
China (Zhangjiakou)	oss-cn-zhangjiakou	oss-cn-zhangjiakou-internal.aliyuncs.com	100.118.90.0/24 100.98.159.0/24 100.114.0.0/24 100.114.1.0/24
China (Hohhot)	oss-cn-huhehaote	oss-cn-huhehaote-internal.aliyuncs.com	100.118.195.0/24 100.99.110.0/24 100.99.111.0/24 100.99.112.0/24
China (Ulanqab)	oss-cn-wulanchabu	oss-cn-wulanchabu-internal.aliyuncs.com	100.114.11.0/24 100.114.12.0/24 100.114.100.0/24 100.118.214.0/24
China (Shenzhen)	oss-cn-shenzhen	oss-cn-shenzhen-internal.aliyuncs.com	100.118.78.0/24 100.118.203.0/24 100.118.204.0/24 100.118.217.0/24
China (Heyuan)	oss-cn-heyuan	oss-cn-heyuan-internal.aliyuncs.com	100.98.83.0/24 100.118.174.0/24
China (Guangzhou)	oss-cn-guangzhou	oss-cn-guangzhou-internal.aliyuncs.com	100.115.33.0/24 100.114.101.0/24
China (Chengdu)	oss-cn-chengdu	oss-cn-chengdu-internal.aliyuncs.com	100.115.155.0/24 100.99.107.0/24 100.99.108.0/24 100.99.109.0/24
China (Hong Kong)	oss-cn-hongkong	oss-cn-hongkong-internal.aliyuncs.com	100.115.61.0/24 100.99.103.0/24 100.99.104.0/24 100.99.106.0/24
Japan (Tokyo)	oss-ap-northeast-1	oss-ap-northeast-1-internal.aliyuncs.com	100.114.211.0/24 100.114.114.0/25
Singapore	oss-ap-southeast-1	oss-ap-southeast-1-internal.aliyuncs.com	100.118.219.0/24 100.99.213.0/24 100.99.116.0/24 100.99.117.0/24
Malaysia (Kuala Lumpur)	oss-ap-southeast-3	oss-ap-southeast-3-internal.aliyuncs.com	100.118.165.0/24 100.99.125.0/24 100.99.130.0/24 100.99.131.0/24
Indonesia (Jakarta)	oss-ap-southeast-5	oss-ap-southeast-5-internal.aliyuncs.com	100.114.98.0/24
Germany (Frankfurt)	oss-eu-central-1	oss-eu-central-1-internal.aliyuncs.com	100.115.154.0/24
UK (London)	oss-eu-west-1	oss-eu-west-1-internal.aliyuncs.com	100.114.114.128/25
US (Silicon Valley)	oss-us-west-1	oss-us-west-1-internal.aliyuncs.com	100.115.107.0/24
US (Virginia)	oss-us-east-1	oss-us-east-1-internal.aliyuncs.com	100.115.60.0/24 100.99.100.0/24 100.99.101.0/24 100.99.102.0/24
SAU (Riyadh - Partner Region)	me-central-1	oss-me-central-1-internal.aliyuncs.com	100.99.121.0/24

Take the China (Hangzhou) region as an example:

  traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"

Modify the YAML file of the application and add the following annotation to the spec.template.metadata section.

View the completed YAML file

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      annotations:
          traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
---