All Products
Search

This Product

    Application Real-Time Monitoring Service:Mount an ARMS agent for Java into services using Istio

    Document Center

    Application Real-Time Monitoring Service:Mount an ARMS agent for Java into services using Istio

    Last Updated:May 14, 2025

    Before a Java application is started, the ack-onepilot component uses init containers to prepare an ARMS agent for Java. If both ack-onepilot and Istio are used, you need to upgrade ack-onepilot to a later version or configure ack-onepilot of the earlier version, considering the different network settings in Istio and other clusters.

    Step 1: Install the ack-onepilot component

    You can install ack-onepilot in one of the following clusters:

    Note

    • Upgrading ack-onepilot to V3.0.19 or later automatically modifies the interception configurations of Istio Proxy. In this case, skip Step 2.

    • To disable automatic modification, upgrade ack-onepilot to V4.1.2 or later and set the environment variable ARMS_ISTIO_AUTO_INJECT_ENABLE of ack-onepilot-ack-onepilot to false:

      1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

      2. On the Clusters page, find the cluster you want to manage and click its name. In the left-side pane, choose Workloads > Deployments.

      3. On the Deployments page, click the ack-onepilot component. Generally, it is named ack-onepilot-ack-onepilot in the ack-onepilot namespace.

      4. In the upper-right corner of the page that appears, click Edit.

      5. Scroll down until you see the Environments section. Click Add, add the environment variable ARMS_ISTIO_AUTO_INJECT_ENABLE, and set the value to false.

    Step 2: Modify the interception configurations of Istio Proxy

    1. Add the following VIP ranges to the annotation of the pod. Separate the CIDR blocks with commas (,).

      View VIP ranges not intercepted by Istio Proxy

      Region

      Region ID

      VPC endpoint

      VIP range

      China (Hangzhou)

      oss-cn-hangzhou

      oss-cn-hangzhou-internal.aliyuncs.com

      • 100.118.28.0/24

      • 100.114.102.0/24

      • 100.98.170.0/24

      • 100.118.31.0/24

      China (Shanghai)

      oss-cn-shanghai

      oss-cn-shanghai-internal.aliyuncs.com

      • 100.98.35.0/24

      • 100.98.110.0/24

      • 100.98.169.0/24

      • 100.118.102.0/24

      China (Qingdao)

      oss-cn-qingdao

      oss-cn-qingdao-internal.aliyuncs.com

      • 100.115.173.0/24

      • 100.99.113.0/24

      • 100.99.114.0/24

      • 100.99.115.0/24

      China (Beijing)

      oss-cn-beijing

      oss-cn-beijing-internal.aliyuncs.com

      • 100.118.58.0/24

      • 100.118.167.0/24

      • 100.118.170.0/24

      • 100.118.171.0/24

      • 100.118.172.0/24

      • 100.118.173.0/24

      China (Zhangjiakou)

      oss-cn-zhangjiakou

      oss-cn-zhangjiakou-internal.aliyuncs.com

      • 100.118.90.0/24

      • 100.98.159.0/24

      • 100.114.0.0/24

      • 100.114.1.0/24

      China (Hohhot)

      oss-cn-huhehaote

      oss-cn-huhehaote-internal.aliyuncs.com

      • 100.118.195.0/24

      • 100.99.110.0/24

      • 100.99.111.0/24

      • 100.99.112.0/24

      China (Ulanqab)

      oss-cn-wulanchabu

      oss-cn-wulanchabu-internal.aliyuncs.com

      • 100.114.11.0/24

      • 100.114.12.0/24

      • 100.114.100.0/24

      • 100.118.214.0/24

      China (Shenzhen)

      oss-cn-shenzhen

      oss-cn-shenzhen-internal.aliyuncs.com

      • 100.118.78.0/24

      • 100.118.203.0/24

      • 100.118.204.0/24

      • 100.118.217.0/24

      China (Heyuan)

      oss-cn-heyuan

      oss-cn-heyuan-internal.aliyuncs.com

      • 100.98.83.0/24

      • 100.118.174.0/24

      China (Guangzhou)

      oss-cn-guangzhou

      oss-cn-guangzhou-internal.aliyuncs.com

      • 100.115.33.0/24

      • 100.114.101.0/24

      China (Chengdu)

      oss-cn-chengdu

      oss-cn-chengdu-internal.aliyuncs.com

      • 100.115.155.0/24

      • 100.99.107.0/24

      • 100.99.108.0/24

      • 100.99.109.0/24

      China (Hong Kong)

      oss-cn-hongkong

      oss-cn-hongkong-internal.aliyuncs.com

      • 100.115.61.0/24

      • 100.99.103.0/24

      • 100.99.104.0/24

      • 100.99.106.0/24

      Japan (Tokyo)

      oss-ap-northeast-1

      oss-ap-northeast-1-internal.aliyuncs.com

      • 100.114.211.0/24

      • 100.114.114.0/25

      Singapore

      oss-ap-southeast-1

      oss-ap-southeast-1-internal.aliyuncs.com

      • 100.118.219.0/24

      • 100.99.213.0/24

      • 100.99.116.0/24

      • 100.99.117.0/24

      Malaysia (Kuala Lumpur)

      oss-ap-southeast-3

      oss-ap-southeast-3-internal.aliyuncs.com

      • 100.118.165.0/24

      • 100.99.125.0/24

      • 100.99.130.0/24

      • 100.99.131.0/24

      Indonesia (Jakarta)

      oss-ap-southeast-5

      oss-ap-southeast-5-internal.aliyuncs.com

      100.114.98.0/24

      Germany (Frankfurt)

      oss-eu-central-1

      oss-eu-central-1-internal.aliyuncs.com

      100.115.154.0/24

      UK (London)

      oss-eu-west-1

      oss-eu-west-1-internal.aliyuncs.com

      100.114.114.128/25

      US (Silicon Valley)

      oss-us-west-1

      oss-us-west-1-internal.aliyuncs.com

      100.115.107.0/24

      US (Virginia)

      oss-us-east-1

      oss-us-east-1-internal.aliyuncs.com

      • 100.115.60.0/24

      • 100.99.100.0/24

      • 100.99.101.0/24

      • 100.99.102.0/24

      SAU (Riyadh - Partner Region)

      me-central-1

      oss-me-central-1-internal.aliyuncs.com

      100.99.121.0/24

      Take the China (Hangzhou) region as an example:

        traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"

    2. Modify the YAML file of the application and add the following annotation to the spec.template.metadata section.

      image

      View the completed YAML file

      apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      annotations:
          traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
---