Install the Java agent for Istio-managed services

Updated at:
Copy as MD

The ack-onepilot component uses an init container to prepare the Application Real-Time Monitoring Service (ARMS) agent for a Java application before it starts. When you use ack-onepilot with Istio, the network configuration differs from that of a standard cluster. This topic describes how to upgrade the ack-onepilot component or configure older versions for Istio compatibility.

Step 1: Install the ack-onepilot component

Important
  • If you upgrade ack-onepilot to version 3.0.19 or later, it automatically modifies the istio-proxy interception configuration. In this case, you can skip Step 2. To upgrade the component, see Manage components.

  • To disable the automatic modification of the istio-proxy interception configuration, you can upgrade ack-onepilot to version 4.1.2 or later and set the corresponding option to false. Follow these steps:

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, click the name of your cluster. In the left navigation pane, click Workloads > Deployments.

    3. On the Stateless page, click the ack-onepilot component, which is typically named ack-onepilot-ack-onepilot and located in the ack-onepilot namespace.

    4. On the component's details page, click Edit in the upper-right corner. Then, set the ARMS_ISTIO_AUTO_INJECT_ENABLE environment variable to false.

Step 2: Modify the istio-proxy interception configuration

  1. Add the following VIP ranges to your pod's annotation, separated by commas.

    Excluded IP ranges

    Region

    Region ID

    VPC endpoint

    VIP range

    China (Hangzhou)

    oss-cn-hangzhou

    oss-cn-hangzhou-internal.aliyuncs.com

    • 100.118.28.0/24

    • 100.114.102.0/24

    • 100.98.170.0/24

    • 100.118.31.0/24

    China (Shanghai)

    oss-cn-shanghai

    oss-cn-shanghai-internal.aliyuncs.com

    • 100.98.35.0/24

    • 100.98.110.0/24

    • 100.98.169.0/24

    • 100.118.102.0/24

    China (Qingdao)

    oss-cn-qingdao

    oss-cn-qingdao-internal.aliyuncs.com

    • 100.115.173.0/24

    • 100.99.113.0/24

    • 100.99.114.0/24

    • 100.99.115.0/24

    China (Beijing)

    oss-cn-beijing

    oss-cn-beijing-internal.aliyuncs.com

    • 100.118.58.0/24

    • 100.118.167.0/24

    • 100.118.170.0/24

    • 100.118.171.0/24

    • 100.118.172.0/24

    • 100.118.173.0/24

    China (Zhangjiakou)

    oss-cn-zhangjiakou

    oss-cn-zhangjiakou-internal.aliyuncs.com

    • 100.118.90.0/24

    • 100.98.159.0/24

    • 100.114.0.0/24

    • 100.114.1.0/24

    China (Hohhot)

    oss-cn-huhehaote

    oss-cn-huhehaote-internal.aliyuncs.com

    • 100.118.195.0/24

    • 100.99.110.0/24

    • 100.99.111.0/24

    • 100.99.112.0/24

    China (Ulanqab)

    oss-cn-wulanchabu

    oss-cn-wulanchabu-internal.aliyuncs.com

    • 100.114.11.0/24

    • 100.114.12.0/24

    • 100.114.100.0/24

    • 100.118.214.0/24

    China (Shenzhen)

    oss-cn-shenzhen

    oss-cn-shenzhen-internal.aliyuncs.com

    • 100.118.78.0/24

    • 100.118.203.0/24

    • 100.118.204.0/24

    • 100.118.217.0/24

    China (Heyuan)

    oss-cn-heyuan

    oss-cn-heyuan-internal.aliyuncs.com

    • 100.98.83.0/24

    • 100.118.174.0/24

    China (Guangzhou)

    oss-cn-guangzhou

    oss-cn-guangzhou-internal.aliyuncs.com

    • 100.115.33.0/24

    • 100.114.101.0/24

    China (Chengdu)

    oss-cn-chengdu

    oss-cn-chengdu-internal.aliyuncs.com

    • 100.115.155.0/24

    • 100.99.107.0/24

    • 100.99.108.0/24

    • 100.99.109.0/24

    China (Hong Kong)

    oss-cn-hongkong

    oss-cn-hongkong-internal.aliyuncs.com

    • 100.115.61.0/24

    • 100.99.103.0/24

    • 100.99.104.0/24

    • 100.99.106.0/24

    Japan (Tokyo)

    oss-ap-northeast-1

    oss-ap-northeast-1-internal.aliyuncs.com

    • 100.114.211.0/24

    • 100.114.114.0/25

    Singapore

    oss-ap-southeast-1

    oss-ap-southeast-1-internal.aliyuncs.com

    • 100.118.219.0/24

    • 100.99.213.0/24

    • 100.99.116.0/24

    • 100.99.117.0/24

    Malaysia (Kuala Lumpur)

    oss-ap-southeast-3

    oss-ap-southeast-3-internal.aliyuncs.com

    • 100.118.165.0/24

    • 100.99.125.0/24

    • 100.99.130.0/24

    • 100.99.131.0/24

    Indonesia (Jakarta)

    oss-ap-southeast-5

    oss-ap-southeast-5-internal.aliyuncs.com

    100.114.98.0/24

    Germany (Frankfurt)

    oss-eu-central-1

    oss-eu-central-1-internal.aliyuncs.com

    100.115.154.0/24

    UK (London)

    oss-eu-west-1

    oss-eu-west-1-internal.aliyuncs.com

    100.114.114.128/25

    US (Silicon Valley)

    oss-us-west-1

    oss-us-west-1-internal.aliyuncs.com

    100.115.107.0/24

    US (Virginia)

    oss-us-east-1

    oss-us-east-1-internal.aliyuncs.com

    • 100.115.60.0/24

    • 100.99.100.0/24

    • 100.99.101.0/24

    • 100.99.102.0/24

    SAU (Riyadh - Partner Region)

    me-central-1

    oss-me-central-1-internal.aliyuncs.com

    100.99.121.0/24

    Example for the China (Hangzhou) region:

      traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"
  2. Add the following annotations to the spec.template.metadata section of your application's YAML file.

    Complete YAML example

    apiVersion: v1
    kind: Namespace
    metadata:
      name: arms-demo
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo
      namespace: arms-demo
      labels:
        app: arms-springboot-demo
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo
      template:
        metadata:
          annotations:
              traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"
          labels:
            app: arms-springboot-demo
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo"
            one-agent.jdk.version: "OpenJDK18"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "true"
                - name: COMPONENT_HOST
                  value: "arms-demo-component"
                - name: COMPONENT_PORT
                  value: "6666"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-springboot-demo-subcomponent
      namespace: arms-demo
      labels:
        app: arms-springboot-demo-subcomponent
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: arms-springboot-demo-subcomponent
      template:
        metadata:
          labels:
            app: arms-springboot-demo-subcomponent
            armsPilotAutoEnable: "on"
            armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
            one-agent.jdk.version: "OpenJDK18"
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
              imagePullPolicy: Always
              name: arms-springboot-demo-subcomponent
              env:
                - name: SELF_INVOKE_SWITCH
                  value: "false"
                - name: MYSQL_SERVICE_HOST
                  value: "arms-demo-mysql"
                - name: MYSQL_SERVICE_PORT
                  value: "3306"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: arms-demo-component
      name: arms-demo-component
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-demo-component-svc
          port: 6666
          targetPort: 8888
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: arms-springboot-demo-subcomponent
    ---
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: arms-demo-mysql
      namespace: arms-demo
      labels:
        app: mysql
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: mysql
      template:
        metadata:
          labels:
            app: mysql
        spec:
          containers:
            - resources:
                limits:
                  cpu: 0.5
              image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
              name: mysql
              ports:
                - containerPort: 3306
                  name: mysql
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        name: mysql
      name: arms-demo-mysql
      namespace: arms-demo
    spec:
      ports:
        # the port that this service should serve on
        - name: arms-mysql-svc
          port: 3306
          targetPort: 3306
      # label keys and values that must match in order to receive traffic for this service
      selector:
        app: mysql
    ---