Install the Java agent for Istio-managed services
The ack-onepilot component uses an init container to prepare the Application Real-Time Monitoring Service (ARMS) agent for a Java application before it starts. When you use ack-onepilot with Istio, the network configuration differs from that of a standard cluster. This topic describes how to upgrade the ack-onepilot component or configure older versions for Istio compatibility.
Step 1: Install the ack-onepilot component
-
For Container Service for Kubernetes (ACK) clusters, see Install the Java agent in ACK and ACS clusters by using the ack-onepilot component.
-
For an ACK One registered cluster, see Connect an Application Real-Time Monitoring Service (ARMS) to a registered cluster.
-
For a self-managed Kubernetes cluster, see Automatically install the agent in a self-managed Kubernetes cluster.
-
If you upgrade ack-onepilot to version 3.0.19 or later, it automatically modifies the istio-proxy interception configuration. In this case, you can skip Step 2. To upgrade the component, see Manage components.
-
To disable the automatic modification of the istio-proxy interception configuration, you can upgrade ack-onepilot to version 4.1.2 or later and set the corresponding option to false. Follow these steps:
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click Workloads > Deployments.
-
On the Stateless page, click the ack-onepilot component, which is typically named ack-onepilot-ack-onepilot and located in the ack-onepilot namespace.
-
On the component's details page, click Edit in the upper-right corner. Then, set the ARMS_ISTIO_AUTO_INJECT_ENABLE environment variable to false.
Step 2: Modify the istio-proxy interception configuration
-
Add the following VIP ranges to your pod's annotation, separated by commas.
Excluded IP ranges
Region
Region ID
VPC endpoint
VIP range
China (Hangzhou)
oss-cn-hangzhou
oss-cn-hangzhou-internal.aliyuncs.com
-
100.118.28.0/24
-
100.114.102.0/24
-
100.98.170.0/24
-
100.118.31.0/24
China (Shanghai)
oss-cn-shanghai
oss-cn-shanghai-internal.aliyuncs.com
-
100.98.35.0/24
-
100.98.110.0/24
-
100.98.169.0/24
-
100.118.102.0/24
China (Qingdao)
oss-cn-qingdao
oss-cn-qingdao-internal.aliyuncs.com
-
100.115.173.0/24
-
100.99.113.0/24
-
100.99.114.0/24
-
100.99.115.0/24
China (Beijing)
oss-cn-beijing
oss-cn-beijing-internal.aliyuncs.com
-
100.118.58.0/24
-
100.118.167.0/24
-
100.118.170.0/24
-
100.118.171.0/24
-
100.118.172.0/24
-
100.118.173.0/24
China (Zhangjiakou)
oss-cn-zhangjiakou
oss-cn-zhangjiakou-internal.aliyuncs.com
-
100.118.90.0/24
-
100.98.159.0/24
-
100.114.0.0/24
-
100.114.1.0/24
China (Hohhot)
oss-cn-huhehaote
oss-cn-huhehaote-internal.aliyuncs.com
-
100.118.195.0/24
-
100.99.110.0/24
-
100.99.111.0/24
-
100.99.112.0/24
China (Ulanqab)
oss-cn-wulanchabu
oss-cn-wulanchabu-internal.aliyuncs.com
-
100.114.11.0/24
-
100.114.12.0/24
-
100.114.100.0/24
-
100.118.214.0/24
China (Shenzhen)
oss-cn-shenzhen
oss-cn-shenzhen-internal.aliyuncs.com
-
100.118.78.0/24
-
100.118.203.0/24
-
100.118.204.0/24
-
100.118.217.0/24
China (Heyuan)
oss-cn-heyuan
oss-cn-heyuan-internal.aliyuncs.com
-
100.98.83.0/24
-
100.118.174.0/24
China (Guangzhou)
oss-cn-guangzhou
oss-cn-guangzhou-internal.aliyuncs.com
-
100.115.33.0/24
-
100.114.101.0/24
China (Chengdu)
oss-cn-chengdu
oss-cn-chengdu-internal.aliyuncs.com
-
100.115.155.0/24
-
100.99.107.0/24
-
100.99.108.0/24
-
100.99.109.0/24
China (Hong Kong)
oss-cn-hongkong
oss-cn-hongkong-internal.aliyuncs.com
-
100.115.61.0/24
-
100.99.103.0/24
-
100.99.104.0/24
-
100.99.106.0/24
Japan (Tokyo)
oss-ap-northeast-1
oss-ap-northeast-1-internal.aliyuncs.com
-
100.114.211.0/24
-
100.114.114.0/25
Singapore
oss-ap-southeast-1
oss-ap-southeast-1-internal.aliyuncs.com
-
100.118.219.0/24
-
100.99.213.0/24
-
100.99.116.0/24
-
100.99.117.0/24
Malaysia (Kuala Lumpur)
oss-ap-southeast-3
oss-ap-southeast-3-internal.aliyuncs.com
-
100.118.165.0/24
-
100.99.125.0/24
-
100.99.130.0/24
-
100.99.131.0/24
Indonesia (Jakarta)
oss-ap-southeast-5
oss-ap-southeast-5-internal.aliyuncs.com
100.114.98.0/24
Germany (Frankfurt)
oss-eu-central-1
oss-eu-central-1-internal.aliyuncs.com
100.115.154.0/24
UK (London)
oss-eu-west-1
oss-eu-west-1-internal.aliyuncs.com
100.114.114.128/25
US (Silicon Valley)
oss-us-west-1
oss-us-west-1-internal.aliyuncs.com
100.115.107.0/24
US (Virginia)
oss-us-east-1
oss-us-east-1-internal.aliyuncs.com
-
100.115.60.0/24
-
100.99.100.0/24
-
100.99.101.0/24
-
100.99.102.0/24
SAU (Riyadh - Partner Region)
me-central-1
oss-me-central-1-internal.aliyuncs.com
100.99.121.0/24
Example for the China (Hangzhou) region:
traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24" -
-
Add the following
annotationsto thespec.template.metadatasection of your application's YAML file.Complete YAML example
apiVersion: v1 kind: Namespace metadata: name: arms-demo --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo namespace: arms-demo labels: app: arms-springboot-demo spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo template: metadata: annotations: traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24" labels: app: arms-springboot-demo armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo env: - name: SELF_INVOKE_SWITCH value: "true" - name: COMPONENT_HOST value: "arms-demo-component" - name: COMPONENT_PORT value: "6666" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo-subcomponent namespace: arms-demo labels: app: arms-springboot-demo-subcomponent spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo-subcomponent template: metadata: labels: app: arms-springboot-demo-subcomponent armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo-subcomponent" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo-subcomponent env: - name: SELF_INVOKE_SWITCH value: "false" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: v1 kind: Service metadata: labels: name: arms-demo-component name: arms-demo-component namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-demo-component-svc port: 6666 targetPort: 8888 # label keys and values that must match in order to receive traffic for this service selector: app: arms-springboot-demo-subcomponent --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-demo-mysql namespace: arms-demo labels: app: mysql spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1 name: mysql ports: - containerPort: 3306 name: mysql --- apiVersion: v1 kind: Service metadata: labels: name: mysql name: arms-demo-mysql namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-mysql-svc port: 3306 targetPort: 3306 # label keys and values that must match in order to receive traffic for this service selector: app: mysql ---