Connect a Java application in an open-source Kubernetes environment to ARMS Application Monitoring - Application Real-Time Monitoring Service

You can use Application Real-Time Monitoring Service (ARMS) to monitor applications in an open-source Kubernetes cluster. ARMS lets you monitor application topology, API calls, abnormal and slow transactions, and SQL analysis. This topic describes how to connect a Java application in an open-source Kubernetes cluster to ARMS Application Monitoring.

Note

This topic does not apply if your Kubernetes cluster is provided by Container Service for Kubernetes (ACK). To connect an ACK cluster to ARMS, see Install a Java agent for ACK and Container Compute Service (ACS) using the ack-onepilot component.

Prerequisites

Your Kubernetes cluster is version 1.18 or later.
If your Kubernetes cluster is not deployed on Alibaba Cloud, ensure that the cluster has internet access. You can also connect the cluster to an Alibaba Cloud Virtual Private Cloud (VPC) using a Cloud Enterprise Network (CEN) instance.
The version of the JDK is supported by Application Monitoring. For more information, see Java components and frameworks supported by ARMS.
The maximum heap memory of the process is greater than 256 MB.

(Recommended) Method 1: Connect to ARMS through a registered ACK cluster

Benefits of using a registered ACK cluster:

More efficient O&M support.
Access to more extension capabilities of Container Service for Kubernetes (ACK) clusters, such as monitoring, logging, backup and recovery, security, and elastic cloud resources. For more information, see Overview of registered clusters.

Connect the Kubernetes cluster to ACK One. For more information, see Create an ACK One registered cluster.
Install the ack-onepilot component for the registered cluster. For more information, see Connect Application Real-Time Monitoring Service to a registered cluster.

Method 2: Connect directly to ARMS

Important

This method does not use a registered ACK cluster. After you connect, container-related information, such as CPU, memory, disk, and network information, cannot be associated or displayed. The Application Instances page displays only the container environment data collected by ARMS. You cannot view the container data that is obtained by the Prometheus agent by connecting to Managed Service for Prometheus. For more information, see Java application instance monitoring.

Step 1: Install Helm V3

Step 2: Install the agent

Application Monitoring supports connecting both stateless (Deployment) and stateful (StatefulSet) applications. The connection method is the same for both types. This section uses a stateless (Deployment) application in a Kubernetes environment as an example.

Run the following wget command to download the ack-onepilot installation package.

 wget 'https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/ack-onepilot-5.1.1.tgz'

Run the following command to decompress the ack-onepilot installation package.
```
tar xvf ack-onepilot-5.1.1.tgz                 
```
Edit the values.yaml file in the installation package. Modify the following parameters as needed and save the file.
```
registry: registry-__ACK_REGION_ID__.ack.aliyuncs.com/acs/
cluster_id: __ACK_CLUSTER_ID__
accessKey: __ACCESSKEY__
accessKeySecret: __ACCESSKEY_SECRET__
uid: "__ACK_UID__"
region_id: __ACK_REGION_ID__
```
- registry: The registry address of the ack-onepilot component.
- cluster_id: A custom ID for the Kubernetes cluster. This ID must be unique. The recommended format is <uid>-<clusterid>.
- accessKey and accessKeySecret: The AccessKey ID and AccessKey secret of your Alibaba Cloud account. To obtain an AccessKey pair, see Create an AccessKey.
  Important
  Ensure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are granted to the Alibaba Cloud account.
  If you are a Resource Access Management (RAM) user, ensure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are also granted to the RAM user. For more information, see Grant permissions to a RAM user.
  For security, you can use Kubernetes Secrets to protect your AccessKey ID and AccessKey secret. For more information, see Method 2: Import an AccessKey pair using a Kubernetes Secret.
- uid: The ID of your Alibaba Cloud account. To obtain the ID, move the pointer over your profile picture in the upper-right corner of the Alibaba Cloud Management Console.
- region_id: The ID of the Alibaba Cloud region. For more information about the regions that support Application Monitoring, see Regions.
Note
If the target cluster is an edge cluster, add a nodeSelector annotation to schedule the ack-onepilot component to the cloud. This ensures that ack-onepilot works as expected.
```
kind: Deployment
apiVersion: apps/v1
metadata:
  name: xxx
  namespace: xxx
spec:
  template:
    spec:
      nodeSelector:
        # Replace it with the actual node selector.
        alibabacloud.com/is-edge-worker: "false"
```
Run the following command to install ack-onepilot.
Run this command from the parent directory of the ack-onepilot installation package.
```
helm3 upgrade --install ack-onepilot ack-onepilot --namespace ack-onepilot --create-namespace
```

Step 3: Modify the YAML file of the application

Run the following command to view the YAML file of the target stateless (Deployment) application.
```
kubectl get deployment {deployment-name} -o yaml                            
```
Note
If you do not know the {deployment-name}, run the following command to view all stateless (Deployment) applications. Find the target application in the results, and then view its YAML file.
```
kubectl get deployments --all-namespace                
```

You can edit the YAML file for the target stateless application (Deployment).

kubectl edit deployment {Deployment-name} -o yaml

In the YAML file, add the following content under the spec.template.metadata path.

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Note

For information about Application Security, see What is Application Security?
For information about the billing rules of Application Security, see Billing.

To create a new stateless (Deployment) application in a Kubernetes environment and connect it to ARMS, use the following complete YAML file as a reference:

Expand to view the complete sample YAML file

apiVersion: apps/v1beta1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match to receive traffic for this service
  selector:
    app: mysql
---

After you save the configuration, the application automatically restarts to apply the changes.
After 2 to 5 minutes, if your application appears on the Application Monitoring > Application List page in the ARMS console and data is being reported, the application is successfully connected.