Install an ARMS agent for a Java application deployed in ACK or ACS - Application Real-Time Monitoring Service

After you install ack-onepilot, Application Real-Time Monitoring Service (ARMS) monitors your Java application deployed in Container Service for Kubernetes (ACK) or Container Compute Service (ACS). You can view the monitoring data, such as the application topology, interface calls, and abnormal and slow transactions. This topic describes how to install an ARMS agent for a Java application deployed in ACK or ACS.

Introduction to ack-onepilot

The Application Monitoring component ack-onepilot is an agent installation assistant which installs the ARMS agents for various languages. It automatically prepares ARMS agent packages and sets up the environment for agents to report data in a container environment. For information about the working principles of ack-onepilot, see Working principles of the ack-onepilot component.

To ensure your optimal user experience, after you install the ARMS agent, the ack-onepilot component automatically updates the agent to the latest version when your application restarts, following the release of a new agent version. If you do not want to automatically update the agent with each new release, you can manually control the agent version.

Important

The old component arms-pilot is no longer maintained. You can install the new component ack-onepilot to monitor your application. The ack-onepilot component is fully compatible with arms-pilot. You can seamlessly install ack-onepilot without the need to modify application configurations. For more information, see How do I uninstall arms-pilot and install ack-onepilot?

Prerequisites

An ACK or ACS cluster is created.
- ACK cluster: You can create an ACK managed cluster, ACK dedicated cluster, or ACK Serverless cluster, or a registered cluster, based on your business requirements.
- ACS cluster: For information about how to create an ACS cluster, see Create an ACS cluster.
A namespace is created in the cluster. For more information, see Manage namespaces and resource quotas. The namespace used in this example is arms-demo.
The version of the JDK is supported by Application Monitoring. For more information, see Java components and frameworks supported by ARMS.
The maximum heap memory of the process is greater than 256 MB.

Procedure

The procedure for installing an ARMS agent on an application deployed in ACK is the same as that for an application deployed in ACS. The following uses the ACK environment as an example.

Step 1: Install ack-onepilot

Log on to the ACK console. On the Clusters page, click the name of the cluster.
In the left-side navigation pane, click Add-ons. On the Add-ons page, search for ack-onepilot.
Click Install on the ack-onepilot card.
Note
By default, the ack-onepilot component supports 1,000 pods. For every additional 1,000 pods in the cluster, you must add 0.5 CPU cores and 512 MB memory for the component.
In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.
Note
After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

Step 2: Grant access permissions on ARMS resources

ACK managed cluster

If ARMS Addon Token does not exist in your ACK managed cluster, perform the following steps to authorize the cluster to access ARMS. If ARMS Addon Token exists, go to Step 3.

Check whether ARMS Addon Token exists in a cluster

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.
In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

Note

If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must authorize the cluster to access ARMS.

Manually add permission policies

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.
On the Basic Information tab of the Cluster Information page, click the link next to Worker RAM Role in the Cluster Resources section.
On the page that appears, click Grant Permission on the Permissions tab.
In the Grant Permission panel, add the following policies and click Grant permissions.
- AliyunTracingAnalysisFullAccess: full access to Managed Service for OpenTelemetry.
- AliyunARMSFullAccess: full access to ARMS.

ACK dedicated cluster/registered cluster

To monitor an application deployed in an ACK dedicated cluster or registered cluster, make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are granted to your Resouce Access Management (RAM) user.

After installing the ack-onepilot component, enter the AccessKey ID and AccessKey Secret of the account in the configuration file of ack-onepilot.

Method 1: Input in Hem

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the cluster you want to manage. In the left-side navigation pane of the page that appears, choose Applications > Helm. Then, click Update next to ack-onepilot.
Replace accessKey and accessKeySecret with the AccessKey ID and AccessKey secret of the account and click OK.
Note
The AccessKey Secret is only visible during initial creation of an Alibaba Cloud AccessKey pair and cannot be retrieved afterward. This design mitigates leakage risks. Securely store the Secret immediately.
Restart the Deployment.

Method 2: Import through Kubernetes Secrets

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the cluster you want to manage. In the left-side navigation pane of the page that appears, choose Configurations > Secrets.
Click Create. In the panel that appears, click Add and add the AccessKey ID and AccessKey Secret for ack-onepilot.
Note
The AccessKey Secret is only visible during initial creation of an Alibaba Cloud AccessKey pair and cannot be retrieved afterward. This design mitigates leakage risks. Securely store the Secret immediately.
In the left-side navigation pane, choose Workloads > Deployments. On the page that appears, click the ack-onepilot component. Generally, it is named ack-onepilot-ack-onepilot in the ack-onepilot namespace.
In the upper-right corner of the page that appears, click Edit.
Scroll down until you see the Environments section. Click Add, add the environment variables ONE_PILOT_ACCESSKEY and ONE_PILOT_ACCESSKEY_SECRET, reference the Secrets in Kubernetes Secrets, and click OK.

ASK/ECI cluster

To monitor applications in an ACK Serverless (ASK) cluster or applications in a Kubernetes cluster connected to Elastic Container Instance, you must first authorize the cluster to access ARMS on the Cloud Resource Access Authorization page. Then, restart all pods on which the ack-onepilot component is deployed.

Step 3: Enable Application Monitoring for the application

The following YAML template shows how to create a Deployment and enable Application Monitoring for the application:

YAML template

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
---

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster you want to manage and click its name. In the left-side pane, choose Workloads > Deployments.
On the Deployments page, choose > Edit YAML in the Actions column.

In the YAML file, add the following labels to spec.template.metadata:

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.