All Products
Search

This Product

    Cloud Monitor:Install a Java agent for ACK and ACS by using the ack-onepilot component

    Document Center

    Cloud Monitor:Install a Java agent for ACK and ACS by using the ack-onepilot component

    Last Updated:Nov 18, 2025

    You can install the ack-onepilot component to monitor Java applications deployed in Container Service for Kubernetes (ACK) or Container Compute Service (ACS). After the component is installed, you can view monitoring data such as application topology, API calls, and abnormal or slow transactions. This topic describes how to install an agent for Java applications in Container Service for Kubernetes (ACK) and Container Compute Service (ACS).

    About the ack-onepilot component

    The Application Monitoring agent installation assistant, ack-onepilot, is a key component for installing agents for different languages. It automatically prepares the Application Monitoring agent package and configures the agent's reporting environment within a container. For more information about the basic principles of ack-onepilot, see Basic principles of the ack-onepilot component.

    After the agent is installed, ack-onepilot automatically upgrades the agent to the latest version when the application is restarted and a new version of the agent is available. If you do not want the agent to be automatically updated with each new release, you can control the agent version. For more information, see Control the agent version.

    Step 1: Install the agent installation assistant (ack-onepilot)

    1. Log on to the ACK console. On the Clusters page, click the name of the cluster.

    2. In the navigation pane on the left, click Add-ons. Then, find ack-onepilot.

      Important

      The ack-onepilot version must be 5.1.0 or later.

    3. Click Install on the ack-onepilot card.

      Note

      By default, the ack-onepilot component supports 1,000 pods. For every additional 1,000 pods in the cluster, you must add 0.5 CPU cores and 512 MB memory for the component.

    4. In the dialog box that appears, configure the parameters and click OK. We recommend that you use the default values.

      Note

      After you install ack-onepilot, you can upgrade, configure, or uninstall it on the Add-ons page.

    Step 2: Grant access permissions on ARMS resources

    ACK managed cluster

    If ARMS Addon Token does not exist in your ACK managed cluster, perform the following steps to authorize the cluster to access ARMS. If ARMS Addon Token exists, go to Step 3.

    Check whether ARMS Addon Token exists in a cluster

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster to go to the cluster details page.

    2. In the left-side navigation pane, choose Configurations > Secrets. In the upper part of the page, select kube-system from the Namespace drop-down list and check whether addon.arms.token is displayed on the Secrets page.

    Note

    If a cluster has ARMS Addon Token, ARMS performs password-free authorization on the cluster. ARMS Addon Token may not exist in some ACK managed clusters. We recommend that you check whether an ACK managed cluster has ARMS Addon Token before you use ARMS to monitor applications in the cluster. If the cluster has no ARMS Addon Token, you must authorize the cluster to access ARMS.

    Manually add permission policies

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, click the name of the cluster.

    2. On the Basic Information tab of the Cluster Information page, click the link next to Worker RAM Role in the Cluster Resources section.

    3. On the page that appears, click Grant Permission on the Permissions tab.

    4. In the Grant Permission panel, add the following policies and click Grant permissions.

      • AliyunTracingAnalysisFullAccess: full access to Managed Service for OpenTelemetry.

      • AliyunARMSFullAccess: full access to ARMS.

    ACK dedicated cluster/registered cluster

    To monitor an application deployed in an ACK dedicated cluster or registered cluster, make sure that the AliyunARMSFullAccess and AliyunSTSAssumeRoleAccess permissions are granted to your Resouce Access Management (RAM) user.

    After installing the ack-onepilot component, enter the AccessKey ID and AccessKey Secret of the account in the configuration file of ack-onepilot.

    Method 1: Input in Hem

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, click the cluster you want to manage. In the left-side navigation pane of the page that appears, choose Applications > Helm. Then, click Update next to ack-onepilot.

    3. Replace accessKey and accessKeySecret with the AccessKey ID and AccessKey secret of the account and click OK.

      Note

      The AccessKey Secret is only visible during initial creation of an Alibaba Cloud AccessKey pair and cannot be retrieved afterward. This design mitigates leakage risks. Securely store the Secret immediately.

      image

    4. Restart the Deployment.

    Method 2: Import through Kubernetes Secrets

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the cluster you want to manage. In the left-side navigation pane of the page that appears, choose Configurations > Secrets.

    3. Click Create. In the panel that appears, click Add and add the AccessKey ID and AccessKey Secret for ack-onepilot.

      Note

      The AccessKey Secret is only visible during initial creation of an Alibaba Cloud AccessKey pair and cannot be retrieved afterward. This design mitigates leakage risks. Securely store the Secret immediately.

      image

    4. In the left-side navigation pane, choose Workloads > Deployments. On the page that appears, click the ack-onepilot component. Generally, it is named ack-onepilot-ack-onepilot in the ack-onepilot namespace.

    5. In the upper-right corner of the page that appears, click Edit.

    6. Scroll down until you see the Environments section. Click Add, add the environment variables ONE_PILOT_ACCESSKEY and ONE_PILOT_ACCESSKEY_SECRET, reference the Secrets in Kubernetes Secrets, and click OK.

      image

    ASK/ECI cluster

    To monitor applications in an ACK Serverless (ASK) cluster or applications in a Kubernetes cluster connected to Elastic Container Instance, you must first authorize the cluster to access ARMS on the Cloud Resource Access Authorization page. Then, restart all pods on which the ack-onepilot component is deployed.

    Step 3: Enable Application Monitoring for a Java application

    The following YAML template shows how to create a deployment and enable Application Monitoring for it:

    View the complete sample YAML file (Java)

    apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
        armsPilotAppWorkspace: "workspace"   # Replace workspace with the name of your workspace.
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
        armsPilotAppWorkspace: "workspace"   # Replace workspace with the name of your workspace.
        one-agent.jdk.version: "OpenJDK18"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  selector:
    app: mysql
---

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, find the cluster you want to manage and click its name. In the left navigation pane, choose Workloads > Deployments.

    3. On the Deployments page, choose image > Edit YAML in the Actions column.

    4. In the YAML file, add the following labels to the `spec.template.metadata` section.

      labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "deployment-name"    # Replace deployment-name with the name of your application.
  armsPilotAppWorkspace: "workspace"  # Replace workspace with the name of your workspace.

      image

    5. Click Update.

    View monitoring details

    1. Log on to the Cloud Monitor 2.0 console, and select a workspace. In the left navigation pane, choose Application Center > Application Observability > Application Insights.

    2. On the Application List page, you can view the connected applications. Click the name of an application to view its detailed monitoring data.