Enable ARMS for a registered cluster - Container Service for Kubernetes

You can use Application Real-Time Monitoring Service (ARMS) to monitor the status of applications in real time. To monitor applications in a registered cluster, you need to install the ARMS application monitoring component in the registered cluster.

Prerequisites

An external Kubernetes cluster is registered in the Container Service for Kubernetes (ACK) console. For more information, see Create a registered cluster and register an external cluster with ACK.
A kubectl client is connected to the registered cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

Step 1: Install the ARMS application monitoring component

Use onectl

Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.

Run the following command to configure RAM permissions for the ack-onepilot component:

onectl ram-user grant --addon ack-onepilot

Expected output:

Ram policy ack-one-registered-cluster-policy-ack-onepilot granted to ram user **** successfully.

Run the following command to install the ack-onepilot component:
```
onectl addon install ack-onepilot
```
Expected output:
```
Addon ack-onepilot, version **** installed.
```

Use the console

Configure a RAM policy. Before you install the component, you must specify your AccessKey pair in the registered cluster. The AccessKey pair is used to acquire cloud service access permissions.
1. Create a RAM user. For more information, see Create a RAM user.
2. Create a custom policy. For more information, see Create custom policies.
  The ack-onepilot component requires the permissions in the following policy:
```
{
    "Version": "1",
    "Statement": [
        {
            "Action": "arms:*",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}
```
3. Attach the custom policy to the RAM user. For more information, see Authorize a RAM user.
4. Create an AccessKey pair for the RAM user. For more information, see Create an AccessKey pair.
5. Use the AccessKey pair to create a Secret named alibaba-addon-secret in the registered cluster.
  Run the following command to create a Secret used by the ack-onepilot component.
  Note
  You need to replace access-key-id and access-key-secret in the command with the AccessKey ID and AccessKey secret you created in the previous step.
```
kubectl -n ack-onepilot create secret generic alibaba-addon-secret --from-literal='access-key-id=<your AccessKey ID>' --from-literal='access-key-secret=<your AccessKey Secret>'
```
Install the ack-onepilot component.
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.
3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot card, and then click Install in the lower-right corner.
4. In the Install ack-onepilot dialog box, configure the parameters and click OK.

Step 2: Enable ARMS for a Java application

To enable Application Monitoring when you create an application, perform the following steps:

Log on to the ACK console. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that you want to manage, and click Applications in the Actions column.
On the Deployments page, click Create from YAML in the upper-right corner of the page.

On the page that appears, select a template from the Sample Template drop-down list, and add the following labels to the spec > template > metadata section in the Template code editor:

labels:
  armsPilotAutoEnable: "on"
  armsPilotCreateAppName: "<your-deployment-name>"    # Replace <your-deployment-name> with the actual application name. 
  armsSecAutoEnable: "on"    # If you want to connect the application to Application Security, you must configure this parameter.

Note

For more information about Application Security, see What is Application Security?
For more information about the billing rules of Application Security, see Billing.

YAML Example

The following YAML template shows how to create a Deployment application and enable Application Monitoring for the application:

Show the complete YAML file (Java)

apiVersion: v1
kind: Namespace
metadata:
  name: arms-demo
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-springboot-demo
  namespace: arms-demo
  labels:
    app: arms-springboot-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo
  template:
    metadata:
      labels:
        app: arms-springboot-demo
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo
          env:
            - name: SELF_INVOKE_SWITCH
              value: "true"
            - name: COMPONENT_HOST
              value: "arms-demo-component"
            - name: COMPONENT_PORT
              value: "6666"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  name: arms-springboot-demo-subcomponent
  namespace: arms-demo
  labels:
    app: arms-springboot-demo-subcomponent
spec:
  replicas: 2
  selector:
    matchLabels:
      app: arms-springboot-demo-subcomponent
  template:
    metadata:
      labels:
        app: arms-springboot-demo-subcomponent
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: "arms-k8s-demo-subcomponent"
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1
          imagePullPolicy: Always
          name: arms-springboot-demo-subcomponent
          env:
            - name: SELF_INVOKE_SWITCH
              value: "false"
            - name: MYSQL_SERVICE_HOST
              value: "arms-demo-mysql"
            - name: MYSQL_SERVICE_PORT
              value: "3306"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: arms-demo-component
  name: arms-demo-component
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-demo-component-svc
      port: 6666
      targetPort: 8888
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: arms-springboot-demo-subcomponent
---
apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: arms-demo-mysql
  namespace: arms-demo
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - resources:
            limits:
              cpu: 0.5
          image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1
          name: mysql
          ports:
            - containerPort: 3306
              name: mysql
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: mysql
  name: arms-demo-mysql
  namespace: arms-demo
spec:
  ports:
    # the port that this service should serve on
    - name: arms-mysql-svc
      port: 3306
      targetPort: 3306
  # label keys and values that must match in order to receive traffic for this service
  selector:
    app: mysql
---

On the Deployments page, click ARMS Console in the Actions column of the Java application to navigate to the ARMS console and perform service governance.

What to do next

Uninstall ack-onepilot for all applications in the cluster
Use onectl
1. Run the following command to uninstall the ack-onepilot component:
```
onectl addon uninstall ack-onepilot
```
  Expected output:
```
Addon ack-onepilot uninstalled.
```
2. Restart your application pod.
Use the console
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.
3. On the Add-ons page, click the Logs and Monitoring tab, find the ack-onepilot component, and then click Uninstall in the lower-right corner.
4. In the message that appears, click OK.
5. Restart your application pod.
Uninstall ack-onepilot for an application in the cluster
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of the desired cluster and choose Workloads > Deployments in the left-side navigation pane.
3. On the Deployments page, choose More > View in YAML in the Actions column of the application that you want to manage. In the Edit YAML dialog box, delete the labels that you added in Step 2, and then click Update.
4. Restart your application pod.