ack-onepilot組件需要在應用啟動前通過init-container為Java應用提前準備ARMS探針,在同時使用ack-onepilot與Istio時,由於Istio環境中網路設定與普通叢集中有差異,請按照本文升級ack-onepilot組件或對低版本ack-onepilot進行一些額外的配置。
步驟一:安裝ack-onepilot組件
ACK叢集安裝操作,請參見Container ServiceACK和容器計算服務ACS通過ack-onepilot組件安裝Java探針。
ACK One註冊叢集安裝操作,請參見將應用即時監控服務ARMS接入註冊叢集。
通用Kubernetes環境安裝操作,請參見通用Kubernetes環境自動安裝探針。
將ack-onepilot升級至最新版本(3.0.19及以上版本)可自動修改istio-proxy攔截配置,此時無需執行步驟二。升級操作,請參見管理組件。
如果您想關閉ack-onepilot自動修改istio-proxy攔截配置的能力,可以將ack-onepilot升級到4.1.2及以上版本,同時設定為false,步驟如下:
登入Container Service管理主控台,在左側導覽列選擇叢集列表。
在叢集列表頁面,單擊目的地組群名稱,然後在左側導覽列,選擇工作負載 > 無狀態。
在無狀態頁面單擊ack-onepilot組件(一般在ack-onepilot命名空間下,名稱為ack-onepilot-ack-onepilot)。
在ack-onepilot-ack-onepilot頁面右上方單擊編輯,然後設定ARMS_ISTIO_AUTO_INJECT_ENABLE環境變數為false。
步驟二:修改istio-proxy攔截配置
將以下VIP網段通過英文半形逗號(,)分隔的方式配置到Pod的Annotation上。
展開查看istio-proxy不攔截的網段
Region
Region ID
VPC網路Endpoint
VIP網段
華東1(杭州)
oss-cn-hangzhou
oss-cn-hangzhou-internal.aliyuncs.com
100.118.28.0/24
100.114.102.0/24
100.98.170.0/24
100.118.31.0/24
華東2(上海)
oss-cn-shanghai
oss-cn-shanghai-internal.aliyuncs.com
100.98.35.0/24
100.98.110.0/24
100.98.169.0/24
100.118.102.0/24
華北1(青島)
oss-cn-qingdao
oss-cn-qingdao-internal.aliyuncs.com
100.115.173.0/24
100.99.113.0/24
100.99.114.0/24
100.99.115.0/24
華北2(北京)
oss-cn-beijing
oss-cn-beijing-internal.aliyuncs.com
100.118.58.0/24
100.118.167.0/24
100.118.170.0/24
100.118.171.0/24
100.118.172.0/24
100.118.173.0/24
華北 3(張家口)
oss-cn-zhangjiakou
oss-cn-zhangjiakou-internal.aliyuncs.com
100.118.90.0/24
100.98.159.0/24
100.114.0.0/24
100.114.1.0/24
華北5(呼和浩特)
oss-cn-huhehaote
oss-cn-huhehaote-internal.aliyuncs.com
100.118.195.0/24
100.99.110.0/24
100.99.111.0/24
100.99.112.0/24
華北6(烏蘭察布)
oss-cn-wulanchabu
oss-cn-wulanchabu-internal.aliyuncs.com
100.114.11.0/24
100.114.12.0/24
100.114.100.0/24
100.118.214.0/24
華南1(深圳)
oss-cn-shenzhen
oss-cn-shenzhen-internal.aliyuncs.com
100.118.78.0/24
100.118.203.0/24
100.118.204.0/24
100.118.217.0/24
華南2(河源)
oss-cn-heyuan
oss-cn-heyuan-internal.aliyuncs.com
100.98.83.0/24
100.118.174.0/24
華南3(廣州)
oss-cn-guangzhou
oss-cn-guangzhou-internal.aliyuncs.com
100.115.33.0/24
100.114.101.0/24
西南1(成都)
oss-cn-chengdu
oss-cn-chengdu-internal.aliyuncs.com
100.115.155.0/24
100.99.107.0/24
100.99.108.0/24
100.99.109.0/24
中國香港
oss-cn-hongkong
oss-cn-hongkong-internal.aliyuncs.com
100.115.61.0/24
100.99.103.0/24
100.99.104.0/24
100.99.106.0/24
日本(東京)
oss-ap-northeast-1
oss-ap-northeast-1-internal.aliyuncs.com
100.114.211.0/24
100.114.114.0/25
新加坡
oss-ap-southeast-1
oss-ap-southeast-1-internal.aliyuncs.com
100.118.219.0/24
100.99.213.0/24
100.99.116.0/24
100.99.117.0/24
馬來西亞(吉隆坡)
oss-ap-southeast-3
oss-ap-southeast-3-internal.aliyuncs.com
100.118.165.0/24
100.99.125.0/24
100.99.130.0/24
100.99.131.0/24
印尼(雅加達)
oss-ap-southeast-5
oss-ap-southeast-5-internal.aliyuncs.com
100.114.98.0/24
德國(法蘭克福)
oss-eu-central-1
oss-eu-central-1-internal.aliyuncs.com
100.115.154.0/24
英國(倫敦)
oss-eu-west-1
oss-eu-west-1-internal.aliyuncs.com
100.114.114.128/25
美國(矽谷)
oss-us-west-1
oss-us-west-1-internal.aliyuncs.com
100.115.107.0/24
美國(維吉尼亞)
oss-us-east-1
oss-us-east-1-internal.aliyuncs.com
100.115.60.0/24
100.99.100.0/24
100.99.101.0/24
100.99.102.0/24
沙特(利雅得)
me-central-1
oss-me-central-1-internal.aliyuncs.com
100.99.121.0/24
以杭州地區為例:
traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"修改應用的YAML檔案,將以下
annotations添加到spec.template.metadata層級下。
展開查看完成的YAML樣本
apiVersion: v1 kind: Namespace metadata: name: arms-demo --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo namespace: arms-demo labels: app: arms-springboot-demo spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo template: metadata: annotations: traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24" labels: app: arms-springboot-demo armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo env: - name: SELF_INVOKE_SWITCH value: "true" - name: COMPONENT_HOST value: "arms-demo-component" - name: COMPONENT_PORT value: "6666" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo-subcomponent namespace: arms-demo labels: app: arms-springboot-demo-subcomponent spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo-subcomponent template: metadata: labels: app: arms-springboot-demo-subcomponent armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo-subcomponent" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo-subcomponent env: - name: SELF_INVOKE_SWITCH value: "false" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: v1 kind: Service metadata: labels: name: arms-demo-component name: arms-demo-component namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-demo-component-svc port: 6666 targetPort: 8888 # label keys and values that must match in order to receive traffic for this service selector: app: arms-springboot-demo-subcomponent --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-demo-mysql namespace: arms-demo labels: app: mysql spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1 name: mysql ports: - containerPort: 3306 name: mysql --- apiVersion: v1 kind: Service metadata: labels: name: mysql name: arms-demo-mysql namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-mysql-svc port: 3306 targetPort: 3306 # label keys and values that must match in order to receive traffic for this service selector: app: mysql ---