ack-onepilot组件需要在应用启动前通过init-container为Java应用提前准备ARMS探针,在同时使用ack-onepilot与Istio时,由于Istio环境中网络配置与普通集群中有差异,请按照本文升级ack-onepilot组件或对低版本ack-onepilot进行一些额外的配置。
步骤一:安装ack-onepilot组件
ACK集群安装操作,请参见容器服务ACK环境自动安装探针。
ACK One注册集群安装操作,请参见将应用实时监控服务ARMS接入注册集群。
通用Kubernetes环境安装操作,请参见通用Kubernetes环境自动安装探针。
步骤二:修改istio-proxy拦截配置
将以下VIP网段通过英文半角逗号(,)分隔的方式配置到Pod的Annotation上。
展开查看istio-proxy不拦截的网段
Region
Region ID
VPC网络Endpoint
VIP网段
华东1(杭州)
oss-cn-hangzhou
oss-cn-hangzhou-internal.aliyuncs.com
100.118.28.0/24
100.114.102.0/24
100.98.170.0/24
100.118.31.0/24
华东2(上海)
oss-cn-shanghai
oss-cn-shanghai-internal.aliyuncs.com
100.98.35.0/24
100.98.110.0/24
100.98.169.0/24
100.118.102.0/24
华北1(青岛)
oss-cn-qingdao
oss-cn-qingdao-internal.aliyuncs.com
100.115.173.0/24
100.99.113.0/24
100.99.114.0/24
100.99.115.0/24
华北2(北京)
oss-cn-beijing
oss-cn-beijing-internal.aliyuncs.com
100.118.58.0/24
100.118.167.0/24
100.118.170.0/24
100.118.171.0/24
100.118.172.0/24
100.118.173.0/24
华北 3(张家口)
oss-cn-zhangjiakou
oss-cn-zhangjiakou-internal.aliyuncs.com
100.118.90.0/24
100.98.159.0/24
100.114.0.0/24
100.114.1.0/24
华北5(呼和浩特)
oss-cn-huhehaote
oss-cn-huhehaote-internal.aliyuncs.com
100.118.195.0/24
100.99.110.0/24
100.99.111.0/24
100.99.112.0/24
华北6(乌兰察布)
oss-cn-wulanchabu
oss-cn-wulanchabu-internal.aliyuncs.com
100.114.11.0/24
100.114.12.0/24
100.114.100.0/24
100.118.214.0/24
华南1(深圳)
oss-cn-shenzhen
oss-cn-shenzhen-internal.aliyuncs.com
100.118.78.0/24
100.118.203.0/24
100.118.204.0/24
100.118.217.0/24
华南2(河源)
oss-cn-heyuan
oss-cn-heyuan-internal.aliyuncs.com
100.98.83.0/24
100.118.174.0/24
华南3(广州)
oss-cn-guangzhou
oss-cn-guangzhou-internal.aliyuncs.com
100.115.33.0/24
100.114.101.0/24
西南1(成都)
oss-cn-chengdu
oss-cn-chengdu-internal.aliyuncs.com
100.115.155.0/24
100.99.107.0/24
100.99.108.0/24
100.99.109.0/24
中国香港
oss-cn-hongkong
oss-cn-hongkong-internal.aliyuncs.com
100.115.61.0/24
100.99.103.0/24
100.99.104.0/24
100.99.106.0/24
日本(东京)
oss-ap-northeast-1
oss-ap-northeast-1-internal.aliyuncs.com
100.114.211.0/24
100.114.114.0/25
新加坡
oss-ap-southeast-1
oss-ap-southeast-1-internal.aliyuncs.com
100.118.219.0/24
100.99.213.0/24
100.99.116.0/24
100.99.117.0/24
澳大利亚(悉尼)关停中
oss-ap-southeast-2
oss-ap-southeast-2-internal.aliyuncs.com
100.98.201.0/24
马来西亚(吉隆坡)
oss-ap-southeast-3
oss-ap-southeast-3-internal.aliyuncs.com
100.118.165.0/24
100.99.125.0/24
100.99.130.0/24
100.99.131.0/24
印度尼西亚(雅加达)
oss-ap-southeast-5
oss-ap-southeast-5-internal.aliyuncs.com
100.114.98.0/24
德国(法兰克福)
oss-eu-central-1
oss-eu-central-1-internal.aliyuncs.com
100.115.154.0/24
英国(伦敦)
oss-eu-west-1
oss-eu-west-1-internal.aliyuncs.com
100.114.114.128/25
美国(硅谷)
oss-us-west-1
oss-us-west-1-internal.aliyuncs.com
100.115.107.0/24
美国(弗吉尼亚)
oss-us-east-1
oss-us-east-1-internal.aliyuncs.com
100.115.60.0/24
100.99.100.0/24
100.99.101.0/24
100.99.102.0/24
以杭州地域为例:
traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24"修改应用的YAML文件,将以下
annotations添加到spec.template.metadata层级下。
展开查看完成的YAML示例
apiVersion: v1 kind: Namespace metadata: name: arms-demo --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo namespace: arms-demo labels: app: arms-springboot-demo spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo template: metadata: annotations: traffic.sidecar.istio.io/excludeOutboundIPRanges: "100.118.28.0/24,100.114.102.0/24,100.98.170.0/24,100.118.31.0/24" labels: app: arms-springboot-demo armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo env: - name: SELF_INVOKE_SWITCH value: "true" - name: COMPONENT_HOST value: "arms-demo-component" - name: COMPONENT_PORT value: "6666" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-springboot-demo-subcomponent namespace: arms-demo labels: app: arms-springboot-demo-subcomponent spec: replicas: 2 selector: matchLabels: app: arms-springboot-demo-subcomponent template: metadata: labels: app: arms-springboot-demo-subcomponent armsPilotAutoEnable: "on" armsPilotCreateAppName: "arms-k8s-demo-subcomponent" one-agent.jdk.version: "OpenJDK18" spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-springboot-demo:v0.1 imagePullPolicy: Always name: arms-springboot-demo-subcomponent env: - name: SELF_INVOKE_SWITCH value: "false" - name: MYSQL_SERVICE_HOST value: "arms-demo-mysql" - name: MYSQL_SERVICE_PORT value: "3306" --- apiVersion: v1 kind: Service metadata: labels: name: arms-demo-component name: arms-demo-component namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-demo-component-svc port: 6666 targetPort: 8888 # label keys and values that must match in order to receive traffic for this service selector: app: arms-springboot-demo-subcomponent --- apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata: name: arms-demo-mysql namespace: arms-demo labels: app: mysql spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - resources: limits: cpu: 0.5 image: registry.cn-hangzhou.aliyuncs.com/arms-docker-repo/arms-demo-mysql:v0.1 name: mysql ports: - containerPort: 3306 name: mysql --- apiVersion: v1 kind: Service metadata: labels: name: mysql name: arms-demo-mysql namespace: arms-demo spec: ports: # the port that this service should serve on - name: arms-mysql-svc port: 3306 targetPort: 3306 # label keys and values that must match in order to receive traffic for this service selector: app: mysql ---