Jaeger 是一个开源的分布式追踪(distributed tracing) 系统.
Jaeger的核心特点:
-
端到端的延迟跟踪:可以追踪一个请求从起始服务到终止服务的完整路径。
-
性能优化:通过监视服务调用的延迟,开发者可以识别出可能的性能瓶颈并进行优化。
-
服务依赖分析:可以图形化地表示服务之间的依赖关系。
-
分布式上下文传播:支持多种上下文传播格式。
-
存储后端多样性:支持多种存储后端,如Elasticsearch、Cassandra和Kafka等。
-
易于集成:与许多流行的框架和库有良好的集成,如OpenTracing。
-
可视化界面:提供了一个直观的UI,用户可以在其中查询和查看追踪数据,以及查看系统的拓扑结构。
在微服务架构变得越来越普遍的今天,使用像Jaeger这样的分布式追踪工具可以帮助开发和运维团队更好地监控、理解和优化他们的应用。
部署到 Kubernetes
见 https://www.jaegertracing.io/docs/1.48/operator/#installing-the-operator-on-kubernetes
# 创建命名空间
kubectl create namespace observability
# 创建 operator
kubectl create -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.47.0/jaeger-operator.yaml -n observability # <2>
提示: 如果未安装
cert-manager
. 安装jaeger-operator
会提示报错unable to recognize "https://github.com/jaegertracing/jaeger-operator/releases/download/v1.48.0/jaeger-operator.yaml": no matches for kind "Certificate" in version "cert-manager.io/v1" unable to recognize "https://github.com/jaegertracing/jaeger-operator/releases/download/v1.48.0/jaeger-operator.yaml": no matches for kind "Issuer" in version "cert-manager.io/v1"
需要先安装
cert-manager
. 见 https://cert-manager.io/docs/installation/
镜像安装失败 (Time out)
gcr.io/kubebuilder/kube-rbac-proxy
.13.1
quay.io/jaegertracing/jaeger-operator:1.47.0
请使用以下替代
jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1
替代安装日志
# quay.io/jaegertracing/jaeger-operator:1.47.0
docker pull quay.io/jaegertracing/jaeger-operator:1.47.0
docker tag quay.io/jaegertracing/jaeger-operator:1.47.0 jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
docker push jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
# gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
docker pull gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
docker tag gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1
docker push jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1
启动 jaeger
strategy 选择 production 模式. 后台存储使用 ElasticSearch
创建 ES 秘钥
kubectl create secret generic jaeger-secret --from-literal=ES_PASSWORD=changeme --from-literal=ES_USERNAME=elastic -n jaeger
创建实例
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: jaeger-strategy-production
namespace: jaeger
spec:
strategy: production
collector:
maxReplicas: 5
resources:
limits:
cpu: 100m
memory: 128Mi
storage:
type: elasticsearch
options:
es:
server-urls: http://l4.inet.jansora.com:9200
index-prefix: jaeger-production
version: 7 # Necessary as it doesn't work with 8 yet
create-index-templates: false # Necessary as it doesn't work with 8 yet
secretName: jaeger-secret
ingress:
ingressClassName: nginx
hosts:
- jaeger-production.kubernetes.jansora.com
目前 (v1.47) 并不支持 ES 8
解决方法见: https://github.com/jaegertracing/jaeger/issues/3571#issuecomment-1476109314
配置 UI 的反向代理 (nginx)
server {
listen 443 ssl http2;
server_name jaeger.jansora.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/openresty/certs/lets-encrypt-jansora.com/jansora.com.crt;
ssl_certificate_key /etc/openresty/certs/lets-encrypt-jansora.com/jansora.com.key;
location / {
proxy_pass_header Server;
proxy_set_header Host jaeger-production.kubernetes.jansora.com;
proxy_pass_header Server;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://kubernetes;
}
}
喜闻悦见