云原生之初探Jaeger

Jaeger 是一个开源的分布式追踪(distributed tracing) 系统.

Jaeger的核心特点:

  1. 端到端的延迟跟踪:可以追踪一个请求从起始服务到终止服务的完整路径。

  2. 性能优化:通过监视服务调用的延迟,开发者可以识别出可能的性能瓶颈并进行优化。

  3. 服务依赖分析:可以图形化地表示服务之间的依赖关系。

  4. 分布式上下文传播:支持多种上下文传播格式。

  5. 存储后端多样性:支持多种存储后端,如Elasticsearch、Cassandra和Kafka等。

  6. 易于集成:与许多流行的框架和库有良好的集成,如OpenTracing。

  7. 可视化界面:提供了一个直观的UI,用户可以在其中查询和查看追踪数据,以及查看系统的拓扑结构。

在微服务架构变得越来越普遍的今天,使用像Jaeger这样的分布式追踪工具可以帮助开发和运维团队更好地监控、理解和优化他们的应用。

部署到 Kubernetes

https://www.jaegertracing.io/docs/1.48/operator/#installing-the-operator-on-kubernetes

# 创建命名空间
kubectl create namespace observability 
# 创建 operator
kubectl create -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.47.0/jaeger-operator.yaml -n observability # <2>

提示: 如果未安装 cert-manager. 安装 jaeger-operator 会提示报错

unable to recognize "https://github.com/jaegertracing/jaeger-operator/releases/download/v1.48.0/jaeger-operator.yaml": no matches for kind "Certificate" in version "cert-manager.io/v1"
unable to recognize "https://github.com/jaegertracing/jaeger-operator/releases/download/v1.48.0/jaeger-operator.yaml": no matches for kind "Issuer" in version "cert-manager.io/v1"

需要先安装 cert-manager. 见 https://cert-manager.io/docs/installation/

镜像安装失败 (Time out)

gcr.io/kubebuilder/kube-rbac-proxy

.13.1
quay.io/jaegertracing/jaeger-operator:1.47.0

请使用以下替代

jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1

替代安装日志

# quay.io/jaegertracing/jaeger-operator:1.47.0
 docker pull quay.io/jaegertracing/jaeger-operator:1.47.0
 docker tag quay.io/jaegertracing/jaeger-operator:1.47.0 jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
 docker push jansora/proxy-quay.io-jaegertracing-jaeger-operator:1.47.0
  
 #  gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
 docker pull gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
 docker tag gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1
 docker push jansora/proxy-gcr.io-kubebuiler-kube-rbac-proxy:v0.13.1

启动 jaeger

strategy 选择 production 模式. 后台存储使用 ElasticSearch

创建 ES 秘钥

kubectl create secret generic jaeger-secret --from-literal=ES_PASSWORD=changeme --from-literal=ES_USERNAME=elastic -n jaeger

创建实例

apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
  name: jaeger-strategy-production
  namespace: jaeger
spec:
  strategy: production
  collector:
    maxReplicas: 5
    resources:
      limits:
        cpu: 100m
        memory: 128Mi

  storage:
    type: elasticsearch
    options:
      es:
        server-urls: http://l4.inet.jansora.com:9200
        index-prefix: jaeger-production
        version: 7                                  # Necessary as it doesn't work with 8 yet
        create-index-templates: false               # Necessary as it doesn't work with 8 yet
    secretName: jaeger-secret 

  ingress:
    ingressClassName: nginx    
    hosts:
      - jaeger-production.kubernetes.jansora.com

目前 (v1.47) 并不支持 ES 8
解决方法见: https://github.com/jaegertracing/jaeger/issues/3571#issuecomment-1476109314

配置 UI 的反向代理 (nginx)

server {
    listen 443 ssl http2;
    server_name  jaeger.jansora.com;

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate     /etc/openresty/certs/lets-encrypt-jansora.com/jansora.com.crt;
    ssl_certificate_key /etc/openresty/certs/lets-encrypt-jansora.com/jansora.com.key;

    location / {
          proxy_pass_header Server;
          proxy_set_header Host jaeger-production.kubernetes.jansora.com;
          proxy_pass_header Server;
          proxy_redirect off;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Scheme $scheme;
          proxy_pass http://kubernetes;

    }
}

喜闻悦见

https://jaeger.jansora.com

0CfBzY

评论栏