Showcase Istio’s Distributed Tracing via a (minimally) instrumented set of Spring Boot applications
-
JDK 11+ installed with JAVA_HOME configured appropriately
-
Openshift 4.12 cluster
-
Istio installed on the aforementioned cluster using the Red Hat OpenShift Service Mesh Operator.
-
Login to the cluster with the admin user
Create a new project/namespace on the cluster. This is where your application will be deployed.
oc new-project <whatever valid project name you want>Add the <whatever valid project name you want> project to the Istio member roll. More information in this link.
Execute the following command to build the project and deploy it to OpenShift:
mvn clean verify -Popenshift -Ddekorate.deploy=trueThis configuration is used to define service names and deployments that control how pods are labeled/versioned on the OpenShift cluster. Labels and versions are key concepts for creating load-balanced or multi-versioned pods in a service.
-
Create a RouteRule to forward traffic from istio-ingress to the demo application
oc create -f rules/greeting-gateway.yml
-
Access the application
Run the following command to determine the appropriate URL to access our demo. Make sure you access the url with the HTTP scheme. HTTPS is NOT enabled by default:
echo http://$(oc get route istio-ingressgateway -o jsonpath='{.spec.host}{"\n"}' -n istio-system)/greeting/
The result of the above command is the istio-system istio-ingress URL, appended with the RouteRule path. Open this URL in your a web browser.
-
Follow the instructions in the application UI
-
Access the Jaeger tracing dashboard
The traces from the invocation of the two endpoints should look like the following:
Note that it could take a few seconds for all the spans to be collected and presented in a trace that matches the picture above
To run integration tests, first follow the steps on the Environment preparation section to create and prepare a new namespace.
|
Caution
|
For the integration tests to work it is required that the Jaeger UI isn’t secured by authentication, as it is in the default configuration. |
|
Warning
|
Disabling security isn’t the suggested configuration but it is required for the integration tests to work. |
By default, when installing the Red Hat OpenShift distributed tracing platform operator, it will install a Jaeger instance with the security enabled:
ingress:
enabled: true
openshift:
htpasswdFile: /etc/proxy/htpasswd/auth
sar: '{"namespace": "istio-system", "resource": "pods", "verb": "get"}'
options: {}
resources: {}
security: oauth-proxyDisabling security is accomplished by setting the spec.ingress.security on the Jaeger operator to none.
This can be done either by using the OpenShift console (Installed operators > Red Hat OpenShift distributed tracing platform > Jaguer > Edit Jaeger) or using the CLI.
|
Note
|
More information on the Jaeger configuration at the Jaeger configuration reference page. |
To disable security execute the following CLI commands.
istio-system as the default projectoc project istio-systemoc patch jaeger jaeger --patch '{"spec":{"ingress":{"security": "none" }}}' --type=mergeThe result should be:
jaeger.jaegertracing.io/jaeger patchedWhich will result in the following configuration.
ingress:
enabled: true
options: {}
resources: {}
security: noneAfter everything is set up, move back to the project where this example will be installed.
oc project <whatever valid project name you want>Then run the following commands.
mvn clean verify -pl spring-boot-istio-distributed-tracing-cute-name-service -Popenshift -Ddekorate.deploy=true
mvn clean verify -pl spring-boot-istio-distributed-tracing-greeting-service -Popenshift -Ddekorate.deploy=true
oc create -f rules/greeting-gateway.yml
mvn clean verify -pl tests -Popenshift-it