Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/snowdrop/istio-distributed-tracing-example

A booster demonstrating Istio Distributed Tracing functionality
https://github.com/snowdrop/istio-distributed-tracing-example

booster distributed-tracing example istio jaegertracing kubernetes openshift opentracing rhoar spring-boot

Last synced: 3 days ago
JSON representation

A booster demonstrating Istio Distributed Tracing functionality

Awesome Lists containing this project

README 

        
= Istio Distributed Tracing Mission

:icons: font

:toc: left

:toclevels: 2



== Purpose

Showcase Istio's Distributed Tracing via a (minimally) instrumented set of Spring Boot applications



== Prerequisites

. JDK 11+ installed with JAVA_HOME configured appropriately

. Openshift 4.12 cluster

. Istio installed on the aforementioned cluster using the link:https://docs.openshift.com/container-platform/4.12/service_mesh/v2x/installing-ossm.html[Red Hat OpenShift Service Mesh Operator].

. Login to the cluster with the *admin* user



[#environment-preparation]

== Environment preparation



Create a new project/namespace on the cluster. This is where your application will be deployed.



```bash

oc new-project 

```



Add the `` project to the Istio member roll. More information in this link:https://docs.openshift.com/container-platform/4.12/service_mesh/v2x/ossm-create-mesh.html#ossm-about-adding-namespace_ossm-create-mesh[link].



== Build and deploy the application



=== With Dekorate:

Execute the following command to build the project and deploy it to OpenShift:

```bash

mvn clean verify -Popenshift -Ddekorate.deploy=true

```



This configuration is used to define service names and deployments that control how pods are labeled/versioned on the OpenShift cluster. Labels and versions are key concepts for creating load-balanced or multi-versioned pods in a service.



== Use Cases



=== Access the application via the Istio ingress-gateway

. Create a RouteRule to forward traffic from istio-ingress to the demo application

+

```bash

oc create -f rules/greeting-gateway.yml

```

. Access the application

+

Run the following command to determine the appropriate URL to access our demo. Make sure you access the url with the HTTP scheme. HTTPS is NOT enabled by default:

+

```bash

echo http://$(oc get route istio-ingressgateway -o jsonpath='{.spec.host}{"\n"}' -n istio-system)/greeting/

```

+

The result of the above command is the istio-system istio-ingress URL, appended with the RouteRule path. Open this URL in your a web browser.

. Follow the instructions in the application UI



=== View application traces

. Access the Jaeger tracing dashboard

+

The traces from the invocation of the two endpoints should look like the following:

+

image::spring-boot-istio-distributed-tracing-greeting-service/src/main/resources/static/traces.jpg[]

+

Note that it could take a few seconds for all the spans to be collected and presented in a trace that matches the picture above



=== Undeploy the application



==== Remove the namespace

This will delete the project from the OpenShift cluster

```bash

oc delete project 

```



== Integration tests



To run integration tests, first follow the steps on the <> section to create and prepare a new namespace.



=== Remove Jaeger UI security



[CAUTION]

====

For the integration tests to work it is required that the Jaeger UI isn't secured by authentication, as it is in the default configuration.

====



[WARNING]

=====

Disabling security isn't the suggested configuration but it is required for the integration tests to work.

=====



By default, when installing the Red Hat OpenShift distributed tracing platform operator, it will install a Jaeger instance with the security enabled:



.Secured Jaeger UI configuration

[source,yaml]

----

  ingress:

    enabled: true

    openshift:

      htpasswdFile: /etc/proxy/htpasswd/auth

      sar: '{"namespace": "istio-system", "resource": "pods", "verb": "get"}'

    options: {}

    resources: {}

    security: oauth-proxy

----



Disabling security is accomplished by setting the `spec.ingress.security` on the Jaeger operator to `none`.



This can be done either by using the OpenShift console (`Installed operators > Red Hat OpenShift distributed tracing platform > Jaguer > Edit Jaeger`) or using the CLI.



[NOTE]

====

More information on the Jaeger configuration at the link:https://docs.openshift.com/container-platform/4.12/service_mesh/v2x/ossm-reference-jaeger.html[Jaeger configuration reference page].

====



To disable security execute the following CLI commands.



.Set the `istio-system` as the default project

[source,bash]

----

oc project istio-system

----



.Patch jaeger to disable console security

[source,bash]

----

oc patch jaeger jaeger --patch '{"spec":{"ingress":{"security": "none" }}}' --type=merge

----



The result should be:



[source]

----

jaeger.jaegertracing.io/jaeger patched

----



Which will result in the following configuration.



.Unsecured Jaeger UI configuration

[source,yaml]

----

  ingress:

    enabled: true

    options: {}

    resources: {}

    security: none

----



=== Execute the Integration Tests



After everything is set up, move back to the project where this example will be installed.



[source,bash]

----

oc project 

----



Then run the following commands.



.Commands to execute the integration tests

[source,bash]

----

mvn clean verify -pl spring-boot-istio-distributed-tracing-cute-name-service -Popenshift -Ddekorate.deploy=true

mvn clean verify -pl spring-boot-istio-distributed-tracing-greeting-service -Popenshift -Ddekorate.deploy=true

oc create -f rules/greeting-gateway.yml

mvn clean verify -pl tests -Popenshift-it

----