The previous series of documents gave an introduction to Istio and its core components. This included detailed information on how to use Alibaba Cloud's Kubernetes container services to create an Istio open platform for connecting, managing, and securing microservices and integrating and configuring a range of services for applications.
This article uses an official example to show how Alibaba Cloud Container Service for Kubernetes can be integrated with Istio and Log Service distributed tracing system. Container Service for Kubernetes enables you to quickly build an Istio platform for managing microservices, easily integrating them into a wide range of microservice projects.
The OpenTracing standard was introduced to prevent API compatibility issues with different distributed tracing systems. OpenTracing is a lightweight standardization layer that is located between applications/class libraries and tracing or log analysis programs. OpenTracing has joined the Cloud Native Computing Foundation (CNCF) and provides uniform concept and data standards for global distributed tracing systems. It provides platform and vendor-neutral APIs, which allow developers to conveniently add (or change) a tracing system.
Jaeger is a CNCF open-source distributed tracing system. It is compatible with OpenTracing APIs.
Designed to meet the big data needs of the Alibaba Group, Log Service is an all-in-one service for real-time data. It allows you to complete the collection, consumption, transfer, querying, and analysis of large amounts of log data.
Created by Uber, Jaeger is an open source distributed tracing system designed for microservices. It is mainly used to analyze the invocation process for services and visualize service invocation. It is an effective tool for diagnosing performance issues and analyzing system faults.
Jaeger on Aliyun Log Service is a Jaeger-based distributed tracing system that persists tracing data to Alibaba Cloud's Log Service. Data can be queried and displayed using the Jaeger native interface.
The Jaeger client implements SDKs that conform to OpenTracing standards for different languages. Applications use the API to write data. The client library transmits trace information to the Jaeger agent according to the sampling policy specified by the application. Data is serialized using Thrift and communicated via UDP.
The Jaeger agent is a network-based daemon that monitors span data received by the UDP port before sending it to the collector in batches. It is designed as a basic component and deployed to all hosts. The agent decouples the client library and collector, shielding the client library from collector routing and discovery details.
The collector receives the data sent by the Jaeger agent and writes the data to backend storage, which is a pluggable component. Jaeger on Aliyun Log Service now features support for Log Service.
The Jaeger collector persists the received span data to Log Service. The Jaeger query is used to retrieve data from Log Service.
It receives query requests, retrieves traces from backend storage, and displays data via a UI.
Kubernetes 1.10.4 has already been released. You can use the control panel to quickly create a Kubernetes cluster. For more information, refer to Creating a Kubernetes Cluster.
Click Application Directory on the left-hand side of the display. Select ack-istio and click Parameters. You can change the parameters to customize the settings (see below):
Native Jaeger only supports persisting data to Cassandra and Elasticsearch. The user needs to maintain the stability of the backend storage system and adjust the storage capacity. Jaeger on Alibaba Cloud Log Service uses Alibaba Cloud's Log Service, which can process large amounts of data. This allows you to enjoy all the benefits of Jaeger's distributed tracing technology without the need to monitor the backend storage system.
Log Service is integrated into Alibaba Cloud's Kubernetes container services. Distributed tracing data is saved to the Log Store. When configuring the parameters, 'tracing' should be set to 'false' (disabled), and 'tracing-on-sls' should be configured as follows:
# tracing(jaeger on AliCloud Log Service)
tracing-on-sls:
enabled: true
storage:
type: aliyun-log
aliyun_sls:
project: newlogsample
logstore: mylogstore1
endpoint: cn-hangzhou.log.aliyuncs.com
accesskey:
id:
secret:
.......
tracing:
enabled: falseThe table below describes how to configure the 'tracing-on-sls' parameters:
| Parameter name | Parameter type | Description |
| enabled | Boolean | true = enabled, false = disabled |
| storage.type | String | Specifies the storage span type (set to aliyun-log in this example) |
| storage.aliyun_sls.project | String | Specifies the project for the storage span. The project name is a string of 3–63 characters and can contain only lowercase letters, numbers, and hyphens. It must start and end with a lowercase letter or number. |
| storage.aliyun_sls.endpoint | String | Specifies the project endpoint for the storage span. |
| storage.aliyun_sls.accesskey.id | String | Specifies the user access key ID |
| storage.aliyun_sls.accesskey.secret | String | Specifies the user access key secret |
| storage.aliyun_sls.logstore | String | Specifies the Logstore for the storage span. The Logstore name is a string of 3–63 characters and can contain only lowercase letters, numbers, hyphens, and underscores. It must start and end with a lowercase letter or number. A Logstore name must be unique in the project where it is located. |
Note: If the specified project does not exist, the system will automatically create a new project and complete the relevant initialization procedures.
After changing the parameters, select the corresponding cluster and namespace (istio-system) on the right-hand side. Specify the release name and click Deploy.
These steps should only take a few minutes, after which you will be able to use the Istio open platform to connect, manage, and secure microservices.
Select Container group from the left-hand menu to display container information for the Istio instance that you just created on the right-hand side (see below):
Select Services from the left-hand menu to display the addresses of the services belonging to the Istio instance that you just created on the right-hand side (see below):
Running an application sample with Istio requires no changes to the application itself. Instead, we simply need to configure and run the services in an Istio-enabled environment, with Envoy sidecars injected alongside each service.
All of the microservices are packaged with an Envoy sidecar that intercepts incoming and outgoing calls for the services and provides the hooks needed for the control functions (the Istio control plane is used to control the application's routing, telemetry, and policy enforcement).
Use the following link to download istioctl. After installation is complete you can find the sample code directory:
https://github.com/istio/istio/releases/.
By default, you need to manually inject a sidecar and run the following commands:
kubectl apply -f <(istioctl kube-inject --debug -f samples/bookinfo/kube/bookinfo.yaml)The 'istioctl kube-inject' command is used to edit the 'bookinfo.yaml' file before creating the deployments. This ensures that Envoy is injected into Kubernetes as a sidecar.
Note: Automatic sidecar injection is supported in the latest version of Alibaba Cloud's Kubernetes container services. A guide to enabling automatic sidecar injection will be published soon.
The above commands launch four microservices (see below). All three versions of the 'reviews' service are enabled (v1, v2, and v3).
Run the following command to define the ingress gateway:
istioctl create -f samples/bookinfo/routing/bookinfo-gateway.yamlThis command will launch the sample's microservices and create the sidecar and ingress.
Check that all services are running correctly:
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 172.19.2.177 <none> 9080/TCP 15m
productpage ClusterIP 172.19.15.184 <none> 9080/TCP 15m
ratings ClusterIP 172.19.9.228 <none> 9080/TCP 15m
reviews ClusterIP 172.19.11.177 <none> 9080/TCP 15mRun the following command to obtain the ingress gateway details:
kubectl get svc istio-ingressgateway -n istio-systemYou can also use the container service interface to view the ingress gateway details. Select Services from the left-hand menu, then select the istio-system namespace on the right-hand side of the screen to display the istio-ingressgateway information.
Access sample page: http://{EXTERNAL-IP}/productpage
If you refresh the page several times, you should see different versions of reviews shown in productpage, presented in a round robin style (red stars, black stars, no stars).
Jaeger collects and enables the call chain information from the Istio application. On the container services interface, select Services from the left-hand menu and scroll down to tracing-on-sls-query, as shown below:
Select the external endpoint address next to tracing-on-sls-query to display the following Jaeger interface:
The Jaeger interface displays the trace results for distributed services. The results are displayed visually in a scatter diagram in the top right corner (x-axis = time, y-axis = duration) and can be drilled down.
A user can select a number of different views to visualize trace results, such as a histogram of trace durations or the service's cumulative time in the trace process:
Log on to the Log Service control panel. Select the target project and click the project name. Click Log consumption model -> View analysis -> Query as shown below):
In addition to statement-based queries, Log Service provides the following additional query functions:
Raw log:
Statistical charts:
This article uses an official example to show how Alibaba Cloud Container Service for Kubernetes can be integrated with Istio and Log Service distributed tracing system. Container Service for Kubernetes enables you to quickly build an Istio platform for managing microservices, easily integrating them into a wide range of microservice projects.
This article series introduces Istio and its core components, as well as describes how to quickly build an Istio open platform for connecting, managing, and securing microservices on the basis of Alibaba Cloud Container Service for Kubernetes. These articles also use an official example to demonstrate how to deploy an application in the Istio environment; how to configure intelligent routing and distributed tracing; and how to configure Istio functions of collecting, querying, and visualizing the telemetry data.
To review these articles, see:
Observability Analysis using Istio and Kiali within Alibaba Cloud Container Service for Kubernetes
Istio Practice in Alibaba Cloud Container Service for Kubernetes: Automatic Sidecar Injection
56 posts | 8 followers
FollowAlibaba Container Service - May 30, 2019
Xi Ning Wang - March 19, 2020
Alibaba Cloud Native - October 8, 2022
Xi Ning Wang - August 21, 2018
Xi Ning Wang - August 21, 2018
Xi Ning Wang - August 23, 2018
56 posts | 8 followers
Follow
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
ACK One
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn More
Cloud-Native Applications Management Solution
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn More
Container Registry
A secure image hosting platform providing containerized image lifecycle management
Learn MoreMore Posts by Xi Ning Wang(王夕宁)