Integrate Alibaba Cloud Log Service into Istio ruuning on Alibaba Cloud Container Service for Kubernetes
--
The previous series of documents gave an introduction to Istio and its core components. This included detailed information on how to use Alibaba Cloud’s Kubernetes container services to create an Istio open platform for connecting, managing, and securing microservices and integrating and configuring a range of services for applications.
This article uses an official example to show how Alibaba Cloud Container Service for Kubernetes can be integrated with Istio and Log Service distributed tracing system. Container Service for Kubernetes enables you to quickly build an Istio platform for managing microservices, easily integrating them into a wide range of microservice projects.
Introduction to OpenTracing
The OpenTracing standard was introduced to prevent API compatibility issues with different distributed tracing systems. OpenTracing is a lightweight standardization layer that is located between applications/class libraries and tracing or log analysis programs. OpenTracing has joined the Cloud Native Computing Foundation (CNCF) and provides uniform concept and data standards for global distributed tracing systems. It provides platform and vendor-neutral APIs, which allow developers to conveniently add (or change) a tracing system.
Jaeger is a CNCF open-source distributed tracing system. It is compatible with OpenTracing APIs.
Alibaba Cloud’s Log Service and Jaeger Distributed Tracing System
Designed to meet the big data needs of the Alibaba Group, Log Service is an all-in-one service for real-time data. It allows you to complete the collection, consumption, transfer, querying, and analysis of large amounts of log data.
Created by Uber, Jaeger is an open source distributed tracing system designed for microservices. It is mainly used to analyze the invocation process for services and visualize service invocation. It is an effective tool for diagnosing performance issues and analyzing system faults.
Jaeger on Aliyun Log Service is a Jaeger-based distributed tracing system that persists tracing data to Alibaba Cloud’s Log Service. Data can be queried and displayed using the Jaeger native interface.
Jaeger-client
The Jaeger client implements SDKs that conform to OpenTracing standards for different languages. Applications use the API to write data. The client library transmits trace information to the Jaeger agent according to the sampling policy specified by the application. Data is serialized using Thrift and communicated via UDP.
Jaeger-agent
The Jaeger agent is a network-based daemon that monitors span data received by the UDP port before sending it to the collector in batches. It is designed as a basic component and deployed to all hosts. The agent decouples the client library and collector, shielding the client library from collector routing and discovery details.
Jaeger-collector
The collector receives the data sent by the Jaeger agent and writes the data to backend storage, which is a pluggable component. Jaeger on Aliyun Log Service now features support for Log Service.
Alibaba Cloud’s Log Service
The Jaeger collector persists the received span data to Log Service. The Jaeger query is used to retrieve data from Log Service.
Query&UI
It receives query requests, retrieves traces from backend storage, and displays data via a UI.
Preparing the Kubernetes Environment
Kubernetes 1.10.4 has already been released. You can use the control panel to quickly create a Kubernetes cluster. For more information, refer to Creating a Kubernetes Cluster.
Using an Application Directory to Deploy Istio
Click Application Directory on the left-hand side of the display. Select ack-istio and click Parameters. You can change the parameters to customize the settings (see below):
Native Jaeger only supports persisting data to Cassandra and Elasticsearch. The user needs to maintain the stability of the backend storage system and adjust the storage capacity. Jaeger on Alibaba Cloud Log Service uses Alibaba Cloud’s Log Service, which can process large amounts of data. This allows you to enjoy all the benefits of Jaeger’s distributed tracing technology without the need to monitor the backend storage system.
Log Service is integrated into Alibaba Cloud’s Kubernetes container services. Distributed tracing data is saved to the Log Store. When configuring the parameters, ‘tracing’ should be set to ‘false’ (disabled), and ‘tracing-on-sls’ should be configured as follows:
# tracing(jaeger on AliCloud Log Service)
tracing-on-sls:
enabled: true
storage:
type: aliyun-log
aliyun_sls:
project: newlogsample
logstore: mylogstore1
endpoint: cn-hangzhou.log.aliyuncs.com
accesskey:
id:
secret:
.......
tracing:
enabled: falseThe table below describes how to configure the ‘tracing-on-sls’ parameters:
Parameter nameParameter typeDescriptionenabledBooleantrue = enabled, false = disabledstorage.typeStringSpecifies the storage span type (set to aliyun-log in this example)storage.aliyun_sls.projectStringSpecifies the project for the storage span. The project name is a string of 3–63 characters and can contain only lowercase letters, numbers, and hyphens. It must start and end with a lowercase letter or number.storage.aliyun_sls.endpointStringSpecifies the project endpoint for the storage span.storage.aliyun_sls.accesskey.idStringSpecifies the user access key IDstorage.aliyun_sls.accesskey.secretStringSpecifies the user access key secretstorage.aliyun_sls.logstoreStringSpecifies the Logstore for the storage span. The Logstore name is a string of 3–63 characters and can contain only lowercase letters, numbers, hyphens, and underscores. It must start and end with a lowercase letter or number. A Logstore name must be unique in the project where it is located.
Note: If the specified project does not exist, the system will automatically create a new project and complete the relevant initialization procedures.
After changing the parameters, select the corresponding cluster and namespace (istio-system) on the right-hand side. Specify the release name and click Deploy.
These steps should only take a few minutes, after which you will be able to use the Istio open platform to connect, manage, and secure microservices.
Using Istio
Select Container group from the left-hand menu to display container information for the Istio instance that you just created on the right-hand side (see below):
Select Services from the left-hand menu to display the addresses of the services belonging to the Istio instance that you just created on the right-hand side (see below):
Deploying an Application
Running an application sample with Istio requires no changes to the application itself. Instead, we simply need to configure and run the services in an Istio-enabled environment, with Envoy sidecars injected alongside each service.
All of the microservices are packaged with an Envoy sidecar that intercepts incoming and outgoing calls for the services and provides the hooks needed for the control functions (the Istio control plane is used to control the application’s routing, telemetry, and policy enforcement).
Downloading and Installing istioctl
Use the following link to download istioctl. After installation is complete you can find the sample code directory:
https://github.com/istio/istio/releases/.
Installing the Bookinfo Sample
By default, you need to manually inject a sidecar and run the following commands:
kubectl apply -f <(istioctl kube-inject --debug -f samples/bookinfo/kube/bookinfo.yaml)The ‘istioctl kube-inject’ command is used to edit the ‘bookinfo.yaml’ file before creating the deployments. This ensures that Envoy is injected into Kubernetes as a sidecar.
Note: Automatic sidecar injection is supported in the latest version of Alibaba Cloud’s Kubernetes container services. A guide to enabling automatic sidecar injection will be published soon.
The above commands launch four microservices (see below). All three versions of the ‘reviews’ service are enabled (v1, v2, and v3).
Run the following command to define the ingress gateway:
istioctl create -f samples/bookinfo/routing/bookinfo-gateway.yamlThis command will launch the sample’s microservices and create the sidecar and ingress.
Check that all services are running correctly:
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 172.19.2.177 <none> 9080/TCP 15m
productpage ClusterIP 172.19.15.184 <none> 9080/TCP 15m
ratings ClusterIP 172.19.9.228 <none> 9080/TCP 15m
reviews ClusterIP 172.19.11.177 <none> 9080/TCP 15mAccessing an Application
Run the following command to obtain the ingress gateway details:
kubectl get svc istio-ingressgateway -n istio-systemYou can also use the container service interface to view the ingress gateway details. Select Services from the left-hand menu, then select the istio-system namespace on the right-hand side of the screen to display the istio-ingressgateway information.
Access sample page: http://{EXTERNAL-IP}/productpage
If you refresh the page several times, you should see different versions of reviews shown in productpage, presented in a round robin style (red stars, black stars, no stars).
Accessing the Jaeger Trace Query Interface from Log Service
Jaeger collects and enables the call chain information from the Istio application. On the container services interface, select Services from the left-hand menu and scroll down to tracing-on-sls-query, as shown below:
Select the external endpoint address next to tracing-on-sls-query to display the following Jaeger interface:
The Jaeger interface displays the trace results for distributed services. The results are displayed visually in a scatter diagram in the top right corner (x-axis = time, y-axis = duration) and can be drilled down.
A user can select a number of different views to visualize trace results, such as a histogram of trace durations or the service’s cumulative time in the trace process:
Viewing Alibaba Cloud’s Log Service
Log on to the Log Service control panel. Select the target project and click the project name. Click Log consumption model -> View analysis -> Query as shown below):
In addition to statement-based queries, Log Service provides the following additional query functions:
Raw log:
Statistical charts:
Summary
This article uses an official example to show how Alibaba Cloud Container Service for Kubernetes can be integrated with Istio and Log Service distributed tracing system. Container Service for Kubernetes enables you to quickly build an Istio platform for managing microservices, easily integrating them into a wide range of microservice projects.
This article series introduces Istio and its core components, as well as describes how to quickly build an Istio open platform for connecting, managing, and securing microservices on the basis of Alibaba Cloud Container Service for Kubernetes. These articles also use an official example to demonstrate how to deploy an application in the Istio environment; how to configure intelligent routing and distributed tracing; and how to configure Istio functions of collecting, querying, and visualizing the telemetry data.
To review these articles, see:
- Using Istio on Alibaba Cloud Container Service for Kubernetes
- Go through Istio Features with Samples on Alibaba Cloud Container Service for Kubernetes
- Intelligent Routing with Istio on Alibaba Cloud Container Service for Kubernetes
- Distributed Tracking with Istio on Alibaba Cloud Container Service for Kubernetes
- Telemetry Data Collection, Query, and Visualization with Istio on Alibaba Cloud Container Service for Kubernetes
- Fault Diagnosis and Detection using Istio within Alibaba Cloud Container Service for Kubernetes
- Observability Analysis using Istio and Kiali within Alibaba Cloud Container Service for Kubernetes
Reference:
