Using an existing Jaeger instance

Configuring Jaeger

Deploy to the control plane project

In order for a custom Jaeger instance to work with a Maistra control plane, it has to be deployed to the same project. When using the Jaeger Operator, this is achieved by creating the Jaeger resource in the same project as the ServiceMeshControlPlane resource.

Set up authentication

Maistra uses a secret called htpasswd to facilitate communication between dependant services like Grafana, Kiali, and Jaeger. To enable secure communication between services, you should enable the oauth-proxy, which secures communication to your Jaeger instance, and make sure the secret is mounted into your Jaeger instance so Kiali can communicate with it.

Example Jaeger resource

kind: "Jaeger"
  name: "external-jaeger"
  # Deploy to the Control Plane Namespace
  namespace: istio-system
  # Set Up Authentication
    enabled: true
    security: oauth-proxy
      # This limits user access to the Jaeger instance to users who have access
      # to the control plane namespace. Make sure to set the correct namespace here
      sar: '{"namespace": "istio-system", "resource": "pods", "verb": "get"}'
      htpasswdFile: /etc/proxy/htpasswd/auth

  - name: secret-htpasswd
    mountPath: /etc/proxy/htpasswd
  - name: secret-htpasswd
      secretName: htpasswd

Configuring the ServiceMeshControlPlane

Disable Jaeger deployment

By default, the Maistra operator deploys a Jaeger instance for you, using the Jaeger operator. If you want to use a custom or already existing Jaeger instance for tracing, setting spec.istio.tracing.enabled to false to disable the deployment of a Jaeger instance.

Set endpoint for trace collection

Maistra gateways and sidecars send traces to Mixer (the istio-telemetry pod in the control plane project), which then passes them on to a jaeger-collector endpoint in your cluster. When using a custom Jaeger instance, you will have to make sure to supply the correct endpoint for Mixer to use. This is achieved by setting to the hostname and port of your jaeger-collector service. The hostname of that service is usually <jaeger-instance-name>-collector.<namespace>.svc.

Set endpoint for trace querying

If you’re using Kiali to visualize traces and metrics across your mesh, you will have to make sure that Kiali knows from which Jaeger instance it should gather traces. You do this by setting spec.istio.kiali.jaegerInClusterURL to the hostname of your jaeger-query service - the port is normally not required, as it uses 443 by default. As above, the hostname of that service is usually <jaeger-instance-name>-query.<namespace>.svc.

Set Jaeger dashboard URL

In order to use Jaeger, from the Kiali user interface, you need to provide the dashboard URL of your Jaeger instance. You can retrieve the URL from the OpenShift route that is created by the Jaeger Operator. If your Jaeger resource is called external-jaeger and resides in the istio-system project, you can retrieve the route using the following command:

$ oc get route -n istio-system external-jaeger
NAME                   HOST/PORT                                     PATH   SERVICES               [...]
external-jaeger        external-jaeger-istio-system.apps-crc.testing        external-jaeger-query  [...]

The value under HOST/PORT is the externally accessible URL of the Jaeger dashboard.

Example SMCP resource

The following ServiceMeshControlPlane object assumes that you have deployed Jaeger using the Jaeger Operator and the above Jaeger resource.

kind: ServiceMeshControlPlane
  name: external-jaeger
  namespace: istio-system
      # Disable Jaeger deployment
      enabled: false
          # Set Endpoint for Trace Collection
          address: external-jaeger-collector.istio-system.svc:9411
      # Set Jaeger dashboard URL
        jaegerURL: https://external-jaeger-istio-system.apps-crc.testing
      # Set Endpoint for Trace Querying
      jaegerInClusterURL: external-jaeger-query.istio-system.svc