LightStep
This task shows you how to configure Istio to collect trace spans and send them to LightStep Tracing or LightStep [𝑥]PM.LightStep lets you analyze 100% of unsampled transaction data from large-scale production software to produce meaningfuldistributed traces and metrics that help explain performance behaviors and accelerate root cause analysis.At the end of this task, Istio sends trace spans from the proxies to a LightStep Satellite pool making themavailable to the web UI.
This task uses the Bookinfo sample application as an example.
Before you begin
Ensure you have a LightStep account. Sign up for a free trial of LightStep Tracing, or Contact LightStep to create an enterprise-level LightStep [𝑥]PM account.
For [𝑥]PM users, ensure you have a satellite pool configured with TLS certs and a secure GRPC port exposed. SeeLightStep Satellite Setup for details about setting up satellites.
For LightStep Tracing users, your satellites are already configured.
Ensure sure you have a LightStep access token.
You’ll need to deploy Istio with your satellite address.For [𝑥]PM users, ensure you can reach the satellite pool at an address in the format
<Host>:<Port>
, for examplelightstep-satellite.lightstep:9292
.
For LightStep Tracing users, use the address collector-grpc.lightstep.com:443
.
Deploy Istio with the following configuration parameters specified:
pilot.traceSampling=100
global.proxy.tracer="lightstep"
global.tracer.lightstep.address="<satellite-address>"
global.tracer.lightstep.accessToken="<access-token>"
global.tracer.lightstep.secure=true
global.tracer.lightstep.cacertPath="/etc/lightstep/cacert.pem"
You can set these parameters using the—set key=value
syntaxwhen you run the install command. For example:
$ istioctl manifest apply \
--set values.pilot.traceSampling=100 \
--set values.global.proxy.tracer="lightstep" \
--set values.global.tracer.lightstep.address="<satellite-address>" \
--set values.global.tracer.lightstep.accessToken="<access-token>" \
--set values.global.tracer.lightstep.secure=true \
--set values.global.tracer.lightstep.cacertPath="/etc/lightstep/cacert.pem"
- Store your satellite pool’s certificate authority certificate as a secret in the default namespace.For LightStep Tracing users, download and use this certificate.If you deploy the Bookinfo application in a different namespace, create the secret in that namespace instead.
$ CACERT=$(cat Cert_Auth.crt | base64) # Cert_Auth.crt contains the necessary CACert
$ NAMESPACE=default
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: lightstep.cacert
namespace: $NAMESPACE
labels:
app: lightstep
type: Opaque
data:
cacert.pem: $CACERT
EOF
Visualize trace data
Follow the instructions to create an ingress gateway for the Bookinfo application.
To verify the previous step’s success, confirm that you set
GATEWAY_URL
environment variable in your shell.Send traffic to the sample application.
$ curl http://$GATEWAY_URL/productpage
Load the LightStep web UI.
Navigate to Explorer.
Find the query bar at the top. The query bar allows you to interactively filter results by a Service, Operation, and Tag values.
Select
productpage.default
from the Service drop-down list.Click Run. You see something similar to the following:
Explorer
- Click on the first row in the table of example traces below the latency histogram to see the detailscorresponding to your refresh of the
/productpage
. The page then looks similar to:
Detailed Trace View
The screenshot shows that the trace is comprised of a set of spans. Each span corresponds to a Bookinfo service invokedduring the execution of a /productpage
request.
Two spans in the trace represent every RPC. For example, the call from productpage
to reviews
startswith the span labeled with the reviews.default.svc.cluster.local:9080/
operation and theproductpage.default: proxy client
service. This service represents the client-side span of the call. The screenshot showsthat the call took 15.30 ms. The second span is labeled with the reviews.default.svc.cluster.local:9080/
operationand the reviews.default: proxy server
service. The second span is a child of the first span and represents theserver-side span of the call. The screenshot shows that the call took 14.60 ms.
The LightStep integration does not currently capture spans generated by Istio’s internal operation components such as Mixer.
Trace sampling
Istio captures traces at a configurable trace sampling percentage. To learn how to modify the trace sampling percentage,visit the Distributed Tracing trace sampling section.When using LightStep, we do not recommend reducing the trace sampling percentage below 100%. To handle a high traffic mesh,consider scaling up the size of your satellite pool.
Cleanup
If you are not planning any follow-up tasks, remove the Bookinfo sample application and any LightStep secretsfrom your cluster.
To remove the Bookinfo application, refer to the Bookinfo cleanup instructions.
Remove the secret generated for LightStep:
$ kubectl delete secret lightstep.cacert
See also
Learn how to configure the proxies to send tracing requests to Jaeger.
Overview of distributed tracing in Istio.
Remotely Accessing Telemetry Addons
This task shows you how to configure external access to the set of Istio telemetry addons.
Learn how to configure the proxies to send tracing requests to Zipkin.
Improving availability and reducing latency.
Provides an overview of Mixer's plug-in architecture.