LightStep

This task shows you how to configure Istio to collect trace spans and send them to LightStep Tracing or LightStep [𝑥]PM.LightStep lets you analyze 100% of unsampled transaction data from large-scale production software to produce meaningfuldistributed traces and metrics that help explain performance behaviors and accelerate root cause analysis.At the end of this task, Istio sends trace spans from the proxies to a LightStep Satellite pool making themavailable to the web UI.

This task uses the Bookinfo sample application as an example.

Before you begin

  • Ensure you have a LightStep account. Sign up for a free trial of LightStep Tracing, or Contact LightStep to create an enterprise-level LightStep [𝑥]PM account.

  • For [𝑥]PM users, ensure you have a satellite pool configured with TLS certs and a secure GRPC port exposed. SeeLightStep Satellite Setup for details about setting up satellites.

For LightStep Tracing users, your satellites are already configured.

  • Ensure sure you have a LightStep access token.

  • You’ll need to deploy Istio with your satellite address.For [𝑥]PM users, ensure you can reach the satellite pool at an address in the format <Host>:<Port>, for example lightstep-satellite.lightstep:9292.

For LightStep Tracing users, use the address collector-grpc.lightstep.com:443.

  • Deploy Istio with the following configuration parameters specified:

    • pilot.traceSampling=100
    • global.proxy.tracer="lightstep"
    • global.tracer.lightstep.address="<satellite-address>"
    • global.tracer.lightstep.accessToken="<access-token>"
    • global.tracer.lightstep.secure=true
    • global.tracer.lightstep.cacertPath="/etc/lightstep/cacert.pem"You can set these parameters using the —set key=value syntaxwhen you run the install command. For example:
  1. $ istioctl manifest apply \
  2. --set values.pilot.traceSampling=100 \
  3. --set values.global.proxy.tracer="lightstep" \
  4. --set values.global.tracer.lightstep.address="<satellite-address>" \
  5. --set values.global.tracer.lightstep.accessToken="<access-token>" \
  6. --set values.global.tracer.lightstep.secure=true \
  7. --set values.global.tracer.lightstep.cacertPath="/etc/lightstep/cacert.pem"
  • Store your satellite pool’s certificate authority certificate as a secret in the default namespace.For LightStep Tracing users, download and use this certificate.If you deploy the Bookinfo application in a different namespace, create the secret in that namespace instead.
  1. $ CACERT=$(cat Cert_Auth.crt | base64) # Cert_Auth.crt contains the necessary CACert
  2. $ NAMESPACE=default
  1. $ cat <<EOF | kubectl apply -f -
  2. apiVersion: v1
  3. kind: Secret
  4. metadata:
  5. name: lightstep.cacert
  6. namespace: $NAMESPACE
  7. labels:
  8. app: lightstep
  9. type: Opaque
  10. data:
  11. cacert.pem: $CACERT
  12. EOF

Visualize trace data

  1. $ curl http://$GATEWAY_URL/productpage
  • Load the LightStep web UI.

  • Navigate to Explorer.

  • Find the query bar at the top. The query bar allows you to interactively filter results by a Service, Operation, and Tag values.

  • Select productpage.default from the Service drop-down list.

  • Click Run. You see something similar to the following:

Explorer

Explorer

  • Click on the first row in the table of example traces below the latency histogram to see the detailscorresponding to your refresh of the /productpage. The page then looks similar to:

Detailed Trace View

Detailed Trace View

The screenshot shows that the trace is comprised of a set of spans. Each span corresponds to a Bookinfo service invokedduring the execution of a /productpage request.

Two spans in the trace represent every RPC. For example, the call from productpage to reviews startswith the span labeled with the reviews.default.svc.cluster.local:9080/ operation and theproductpage.default: proxy client service. This service represents the client-side span of the call. The screenshot showsthat the call took 15.30 ms. The second span is labeled with the reviews.default.svc.cluster.local:9080/ operationand the reviews.default: proxy server service. The second span is a child of the first span and represents theserver-side span of the call. The screenshot shows that the call took 14.60 ms.

The LightStep integration does not currently capture spans generated by Istio’s internal operation components such as Mixer.

Trace sampling

Istio captures traces at a configurable trace sampling percentage. To learn how to modify the trace sampling percentage,visit the Distributed Tracing trace sampling section.When using LightStep, we do not recommend reducing the trace sampling percentage below 100%. To handle a high traffic mesh,consider scaling up the size of your satellite pool.

Cleanup

If you are not planning any follow-up tasks, remove the Bookinfo sample application and any LightStep secretsfrom your cluster.

  • To remove the Bookinfo application, refer to the Bookinfo cleanup instructions.

  • Remove the secret generated for LightStep:

  1. $ kubectl delete secret lightstep.cacert

See also

Jaeger

Learn how to configure the proxies to send tracing requests to Jaeger.

Overview

Overview of distributed tracing in Istio.

Remotely Accessing Telemetry Addons

This task shows you how to configure external access to the set of Istio telemetry addons.

Zipkin

Learn how to configure the proxies to send tracing requests to Zipkin.

Mixer and the SPOF Myth

Improving availability and reducing latency.

Mixer Adapter Model

Provides an overview of Mixer's plug-in architecture.