Describe the bug 我们有一个运行带有envoy边车代理的容器,使用Istio自己的例子为端口443提供服务/部署:sample / https / nginx . 我们可以卷曲容器以获得nginx页面,但在Jaeger中看到绝对没有跟踪https调用的痕迹 . 一旦我们在部署/服务中将端口切换到80,我们就会在Jaeger中看到HTTP调用

Expected behavior 我们应该看到对容器的HTTP / HTTPS调用的跟踪 .

Steps to reproduce the bug:

  • 创建nginx配置:
https://github.com/istio/istio/blob/master/samples/https/nginx-app.yaml
  • 创建nginx部署:
kubectl apply -f <(istioctl kube-inject -f nginx.yaml)

  • curl -kv https://service-ip 给200

  • 在Jaeger中没有HTTPS的痕迹

Version

istioctl version
Version: 1.0.2
GitRevision: d639408fded355fb906ef2a1f9e8ffddc24c3d64
User: root@66ce69d4a51e
Hub: gcr.io/istio-release
GolangVersion: go1.10.1
BuildStatus: Clean

[root@ip-10-147-5-150 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:13:43Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Installation

- kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
- helm init --service-account tiller
- helm install install/kubernetes/helm/istio --name istio --namespace istio-system
- helm upgrade --set tracing.enabled=true --set servicegraph.enabled=true --set global.configValidation=false istio install/kubernetes/helm/istio

Environment - 在AWS EKS中运行此项

Cluster state - 附archite.tar.gz

编辑1

yaml for service - jaeger-query :

apiVersion: v1 kind: Service metadata: creationTimestamp: 2018-10-02T02:32:23Z labels: app: jaeger chart: tracing-1.0.1 heritage: Tiller jaeger-infra: jaeger-service release: istio name: jaeger-query namespace: istio-system resourceVersion: "5259733" selfLink: /api/v1/namespaces/istio-system/services/jaeger-query uid: 6513eded-c5eb-11e8-860c-12504ba0df7c spec: clusterIP: 172.20.14.251 ports: - name: query-http port: 16686 protocol: TCP targetPort: 16686 selector: app: jaeger sessionAffinity: None type: ClusterIP status: loadBalancer: {}

Deployment : istio-tracing :

apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: 2018-10-02T02:32:23Z generation: 1 labels: app: istio-tracing chart: tracing-1.0.1 heritage: Tiller release: istio name: istio-tracing namespace: istio-system resourceVersion: "5259783" selfLink: /apis/extensions/v1beta1/namespaces/istio-system/deployments/istio-tracing uid: 65056099-c5eb-11e8-860c-12504ba0df7c spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: jaeger strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" sidecar.istio.io/inject: "false" creationTimestamp: null labels: app: jaeger spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - env: - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: COLLECTOR_ZIPKIN_HTTP_PORT value: "9411" - name: MEMORY_MAX_TRACES value: "50000" image: docker.io/jaegertracing/all-in-one:1.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: / port: 16686 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: jaeger ports: - containerPort: 9411 protocol: TCP - containerPort: 16686 protocol: TCP - containerPort: 5775 protocol: UDP - containerPort: 6831 protocol: UDP - containerPort: 6832 protocol: UDP readinessProbe: failureThreshold: 3 httpGet: path: / port: 16686 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 status: availableReplicas: 1 conditions: - lastTransitionTime: 2018-10-02T02:32:23Z lastUpdateTime: 2018-10-02T02:32:23Z message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: 2018-10-02T02:32:23Z lastUpdateTime: 2018-10-02T02:32:27Z message: ReplicaSet "istio-tracing-ff94688bb" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 1 readyReplicas: 1 replicas: 1 updatedReplicas: 1

kubernetes istio amazon-eks envoy