How to install Kiali, Istio, and Jaeger
This document (000021759) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Rancher 2.11.x+
Situation
Starting in Rancher v2.12, the rancher-istio chart will be deprecated. This article will provide guidance on how to replicate the functionality of the rancher-istio chart in Rancher v2.12 and later using SUSE Application Collection
Resolution
Prerequisites
This document assumes you are familiar with how authentication works in Application Collection. It also assumes you have a running Kubernetes cluster, and kubectl and helm installed.
Namespace Creation
We will be installing the applications in the same namespace, in this case `istio-system`. Don't forget to also create the secret containing your Application Collection credentials.
kubectl create ns istio-system
kubectl create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<username> --docker-password=<your_token> -n istio-system
``
Installing Prometheus
Prometheus is a dependency of Kiali, so it needs to be installed first. You can check the compatibility here. You can install it using the helm chart provided by Application Collection. I.e:
helm install prometheus oci://dp.apps.rancher.io/charts/prometheus --version 25.30.2 --set global.imagePullSecrets={application-collection} -n istio-system --wait
Installing Kiali
The next step is to install Kiali using Helm. You can follow the documentation from upstream, which can be found here, and the compatibility matrix can be found here.) You also need to provide the correct value in the external_services field. i.e:
helm install kiali oci://dp.apps.rancher.io/charts/kiali --version 2.3.0 --set global.imagePullSecrets={application-collection} -n istio-system --set external_services.prometheus.custom_metrics_url="http://prometheus-server.istio-system.svc.cluster.local" \
--set external_services.prometheus.url="http://prometheus-server.istio-system.svc.cluster.local" --wait
Installing Istio
Now you can install Istio.
The reference guide can be found at: https://docs.apps.rancher.io/reference-guides/istio/ and the compatibility matrix can be found here.
Installing Jaeger
To install Jaeger, you need to deploy the Helm Chart which will deploy the operator and then create a new Jaeger resource to deploy the Jaeger instance you want.
Installing Cert-manager
Cert manager is a dependency of Jaeger, and as such needs to be installed first. If you already have it installed with a version later than 1.6.1, please proceed to the next step.
kubectl create ns cert-manager
kubectl create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<username> --docker-password=<your_password> -n cert-manager
helm install cert-manager oci://dp.apps.rancher.io/charts/cert-manager --namespace cert-manager --version 1.16.0 --set global.imagePullSecrets={application-collection} --set crds.enabled=true --wait
Deploy the Helm chart
You can use the Helm chart provided by Application Collection. To do that, you can do the following:
helm install jaeger oci://dp.apps.rancher.io/charts/jaeger-operator --set global.imagePullSecrets={application-collection} --set rbac.clusterRole=true -n istio-system --wait
Create a new Jaeger resource
In this example, we are going to use jaeger-all-in-one which is more suitable for testing and development.
The first thing needed is to create the service account that will be used.
kubectl create sa jaeger-test-sa -n istio-system
Now you need to add your Application Collection token to the service account:
kubectl patch serviceaccount -n istio-system jaeger-test-sa -p '{"imagePullSecrets": [{"name": "application-collection"}]}'
The next step is to create the Jaeger resource:
kubectl apply -f - <<EOF
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: jaeger-test
namespace: istio-system
spec:
serviceAccount: jaeger-test-sa
EOF
``
``
``
Configuring Istio and Jaeger
The final step is to configure Istio and Jaeger to work together. The documentation can be found at: https://istio.io/latest/docs/tasks/observability/distributed-tracing/jaeger/.
First, create a `values.yaml` file like the following:
istiod:
meshConfig:
enableTracing: true
defaultConfig:
tracing: {} # disable legacy MeshConfig tracing options
extensionProviders:
- name: jaeger
opentelemetry:
port: 4317
service: jaeger-test-collector.istio-system.svc.cluster.local
Now, update the Istio installation with the new values:
helm upgrade istio oci://dp.apps.rancher.io/charts/istio \
--set global.imagePullSecrets={application-collection} \
--values values.yaml -n istio-system --wait
Lastly, enable telemetry by creating a new telemetry resource:
kubectl apply -f - <<EOF
apiVersion: telemetry.istio.io/v1
kind: Telemetry
metadata:
name: mesh-default
namespace: istio-system
spec:
tracing:
- providers:
- name: jaeger
EOF
NOTE
Istio, Kiali, and Jaeger are third party tools which are not supported by Rancher Support.
Cause
The rancher-istio chart is being deprecated in Rancher v2.12 and later. The rancher-istio chart is being replaced by SUSE Application Collection which provides the same functionality as the rancher-istio chart.
Status
Reported to Engineering
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.