upgrade to istio 1.8.4, split jaeger and kiali into separate deployments

224e2670 · runyontr · joshwolf · 36ac449b · 224e2670 · 224e2670
Commit 224e2670 authored 3 years ago by runyontr Committed by joshwolf 3 years ago
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -94,7 +94,7 @@ istio:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
    path: "./chart"
-    tag: "1.7.3-bb.9"
+    tag: "1.8.4-bb.0"

  # -- Certificate/Key pair to use as the default certificate for exposing BigBang created applications.
  # If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`.
@@ -102,22 +102,6 @@ istio:
    key: ""
    cert: ""

-  sso:
-    # -- Toggle SSO for kiali and jaeger on and off
-    enabled: false
-
-    kiali:
-      # -- OIDC Client ID use for kiali
-      client_id: ""
-      # -- OIDC Client Secret to use for kiali
-      client_secret: ""
-
-    jaeger:
-      # -- OIDC Client ID to use for jaeger
-      client_id: ""
-      # -- OIDC Client Secret to use for jaeger
-      client_secret: ""
-
  # -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
  values: {}

@@ -127,10 +111,50 @@ istiooperator:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
    path: "./chart"
-    tag: "1.7.0-bb.1"
+    tag: "1.8.4-bb.1"

  # -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
  values: {}
+
+jaeger:
+  # -- Toggle deployment of Jaeger.
+  enabled: true
+  git:
+    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
+    path: "./chart"
+    tag: "2.19.1-bb.4"
+  sso:
+    # -- Toggle SSO for Jaeger on and off
+    enabled: false
+
+    # -- OIDC Client ID to use for Jaeger
+    client_id: ""
+
+    # -- OIDC Client Secret to use for Jaeger
+    client_secret: ""
+
+  # -- Values to pass through to Jaeger chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
+  values: {}
+
+kiali:
+  # -- Toggle deployment of Kiali.
+  enabled: true
+  git:
+    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
+    path: "./chart"
+    tag: "1.32.0-bb.0"
+  sso:
+    # -- Toggle SSO for Kiali on and off
+    enabled: false
+
+    # -- OIDC Client ID to use for Kiali
+    client_id: ""
+
+    # -- OIDC Client Secret to use for Kiali
+    client_secret: ""
+
+  # -- Values to pass through to Kiali chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali
+  values: {}
 # ----------------------------------------------------------------------------------------------------------------------

 # ----------------------------------------------------------------------------------------------------------------------

--- a/charter/packages/jaeger/Architecture.md
+++ b/charter/packages/jaeger/Architecture.md
+# Jaeger
+
+## Overview
+
+[Jaeger](https://www.jaegertracing.io/) is an open source implementation of Zipkin that can be used to collect and visualize traces.
+
+## Big Bang Touchpoints
+
+```mermaid
+graph TB
+  subgraph "jaeger"
+  jaegerpods("Jaeger-AllInOne")
+  elasticcredentials --> jaegerpods("Jaeger-AllInOne")
+  end      
+
+  subgraph "ingress"
+    ingressgateway --> jaegerpods("Jaeger-AllInOne")
+  end
+
+  subgraph "logging"
+    subgraph "elasticsearch"
+    
+    credentials --> elasticcredentials
+    jaegerpods("Jaeger-AllInOne") --> logging-ek-es-http
+    logging-ek-es-http --> LoggingElastic(Elasticsearch Storage )
+    end
+  end
+
+  subgraph "workloads"
+    sidecar --> jaegerpods("Jaeger-AllInOne")
+  end
+```
+
+### Storage
+
+When Jaeger recieves traces, it needs a location to store them.  The default configuration in the Helm Chart is to use in memory storage.  This, of course, doesn't provide High Availability.  To provide storage, the chart uses the deployed Elasticserach instance deployed in the logging namespace.
+
+### Istio Configuration
+
+Istio is configured with knowledge of the jaeger ingest service so istio sidecars attached to workloads can send trace data.  This is done via the `meshconfig`:
+
+```yaml
+  meshConfig:
+    accessLogFile: /dev/stdout
+    defaultConfig:
+      tracing:
+        sampling: 100
+      zipkinAddress: jaeger-jaeger-operator-jaeger-collector.istio-system.svc:9411
+    enableTracing: false
+```
+
+## High Availability
+
+Jaeger is deployed with HorizonalPodAutoscalers for the collector and the queerying pods.  Use the below yaml to update the `maxReplicas` on the HPA:
+
+```yaml
+jaeger:
+  values:
+    jaeger:
+      spec:
+        query:
+          maxReplicas: 5
+        collector:
+          maxReplicas: 5
+```
+
+
+## Single Sign on (SSO)
+
+Jaeger does not have built in SSO.  In order to provide SSO, this deployment legerages [Authservice]().
+
+```mermaid
+flowchart LR
+
+A --> K[(Keycloak)]
+
+subgraph external
+K
+end
+
+subgraph auth["authservice namespace"]
+    A(authservice) --> K
+end
+
+
+
+ingress --> IP
+
+
+subgraph "jaeger namespace"
+    subgraph "jaeger pod"
+        J["jager"]
+        IP["istio proxy"] --> A
+        IP --> J
+    end
+end    
+
+```
+
+## Licencing
+
+Jaeger has no licencing options nor requirements.
+
+## Storage
+
+For production workloads, Jaeger uses Elasticsearch to store and query for traces.  
+
+## Dependencies
+
+Jaeger can be run without dependencies, but to ensure resilliency of data, it uses Elasticsearch for its span and trace database.