Page MenuHomePhabricator
Create Task
Maniphest T344253

jaeger is configured to receive traces from production
Closed, ResolvedPublic
Actions

Description

Before we can complete T343302: otel collector is configured to send traces to jaeger we need to get jaeger collector TCP ports (4317 for grpc and 4318 for http) exposed on the production network.

To this end, this is the list of things that need to happen:

  • Test ingress on aux is working as expected: T325178
  • Define jaeger-collector-(http|grpc) (or similar name) service in service::catalog, pointing to k8s-ingress-aux
  • Add DNS for jaeger-collector-(http|grpc)
  • service::catalog and DNS for query?
  • Add certs with proper SANs for jaeger-collector to use on 4317/4318
  • Configure jaeger-collector to serve/use said certs
  • Instruct istio to forward said ports to jaeger-collector
  • Test that traces can be received from the production network and wikikube
# Tests from deploy1002
# For GRPC
./otel-cli exec --verbose --service test-grpc --name "curl wikipedia"  --endpoint "jaeger-collector-grpc.svc.eqiad.wmnet:30443" curl https://wikipedia.org
# For HTTP
./otel-cli exec --service test-http --name "curl wikipedia"  --endpoint "https://jaeger-collector-http.svc.eqiad.wmnet:30443" curl https://wikipedia.org

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hieradata: set jaeger components services to productionoperations/puppetproduction+3 -3
hieradata: add jaeger collector to service catalogoperations/puppetproduction+36 -0
jeager: Fix GRPC traffic to the collectoroperations/deployment-chartsmaster+8 -0
wmnet: add jaeger records for ingressoperations/dnsmaster+10 -4
jaeger: Fix networkpolicy (indentation)operations/deployment-chartsmaster+26 -26
jaeger: Configure ingress using istio CRDoperations/deployment-chartsmaster+165 -17
pki: restore aux default expirationoperations/puppetproduction+0 -2
PKI: Rename aux key to match the naming scheme of everything elselabs/privatemaster+0 -3
aux: Rename the aux profile to match the naming schemeoperations/deployment-chartsmaster+1 -1
PKI: Rename the aux profile to match the naming schemeoperations/puppetproduction+4 -2
Revert "jeager: Temporarily lower the lifetime of TLS certs to 2 days"operations/deployment-chartsmaster+0 -4
PKI: Rename aux key to match the naming scheme of everything elselabs/privatemaster+3 -0
jeager: Temporarily lower the lifetime of TLS certs to 2 daysoperations/deployment-chartsmaster+4 -0
jaeger: Fix typo in secretNameoperations/deployment-chartsmaster+1 -1
jeager: Fix secret name (generated by Certificate objects)operations/deployment-chartsmaster+10 -6
jeager: Rename default release from jaeger to mainoperations/deployment-chartsmaster+2 -2
jaeger: Run index cleaner daily not hourlyoperations/deployment-chartsmaster+3 -2
jaeger: Fix label selector for es-index-cleaner joboperations/deployment-chartsmaster+2 -2
jeager: Disable creation of service accounts, add networkPolicyoperations/deployment-chartsmaster+17 -0
jeager: Add networkpolicy support to es-index-cleaneroperations/deployment-chartsmaster+12 -1
jaeger: Fix path to helmfile-defaults secretoperations/deployment-chartsmaster+1 -1
Move jaeger from admin_ng to aux servicesoperations/deployment-chartsmaster+115 -105
deployment_server: Add jaeger user to aux-k8soperations/puppetproduction+6 -1
jaeger: Enable TLS for the collector as welloperations/deployment-chartsmaster+33 -3
jager: Fix typo in tls.cert nameoperations/deployment-chartsmaster+2 -2
jaeger: Enable TLS for query (UI)operations/deployment-chartsmaster+35 -2
jaeger: Don't pull images via CDNoperations/deployment-chartsmaster+3 -3
jaeger: Don't skip host verification for connections to ESoperations/deployment-chartsmaster+0 -2
aux: add tlsHostnames for jaeger collector and queryoperations/deployment-chartsmaster+4 -8
istio: clarify instructions to get the istio versionoperations/deployment-chartsmaster+4 -4
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 15 2023, 2:33 PM
fgiunchedi mentioned this in T343302: otel collector is configured to send traces to jaeger.Aug 15 2023, 2:34 PM
gerritbot added a comment.Aug 16 2023, 9:56 AM

Change 949501 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] istio: clarify instructions to get the istio version

https://gerrit.wikimedia.org/r/949501

gerritbot added a project: Patch-For-Review.Aug 16 2023, 9:56 AM
gerritbot added a comment.Aug 16 2023, 10:11 AM

Change 949504 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] aux: add tlsHostnames for jaeger collector and query

https://gerrit.wikimedia.org/r/949504

gerritbot added a comment.Aug 16 2023, 12:48 PM

Change 949501 merged by Filippo Giunchedi:

[operations/deployment-charts@master] istio: clarify instructions to get the istio version

https://gerrit.wikimedia.org/r/949501

fgiunchedi added a project: User-fgiunchedi.Aug 21 2023, 3:36 PM
fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.
gerritbot added a comment.Aug 22 2023, 9:36 AM

Change 949504 merged by Filippo Giunchedi:

[operations/deployment-charts@master] aux: add tlsHostnames for jaeger collector and query

https://gerrit.wikimedia.org/r/949504

gerritbot added a comment.Aug 22 2023, 10:04 AM

Change 951438 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Don't skip host verification for connections to ES

https://gerrit.wikimedia.org/r/951438

gerritbot added a comment.Aug 22 2023, 10:12 AM

Change 951438 merged by JMeybohm:

[operations/deployment-charts@master] jaeger: Don't skip host verification for connections to ES

https://gerrit.wikimedia.org/r/951438

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2023, 10:30 AM
gerritbot added a comment.Aug 22 2023, 10:38 AM

Change 951443 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Don't pull images via CDN

https://gerrit.wikimedia.org/r/951443

gerritbot added a project: Patch-For-Review.Aug 22 2023, 10:38 AM
gerritbot added a comment.Aug 22 2023, 11:22 AM

Change 951450 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Enable TLS for query (UI)

https://gerrit.wikimedia.org/r/951450

gerritbot added a comment.Aug 22 2023, 12:58 PM

Change 951443 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Don't pull images via CDN

https://gerrit.wikimedia.org/r/951443

gerritbot added a comment.Aug 22 2023, 12:59 PM

Change 951450 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Enable TLS for query (UI)

https://gerrit.wikimedia.org/r/951450

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2023, 1:10 PM
gerritbot added a comment.Aug 22 2023, 1:14 PM

Change 951471 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jager: Fix typo in tls.cert name

https://gerrit.wikimedia.org/r/951471

gerritbot added a project: Patch-For-Review.Aug 22 2023, 1:14 PM

Change 951471 merged by JMeybohm:

[operations/deployment-charts@master] jager: Fix typo in tls.cert name

https://gerrit.wikimedia.org/r/951471

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2023, 1:30 PM
gerritbot added a comment.Aug 22 2023, 1:48 PM

Change 951477 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Enable TLS for the collector as well

https://gerrit.wikimedia.org/r/951477

gerritbot added a project: Patch-For-Review.Aug 22 2023, 1:48 PM
gerritbot added a comment.Aug 22 2023, 1:53 PM

Change 951477 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Enable TLS for the collector as well

https://gerrit.wikimedia.org/r/951477

Maintenance_bot removed a project: Patch-For-Review.Aug 22 2023, 2:10 PM
gerritbot added a comment.Aug 22 2023, 3:48 PM

Change 951533 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] deployment_server: Add jaeger user to aux-k8s

https://gerrit.wikimedia.org/r/951533

gerritbot added a project: Patch-For-Review.Aug 22 2023, 3:48 PM
gerritbot added a comment.Aug 24 2023, 7:43 AM

Change 951533 merged by JMeybohm:

[operations/puppet@production] deployment_server: Add jaeger user to aux-k8s

https://gerrit.wikimedia.org/r/951533

gerritbot added a comment.Aug 24 2023, 7:44 AM

Change 952052 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Move jaeger from admin_ng to aux services

https://gerrit.wikimedia.org/r/952052

JMeybohm added a project: serviceops-deprecated.Aug 24 2023, 7:48 AM
JMeybohm moved this task from Incoming 🐫 to Doing 😎 on the serviceops-deprecated board.
JMeybohm subscribed.
gerritbot added a comment.Aug 24 2023, 7:50 AM

Change 952052 merged by jenkins-bot:

[operations/deployment-charts@master] Move jaeger from admin_ng to aux services

https://gerrit.wikimedia.org/r/952052

gerritbot added a comment.Aug 24 2023, 8:02 AM

Change 952111 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Fix path to helmfile-defaults secret

https://gerrit.wikimedia.org/r/952111

gerritbot added a comment.Aug 24 2023, 8:02 AM

Change 952111 merged by JMeybohm:

[operations/deployment-charts@master] jaeger: Fix path to helmfile-defaults secret

https://gerrit.wikimedia.org/r/952111

Maintenance_bot removed a project: Patch-For-Review.Aug 24 2023, 8:10 AM
gerritbot added a comment.Aug 24 2023, 9:47 AM

Change 952151 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] hieradata: add jaeger collector to service catalog

https://gerrit.wikimedia.org/r/952151

gerritbot added a project: Patch-For-Review.Aug 24 2023, 9:47 AM
gerritbot added a comment.Aug 24 2023, 9:51 AM

Change 952152 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Add networkpolicy support to es-index-cleaner

https://gerrit.wikimedia.org/r/952152

gerritbot added a comment.Aug 24 2023, 9:51 AM

Change 952153 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Disable creation of service accounts, add networkPolicy

https://gerrit.wikimedia.org/r/952153

fgiunchedi mentioned this in T320559: Trace header propagation for MediaWiki.Aug 24 2023, 10:07 AM
gerritbot added a comment.Aug 24 2023, 10:08 AM

Change 952152 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Add networkpolicy support to es-index-cleaner

https://gerrit.wikimedia.org/r/952152

gerritbot added a comment.Aug 24 2023, 10:08 AM

Change 952153 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Disable creation of service accounts, add networkPolicy

https://gerrit.wikimedia.org/r/952153

gerritbot added a comment.Aug 24 2023, 12:47 PM

Change 952205 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Fix label selector for es-index-cleaner job

https://gerrit.wikimedia.org/r/952205

gerritbot added a comment.Aug 24 2023, 12:56 PM

Change 952205 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Fix label selector for es-index-cleaner job

https://gerrit.wikimedia.org/r/952205

gerritbot added a comment.Aug 24 2023, 1:24 PM

Change 952211 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Run index cleaner daily not hourly

https://gerrit.wikimedia.org/r/952211

gerritbot added a comment.Aug 24 2023, 1:26 PM

Change 952212 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Rename default release from jaeger to main

https://gerrit.wikimedia.org/r/952212

gerritbot added a comment.Aug 24 2023, 1:29 PM

Change 952211 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Run index cleaner daily not hourly

https://gerrit.wikimedia.org/r/952211

gerritbot added a comment.Aug 24 2023, 1:29 PM

Change 952212 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Rename default release from jaeger to main

https://gerrit.wikimedia.org/r/952212

gerritbot added a comment.Aug 24 2023, 1:42 PM

Change 952214 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Fix secret name (generated by Certificate objects)

https://gerrit.wikimedia.org/r/952214

gerritbot added a comment.Aug 24 2023, 1:46 PM

Change 952214 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Fix secret name (generated by Certificate objects)

https://gerrit.wikimedia.org/r/952214

gerritbot added a comment.Aug 24 2023, 2:02 PM

Change 952220 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Temporarily lower the lifetime of TLS certs to 2 days

https://gerrit.wikimedia.org/r/952220

gerritbot added a comment.Aug 24 2023, 2:54 PM

Change 952220 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Temporarily lower the lifetime of TLS certs to 2 days

https://gerrit.wikimedia.org/r/952220

gerritbot added a comment.Aug 24 2023, 3:05 PM

Change 952231 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Fix typo in secretName

https://gerrit.wikimedia.org/r/952231

gerritbot added a comment.Aug 24 2023, 3:11 PM

Change 952231 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Fix typo in secretName

https://gerrit.wikimedia.org/r/952231

gerritbot added a comment.Aug 24 2023, 3:33 PM

Change 952242 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[labs/private@master] PKI: Rename aux key to match the naming scheme of everything else

https://gerrit.wikimedia.org/r/952242

gerritbot added a comment.Aug 24 2023, 3:37 PM

Change 952243 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] PKI: Rename the aux profile to match the naming scheme

https://gerrit.wikimedia.org/r/952243

gerritbot added a comment.Aug 24 2023, 3:41 PM

Change 952131 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Revert "jeager: Temporarily lower the lifetime of TLS certs to 2 days"

https://gerrit.wikimedia.org/r/952131

gerritbot added a comment.Aug 24 2023, 3:49 PM

Change 952242 merged by JMeybohm:

[labs/private@master] PKI: Rename aux key to match the naming scheme of everything else

https://gerrit.wikimedia.org/r/952242

gerritbot added a comment.Aug 24 2023, 3:50 PM

Change 952246 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] aux: Rename the aux profile to match the naming scheme

https://gerrit.wikimedia.org/r/952246

JMeybohm mentioned this in rLPRI59c20f443509: PKI: Rename aux key to match the naming scheme of everything else.Aug 24 2023, 3:50 PM
gerritbot added a comment.Aug 24 2023, 3:57 PM

Change 952131 merged by jenkins-bot:

[operations/deployment-charts@master] Revert "jeager: Temporarily lower the lifetime of TLS certs to 2 days"

https://gerrit.wikimedia.org/r/952131

gerritbot added a comment.Aug 25 2023, 7:03 AM

Change 952243 merged by JMeybohm:

[operations/puppet@production] PKI: Rename the aux profile to match the naming scheme

https://gerrit.wikimedia.org/r/952243

gerritbot added a comment.Aug 25 2023, 7:06 AM

Change 952246 merged by jenkins-bot:

[operations/deployment-charts@master] aux: Rename the aux profile to match the naming scheme

https://gerrit.wikimedia.org/r/952246

gerritbot added a comment.Aug 25 2023, 8:32 AM

Change 952309 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[labs/private@master] PKI: Rename aux key to match the naming scheme of everything else

https://gerrit.wikimedia.org/r/952309

gerritbot added a comment.Aug 25 2023, 8:33 AM

Change 952309 merged by JMeybohm:

[labs/private@master] PKI: Rename aux key to match the naming scheme of everything else

https://gerrit.wikimedia.org/r/952309

JMeybohm mentioned this in rLPRI8b0812182de5: PKI: Rename aux key to match the naming scheme of everything else.Aug 25 2023, 8:34 AM
fgiunchedi mentioned this in T320563: our various Envoys are configured to report traces to local OpenTelemetry Collector.Aug 28 2023, 1:07 PM
gerritbot added a comment.Aug 29 2023, 12:42 PM

Change 953250 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] pki: restore aux default expiration

https://gerrit.wikimedia.org/r/953250

fgiunchedi updated the task description. (Show Details)Aug 29 2023, 12:43 PM
gerritbot added a comment.Aug 29 2023, 12:53 PM

Change 953250 merged by Filippo Giunchedi:

[operations/puppet@production] pki: restore aux default expiration

https://gerrit.wikimedia.org/r/953250

JMeybohm added a comment.Aug 30 2023, 1:00 PM

Before we can complete T343302: otel collector is configured to send traces to jaeger we need to get jaeger collector TCP ports (4317 for grpc and 4318 for http) exposed on the production network.

With the current setup we only have one LVS service on port tcp/30443 in front of the istio-ingressgateway. Without a second port we can't have multiple ports per hostname (obviously). If we want to stick with one LVS service I suggest we differentiate the http and grpc collector endpoints via different hostnames:

  • jaeger-collector-http.discovery.wmnet
  • jaeger-collector-grpc.discovery.wmnet
gerritbot added a comment.Aug 30 2023, 3:06 PM

Change 953675 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Configure ingress using istio CRD

https://gerrit.wikimedia.org/r/953675

gerritbot added a comment.Aug 31 2023, 9:01 AM

Change 953675 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Configure ingress using istio CRD

https://gerrit.wikimedia.org/r/953675

gerritbot added a comment.Aug 31 2023, 9:42 AM

Change 953974 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jaeger: Fix networkpolicy (indentation)

https://gerrit.wikimedia.org/r/953974

gerritbot added a comment.Aug 31 2023, 9:47 AM

Change 953974 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: Fix networkpolicy (indentation)

https://gerrit.wikimedia.org/r/953974

JMeybohm updated the task description. (Show Details)Aug 31 2023, 12:49 PM
JMeybohm updated the task description. (Show Details)
gerritbot added a comment.Sep 1 2023, 8:20 AM

Change 954218 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/dns@master] wmnet: add jaeger records for ingress

https://gerrit.wikimedia.org/r/954218

gerritbot added a comment.Sep 1 2023, 9:15 AM

Change 954218 merged by Filippo Giunchedi:

[operations/dns@master] wmnet: add jaeger records for ingress

https://gerrit.wikimedia.org/r/954218

JMeybohm updated the task description. (Show Details)Sep 1 2023, 1:20 PM
gerritbot added a comment.Sep 1 2023, 2:16 PM

Change 954301 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] jeager: Fix GRPC traffic to the collector

https://gerrit.wikimedia.org/r/954301

gerritbot added a comment.Sep 1 2023, 2:20 PM

Change 954301 merged by jenkins-bot:

[operations/deployment-charts@master] jeager: Fix GRPC traffic to the collector

https://gerrit.wikimedia.org/r/954301

JMeybohm closed this task as Resolved.Sep 1 2023, 2:31 PM
JMeybohm updated the task description. (Show Details)
gerritbot added a comment.Sep 4 2023, 2:04 PM

Change 952151 merged by Filippo Giunchedi:

[operations/puppet@production] hieradata: add jaeger collector to service catalog

https://gerrit.wikimedia.org/r/952151

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2023, 2:10 PM
gerritbot added a comment.Sep 4 2023, 3:03 PM

Change 954705 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] hieradata: set jaeger components services to production

https://gerrit.wikimedia.org/r/954705

gerritbot added a project: Patch-For-Review.Sep 4 2023, 3:04 PM
gerritbot added a comment.Sep 5 2023, 11:54 AM

Change 954705 merged by Filippo Giunchedi:

[operations/puppet@production] hieradata: set jaeger components services to production

https://gerrit.wikimedia.org/r/954705

Maintenance_bot removed a project: Patch-For-Review.Sep 5 2023, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits