Installation Jaeger avec Traefik, authentification HTTP basic et stockage Badger
Dans notre exemple précédent Basic Jaeger v2 docker-compose deployment with Traefik as reverse proxy nous avons configuré Jaeger avec Traefik comme proxy inverse, mais de manière très basique, sans aucune authentification et sans stockage persistant.
docker-compose.yml
services:
jaeger:
image: jaegertracing/jaeger:2.11.0
container_name: jaeger
restart: "unless-stopped"
command:
- "--config"
- "/etc/jaeger/config.yaml"
volumes:
- ./jaeger_badger:/badger
- ./jaeger.yml:/etc/jaeger/config.yaml
- ./jaeger-ui.json:/etc/jaeger/config-ui.json
# ports: # Ports exposés pour accès direct (non requis avec Traefik)
# - "5778:5778"
# - "16686:16686"
# - "4317:4317"
# - "4318:4318"
# - "14250:14250"
# - "14268:14268"f
# - "9411:9411"
labels:
- "traefik.enable=true"
# Interface web Jaeger
- "traefik.http.routers.jaeger.rule=Host(`jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger.entrypoints=websecure"
- "traefik.http.routers.jaeger.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger.service=jaeger"
- "traefik.http.services.jaeger.loadbalancer.server.port=16686"
# Activer l'authentification HTTP Basic pour l'UI Jaeger via le middleware Traefik.
# Générer un hash htpasswd avec : htpasswd -n USER | sed 's/\$/\$\$/g'
- "traefik.http.routers.jaeger.middlewares=jaeger-auth"
- "traefik.http.middlewares.jaeger-auth.basicauth.users=myuser:$$apr1$$0Dxx4cqa$$U37ZOFeqIFbI4xHJemmwO/"
# Récepteur gRPC (OTLP) via Traefik
- "traefik.http.routers.jaeger-grpc.rule=Host(`grpc.jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger-grpc.entrypoints=websecure"
- "traefik.http.routers.jaeger-grpc.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger-grpc.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger-grpc.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger-grpc.service=jaeger-grpc"
- "traefik.http.services.jaeger-grpc.loadbalancer.server.port=4317"
- "traefik.http.services.jaeger-grpc.loadbalancer.server.scheme=h2c"
- "traefik.http.routers.jaeger-grpc.middlewares=jaeger-http-auth"
# Récepteur HTTP (OTLP) via Traefik
- "traefik.http.routers.jaeger-http.rule=Host(`http.jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger-http.entrypoints=websecure"
- "traefik.http.routers.jaeger-http.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger-http.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger-http.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger-http.service=jaeger-http"
- "traefik.http.services.jaeger-http.loadbalancer.server.port=4318"
# Activer l'authentification HTTP Basic pour le point de terminaison OTLP HTTP de Jaeger via le middleware Traefik.
# Générer un hash htpasswd avec : htpasswd -n OTLP_USER | sed 's/\$/\$\$/g'
- "traefik.http.routers.jaeger-http.middlewares=jaeger-http-auth"
- "traefik.http.middlewares.jaeger-http-auth.basicauth.users=myclient:$$apr1$$cIvXP5Y8$$FENUYFinb/ACisg75hVDS1"
depends_on:
prepare-data-dir:
condition: service_completed_successfully
prepare-data-dir:
# Exécuter cette étape en tant que root pour pouvoir changer le propriétaire du répertoire.
user: root
image: alpine:3.20
command: "/bin/sh -c 'chown -R 10001:10001 /badger'"
volumes:
- ./jaeger_badger:/badgerjaeger.yml
service:
extensions: [jaeger_storage, jaeger_query, healthcheckv2]
pipelines:
traces:
receivers: [otlp]
processors: [batch]
exporters: [jaeger_storage_exporter]
telemetry:
resource:
service.name: jaeger
metrics:
level: detailed
readers:
- pull:
exporter:
prometheus:
host: 0.0.0.0
port: 8888
logs:
level: info
# TODO Initialiser le traceur de télémétrie une fois qu'OTEL aura publié la nouvelle fonctionnalité.
# https://github.com/open-telemetry/opentelemetry-collector/issues/10663
extensions:
healthcheckv2:
use_v2: true
http:
jaeger_query:
storage:
traces: badger
traces_archive: badger_archive
ui:
config_file: /etc/jaeger/config-ui.json
jaeger_storage:
backends:
badger:
badger:
directories:
keys: "/badger/data"
values: "/badger/data"
ephemeral: false
ttl:
spans: 168h # 7 jours
badger_archive:
badger:
directories:
keys: "/badger/data_archive/"
values: "/badger/data_archive/"
ephemeral: false
ttl:
spans: 720h # 30 jours
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
processors:
batch:
exporters:
jaeger_storage_exporter:
trace_storage: badgerjaeger-ui.json
{
"dependencies": {
"dagMaxNumServices": 200,
"menuEnabled": true
},
"monitor": {
"menuEnabled": true
},
"archiveEnabled": true,
"menu": [
],
"search": {
"maxLookback": {
"label": "7 Jours",
"value": "7d"
},
"maxLimit": 1500
},
"linkPatterns": [],
"traceIdDisplayLength": 20
}Vous pouvez l’utiliser avec l’exemple de Logfire example which connects to SigNoz instead of Logfire mais avec le point de terminaison OLTP suivant (utilisez les identifiants que vous avez définis dans la configuration Traefik) :
test-signoz.py
os.environ['OTEL_EXPORTER_OTLP_ENDPOINT'] = 'https://myclient:[email protected]/'Check out similar posts by category:
Monitoring, Docker
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow