Jaeger Traefik 配置:使用 HTTP 基本认证和 Badger 数据存储
在我们之前的示例使用 Traefik 作为反向代理的基本 Jaeger v2 docker-compose 部署中,我们使用 Traefik 作为反向代理部署了 Jaeger,但方式非常基础,没有任何认证,也没有持久化存储。
docker-compose.yml
services:
jaeger:
image: jaegertracing/jaeger:2.11.0
container_name: jaeger
restart: "unless-stopped"
command:
- "--config"
- "/etc/jaeger/config.yaml"
volumes:
- ./jaeger_badger:/badger
- ./jaeger.yml:/etc/jaeger/config.yaml
- ./jaeger-ui.json:/etc/jaeger/config-ui.json
# ports: # 直接访问的暴露端口(使用 Traefik 时不需要)
# - "5778:5778"
# - "16686:16686"
# - "4317:4317"
# - "4318:4318"
# - "14250:14250"
# - "14268:14268"f
# - "9411:9411"
labels:
- "traefik.enable=true"
# Jaeger Web UI
- "traefik.http.routers.jaeger.rule=Host(`jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger.entrypoints=websecure"
- "traefik.http.routers.jaeger.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger.service=jaeger"
- "traefik.http.services.jaeger.loadbalancer.server.port=16686"
# 通过 Traefik 中间件为 Jaeger UI 启用 HTTP 基本认证。
# 使用以下命令生成 htpasswd 哈希:htpasswd -n USER | sed 's/\$/\$\$/g'
- "traefik.http.routers.jaeger.middlewares=jaeger-auth"
- "traefik.http.middlewares.jaeger-auth.basicauth.users=myuser:$$apr1$$0Dxx4cqa$$U37ZOFeqIFbI4xHJemmwO/"
# 通过 Traefik 的 gRPC (OTLP) 接收器
- "traefik.http.routers.jaeger-grpc.rule=Host(`grpc.jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger-grpc.entrypoints=websecure"
- "traefik.http.routers.jaeger-grpc.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger-grpc.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger-grpc.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger-grpc.service=jaeger-grpc"
- "traefik.http.services.jaeger-grpc.loadbalancer.server.port=4317"
- "traefik.http.services.jaeger-grpc.loadbalancer.server.scheme=h2c"
- "traefik.http.routers.jaeger-grpc.middlewares=jaeger-http-auth"
# 通过 Traefik 的 HTTP (OTLP) 接收器
- "traefik.http.routers.jaeger-http.rule=Host(`http.jaeger.mydomain.com`)"
- "traefik.http.routers.jaeger-http.entrypoints=websecure"
- "traefik.http.routers.jaeger-http.tls.certresolver=cloudflare"
- "traefik.http.routers.jaeger-http.tls.domains[0].main=jaeger.mydomain.com"
- "traefik.http.routers.jaeger-http.tls.domains[0].sans=*.jaeger.mydomain.com"
- "traefik.http.routers.jaeger-http.service=jaeger-http"
- "traefik.http.services.jaeger-http.loadbalancer.server.port=4318"
# 通过 Traefik 中间件为 Jaeger OTLP HTTP 端点启用 HTTP 基本认证。
# 使用以下命令生成 htpasswd 哈希:htpasswd -n OTLP_USER | sed 's/\$/\$\$/g'
- "traefik.http.routers.jaeger-http.middlewares=jaeger-http-auth"
- "traefik.http.middlewares.jaeger-http-auth.basicauth.users=myclient:$$apr1$$cIvXP5Y8$$FENUYFinb/ACisg75hVDS1"
depends_on:
prepare-data-dir:
condition: service_completed_successfully
prepare-data-dir:
# 以 root 用户运行此步骤,以便更改目录所有者。
user: root
image: alpine:3.20
command: "/bin/sh -c 'chown -R 10001:10001 /badger'"
volumes:
- ./jaeger_badger:/badgerjaeger.yml
service:
extensions: [jaeger_storage, jaeger_query, healthcheckv2]
pipelines:
traces:
receivers: [otlp]
processors: [batch]
exporters: [jaeger_storage_exporter]
telemetry:
resource:
service.name: jaeger
metrics:
level: detailed
readers:
- pull:
exporter:
prometheus:
host: 0.0.0.0
port: 8888
logs:
level: info
# TODO Initialize telemetry tracer once OTEL released new feature.
# https://github.com/open-telemetry/opentelemetry-collector/issues/10663
extensions:
healthcheckv2:
use_v2: true
http:
jaeger_query:
storage:
traces: badger
traces_archive: badger_archive
ui:
config_file: /etc/jaeger/config-ui.json
jaeger_storage:
backends:
badger:
badger:
directories:
keys: "/badger/data"
values: "/badger/data"
ephemeral: false
ttl:
spans: 168h # 7 天
badger_archive:
badger:
directories:
keys: "/badger/data_archive/"
values: "/badger/data_archive/"
ephemeral: false
ttl:
spans: 720h # 30 天
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
processors:
batch:
exporters:
jaeger_storage_exporter:
trace_storage: badgerjaeger-ui.json
{
"dependencies": {
"dagMaxNumServices": 200,
"menuEnabled": true
},
"monitor": {
"menuEnabled": true
},
"archiveEnabled": true,
"menu": [
],
"search": {
"maxLookback": {
"label": "7 Days",
"value": "7d"
},
"maxLimit": 1500
},
"linkPatterns": [],
"traceIdDisplayLength": 20
}你可以将其与连接到 SigNoz 而非 Logfire 的 Logfire 示例中的示例配合使用,但需要使用以下 OLTP 端点(使用你在 Traefik 配置中设置的凭据):
test-signoz.py
os.environ['OTEL_EXPORTER_OTLP_ENDPOINT'] = 'https://myclient:[email protected]/'Check out similar posts by category:
Monitoring, Docker
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow