当前位置: 首页 > news >正文

云原生网关 Ingress-Nginx 链路追踪实战:OpenTelemetry 采集与观测云集成方案

news 2026/5/12 20:26:25

背景

在大型分布式系统中,服务之间调用复杂,链路追踪可以帮助梳理请求流向,现代系统也需要实时监控来快速响应事件以及故障,让我们了解系统瓶颈和高负载路径,从而可以进行优化。

Ingress-Nginx 是在 Kubernetes 环境中使用的,专门用于管理进入 Kubernetes 集群的外部访问流量。它基于 Nginx,利用其作为反向代理和负载均衡器的能力,但专门配置和优化以适应 Kubernetes 的架构。Ingress Controller 的主要任务是根据预先定义的规则(通过 Kubernetes Ingress 资源设置)将外部请求路由到集群内的特定服务。

前提

  • Ingress-Nginx 版本 >= 1.10.0
  • 应用服务已经接入 Opentelemetry 采集链路数据
  • K8s 集群版本:

1. 部署示例服务

这里我们会部署一个 spring boot 的服务,A 服务会调用 B 服务。本示例中 java 版本是 17,Maven 版本是 3.9.10。

由于采集 Ingress-Nginx 的链路需要和后端链路打通,所以在部署业务镜像的时候需要将 OTEL 探针一并打包到业务镜像。

以下是在服务 Dockerfile 中将 Agent 打包到业务服务容器镜像的配置,为服务提供采集链路数据的基础能力。

FROM curlimages/curl:latest AS agent-download USER root RUN curl -Lo /opentelemetry-javaagent.jar \ https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/latest/download/opentelemetry-javaagent.jar FROM openjdk:17-jdk-slim WORKDIR /app COPY --from=agent-download /opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar COPY target/serviceb-1.0-SNAPSHOT.jar /app/service-b.jar ENV OTEL_SERVICE_NAME="service-b" \ OTEL_EXPORTER_OTLP_ENDPOINT="http://datakit-endpoint:4317" \ OTEL_TRACES_SAMPLER="parentbased_always_on" \ OTEL_PROPAGATORS="tracecontext,baggage" \ OTEL_METRICS_EXPORTER="none" \ OTEL_LOGS_EXPORTER="none" # 修改启动命令,添加 Java Agent CMD ["java", "-javaagent:/app/opentelemetry-javaagent.jar", "-jar", "/app/service-b.jar"]

创建k8s-java-app.yaml部署服务:

apiVersion: apps/v1 kind: Deployment metadata: name: service-a spec: replicas: 1 selector: matchLabels: app: service-a template: metadata: labels: app: service-a spec: containers: - name: service-a image: <your-repo>/service-a:otel-1.0 ports: - containerPort: 9090 env: - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: SPRING_MAIN_ALLOW_CIRCULAR_REFERENCES value: "true" - name: OTEL_SERVICE_NAME value: "service-a" - name: OTEL_EXPORTER value: "otlp" - name: OTEL_EXPORTER_OTLP_PROTOCOL value: "grpc" - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "http://$(HOST_IP):4317" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" apiVersion: v1 kind: Service metadata: name: service-a spec: ports: - port: 9090 targetPort: 9090 selector: app: service-a apiVersion: apps/v1 kind: Deployment metadata: name: service-b spec: replicas: 1 selector: matchLabels: app: service-b template: metadata: labels: app: service-b spec: containers: - name: service-b image: <your-repo>/service-b:otel-1.0 ports: - containerPort: 8090 env: - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: OTEL_SERVICE_NAME value: "service-b" - name: OTEL_EXPORTER value: "otlp" - name: OTEL_EXPORTER_OTLP_PROTOCOL value: "grpc" - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "http://$(HOST_IP):4317" - name: OTEL_PROPAGATORS value: "tracecontext,baggage" apiVersion: v1 kind: Service metadata: name: service-b spec: ports: - port: 8090 targetPort: 8090 selector: app: service-b

2. 安装 Ingress Nginx

创建一个ingress-nginx.yaml文件:

apiVersion: v1 kind: Namespace metadata: name: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: name: ingress-nginx namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ingress-nginx rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets - services verbs: - list - watch - get - apiGroups: - "discovery.k8s.io" resources: - endpointslices verbs: - list - watch - apiGroups: - "coordination.k8s.io" resources: - leases verbs: - get - watch - list - create - update - apiGroups: - "networking.k8s.io" resources: - ingresses - ingressclasses verbs: - get - list - watch - apiGroups: - "networking.k8s.io" resources: - ingresses/status verbs: - update - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ingress-nginx subjects: - kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx --- apiVersion: apps/v1 kind: Deployment metadata: name: ingress-nginx-controller namespace: ingress-nginx spec: replicas: 1 selector: matchLabels: app: ingress-nginx template: metadata: labels: app: ingress-nginx spec: hostNetwork: true serviceAccountName: ingress-nginx containers: - name: controller image: k8s.gcr.io/ingress-nginx/controller:v1.10.0 args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - --election-id=ingress-controller-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=ingress-nginx/ingress-nginx-controller env: - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "http://$(HOST_IP):4317" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 --- apiVersion: v1 kind: Service metadata: name: ingress-nginx-controller namespace: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 selector: app: ingress-nginx --- apiVersion: v1 kind: ConfigMap metadata: name: ingress-nginx-controller namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx data: enable-opentelemetry: "true" otel-sampler: AlwaysOn opentelemetry-operation-name: "HTTP $request_method $service_name $uri $opentelemetry_trace_id" opentelemetry-trust-incoming-span: "true" # Defaults # otel-service-name: "nginx" # otel-sampler-ratio: 0.01

应用该配置:

kubectl apply -f ingress-nginx.yaml

3. 采集 Ingress-nginx 链路配置

3.1 DataKit 开启 OTEL 采集器

datakit.yaml中采用 CM 挂载方式开启集群的 OTEL 采集器。

在 volumeMounts 添加:

- mountPath: /usr/local/datakit/conf.d/opentelemetry/opentelemetry.conf name: datakit-conf subPath: opentelemetry.conf

在 CM 处添加采集器:

opentelemetry.conf: |- [[inputs.opentelemetry]] [inputs.opentelemetry.http] enable = true http_status_ok = 200 trace_api = "/otel/v1/traces" [inputs.opentelemetry.grpc] trace_enable = true metric_enable = true addr = "0.0.0.0:4317"

重启 DataKit:

kubectl apply -f datakit.yaml

3.2 OTEL Agent 采集链路数据

在服务 Dockerfile 中将 Agent 打包到业务服务容器镜像,为服务提供采集链路数据的基础能力。

FROM curlimages/curl:latest AS agent-download USER root RUN curl -Lo /opentelemetry-javaagent.jar \ https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/latest/download/opentelemetry-javaagent.jar FROM openjdk:17-jdk-slim WORKDIR /app COPY --from=agent-download /opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar COPY target/serviceb-1.0-SNAPSHOT.jar /app/service-b.jar ENV OTEL_SERVICE_NAME="service-b" \ OTEL_EXPORTER_OTLP_ENDPOINT="http://datakit-endpoint:4317" \ OTEL_TRACES_SAMPLER="parentbased_always_on" \ OTEL_PROPAGATORS="tracecontext,baggage" \ OTEL_METRICS_EXPORTER="none" \ OTEL_LOGS_EXPORTER="none" # 修改启动命令,添加 Java Agent CMD ["java", "-javaagent:/app/opentelemetry-javaagent.jar", "-jar", "/app/service-b.jar"]

在服务部署的 yaml 中配置环境变量。

- name: OTEL_EXPORTER value: "otlp" - name: OTEL_EXPORTER_OTLP_PROTOCOL value: "grpc" - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "http://$(HOST_IP):4317" - name: OTEL_PROPAGATORS value: "tracecontext,baggage"

3.3 编辑 ingress-controller CM 资源

如果 ingress-controller 服务有 configmap 则在 CM 中增加如下四行:

enable-opentelemetry: "true" otel-sampler: AlwaysOn opentelemetry-operation-name: "HTTP $request_method $service_name $uri $opentelemetry_trace_id" opentelemetry-trust-incoming-span: "true"

Apply 相应的 ingress 的 yaml,并重启 ingress-controller。

3.4 增加 ingress-controller 环境变量

在部署 ingress-controller 配置文件 ingress-nginx.yaml 的 deployment 部分中添加 OTEL 配置,位置在 spec.template.spec.containers.env 下,注意端口开启。

- name: OTEL_EXPORTER value: "otlp" - name: OTEL_EXPORTER_OTLP_PROTOCOL value: "grpc" - name: OTEL_EXPORTER_OTLP_ENDPOINT value: "http://$(HOST_IP):4317" - name: OTEL_SERVICE_NAME value: "nginx" - name: OTEL_TRACES_SAMPLER value: "always_on" - name: OTEL_PROPAGATORS value: "tracecontext,baggage"

重新 apply ingress-nginx.yaml,重启 ingress-controller 容器。

观测云

再次访问 ingress 域名制造数据。

到观测云控制台「应用性能监测」,可以看到 Ingress-Nginx 链路数据正常上报。

http://www.jsqmd.com/news/437009/

相关文章:

  • ElasticSearch核心原理详解
  • 基于 YOLO26 的电瓶车自行车智能检测(中英文双版) | 附完整源码与效果演示
  • XTDrone平台下创建自己的world文件并运行
  • 基于YOLO26的5类常见水果检测系统(中英文双版) | 附完整源码与效果演示
  • 高量程电导率TDS盐度测定仪
  • 模块化与组件化:90%的前端开发者都没搞懂的本质区别
  • 人工智能之数字生命-本能动作体系规范(任务/方法/本能方法函数)
  • 书匠策AI:解锁课程论文高效写作的“智慧密钥”
  • 工业防爆小型气象站
  • [特殊字符]书匠策AI:解锁课程论文新境界,让学术写作如行云流水![特殊字符]
  • 自然语言处理 —— 语言资源
  • 智能考试系统核心模块回归测试:从基础数据到业务闭环的深度验证
  • 逻辑回归实战:从原理到不平衡数据优化(含欠拟合/过拟合诊断与召回率提升) - 教程
  • 自然语言处理 —— 简介
  • 止痒去屑洗发水怎么选?2026年热门品牌大盘点,去油去屑洗发水/去屑洗发水/止痒去屑洗发水,止痒去屑洗发水产品排行榜单 - 品牌推荐师
  • 书匠策AI:解锁课程论文新姿势,让学术创作如虎添翼!
  • 用Matlab实现基于LBP的面部表情识别
  • [特殊字符]解锁课程论文新姿势!书匠策AI:你的学术超能力启动站[特殊字符]
  • 全球前11%:奋飞咨询助力金属贸易企业实现Ecovadis评分19分跃升 - 奋飞咨询ecovadis
  • 爱喝咖啡的小姐姐订单发货说明
  • pikachu靶场——Cross-Site Scripting-6 XSS之href和js(Kali系统)
  • HGVE-2023-E006(CVE-2023-5870)
  • vue基于springboot的美食分享推荐管理系统的设计与实现 _io551-vue
  • list
  • 华为AI“做到全球前二” 没那么容易?
  • of vs for
  • 易语言开发从入门到精通:进阶篇·Windows应用程序数据安全与权限管理深度实战·密码加密/解密·数据签名/验签·文件加密/解密·数据库加密·进程/线程安全·网络传输加密·防破解/反调试·企业内部管理
  • DataFocus智能问数深度评测:为什么它是值得推荐的智能问数十大品牌之一?
  • Comate 4.0新年全面焕新!底层重构、七大升级、复杂任务驾驭力跃升
  • 荣耀卖了2600亿,华为是不是 “血亏”?