Jaeger Deployment Model

This page will help you succeed in connecting your application to Jaeger tracing which meets your security and compliance requirements.

Provision a New Jaeger Cluster

Ask your service-specific administrator to install a Jaeger cluster inside your Compliant Kubernetes environment. The service-specific administrator will ensure the Jaeger cluster complies with your security requirements, including:

  • Business continuity: We recommend a highly available setup with 3 instances for Jaeger and Opensearch.
  • Disaster recovery: Your service-specific administrator will configure Opensearch with regular backups.
  • Capacity management: Your service-specific administrator will ensure Jaeger and Opensearch runs on dedicated (i.e., tainted) Kubernetes Nodes, as required to get the best performance.
  • Incident management: Your administrator will set up the necessary probes, dashboards and alerts, to discover issues and resolve them, before they become a problem.
  • Access control: Your administrator will set up a reverse proxy that provides authentication using Dex.

Compliant Kubernetes recommends the Jaeger operator.

Getting Access

Your administrator will set up the authentication reverse proxy inside Compliant Kubernetes, which will give you access to JaegerUI.

Prepare your application

The Jaeger agent is exposed as a DaemonSet. Your application needs to be told where the agent is located by setting the environment variable JAEGER_AGENT_HOST to the value of the Kubernetes node’s IP:

apiVersion: apps/v1
kind: Deployment
      - name: my-app
        image: acme/my-app:my-version
        - name: JAEGER_AGENT_HOST
              fieldPath: status.hostIP

Follow the Go-Live Checklist

You should be all set. Before going into production, don't forget to go through the go-live checklist.

CK8S Jaeger Release Notes

Check out the release notes for the Jaeger setup that runs in Compliant Kubernetes environments!

Further Reading