Istio version : 1.5.2
We have deployed Jaeger components using a YAML descriptor for the all-in-on image. The Istio has been configured to point to this Jaeger instance by using the setting -set values.global.tracer.zipkin.address=jaeger-collector.mynamespace.svc.cluster.local:9411
Everything seems to be fine when there is no security Policy for the namespace. Spans from both istio side car proxies and the application are both seen with proper context propagation.
However, when we apply the mTLS policy to the namespace and send the requests, only the application related spans are seen and NO Spans are received from the Istio side cars. Hence we are wondering whether Istio supports sending spans to a secure 9411 port of Jaeger. This is very important for us to realize the end to end span call flow with complete security enabled.
From the logs it is observed that, the side car of the application is sending the spans [2020-06-08T10:56:46.562Z] “POST /api/traces?format=jaeger.thrift HTTP/1.1” 202 - “-” “-” 7934 0 1 1 “-” “okhttp/3.9.0” “c8f5dfba-afe5-9bfa-ba4d-27a023d077ad” “jaeger-collector.eium-cloud.svc.cluster.local:14268” “10.32.0.11:14268” outbound|14268||jaeger-collector.eium-cloud.svc.cluster.local 10.38.0.11:58394 10.9
But there is no proof logs on the side car of Jaeger collector to receive the spans.
kubectl get svc -n mynamespace
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jaeger-agent ClusterIP None 5775/UDP,6831/UDP,6832/UDP,5778/TCP 105m
jaeger-collector ClusterIP 10.96.255.86 14267/TCP,14268/TCP,9411/TCP 105m
jaeger-query LoadBalancer 10.98.86.102 7171:32545/TCP 105m
zipkin ClusterIP None 9411/TCP