Tracing

Tracing allows collection of fine-grained details about policy evaluations. It's a useful tool for debugging issues in your Kubewarden deployment and policies.

Jaeger is used to receive, store, and visualize trace events.

Policy tracing logs

Prerequisites

Cert-Manager and OpenTelemetry are required. Follow these instructions to install Cert Manager and the OpenTelemetry Operator.

Install Jaeger

Apply the installation steps from the tracing quickstart.

Once all the resources are created by the Jaeger operator, there is a Service under my-open-telemetry-collector.jaeger.svc.cluster.local.

The Jaeger Query UI is reachable at the following address:

https://<CLUSTER_IP>/api/v1/namespaces/jaeger/services/http:my-open-telemetry-query:16686/proxy/search

This endpoint may be unique depending on your configuration. You can find the endpoint listed for your Jaeger resource under the Services page.

Update rancher-kubewarden-controller with Jaeger endpoint

You'll need to edit the rancher-kubewarden-controller resource to add the Jaeger endpoint "my-open-telemetry-collector.jaeger.svc.cluster.local:4317".

For instance:

telemetry:
  tracing: true
  mode: sidecar
  sidecar:
    tracing:
      jaeger:
        endpoint: my-open-telemetry-collector.jaeger.svc.cluster.local:4317
        tls:
          insecure: true

my-open-telemetry-collector is the service we installed under the jaeger namespace.

caution

For simplicity, we're not encrypting the communication between the OpenTelemetry collector and the Jaeger endpoint.

This is not suitable for production deployment. We recommend you read Jaeger's documentation.

You should now be able to view any failed requests for policies tied to a specific Policy Server, or the detail view for any given policy. You can get a more in-depth view of the traces by using the Jaeger UI.