Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

接收遥测数据

Red Hat build of OpenTelemetry 3.8

连接检测的应用程序并配置多集群遥测集合

Red Hat OpenShift Documentation Team

摘要

本文档论述了如何配置 OpenTelemetry Collector,以从检测的应用程序接收遥测数据。了解如何通过在边缘集群中部署 Collector 来设置多集群遥测集合,并将数据转发到中央 Collector 实例。包括使用 cert-manager、安全通信、服务帐户和 RBAC 设置的 TLS/mTLS 配置以及与 trace 存储的 TempoStack 集成的流程。

第 1 章 接收遥测数据
复制链接

在设置 OpenTelemetry Collector 并检测应用程序后,您需要连接检测和 OpenTelemetry Collector,以便 OpenTelemetry Collector 可以从检测中接收遥测数据。

1.1. 从多个集群接收遥测数据
复制链接

如果您需要 Collector 从多个远程集群接收遥测数据,请在每个远程集群中创建一个 OpenTelemetry Collector 实例,然后将所有遥测数据转发到中央 OpenTelemetry Collector 实例。

先决条件

  • 已安装红帽构建的 OpenTelemetry Operator。
  • 已安装 Tempo Operator。
  • 在集群中部署了 TempoStack 实例。
  • 以下挂载的证书:签发者、自签名证书、CA 签发者、客户端和服务器证书。要创建这些证书,请参阅第 1 步。

流程

  1. 在 OpenTelemetry Collector 实例中挂载以下证书,跳过已挂载的证书。

    1. 使用 cert-manager Operator for Red Hat OpenShift 生成这些证书的签发者。 

      apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
      Copy to Clipboard Toggle word wrap

    2. 一个自签名证书。 

      apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ca
spec:
  isCA: true
  commonName: ca
  subject:
    organizations:
      - <your_organization_name>
    organizationalUnits:
      - Widgets
  secretName: ca-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer
    group: cert-manager.io
      Copy to Clipboard Toggle word wrap

    3. 一个 CA 签发者。 

      apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: test-ca-issuer
spec:
  ca:
    secretName: ca-secret
      Copy to Clipboard Toggle word wrap

    4. 客户端和服务器证书。 

      apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: server
spec:
  secretName: server-tls
  isCA: false
  usages:
    - server auth
    - client auth
  dnsNames:
  - "otel.observability.svc.cluster.local"
      1 
      
  issuerRef:
    name: ca-issuer
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: client
spec:
  secretName: client-tls
  isCA: false
  usages:
    - server auth
    - client auth
  dnsNames:
  - "otel.observability.svc.cluster.local"
      2 
      
  issuerRef:
    name: ca-issuer
      Copy to Clipboard Toggle word wrap
      1
      在 server OpenTelemetry Collector 实例中映射到 solver 的确切 DNS 名称列表。
      2
      在客户端 OpenTelemetry Collector 实例中映射到 solver 的确切 DNS 名称列表。

  2. 为 OpenTelemetry Collector 实例创建服务帐户。

    ServiceAccount 示例

    apiVersion: v1
kind: ServiceAccount
metadata:
  name: otel-collector-deployment
    Copy to Clipboard Toggle word wrap

  3. 为服务帐户创建集群角色。

    ClusterRole 示例

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: otel-collector
rules:
    1
    2 
    
- apiGroups: ["", "config.openshift.io"]
  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
  verbs: ["get", "watch", "list"]
    Copy to Clipboard Toggle word wrap

    1
    k8sattributesprocessor 需要 pod 和命名空间资源的权限。
    2
    resourcedetectionprocessor 需要基础架构和状态的权限。

  4. 将集群角色绑定到服务帐户。

    ClusterRoleBinding 示例

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: otel-collector
subjects:
- kind: ServiceAccount
  name: otel-collector-deployment
  namespace: otel-collector-<example>
roleRef:
  kind: ClusterRole
  name: otel-collector
  apiGroup: rbac.authorization.k8s.io
    Copy to Clipboard Toggle word wrap

  5. 创建 YAML 文件,在边缘集群中定义 OpenTelemetryCollector 自定义资源 (CR)。

    边缘集群的 OpenTelemetryCollector 自定义资源示例

    apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
  name: otel
  namespace: otel-collector-<example>
spec:
  mode: daemonset
  serviceAccount: otel-collector-deployment
  config:
    receivers:
      jaeger:
        protocols:
          grpc: {}
          thrift_binary: {}
          thrift_compact: {}
          thrift_http: {}
      opencensus:
      otlp:
        protocols:
          grpc: {}
          http: {}
      zipkin: {}
    processors:
      batch: {}
      k8sattributes: {}
      memory_limiter:
        check_interval: 1s
        limit_percentage: 50
        spike_limit_percentage: 30
      resourcedetection:
        detectors: [openshift]
    exporters:
      otlphttp:
        endpoint: https://observability-cluster.com:443
    1 
    
        tls:
          insecure: false
          cert_file: /certs/server.crt
          key_file: /certs/server.key
          ca_file: /certs/ca.crt
    service:
      pipelines:
        traces:
          receivers: [jaeger, opencensus, otlp, zipkin]
          processors: [memory_limiter, k8sattributes, resourcedetection, batch]
          exporters: [otlp]
  volumes:
    - name: otel-certs
      secret:
        name: otel-certs
  volumeMounts:
    - name: otel-certs
      mountPath: /certs
    Copy to Clipboard Toggle word wrap

    1
    Collector exporter 配置为导出 OTLP HTTP,并指向来自中央集群的 OpenTelemetry Collector。

  6. 创建 YAML 文件,在中央集群中定义 OpenTelemetryCollector 自定义资源 (CR)。

    Central 集群的 OpenTelemetryCollector 自定义资源示例

    apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
  name: otlp-receiver
  namespace: observability
spec:
  mode: "deployment"
  ingress:
    type: route
    route:
      termination: "passthrough"
  config:
    receivers:
      otlp:
        protocols:
          http:
            tls:
    1 
    
              cert_file: /certs/server.crt
              key_file: /certs/server.key
              client_ca_file: /certs/ca.crt
    exporters:
      otlp:
        endpoint: "tempo-<simplest>-distributor:4317"
    2 
    
        tls:
          insecure: true
    service:
      pipelines:
        traces:
          receivers: [otlp]
          processors: []
          exporters: [otlp]
  volumes:
    - name: otel-certs
      secret:
        name: otel-certs
  volumeMounts:
    - name: otel-certs
      mountPath: /certs
    Copy to Clipboard Toggle word wrap

    1
    Collector 接收器需要第一步中列出的证书。
    2
    Collector exporter 配置为导出 OTLP 并指向 Tempo 经销商端点,本例中为 "tempo-simplest-distributor:4317" 并已创建。

法律通告
复制链接

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2026 Red Hat返回顶部