Navigation :

Mirroring

Duplicate outgoing traffic to test a new app.

Traffic mirroring is also referred to as traffic shadowing. You can send a copy of live traffic to a mirrored service before you deploy your updates to production. This way, you can reduce risks when upgrading your apps by testing out the changes first.

For more information, see the following resources.

If you import or export resources across workspaces, your policies might not apply. For more information, see Import and export policies.

Before you begin

This guide assumes that you use the same names for components like clusters, workspaces, and namespaces as in the getting started, and that your Kubernetes context is set to the cluster you store your Gloo config in (typically the management cluster). If you have different names, make sure to update the sample configuration files in this guide.
Follow the getting started instructions to:

  1. Set up Gloo Gateway in a single cluster.
  2. Deploy sample apps.
  3. Configure an HTTP listener on your gateway and set up basic routing for the sample apps.

Configure mirror policies

You can apply a mirror policy at the route level. For more information, see Applying policies.

Review the following sample configuration file.

apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: MirrorPolicy
metadata:
  name: mirror-policy
  namespace: bookinfo
spec:
  applyToRoutes:
  - route:
      labels:
        route: ratings          
  config:
    destination:
      port:
        number: 9080
      ref:
        name: ratings
        namespace: bookinfo
Review the following table to understand this configuration.
Setting Description
spec.applyToRoutes Use labels to configure which routes to apply the policy to. This example label matches the app and route from the example route table that you apply separately. If omitted and you do not have another selector such as applyToDestinations, the policy applies to all routes in the workspace.
spec.config.destination.port Specify the port number in the service to mirror traffic to.
spec.config.destination.ref Set the cluster, name, and namespace details for the service that you want to mirror traffic to.
spec.config.percentage Specify the percentage of requests that you want to mirror to the service. The default is 100 to mirror all requests.

Verify mirror policies

  1. Deploy another version (v2) of the ratings app. This app is used to verify that requests to the ratings v1 app are mirrored to the new ratings v2 app.

    kubectl apply -f - << EOF 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ratings-v2
  namespace: bookinfo
  labels:
    app: ratings
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ratings
      version: v2
  template:
    metadata:
      labels:
        app: ratings
        version: v2
    spec:
      serviceAccountName: bookinfo-ratings
      containers:
      - name: ratings
        image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9080
        securityContext:
          runAsUser: 1000
EOF

  2. Verify that the ratings v2 app is successfully deployed and shows a status of Running.

    kubectl get pods -n bookinfo

    Example output:

    NAME                              READY   STATUS    RESTARTS       AGE
details-v1-7d88846999-hzxcb       1/1     Running   0              6d16h
productpage-v1-7795568889-t4gsc   1/1     Running   0              6d16h
ratings-v1-754f9c4975-4cn57       1/1     Running   0              6d16h
ratings-v2-549cb4d9f9-4khvf       1/1     Running   0              42s
reviews-v1-5bf44ddc9f-kfnmp       1/1     Running   7 (132m ago)   5d22h
reviews-v2-6dcbdb99c7-x8rpn       1/1     Running   7 (132m ago)   5d22h

  3. Send a request to the ratings v1 app. 

    curl -vik --resolve www.example.com:80:${INGRESS_GW_IP} http://www.example.com:80/ratings/1

    curl -vik --resolve www.example.com:443:${INGRESS_GW_IP} https://www.example.com:443/ratings/1

    Example output:

    ...
< HTTP/2 200 
HTTP/2 200 
< content-type: application/json
...

  4. Verify that the request is logged for the ratings v1 app.

    kubectl logs -n bookinfo <ratings-v1-pod-name>

    Example output:

    Server listening on: http://0.0.0.0:9080
GET /ratings/1

  5. Verify that the request is not logged for the ratings v2 app.

    kubectl logs -n bookinfo <ratings-v2-pod-name>

    Example output:

    Server listening on: http://0.0.0.0:9080

  6. Apply the mirror policy for the ratings app. This mirror policy duplicates all traffic for one ratings app to all other ratings app instances in the cluster.

    kubectl apply -f - << EOF   
apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: MirrorPolicy
metadata:
  name: mirror-policy
  namespace: bookinfo
spec:
  applyToRoutes:
  - route:
      labels:
        route: ratings          
  config:
    destination:
      port:
        number: 9080
      ref:
        name: ratings
        namespace: bookinfo
EOF

  7. Send another request to the ratings v1 app. 

    curl -vik --resolve www.example.com:80:${INGRESS_GW_IP} http://www.example.com:80/ratings/1

    curl -vik --resolve www.example.com:443:${INGRESS_GW_IP} https://www.example.com:443/ratings/1

  8. Verify that the request is logged for the ratings v1 app.

    kubectl logs <ratings-v1-pod-name> -n bookinfo

    Example output:

    Server listening on: http://0.0.0.0:9080
GET /ratings/1
GET /ratings/1

  9. Verify that the request is also logged for the ratings v2 app.

    kubectl logs <ratings-v2-pod-name> -n bookinfo

    Example output:

    Server listening on: http://0.0.0.0:9080
GET /ratings/1

Cleanup

You can optionally remove the resources that you set up as part of this guide. 
kubectl delete deployment ratings-v2 -n bookinfo
kubectl delete mirrorpolicy mirror-policy -n bookinfo