Mirroring
Duplicate outgoing traffic to test a new app.Traffic mirroring is also referred to as traffic shadowing. You can send a copy of live traffic to a mirrored service before you deploy your updates to production. This way, you can reduce risks when upgrading your apps by testing out the changes first.
For more information, see the following resources.
If you import or export resources across workspaces, your policies might not apply. For more information, see Import and export policies.
Before you begin
- Set up Gloo Gateway in a single cluster.
- Deploy sample apps.
- Configure an HTTP listener on your gateway and set up basic routing for the sample apps.
Configure mirror policies
You can apply a mirror policy at the route level. For more information, see Applying policies.
Review the following sample configuration file.
apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: MirrorPolicy
metadata:
name: mirror-policy
namespace: bookinfo
spec:
applyToRoutes:
- route:
labels:
route: ratings
config:
destination:
port:
number: 9080
ref:
name: ratings
namespace: bookinfo
Setting | Description |
---|---|
spec.applyToRoutes |
Use labels to configure which routes to apply the policy to. This example label matches the app and route from the example route table that you apply separately. If omitted and you do not have another selector such as applyToDestinations , the policy applies to all routes in the workspace. |
spec.config.destination.port |
Specify the port number in the service to mirror traffic to. |
spec.config.destination.ref |
Set the cluster, name, and namespace details for the service that you want to mirror traffic to. |
spec.config.percentage |
Specify the percentage of requests that you want to mirror to the service. The default is 100 to mirror all requests. |
Verify mirror policies
-
Deploy another version (v2) of the ratings app. This app is used to verify that requests to the ratings v1 app are mirrored to the new ratings v2 app.
kubectl apply -f - << EOF apiVersion: apps/v1 kind: Deployment metadata: name: ratings-v2 namespace: bookinfo labels: app: ratings version: v2 spec: replicas: 1 selector: matchLabels: app: ratings version: v2 template: metadata: labels: app: ratings version: v2 spec: serviceAccountName: bookinfo-ratings containers: - name: ratings image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 securityContext: runAsUser: 1000 EOF
-
Verify that the ratings v2 app is successfully deployed and shows a status of
Running
.kubectl get pods -n bookinfo
Example output:
NAME READY STATUS RESTARTS AGE details-v1-7d88846999-hzxcb 1/1 Running 0 6d16h productpage-v1-7795568889-t4gsc 1/1 Running 0 6d16h ratings-v1-754f9c4975-4cn57 1/1 Running 0 6d16h ratings-v2-549cb4d9f9-4khvf 1/1 Running 0 42s reviews-v1-5bf44ddc9f-kfnmp 1/1 Running 7 (132m ago) 5d22h reviews-v2-6dcbdb99c7-x8rpn 1/1 Running 7 (132m ago) 5d22h
-
Send a request to the ratings v1 app.
curl -vik --resolve www.example.com:80:${INGRESS_GW_IP} http://www.example.com:80/ratings/1
curl -vik --resolve www.example.com:443:${INGRESS_GW_IP} https://www.example.com:443/ratings/1
Example output:
... < HTTP/2 200 HTTP/2 200 < content-type: application/json ...
-
Verify that the request is logged for the ratings v1 app.
kubectl logs -n bookinfo <ratings-v1-pod-name>
Example output:
Server listening on: http://0.0.0.0:9080 GET /ratings/1
-
Verify that the request is not logged for the ratings v2 app.
kubectl logs -n bookinfo <ratings-v2-pod-name>
Example output:
Server listening on: http://0.0.0.0:9080
-
Apply the mirror policy for the ratings app. This mirror policy duplicates all traffic for one ratings app to all other ratings app instances in the cluster.
kubectl apply -f - << EOF apiVersion: trafficcontrol.policy.gloo.solo.io/v2 kind: MirrorPolicy metadata: name: mirror-policy namespace: bookinfo spec: applyToRoutes: - route: labels: route: ratings config: destination: port: number: 9080 ref: name: ratings namespace: bookinfo EOF
-
Send another request to the ratings v1 app.
-
Verify that the request is logged for the ratings v1 app.
kubectl logs <ratings-v1-pod-name> -n bookinfo
Example output:
Server listening on: http://0.0.0.0:9080 GET /ratings/1 GET /ratings/1
-
Verify that the request is also logged for the ratings v2 app.
kubectl logs <ratings-v2-pod-name> -n bookinfo
Example output:
Server listening on: http://0.0.0.0:9080 GET /ratings/1
Cleanup
You can optionally remove the resources that you set up as part of this guide.kubectl delete deployment ratings-v2 -n bookinfo
kubectl delete mirrorpolicy mirror-policy -n bookinfo