Cross-cluster traffic mirroring is the process of mirroring traffic from a production environment to a staging environment to run simulation tests or troubleshoot issues. You can use this method to run tests and perform troubleshooting without interrupting your businesses in the production environment. This topic describes how to use the NGINX Ingress controller to mirror traffic between Container Service for Kubernetes (ACK) clusters.
Prerequisites
Two ACK clusters are created. For more information, see Create an ACK managed cluster.
The NGINX Ingress controller is installed and its version is v1.2.1 or later. For more information, see Manage the NGINX Ingress controller.
The kubeconfig file of the cluster is obtained and used to connect to the cluster by using kubectl.
Use scenarios
Traffic mirroring can be used in the following scenarios:
Production workload simulation:
Before you make important changes to a system or release new features, you must run stress tests to assess the stability of the system. In most cases, production workloads are simulated in a staging environment to test the stability of a new system before the system is released. However, the actual loads are difficult to estimate because the system may receive both normal and abnormal network traffic. To resolve this issue, you can mirror network traffic from applications that are deployed in the production environment to the staging environment. Then, you can simulate the production workloads in the staging environment.
Troubleshooting:
When a system deployed in a production environment encounters a performance bottleneck and you cannot locate the cause, you can mirror the network traffic of the system to a staging environment. This way, you can troubleshoot errors in the staging environment.
In this example, an ACK cluster named K8s Product Cluster resides in a production environment and an ACK cluster named K8s Stage Cluster resides in a staging environment.
Preparations
To mirror 100% production traffic from K8s Product Cluster to the application in K8s Stage Cluster, replicate all requests destined for example.com and redirect them to example1.com.
Step 1: Deploy an application in the staging environment
Create a file named my-nginx.yaml in K8s Stage Cluster and add the following content to the file.
NoteYou need only to deploy an application in K8s Stage Cluster to receive the mirrored traffic. Do no change the configuration of the cluster.
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 imagePullPolicy: Always name: nginx ports: - containerPort: 80 protocol: TCP restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: nginx-service spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: NodePort --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx-ingress spec: rules: - host: example1.com http: paths: - path: / backend: service: name: nginx-service port: number: 80 pathType: ImplementationSpecificRun the following command to deploy the my-nginx application:
kubectl apply -f my-nginx.yamlRun the following command to view the Ingress configurations:
kubectl get ing nginx-ingressExpected output:
NAME HOSTS ADDRESS PORTS AGE nginx-ingress example1.com 47.**.**.53 80 8mRun the following command to access the domain name of the application in order to test the domain name resolution setting:
curl http://example1.com
Step 2: Configure traffic mirroring in the production environment
After an application is deployed in K8s Product Cluster, you need to add the traffic mirroring annotations to the Ingress.
Create a file named my-nginx.yaml in K8s Product Cluster and add the following content to the file:
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 imagePullPolicy: Always name: nginx ports: - containerPort: 80 protocol: TCP restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: nginx-service spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: NodePortRun the following command to deploy the my-nginx application:
kubectl apply -f my-nginx.yamlCreate a file named my-ingress.yaml and add the following Ingress configuration to the file.
Add
nginx.ingress.kubernetes.io/mirror-targetand set the value toADDRESSof K8s Stage Cluster in Step 3. This annotation applies only to HTTP and HTTPS. For more information, see ingress-nginx_mirror.Add
nginx.ingress.kubernetes.io/mirror-hostand set the value toHOSTSof K8s Stage Cluster in Step 3.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx-ingress annotations: nginx.ingress.kubernetes.io/mirror-target: "http://47.**.**.53$request_uri" #Specify the destination address of the mirrored traffic. nginx.ingress.kubernetes.io/mirror-request-body: "off" # Request bodies are not sent to the destination. To send request bodies to the destination, delete this annotation. nginx.ingress.kubernetes.io/mirror-host: "example1.com" # Set the Host header of the mirrored traffic. spec: rules: - host: example.com http: paths: - path: / backend: service: name: nginx-service port: number: 80 pathType: ImplementationSpecificRun the following command to deploy the Ingress:
kubectl apply -f my-ingress.yamlRun the following command to view the Ingress configurations:
kubectl get ing nginx-ingressExpected output:
NAME HOSTS ADDRESS PORTS AGE nginx-ingress example.com 39.**.**.54 80 1mRun the following command to check whether you can access the domain name of the application:
curl http://example.com
Verify the configuration
Access the domain name example.com in K8s Product Cluster. After you run the following command, the output shows that requests destined for the domain name are replicated. The replicated requests are redirected to the application in K8s Stage Cluster.
kubectl -n kube-system logs --tail=0 -f nginx-ingress-controller-674c96ffbc-9mc8n