Configuring Application Traffic Mirroring for an Nginx Ingress

Nginx ingresses can mirror inter-cluster traffic by duplicating access requests and sending them to the image backend without using the values returned from the backend. This allows for system simulation tests and fault locating without affecting the original requests. This section describes how to use Nginx ingresses to mirror traffic between applications in different clusters.

Figure 1 Traffic mirroring

Preparations

Two CCE standard clusters, cluster 1 and cluster 2, are available. For details, see Buying a CCE Standard/Turbo Cluster.
The NGINX Ingress Controller add-on has been installed in both clusters.
kubectl has been installed and configured to access the two clusters. For details, see Connecting to Multiple Clusters Using kubectl.

Step 1: Creating a Workload and Exposing Services Through an Ingress

Deploy an application in cluster 1 and test the connection.

Copy the following data and save it into the nginx-deploy.yaml file:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    version: v1
  name: nginx
  namespace: default
spec:
  selector:
    matchLabels:
      app: nginx
      version: v1
  template:
    metadata:
      labels:
        app: nginx
        version: v1
    spec:
      containers:
        - name: container-1
          image: nginx:latest
          imagePullPolicy: IfNotPresent
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
  replicas: 1
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
  namespace: default
spec:
  selector:
    app: nginx
  externalTrafficPolicy: Cluster
  ports:
    - name: cce-service-0
      targetPort: 80
      port: 80
      protocol: TCP
  type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  namespace: default
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            backend:
              service:
                name: nginx
                port:
                  number: 80
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
            pathType: ImplementationSpecific
  ingressClassName: nginx

Run the following command to create a workload for cluster 1:
```
kubectl apply -f nginx-deploy.yaml
```
Repeat the preceding command to create the same workload in cluster 2.

Step 2: Configuring Traffic Replication

As the destination of traffic, cluster 2 does not require any modifications. You only need to configure cluster 1.
After the access traffic of the application in cluster 1 is replicated to the application in cluster 2, the client only receives the request response from cluster 1, while discarding the response from cluster 2.

Configure traffic mirroring for cluster 1. For more details, see Nginx Ingress Mirror.

kubectl patch ingress nginx --type merge --patch '"metadata": {"annotations": {"nginx.ingress.kubernetes.io/mirror-target": "http://<cluster_2_ingress_ip_address>:80/", "nginx.ingress.kubernetes.io/mirror-host": "example.com"}}'

In the preceding configuration, <cluster_2_ingress_ip_address> is the public IP address of the ingress load balancer in cluster 2.

Verification

Run the following command to access the application domain name example.com of cluster 1:

curl http://<cluster_1_ingress_ip_address>:80/ -H "Host: example.com"

Check nginx-ingress controller logs in cluster 1.

kubectl logs -f <cceaddon-nginx-ingress-controller_pod_name> -n kube-system

In the preceding command, <cceaddon-nginx-ingress-controller_pod_name> is the pod name of nginx-ingress controller.

According to the logs, whenever the domain name for the ingress in cluster 1 is requested, the request is duplicated and sent to the corresponding service in cluster 2.

Click to enlarge