实施流量镜像
流量镜像是一种机制,它复制流经 API 网关的流量并将复制的流量转发到指定的上游,而不会中断常规服务。该机制有利于多种用例,包括故障排除、安全检查、分析等。
本指南将引导你完成使用 proxy-mirror 插件在 APISIX 中实施流量镜像的过程。
前置条件
启动示例服务以接收镜像流量
启动一个示例 NGINX 服务器用于接收镜像流量:
- Docker
- Kubernetes
docker run -p 8081:80 --name nginx nginx
你应该在终端会话中看到 NGINX 访问日志和错误日志。
为示例 NGINX 服务器部署和服务创建一个 Kubernetes 清单文件:
nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: ingress-apisix
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
namespace: ingress-apisix
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
namespace: ingress-apisix
name: nginx-service
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
将配置应用到你的集群:
kubectl apply -f nginx.yaml
配置 APISIX
使用 proxy-mirror 插件创建一个路由,并配置镜像流量的地址。相应地更新地址。
- Admin API
- ADC
- Ingress Controller
curl "http://127.0.0.1:9180/apisix/admin/routes" -X PUT -d '
{
"id": "traffic-mirror-route",
"uri": "/get",
"plugins": {
"proxy-mirror": {
"host": "http://192.168.42.145:8081"
}
},
"upstream": {
"nodes": {
"httpbin.org": 1
},
"type": "roundrobin"
}
}'
adc.yaml
services:
- name: httpbin Service
routes:
- uris:
- /get
name: traffic-mirror-route
plugins:
proxy-mirror:
host: http://192.168.42.145:8081
upstream:
type: roundrobin
nodes:
- host: httpbin.org
port: 80
weight: 1
将配置同步到 APISIX:
adc sync -f adc.yaml
- Gateway API
- APISIX CRD
traffic-mirror-route.yaml
apiVersion: v1
kind: Service
metadata:
namespace: ingress-apisix
name: httpbin-external-domain
spec:
type: ExternalName
externalName: httpbin.org
---
apiVersion: apisix.apache.org/v1alpha1
kind: PluginConfig
metadata:
namespace: ingress-apisix
name: mirror-plugin-config
spec:
plugins:
- name: proxy-mirror
config:
host: http://nginx-service:80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
namespace: ingress-apisix
name: traffic-mirror-route
spec:
parentRefs:
- name: apisix
rules:
- matches:
- path:
type: Exact
value: /get
filters:
- type: ExtensionRef
extensionRef:
group: apisix.apache.org
kind: PluginConfig
name: mirror-plugin-config
backendRefs:
- name: httpbin-external-domain
port: 80
traffic-mirror-route.yaml
apiVersion: apisix.apache.org/v2
kind: ApisixUpstream
metadata:
namespace: ingress-apisix
name: httpbin-external-domain
spec:
ingressClassName: apisix
externalNodes:
- type: Domain
name: httpbin.org
---
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
namespace: ingress-apisix
name: traffic-mirror-route
spec:
ingressClassName: apisix
http:
- name: traffic-mirror-route
match:
paths:
- /get
upstreams:
- name: httpbin-external-domain
plugins:
- name: proxy-mirror
enable: true
config:
host: http://nginx-service:80
将配置应用到你的集群:
kubectl apply -f traffic-mirror-route.yaml
验证镜像
向路由发送请求:
curl -i "http://127.0.0.1:9080/get"
你应该收到 HTTP/1.1 200 OK 响应。
要进行�验证,请返回 NGINX 终端会话(如果在 Docker 中运行)或检查 NGINX pod 日志(如果在 Kubernetes 上运行);你应该看到相应的访问日志条目:
172.17.0.1 - - [29/Jan/2024:23:11:01 +0000] "GET /get HTTP/1.1" 404 153 "-" "curl/7.64.1" "-"
HTTP 响应状态为 404 且符合预期,因为示例 NGINX 服务器未实施该路由。这验证了 APISIX 已将请求镜像到 NGINX 服务器。
下一步
你现在已经了解了如何将所有入口流量镜像到不同的上游。proxy-mirror 插件还支持镜像部分流量和自定义镜像超时值。有关更多信息,请参阅 插件文档。