Recording HTTP traffic in Istio

When you have deployed applications in an Istio service mesh in a Kubernetes cluster and you want to record the communications between the services, you can record the HTTP traffic in Istio in Rational® Integration Tester.

Prerequisites to using the Istio service mesh

You must have completed the following tasks:

Setting up the Istio control plane on Kubernetes in your IT infrastructure. For more information, refer to the Istio documentation.
Installed Istio V1.4 or later.
Installed the kubeconfig file on the computer where you have installed Rational® Integration Tester to enable successful communications between Rational® Integration Tester and the Kubernetes cluster.
Note: Rational® Integration Tester searches for the kubeconfig file called config in the $HOME/.kube directory, which is the default location. If the location of the kubeconfig is different from the default location, then you must have specified the path to the config file in the environment variable KUBECONFIG. For more information about using kubeconfig files, refer to Organizing Cluster Access Using kubeconfig Files.

Recording HTTP traffic

You can record the following types of requests received or sent by the Istio service mesh:

Requests received by services in the Istio service mesh.
Requests sent from namespaces in the Istio service mesh to external services that are not in the Istio service mesh.

Task flow for recording the HTTP traffic in Istio

The task flow helps you to use the information in the topics for performing the tasks to record the HTTP traffic in Istio.


	Task	More information
1	Set up Istio.	Istio documentation
2	Create a logical HTTP connection.	Creating logical HTTP connections
3	Create a physical web server resource for an HTTP transport.	Creating physical web server resources
3.1	Provide the host and port of the service to record, in the Host field and the service port number in the Port field in the Settings tab in the Web Server dialog box. Notes: When you want to record service to service requests in a Kubernetes cluster, all forms of the host name is recorded. For example, if you want to record a service named as `reviews` with the recording namespace configured as `default`, the requests for `reviews`, `reviews.default`, `reviews.default.svc`, or `reviews.default.svc.cluster.local` are recorded. When you want to record requests to a service from outside the Kubernetes cluster, the host and port of the physical transport must match the host and port that is used by the client that sends the requests.	Step 3.
3.2	Provide the Istio enabled namespace to record HTTP traffic in the Kubernetes namespace field in the Recording tab in the Web Server dialog box. For example, if the host is `reviews.bookinfo.svc.cluster.local` and the recording namespace is `test-system`, then requests made from clients in the `test-system` namespace to `reviews.bookinfo.svc.cluster.local` are recorded. When you want to record a service external to the Istio service mesh, the namespace provided in the Recording tab is the namespace in which requests made to that service is recorded. Restriction: The Test Transport action is not supported for Kubernetes services because the web server configured in the settings tab is a service within the Kubernetes cluster and the host and port that are configured are not reachable to Rational® Integration Tester.	Step 8
5	Configure the Recording Port and Recording Bind Address on the Application page of the Library Manager. Notes: The Recording Port and Recording Bind Address must be configured to prevent Rational® Integration Tester to bind to a network address that is not accessible within the Kubernetes cluster or when multiple network interfaces exist. If Rational® Integration Tester is running, you must restart it to ensure that any changes that you made to Library Manager can take effect.	Working with Library Manager
6	In the Recording Studio, you must create an event monitor to monitor the transport or operation (that uses the transport), and then start the recording. Notes: The monitor records traffic only for the host that is specified in the web server transport settings, which is the default behavior when the Host Filter is set to `On` in the Event Monitor Properties panel. If the Host Filter is set to `Off`, the monitor records the HTTP traffic that is received by all services in the defined namespace and on the service port configured in the Kubernetes cluster. When the Host Filter is set to `Off`, an HTTP header named X-Via-Filter is added to the recorded requests. If required, you can change the name by using the Java system property Dcom.ghc.istio.recording.lua.viafilterheader=<header-name>. When the recording is started, Rational® Integration Tester creates `Istio EnvoyFilter` resources to monitor the HTTP messages. These resources are removed when recording is stopped. If Rational® Integration Tester has not removed the resources, you can remove the resources manually with the command: kubectl delete -n <namespace> envoyfilters -l onetest=recorder.	Recording HTTP and HTTPS traffic

Result

You recorded HTTP messages sent by the namespace in the Istio service mesh or received by Istio enabled services on the configured port. You recorded the HTTP messages in any Kubernetes cluster including the cluster that hosts Rational® Test Automation Server.

What to do next

You can create stubs from the recorded events by using the Recording Studio. See Stub creation by using the Recording Studio.