Mizu is available to download as an executable binary from https://getmizu.io/ or as source code directly from its GitHub repository.

The API Traffic Viewer

A New Open Source Project by UP9

We are thrilled to announce the release of Mizu - a simple-yet-powerful API debug and troubleshooting tool for Kubernetes.

Through our efforts to observe API traffic between microservices, we were able to isolate a chunk of our technology and package it as an open source project. We also gave it a name - Mizu.

Viewing API traffic between microservices is essential if you want to understand the root cause of problems found in complex distributed systems.

With webapps, we often use Google Chrome Dev Tools. However, with Kubernetes, you’d need to use network analyzers like tcpdump, Wireshark, or Fiddler to debug and troubleshoot your microservices. Anyone who has used these tools can tell you this process is difficult and time-consuming.

With Mizu, viewing traffic is easy and quick. You can view all of the API calls that are part of the communication between microservices in Kubernetes the same way you would have used Google Chrome Dev Tools to view the traffic of your webapps.

Multi-protocol Support

Mizu currently supports REST and gRPC, with more protocol support to come.

No Installation Necessary: No Code instrumentation and not a proxy

Mizu works by injecting a container that performs a tcpdump-like operation at the node level of a Kubernetes cluster. This operation can be performed on-demand via a CLI that injects the container when run. Alternatively, when ^C is used, it removes the container.

Otherwise, Mizu passively observes traffic at the network level and is not a proxy.

Mizu doesn’t require code instrumentation. It can be used in true on-demand fashion without prior preparation.

Simple-yet-powerful CLI

Mizu uses Kubectl

The CLI is built in Golang, and can be downloaded and run without installation. Mizu uses kubectl, and can therefore run on any node through which kubectl is configured.

Use Regular Expression to Qualify Pods to Observe

You can qualify specific pods to observe through a regular expression. This allows you to capture traffic from multiple pods as well as pods that don't exist yet. As long as Mizu is operational, pods with names that match the regular expression will be observed, and their traffic logged. This is especially good when pod deployment is dynamic and ever-changing (when pods go up, pods go down).

Egress and Ingress Traffic

By using the --direction flag, Mizu offers developers the option to observe ingress traffic alone, or side-by-side with egress traffic at the same time. By default, Mizu observes only the ingress traffic. If you would like to observe in both directions, you would provide the flag --direction any which will cause Mizu to observe both ingress and egress traffic until otherwise instructed.

When you observe two pods that communicate with each other, you may see duplicate traffic entries. That is because one may be coming from the ingress of one pod toward the egress of the second.

Security

When Mizu taps data that could be considered sensitive (e.g. PII data) you can make sure certain keywords or pieces of data will not be shown or stored anywhere.

Mizu will redact by default any of the fields included in the personallyIdentifiableDataFields var located in the consts.go file in this folder: https://github.com/up9inc/mizu/tree/develop/api/pkg/sensitiveDataFiltering

Copy to clipboard

var personallyIdentifiableDataFields = []string{"token", "authorization", "authentication", "cookie", "userid", "password", "username", "user", "key", "passcode", "pass", "auth", "authtoken", "jwt", "bearer", "clientid", "clientsecret", "redirecturi", "phonenumber", "zip", "zipcode", "address", "country", "firstname", "lastname", "middlename", "fname", "lname", "birthdate"}

Changing the default list of keywords

To remove or add keywords to the default list of redacted keywords, simply change the file and build the code with the altered file.

Redact sensitive data using regular expressions. You can filter free text from the body of messages with text/plain content-type with -r

Examples:

Copy to clipboard
mizu tap ".*" -r <regex>

Use multiple -r to simultaneously filter multiple patterns:

Copy to clipboard
mizu tap catalo -r "redact this pattern" -r "and also this (.*) pattern"

Getting Started

First, download Mizu by using one of the following options:

If you have a Mac, you can run this CLI command:

Copy to clipboard
curl -Lo mizu "https://github.com/up9inc/mizu/releases/latest/download/mizu_darwin_amd64" && chmod 755 mizu

For more distributions, visit Mizu’s release page on GitHub:

https://github.com/up9inc/mizu/releases/

You can also compile from the source code located here: https://github.com/up9inc/mizu.

Make sure Mizu is running. To view its help section, run:
Copy to clipboard
mizu -h

Examples

Let us presume I have a running Kubernetes cluster and this is my list of running pods:

Kubectl Output

View Both Ingress and Egress traffic of a Specific Pod: Say I want to view both the ingress and egress traffic of a specific pod named:

catalogue-b87b45784-sxc8q

Here, I’ll use the following command:

Copy to clipboard
mizu tap catalogue-b87b45784-sxc8q -A --direction any

View Ingress Traffic of Several Pods:

When I want to observe several pods and view their ingress traffic, I’ll use the following command:

Copy to clipboard
mizu tap "(catalo*|front-end*)" -A

The above command will observe the following pods, since their names match the regular expression:

  • catalogue-6676dc489b-6tx9h
  • catalogue-db-69bd898747-7p8rq
  • front-end-946fd755f-8t6gp

View Traffic of all Pods in a Namespace

To view all pod traffic belonging to the namespace sock-shop, use:
Copy to clipboard
mizu tap ".*" -n sock-shop

View all API traffic

To view all API traffic, enter the following command:

Copy to clipboard
mizu tap ".*" -A

What’s next

As we use Mizu to improve our comprehensive microservice offerings at UP9, we have a full roadmap by which we may accommodate our engineering requirements.

Let us know what else you’d like to see in Mizu, and we’ll make sure to upgrade its roadmap per your valued feedback.

ABOUT UP9

UP9 is a microservice testing platform for Cloud Native systems that can scale across any number of services. UP9 helps developers prevent software regressions and increase engineering productivity through effortless testing and instant virtualization.

  • Understand how services interact with each other with automatic contract discovery.
  • Ensure system-wide contract adherence with tests that write themselves.
  • Start testing early with test environments as code, automatically mocking all service dependencies.

UP9 offloads the microservice testing workload from developers, giving them precious time back.

You can sign up now for free!