Progressive Delivery with Istio and Argo Rollouts

Transcript

1. Kubernetes Community Days Colombia

2. Progressive Delivery with Istio and Argo Rollouts Kevin Dubois Principal

   Developer Advocate, Red Hat Alex Soto Director of Developer Experience, Red Hat

3. Kevin Dubois • Principal Developer Advocate at Red Hat •

   18+ years of experience building and delivering software applications • Speak English, Dutch, French, Italian • Passionate about improving Dev Experience with Open Source @[email protected] youtube.com/@thekevindubois linkedin.com/in/kevindubois github.com/kdubois @kevindubois.com

4. Developer Flow Outer loop Inner loop Pull/Merge Request Production Build

   / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test

5. CI - CD - CD Build Test Security Checks Release

   Deploy Stage Deploy Prod Continuous Integration Continuous Delivery Continuous Deployment Manual Auto

6. Today, let’s focus on the “Outer Loop” The outer loop

   consists of the larger team processes that your code flows through on its way to the cluster: code reviews, integration tests, security and compliance. It needs be transparent and fast for developers from all teams. Outer Loop Development

7. Dev Ops Friday | 4:45 PM Wall of confusion

8. None

9. Developer Flow Outer loop Inner loop Pull/Merge Request Production Build

   / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test

10. 10 Gitops

11. What is GitOps? Treat everything as code Git is the

    single source of truth Operations through Git workflows

12. By default: a big bang / all or nothing release

13. Progressive Delivery

14. What is Progressive Delivery? Build Test Security Checks Release Deploy

    Stage Deploy Prod Continuous Integration Continuous Delivery Continuous Deployment Manual Auto

15. What is Progressive Delivery? • No Big Bang • Deploy

    != Release • Metrics • Subset of Users

16. Why Progressive Delivery? • Decreases Downtime • Limits the Tragedy

    • Deploy & Release to Production faster • Less mocking or setting up unreliable ‘fake’ services

17. Delivery Techniques

18. Blue Green Deployment • All Or Nothing • Quick Rollback

19. Canary Releases • Small Percentage • Increase depending on metrics

20. Dark Launches • Mirroring Traffic • Dark Canaries • Feature

    Flags

21. 21

22. None

23. The New Pyramid?

24. How to accomplish Progressive Delivery

25. Accomplishing Progressive Delivery with

26. Blue - Green apiVersion: v1 kind: Service metadata: name: my-service

    labels: app: mystuff spec: ports: - name: http port: 8000 selector: inservice: mypods type: LoadBalancer apiVersion: apps/v1 kind: Deployment metadata: name: mynode-deployment spec: replicas: 1 selector: matchLabels: app: mynode template: metadata: labels: app: mynode spec: containers: - name: mynode image: quay.io/rhdevelopers/mynode:v1 ports: - containerPort : 8000 kubectl label pod -l app=mynode inservice=mypods

27. Canary Releases kubectl scale deployment myapp-v1 --replicas=3 kubectl scale deployment

    myapp-v2 --replicas=1
28. None

29. Controlling Microservices with a Service Mesh Code Independent (Polyglot) •

    Intelligent Routing and Load-Balancing • Smarter Canary Releases • Dark Launch • Chaos: Fault Injection • Resilience: Circuit Breakers • Observability & Telemetry: Metrics and Tracing • Security: Encryption & Authorization • Fleet wide policy enforcement 29

30. Istio Architecture Control Plane The data plane is composed of

    a set of intelligent proxies (Envoy) deployed as sidecars. These proxies mediate and control all network communication between microservices. They also collect and report telemetry on all mesh traffic. The control plane manages and configures the proxies to route traffic. Data Plane

31. Pod Container JVM Service A Sidecar Container Pod Container JVM

    Service C Sidecar Container Pod Container JVM Service B Sidecar Container The sidecar intercepts all network traffic

32. Canary Release apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation spec:

    hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 weight: 75 - destination: host: recommendation subset: version-v2 weight: 25

33. Shadowing Traffic apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation spec:

    hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 mirror: host: recommendation subset: version-v2

34. Dark Canary apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation spec:

    hosts: - recommendation http: - match: - headers: end-user: exact: Alexandra route: - destination: host: recommendation subset: version-v2 - route: - destination: host: recommendation subset: version-v1

35. Automated Progressive Delivery

36. Argo Rollouts

37. Argo Rollouts ArgoCD detects change rollout Monitors Data

38. Rolling out automatically apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: name: rollouts-demo

    labels: app: rollouts-demo spec: strategy: canary: steps: - setWeight: 20 - pause: duration: "1m" - setWeight: 50 - pause: duration: "2m" canaryService: rollouts-demo-canary stableService: rollouts-demo-backend trafficRouting: istio: virtualService: name: rollout-vsvc routes: - primary …

39. “Smart” Progressive Delivery Based on Metrics

40. Metrics Based Rollouts strategy: canary: analysis: args: - name: service-name

    value: rollouts-demo-canary.canary.svc.cluster.local templates: - templateName: success-rate canaryService: rollouts-demo-canary stableService: rollouts-demo-stable trafficRouting: istio: virtualService: name: rollout-vsvc routes: - primary steps: - setWeight: 30 - pause: { duration: 20s } - setWeight: 40 - pause: { duration: 10s } - setWeight: 60 - pause: { duration: 10s } - setWeight: 80 - pause: { duration: 5s } - setWeight: 90 - pause: { duration: 5s } - setWeight: 100 - pause: { duration: 5s }

41. apiVersion: argoproj.io/v1alpha1 kind: AnalysisTemplate metadata: name: success-rate spec: args: -

    name: service-name metrics: - name: success-rate interval: 10s successCondition: len(result) == 0 || result[0] >= 0.95 failureLimit: 2 provider: prometheus: address: https://internal:[email protected]:9090 query: | sum(irate(istio_requests_total{ reporter="source", destination_service=~"{{args.service-name}}", response_code!~"5.*"}[30s]) ) Metrics Based Rollouts

42. Progressive Delivery Demo @kevindubois 42 🚀🚀🚀

43. Final Notes • State is always hard, start with stateless

    • Step by Step • Embrace GitOps • If you haven’t automatically destroyed something by mistake, you aren’t automating enough • Demos ◦ https://dn.dev/istio-tutorial ◦ https://github.com/kdubois/progressive-delivery ◦ https://github.com/redhat-developer-demos/bubbles-progressive-delivery ◦ github.com/redhat-developer-demos/quinoa-wind-turbine 43

44. Start exploring in the OpenShift Sandbox. Learn containers, Kubernetes, and

    OpenShift in your browser. developers.redhat.com/developer-sandbox Try Red Hat's products and technologies without setup or configuration.

45. https://red.ht/gitops-cookbook

46. 46 Learn OpenShift and all Cloud Native for free in

    our web based learning portal Resources Try OpenShift GitOps on our learning portal Red Hat Developers Deep Dive Join our workshops to explore Argo CD, Tekton, Kubernetes, Helm and more! Sign up at developers.redhat.com Find out more about Red Hat’s products and what it offers developers GitOps ebooks Find out more on GitOps with ebooks https://developers.redhat.com/e-books Get more about GitOps on Red Hat Developer Portal!

47. Join Red Hat Developer. Build here. Go anywhere. facebook.com/RedHatDeveloper youtube.com/RedHatDevelopers

    twitter.com/rhdevelopers linkedin.com/showcase/red-hat-developer Thank you!