argo project - https://argoproj.github.io/argocd - Provides a CRD that behaves like aligning the state of the cluster with the manifest on GitHub - Can deploy various middleware and applications including Argo CD itself
increased, problems such as dependencies between deployments increased. - Deployment order of function addition across multiple services, etc. - It was solved by communication - However, accidents still occurred, so we decided to consider the mechanism. 1. Pull Request 2. Merge 3. Deploy Non-production clusters Production cluster K8s manifests repository
deployment, it can be difficult to see if the version of each application deployed in production meets the requirements of the application. - The stg cluster has a newer version deployed than the production cluster due to the active development of functions. Solution - Build an environment equivalent to production and make sure to perform integration tests on it
Canary environment App Public App Production Environment Run and verify automated tests on all releases Operation check with a dedicated app DB is shared with production Safely verify operations equivalent to production
during production deployment. - The canary environment must always be maintained in a production-like environment - Image version of application, etc. Integrate into our deployment flow!!
in 1 PR. 1. Create a PR in the manifests repository 2. Tech Lead Approval 3. Deploy to Canary Environment 4. Automatic integration test 5. Manual testing of features outside the cover of automated testing 6. Deploy to Production Environment
affinity with GitHub features including Pull Request - Common management mechanisms such as Organization Secret have become available - You don't have to check other GUIs while deploying
triggered by branch merge X< So we decided to use GitHub tags as a means of tracking deployments. - https://argoproj.github.io/argo-cd/user-guide/tracking_strategies/#tag-tracking Create the following tags <env>_release For deployment <env>_<YYYYMMDDhhmmss> For history
has an approve function, we decided to use it. We will prepare a dedicated team for TechLead and check in the following two places. - GitHub Actions - Argo CD PreSync - Assuming a GitHub tag is created outside the deployment flow
- Execute a comment starting with a slash to trigger by referring to prow - It is over-engineered to prepare prow just for this purpose, so I decided to realize it with Github Actions. - How to do it with GitHub Actions - PR comments can be retrieved in the issue_comment event - However, detailed PR information cannot be obtained at issue_comment event. - So, by creating a label, it is converted to the labeled event of pull_request.
step ? - All applications need to perform operations related to the deployment flow Manage the script to process in another repository - In the workflow job, use the checkout action to get and execute the script - Private Access Token required for use from GitHub Actions - However, central management of scripts is possible.
applications need to perform operations related to the deployment flow This also manages test cases in another repository in the same way - Get test cases managed in another repository in workflow - Run them in parallel
Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production - As a result of the design, We decided to take such a deployment flow - Step 1 can be done in advance - The actual deployment flow is steps 2-4
Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production Create a PR for deployment - We are using Kustomize for deployment - Use Kustomize's images feature to specify the image version of the application you want to deploy - Get approval from Tech-Lead for the created PR
Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production The process is executed by the /canary_release comment. The following processing is executed - Create canary_release tag - Deploy to canary environment - Automatic QA test in Canary environment
Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production If check other than the case of automatic QA is required, perform manual check Register the check result with the following comment.
Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production The process is executed by the /prod_release comment. The following processing is executed - Create prod_release tag - Deploy to production environment We're also using argo-rollouts, so this deployment is a gradual release, making it even more secure.
from Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production 5. Production environment rollback If rollback is required for some reason, you can rollback with the following comments This process does the following - Recreate prod_release tag with previous content
from Tech-Lead 2. Deploy to Canary and integration test 3. Manual testing 4. Deploy to Production 5. Production environment rollback 6. Canary environment rollback After the production rollback, the canary environment also needs to be rolled back. This process does the following - Recreate canary_release tag with previous content
problems between services that the existing deployment flow had. Conclusion Dedicated Load Balancer Public Load Balancer Canary Environment Canary environment App Public App Production Environment
it mandatory to execute tests, a Deployment flow was established. 1. Pull Request 4.Canary deploy Production cluster K8s manifests repository developer Canary release Integrat ion test Manual test result registra tion Prod release approver 2. approve Canary cluster 3.canary_release 5.Integration test 6.Manual test 7.prod_release 8.Prod deploy
just before the production deployment, and the final test is performed there to reduce the probability of an incident. - In the future, we plan to make the following improvements. - Reduce deployment time - Automatic Rollback for fault detection - Etc, etc...
manifests repository developer Canary release Integrat ion test Manual test result registra tion Prod release approver 2. approve Canary cluster 3.canary_release 5.Integration test 6.Manual test 7.prod_release 8.Prod deploy
paypaycorporation
sato4
oikon48
line_developers_tw
tomoki10
otanet
hironobuiga
yutaokafuji
htokoyo
harukasakihara
8maki
shibayu36
hssh2_bin
danielanewman
jnunemaker
signer
denniskardys
addyosmani
rkendrick25
lemiorhan
tammyeverts
marketingsoph
soudai
lfama
aleyda
