Ways of enabling Canary deployments in kubernetes

99f99340cf6fe31f86e8dd0a988eec7c?s=47 Tasdik Rahman
September 13, 2019

Ways of enabling Canary deployments in kubernetes

Various ways in which you can enable canary deployments in kubernetes


Tasdik Rahman

September 13, 2019


  1. Enabling canary deployments in k8s

  2. Canary? Shaping the traffic in a way, so that we

    could direct a % of traffic to the new pods and promoting the same deployment to a full scaleout and gradually phasing out the older release. 2
  3. Why Canary? • Testing on staging doesn’t weed out all

    the possible reasons for something failing, final testing for a feature being done on some part of the traffic is not something unheard of. • Canary being a precursor to enable full blue green deployments. ◦ Why? ▪ No feature flags for respective microservices. ▪ Hence canary testing becomes paramount to test out features. 3
  4. Approaches to enable Canary on k8s? 4

  5. Using bare bones k8s deployments? How? Creation of two sets

    of deployments and referring to figure 1, v1 and v2, both would be separate deployment objects with separate label selectors. Both v1 and v2 deployments would be exposed via the same svc object which would point to their pods. 5
  6. Using bare bones k8s deployments? Advantages • Plain and simple.

    • Can be done without any plugins/extra stuff in the vanilla k8s we get in GKE. Disadvantages • Traffic will be a function of replicas, and cannot be customized. For example, if the traffic splitting is done between the two deployment with v1 having 3 replicas and v2 having 1 replica, the traffic split for canary will be 25% 6
  7. Using Istio? • In an istio enabled cluster, we need

    to set the routing rules to configure the traffic distribution. • Similar to the approach above, we have two deployments and svc objects for the same service, called v1 and v2. • The rule will look something like 7
  8. Using Istio 8 Ref: https://istio.io/blog/2017/0.1-canary/

  9. Advantages • Has been out there in the wild for

    quite some time. i.e Battle tested • Flagger can be added to have automated canary promotion. • GKE has an add on feature which can be used to install istio in our clusters • Traffic routing and replica deployment are two completely orthogonal independent functions • Focused canary testing, eg: instead of exposing the canary to an arbitrary number of users, if you wanted the users from some-company-name.com to the canary version, leaving the other users unaffected, you can do that too with a rule to match the headers for the match to check for the cookie for the above. Disadvantages • Another add on to manage inside the cluster if gone through the route of installing the istio version 9
  10. Using Linkerd • Linkerd has a canary CRD that enabled

    how a rollout should occur • It automatically creates two sets of deployments for a deployment name `podinfo` 10
  11. Using Linkerd 11

  12. Using Linkerd Advantages • Flagger can be integrated for automated

    canary promotion/demotion • Battle tested and has been in use by the virtue of being the first service mesh Disadvantages • Another component inside the k8s cluster to be maintained 12
  13. Using Traefik • It requires the same setup of two

    deployment and svc objects for the service which needs to have canary enabled for it. • It makes use of the ingress object in k8s to define the traffic split between the services. 13
  14. Using Traefik 14

  15. Using Traefik Advantages • Easy to setup with no frills,

    as it’s just an ingress controller in the k8s controller (like contour/ nginx-ingress-controller) • Doesn’t need the pods to be scaled. • Support for tracing included. Disadvantages • No inbuilt process to shift weights from v1 to v2 or revert back traffic in case of increased error rates. Ie. not a clear cut way to integrate with flagger for automated canary promotion/demotion 15
  16. References • https://martinfowler.com/bliki/CanaryRelease.html • https://martinfowler.com/bliki/FeatureToggle.html • Canary using istio ◦

    https://istio.io/blog/2017/0.1-canary/ • Bare bones canary on k8s ◦ https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#can ary-deployments • Canary using traefik ◦ https://blog.containo.us/canary-releases-with-traefik-on-gke-at-holidaycheck-d3c092 8f1e02?gi=c58435e35526 ◦ https://tasdikrahman.me/2018/10/25/canary-deployments-on-AWS-and-kubernetes-u sing-traefik/ ◦ https://docs.traefik.io/user-guide/kubernetes/#traffic-splitting • Canary using linkerd ◦ https://linkerd.io/2/tasks/canary-release/ ◦ https://linkerd.io/2/features/traffic-split/ ▪ Done using https://flagger.app/ ◦ https://www.tarunpothulapati.com/posts/traffic-splitting-linkerd/ 16
  17. 17 @tasdikrahman tasdikrahman.me