1 of 41

Progressive Delivery in the Kubernetes Era

Alex Soto Bueno

@alexsotob

2 of 41

Progressive Delivery in the Kubernetes Era

3 of 41

Alex Soto (@alexsotob)

Who am I ?

3

  • @alexsotob
  • asotobue@redhat.com
  • Currently Red Hat’s Director of Developer Experience
  • Featured speaker at technology events
  • A Java Champion since 2017
  • Writer, University Professor, Radio collaborator

4 of 41

Today’s Objectives

Progressive Delivery

Delivery Techniques

Kubernetes

Let’s Wind Down

@alexsotob

@alexsotob

5 of 41

Why?

5

“ Your code is only valuable when is in production. Production is the best place to be.

Not here

@alexsotob

@alexsotob

6 of 41

Progressive Delivery

@alexsotob

@alexsotob

7 of 41

What is Progressive Delivery?

Build

Test

Security Checks

Release

Deploy�Stage

Deploy�Prod

Continuous Integration

Continuous Delivery

@alexsotob

@alexsotob

8 of 41

8

@alexsotob

@alexsotob

9 of 41

9

@alexsotob

@alexsotob

10 of 41

10

@alexsotob

@alexsotob

11 of 41

11

@alexsotob

@alexsotob

12 of 41

12

@alexsotob

@alexsotob

13 of 41

  • No Big Bang
  • Deploy != Release
  • Metrics
  • Subset of Users

What is Progressive Delivery?

@alexsotob

@alexsotob

14 of 41

  • Decreases Downtime
  • Limits the tragedy
  • Put to production faster

Why Progressive Delivery?

@alexsotob

@alexsotob

15 of 41

Delivery Techniques

@alexsotob

@alexsotob

16 of 41

16

@alexsotob

@alexsotob

17 of 41

Blue Green Deployment

  • All Or Nothing
  • Quick Rollback

17

@alexsotob

@alexsotob

18 of 41

Canary Releases

  • Small Percentage
  • Increase depending on the metrics

18

@alexsotob

@alexsotob

19 of 41

Dark Launches

  • Mirroring Traffic
  • Dark Canaries
  • Feature Flags

19

@alexsotob

@alexsotob

20 of 41

20

@alexsotob

@alexsotob

21 of 41

Production is not sacrosanct anymore

21

@alexsotob

@alexsotob

22 of 41

The New ¿Pyramid?

22

@alexsotob

@alexsotob

23 of 41

23

@alexsotob

@alexsotob

24 of 41

Kubernetes

@alexsotob

@alexsotob

25 of 41

Blue - Green

25

apiVersion: v1

kind: Service

metadata:

name: my-service

labels:

app: mystuff

spec:

ports:

- name: http

port: 8000

selector:

inservice: myappv1

type: LoadBalancer

apiVersion: apps/v1

kind: Deployment

metadata:

name: mynode-deployment

spec:

replicas: 1

selector:

matchLabels:

app: mynode

template:

metadata:

labels:

app: myappv1

spec:

containers:

- name: mynode

image: quay.io/rhdevelopers/mynode:v1

ports:

- containerPort: 8000

kubectl label pod -l app=mypython inservice=myappv2

@alexsotob

@alexsotob

26 of 41

Canary Releases

kubectl scale deployment myapp-v1 --replicas=3

kubectl scale deployment myapp-v2 --replicas=1

26

@alexsotob

@alexsotob

27 of 41

Canary Release

27

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

name: recommendation

spec:

hosts:

- recommendation

http:

- route:

- destination:

host: recommendation

subset: version-v1

weight: 75

- destination:

host: recommendation

subset: version-v2

weight: 25

@alexsotob

@alexsotob

28 of 41

Shadowing Traffic

28

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

name: recommendation

spec:

hosts:

- recommendation

http:

- route:

- destination:

host: recommendation

subset: version-v1

mirror:

host: recommendation

subset: version-v2

@alexsotob

@alexsotob

29 of 41

Dark Canary

29

apiVersion: networking.istio.io/v1alpha3

kind: VirtualService

metadata:

name: recommendation

spec:

hosts:

- recommendation

http:

- match:

- headers:

end-user:

exact: Alexandra

route:

- destination:

host: recommendation

subset: version-v2

- route:

- destination:

host: recommendation

subset: version-v1

@alexsotob

@alexsotob

30 of 41

31 of 41

Next Generation Microservices - Service Mesh

31

Code Independent (Polyglot)

  • Intelligent Routing and Load-Balancing
    • Smarter Canary Releases
    • Dark Launch
  • Chaos: Fault Injection
  • Resilience: Circuit Breakers
  • Observability & Telemetry: Metrics and Tracing
  • Security: Encryption & Authorization
  • Fleet wide policy enforcement

@alexsotob

@alexsotob

32 of 41

Sidecar Container

32

@alexsotob

@alexsotob

33 of 41

Sidecar Container

Pod

Container

JVM

Service A

Sidecar Container

Pod

Container

JVM

Service C

Sidecar Container

Pod

Container

JVM

Service B

Sidecar Container

With Istio

The sidecar intercepts all network traffic

@alexsotob

34 of 41

Live Demo

35 of 41

The most asked question in Istio sessions

35

@alexsotob

@alexsotob

36 of 41

36

Argo Rollouts

@alexsotob

@alexsotob

37 of 41

Argo Rollouts

37

kubectl apply

rollout

Monitors Data

@alexsotob

@alexsotob

38 of 41

Rolling out automatically

38

apiVersion: argoproj.io/v1alpha1

kind: Rollout

metadata:

name: bubblebackend

labels:

app: bubblebackend

spec:

strategy:

canary:

steps:

- setWeight: 20

- pause:

duration: "1m"

- setWeight: 50

- pause:

duration: "2m"

canaryService: bubble-backend-canary

stableService: bubble-backend

trafficRouting:

istio:

virtualService:

name: bubble-backend

routes:

- primary

@alexsotob

@alexsotob

39 of 41

Live Demo

40 of 41

Let’s Wind Down

@alexsotob

@alexsotob

41 of 41

Final Notes

  • State is always hard, start with stateless
  • Step by Step
  • Embrace GitOps

41

@alexsotob

@alexsotob