[v2 Pre-release] feat: Canary Ingress
Description
For the ~"Release::P1" %13.4 issue, we need to introduce Canary Ingress into Auto Deploy architecture. This special type of ingress is used for the advanced traffic routing.
This MR introduces the following changes to achieve the goal:
- Each namespace creates one Ingress for the stable track. (Same)
- Each namespace creates one Canary Ingress for the canary track.
- Each track has a dedicated service. Previously, one service was shared in different tracks in order to control traffic routing by changing the replica count of deployments. This feature is replaced by the Canary Ingress's weight control. By the same reason,
percentage
argument is removed. -
rollout
track is deleted as it's covered bycanary
track. - For more details, please see the following diagrams
This new auto-deploy-image requires a change in a template side. Please check gitlab-org/gitlab!39438 (merged) for the change.
The the previous chart is not compatible with this chart, hence it's marked as BREAKING CHANGE in the commit body.
V1 resource architecture
graph TD;
subgraph gl-managed-app
Z[Nginx Ingress]
end
Z[Nginx Ingress] --> A(Ingress);
Z[Nginx Ingress] --> B(Ingress);
subgraph stg namespace
B[Ingress] --> H(...);
end
subgraph prd namespace
A[Ingress] --> D(Service);
D[Service] --> E(Deployment:Pods:app:stable);
D[Service] --> F(Deployment:Pods:app:canary);
D[Service] --> I(Deployment:Pods:app:rollout);
E(Deployment:Pods:app:stable)---id1[(Pods:Postgres)]
F(Deployment:Pods:app:canary)---id1[(Pods:Postgres)]
I(Deployment:Pods:app:rollout)---id1[(Pods:Postgres)]
end
Proposal: V2 resource architecture
graph TD;
subgraph gl-managed-app
Z[Nginx Ingress]
end
Z[Nginx Ingress] --> A(Ingress);
Z[Nginx Ingress] --> B(Ingress);
Z[Nginx Ingress] --> |If canary=true|J(Canary Ingress);
subgraph stg namespace
B[Ingress] --> H(...);
end
subgraph prd namespace
subgraph stable track
A[Ingress] --> D[Service];
D[Service] --> E(Deployment:Pods:app:stable);
end
subgraph canary track
J(Canary Ingress) --> K[Service]
K[Service] --> F(Deployment:Pods:app:canary);
end
E(Deployment:Pods:app:stable)---id1[(Pods:Postgres)]
F(Deployment:Pods:app:canary)---id1[(Pods:Postgres)]
end
Related
Manual QA
Test Conditions
- Date: Sep 11th, 2020
- Auto DevOps project: https://gitlab.com/dosuken123/new-sentimentality
- .gitlab-ci.yml: https://gitlab.com/dosuken123/new-sentimentality/-/blob/master/.gitlab-ci.yml
Subject: Auto Deploy pipeline (auto-deploy-image)
Context: When there are no deployments exist in production environment
Context: When deploy stable track to the production environment
It: creates production and production-postgres releases =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ helm ls -n new-sentimentality-19561312-production
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
production new-sentimentality-19561312-production 1 2020-09-11 08:09:39.285440412 +0000 UTC deployed auto-deploy-app-2.0.0-beta.2
production-postgresql new-sentimentality-19561312-production 1 2020-09-11 08:09:00.284318346 +0000 UTC deployed postgresql-8.2.1 11.6.0
It: lets user access to the production environment. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>'
<p>Sep 11!</p>
It: shows two stable pods in the deploy board =>
Context: When deploy canary track to the production environment
It: creates production-canary release =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ helm ls -n new-sentimentality-19561312-production
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
production new-sentimentality-19561312-production 1 2020-09-11 08:09:39.285440412 +0000 UTC deployed auto-deploy-app-2.0.0-beta.2
production-canary new-sentimentality-19561312-production 1 2020-09-11 08:19:25.461126592 +0000 UTC deployed auto-deploy-app-2.0.0-beta.2
production-postgresql new-sentimentality-19561312-production 2 2020-09-11 08:19:10.466525935 +0000 UTC deployed postgresql-8.2.1 11.6.0
It: sets annotations for canary ingress =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ k describe ingress production-canary -n new-sentimentality-19561312-production
Name: production-canary-auto-deploy
Namespace: new-sentimentality-19561312-production
Address: 35.240.221.142
Default backend: default-http-backend:80 (10.12.1.5:8080)
TLS:
production-canary-auto-deploy-tls terminates le-19561312.35.185.182.68.nip.io,dosuken123-new-sentimentality.35.185.182.68.nip.io
Rules:
Host Path Backends
---- ---- --------
dosuken123-new-sentimentality.35.185.182.68.nip.io
/ production-canary-auto-deploy:5000 (10.12.0.50:5000,10.12.1.44:5000)
le-19561312.35.185.182.68.nip.io
/ production-canary-auto-deploy:5000 (10.12.0.50:5000,10.12.1.44:5000)
Annotations: kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: true
meta.helm.sh/release-name: production-canary
meta.helm.sh/release-namespace: new-sentimentality-19561312-production
nginx.ingress.kubernetes.io/canary: true
nginx.ingress.kubernetes.io/canary-by-header: canary
nginx.ingress.kubernetes.io/canary-weight: 50
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 2m40s nginx-ingress-controller Ingress new-sentimentality-19561312-production/production-canary-auto-deploy
Normal UPDATE 106s nginx-ingress-controller Ingress new-sentimentality-19561312-production/production-canary-auto-deploy
It: lets user access to the stable track by roughly 50% chance with canary weight control. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 11!</p>'; done | wc -l
56
It: lets user access to the canary track by roughly 50% chance with canary weight control. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 12!</p>'; done | wc -l
58
It: lets user access to the canary track by 100% chance when user specifies the canary header. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -H 'canary: always' -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 12!</p>'; done | wc -l
100
It: shows two canary pods in the deploy board =>
Context: When promote canary track to the the stable track
It: deletes production-canary release =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ helm ls -n new-sentimentality-19561312-production
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
production new-sentimentality-19561312-production 2 2020-09-11 08:26:16.228828314 +0000 UTC deployed auto-deploy-app-2.0.0-beta.2
production-postgresql new-sentimentality-19561312-production 3 2020-09-11 08:26:00.528943852 +0000 UTC deployed postgresql-8.2.1 11.6.0
It: lets user access to the stable track by 100% chance. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 12!</p>'; done | wc -l
100
It: shows two stable pods in the deploy board =>
Context: When Incremental Rollout is performed.
Context: When 25% rolled out
It: lets user access to the canary track by 25% chance. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 13!</p>'; done | wc -l
27
Context: When 50% rolled out
It: lets user access to the canary track by 50% chance. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 13!</p>'; done | wc -l
49
Context: When 100% rolled out
It: lets user access to the canary track by 100% chance. =>
shinya@shinya-MS-7A34:~/workspace/auto-deploy-image/src/bin$ for i in {1..100}; do curl -s --insecure https://dosuken123-new-sentimentality.35.185.182.68.nip.io/ | grep '<p>Sep 13!</p>'; done | wc -l
100
It: shows two stable pods in the deploy board =>
Context: When stable track already exists in the production and it was deployed with the v1 chart.
Context: When deploy stable track to the production environment
It: fails with a warning message to upgrade their deployment for the v2 chart. =>
It failed because of the Helm3 compatibility issue, this will be handled in the by helm-2to3
, hence it's out of context. If it doesn't have the issue, it should show a Major version mismatch warning
$ auto-deploy deploy
Error: release: not found
Release "production-postgresql" does not exist. Installing it now.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "production-postgresql" in namespace "new-sentimentality-19561312-production" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "production-postgresql"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "new-sentimentality-19561312-production"
https://gitlab.com/dosuken123/new-sentimentality/-/jobs/720751582