Blue-Green Deployment Strategy¶
Introduction¶
A Blue-Green deployment is a change management strategy for releasing new software versions by maintaining two identical environments that are configured exactly the same way, called the Blue and the Green. It is also known as zero downtime or A/B deployment.
The current running production environment is called the Blue environment, whereas the new version of the application is deployed in the Green environment. Once testing has been successful in the Green environment, application traffic is directed to the Green environment. This makes the Green environment the new Blue environment.
Procedures¶
Use the following steps to deploy blue-green strategy in the SPK Application.
Install the TCPTestApp with version 0.11.1 as Blue traffic (refers as actual Virtual Server) using Helm
--set
option with replica count as 2.helm install --version 0.11.1 tcp-testapp-v1 f5ingress-dev/f5ing-testapp --set service.port=8051 --set service.targetPort=8050 --set service.protocol=TCP --set app.destinationAddress=10.35.0.49 --set app.serviceDownAction="POOLMBR_ACTION_REJECT" --set replicaCount=2 --set app.port=8051 -set ingress.enabled=false -set app.snat="SRC_TRANS_AUTOMAP" --namespace=bluegreen-app --set skipSecret=true
Important: The SPK Controller watches this app namespace and pushes it to TMM’s load balancing pool member list.
Note: Once the TCPTestApp is installed, automatically the deployment with version 0.11.1 and the pods under it get created. And also, the ClusterIP service is created.
Verify the STATUS of the TCPTestApp Pod with version 0.11.1:
oc get pod -n bluegreen-app
As we set replicaCount to 2, so 2 pods are created.
NAME READY STATUS RESTARTS AGE tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d 1/1 Running 0 11s tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49 1/1 Running 0 11s
Obtain the ClusterIP service created for TCPTestApp Pods:
In this example, TCPTestApp Pods are installed in the bluegreen-app Project.
oc get svc -n bluegreen-app
In this example, TCPTestApp CLUSTER-IP service is 172.30.167.180 and the PORT(S) is 8051.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE tcp-testapp-v1-f5ing-testapp ClusterIP 172.30.167.180 <none> 8051/TCP 3ms
Verify the STATUS of the TCPTestApp Pods with version 0.11.1 in detail:
oc get pod -n bluegreen-app -o wide
NAME READY STATUS RESTARTS AGE IP NODE tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d 1/1 Running 0 18s 10.128.3.91 worker-1.ocp5.pdhyd.f5net.com tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49 1/1 Running 0 18s 10.131.0.131 worker-0.ocp5.pdhyd.f5net.com
Verify the deploymentbg_v1 status:
oc get deployment -n bluegreen-app
NAME READY UP-TO-DATE AVAILABLE AGE tcp-testapp-v1-f5ing-testapp 1/1 1 1 51m
Verify the traffic is flowing to Blue Virtual Server:
nc -v 10.35.0.49 8051
In this example, the Blue’s Endpoints are responded back.
Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to nc -v 10.35.0.49:8051 Hello echo from TCP server [10.128.3.91]: Hello Friend echo from TCP server [10.131.0.131]: Friend
Install the TCPTestApp with version 0.11.4 as Green traffic (refers to Test Vitrual Server) using Helm
--set
option with replica count as 2.helm install --version 0.11.4 tcp-testapp-v2 f5ingress-dev/f5ing-testapp --set service.port=8051 --set service.targetPort=8050 --set service.protocol=TCP --set app.destinationAddress=10.35.0.51 --set app.serviceDownAction="POOLMBR_ACTION_REJECT" --set replicaCount=2 --set app.port=8051 -set ingress.enabled=false -set app.snat="SRC_TRANS_AUTOMAP" --namespace=bluegreen-app --set skipSecret=true
Verify the total pods created in both the deployments:
oc get pod -n bluegreen-app -o wide
In this example, 2 pods of version 0.11.1 and 2 pods of version 0.11.4 are created.
NAME READY STATUS RESTARTS AGE IP NODE tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d 1/1 Running 0 2m8s 10.128.3.91 worker-1.ocp5.pdhyd.f5net.com tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49 1/1 Running 0 2m8s 10.131.0.131 worker-0.ocp5.pdhyd.f5net.com tcp-testapp-v2-f5ing-testapp-696cd9d4bf-26rwz 1/1 Running 0 13s 10.131.0.132 worker-0.ocp5.pdhyd.f5net.com tcp-testapp-v2-f5ing-testapp-696cd9d4bf-bnvpg 1/1 Running 0 13s 10.128.3.92 worker-1.ocp5.pdhyd.f5net.com
Verify the traffic is flowing to Green Virtual Server:
nc -v 10.35.0.51 8051
In this example, the Green’s Endpoints are responded back.
Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to nc -v 10.35.0.51:8051 Hello echo from TCP server [10.131.0.132]: Hello Friend echo from TCP server [10.128.3.92]: Friend
Modify the Blue (v1) service to change the deployment name from Blue (v1) to Green (v2) to flow the traffic from Blue to Green:
oc patch service tcp-testapp-v1-f5ing-testapp -p '{"spec":{"selector":{"version":"tcp-testapp-v2"}}}' -n bluegreen-app
Note: This change will have very minimal downtime for servicing the traffic.
Verify the traffic is now redirected to Green (Test Virtual Server), when you are trying to access to Blue (Actual Virtual Server):
nc -v 10.35.0.49 8051
In this example, the Green’s Endpoints are responded back.
Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to nc -v 10.35.0.49:8051 Hello echo from TCP server [10.131.0.132]: Hello Friend echo from TCP server [10.128.3.92]: Friend
In this way, the traffic distribution is flowing in between both the deployments.
Rollback¶
If you want to rollback the traffic distribution to the Blue (v1) service, change the deployment name from Green (v2) to Blue (v1) as follows:
oc patch service tcp-testapp-v1-f5ing-testapp -p '{"spec":{"selector":{"version":"tcp-testapp-v1"}}}' -n bluegreen-app
Deletions¶
Once the traffic is now constantly redirected to Green (Test Virtual Server) you can now:
Delete Blue (v1) deployment as follows:
oc delete deployment tcp-testapp-v1-f5ing-testapp -n bluegreen-app
Delete Green (v2) service as follows:
oc delete svc tcp-testapp-v2-f5ing-testapp -n bluegreen-app
Verify the pods:
oc get all -n bluegreen-app
Note: Please notice that the IPs are now updated.
NAME READY STATUS RESTARTS AGE IP NODE tcp-testapp-v2-f5ing-testapp-696cd9d4bf-26rwz 1/1 Running 0 4m30s 10.131.0.132 worker-0.ocp5.pdhyd.f5net.com tcp-testapp-v2-f5ing-testapp-696cd9d4bf-bnvpg 1/1 Running 0 4m30s 10.128.3.92 worker-1.ocp5.pdhyd.f5net.com
Verify the traffic response is from Blue (Actual Virtual Server) with latest version:
nc -v 10.35.0.49 8051
In this example, the Blue’s Endpoints are responded back with latest version.
Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to nc -v 10.35.0.49:8051 Hello echo from TCP server [10.128.3.92]: Hello Friend echo from TCP server [10.128.3.92]: Friend
Feedback¶
Provide feedback to improve this document by emailing spkdocs@f5.com.