Blue-Green Deployment Strategy

Introduction

A Blue-Green deployment is a change management strategy for releasing new software versions by maintaining two identical environments that are configured exactly the same way, called the Blue and the Green. It is also known as zero downtime or A/B deployment.

The current running production environment is called the Blue environment, whereas the new version of the application is deployed in the Green environment. Once testing has been successful in the Green environment, application traffic is directed to the Green environment. This makes the Green environment the new Blue environment.

Procedures

Use the following steps to deploy blue-green strategy in the SPK Application.

1. Install the TCPTestApp with version 0.11.1 as Blue traffic (refers as actual Virtual Server) using Helm --set option with replica count as 2.

   helm install --version 0.11.1 tcp-testapp-v1 f5ingress-dev/f5ing-testapp --set service.port=8051 --set service.targetPort=8050 --set service.protocol=TCP --set app.destinationAddress=10.35.0.49 --set app.serviceDownAction="POOLMBR_ACTION_REJECT" --set replicaCount=2 --set app.port=8051 -set ingress.enabled=false -set app.snat="SRC_TRANS_AUTOMAP" --namespace=bluegreen-app --set skipSecret=true   
   

   Important: The SPK Controller watches this app namespace and pushes it to TMM’s load balancing pool member list.

   Note: Once the TCPTestApp is installed, automatically the deployment with version 0.11.1 and the pods under it get created. And also, the ClusterIP service is created.

   • Download to view example status for deployment (deploymentbg_v1 file here) and service (servicebg_v1 file here)

2. Verify the STATUS of the TCPTestApp Pod with version 0.11.1:

   oc get pod -n bluegreen-app 
   

   As we set replicaCount to 2, so 2 pods are created.

   NAME                                            READY      STATUS      RESTARTS      AGE
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d    1/1        Running     0             11s
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49    1/1        Running     0             11s
   

3. Obtain the ClusterIP service created for TCPTestApp Pods:

   In this example, TCPTestApp Pods are installed in the bluegreen-app Project.

   oc get svc -n bluegreen-app
   

   In this example, TCPTestApp CLUSTER-IP service is 172.30.167.180 and the PORT(S) is 8051.

   NAME                             TYPE        CLUSTER-IP       EXTERNAL-IP     PORT(S)      AGE
   tcp-testapp-v1-f5ing-testapp     ClusterIP   172.30.167.180   <none>          8051/TCP     3ms
   

4. Verify the STATUS of the TCPTestApp Pods with version 0.11.1 in detail:

   oc get pod -n bluegreen-app -o wide
   

   NAME 	                                        READY     STATUS     RESTARTS    AGE    IP            NODE
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d    1/1       Running    0           18s	10.128.3.91   worker-1.ocp5.pdhyd.f5net.com
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49    1/1       Running    0           18s    10.131.0.131  worker-0.ocp5.pdhyd.f5net.com
   

5. Verify the deploymentbg_v1 status:

   oc get deployment -n bluegreen-app
   

   NAME                             READY      UP-TO-DATE      AVAILABLE      AGE
   tcp-testapp-v1-f5ing-testapp     1/1        1               1              51m
   

6. Verify the traffic is flowing to Blue Virtual Server:

   nc -v 10.35.0.49 8051 
   

   In this example, the Blue’s Endpoints are responded back.

   Ncat: Version 7.50 ( https://nmap.org/ncat )
   Ncat: Connected to nc -v 10.35.0.49:8051
   Hello
   echo from TCP server [10.128.3.91]: Hello
   Friend
   echo from TCP server [10.131.0.131]: Friend
   

7. Install the TCPTestApp with version 0.11.4 as Green traffic (refers to Test Vitrual Server) using Helm --set option with replica count as 2.

   helm install --version 0.11.4 tcp-testapp-v2 f5ingress-dev/f5ing-testapp --set service.port=8051 --set service.targetPort=8050 --set service.protocol=TCP --set app.destinationAddress=10.35.0.51 --set app.serviceDownAction="POOLMBR_ACTION_REJECT" --set replicaCount=2 --set app.port=8051 -set ingress.enabled=false -set app.snat="SRC_TRANS_AUTOMAP" --namespace=bluegreen-app --set skipSecret=true   
   

   • Download to view example status for deployment (deploymentbg_v2 file here) and service (servicebg_v2 file here)

8. Verify the total pods created in both the deployments:

   oc get pod -n bluegreen-app -o wide
   

   In this example, 2 pods of version 0.11.1 and 2 pods of version 0.11.4 are created.

   NAME                                           READY   STATUS    RESTARTS    AGE       IP             NODE      
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-4sh7d   1/1     Running   0           2m8s      10.128.3.91    worker-1.ocp5.pdhyd.f5net.com
   tcp-testapp-v1-f5ing-testapp-5d5f58cff-j8q49   1/1     Running   0           2m8s      10.131.0.131   worker-0.ocp5.pdhyd.f5net.com
   tcp-testapp-v2-f5ing-testapp-696cd9d4bf-26rwz  1/1     Running   0           13s       10.131.0.132   worker-0.ocp5.pdhyd.f5net.com
   tcp-testapp-v2-f5ing-testapp-696cd9d4bf-bnvpg  1/1     Running   0           13s       10.128.3.92    worker-1.ocp5.pdhyd.f5net.com
   

9. Verify the traffic is flowing to Green Virtual Server:

   nc -v 10.35.0.51 8051 
   

   In this example, the Green’s Endpoints are responded back.

   Ncat: Version 7.50 ( https://nmap.org/ncat )
   Ncat: Connected to nc -v 10.35.0.51:8051
   Hello
   echo from TCP server [10.131.0.132]: Hello
   Friend
   echo from TCP server [10.128.3.92]: Friend
   

10. Modify the Blue (v1) service to change the deployment name from Blue (v1) to Green (v2) to flow the traffic from Blue to Green:

    oc patch service tcp-testapp-v1-f5ing-testapp  -p '{"spec":{"selector":{"version":"tcp-testapp-v2"}}}' -n bluegreen-app
    

    Note: This change will have very minimal downtime for servicing the traffic.

11. Verify the traffic is now redirected to Green (Test Virtual Server), when you are trying to access to Blue (Actual Virtual Server):

    nc -v 10.35.0.49 8051 
    

    In this example, the Green’s Endpoints are responded back.

    Ncat: Version 7.50 ( https://nmap.org/ncat )
    Ncat: Connected to nc -v 10.35.0.49:8051
    Hello
    echo from TCP server [10.131.0.132]: Hello
    Friend
    echo from TCP server [10.128.3.92]: Friend
    

In this way, the traffic distribution is flowing in between both the deployments.

Rollback

If you want to rollback the traffic distribution to the Blue (v1) service, change the deployment name from Green (v2) to Blue (v1) as follows:

oc patch service tcp-testapp-v1-f5ing-testapp  -p '{"spec":{"selector":{"version":"tcp-testapp-v1"}}}' -n bluegreen-app

Deletions

Once the traffic is now constantly redirected to Green (Test Virtual Server) you can now:

1. Delete Blue (v1) deployment as follows:

   oc delete deployment tcp-testapp-v1-f5ing-testapp -n bluegreen-app   
   

2. Delete Green (v2) service as follows:

   oc delete svc tcp-testapp-v2-f5ing-testapp -n bluegreen-app   
   

3. Verify the pods:

   oc get all -n bluegreen-app   
   

   Note: Please notice that the IPs are now updated.

    NAME                                           READY   STATUS    RESTARTS    AGE         IP             NODE      
    tcp-testapp-v2-f5ing-testapp-696cd9d4bf-26rwz  1/1     Running   0           4m30s       10.131.0.132   worker-0.ocp5.pdhyd.f5net.com
    tcp-testapp-v2-f5ing-testapp-696cd9d4bf-bnvpg  1/1     Running   0           4m30s       10.128.3.92    worker-1.ocp5.pdhyd.f5net.com
   

4. Verify the traffic response is from Blue (Actual Virtual Server) with latest version:

   nc -v 10.35.0.49 8051 
   

   In this example, the Blue’s Endpoints are responded back with latest version.

   Ncat: Version 7.50 ( https://nmap.org/ncat )
   Ncat: Connected to nc -v 10.35.0.49:8051
   Hello
   echo from TCP server [10.128.3.92]: Hello
   Friend
   echo from TCP server [10.128.3.92]: Friend
   

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.