Running Canary Deployments using Istio

Feb 23, 2023 by Parth Srivastav

Continuous Deployment is essential for rapidly releasing new features and delivering value to your customers. However, the fear of making a bad change that negatively impacts customers stops companies from adopting Continuous Deployment. Despite best efforts, bad changes inevitably make it to production and cause outages.

However, there is a solution to this problem. Canary deployment strategies help minimize the blast radius of a bad change. Continuous Deployment-as-a-Service now supports canary deployments using the Istio service mesh. With this addition, it is now possible to run fine-grained canary deployments on multiple services in lock-step and roll them back together

What is a Canary Deployment?

Canary deployments are a popular method of releasing software updates to production environments. This approach involves releasing the new version of an application to a small subset of users before rolling it out to the rest of the production environment. This allows development teams to identify and fix any issues before a change is fully rolled out.

The main benefit of canary deployments is that they reduce the risk and allow problems to be identified before they impact 100% of the user base. Allowing for faster rollbacks, and greater reliability.

What is a Service Mesh?

As per the Service Mesh Manifesto, “A service mesh is a bunch of userspace proxies, stuck “next” to your services, plus a set of management processes”. Service Meshes provides a secure, reliable, and scalable communication layer that can be used to control traffic between services. In the context of canary deployments, service meshes allow controlling traffic between different versions of the application.

Istio is one of the most popular service meshes in the Kubernetes landscape and a really powerful one at that. With Istio, developers can reliably direct as little as 1% of overall traffic to the newer version. Thus, limiting the blast radius of a potential bad change.

Canary deployment in CD-as-a-Service

Continuous Deployment-as-a-Service provides canary deployment strategies out-of-the-box for Kubernetes applications. Historically, CD-as-a-Service supports canary deployments for users who have not adopted service meshes or users who use service meshes compliant with Service Mesh Interface standard. Read more about Pod-ratio canary and canary deployments using Service Mesh Interface here.

CD-as-a-Service has now added support for Istio service mesh to be used for canary deployments. Istio allows shaping traffic using Istio CRDs in VirtualService and DestinationRule.

A VirtualService allows defining exactly how the traffic is split across different subsets of the DestinationRule. Defining subsets in DestinationRule allows pointing to different versions of the application. Working in combination, it can be used to direct small amount of traffic to the new version of the application.

While being really powerful tools, they are not sufficient on their own. There needs to be a controller that can manipulate these resources during deployment. CD-as-a-Service works as that controller. CD-as-a-Service allows defining the canary strategy declaratively. While running the deployment, CD-as-a-Service manipulates VirtualService and DestinationRule on the cluster.

Continuous Deployment-as-a-Service can deploy multiple services in a single step and roll them back together, and that remains true when using Istio for canary deployments. For Example, it’s possible to deploy Frontend and backend services together and roll both services back if one fails. It automatically identifies which resources map to which services and modifies multiple Istio VirtualServices and DestinationRules. This allows canary deployment strategy for applications that have dependencies.

In conclusion, canary strategies can help reduce the blast radius of a potential bad change. CD-as-a-Service working with Istio further empowers the canary deployments, allowing traffic increments as little as 1%. Traffic shifts and rollbacks are nearly instantaneous and allow application and platform teams to get reliable continuous deployments without any downtime.

Get started for free with Continuous Deployment-as-a-Service and level up your deployment strategies.

Continuous Deployment-as-a-Service deployment using Istio.
A CD-as-a-Service deployment directing 15% traffic to two different services using Istio.

Run Canary Analysis with Istio on CD-as-a-Service

Continuous Deployment-as-a-Service now supports Istio service mesh to run fine-grained Canary Analysis.

Share this post:

Recently Published Posts

Continuous Deployments meet Continuous Communication

Sep 7, 2023

Automation and the SDLC Automating the software development life cycle has been one of the highest priorities for teams since development became a profession. We know that automation can cut down on burnout and increase efficiency, giving back time to ourselves and our teams to dig in and bust out innovative ideas. If it’s not […]

Read more

Happy 7th Birthday, Armory!

Aug 21, 2023

Happy 7th birthday, Armory! Today we’re celebrating Armory’s 7th birthday. The parenting/startups analogy is somewhat overused but timely as many families (at least in the US) are sending their kids back to school this week. They say that parenting doesn’t get easier with age – the challenges simply change as children grow, undoubtedly true for […]

Read more

Visit the New Armory Developer Portal

Aug 11, 2023

Easier Access to Tutorials, Release Notes, Documentation, and More! Developer Experience (DX) is one of Armory’s top focuses for 2023. In addition to improving developer experience through Continuous Deployment, we’re also working hard to improve DX for all of our solutions.  According to ThoughtWorks, poor information management and dissemination accounts for a large percentage of […]

Read more