← Back to posts

Running Canary Deployments using Istio

Feb 23, 2023 by Parth Srivastav

Continuous Deployment is essential for rapidly releasing new features and delivering value to your customers. However, the fear of making a bad change that negatively impacts customers stops companies from adopting Continuous Deployment. Despite best efforts, bad changes inevitably make it to production and cause outages.

However, there is a solution to this problem. Canary deployment strategies help minimize the blast radius of a bad change. Continuous Deployment-as-a-Service now supports canary deployments using the Istio service mesh. With this addition, it is now possible to run fine-grained canary deployments on multiple services in lock-step and roll them back together

What is a Canary Deployment?

Canary deployments are a popular method of releasing software updates to production environments. This approach involves releasing the new version of an application to a small subset of users before rolling it out to the rest of the production environment. This allows development teams to identify and fix any issues before a change is fully rolled out.

The main benefit of canary deployments is that they reduce the risk and allow problems to be identified before they impact 100% of the user base. Allowing for faster rollbacks, and greater reliability.

What is a Service Mesh?

As per the Service Mesh Manifesto, “A service mesh is a bunch of userspace proxies, stuck “next” to your services, plus a set of management processes”. Service Meshes provides a secure, reliable, and scalable communication layer that can be used to control traffic between services. In the context of canary deployments, service meshes allow controlling traffic between different versions of the application.

Istio is one of the most popular service meshes in the Kubernetes landscape and a really powerful one at that. With Istio, developers can reliably direct as little as 1% of overall traffic to the newer version. Thus, limiting the blast radius of a potential bad change.

Canary deployment in CD-as-a-Service

Continuous Deployment-as-a-Service provides canary deployment strategies out-of-the-box for Kubernetes applications. Historically, CD-as-a-Service supports canary deployments for users who have not adopted service meshes or users who use service meshes compliant with Service Mesh Interface standard. Read more about Pod-ratio canary and canary deployments using Service Mesh Interface here.

CD-as-a-Service has now added support for Istio service mesh to be used for canary deployments. Istio allows shaping traffic using Istio CRDs in VirtualService and DestinationRule.

A VirtualService allows defining exactly how the traffic is split across different subsets of the DestinationRule. Defining subsets in DestinationRule allows pointing to different versions of the application. Working in combination, it can be used to direct small amount of traffic to the new version of the application.

While being really powerful tools, they are not sufficient on their own. There needs to be a controller that can manipulate these resources during deployment. CD-as-a-Service works as that controller. CD-as-a-Service allows defining the canary strategy declaratively. While running the deployment, CD-as-a-Service manipulates VirtualService and DestinationRule on the cluster.

Continuous Deployment-as-a-Service can deploy multiple services in a single step and roll them back together, and that remains true when using Istio for canary deployments. For Example, it’s possible to deploy Frontend and backend services together and roll both services back if one fails. It automatically identifies which resources map to which services and modifies multiple Istio VirtualServices and DestinationRules. This allows canary deployment strategy for applications that have dependencies.

In conclusion, canary strategies can help reduce the blast radius of a potential bad change. CD-as-a-Service working with Istio further empowers the canary deployments, allowing traffic increments as little as 1%. Traffic shifts and rollbacks are nearly instantaneous and allow application and platform teams to get reliable continuous deployments without any downtime.

Get started for free with Continuous Deployment-as-a-Service and level up your deployment strategies.

Continuous Deployment-as-a-Service deployment using Istio.
A CD-as-a-Service deployment directing 15% traffic to two different services using Istio.

Run Canary Analysis with Istio on CD-as-a-Service

Continuous Deployment-as-a-Service now supports Istio service mesh to run fine-grained Canary Analysis.

Read More
Share this post:

Recently Published Posts

Lambda Deployment is now supported by Armory CD-as-a-Service

Nov 28, 2023

Armory simplifies serverless deployment: Armory Continuous Deployment-as-a-Service extends its robust deployment capabilities to AWS Lambda.

Read more

New Feature: Trigger Nodes and Source Context

Sep 29, 2023

The Power of Graphs for Ingesting and Acting on Complex Orchestration Logic We’ve been having deep conversations with customers and peer thought leaders about the challenges presented by executing multi-environment continuous deployment, and have developed an appreciation for the power of using visual tools such as directed acyclic graphs (DAG) to understand and share the […]

Read more

Continuous Deployments meet Continuous Communication

Sep 7, 2023

Automation and the SDLC Automating the software development life cycle has been one of the highest priorities for teams since development became a profession. We know that automation can cut down on burnout and increase efficiency, giving back time to ourselves and our teams to dig in and bust out innovative ideas. If it’s not […]

Read more