← Back to posts

Running Canary Deployments using Istio

Feb 23, 2023 by Parth Srivastav

Continuous Deployment is essential for rapidly releasing new features and delivering value to your customers. However, the fear of making a bad change that negatively impacts customers stops companies from adopting Continuous Deployment. Despite best efforts, bad changes inevitably make it to production and cause outages.

However, there is a solution to this problem. Canary deployment strategies help minimize the blast radius of a bad change. Continuous Deployment-as-a-Service now supports canary deployments using the Istio service mesh. With this addition, it is now possible to run fine-grained canary deployments on multiple services in lock-step and roll them back together

What is a Canary Deployment?

Canary deployments are a popular method of releasing software updates to production environments. This approach involves releasing the new version of an application to a small subset of users before rolling it out to the rest of the production environment. This allows development teams to identify and fix any issues before a change is fully rolled out.

The main benefit of canary deployments is that they reduce the risk and allow problems to be identified before they impact 100% of the user base. Allowing for faster rollbacks, and greater reliability.

What is a Service Mesh?

As per the Service Mesh Manifesto, “A service mesh is a bunch of userspace proxies, stuck “next” to your services, plus a set of management processes”. Service Meshes provides a secure, reliable, and scalable communication layer that can be used to control traffic between services. In the context of canary deployments, service meshes allow controlling traffic between different versions of the application.

Istio is one of the most popular service meshes in the Kubernetes landscape and a really powerful one at that. With Istio, developers can reliably direct as little as 1% of overall traffic to the newer version. Thus, limiting the blast radius of a potential bad change.

Canary deployment in CD-as-a-Service

Continuous Deployment-as-a-Service provides canary deployment strategies out-of-the-box for Kubernetes applications. Historically, CD-as-a-Service supports canary deployments for users who have not adopted service meshes or users who use service meshes compliant with Service Mesh Interface standard. Read more about Pod-ratio canary and canary deployments using Service Mesh Interface here.

CD-as-a-Service has now added support for Istio service mesh to be used for canary deployments. Istio allows shaping traffic using Istio CRDs in VirtualService and DestinationRule.

A VirtualService allows defining exactly how the traffic is split across different subsets of the DestinationRule. Defining subsets in DestinationRule allows pointing to different versions of the application. Working in combination, it can be used to direct small amount of traffic to the new version of the application.

While being really powerful tools, they are not sufficient on their own. There needs to be a controller that can manipulate these resources during deployment. CD-as-a-Service works as that controller. CD-as-a-Service allows defining the canary strategy declaratively. While running the deployment, CD-as-a-Service manipulates VirtualService and DestinationRule on the cluster.

Continuous Deployment-as-a-Service can deploy multiple services in a single step and roll them back together, and that remains true when using Istio for canary deployments. For Example, it’s possible to deploy Frontend and backend services together and roll both services back if one fails. It automatically identifies which resources map to which services and modifies multiple Istio VirtualServices and DestinationRules. This allows canary deployment strategy for applications that have dependencies.

In conclusion, canary strategies can help reduce the blast radius of a potential bad change. CD-as-a-Service working with Istio further empowers the canary deployments, allowing traffic increments as little as 1%. Traffic shifts and rollbacks are nearly instantaneous and allow application and platform teams to get reliable continuous deployments without any downtime.

Get started for free with Continuous Deployment-as-a-Service and level up your deployment strategies.

Continuous Deployment-as-a-Service deployment using Istio.
A CD-as-a-Service deployment directing 15% traffic to two different services using Istio.

Run Canary Analysis with Istio on CD-as-a-Service

Continuous Deployment-as-a-Service now supports Istio service mesh to run fine-grained Canary Analysis.

Read More
Share this post:

Recently Published Posts

What to Look For in Software Delivery Automation Tools

Mar 17, 2023

Software delivery automation tools can accelerate and improve the deployment process. DevOps engineers know that quickly delivering high-quality software to customers is critical to maintaining their company’s competitive advantage. Yet, enterprises often need help with implementing modern software delivery practices.   The market offers many software delivery automation products, each with different features. Choosing the […]

Read more

Release Roundup – March 2023

Mar 16, 2023

Spring has sprung and the Armory crew is feeling the good vibes. Across our continuous deployment solutions, we’re adding features and updates to make developers’ lives easier and help organizations enable better deployment practices at scale.  Here’s how you can stay in the loop on the latest releases, keep up with our various products, as […]

Read more

New Spinnaker Operator Updates Now available for the Spinnaker Community

Mar 15, 2023

Stay up-to-date with the latest Kubernetes release with Spinnaker. The Armory crew has worked diligently the past several weeks to release a new stable version of OSS Operator (1.3.0). This is the first release in just over 18 months and is now available for the open source community.  What Changed? The Spinnaker Operator is the […]

Read more