Running Canary Deployments using Istio
Feb 23, 2023 by Parth Srivastav
Continuous Deployment is essential for rapidly releasing new features and delivering value to your customers. However, the fear of making a bad change that negatively impacts customers stops companies from adopting Continuous Deployment. Despite best efforts, bad changes inevitably make it to production and cause outages.
However, there is a solution to this problem. Canary deployment strategies help minimize the blast radius of a bad change. Continuous Deployment-as-a-Service now supports canary deployments using the Istio service mesh. With this addition, it is now possible to run fine-grained canary deployments on multiple services in lock-step and roll them back together
What is a Canary Deployment?
Canary deployments are a popular method of releasing software updates to production environments. This approach involves releasing the new version of an application to a small subset of users before rolling it out to the rest of the production environment. This allows development teams to identify and fix any issues before a change is fully rolled out.
The main benefit of canary deployments is that they reduce the risk and allow problems to be identified before they impact 100% of the user base. Allowing for faster rollbacks, and greater reliability.
What is a Service Mesh?
As per the Service Mesh Manifesto, “A service mesh is a bunch of userspace proxies, stuck “next” to your services, plus a set of management processes”. Service Meshes provides a secure, reliable, and scalable communication layer that can be used to control traffic between services. In the context of canary deployments, service meshes allow controlling traffic between different versions of the application.
Istio is one of the most popular service meshes in the Kubernetes landscape and a really powerful one at that. With Istio, developers can reliably direct as little as 1% of overall traffic to the newer version. Thus, limiting the blast radius of a potential bad change.
Canary deployment in CD-as-a-Service
Continuous Deployment-as-a-Service provides canary deployment strategies out-of-the-box for Kubernetes applications. Historically, CD-as-a-Service supports canary deployments for users who have not adopted service meshes or users who use service meshes compliant with Service Mesh Interface standard. Read more about Pod-ratio canary and canary deployments using Service Mesh Interface here.
CD-as-a-Service has now added support for Istio service mesh to be used for canary deployments. Istio allows shaping traffic using Istio CRDs in VirtualService and DestinationRule.
A VirtualService
allows defining exactly how the traffic is split across different subsets of the DestinationRule
. Defining subsets in DestinationRule
allows pointing to different versions of the application. Working in combination, it can be used to direct small amount of traffic to the new version of the application.
While being really powerful tools, they are not sufficient on their own. There needs to be a controller that can manipulate these resources during deployment. CD-as-a-Service works as that controller. CD-as-a-Service allows defining the canary strategy declaratively. While running the deployment, CD-as-a-Service manipulates VirtualService and DestinationRule on the cluster.
Continuous Deployment-as-a-Service can deploy multiple services in a single step and roll them back together, and that remains true when using Istio for canary deployments. For Example, it’s possible to deploy Frontend and backend services together and roll both services back if one fails. It automatically identifies which resources map to which services and modifies multiple Istio VirtualServices and DestinationRules. This allows canary deployment strategy for applications that have dependencies.
In conclusion, canary strategies can help reduce the blast radius of a potential bad change. CD-as-a-Service working with Istio further empowers the canary deployments, allowing traffic increments as little as 1%. Traffic shifts and rollbacks are nearly instantaneous and allow application and platform teams to get reliable continuous deployments without any downtime.
Get started for free with Continuous Deployment-as-a-Service and level up your deployment strategies.


Run Canary Analysis with Istio on CD-as-a-Service
Continuous Deployment-as-a-Service now supports Istio service mesh to run fine-grained Canary Analysis.