首页 > 其他分享 >Argo Rollouts Canary 基础

Argo Rollouts Canary 基础

时间:2023-12-15 19:56:26浏览次数:28  
标签:name Rollouts route canary Canary Argo Pod match

Argo Rollouts Canary 概述

金丝雀部署是一种部署策略,将一小部分生产流量发布到新版本的应用程序。

Argo Rollouts Canary 完整配置

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: example-rollout-canary
spec:
  # 运行的Pod实例数量,默认为1.
  # Defaults to 1.
  replicas: 5
  analysis:
    # 保留成功的数量
    # Defaults to 5.
    successfulRunHistoryLimit: 10
    # 保留失败的数量 
    # Stages for unsuccessful: "Error", "Failed", "Inconclusive"
    # Defaults to 5.
    unsuccessfulRunHistoryLimit: 10

  # 筛选Pod对象的标签选择器.
  selector:
    matchLabels:
      app: guestbook

  # WorkloadRef holds a references to a workload that provides Pod template 
  # (e.g. Deployment). If used, then do not use Rollout template property.
  workloadRef: 
    apiVersion: apps/v1
    kind: Deployment
    name: rollout-ref-deployment
    # 指定迁移到 Rollout 后是否缩减工作负载(Deployment)
    # "never": Deployment 不会减少
    # "onsuccess": 在 Rollout 变得健康后,Deployment会减少
    # "progressively": 随着 Rollout 的增加,Deployment 也随之减少 
    # If the Rollout fails the Deployment will be scaled back up.
    scaleDown: never|onsuccess|progressively

  # Template describes the pods that will be created. Same as deployment.
  # If used, then do not use Rollout workloadRef property. 
  template:
    spec:
      containers:
      - name: guestbook
        image: argoproj/rollouts-demo:blue

  # 无容器crash的情况下,新建的Pod被视为可用的最短时长,默认为0,即立即转为Ready
  minReadySeconds: 30

  # 更新历史中保留的ReplicaSet Revision数量.
  # Defaults to 10
  revisionHistoryLimit: 3

  # 是否置为暂停状态
  paused: true

  # 更新过程中,更新步骤的最大等待时长,默认为600秒;
  # Defaults to 600s
  progressDeadlineSeconds: 600

  # 未使用analysis或experiment而progressDeadlineSeconds超时的情况下,是否中止更新过程,默认为false;
  progressDeadlineAbort: false

  # 重启Pod的时刻,其值为UTC时间戳格式;
  restartAt: "2020-03-30T21:19:35Z"

  # 回滚窗口
  rollbackWindow:
    revisions: 3

  # 更新策略,支持canary和blueGreen两种;
  strategy:  
    canary:

      # 由控制器用来匹配到Canary Pods上的Service,trafficRouting依赖于该字段;
      canaryService: canary-service

      # 由控制器用来匹配到Stable Pods上的Service, trafficRouting依赖于该字段;
      stableService: stable-service

      # 需要添加到Canary版本的Pod上的元数据,仅存于Canary更新期间,更新完成后即成为Stable;
      canaryMetadata:
        annotations:
          role: canary
        labels:
          role: canary

      # 需要添加到Stable版本的Pod上的元数据;
      stableMetadata:
        annotations:
          role: stable
        labels:
          role: stable

      # 更新期间最多允许处于不可用状态的Pod数量或百分比
      maxUnavailable: 1

      # maxSurge 定义了 rollout 可以创建的最大副本数,以移动到最后 setWeight 设置的正确比率。maxSurge可以是整数或字符串形式的百分比
      maxSurge: "20%"

      # 启用了trafficRouting时,缩容前一个ReplicaSet规模的延迟时长,默认为30s;
      scaleDownDelaySeconds: 30

      # The minimum number of pods that will be requested for each ReplicaSet
      # when using traffic routed canary. This is to ensure high availability
      # of each ReplicaSet. Defaults to 1. +optional
      minPodsPerReplicaSet: 2

      # 在旧RS上启动缩容之前,可运行着的旧RS的数量;
      scaleDownDelayRevisionLimit: 2

      # 在滚动更新期间于后台运行的analysis,可选;
      analysis:
        templates:
        - templateName: success-rate
        args:
        - name: service-name
          value: guestbook-svc.default.svc.cluster.local

        # valueFrom.podTemplateHashValue is a convenience to supply the
        # rollouts-pod-template-hash value of either the Stable ReplicaSet
        # or the Latest ReplicaSet
        - name: stable-hash
          valueFrom:
            podTemplateHashValue: Stable
        - name: latest-hash
          valueFrom:
            podTemplateHashValue: Latest

        # valueFrom.fieldRef allows metadata about the rollout to be
        # supplied as arguments to analysis.
        - name: region
          valueFrom:
            fieldRef:
              fieldPath: metadata.labels['region']

      # Canary更新期间要执行的步骤,可选;
      steps:

      # 设定Canary版本ReplicSet激活的Pod比例,以及调度至Canary版本的流量比例;
      - setWeight: 20

      # 暂停step. Supported units: s, m, h
      - pause:
          duration: 1h

      # Pauses indefinitely until manually resumed
      - pause: {}

      # 设定Canary扩容期间Pod扩增与流量扩增的对应关系
      # (supported only with trafficRouting)
      - setCanaryScale:
          replicas: 3       # 明确设定Canary RS的规模为该处指定的Pod数量,但不改变先前设定的流量比例;

      # 设定Canary扩容期间Pod扩增与流量扩增的对应关系
      # (supported only with trafficRouting)
      - setCanaryScale:
          weight: 25        # 明确设定Canary RS的规模为该处指定的比例,但不改变先前设定的流量比例;

      # 设定Canary扩容期间Pod扩增与流量扩增的对应关系
      - setCanaryScale:
          matchTrafficWeight: true  # 设定Canary的Pod规模与调度至这些Pod的流量同比例滚动;

      # Sets header based route with specified header values
      # Setting header based route will send all traffic to the canary for the requests 
      # with a specified header, in this case request header "version":"2"
      # (supported only with trafficRouting, for Istio only at the moment)
      - setHeaderRoute:
          # Name of the route that will be created by argo rollouts this must also be configured
          # in spec.strategy.canary.trafficRouting.managedRoutes
          name: "header-route-1"
          # The matching rules for the header route, if this is missing it acts as a removal of the route.
          match:
              # headerName The name of the header to apply the match rules to.
            - headerName: "version"
              # headerValue must contain exactly one field of exact, regex, or prefix. Not all traffic routers support 
              # all types
              headerValue:
                # Exact will only match if the header value is exactly the same
                exact: "2"
                # Will match the rule if the regular expression matches
                regex: "2.0.(.*)"
                # prefix will be a prefix match of the header value
                prefix: "2.0"

        # Sets up a mirror/shadow based route with the specified match rules
        # The traffic will be mirrored at the configured percentage to the canary service
        # during the rollout
        # (supported only with trafficRouting, for Istio only at the moment)
      - setMirrorRoute:
          # Name of the route that will be created by argo rollouts this must also be configured
          # in spec.strategy.canary.trafficRouting.managedRoutes
          name: "header-route-1"
          # The percentage of the matched traffic to mirror to the canary
          percentage: 100
          # The matching rules for the header route, if this is missing it acts as a removal of the route.
          # All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics.
          # Each type within a match (method, path, headers) must have one and only one match type (exact, regex, prefix)
          # Not all match types (exact, regex, prefix) will be supported by all traffic routers.
          match:
            - method: # What HTTP method to match
                exact: "GET"
                regex: "P.*"
                prefix: "POST"
              path: # What HTTP url paths to match.
                exact: "/test"
                regex: "/test/.*"
                prefix: "/"
              headers:
                agent-1b: # What HTTP header name to use in the match.
                  exact: "firefox"
                  regex: "firefox2(.*)"
                  prefix: "firefox"

      # 内联定义或调用的analysis step
      - analysis:
          templates:
          - templateName: success-rate

      # 内联定义或调用的experiment step;
      - experiment:
          duration: 1h
          templates:
          - name: baseline
            specRef: stable
            # optional, creates a service for the experiment if set
            service:
              # optional, service: {} is also acceptable if name is not included
              name: test-service
          - name: canary
            specRef: canary
            # optional, set the weight of traffic routed to this version
            weight: 10
          analyses:
          - name : mann-whitney
            templateName: mann-whitney
            # Metadata which will be attached to the AnalysisRun.
            analysisRunMetadata:
              labels:
                app.service.io/analysisType: smoke-test
              annotations:
                link.argocd.argoproj.io/external-link: http://my-loggin-platform.com/pre-generated-link

      # 定义Canary Pod与旧ReplicaSet Pod之间的反亲和关系;
      antiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution: {}
        preferredDuringSchedulingIgnoredDuringExecution:
          weight: 1 # Between 1 - 100

      # 设定Ingress Controller或ServiceMesh如何动态调整配置以完成精细化地流量分割和流量迁移;
      trafficRouting:
        # This is a list of routes that Argo Rollouts has the rights to manage it is currently only required for
        # setMirrorRoute and setHeaderRoute. The order of managedRoutes array also sets the precedence of the route
        # in the traffic router. Argo Rollouts will place these routes in the order specified above any routes already
        # defined in the used traffic router if something exists. The names here must match the names from the 
        # setHeaderRoute and setMirrorRoute steps.
        managedRoutes:
          - name: set-header
          - name: mirror-route
        # 与Istio协同完成流量迁移
        istio:
          # Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源
          virtualService: 
            name: rollout-vsvc  # VirtualService资源的名称
            routes:             # 指定的VirtualService资源上要动态调整的路由条目的名称列表,仅有一个路由时可省略该字段
            - primary # optional if there is a single route in VirtualService, required otherwise         
          virtualServices:      # Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源列表
          # One or more virtualServices can be configured
          - name: rollouts-vsvc1  # required
            routes:
              - primary # optional if there is a single route in VirtualService, required otherwise
          - name: rollouts-vsvc2  # required
            routes:
              - secondary # optional if there is a single route in VirtualService, required otherwise
          - name: rollout-vsvc   # required
            tcpRoutes:           # TCP 流量分割
              # Below fields are optional but if defined, they should match exactly with at least one of the TCP route match rules in your VirtualService
              - port: 3000 # Only required if you want to match any rule in your VirtualService which contains this port
          # Canary期间要自动动态调整其配置以完成流量迁移的DestinationRule资源
          destinationRule:
            name: rollout-destrule    # required,DestinationRule资源的名称
            canarySubsetName: canary  # required,DestinationRule中临时使用的Canary子集的名称
            stableSubsetName: stable  # required,DestinationRule中临时使用的Stable子集的名称

        # 与Ingress Nginx协同完成流量迁移
        nginx:
          # 要调整的Stable Ingress资源的名称
          stableIngress: primary-ingress
          stableIngresses:
            - primary-ingress
            - secondary-ingress
            - tertiary-ingress
          annotationPrefix: customingress.nginx.ingress.kubernetes.io # optional
          additionalIngressAnnotations:   # optional
            canary-by-header: X-Canary
            canary-by-header-value: iwantsit

        # ALB Ingress Controller routing configuration
        alb:
          ingress: ingress  # required
          servicePort: 443  # required
          annotationPrefix: custom.alb.ingress.kubernetes.io # optional

        # Service Mesh Interface routing configuration
        smi:
          rootService: root-svc # optional
          trafficSplitName: rollout-example-traffic-split # optional

      # 启用了trafficRouting时,因更新中止 而收缩Canary版本Pod数量之前的延迟时长,默认为30s;
      abortScaleDownDelaySeconds: 30

Argo Rollouts Canary 示例

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: rollouts-nginx-with-analysis
  namespace: argo-demo
spec:
  replicas: 10 
  strategy:
    canary:
      trafficRouting:
        istio:
          virtualService: 
            name: nginx-rollout-vsvc
            routes:
            - primary
          destinationRule:
            name: nginx-rollout-destrule
            canarySubsetName: canary
            stableSubsetName: stable
      analysis:
        templates:
        - templateName: success-rate
        args:
        - name: service-name
          # change this value to your service name
          value: nginx.argo-demo.svc.wgs.local
        startingStep: 2
      steps:
      - setWeight: 5
      - pause: {duration: 1m}
      - setWeight: 10
      - pause: {duration: 1m}
      - setWeight: 30
      - pause: {duration: 1m}
      - setWeight: 60
      - pause: {duration: 1m}
  revisionHistoryLimit: 5
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.24-alpine
        ports:
        - name: http
          containerPort: 80
          protocol: TCP
        resources:
          requests:
            memory: 32Mi
            cpu: 50m
        livenessProbe:
          httpGet:
            path: '/'
            port: 80
            scheme: HTTP
        readinessProbe:
          httpGet:
            path: '/'
            port: 80
            scheme: HTTP
          initialDelaySeconds: 5

参考文档

https://argoproj.github.io/argo-rollouts/features/canary/

标签:name,Rollouts,route,canary,Canary,Argo,Pod,match
From: https://www.cnblogs.com/wangguishe/p/17899698.html

相关文章

  • Argo Rollouts BlueGreen 配置
    ArgoRolloutsBlueGreen更新过程1.从稳定状态开始,activeService和PreviewService都指向revision1的ReplicaSet。2.用户通过修改Pod模板(spec.template.spec)来发起更新。3.创建的ReplicaSet的revision2的大小为0。4.PreviewService被修改为指向revision2的Re......
  • Argo Rollouts 基础
    ArgoRollouts概述ArgoRollouts是一个Kubernetes控制器和一组CRD,为Kubernetes提供高级部署功能,例如蓝绿、金丝雀、金丝雀分析、experimentation和渐进式交付功能。ArgoRollouts(可选)与IngressController和服务网格集成,利用其流量治理功能在更新期间逐渐将流量转移到新......
  • ArgoCD ApplicationSet CRD
    ApplicationSet概述ApplicationSetcontroller是一个Kubernetescontroller,添加了对ApplicationSetCustomResourceDefinition(CRD)的支持。该controller/CRD实现了跨大量集群和monorepos内管理ArgoCDApplication的自动化和更大的灵活性,此外,它还使多租户Kubernetes......
  • ArgoCD AppProject CRD
    Project概述Projects负责为Application提供逻辑分组,它主要实现如下功能:1.限制可以部署的内容(指定受信任的GitSource仓库)2.限制Application可以部署到的目标位置(指定目标Cluster和Namespace)3.限制能够及不能够部署的对象类型,例如RBAC、CRD、DeamonSets、NetworkPolicy等4......
  • ArgoCD Application CRD
    Application示例apiVersion:argoproj.io/v1alpha1kind:Applicationmetadata:name:guestbook#You'llusuallywanttoaddyourresourcestotheargocdnamespace.namespace:argocd#AddthisfinalizerONLYifyouwantthesetocascadedelete.......
  • ArgoCD 同步配置
    自动同步策略当ArgoCD检测到Git中所需的清单与集群中的实时状态之间的差异时,它能够自动同步应用程序。自动同步的好处是CI/CD管道不再需要直接访问ArgoCDAPI服务器来执行部署。相反,管道会提交并推送到Git存储库,并对跟踪Git存储库中的清单进行更改。PruneResour......
  • Argo CD 基础
    Argoproj概述用于Kubernetes运行工作流程、管理集群和正确执行GitOps的开源工具。Argoproj组成ArgoWorkflows基于Kubernetes平台的原生工作流引擎,支持DAG和step-based工作流。ArgoEventsKubernetes上的基于事件的依赖管理器,用于触发Kubernetes中的Argo工作流和其他......
  • 部署 Argo Rollouts v1.6.3
    创建nsargo-rollouts#kubectlcreatenamespaceargo-rolloutsnamespace/argo-rolloutscreated安装 argo-rollouts#kubectlapply-nargo-rollouts-fhttps://github.com/argoproj/argo-rollouts/releases/latest/download/install.yamlcustomresourcedefinition.api......
  • Kubernetes声明性GitOps持续交付工具-Argo CD
    GitOps持续交付工具-ArgoCD1.ArgoCD简介Argo目前已被CNCF基金会收录,成为毕业项目。Argo站点地址:https://argoproj.github.io/,其中ArgoCD是Argo项目中的一个分支。argoCD文档帮助:https://argo-cd.readthedocs.io/en/stable/ArgoCD是用于Kubernetes的声明性GitOps持续交......
  • argon主题优化
    字体设置字体可以在字体天下、100font等网站里免费下载。通过转换网站获得woff2格式文件。你可以上传到网站根目录或者某个CDN里,然后添加下列额外CSS(具体方法见下):/*设置网站字体*//*原则上你可以设置多个字体,然后在不同的部位使用不同的字体*/@font-face{font-family:btf......