Blue-Green OKE Deployment

Create deployment pipeline using Blue-Green release strategy for Container Engine for Kubernetes (OKE)

Prerequisites

Before you create the pipeline, you need these things:

  • Have a DevOps project, Kubernetes cluster environment to deploy to, and artifacts. Artifacts can be defined inline or located in the Artifact Registry.
    Note

    DevOps deployment pipelines currently do not support deployment to OKE clusters with Helm.
  • As the OKE cluster doesn't have an ingress controller by default, an NGINX ingress controller has to be set up for the Blue-Green deployment strategy. An ingress controller is a Kubernetes application that routes traffic based on ingress specification. The NGINX ingress controller monitors ingress resources for load balancing. The traffic is shifted from staging to the production environment by updating the ingress resource. For more information, see Setting Up an Ingress Controller on a Cluster.
  • To define the blue and green deployment environments, you have to create two namespaces on the Kubernetes cluster. You must not specify namespaces in the Kubernetes manifests, as they are provided in the Console. For more information about namespaces, see the Kubernetes documentation.

Required IAM Policy

Each service in Oracle Cloud Infrastructure (OCI) integrates with Identity and Access Management (IAM) for authentication and authorization. To grant users permission to access the DevOps deployment pipelines and other resources, you have to create dynamic groups and IAM policies.

For creating dynamic groups and policies for deployment pipelines, see Deployment Pipeline Policies. For more details, see DevOps IAM Policies.

For accessing DevOps using the Oracle Cloud Console, REST API, and CLI, see Accessing DevOps.

Using the Console

  1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.
  2. Select a project, and click Create pipeline.
  3. Enter a name and optional description for the pipeline.
  4. For Pipeline type, select Create a deployment pipeline.
  5. Click Create pipeline.
  6. To add a stage to the pipeline, click the + icon and select Add stage.
  7. For stage type, select Blue/Green Strategy, and then click Next.
  8. Select OKE for deployment type.
  9. Enter a name and optional description for the stage.
  10. For Environment, select an existing cluster environment.
  11. Enter namespaces for Namespace A and Namespace B. For example, blue-env, green-env.

    The namespaces are used to define the blue and green deployment environments in the OKE cluster.

  12. Click Select Artifact, and then select one or more artifact resources from your DevOps project.

    The DevOps service performs a Kubernetes server-side apply of the Kubernetes manifest artifacts in the order that they appear in the Console. You can also remove artifacts to select another one or reorder the artifacts list. Removing an artifact in the pipeline stage does not delete the artifact resource from your project. For more information on Kubernetes server-side apply, see Server-Side Apply.

  13. Enter the NGINX ingress name. For example, ingress-nginx.

    This is the name of your application’s ingress resource. DevOps service modifies the annotation on this ingress resource to accomplish the deployment strategy.

  14. Click Next.
  15. You can opt to validate the deployment run or choose not to validate by selecting None.

    To validate the application, a custom function is added to the pipeline. Select Run a custom logic through a function. Enter the following values:

    1. Enter a name and optional description for the stage.
    2. For Environment, select an existing function to invoke.

      The read-only Function name field displays the function that is called in the pipeline.

    3. (Optional) To select and add artifacts to the stage, click Select Artifact.

      Select an existing artifact resource from your DevOps project. The artifact must be generic (universal) file type. Parameters in the artifact must be in JSON format and can have placeholders. You must select the "Yes, substitute placeholders" option when configuring the DevOps artifact resource to substitute the placeholders with the argument value during deployment. For more information, see Configuring Parameters.

      Here's an example of the generic artifact content to pass two user-defined parameters and their values:
      • Parameters: test_name, app_version
      • Values: {"test_name":"verify_production", "app_version":"${app_version}"}
    4. For Stage run mode, select to run asynchronously or synchronously.

      If you select Run asynchronously, the service invokes the function but does not wait for the function to complete. On selecting Run synchronously, the service invokes the function and waits for the function to complete.

    5. Select to disable or enable validation.

      If the validation is enabled, then the service verifies the return value of the function. The return value is a UTF-8 string literal, true or false. If the return value is true, then the stage is marked as Succeeded, otherwise the stage is marked as Failed.

      If the validation is disabled, then the service does not verify the return value.

      Validation occurs only if you have selected the option “Run synchronously” for stage run mode.

    6. (Optional) To add tags to the pipeline, click Show tagging options. Tagging is a metadata system that lets you organize and track the resources in your tenancy.

      You can select a tag namespace or a free-form tag is added. Enter corresponding tag key and tag value. You can add multiple tags.

  16. Select to disable or enable manual approval for the deployment.

    Approval is required if you are using a custom function to validate the deployment. If you select to enable approval, then enter the following values:

    1. Enter a name and optional description for the stage.
    2. Enter number of approvers.
    3. (Optional) To add tags to the pipeline, click Show tagging options. Tagging is a metadata system that lets you organize and track the resources in your tenancy.

      You can select a tag namespace or a free-form tag is added. Enter corresponding tag key and tag value. You can add multiple tags.

  17. To add the stage to the pipeline, click Add.
  18. A modal window opens displaying status of various stage configurations that are part of the OKE blue-green deployment strategy. They can include, blue-green OKE deployment, invoke function, approval, and traffic shift stages. If the validation is not successful, then you can check the error message specific to each failed stage and take corrective action.

    If the validation is successful, then you can run the deployment pipeline or add more stages sequentially or in parallel to the pipeline, as needed.

Using the CLI

To create a deployment pipeline, run the create command:

oci devops deploy-pipeline create --project-id

To create an OKE blue-green stage, run the create-deploy-oke-blue-green-stage command:

oci devops deploy-stage create-deploy-oke-blue-green-stage

Required parameters:

  • --blue-green-strategy
  • --kubernetes-manifest-artifact-ids
  • --oke-cluster-environment-id
  • --pipeline-id
  • --stage-predecessor-collection

To get help for this command:

oci devops deploy-stage create-oke-blue-green-stage -h

To create an invoke function stage, run the create-invoke-function-stage command:

oci devops deploy-stage create-invoke-function-stage

Required parameters:

  • --function-environment-id
  • --is-async
  • --is-validation-enabled
  • --pipeline-id
  • --stage-predecessor-collection

To get help for this command:

oci devops deploy-stage create-invoke-function-stage -h

To create a load balancer traffic shift stage, run the create-load-balancer-traffic-shift-stage command:

oci devops deploy-stage create-load-balancer-traffic-shift-stage

Required parameters:

  • --blue-backend-ips
  • --green-backend-ips
  • --load-balancer-config
  • --traffic-shift-target
  • --rollout-policy
  • --pipeline-id
  • --stage-predecessor-collection

To get help for this command:

oci devops deploy-stage create-load-balancer-traffic-shift-stage -h

To create a manual approval stage, run the create-manual-approval-stage command:

oci devops deploy-stage create-manual-approval-stage

Required parameters:

  • --approval-policy
  • --pipeline-id
  • --stage-predecessor-collection

To get help for this command:

oci devops deploy-stage create-manual-approval-stage -h

To get all the commands for deploy-pipeline and deploy-stage:

oci devops deploy-pipeline -h
oci devops deploy-stage -h

Using the API

To create a deployment pipeline, use the CreateDeployPipeline operation.

To create a stage, use the CreateDeployStage operation. Depending on what stages that you want to add to the pipeline, select the following values for stage type:

  • Container Engine for Kubernetes (OKE) blue-green deployment stage: OKE_BLUE_GREEN_DEPLOYMENT
  • OKE blue-green traffic shift stage: OKE_BLUE_GREEN_TRAFFIC_SHIFT
  • Invoke function stage: INVOKE_FUNCTION
  • Manual approval stage: MANUAL_APPROVAL