Blue-Green OKE Deployment

Create deployment pipeline using Blue-Green release strategy for Kubernetes Engine (OKE)

Prerequisites

The prerequisites are as follows:

  • Have a deployment pipeline, Kubernetes cluster environment to deploy to, and artifacts. Artifacts can be defined inline or located in the Artifact Registry.
  • As the OKE cluster doesn't have an ingress controller by default, an NGINX ingress controller must be set up for the Blue-Green deployment strategy. The NGINX ingress name must be defined in the Kubernetes manifest. An ingress controller is a Kubernetes application that routes traffic based on ingress specification. The NGINX ingress controller monitors ingress resources for load balancing. The traffic is shifted from staging to the production environment by updating the ingress resource. For more information, see Setting Up an Ingress Controller on a Cluster.
  • To define the blue and green deployment environments, you must create two namespaces on the Kubernetes cluster. You must not specify namespaces in the Kubernetes manifests, as they're provided in the Console. For more information about namespaces, see the Kubernetes documentation.
Note

To scale down the inactive or standby namespace after the deployment, you must maintain at least one replica to avoid any issues.

For creating dynamic groups and policies for deployment pipelines, see Deployment Pipeline Policies. For more details, see DevOps IAM Policies.

For accessing DevOps using the Oracle Cloud Console, REST API, and CLI, see Accessing DevOps.

    1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.
    2. Select a project, and a deployment pipeline.
    3. To add a stage to the pipeline, click the + icon and select Add stage.
    4. For stage type, select Blue/Green Strategy, and then click Next.
    5. Select OKE for deployment type.
    6. Enter a name and description for the stage. Adding a description is optional.
    7. For Environment, select an existing cluster environment.
    8. Enter existing namespaces for Namespace A and Namespace B that is associated with the selected OKE environment. For example, blue-env, green-env.

      The namespaces are used to define the blue and green deployment environments in the OKE cluster.

    9. Click Select Artifact and select one or more artifact resources from your DevOps project.

      The DevOps service performs a Kubernetes server-side apply of the Kubernetes manifest artifacts in the order that they appear in the Console. You can also remove artifacts to select another one or reorder the artifacts list. Removing an artifact in the pipeline stage does not delete the artifact resource from your project. For more information on Kubernetes server-side apply, see Server-Side Apply.

    10. Enter the NGINX ingress name. For example, ingress-nginx.

      This is the name of your application's ingress resource. DevOps service modifies the annotation on this ingress resource to accomplish the deployment strategy. The NGINX ingress name must be defined in the Kubernetes manifest.

    11. Click Next.
    12. Validate the deployment run. To validate, a custom function is added to the pipeline. Select Run a custom logic through a function and enter the following values:
      1. Enter a name and description for the stage. Adding a description is optional.
      2. For Environment, select an existing function to invoke.

        The read-only Function name field displays the function that is called in the pipeline.

      3. (Optional) To select and add artifacts to the stage, click Select Artifact.

        Select an existing artifact resource from your DevOps project. The artifact must be a generic (universal) file type. Parameters in the artifact must be in JSON format and can have placeholders. While configuring the DevOps artifact resource, select Allow parameterization. Selecting this checkbox ensures that the placeholders are substituted with the argument value during the deployment. For more information, see Configuring Parameters.

        Here's an example of the generic artifact content to pass two user-defined parameters and their values:
        • Parameters: test_name, app_version
        • Values: {"test_name":"verify_production", "app_version":"${app_version}"}
      4. For Stage run mode, select to run asynchronously or synchronously.

        If you select Run asynchronously, the service invokes the function but does not wait for the function to complete. On selecting Run synchronously, the service invokes the function and waits for the function to complete.

      5. Select to disable or enable validation.

        If the validation is enabled, then the service verifies the return value of the function. The return value is a UTF-8 string literal, true or false. If the return value is true, then the stage is marked as Succeeded, otherwise the stage is marked as Failed.

        If the validation is disabled, then the service does not verify the return value.

        Validation occurs only if you have selected the option "Run synchronously" for stage run mode.

      6. (Optional) To add tags to the pipeline, click Show tagging options. Tagging is a metadata system that lets you organize and track the resources in your tenancy.

        You can select a tag namespace or a free-form tag is added. Enter corresponding tag key and tag value. You can add multiple tags.

      Note

      If you don't want to validate the deployment run, select None.
    13. You can enable or disable a manual approval for the deployment. If you want to enable an approval, enter the following values:
      1. Enter a name and description for the stage. Adding a description is optional.
      2. Enter the number of approvers.
      3. (Optional) To add tags to the pipeline, click Show tagging options. Tagging is a metadata system that lets you organize and track the resources in your tenancy.

        You can select a tag namespace or a free-form tag is added. Enter corresponding tag key and tag value. You can add multiple tags.

    14. To add the stage to the pipeline, click Add.

      A modal window opens displaying status of various stage configurations that are part of the OKE blue-green deployment strategy. They can include, blue-green OKE deployment, invoke function, approval, and traffic shift stages. If the validation is not successful, then you can check the error message specific to each failed stage and take corrective action.

      If the validation is successful, then you can run the deployment pipeline or add more stages sequentially or in parallel to the pipeline, as needed.

  • To create an OKE blue-green stage, run the create-deploy-oke-blue-green-stage command:

    oci devops deploy-stage create-deploy-oke-blue-green-stage

    Required parameters:

    • --blue-green-strategy
    • --kubernetes-manifest-artifact-ids
    • --oke-cluster-environment-id
    • --pipeline-id
    • --stage-predecessor-collection

    To get help for this command:

    oci devops deploy-stage create-oke-blue-green-stage -h

    To create an invoke function stage, run the create-invoke-function-stage command:

    oci devops deploy-stage create-invoke-function-stage

    Required parameters:

    • --function-environment-id
    • --is-async
    • --is-validation-enabled
    • --pipeline-id
    • --stage-predecessor-collection

    To get help for this command:

    oci devops deploy-stage create-invoke-function-stage -h

    To create a load balancer traffic shift stage, run the create-load-balancer-traffic-shift-stage command:

    oci devops deploy-stage create-load-balancer-traffic-shift-stage

    Required parameters:

    • --blue-backend-ips
    • --green-backend-ips
    • --load-balancer-config
    • --traffic-shift-target
    • --rollout-policy
    • --pipeline-id
    • --stage-predecessor-collection

    To get help for this command:

    oci devops deploy-stage create-load-balancer-traffic-shift-stage -h

    To create a manual approval stage, run the create-manual-approval-stage command:

    oci devops deploy-stage create-manual-approval-stage

    Required parameters:

    • --approval-policy
    • --pipeline-id
    • --stage-predecessor-collection

    To get help for this command:

    oci devops deploy-stage create-manual-approval-stage -h

    To get all the commands for deploy-stage:

    oci devops deploy-stage -h
  • To create a stage, use the CreateDeployStage operation. Depending on what stages that you want to add to the pipeline, select the following values for stage type:

    • Kubernetes Engine(OKE) blue-green deployment stage: OKE_BLUE_GREEN_DEPLOYMENT
    • OKE blue-green traffic shift stage: OKE_BLUE_GREEN_TRAFFIC_SHIFT
    • Invoke function stage: INVOKE_FUNCTION
    • Manual approval stage: MANUAL_APPROVAL