Sample illustration of OCI Devops deployment pipeline with Canary deployment strategies using Instance group
- Create OCI Devops build pipeline.
- Build a sample application.
- Push the artifact to OCI Artifact repo.
- Use OCI Deployment pipeline with CANARY Deployment strategies.
- Validate deployment and manual role back.
- Create an OCI artifact registry & associated policies. https://docs.oracle.com/en-us/iaas/Content/artifacts/home.htm
- Set policies & create a devops project - https://docs.oracle.com/en-us/iaas/Content/devops/using/home.htm.
- Devops policies - https://docs.oracle.com/en-us/iaas/Content/devops/using/getting_started.htm#prereq.
-
Create devops artifacts. - https://docs.oracle.com/en-us/iaas/Content/devops/using/artifacts.htm
-
Select the type as
Instance group deployment configuration
.
- Select
Artifact source
asArtifact Registry repository
and usingselect
option ,select the Artifact repo created.
- Use a custom location ,provide a name for artifact path and version as
${BUILDRUN_HASH}
-
You can clone this repo and push to an OCI Code repo .Or create github repo by using
import
option to this repo to your github profile.- Managing code repo for OCI Devops - https://docs.oracle.com/en-us/iaas/Content/devops/using/managing_coderepo.htm
-
Create an OCI devops build pipeline. https://docs.oracle.com/en-us/iaas/Content/devops/using/create_buildpipeline.htm
- Add a
manage build
stage to the build pipe line . https://docs.oracle.com/en-us/iaas/Content/devops/using/add_buildstage.htm
- Accordingly select the
code repo /connection type /repo name
for primary code repository andsave
.
If you are using a code repo other than OCI code repo
,ensure to set an external connection - https://docs.oracle.com/en-us/iaas/Content/devops/using/create_connection.htm
- Add an
Deliver artifacts
stage to the build pipeline.
- Select the
artifacts
created.
- Associate the build stage
output artifact
name andsave
.
- Snippet from build_spec.yaml. with output artifacts.
outputArtifacts:
- name: instace_deploy_manifest
type: BINARY
# this location tag doesn't effect the tag used to deliver the container image
# to the Container Registry
location: ${OCI_PRIMARY_SOURCE_DIR}/deploy_spec.yaml
-
For the demo purpose we will be creating two instances of
Oracle Linux
-
Follow the document and create instances and necessary policies - https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/launchinginstance.htm
-
We will be creating
2
production instances and1
canary instance. -
Use
Create instances
- Use the first instance name as
production-vm
use default placements.
- Use Oralce Linux 8 as image and use the default shape.
- Use a
virtual cloud network
and a public network ,Or you create one for demo usingCreate new options
.
-
Use
Assign public IPV4 address
option. -
Use an appropriate
SSH Keys
option ,you would need this to login (You may use an existing one or create a new one) -
Use the
advanced
>Oracle Cloud Agent
option and ensure thatCompute Instance Run Command
is enabled .
- In the same page under
Management
add an Inline cloud-init script and afree-form tag
as below
environment production
- Add Cloud init script is as below too ,
#cloud-config
users:
- default
- name: ocarun
sudo: ALL=(ALL) NOPASSWD:ALL
-
Proceed the same step with a different instance name as
production-vm-1
as our second production host. -
Once done Use
Create instances
again and create a new instance forcanary
.
-
Use the instance name as
canary-vm-1
and use default placements. -
Use Oralce Linux 8 as image and use the default shape.
-
Use a
virtual cloud network
and a public network ,Or you create one for demo usingCreate new options
. -
Use
Assign public IPV4 address
option.
-
Use an appropriate
SSH Keys
option ,you would need this to login (You may use an existing one or create a new one) -
Use the
advanced
>Oracle Cloud Agent
option and ensure thatCompute Instance Run Command
is enabled .
- In the same page under
Management
add an Inline cloud-init script and afree-form tag
as below
environment canary
- Cloud init script is as below ,
#cloud-config
users:
- default
- name: ocarun
sudo: ALL=(ALL) NOPASSWD:ALL
- Create two new devops environment as type
Instance Group
.- https://docs.oracle.com/en-us/iaas/Content/devops/using/create_instancegroup_environment.htm
- Create an environment for
Production
environment.
- Go to
next
tab and useQuery
option.
- Click on
Edit query
- Use the query as below .
freeformTags.key = 'environment' && freeformTags.value = 'production'
- Once it list all the
production servers
click onAdd instance query
-
Click
Create environment
and save the config. -
Create an environment for
canary
environment.
- Go to
next
tab and useQuery
option.
- Click on
Edit query
- Use the query as below .
freeformTags.key = 'environment' && freeformTags.value = 'canary'
- Once it list the server
green-webserver
click onAdd instance query
-
Click
Create environment
and save the config. -
Now let us create a new
Load Balancers
underNetworking
- Use
Load Balancer
wizard.
- Provide a name and use
Public
visibility and IP address asEphemeral IP
.
- Use default shapes and select the Virtual Cloud Network and Subnet same as that of the the instances created.
- Use
Next
and click onAdd Backends
- Select all the servers created .
- As this a test ,select the Health check policy as
http
and port as80
and go next.
- Configure a
http
listner.
- Keep the logs with
default
options andSubmit
- Wait untill the loadbalancer become active.
- We need to create an ingress rule to allow our application traffic .
- Do so ,use OCI
Virtual cloud networks(VCN)
service > Click on the VCN considered.
- Click on the
Subnet
name from Subnets menu.
- Select the security list - Click the Default one .Click on
Add ingress Rules
- Use
Source CIDR
as 0.0.0.0/0 andDestination Port Range
as 80 and add the rule.
- Create a new devops deployment pipeline.
- https://docs.oracle.com/en-us/iaas/Content/devops/using/deployment_pipelines.htm
- Ensure to set the correct policies ,dynamic groups to run commands on instances - https://docs.oracle.com/en-us/iaas/Content/devops/using/devops_iampolicies.htm#deploy_policies
- Add a stage as
Canary Strategy
.
-
Select the
Deployment type
asInstance Group
and select theenvironment
created. -
Associate the the
Canary environment
with the canary devops environment created.
- Select the
Instance group deployment configuration
usingAdd Artifact
option .
- Select the
Load balancer
created earlier from the list.
- Select the
Listener
- Use 80 as
Backend port
.
- USe
Instance rollour by percentage
and value as 50 (half of instances) and theDelay between batches(seconds)
as 5 and click onNext
.
- As its a demo keep the
Validation controls
asNone
or you may connect with a function to validate the deployment got toNext
.
- Set the % of traffic to be shifted to canary (a value between 0 to 25).For this demo let us keep 25 % and click on
Next
.
- Enable the
Approval controls
and add1
as the number of approvers and clickNext
.
- For
Production canary
stage ,associate it with the production environment and provide50
as rollout percentage and aDelay
of 5 seconds .
- Click add to add the stages.
- Switch back to
Build pipeline
and add aTrigger Deployment
stage.Select the deployment pipeline and associate.Ensure tocheck
the Send build pipelines Parameters option.
- The build pipeline should be as below .
- Go back to build pipeline and do click
Start manual run
.
- Wait untill all the
build stages
completed.
- Switch to the
deployment pipeline
and click on theDeployments
and deployment which is inprogress
.
- Click on it and view the progress.
- After a while pipeline will be pending for
Approval
stage.Click on the 3 dots and approve the stage .
- Wait for all the
Deployment stages
to finish.
- Launch the application using the public ip address via browser.
- Now to realize the
Canary effect
,do a re-run ,do amanual run
ofBuild pipeline
. - Wait for all the
Build stages to finish
- Follow the
Deployments
progress and wait untillTraffic Shift to Canary
is finished (just before the approval).
- Launch the application using the public ip address via browser. Since the canary % of shift is
25
,25 % of request now will be served viaCanary
environment.Along the previous output you will additionally see the canary deployed application view as well. (For a demo we are using an icon to differentiate).
-
Give the
Approval
and finish the deployment . -
You may do a application change via updating the file app_version.config to a different value and re - run the
build pipeline
.
app_version=0.0.1
-
Since we are not using a test loadbalancer , you may launch the canary vm IP via browser to test the changes during the
Traffic shift to Canary
stage completion and approve further for production deployment and once the end ofProduction Canary
stage ,the new version will be available via production loadbalancer. -
To do a rollback ,click on the 3 dots of Last stage of
Deployment pipeline
and useManual rollback
.
- Validate the current deployment values and references.
- Select a valid deployment from the list and initiate the rollback.
- Follow the progress and once done ,validate the application via production loadbalancer.
- You may encounter deployment failure incase the policies ,sudo enablement or compute agent status not running on instances etc ,refer the OCI official documentations given above for such cases . Since this is made for demo we have used limited number of instances and blank sudo previledge ,which is not advised for production usecases.
- OCI Devops - https://docs.oracle.com/en-us/iaas/Content/devops/using/home.htm.
- OCI Reference architectures - https://docs.oracle.com/solutions/
- OCI Devops samples - https://github.com/oracle-devrel/oci-devops-examples
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
Copyright (c) 2022 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.
- Author : Rahul M R
- Colloboroators : NA
- Last release : March 2022