Sample illustration of OCI Devops deployment pipeline with BLUE-GREEN deployment strategies using Oracle Container Engine for Kubernetes (OKE).
- Create OCI Devops build pipeline.
- Build a sample python application.
- Push the artifact to OCI Container and OCI Artifact repo.
- Use OCI Deployment pipeline with BLUE/GREEN Deployment strategies.
- Validate deployment and manual role back.
- Create an OCI container registry . https://docs.oracle.com/en-us/iaas/Content/Registry/home.htm
- Create an OCI artifact registry . https://docs.oracle.com/en-us/iaas/Content/artifacts/home.htm
- Set policies & create a devops project - https://docs.oracle.com/en-us/iaas/Content/devops/using/home.htm.
-
Create devops artifacts. - https://docs.oracle.com/en-us/iaas/Content/devops/using/artifacts.htm
-
Create an artifact with type
Docker image
for build to push the artifact.Ensure use yourcontainer repo
url,with${BUILDRUN_HASH}
at the end of the URL.This is to make the docker image version as dynamic.
- Create an artifact as type
Kubernetes manifest
.Enusure to add yourartifact repo
path and version as${BUILDRUN_HASH}
.
-
You can clone this repo and push to an OCI Code repo .Or create github repo by using
import
option to this repo to your github profile.- Managing code repo for OCI Devops - https://docs.oracle.com/en-us/iaas/Content/devops/using/managing_coderepo.htm
-
Create an OCI devops build pipeline. https://docs.oracle.com/en-us/iaas/Content/devops/using/create_buildpipeline.htm
- Add a
manage build
stage to the build pipe line . https://docs.oracle.com/en-us/iaas/Content/devops/using/add_buildstage.htm
- Accordingly select the
code repo /connection type /repo name
.
If you are using a code repo other than OCI code repo
,ensure to set an external connection - https://docs.oracle.com/en-us/iaas/Content/devops/using/create_connection.htm
- Add an
Deliver artifact
stage to the build pipeline.
- Select the two
artifacts
created.
- Associate the build stage
output artifact
names .
- Snippet from build_spec.yaml. with output artifacts.
outputArtifacts:
- name: oke_app_base
type: DOCKER_IMAGE
# this location tag doesn't effect the tag used to deliver the container image
# to the Container Registry
location: oke_app_base:latest
- name: oke_deploy_manifest
type: BINARY
# this location tag doesn't effect the tag used to deliver the container image
# to the Container Registry
location: ${OCI_PRIMARY_SOURCE_DIR}/oci-oke-deployment.yaml
- Create a new OKE (With public endpoint and public or private workers) - https://docs.oracle.com/en-us/iaas/Content/ContEng/home.htm .You may reuse an existing one accordingly . Use
Access cluster
option to set your access toOKE
.
- Create a new devops environment as type
Kubernete Cluster
.-https://docs.oracle.com/en-us/iaas/Content/devops/using/create_oke_environment.htm
- Create a new devops deployment pipeline. - https://docs.oracle.com/en-us/iaas/Content/devops/using/deployment_pipelines.htm
- Add a stage as
Blue/Green Strategy
.
-
Select the
Deployment type
asOKE
and select theenvironment
created. -
Associate the the
oke environment
created.
- Select Namespace A as
ns-green
and Namespace B asns-blue
.(These are names for test ,you may use other names accordingly)
- Select the
Kubernetes Artifacts
.
- Fill the ingress name as
sample-oke-bg-app-ing
.Its the sample ingress name declared via deployment manifest.
- As its a demo keep the
Validation controls
asNone
or you may connect with a function to validate the deployment.
- Enable the
Approval controls
and add1
as the number of approvers.
- Click add to add the stages.
- Switch back to
Build pipeline
and add aTrigger Deployment
stage.Select the deployment pipeline and associate.Ensure tocheck
the Send build pipelines Parameters option.
- In order to run the blue green we should install
Nginx Ingress Controller
to ourOKE
cluster. - Launch
OCI Cloud shell
to enable the OKE access. - Follow the instruction via
Access Cluster
tab for the OKE cluster.
- Validate the kubernetes access using
kubectl get nodes
&kubectl config view
.
-
We will be following the procedure to install and setup
Ingress Controller
- https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupingresscontroller.htm -
Create a
clusterrolebinding
with userocid
.
kubectl create clusterrolebinding oke_cluster_role_<username> --clusterrole=cluster-admin --user=ocid1.user.oc1..xxx
- Install the Ingress controller,always use the latest version. - https://github.com/kubernetes/ingress-nginx#changelog
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml
- Create and save the file cloud-generic.yaml containing the following code to define the ingress-nginx ingress controller service as a load balancer service.
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
- Using the file you just saved, create the ingress-nginx ingress controller service by running the following command.
kubectl apply -f cloud-generic.yaml
- You may follow the procedure to create a TLS certificate for nginx.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
-
You may skip the sample application example in the procedure.
-
Validate the installation.
kubectl get svc -n ingress-nginx
- The EXTERNAL-IP for the ingress-nginx ingress controller service is shown as
pending
until the load balancer has been fully created in Oracle Cloud Infrastructure.Repeat the kubectl get svc command until an EXTERNAL-IP is shown for the ingress-nginx ingress controller service.
- Create two new namespaces for the deployment.
kubectl create ns ns-blue;kubectl create ns ns-green
- Go back to build pipeline and do click
Start manual run
.
- Wait untill all the
build stages
completed.
- Switch to the
deployment pipeline
and click on the deployment which is inprogress
.
- The pipeline will be pending for
Approval
stage. - Validate the first deployment at this stage.You should see a valid deployments at namespace
ns-green
.
for i in ns-green ns-blue ; do echo "-- NS:$i --";kubectl get po,ing -n $i; done
- Click on the
3 dots
and validate theControl:Approval
stage.
- Wait for all the steps to complete.
- Validate the deployment using the
Ingress Address
.
curl -k http://<Ingress Address>
- Edit the source code -
main.py
and change the version to0.1
and run the build pipeline again to test a new deployment scenario.
from typing import Optional
from fastapi import FastAPI
import os
app = FastAPI()
@app.get("/")
def read_root():
version="0.0"
namespace = os.getenv('POD_NAMESPACE', default = 'ns-red')
return {"Message": "with Love from OCI Devops ","Version":version,"Namespace":namespace}
- Go back to build pipeline and do click
Start manual run
.
- Wait untill all the
build stages
completed.
- Switch to the
deployment pipeline
and click on the deployment which is inprogress
.
- The pipeline will be pending for
Approval
stage. - Validate the first deployment at this stage.You should see a valid deployments at namespace
ns-blue
too.
for i in ns-green ns-blue ; do echo "-- NS:$i --";kubectl get po,ing -n $i; done
- Validate the deployment using the
Ingress Address
.
curl -k http://<Ingress Address>
Output :
{"Message":"with Love from OCI Devops ","Version":"0.1","Namespace":"ns-blue"}
-
You can continue other re-run from build pipeline and validate the switch between environment.
-
Let us now try a
Manul roleback
. -
Use the
3 dots
at the stageTraffic Shift
stage and selectManual Rollback
.
- Select a previously sucessful deployment.
- Close the
select deployment
page and clickRollback Stage
option.
- Wait for stage to complete .
- Validate the deployment using the
Ingress Address
.
curl -k http://<Ingress Address>
Output :
{"Message":"with Love from OCI Devops ","Version":"0.0","Namespace":"ns-green"}
Note : Re-Run of deployment pipeline with OKE Blue-Green stage is not supported for now.
- OCI Devops - https://docs.oracle.com/en-us/iaas/Content/devops/using/home.htm.
- OCI Reference architectures - https://docs.oracle.com/solutions/
- OCI Devops samples - https://github.com/oracle-devrel/oci-devops-examples
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
Copyright (c) 2022 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.
- Author : Rahul M R
- Colloboroators : NA
- Last release : March 2022