Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

Time:2022-8-3

Introduction:Kubernetes’ choice of publishing methods for five scenario applications, what scenarios each publishing mode is suitable for, and how to effectively implement Alibaba cloud.

Author: zhengyunlong, Alibaba cloud cloud efficiency technology expert

Kubernetes provides a very flexible application management and operation and maintenance method for general scenariosCloud effect ci/cd platformIn the daily communication with users, we are often asked by users about publishing, such as how different functional teams should cooperate, what the best practices of publishing should look like, and so on.

Today, let’s talk about the choice of application publishing methods under kubernetes, what scenarios each publishing mode is suitable for, and how to effectively implement cloud effects.

Kubernetes application

First, let’s take a look at how kubernetes manages applications in general. Kubernetes uses declarative APIs and provides a series of resources to meet various application operation and maintenance scenarios:

• from the perspective of applications, we will focus on application containers (POD), application configurations (configmap/secret), information that applications need to persist (volume), service discovery between applications, and how to expose application services to users outside the cluster (Ingress).

• from the perspective of cluster operation and maintenance, because applications run in the cluster, we need to control the permissions of applications in the cluster (serviceaccount/clusterrole/role) so that applications can run in the cluster with the principle of minimum required permissions. At the same time, operation and maintenance should manage and configure the storage resources (pv/pvc) of the cluster. At the same time, for the case of limited resources, we also need to manage and control the temporary use of resources and quotas of the application itself.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

In the actual scenario, due to the different frameworks used by the application (doublo/spring cloud), the service scenarios provided by the application are different (back-end or front-end), and different applications may only need to pay attention to a small part of the resources
For example, when you use an application development framework with service discovery, such as spring cloud or doublo, you may not care about the service discovery capabilities provided by kubernetes, but only need to deploy and manage these application instances through deployment. For example, if you use a separate configuration management center, configmap/secret may not appear in your kubernetes resource list.
For another example, if it is a user oriented front-end application, in addition to the deployment instance, you also need to relate how to expose this service to external users, which requires the corresponding progress and service resources to describe.

At the same time, the different position of a single application in the whole system will lead to different verification methods for the release. For example, for the release of a back-end micro service, we may only need to ensure that the release process system is not interrupted, while for the front-end application, we may hope that the release can be verified by a small number of users now, and then complete the whole version upgrade after the online traffic is fully tested.

As shown above, for applications, different technical architectures, different ways of providing services, and different requirements for publishing and verification methods will lead to various differences in the use of kubernetes. In order to support these differences, cloud effect provides a variety of publishing modes. Next, let’s take a look at these publishing modes commonly used in cloud effect and the scenarios they apply to.

Kubernetes release mode

Most native: yaml release

As the name suggests, this is the most direct application deployment method when we use kubernetes. In the continuous delivery pipeline, we generally use these yaml files used to describe kubernetes resources for unified version management through git, monitor the change events of the code base through the cloud ci/cd platform, and synchronize these yaml changes to the cluster through the pipeline. This approach is also known as gitops mode.

stayCloud effectIn addition to supporting the direct synchronization of yaml to kubernetes clusters, we also extend the basic template capabilities. You can define variable placeholders in yaml files, such as ${image}, build through docker image or Alibaba cloud image warehouse trigger through pipeline operation (help document:Alibaba cloud image warehouse trigger triggers pipeline), dynamically generate the image version to be published

As follows:

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

Yaml publishing supports any resource type, so it is suitable for the following scenarios:

1. The team fully understands and grasps the original release strategy of kubernetes and hopes to complete the upgrade, release and rollback of the application through yaml. Generally speaking, the application git library will contain the application source code, dockerfile and all yaml files required for the deployment of the application (in some cases, yaml may be managed by a separate git warehouse for fine-grained permission control).

2. Infrastructure operation and maintenance: the operation and maintenance team manages all infrastructure configurations of the cluster through git, and completes the unified management and configuration synchronization of the cluster through the assembly line

Please refer to:Cloud effect kubernetes yaml release

**Simplest: image upgrade
**

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

With someCloud effectIn the user communication scenario, there will also be users who want the development team to understand the relevant concepts of kubernetes as little as possible. In this case, the full-time operation and maintenance team is responsible for the deployment and initialization of the application environment. The development team is only responsible for code development, and completes the construction of application image through pipeline automation, and uses the image to upgrade the existing applications in the cluster. The development team only cares about the workload instance resources of the application.

As shown in the figure below, inCloud effect assembly lineIn, we monitor the changes of the application code base and build the corresponding docker image. In the release phase, we only need to specify the image generated by the instance in the cluster and associated with the previous task to complete the upgrade and release of the application:
Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

As mentioned above, this scenario applies to:

• separation of development and operation and maintenance: the operation and maintenance team fully understands kubernetes’ native release strategy. The development team is only responsible for producing code and application images, and the operation and maintenance team is responsible for the actual operation and maintenance management of applications in the cluster.

About how toCloud effectFor the image upgrade capability used in, please refer to:Cloud effect kubernetes image upgrade

Process controllable: release in batches

In the previous two summaries, we emphasize that users need to fully understand kubernetes’ native publishing strategy. Kubernetes’ native publishing strategy mainly refers to rollingupdate mode. Users can ensure the basic availability of services even if there are exceptions in application publishing by declaring upgrade strategies, such as maxsurge and maxunavailable to control the startup strategy of pod and the maximum number of unavailable pod.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

In addition, application startup often takes a certain amount of time. If kubernetes’ service discovery mechanism is used, we also need to configure liveness and readiness probes to avoid unplanned traffic entering the starting instance while the application is still starting. At the same time, the whole publishing process is irreversible. If we believe that there are exceptions in the current publishing, we can only make the application available by republishing.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

And inCloud effectIn the batch release of, we take service as the minimum release unit. At the beginning of the release, we will create the version V2 of the application based on the new version image, and according to the total number of copies of the current application and the number of batches, we will shrink and expand the application instances of the old and new versions respectively, so as to control the proportion of traffic actually entering the new version application, so as to realize small-scale release verification, After the release is fully verified, the old version application will be gradually and completely offline.

At the same time, pause and manual recovery are supported between batches, so that users can fully control the publishing process.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

This mode is applicable to users who adopt the native service discovery mechanism of kubernetes and want to obtain better process control and security than the native kubernetes.

For more detailed instructions, please refer to the help document:Cloud effect kubernetes released in batches

Controllable external flow: ingress gray release

Compared with batch release, gray release emphasizes more controllable and safe online verification. In kubernetes, gray-scale publishing can be roughly divided into two types due to different deployment modes. First, gray-scale publishing based on ingress, as shown below, we expose services in the cluster to external users through ingress:

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

During the release process, we hope that specific users or developers can verify the new version reference online through cookies or headers. After a small number of controllable online traffic verification, our release reliability is better. If unexpected problems occur, we can also roll back quickly, and the whole gray-scale verification process is completely imperceptible to non gray-scale users.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

stayCloud effect assembly lineIn the grey scale publishing of ingress, we take ingress as the publishing unit. When the deployment is triggered, the V2 version of service/deployment will be created based on the new version of the image according to the current ingress and its associated service/deployment resources. Through the annoation of nginx ingress, the traffic rules are declared, so as to ensure that only the traffic that meets the specific characteristics can enter the V2 version. When it is in the gray state, the pipeline will wait for manual verification to trigger the release or rollback operation.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

About how toCloud effect assembly lineFor grayscale publishing in, please refer to the help document:Cloud effect nginx ingress grayscale release

This mode is applicable to: using ingress to expose application services externally, and hoping to verify the release in a gray-scale way

Internal flow controllable: istio/asm gray scale release

In the micro service scenario, not all services need to be directly exposed to external users, as shown below:

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

When microservice architecture is adopted, most of our back-end services are only exposed to the cluster, and microservices access each other through kubernetes service. In this case, when gray-scale publishing mode is adopted, we need to carry out flow control at the service level to ensure that the specified traffic enters the gray-scale link without affecting normal users.

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

However, because kubernetes native does not support any traffic control rules at the service level, we need to deploy istio in the cluster or use Alibaba cloud servicemesh to control the traffic between services in a fine-grained manner.
Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

As shown in the following figure, when kubernetes blue-green publishing mode is used, gray-scale traffic rules can be set, so that only when the request contains the specified cookie configuration, the request is forwarded to the gray-scale version:

Alibaba cloud cloud efficiency technology expert: This article explains in detail how to choose five common publishing modes under kubernetes

This mode is applicable to kubernetes users who use istio or Alibaba cloud servicemesh, and want to be able to verify the release in a grayscale manner.

Please refer to:Cloud effect kubernetes gray release

Summary

In this article, we mainly introduce various publishing modes and relevant applicable scenarios in kubernetes, hoping to help users quickly find their own publishing mode. Of course, if you have more and better delivery practices, you can also share them in the message.

If you are interested in cloud effect assembly line, go toCloud effect assembly lineYou can use it for free.

Copyright notice:The content of this article is spontaneously contributed by Alibaba cloud real name registered users, and the copyright belongs to the original author. Alibaba cloud developer community does not own its copyright, nor does it bear corresponding legal responsibilities. Please refer to Alibaba cloud developer community user service agreement and Alibaba cloud developer community intellectual property protection guidelines for specific rules. If you find any suspected plagiarism content in this community, fill in the infringement complaint form to report it. Once verified, this community will immediately delete the suspected infringement content.