Blue-green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green. At any time, only one of the environments is live, with the live environment serving all production traffic. In this article, we are covering how we can achieve blue-green deployment in an automated way on Kubernetes Clusters running Dev and Prod environments respectively. The clusters are provisioned using AWS EKS. Refer to our previous blog for the steps to setup EKS Cluster.

Setup:

  • Kubernetes Clusters (i.e. Dev and Prod) running on AWS EKS
  • Cluster Version: 1.11
  • Docker Registry: AWS ECR
  • Application Language: Java
  • CI/CD Tool: Jenkins

Prerequisites:

  • Create an AWS ECR Repo for the Application. For example, java-app-ecr.
  • Provision an EC2 Server with Jenkins Installed on it.
  • Ensure yq and curl are installed on the server.
  • Install Docker and kubectl on the server.
  • Setup Apache Maven in Jenkins.
  • Jenkins → Global Tool Configuration → Add Maven Installation. The name is hardcoded in Jenkinsfile.

  • Kube config files for both the clusters i.e. Dev and Prod are kept inside .kube directory in Jenkins Home i.e. /var/lib/jenkins/.kube.
  • Execute the below command to get the Kube config file. Copy the contents of the ~/.kube/config and paste in a new file in Jenkins Home i.e. /var/lib/jenkins/.kube/dev-config. Repeat this step for both the clusters. For Prod config, the config file is available at /var/lib/jenkins/.kube/prod-config.

aws eks update-kubeconfig --name <CLUSTER_NAME> --region us-east-1

Workflow:

Create a Pipeline Job with the Jenkinsfile provided in our Github Repo. The Jenkins server had SSH access to the Github Repo. So we have provided SSH URL for the repo.

The pipeline takes user inputs for the following parameters:

  • GIT_BRANCH: Git Branch to use for the application source code.
  • ACCOUNT: AWS Account Number.
  • PROD_BLUE_SERVICE: If we already have a blue environment, specify the live blue service name in Prod cluster. Otherwise, leave blank.
  • ECR_REPO_NAME: Name of the existing AWS ECR Repo name where the built docker images will be pushed.

Once the above parameters are provided as user inputs, it will trigger the following jobs in a pipeline manner:

Clone: Clones the source code from Git Repo.

Build: Builds a packaged file using MVN commands.

Image: Prepares a docker image out of Dockerfile provided in Git repo and pushes the image to AWS ECR.

Deploy on Dev: The built image is deployed on the Dev K8s cluster using kubectl. It’s an in-place deployment where the existing deployment is updated with the docker image.

  • The yaml files for deployment and service are available in the repo. Once cloned to the Jenkins workspace, the variables in the yaml files are replaced with the actual values.
  • “kubectl apply” command is used to create the k8s resources i.e. deployment and service.

Prod: This step needs a manual intervention for proceeding to Prod environment. Two user inputs are required here:

  • DEPLOY_TO_PROD: Tick mark to deploy the built docker image to Prod Cluster.
  • PROD_BULE_DEPLOYMENT: Tick mark if it’s a fresh deployment on the prod cluster.

Deploy to Prod: If selected to proceed to prod, this step deploys the image on Prod cluster using “kubectl apply” command. It creates a green deployment and a temporary green LoadBalancer Service.

Validate: This step can contain multiple selenium test cases to validate application functionality. In our case, we have a sample java application for which we have provided a curl command on a specific path to test the application.

Patch Live Service and Delete Blue: Once validated successfully, this step patches the existing live blue service using “kubectl patch” command to point the live service to the latest deployment and delete the blue deployment as well as temporary green service.

Application:

The application will load on hitting the LoadBalancer Endpoint in the browser. Execute “kubectl get svc” to get the LoadBalancer endpoint. Basic Authentication is enabled on the frontend with default credentails admin/password.

Kubernetes manifests and other scripts are available in our Github Repo.

Hope you found it useful.

References:

from Powerupcloud Tech Blog – Medium