Argo Rollouts CRD
Argo Rollouts CRD
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: example-rollout-canary
spec:
# 运行的Pod实例数量,默认为1.
# Defaults to 1.
replicas: 5
analysis:
# 保留成功的数量
# Defaults to 5.
successfulRunHistoryLimit: 10
# 保留失败的数量
# Stages for unsuccessful: "Error", "Failed", "Inconclusive"
# Defaults to 5.
unsuccessfulRunHistoryLimit: 10
# 筛选Pod对象的标签选择器.
selector:
matchLabels:
app: guestbook
# WorkloadRef holds a references to a workload that provides Pod template
# (e.g. Deployment). If used, then do not use Rollout template property.
workloadRef:
apiVersion: apps/v1
kind: Deployment
name: rollout-ref-deployment
# 指定迁移到 Rollout 后是否缩减工作负载(Deployment)
# "never": Deployment 不会减少
# "onsuccess": 在 Rollout 变得健康后,Deployment会减少
# "progressively": 随着 Rollout 的增加,Deployment 也随之减少
# If the Rollout fails the Deployment will be scaled back up.
scaleDown: never|onsuccess|progressively
# Template describes the pods that will be created. Same as deployment.
# If used, then do not use Rollout workloadRef property.
template:
spec:
containers:
- name: guestbook
image: argoproj/rollouts-demo:blue
# 无容器crash的情况下,新建的Pod被视为可用的最短时长,默认为0,即立即转为Ready
minReadySeconds: 30
# 更新历史中保留的ReplicaSet Revision数量.
# Defaults to 10
revisionHistoryLimit: 3
# 是否置为暂停状态
paused: true
# 更新过程中,更新步骤的最大等待时长,默认为600秒;
# Defaults to 600s
progressDeadlineSeconds: 600
# 未使用analysis或experiment而progressDeadlineSeconds超时的情况下,是否中止更新过程,默认为false;
progressDeadlineAbort: false
# 重启Pod的时刻,其值为UTC时间戳格式;
restartAt: "2020-03-30T21:19:35Z"
# 回滚窗口
rollbackWindow:
revisions: 3
# 更新策略,支持canary和blueGreen两种;
strategy:
# Blue-green update strategy
blueGreen:
# 当前活动状态的服务,也是即将更新的服务
# Required.
activeService: active-service
# Promote操作之前要运行的Analysis,分析的结果决定了Rollout是进行流量切换,还是中止Rollout
prePromotionAnalysis:
templates:
- templateName: success-rate
args:
- name: service-name
value: guestbook-svc.default.svc.cluster.local
# Promote操作之后要运行的Analysis ,若分析运行失败或出错,则Rollout进入中止状态并将流量切换回之前的稳定ReplicaSet
postPromotionAnalysis:
templates:
- templateName: success-rate
args:
- name: service-name
value: guestbook-svc.default.svc.cluster.local
# 预览版的服务,也是要更新成的目标服务版本
previewService: preview-service
# preview版本RS应运行的Pod数,默认为100%
previewReplicaCount: 1
# 是否允许自动进行Promote,默认值为true.
autoPromotionEnabled: false
# 在指定的时长之后执行Promote
autoPromotionSeconds: 30
# 缩容前一个ReplicaSet规模的延迟时长,默认为30s;
scaleDownDelaySeconds: 30
# 在旧RS上启动缩容之前,可运行着的旧RS的数量;
# down. Defaults to nil
scaleDownDelayRevisionLimit: 2
# 启用了trafficRouting时,因更新中止 而收缩Canary版本Pod数量之前的延迟时长,默认为30s;
abortScaleDownDelaySeconds: 30
# 期望的ReplicaSet和之前的ReplicaSet之间的反亲和关系
antiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: {}
preferredDuringSchedulingIgnoredDuringExecution:
weight: 1 # Between 1 - 100
# 在当前活动的pod上添加元数据
activeMetadata:
labels:
role: active
# 更新期间添加到preview版本相关Pod上的元数据
previewMetadata:
labels:
role: preview
# Canary update strategy
canary:
# 由控制器用来匹配到Canary Pods上的Service,trafficRouting依赖于该字段;
canaryService: canary-service
# 由控制器用来匹配到Stable Pods上的Service, trafficRouting依赖于该字段;
stableService: stable-service
# 需要添加到Canary版本的Pod上的元数据,仅存于Canary更新期间,更新完成后即成为Stable;
canaryMetadata:
annotations:
role: canary
labels:
role: canary
# 需要添加到Stable版本的Pod上的元数据;
stableMetadata:
annotations:
role: stable
labels:
role: stable
# 更新期间最多允许处于不可用状态的Pod数量或百分比
maxUnavailable: 1
# maxSurge 定义了 rollout 可以创建的最大副本数,以移动到最后 setWeight 设置的正确比率。maxSurge可以是整数或字符串形式的百分比
maxSurge: "20%"
# 启用了trafficRouting时,缩容前一个ReplicaSet规模的延迟时长,默认为30s;
scaleDownDelaySeconds: 30
# The minimum number of pods that will be requested for each ReplicaSet
# when using traffic routed canary. This is to ensure high availability
# of each ReplicaSet. Defaults to 1. +optional
minPodsPerReplicaSet: 2
# 在旧RS上启动缩容之前,可运行着的旧RS的数量;
scaleDownDelayRevisionLimit: 2
# 在滚动更新期间于后台运行的analysis,可选;
analysis:
templates:
- templateName: success-rate
startingStep: 2 # 将后台分析运行延迟到步骤 3
args:
- name: service-name
value: guestbook-svc.default.svc.cluster.local
# valueFrom.podTemplateHashValue is a convenience to supply the
# rollouts-pod-template-hash value of either the Stable ReplicaSet
# or the Latest ReplicaSet
- name: stable-hash
valueFrom:
podTemplateHashValue: Stable
- name: latest-hash
valueFrom:
podTemplateHashValue: Latest
# valueFrom.fieldRef allows metadata about the rollout to be
# supplied as arguments to analysis.
- name: region
valueFrom:
fieldRef:
fieldPath: metadata.labels['region']
# Canary更新期间要执行的步骤,可选;
steps:
# 设定Canary版本ReplicSet激活的Pod比例,以及调度至Canary版本的流量比例;
- setWeight: 20
# 暂停step. Supported units: s, m, h
- pause:
duration: 1h
# Pauses indefinitely until manually resumed
- pause: {}
# 设定Canary扩容期间Pod扩增与流量扩增的对应关系
# (supported only with trafficRouting)
- setCanaryScale:
replicas: 3 # 明确设定Canary RS的规模为该处指定的Pod数量,但不改变先前设定的流量比例;
# 设定Canary扩容期间Pod扩增与流量扩增的对应关系
# (supported only with trafficRouting)
- setCanaryScale:
weight: 25 # 明确设定Canary RS的规模为该处指定的比例,但不改变先前设定的流量比例;
# 设定Canary扩容期间Pod扩增与流量扩增的对应关系
- setCanaryScale:
matchTrafficWeight: true # 设定Canary的Pod规模与调度至这些Pod的流量同比例滚动;
# 基于 Canary 标头值的流量路由。Istio
- setHeaderRoute:
# 标头路由的名称。
# in spec.strategy.canary.trafficRouting.managedRoutes
name: "header-route-1"
# 标头匹配规则是 headerName、headerValue 对的数组。
match:
# 要匹配的标头名称
- headerName: "version"
# headerValue must contain exactly one field of exact, regex, or prefix. Not all traffic routers support
# all types
headerValue:
# 精确值
exact: "2"
# 正则表达式格式
regex: "2.0.(.*)"
# 前缀匹配
prefix: "2.0"
# 流量镜像。Istio
- setMirrorRoute:
# 镜像路由的名称
# in spec.strategy.canary.trafficRouting.managedRoutes
name: "header-route-1"
# 要镜像的匹配流量的百分比是多少
percentage: 100
# 标头路由的匹配规则,如果缺少此规则,则相当于删除该路由。单个匹配块内的所有条件都具有 AND 语义,而匹配块列表具有 OR 语义。匹配中的每种类型(方法、路径、标头)必须有且只有一种匹配类型(精确、正则表达式、前缀) 并非所有流量路由器都支持所有匹配类型(精确、正则表达式、前缀)。
match:
- method: # What HTTP method to match
exact: "GET"
regex: "P.*"
prefix: "POST"
path: # What HTTP url paths to match.
exact: "/test"
regex: "/test/.*"
prefix: "/"
headers:
agent-1b: # What HTTP header name to use in the match.
exact: "firefox"
regex: "firefox2(.*)"
prefix: "firefox"
# 内联定义或调用的analysis step
- analysis:
templates:
- templateName: success-rate
# 内联定义或调用的experiment step;
- experiment:
duration: 1h
templates:
- name: baseline
specRef: stable
# optional, creates a service for the experiment if set
service:
# optional, service: {} is also acceptable if name is not included
name: test-service
- name: canary
specRef: canary
# optional, set the weight of traffic routed to this version
weight: 10
analyses:
- name : mann-whitney
templateName: mann-whitney
# Metadata which will be attached to the AnalysisRun.
analysisRunMetadata:
labels:
app.service.io/analysisType: smoke-test
annotations:
link.argocd.argoproj.io/external-link: http://my-loggin-platform.com/pre-generated-link
# 定义Canary Pod与旧ReplicaSet Pod之间的反亲和关系;
antiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: {}
preferredDuringSchedulingIgnoredDuringExecution:
weight: 1 # Between 1 - 100
# 设定Ingress Controller或ServiceMesh如何动态调整配置以完成精细化地流量分割和流量迁移;
trafficRouting:
# 流量路由管理
managedRoutes:
- name: set-header
- name: mirror-route
# 与Istio协同完成流量迁移
istio:
# Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源
virtualService:
name: rollout-vsvc # VirtualService资源的名称
routes: # 指定的VirtualService资源上要动态调整的路由条目的名称列表,仅有一个路由时可省略该字段
- primary # optional if there is a single route in VirtualService, required otherwise
virtualServices: # Canary期间要自动动态调整其配置以完成流量迁移的的VirtualService资源列表
# One or more virtualServices can be configured
- name: rollouts-vsvc1 # required
routes:
- primary # optional if there is a single route in VirtualService, required otherwise
- name: rollouts-vsvc2 # required
routes:
- secondary # optional if there is a single route in VirtualService, required otherwise
- name: rollout-vsvc # required
tcpRoutes: # TCP 流量分割
# Below fields are optional but if defined, they should match exactly with at least one of the TCP route match rules in your VirtualService
- port: 3000 # Only required if you want to match any rule in your VirtualService which contains this port
# Canary期间要自动动态调整其配置以完成流量迁移的DestinationRule资源
destinationRule:
name: rollout-destrule # required,DestinationRule资源的名称
canarySubsetName: canary # required,DestinationRule中临时使用的Canary子集的名称
stableSubsetName: stable # required,DestinationRule中临时使用的Stable子集的名称
# 与Ingress Nginx协同完成流量迁移
nginx:
# 要调整的Stable Ingress资源的名称
stableIngress: primary-ingress
stableIngresses:
- primary-ingress
- secondary-ingress
- tertiary-ingress
annotationPrefix: customingress.nginx.ingress.kubernetes.io # optional
additionalIngressAnnotations: # optional
canary-by-header: X-Canary
canary-by-header-value: iwantsit
# ALB Ingress Controller routing configuration
alb:
ingress: ingress # required
servicePort: 443 # required
annotationPrefix: custom.alb.ingress.kubernetes.io # optional
# Service Mesh Interface routing configuration
smi:
rootService: root-svc # optional
trafficSplitName: rollout-example-traffic-split # optional
# 启用了trafficRouting时,因更新中止 而收缩Canary版本Pod数量之前的延迟时长,默认为30s;
abortScaleDownDelaySeconds: 30
Argo Rollouts 示例
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: rollouts-nginx
spec:
replicas: 10
strategy:
canary:
steps:
- setWeight: 10
- pause: {}
- setWeight: 20
- pause: {duration: 20}
- setWeight: 30
- pause: {duration: 20}
- setWeight: 40
- pause: {duration: 20}
- setWeight: 60
- pause: {duration: 20}
- setWeight: 80
- pause: {duration: 20}
revisionHistoryLimit: 5
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.24-alpine
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
memory: 32Mi
cpu: 50m
livenessProbe:
httpGet:
path: '/'
port: 80
scheme: HTTP
initialDelaySeconds: 3
readinessProbe:
httpGet:
path: '/'
port: 80
scheme: HTTP
initialDelaySeconds: 5
参考文档
https://argoproj.github.io/argo-rollouts/features/specification/