Note: this repository is hosting the demo that was previously located at algolia/examples
The same sample project but enhanced
- The simplest dockerfile of the world
- A simple multiarch Makefile
- A simple ArgoCD & Rollout deployment to ensure graceful handling of failures
- A k3d cluster with
- Traefik Ingress
- ArgoCD & Argo rollout for deployment and release
You need to have installed :
-
Docker from docker ( you need buildx if you want to build image )
-
Install Kubectl
On linux
sudo curl -sSL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo chmod +x /usr/local/bin/kubectlOn Mac
brew install kubectl- Install Argo rollout Kubectl plugin
On Linux
sudo curl -sSL -o /usr/local/bin/kubectl-argo-rollouts https://github.com/argoproj/argo-rollouts/releases/latest/download/kubectl-argo-rollouts-linux-amd64
sudo chmod +x /usr/local/bin/kubectl-argo-rollouts On Mac
brew install argoproj/tap/kubectl-argo-rollouts- Install ArgoCD cli
On Linux
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocdOn Mac
brew install argocd- Add entry for demo purpose to your
/etc/hosts
echo "127.0.0.1 search.algolia.hire.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 cd.algolia.hire.com" | sudo tee -a /etc/hosts-
Shoot your MDM if you have one ( or be kind with him ) because it could be a problem with port binding, among other things.
- If you can't or if you have a problem with it please run into a VM with multipass for example or contact me for providing it
-
If you use Docker Desktop be sure that you disable kubernetes and restart it
git clone git clone [email protected]:mdecalf/instant-search-demo-enhanced.git
cd instant-search-demo-enhancedexport IMAGE=<YOUR_IMAGE_NAME>
export TAG=<DESIRED_TAG>
# Make sure you have done a docker login
export DOCKER_REPO=<YOUR_DOCKER_REPO>
make imageOn Linux
sudo curl -sSL -o /usr/local/bin/k3d https://github.com/rancher/k3d/releases/download/v5.3.0/k3d-linux-amd64On Mac M1
sudo curl -sSL -o /usr/local/bin/k3d https://github.com/rancher/k3d/releases/download/v5.3.0/k3d-darwin-arm64On Mac Linux
sudo curl -sSL -o /usr/local/bin/k3d https://github.com/rancher/k3d/releases/download/v5.3.0/k3d-darwin-amd64k3d cluster create algolia --agents 2 --servers 1 --api-port 6443 -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --image rancher/k3s:v1.21.9-k3s1kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Terrible hack for avoid ssl passthrough problem, sorry
cat <<EOF | kubectl -n argocd patch deployment argocd-server --patch '
{
"spec": {
"template": {
"spec": {
"containers": [
{
"name": "argocd-server",
"command": [
"argocd-server",
"--repo-server",
"argocd-repo-server:8081",
"--insecure"
]
}
]
}
}
}
}'
EOF
cat <<EOF | kubectl -n argocd apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-http-ingress
namespace: argocd
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- host: cd.algolia.hire.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
tls:
- hosts:
- cd.algolia.hire.com
secretName: argocd-secret
EOFWait for container creating
You can access to the UI through cd.algolia.hire.com
Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echoYou can connect through the UI with user admin and the password above ( maybe you need refresh page at login )
Connect with argocd cli
# use password provided below
argocd login --insecure --grpc-web cd.algolia.hire.com:8443 --username adminFor the purpose of this demo one image with two tags green and blue were pushed on dockerhub acronys/instant-search-demo-enhanced
kubectl create ns algolia-search
argocd app create search-app-rollout \
--repo https://github.com/mdecalf/instant-search-demo-enhanced.git \
--path deployments \
--dest-namespace algolia-search \
--dest-server https://kubernetes.default.svc \
--revision blue
argocd app sync search-app-rolloutAfter that, an argocd application is created and deployed on our namespace
You can see the rollout app with
# Verify that your application is deployed with argo rollout
kubectl argo rollouts -n algolia-search get rollout search-app-rollout --watchYou can access app through http://search.algolia.hire.com:8080 or https://search.algolia.hire.com:8443 on your browser
It's the blue version for the purpose of this demo
By design our application is replicated and load balanced so you can delete a pod it will be recreated
# Get the pods and choose one or more
kubectl -n algolia-search get po
# Delete a chosen pod
kubectl -n algolia-search delete po <YOUR_VICTIM>
# It will be re-created again and again
kubectl -n algolia-search get po
NAME READY STATUS RESTARTS AGE
search-app-rollout-6d459b5df6-8gn69 1/1 Running 1 11h
search-app-rollout-6d459b5df6-7wxx5 1/1 Running 1 11h
search-app-rollout-9c56c956f-x67lp 1/1 Running 1 11h
search-app-rollout-6d459b5df6-frvl6 1/1 Running 1 11h
search-app-rollout-6d459b5df6-r5cn8 0/1 ContainerCreating 0 2s
search-app-rollout-6d459b5df6-2r6c2 0/1 Terminating 0 15sNow we want to deploy a new revision of our app the green release. For the purpose of this demo we will use a command instead of real CD pipeline
argocd app patch search-app-rollout --patch '{"spec": { "source": { "targetRevision": "green" } }}' --type merge
argocd app sync search-app-rolloutGo to the Argocd UI or use argo rollout command
kubectl argo rollouts -n algolia-search get rollout search-app-rollout --watch
# OUTPUT
Name: search-app-rollout
Namespace: algolia-search
Status: ॥ Paused
Message: CanaryPauseStep
Strategy: Canary
Step: 1/8
SetWeight: 20
ActualWeight: 20
Images: acronys/instant-search-demo-enhanced:blue (stable)
acronys/instant-search-demo-enhanced:green (canary)
Replicas:
Desired: 5
Current: 5
Updated: 1
Ready: 5
Available: 5
NAME KIND STATUS AGE INFO
⟳ search-app-rollout Rollout ॥ Paused 38m
├──# revision:8
│ └──⧉ search-app-rollout-9c56c956f ReplicaSet ✔ Healthy 36m canary
│ └──□ search-app-rollout-9c56c956f-l48rq Pod ✔ Running 24s ready:1/1
└──# revision:7
└──⧉ search-app-rollout-6d459b5df6 ReplicaSet ✔ Healthy 38m stable
├──□ search-app-rollout-6d459b5df6-gwfrj Pod ✔ Running 95s ready:1/1
├──□ search-app-rollout-6d459b5df6-m8k6j Pod ✔ Running 67s ready:1/1
├──□ search-app-rollout-6d459b5df6-tms2q Pod ✔ Running 67s ready:1/1
└──□ search-app-rollout-6d459b5df6-vlbdb Pod ✔ Running 67s ready:1/1Now go on your browser on the app tab and do CTRL+F5 or ⌘ + Maj + R on mac ( important because I only change css color ...)
As you can see every 5 reload you got the green release. It corresponds at 20% of pods that is the first step of our rollout release
Are you happy with the green release ? If yes do
kubectl argo rollouts -n algolia-search promote search-app-rollout --fullAfter few seconds you will get 100% of call on the green release
Finally you prefer the blue release ?
If you haven't done full rollout command above you can do
kubectl argo rollouts -n algolia-search abort search-app-rolloutIf you done full rollout command you can specify an old revision like this
kubectl argo rollouts -n algolia-search undo search-app-rollout --to-revision=1Cause I'm nice, find below the uninstall command of our demo
k3d cluster delete algolia
sudo rm -rf /usr/local/bin/argocd
sudo rm -rf /usr/local/bin/kubectl
sudo rm -rf /usr/local/bin/kubectl-argo-rollouts
sudo rm -rf /usr/local/bin/k3dRemove entry in your /etc/hosts
- Use CI tools like gitlab CI or github action instead of Readme
- Use separate git repo for deployment with kustomize
- Use a real strategy for Canary release based on traffic management with Istio integration for example
- Use git commit/branch instead of patching ArgoCD project based on git release
- Add a real cert for ingress