• This repository has been archived on 24/Aug/2022
  • Stars
    star
    123
  • Rank 290,145 (Top 6 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Kubernetes Gated Deployments

Kubernetes Gated Deployments

Kubernetes Gated Deployments facilitates A/B tests on application deployments to perform automated regression testing and canary analysis.

Architecture

Kubernetes Gated Deployments extends the Kubernetes API to add a new type of object called GatedDeployments, that allows engineers to specify which deployments and decision plugins to include in the A/B test. It uses a controller in the Kubernetes control plane that is responsible for implementing this behavior by retrieving and analyzing metrics from the backend specified, decisioning the A/B test, and either rolling back or continuing the deployment.

How it works

Gated Deployment Path

  1. A GatedDeployment object is added to the cluster (see the section for Installing the controller)
  2. The controller fetches GatedDeployment objects using the Kubernetes API
  3. When the treatment deployment specified in the GatedDeployment object is deployed and eligible for an A/B test, i.e., it has more than zero replicas and a different pod spec than the control deployment, the controller will start the experiment
  4. The controller will poll the decision plugins and determine if the treatment deployment is causing harm to the metrics measured
  5. The controller will either roll back the treatment deployment (by setting the number of replicas to zero), or promote the treatment deployment by setting the control deployment's image to that of the treatment deployment, followed by scaling the treatment deployment down to zero replicas

Usage

Installing the controller

Using kubectl

To create the GatedDeployment controller on an existing Kubernetes cluster, run the following:

kubectl apply -f gated-deployments.yml

This creates all the necessary resources and deploys the controller in the kubernetes-gated-deployments namespace.

Using Helm

Alternatively, Helm can be used to install and manage the resources and controller. To install, run the following:

helm install helm/kubernetes-gated-deployments --name kubernetes-gated-deployments

See the Developing section for running locally during development.

Create control and treatment deployments

Create two identical deployments with different names (e.g., example-rest-service-control and example-rest-service-treatment). Initially, the number of replicas for the treatment deployment must be set to 0 and control deployment will be the only one taking production traffic.

Example deployment manifests are available here.

NOTE: The names of the deployments cannot be a prefix of the other. The gated deployment controller uses the deployment name as the host prefix (since pod names are of the form <deployment name>-<xxxxx> and if one deployment name is the prefix of the other, it will include data from all the pods. For example, using example-rest-service for control and example-rest-service-treatment for treatment will result in control including the data for treatment as well.

Configure the gated deployment

Create an example-rest-service-gated-deployment.yml file like below:

apiVersion: 'kubernetes-client.io/v1'
kind: GatedDeployment
metadata:
  name: example-rest-service
deploymentDescriptor:
  control:
    name: example-rest-service-control
  treatment:
    name: example-rest-service-treatment
  decisionPlugins:
    - name: newRelicPerformance
      accountId: 807783
      secretName: newrelic-secrets
      secretKey: example-rest-service
      appName: example-rest-service
      minSamples: 50
      maxTime: 600
      testPath: /shopper/products

Save the file and run:

kubectl apply -f example-rest-service-gated-deployment.yml

In the example above, the GatedDeployment object specifies that we want to gate our deployments on the performance of the /shopper/products path, between the example-rest-service-control deployment and example-rest-service-treatment deployment (the latter of which we deploy new changes to). In this case, we specify that we want the controller to use the newRelicPerformance decision plugin to analyze performance data, which will be retrieved from New Relic (which our application is instrumented with).

For this plugin, you will also need to create a secret containing the NewRelic API key; an example is shown below. In this case, newRelic.secretName is set to newrelic-secrets, and newRelic.secretKey is set to example-rest-service. This means that the controller will look in its deployed namespace for a secret called newrelic-secrets, and look in the secret data for the value corresponding to the key example-rest-service.

apiVersion: v1
kind: Secret
metadata:
  name: newrelic-secrets
type: Opaque
data:
  example-rest-service: aW5zaWdodHNBcGlLZXk=

Within the deploymentDescriptor section of the GatedDeployment object, these are the possible options to customize. All options are required unless explicitly specified as optional.

Property Description
control Section describing the control deployment.
control.name Name of the control deployment.
treatment Section describing the treatment deployment. This should be the one normally deployed, e.g. as part of your CICD pipeline.
treatment.name Name of the treatment deployment.
decisionPlugins Section containing the list of decision plugin config objects. See Plugin configurations below for details on specific plugins.

Plugin configurations

Each type of plugin will require its own configuration. The following parameters are common to all plugins:

Property Description
name The plugin name. This allows the plugin factory to find the correct plugin class.
maxTime (optional) The maximum amount of time the experiment will run, at which point the A/B test will stop and automatically roll out the treatment deployment to the control deployment. When not specified, this defaults to 600 seconds (10 minutes)

Plugins are designed to return one of three values:

  • WAIT: if the analysis cannot make a conclusion about the metric yet, e.g., it requires a minimum amount of time or if the result is not yet statistically significant
  • PASS: if the treatment version does no harm to the metric analyzed
  • FAIL: if the treatment does harm to the metric analyzed

New Relic performance plugin

Property Description
name Must be newRelicPerformance
accountId Account ID of the New Relic account integrated with your application.
secretName Name of the secret where your New Relic API keys can be found. This should be created in the namespace where kubernetes-gated-deployments is deployed.
secretKey Name of the key in the secret specified in secretName that contains the New Relic Insights API key, used to run NRQL to collect performance data.
appName Name of the New Relic application.
testPath Path that you want to measure performance of for both deployments.
minSamples The minimum number of samples required for each deployment before testing for significance.
zScoreThreshold (optional) The Z Score threshold for Mann-Whitney U test. Defaults to 1.96, which corresponds to a p-value of 0.05
harmThreshold (optional) Maximum allowable ratio of treatment to control U values from the Mann-Whitney U Test before treatment is marked as causing harm. This defaults to 1.5.

Contributing plugins

To contribute a new plugin, create a new plugins class in lib/plugins that is a subclass of Plugin. At minimum, you should implement the following methods:

  • build: this should create the plugin with any necessary setup
  • _poll: this is called periodically, and it should fetch and analyze metrics to return a DecisionResult

The following methods are implemented by default:

  • onExperimentStart: this is called when the experiment starts, and sets the experiment start time
  • onExperimentStop: this is called when an experiment ends, and clears the experiment start time
  • onExperimentPoll: this is called on every polling interval; it will check if the maximum experiment duration has been reached and return PASS if it has, or it will return the result from _poll.

Rolling out new versions

To roll out a new version, update the treatment deployment with the new image and set the number of replicas to a non zero value (depending on the percentage of traffic you want to send to the new version).

Once the treatment deploy is rolled out, the gated deployment controller will start a new experiment and start polling for decisions from the decision plugins. The experiment runs until either all plugins have returned PASS, or any single plugin returns FAIL, at which point the controller will set the gatedDeployStatus annotation on the treatment deployment to either noHarm or harm respectively.

An example command to get the value of the annotation

kubectl get deploy -o jsonpath='{.metadata.annotations.gatedDeployStatus}' example-rest-service-treatment

This value can be periodically polled to check if the new version is causing harm or not in the CI/CD pipeline of the application. If the deployment causes no harm, the controller automatically rolls it out the new version to the control deployment. The status of the rollout can be checked using the below command.

kubectl rollout status deploy/example-rest-service-control

Developing

See CONTRIBUTING.md for how to contribute to this project.

You can develop locally with Minikube.

On Linux, the kvm2 driver provides better performance than the default virtualbox driver, but either will work:

minikube start --vm-driver=kvm2

minikube start will configure your kubeconfig for your local Minikube cluster and set the current context to be for Minikube. With that configuration you can run the kubernetes-gated-deployment controller on your host operating system:

npm start

License

Kubernetes Gated Deployments is MIT licensed.

Authors

  • Steven Fu
  • Satish Ravi
  • Jacob Brooks
  • Silas Boyd-Wickizer

More Repositories

1

terminus

Graceful shutdown and Kubernetes readiness / liveness checks for any Node.js HTTP applications
JavaScript
1,831
star
2

kubernetes-client

Simplified Kubernetes API client for Node.js.
JavaScript
961
star
3

tartufo

Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Python
457
star
4

procfilter

A YARA-integrated process denial framework for Windows
C++
397
star
5

compose-color-picker

Jetpack Compose Android Color Picker 🎨
Kotlin
375
star
6

svgs

svgs is a compatiblity layer between svg and react-native-svg
JavaScript
191
star
7

eslint-plugin-i18n-json

Fully extendable eslint plugin for JSON i18n translation files.
JavaScript
177
star
8

node-cluster-service

Turn your single process code into a fault-resilient, multi-process service with built-in REST & CLI support. Restart or hot upgrade your web servers with zero downtime or impact to clients.
JavaScript
166
star
9

godaddy.github.io

Deprecated version of GoDaddy blog. See https://github.com/godaddy/engineering.
HTML
163
star
10

smart-private-npm

An intelligent routing proxy for npm with support for: private, whitelisted, and blacklisted packaged
JavaScript
139
star
11

ekke

Ekke is a test runner for React-Native, it allows you to execute your test code directly on the device enabling you to test in the same environment as your production users.
JavaScript
133
star
12

gasket

Framework Maker for JavaScript Applications
JavaScript
130
star
13

activerecord-delay_touching

Batch up your ActiveRecord "touch" operations for better performance. ActiveRecord::Base.delay_touching do ... end. When "end" is reached, all accumulated "touch" calls will be consolidated into as few database round trips as possible.
Ruby
111
star
14

engineering

Jekyll website and blog showcasing open source projects by GoDaddy employees
HTML
84
star
15

yara-rules

YARA rules for use with ProcFilter
83
star
16

aws-okta-processor

Okta credential processor for AWS CLI
Python
82
star
17

warehouse.ai

A storage and developer workflow engine for enforcing arbitrary checks on ontologies of npm packages.
JavaScript
82
star
18

javascript

The official GoDaddy JavaScript styleguide.
JavaScript
76
star
19

asherah

Asherah is a multi-language, cross-platform application encryption SDK
C#
75
star
20

wp-reseller-store

Resell hosting, domains, and more right from your WordPress site.
PHP
62
star
21

react-img-carousel

A flexible image carousel built with React.js
JavaScript
60
star
22

jiractl

A command-line tool for managing Jira
JavaScript
56
star
23

lighthouse4u

LH4U provides Google Lighthouse as a service, surfaced by both a friendly UI+API, and backed by various storage clients (S3, ElasticSearch, etc) for all your query and visualization needs
EJS
56
star
24

slay

Rock-solid structured application layout for building APIs and web apps in Node.js.
JavaScript
49
star
25

next-rum

RUM Component for Next.js
JavaScript
48
star
26

timings

NodeJS/Express API to assert performance results during functional testing
JavaScript
45
star
27

addhoc

Handy little helper to create proper React HOC functions complete with hoisted statics and forwarded refs
JavaScript
41
star
28

datastar

A robust and feature rich ODM for Cassandra.
JavaScript
40
star
29

openstack-logstash

Logstash and Kibana configs for OpenStack Havana
JavaScript
37
star
30

node-openstack-wrapper

An OpenStack client for Node.js
JavaScript
33
star
31

gdapi-php

A PHP client for Go Daddy® REST APIs
PHP
31
star
32

opa-lambda-extension-plugin

A plugin for running Open Policy Agent (OPA) in AWS Lambda as a Lambda Extension.
Go
28
star
33

reduxful

Manage request data in Redux state by generating actions, reducers, and selectors automatically.
JavaScript
27
star
34

lazy-social-buttons

A JavaScript plugin to place social buttons on a page on user interaction (mouseover) to spare the initial page load from the 300kb+ download requests for social APIs.
JavaScript
25
star
35

serverless-aws-servicecatalog

An AWS Service Catalog enabling plugin for the popular Serverless project
JavaScript
24
star
36

react-safe-src-doc-iframe

A component which applies guards to srcdoc iframes in order to provide a predictable and safe experience to the user. Complements the sandbox native iframe attribute.
JavaScript
23
star
37

react-markdown-github

React component that renders Markdown similarly to Github's formatting
JavaScript
22
star
38

node-flipr

Feature flipping and configuration using yaml files.
JavaScript
21
star
39

domain-search

React-based domain search widget used for designing and building custom GoDaddy reseller storefronts
JavaScript
21
star
40

pullie

A GitHub bot that makes your PRs better
JavaScript
20
star
41

asset-system

asset-system is a cross platform SVG based asset system for React and React-Native. This mono-repo is the home for all asset-* packages.
JavaScript
20
star
42

docker-machine-godaddy

A Docker Machine driver plugin for GoDaddy Cloud Servers.
Go
19
star
43

carpenterd

Build and compile npm packages to run in the browser.
JavaScript
19
star
44

node-priam

A simple Cassandra driver for NodeJS. It wraps node-cassandra-cql with additional error/retry handling, external .cql file support, and connection option resolution from an external source.
JavaScript
19
star
45

external

Fitting for load React components from an external BigPipe server.
JavaScript
18
star
46

kibana4-backup

JavaScript
17
star
47

django-snow

ServiceNow Ticket Management App for Django based projects
Python
16
star
48

node-redis-ha

Redis high-availability client library for node
JavaScript
15
star
49

sample-size

This python project is a helper package that uses power analysis to calculate required sample size for any experiment
Python
14
star
50

node-config-shield

Safe and easy way for storing and retrieving sensitive data
JavaScript
13
star
51

bucket-service

A service to tag your tests to enable/disable without a code change
JavaScript
10
star
52

breakdancer

A breakpoint tracking utility
JavaScript
10
star
53

centos7-upgrade-scripts

Ansible playbook and supporting scripts for upgrading OpenStack compute/hypervisor hosts from CentOS 6 to 7
Shell
10
star
54

openstack-traffic-shaping

Python
9
star
55

tartufo-action

Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Python
9
star
56

radpack

JavaScript
8
star
57

appetizer-bundle

Creates an uploadable bundle of your React-Native application so it can run on the appetize.io platform.
JavaScript
8
star
58

docker-node

Debian Docker images for Node.js with best practices in mind
Dockerfile
8
star
59

GDRouting

Objective-C
8
star
60

gdapi-python

A Python client for Go Daddy® REST APIs
Python
8
star
61

netmet

NetMet is networking tool that allows you to track and analyze network uptime of multi data centers installations
Python
7
star
62

godaddy-test-tools

gulp tools for testing node libraries with mocha and istanbul as well as linting using godaddy-style.
JavaScript
7
star
63

react-validation-context

Components for providing validation via React context.
JavaScript
7
star
64

openstack-ansible

Ansible playbooks for managing OpenStack infrastructure
7
star
65

out-of-band-cache

A generic cache for API clients with out-of-band refreshing
JavaScript
7
star
66

node-redirect-rules

JavaScript
7
star
67

exemplar

Deprecated: storybook rocket fuel to launch structured examples of React & React Native components
JavaScript
7
star
68

asherah-cobhan

Cobhan bindings for Asherah
Go
7
star
69

vault-cert-finder

Finds, parse and output X509 certificates stored in Hashicorp Vault
TypeScript
7
star
70

eslint-plugin-react-intl

Validation of locale ids used with react-intl functions/components like <FormattedMessage />, formatMessage and defineMessages.
JavaScript
7
star
71

gdapi-csharp

A C# client for Go Daddy® REST APIs
C#
6
star
72

tartufo-node

npm package shim for https://github.com/godaddy/tartufo
JavaScript
6
star
73

aws-liveness

AWS Liveness tools.
JavaScript
6
star
74

cobhan-go

Cobhan FFI is a system for enabling shared code to be written in Rust or Go and consumed from all major languages/platforms in a safe and effective way.
Go
6
star
75

cijtemplate

A template for continuous integration with Jenkins
Shell
6
star
76

lighthouse4u-lambda

Running Lighthouse4u in AWS Lambda
JavaScript
6
star
77

asherah-ruby

Application-layer encryption SDK
Ruby
6
star
78

node-http-cache

An extensible caching interface for HTTP traffic.
JavaScript
6
star
79

abstract-npm-registry

An test suite and interface for you can use to test various functional areas of an npm registry
JavaScript
6
star
80

asherah-python

Python
5
star
81

appetizer

A Node.js REST based API client for Appetize.io.
JavaScript
5
star
82

transform-url

Build URLs by transforming a template with params.
JavaScript
5
star
83

cobhan-python

Python wrapper library for the Cobhan FFI system
Python
5
star
84

node-connect-qos

Connect middleware that helps maintain a high quality of service during heavy traffic
TypeScript
5
star
85

timings-client-py

Python client for the timings API
Python
5
star
86

http-interception

Dumps requests and responses as newline delimited JSON that a browser performs when visiting a web page.
JavaScript
4
star
87

feedsme

Triggers appropriate rebuilds in the warehouse.ai system
JavaScript
4
star
88

mssql-pool-party

Extension of node mssql client providing failover, retry, stats, and more
JavaScript
4
star
89

cobhan-rust

Cobhan FFI is a system for enabling shared code to be written in Rust and consumed from all major languages/platforms in a safe and effective way.
Rust
4
star
90

short-css-vars

Optimize CSS variable names
JavaScript
4
star
91

spree_weight_based_shipping_calculator

Spree extension for weight-based shipping calculation
Ruby
4
star
92

joi-of-cql

Create cql type definitions from joi schema validations
JavaScript
4
star
93

hostwriter

API and CLI for querying and manipulating host files.
JavaScript
4
star
94

orglinter

A GitHub organization linting tool
JavaScript
3
star
95

gdapi-ui

An in-browser client for Go Daddy® REST APIs
JavaScript
3
star
96

carpenterd-worker

the worker process for carpenterd
JavaScript
3
star
97

node-gd-assets

CSS, JS, and Handlebars combiner, compressor, and server
JavaScript
3
star
98

node-http-cache-cassandra

A Cassandra provider for the extensible HTTP caching library http-cache.
JavaScript
3
star
99

cobhan-ruby

Ruby wrapper library for the Cobhan FFI system
Ruby
3
star
100

.github

Default community health files for GoDaddy Open Source
3
star