DEV Community

Mustafa ERBAY
Mustafa ERBAY

Posted on • Originally published at mustafaerbay.com.tr

Seamless Deployment: Blue/Green vs Canary Trade-off Analysis

#tutorials #deployment #devops #infrastructure

Introduction: The Importance of Seamlessness in Deployment

Deployment processes are a critical part of modern software development and operations. We need reliable deployment strategies to provide uninterrupted service to our users, ensure business continuity, and roll out new features quickly. So, which strategy is the best? In this post, I will delve into two of the most popular seamless deployment approaches: Blue/Green and Canary models. I'll explain which is more suitable for what scenario, their advantages, disadvantages, and real-world trade-offs, drawing from my own experiences.

Deployment processes are often overlooked but are as crucial as coding itself. Even a one-off deployment can directly impact the entire system's performance and user experience. Especially in enterprise applications or critical services, any disruption during deployment can lead to significant financial losses and damage to brand reputation. Therefore, choosing and implementing the right deployment strategies has become an engineering imperative.

Blue/Green Deploy: Switching Between Two Environments

Blue/Green deployment, as its name suggests, is based on the principle of using two identical, separate production environments. One environment (let's call it "Blue") is used for existing live traffic, while the other environment (let's call it "Green") is prepared for deploying and testing the new version. Once the new version is deployed to the Green environment and verified as stable, traffic is abruptly switched from the Blue environment to the Green environment. This redirection is typically done via a load balancer or a DNS change.

The biggest advantage of this approach is how incredibly fast rollback is. If an issue is encountered in the Green environment, traffic can be redirected back to the Blue environment within seconds. This minimizes or completely eliminates downtime for users. Furthermore, since the Green environment is completely isolated, there is no risk to live traffic during testing.

ℹ️ The Core Logic of Blue/Green Deploy

Blue/Green deployment aims to provide a seamless transition by using two parallel production environments. The current version runs in the 'Blue' environment, while the new version is deployed to the 'Green' environment. After testing is complete, traffic is rapidly shifted to 'Green'.

In this model, resource cost is another important factor. Since it requires two full production environments, costs can increase, especially in large-scale systems. However, these costs can be optimized with flexible scaling and resource management tools offered by most cloud providers. For example, the unused Green environment can be run at low capacity or shut down immediately after deployment and kept ready for reuse.

Example Scenario: We needed to deploy a new payment gateway integration on an e-commerce platform in the middle of the night. While our existing system (Blue) was running, we deployed the new integration to a separate server cluster we had prepared (Green). We performed all integration tests, security scans, and performance measurements in the Green environment. When everything was in order, at 02:00 AM, we redirected traffic to the Green environment in seconds using load balancer settings. Approximately 1 hour later, we recorded over 5,000 successful transactions with the new payment option. If there had been any issues, we could have switched traffic back to the Blue environment with a single click.

Canary Deploy: Gradual Transition to the New Version

Canary deployment takes its name from the canary birds in coal mines. Miners used to carry canaries with them to detect poisonous gases in the air. If the canary died, the miners understood the danger. In the software world, Canary deployment starts by introducing the new version to a small group of users. This small group is usually selected randomly or consists of users with specific characteristics.

If the new version runs stably for this small user group, the percentage of users is gradually increased. For example, it might be increased to 1%, then 5%, then 20%, and finally 100%. Throughout this process, system performance, error rates, and user feedback are closely monitored. If an issue is detected at any stage, the deployment is immediately stopped, and traffic is redirected back to the old version.

💡 Canary Deploy's Gradual Approach

Canary deployment first introduces the new version to a small percentage of users and gradually increases this ratio as it proves successful. This minimizes risks and ensures a controlled transition.

The biggest advantage of Canary deployment is its ability to manage risks in a much more granular way. If there is an error in the new version, it only affects a small user base. This prevents large-scale outages and maintains the overall stability of the system. Additionally, issues that were not previously noticed can be uncovered through testing with real user traffic.

The disadvantage of this method is that its management can be more complex. Advanced traffic routing mechanisms and detailed monitoring tools are needed to ensure a gradual transition. Also, in some cases, rollback might not be as fast as Blue/Green, as only a portion of the traffic might need to be redirected back to the old version.

Example Scenario: We added a new security protocol to a mobile banking application. Instead of rolling out this protocol to all users simultaneously, we first deployed it to 2% of Android users. We closely monitored the transaction times, app crash rates, and error logs for users in this group. Within the first 24 hours, we only saw 3 "session expired" errors, which was an acceptable rate. Then, we increased this ratio to 10%. After another day, seeing that it was still stable, we increased it to 50% and the next day to 100%. This way, if there had been an issue with the protocol, only a small minority would have been affected.

Trade-off Analysis: Blue/Green or Canary?

Both deployment strategies have their unique advantages and disadvantages. Determining which strategy is more suitable for you depends on your project's requirements, risk tolerance, and existing infrastructure.

Speed and Simplicity: If you need an urgent rollback and want to keep operational complexity to a minimum, Blue/Green deployment might be a better option. Traffic redirection is generally simpler, and rollback happens in seconds.

Risk Management and Feedback: If your priority is to minimize risks, test the new version in a controlled manner with real users, and gather detailed feedback, then Canary deployment would be more appropriate. This strategy is preferred especially for large and complex systems or critical updates.

⚠️ Which in Which Situation?

  • Blue/Green: Situations requiring fast rollback, simple transitions, scenarios where a test environment can be easily prepared.
  • Canary: Situations with low-risk tolerance, where new features need to be tested with real users, complex systems, continuous improvement philosophy.

Another important trade-off is cost. The Blue/Green strategy can be more costly initially because it requires two full production environments. Canary, on the other hand, might require fewer resources initially because it gradually routes traffic, but in the long run, it can increase the costs of complex traffic management and monitoring infrastructure.

Real-World Example: While working at a financial technology company, we were managing the deployment of a service that processed thousands of transactions daily. Even a single second of downtime in this service could lead to millions of dollars in losses. Therefore, we used the Canary strategy for every deployment. We first introduced the new version to 1% of users, then increased it to 5%, 10%, 25%, 50%, and finally 100%. Throughout this process, we monitored transaction success rates, latencies, and error rates at 15-minute intervals. Once, we noticed an unexpected performance degradation in the 10% segment. We immediately stopped the deployment and redirected traffic to the old version. The problem was caused by the new version running a specific query many more times than expected. If we had done a Blue/Green deployment and the issue had emerged not just for the 10% user group but across the entire system, the rollback might not have been as fast and risk-free.

Technical Implementation Details

Both Blue/Green and Canary deployment strategies can be implemented using various infrastructure tools and technologies. Container orchestration platforms like Kubernetes have built-in mechanisms to support these strategies.

Blue/Green with Kubernetes: In Kubernetes, Blue/Green deployment is typically achieved with two different Deployment objects and one Service object. The Service object directs traffic to the Deployment running the current version. A second Deployment is created for the new version, and once tested, the Service's selector is updated to point to the new Deployment. This update instantly redirects traffic to the new version.

# Service for the current version
apiVersion: v1
kind: Service
metadata:
  name: my-app-service
spec:
  selector:
    app: my-app # Label of the current version
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080

---

# Deployment for the new version (Green)
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app-green
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app-green # Label of the new version
  template:
    metadata:
      labels:
        app: my-app-green
    spec:
      containers:
      - name: my-app
        image: my-registry/my-app:v2.0.0 # New image
        ports:
        - containerPort: 8080
Enter fullscreen mode Exit fullscreen mode

When the new version is ready, you need to update the Service that routes traffic. This can be done manually or with an automation script.

Canary with Kubernetes: For Canary deployment in Kubernetes, it's common to use an Ingress controller (e.g., Nginx Ingress or Traefik) or a Service Mesh (e.g., Istio or Linkerd) in addition to the Service. These tools can split traffic between different Deployments at specific ratios. For example, the Ingress or Service Mesh can be configured to direct 90% of traffic to the current version (my-app-blue Deployment) and 10% to the new version (my-app-green Deployment).

ℹ️ Tools for Canary Deploy

To effectively implement Canary deployment, the following tools are often used:

  • Kubernetes Ingress Controllers: Nginx, Traefik, HAProxy.
  • Service Meshes: Istio, Linkerd, Consul Connect.
  • Cloud Provider Load Balancers: AWS ALB, Google Cloud Load Balancer.

Service Meshes offer more advanced features, especially concerning traffic management, monitoring, and splitting. For example, with Istio, you can define a VirtualService object to easily distribute traffic among different versions and dynamically adjust percentage weights.

# Example of Canary Deploy with Istio VirtualService
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-app-virtualservice
spec:
  hosts:
  - my-app.example.com
  http:
  - route:
    - destination:
        host: my-app
        subset: v1 # Current version (Blue)
      weight: 90
    - destination:
        host: my-app
        subset: v2 # New version (Green)
      weight: 10
Enter fullscreen mode Exit fullscreen mode

This configuration directs 90% of the my-app service's traffic to the v1 subset (current version) and 10% to the v2 subset (new version). You can update the weight values to increase the percentages.

Real-World Problems and Solutions

Neither deployment strategy is flawless, and each comes with its own set of challenges. Overcoming these challenges is critical for successful seamless deployment.

Environment Consistency: One of the biggest challenges in Blue/Green deployment is ensuring that both environments are exactly the same. Even database schema changes, configuration differences, or minor details in the underlying infrastructure can lead to problems. To prevent this, it's important to use Infrastructure as Code (IaC) to ensure both environments are consistently created. Tools like Terraform or CloudFormation can help with this.

Database Migrations: Database migrations require special attention in both Blue/Green and Canary deployments. If the new version requires a backward-incompatible database schema change, this increases complexity. Backward compatibility is vital to ensure both versions can operate with the same database schema during the deployment. Alternatively, database migration strategies like "expand and contract" can be used. In this strategy, a new backward-compatible schema is added first, then the new version is deployed, and finally, the old schema is removed.

🔥 Caution with Database Migrations!

Backward-incompatible database schema changes significantly complicate deployment processes. Always carefully plan and test your database migration strategies.

Monitoring and Alerting: In both strategies, comprehensive monitoring and alerting mechanisms are needed to track system health during and after deployment. Closely monitoring metrics such as error rates, transaction times, and resource utilization enables early detection of potential issues. For example, a rule can be defined during a Canary deployment to trigger an automatic alert and redirect traffic back to the old version if the new version's error rate exceeds 0.5%.

Rollback Strategies: A rollback process should always be planned. In Blue/Green, this is often as simple as switching traffic back to the old environment. In Canary, it might require redirecting all traffic to the old version. How long a rollback will take and what steps it involves should be predetermined. Once, while deploying a service with Canary, we encountered an unexpected situation. When we ran the rollback command, it took 5 minutes for traffic to revert to the old version. During this time, users were still interacting with the problematic version. After this experience, we automated and tested our rollback processes, ensuring that rollback initiated simultaneously with the initial traffic redirection.

Conclusion: Choosing the Right Strategy

Seamless deployment is one of the cornerstones of modern software development practices. Blue/Green and Canary deployment strategies offer powerful methods to achieve this goal. Blue/Green is ideal for those seeking speed and simplicity, especially in situations requiring fast rollback. Canary, on the other hand, is more suitable for those who want to minimize risks, introduce new features in a controlled manner, and gather real user feedback.

Whichever strategy you choose, it is critically important that your infrastructure is designed to support these strategies, comprehensive monitoring and alerting mechanisms are in place, and rollback processes are clearly defined and tested. In my experience, choosing and implementing the right strategy directly impacts the reliability and success of your deployment processes. Remember, the deployment process is not just a matter of technology but also part of the pursuit of operational excellence.

As I mentioned in my previous post on [CI/CD pipeline optimization], automating and optimizing deployment processes increases overall efficiency. By trying both of these strategies in your own projects, you can discover which one best suits your needs.

Top comments (0)