基于Argo Rollouts在K8S上的应用发布实践

Argo Rollouts介绍

Argo Rollouts 是一个开源的 Kubernetes 控制器和一组自定义资源定义（CRD），旨在为 Kubernetes 提供高级的应用发布策略。它是 Argo 项目家族的一部分，专注于实现渐进式交付（Progressive Delivery），通过蓝绿部署（Blue-Green）、金丝雀部署（Canary）以及其他高级部署功能，帮助开发者以更安全、可控的方式在 Kubernetes 集群中发布应用。

Argo Rollouts原理

与原生deployment的区别

特性	Kubernetes Deployment	Argo Rollouts
目的	提供基础的滚动更新（RollingUpdate）和副本数维护	提供高级部署策略（蓝绿、金丝雀、渐进式交付等）
抽象层级	直接管理 ReplicaSet（RS）的生命周期	也管理 ReplicaSet，但引入更复杂的流量控制和分析逻辑
更新策略	仅支持 RollingUpdate 或 Recreate	支持 BlueGreen、Canary 及自定义步骤
流量管理	依赖 Service 的标签选择器（一刀切切换）	集成 Ingress/Gateway 控制器（如 Nginx, Istio）实现流量按比例分配
自动决策	无	支持基于 Prometheus/Kayenta 等指标的自动渐进或回滚
ReplicaSet 管理方式	线性替换（新 RS 扩，旧 RS 缩）	多 RS 共存 + 精细化流量控制
版本历史	保留旧 RS（用于回滚）	保留策略更灵活，可关联分析运行记录
适用场景	简单应用发布	要求零停机、低风险发布的复杂生产环境

实现原理

Rollouts 蓝绿发布

示意图

示例代码

yaml 复制代码

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: rollout-bluegreen
spec:
  replicas: 2
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: rollout-bluegreen
  template:
    metadata:
      labels:
        app: rollout-bluegreen
    spec:
      containers:
      - name: rollouts-demo
        image: argoproj/rollouts-demo:blue
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
  strategy:
    blueGreen: 
      activeService: rollout-bluegreen-active
      previewService: rollout-bluegreen-preview
      autoPromotionEnabled: false
---
apiVersion: v1
kind: Service
metadata:
  name: rollout-bluegreen-active
  labels:
    app: rollout-bluegreen
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app: rollout-bluegreen
---
apiVersion: v1
kind: Service
metadata:
  name: rollout-bluegreen-preview
  labels:
    app: rollout-bluegreen
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app: rollout-bluegreen

蓝绿发布

get rollout details "kubectl get rollout rollout-bluegreen"

update rollout image: "kubectl argo rollouts set image rollout-bluegreen rollout-demo=argoproj/rollouts-demo:yellow"

promote rollout : "kubectl argo rollouts promote rollout-bluegreen"

Rollouts 金丝雀发布

示意图

集成 nginx ingress

示例代码

yaml 复制代码

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: rollouts-demo
spec:
  replicas: 1
  strategy:
    canary:
      canaryService: rollouts-demo-canary
      stableService: rollouts-demo-stable
      trafficRouting:
        nginx:
          stableIngress: rollouts-demo-stable
      steps:
      - setWeight: 5
      - pause: {}
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: rollouts-demo
  template:
    metadata:
      labels:
        app: rollouts-demo
    spec:
      containers:
      - name: rollouts-demo
        image: argoproj/rollouts-demo:blue
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        resources:
          requests:
            memory: 32Mi
            cpu: 5m
---
apiVersion: v1
kind: Service
metadata:
  name: rollouts-demo-canary
spec:
  ports:
  - port: 80
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app: rollouts-demo
---
apiVersion: v1
kind: Service
metadata:
  name: rollouts-demo-stable
spec:
  ports:
  - port: 80
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app: rollouts-demo
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rollouts-demo-stable
spec:
  ingressClassName: nginx
  rules:
  - host: rollouts-demo.local
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: rollouts-demo-stable
            port:
              number: 80

金丝雀发布

会同时创建2个ingress，一个ingress 是stable的，一个ingress 是rollout自动创建的金丝雀发布使用的ingress，其中包含了权重信息。

集成 istio

示例代码

yaml 复制代码

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: rollouts-demo
spec:
  replicas: 3
  strategy:
    canary:
      canaryService: rollouts-demo-canary
      stableService: rollouts-demo-stable
      trafficRouting:
        istio:
          virtualServices:
          - name: rollouts-demo-vsvc1
            routes:
            - primary 
      steps:
      - setWeight: 10 # 设置 canary 服务权重
      - pause: {}
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: rollouts-demo
  template:
    metadata:
      labels:
        app: rollouts-demo
        istio-injection: enabled
    spec:
      containers:
      - name: rollouts-demo
        image: argoproj/rollouts-demo:blue
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        resources:
          requests:
            memory: 32Mi
            cpu: 5m
---
apiVersion: v1
kind: Service
metadata:
  name: rollouts-demo-canary
spec:
  ports:
  - port: 80
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app: rollouts-demo
---
apiVersion: v1
kind: Service
metadata:
  name: rollouts-demo-stable
spec:
  ports:
  - port: 80
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app: rollouts-demo
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: rollouts-demo-vsvc1
spec:
  gateways:
  - rollouts-demo-gateway
  hosts:
  - rollouts-demo-vsvc1.local
  http:
  - name: primary
    route:
    - destination:
        host: rollouts-demo-stable
        port:
          number: 15372
      weight: 100 # promote canary之后，rollout会重新设置权重
    - destination:
        host: rollouts-demo-canary
        port:
          number: 15372
      weight: 0

金丝雀发布

rollout会自动修改绑定的virtualServices 中的canary 权重信息。