Listen to this Post
Blue-Green deployment is a strategy that reduces downtime and risk by running two identical production environments called Blue and Green. Only one environment is live at any time, allowing you to switch traffic instantly if issues arise.
You Should Know:
1. Prerequisites
- Kubernetes cluster
– `kubectl` configured - Nginx Ingress Controller installed
- Cert-Manager for TLS certificates
2. Deploy Blue and Green Versions
Create two deployments (blue and green) with different versions of your app:
<h1>blue-deployment.yaml</h1> apiVersion: apps/v1 kind: Deployment metadata: name: blue-app spec: replicas: 2 selector: matchLabels: app: myapp version: blue template: metadata: labels: app: myapp version: blue spec: containers: - name: nginx image: nginx:1.18 # Blue version ports: - containerPort: 80
<h1>green-deployment.yaml</h1> apiVersion: apps/v1 kind: Deployment metadata: name: green-app spec: replicas: 2 selector: matchLabels: app: myapp version: green template: metadata: labels: app: myapp version: green spec: containers: - name: nginx image: nginx:1.19 # Green version (new) ports: - containerPort: 80
Apply them:
kubectl apply -f blue-deployment.yaml kubectl apply -f green-deployment.yaml
3. Create Services for Both Deployments
<h1>blue-service.yaml</h1> apiVersion: v1 kind: Service metadata: name: blue-service spec: selector: app: myapp version: blue ports: - protocol: TCP port: 80 targetPort: 80
<h1>green-service.yaml</h1> apiVersion: v1 kind: Service metadata: name: green-service spec: selector: app: myapp version: green ports: - protocol: TCP port: 80 targetPort: 80
Apply services:
kubectl apply -f blue-service.yaml kubectl apply -f green-service.yaml
4. Configure Nginx Ingress for Traffic Switching
<h1>ingress.yaml</h1> apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: blue-service # Initially points to Blue port: number: 80
Apply ingress:
kubectl apply -f ingress.yaml
5. Switch Traffic from Blue to Green
Update the Ingress to point to `green-service`:
<h1>Update ingress.yaml</h1> ... service: name: green-service # Now points to Green port: number: 80
Reapply:
kubectl apply -f ingress.yaml
6. Enable TLS with Cert-Manager
<h1>certificate.yaml</h1> apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: myapp-tls spec: secretName: myapp-tls-secret dnsNames: - myapp.example.com issuerRef: name: letsencrypt-prod kind: ClusterIssuer
Apply certificate:
kubectl apply -f certificate.yaml
Update Ingress for HTTPS:
<h1>ingress-tls.yaml</h1> apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: letsencrypt-prod spec: tls: - hosts: - myapp.example.com secretName: myapp-tls-secret rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: green-service port: number: 80
Apply secure ingress:
kubectl apply -f ingress-tls.yaml
What Undercode Say
Blue-Green deployments in Kubernetes ensure zero-downtime updates. Key takeaways:
– Use `kubectl rollout status` to monitor deployments.
– `kubectl get pods -l app=myapp` checks pod status.
– `kubectl describe ingress myapp-ingress` verifies routing.
– Automate switching using CI/CD pipelines (Jenkins, ArgoCD).
– For rollback, revert Ingress to blue-service.
Expected Output:
- Successful traffic shift between Blue and Green environments.
- TLS-secured endpoints via Cert-Manager.
- Minimal downtime during deployments.
Reference: Implementing Blue-Green Deployment in Kubernetes with TLS Encryption
References:
Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
