Learning Library

← Back to Library

Canary Deployments Using Service Mesh

2m • Unknown Channel • devops • tutorial • intermediate • Watch on YouTube ↗

Key Points

A new version of an application can be gradually introduced to production using a service mesh, which lets you control traffic flow without modifying application code.
The **sto** service mesh (an open‑source project) runs on Kubernetes and provides automatic encryption, visibility, and advanced routing policies applied via standard YAML and `kubectl` commands.
By defining a virtual service, you can route a specific percentage of requests (e.g., 80% to version 1 and 20% to version 2) to safely perform a canary rollout.
Beyond canary deployments, sto supports header‑based routing, fault injection for resiliency testing, telemetry and tracing collection, and enforcement of authentication policies.
The demo showcases how these features simplify managing complex application relationships and ensures a smooth transition to the new version.

Sections

00:00:00 Canary Deployments with STO Mesh - The speaker demonstrates how to use the STO service mesh on Kubernetes to gradually route a configurable percentage of traffic (e.g., 20%) to a new application version via YAML‑defined virtual services and traffic policies, enabling safe, code‑free canary releases.

Full Transcript

# Canary Deployments Using Service Mesh **Source:** [https://www.youtube.com/watch?v=QTD-gqS2E7w](https://www.youtube.com/watch?v=QTD-gqS2E7w) **Duration:** 00:02:20 ## Summary - A new version of an application can be gradually introduced to production using a service mesh, which lets you control traffic flow without modifying application code. - The **sto** service mesh (an open‑source project) runs on Kubernetes and provides automatic encryption, visibility, and advanced routing policies applied via standard YAML and `kubectl` commands. - By defining a virtual service, you can route a specific percentage of requests (e.g., 80% to version 1 and 20% to version 2) to safely perform a canary rollout. - Beyond canary deployments, sto supports header‑based routing, fault injection for resiliency testing, telemetry and tracing collection, and enforcement of authentication policies. - The demo showcases how these features simplify managing complex application relationships and ensures a smooth transition to the new version. ## Sections - [00:00:00](https://www.youtube.com/watch?v=QTD-gqS2E7w&t=0s) **Canary Deployments with STO Mesh** - The speaker demonstrates how to use the STO service mesh on Kubernetes to gradually route a configurable percentage of traffic (e.g., 20%) to a new application version via YAML‑defined virtual services and traffic policies, enabling safe, code‑free canary releases. ## Full Transcript

0:01[Music] 0:09suppose I have a new version of my 0:11application that's ready for launch 0:13we've tested it and it's working well 0:14but I'd like to ease it into production 0:16let's see how the sto service mesh can 0:19help us with that surface meshes like 0:21sto allow for greater control over the 0:23traffic and communication between each 0:26of our applications to pull it in the 0:27cluster is teo as an open source project 0:29you can deploy sto on kubernetes and get 0:32visibility automatic encryption and 0:35advanced routing policies on your 0:37applications 0:37best of all your team doesn't need to 0:40change any application code to use this 0:42do at first we only want to send a small 0:45percentage of the traffic say 20 percent 0:47to the new version of our travel 0:48application will send 80 percent of the 0:51traffic to the existing version until 0:53we're sure the new version is working 0:54well for customers with sto installed on 0:57our cluster traffic policies can be 0:59applied the same way as kubernetes 1:00objects using Y Amal and coop control 1:03apply commands first we'll deploy a 1:06version 1 and version 2 of our 1:07applications in this scenario will use 1:13the drones to represent a deployment and 1:15the height of the drones to represent 1:17the percentage of traffic being sent to 1:18the application both drones are flying 1:21at the same height meaning there are no 1:22traffic rules applies we need to ensure 1:25version 2 of the application is running 1:27ok before we're ready to send a hundred 1:29percent of the traffic to it and get rid 1:31of our version 1 an sto virtual service 1:34allows for defining rules to control 1:36traffic flow well create a virtual 1:38service configuration which sends 80% of 1:41the traffic diversion 1 and 20% to 1:43version 2 1:48I can see how sto would become 1:50increasingly valuable as a team needs to 1:52manage complex relationships between 1:54applications 1:55besides Canary rollouts like we just saw 1:57you can do routing based on headers 1:59fault injection to test resiliency get 2:02telemetry and tracing data and enforce 2:04authentication policies thank you so 2:07much for joining us today for this 2:08demonstration we can't wait for the next 2:10time 2:18you