Canary analysis with Prometheus Operator
This guide show you how to use Prometheus Operator for canary analysis.
Install Prometheus Operator with Helm v3:
helm repo add stable https://kubernetes-charts.storage.googleapis.com​kubectl create ns monitoringhelm upgrade -i prometheus stable/prometheus-operator \--namespace monitoring \--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false \--set fullnameOverride=prometheus
The prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false option allows Prometheus operator to watch serviceMonitors outside of his namespace.
Install Flagger by setting the metrics server to Prometheus:
helm repo add flagger https://flagger.app​kubectl create ns flagger-systemhelm upgrade -i flagger flagger/flagger \--namespace flagger-system \--set metricsServer=http://prometheus-prometheus.monitoring:9090 \--set meshProvider=kubernetes
Install Flagger's tester:
helm upgrade -i loadtester flagger/loadtester \--namespace flagger-system
Install podinfo demo app:
helm repo add podinfo https://stefanprodan.github.io/podinfo​kubectl create ns testhelm upgrade -i podinfo podinfo/podinfo \--namespace test \--set service.enabled=false
The demo app is instrumented with Prometheus so you can create service monitors to scrape podinfo's metrics endpoint:
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:name: podinfo-primarynamespace: testspec:endpoints:- path: /metricsport: httpinterval: 5sselector:matchLabels:app: podinfo
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:name: podinfo-canarynamespace: testspec:endpoints:- path: /metricsport: httpinterval: 5sselector:matchLabels:app: podinfo-canary
We are setting interval: 5s to have a more aggressive scraping. If you do not define it, you must to use a longer interval in the Canary object.
Create a metric template to measure the HTTP requests error rate:
apiVersion: flagger.app/v1beta1kind: MetricTemplatemetadata:name: error-ratenamespace: testspec:provider:address: http://prometheus-prometheus.monitoring:9090type: prometheusquery: |100 - rate(http_requests_total{namespace="{{ namespace }}",job="{{ target }}-canary",status!~"5.*"}[{{ interval }}])/rate(http_requests_total{namespace="{{ namespace }}",job="{{ target }}-canary"}[{{ interval }}]) * 100
Create a metric template to measure the HTTP requests average duration:
apiVersion: flagger.app/v1beta1kind: MetricTemplatemetadata:name: latencynamespace: testspec:provider:address: http://prometheus-prometheus.monitoring:9090type: prometheusquery: |histogram_quantile(0.99,sum(rate(http_request_duration_seconds_bucket{namespace="{{ namespace }}",job="{{ target }}-canary"}[{{ interval }}])) by (le))
Using the metrics template you can configure the canary analysis with HTTP error rate and latency checks:
apiVersion: flagger.app/v1beta1kind: Canarymetadata:name: podinfonamespace: testspec:provider: kubernetestargetRef:apiVersion: apps/v1kind: Deploymentname: podinfoprogressDeadlineSeconds: 60service:port: 80targetPort: httpname: podinfoanalysis:interval: 30siterations: 10threshold: 2metrics:- name: error-ratetemplateRef:name: error-ratethresholdRange:max: 1interval: 30s- name: latencytemplateRef:name: latencythresholdRange:max: 0.5interval: 30swebhooks:- name: load-testtype: rollouturl: "http://loadtester.flagger-system/"timeout: 5smetadata:type: cmdcmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"
Based on the above specification, Flagger creates the primary and canary Kubernetes ClusterIP service.
During the canary analysis, Prometheus will scrape the canary service and Flagger will use the HTTP error rate and latency queries to determine if the release should be promoted or rolled back.
