Automating code deployments through Azure — Blue-Green deployment
A detailed guide on carrying out Blue-Green deployments using Azure VMSS, Azure Load Balancers, and Azure Traffic Manager.
This is Part 2 of our blog series that will talk about how to automate your software deployment journey through Microsoft Azure. In Part 1, we discussed on Automating code deployments through Azure — In-Place deployment. In this post, I’m going to show the complete steps to perform Blue-Green deployments with the help of Azure VMSS, Azure Load Balancers, and Azure Traffic Manager.
So let’s begin by looking at what Blue-Green Deployments actually mean?
Prerequisites
Before we begin, it is assumed that you have:
- An existing Azure account or sign up for your Azure free account.
- Access to Azure DevOps with appropriate permissions.
and that’s it.
Blue-Green Deployments
Blue-Green deployment is a type of deployment that reduces downtime and risk by running two identical production environments known as Blue and Green. At any time, only one of the environments is live, with the live environment serving all production traffic.
Blue-Green deployments can mitigate common risks associated with deploying software, such as downtime and rollback capability.
However, there are many different ways by which Blue-Green deployments can be carried out in Azure, but today we’ll look at how to approach it using Azure VMSS, Azure Load Balancers, and Azure Traffic Manager. If you want to learn and experiment with more Blue-Green approaches on Azure, I will drop some article links below in the references section.
The Deployment Architecture
Spend some time and take a look at the deployment architecture that we’re going to build on Azure.
The above architecture involves the three Azure services namely, Azure VMSS, Azure Load Balancers, and Azure Traffic Manager. This architecture can be modified depending on your use case.
Create the Azure Virtual Machine Scale Set
Azure VMSS lets you create and manage a group of load-balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. They provide high availability to your applications and allow you to centrally manage, configure, and update a large number of VMs.
We will be creating two VMSS, one for the Blue environment and the other for the Green environment as shown in the above setup.
Go ahead and log in to your Azure Portal at https://portal.azure.com and click Create a Resource, search for Scale Set, then click Create.
Enter the following information:
- Subscription: Select your subscription.
- Resource Group: Select an existing Resource group, or create a new one.
- Name: Enter the name of the scale set, such as Blue-SS for Blue environment.
- Image & Size: Select the base OS for the VM and size.
- Username and Password: Enter the admin username and its password.
Under the Networking tab, Select Yes, to use a load balancer that is needed to distribute the load to the Blue VM’s launched by Scale Set. Create a new load balancer and backend pool with the name Blue-lb and blue-pool.
Remember you can assign Public IPs to the Network Interface if you want to communicate with the network interface from outside the virtual network. This is not mandatory as we can access our VM’s from the Inbound NAT rules that are created automatically with the load balancer.
You can leave the rest of the configuration of VMSS as default. Also, you can add Scaling policies depending upon your use case. When you are done, select Review + create.
After it passes validation, select Create to deploy the scale set. You’ll see two Blue VM’s has been created by the VMSS.
Similarly, follow the above steps to create a Green VMSS and Green load balancer according to the described architecture.
Azure Load Balancers
On the Azure Portal, search for Load Balancers and there you’ll find two load balancers have been created Blue-lb and Green-lb.
Open up one of the load balancers and check the Backend pools. One backend pool is created and contains VM’s launched by scale set.
Also if you navigate to the Inbound Nat rules, you’ll see NAT rules have been automatically added during the time when you created VMSS. You can access the VM’s by copying the public IP and the port number as:
ssh ubuntu@<public-ip> -p <port-number>
Azure Traffic Manager
Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness. Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints.
Azure Traffic Manager supports six traffic-routing methods to determine how to route network traffic to the various service endpoints. We’ll use the Weighted Routing Method to carry out Blue-Green deployments. This enables us to keep going up and down based on the weights of the endpoint so that the traffic is routed to that endpoint which has the newer version of code. For complete information on other types of routing methods, click here.
With that, on Azure Portal, click Create a Resource and search for Traffic Manager Profile. Next click Create.
Enter the following information:
- Name: Provide a unique name for your profile.
- Routing method: Select the Weighted routing method.
- Subscription: Select the subscription you want to create this profile under.
- Resource Group: Select an existing Resource group, or create a new one.
- Resource group location: Select the location of the Resource group.
Click Create.
Select the created profile and navigate to Endpoints. Click Add and supply the following information.
- Type: Select Azure endpoint.
- Name: Enter the name of the endpoint.
- Target resource type: Select Public IP address.
- Public IP address: Select the public IP associated with a Blue environment load balancer.
- Weight: Enter 1000, assuming this is the live environment.
Click Add.
Repeat the above step to add another endpoint with public IP associated with a Green environment load balancer and Weight set to 1, as this will be the idle endpoint for now. When the addition of both endpoints is complete, they are displayed in the Traffic Manager profile blade along with their monitoring status.
With this our Blue-Green architecture is ready to be tested. We’ll use Azure DevOps to create a Pipeline which has two stages, one for the code deployment to the VMSS and second for changing weights of the Traffic Manager’s endpoints.
Target an Environment
An environment is a collection of resources, such as Kubernetes clusters and virtual machines, that can be targeted by deployments from a pipeline.
We need to target an environment to the Azure Virtual Machines (launched by Azure VMSS) by registering them. Navigate to https://dev.azure.com and sign in to your DevOps organization.
In your project, under Pipelines, select Environments.
Click on create a new environment, provide name and description of the environment, and select Virtual Machines as a resource. Next select Linux under the Operating System, since we’re targeting the Linux VM’s.
It will give you a registration script that you can run on your Target VM’s. You can run this script on as many VM’s as you want to target. Once all VM’s are registered, they will start appearing as an environment resource. During the registration it will ask you to assign a tag to your VM’s, you can do it at that time or afterward through the Azure DevOps portal when all the VM’s are successfully registered. Assign a blue tag to the Blue VM’s and a green tag to the Green VM’s.
Alongside with the registration script, you can install and configure Azure CLI in order to run Azure CLI commands on the Virtual Machines. This is a one-time setup.
Set up the Deployment Pipeline
We’re going to set up a deployment pipeline that will deploy the code from Azure Blob Storage to the VM’s launched by Azure VMSS. So that on every push to you Git repository it will trigger the pipeline which uploads your latest piece of code from your VCS to Azure Blob Storage and from there to the VM’s. If you want to learn more about this workflow, please check out Part 1 of this series Automating code deployments through Azure — In-Place deployment.
Create an azure-pipelines.yml file at your project’s root and populate it with the following content:
The above snippet contains two stages. First for downloading the source code and extracting it. You can create your own custom bash scripts that can be shipped along with your source code and once the code is extracted on the VM’s then run those scripts to make the application up and running. We are deploying the newer version of software on the Green VM’s.
Here we are assuming that the old code is running on the Blue VM’s which is serving the live traffic since the Traffic Manager’s endpoint is assigned a weight of 1000. The second stage contains a bash script which will change the weights of both Traffic Manager’s Blue and Green endpoint.
In the project’s root create scripts/ directory and inside that create a blue_green_weightage.sh file with the following content:
It’s a simple bash script that has three functions defined. The tm_show_blue_endpoint() & tm_show_green_endpoint() function will show the currently assigned weightage to the Traffic Manager’s Blue and Green endpoint.
The tm_update_weightage() function invokes another function tm_run_update() which change the weightage of the Traffic Manager’s Blue and Green endpoint. This ensures that every time when a new code is deployed to any of the environments, all the traffic will be served to that endpoint. So in this case when new code is deployed to the Green environment, Traffic Manager will change the weight of the Green endpoint to 1000 and Blue endpoint to 1, so that all the traffic will be rerouted to the Green endpoint.
Time for the CI/CD
In the Azure DevOps portal, navigate to your project, under Pipelines, and create a New pipeline. Connect your Git repository with the Azure Pipeline. Whenever you push a new commit to your Git repository, it will automatically trigger a pipeline that will deploy your code to the VM’s launched by Azure VMSS.
Navigate to your Traffic Manager Profile on the Azure Portal and copy the DNS name and hit that URL on the browser.
You can see the Traffic Manager redirects you to that endpoint which has the older version of the software.
When the Pipeline passes, the newer version of the software gets deployed and the traffic manager changes the weights of the endpoint. Again hit the same URL on the browser.
You’ll see now the Traffic Manager redirects you to that endpoint which has the newer version of the software. Also, the weights of Blue and Green endpoints have been changed successfully.
Quick Tip: If you want to host your custom domain name that points to the Traffic Manager DNS name, Azure DNS is here for you. This way the clients can use an easy to remember name to access your service through Traffic Manager. If you want to learn how to do this, please see the references section.
We have seen how to carry out Blue-Green Deployments for the production workloads using Azure VMSS, Azure Load Balancers, and Azure Traffic Manager. This architecture makes deployment smoother and provides high availability to your applications, and allows you to centrally manage, configure, and update a large number of VMs.
I hope you enjoyed it. To learn about In-Place deployments, please check out Part 1, Automating code deployments through Azure — In-Place deployment.
References
Here are some references and useful links that will be worth your while.
