Master Progressive Deployments with Kruise Rollout 0.3.0 – A Step‑by‑Step Guide

Introduction

Kruise Rollout is an open‑source progressive delivery framework from the OpenKruise community. It combines traffic release with instance gray‑scale, supporting canary, blue‑green, A/B testing and custom Prometheus metrics for automated releases on standard Kubernetes clusters.

Repository: https://github.com/openkruise/rollouts

New Features in 0.3.0

Deployment batch release : Deployments can be released in batches similar to StatefulSet or CloneSet, preserving the original workload name and remaining compatible with HPA.

Header & Cookie traffic shading : Allows north‑south traffic to be split by header or cookie match rules for fine‑grained A/B testing.

Lua‑script based Ingress extensions : Users can plug in Lua scripts to support additional gateway protocols.

Release Strategies Overview

Rolling update : Native Deployment rolling upgrade, fast but lacks pause points.

Canary release : Creates a temporary canary Deployment for verification before full rollout.

Standard batch release : Uses Partition capability (via StatefulSet/CloneSet) to release pods in batches while keeping the original workload name.

Non‑standard batch release : Creates two Deployments and swaps them batch by batch.

A/B testing : Splits traffic into separate paths for side‑by‑side comparison.

Feature Details

1. Deployment Batch Release

Kruise Rollout enables Deployments to perform batch releases without changing the workload name, preserving existing resources and fully compatible with HPA.

2. Header & Cookie Traffic Shading

Users can define header or cookie match rules so that only traffic matching those rules is routed to the new version during a canary step. This is useful for whitelist testing or precise traffic isolation.

3. Lua‑Based Ingress Extension

The framework uses Lua scripts as plug‑ins to modify Ingress annotations for various gateway implementations. Example scripts for Nginx (and future support for ALB, Kong, etc.) are provided in the repository.

Comparison with Other Solutions

Flexibility : Plug‑in architecture allows instant batch capability on existing Deployments and easy removal.

Compatibility : Works seamlessly with HPA and other workload‑ref components.

Ease of integration : Only a Rollout configuration is needed; no pod migration or extra resources are required.

Installation and Usage

Prerequisites

Kubernetes version >= 1.19 (required for Ingress traffic routing support).

Step 1 – Install Kruise Rollout

$ helm install kruise-rollout openkruise/kruise-rollout --version 0.3.0

Step 2 – Bind a Deployment and Define Batch Rules

apiVersion: rollouts.kruise.io/v1alpha1
kind: Rollout
metadata:
  name: rollouts-demo
  namespace: default
  annotations:
    rollouts.kruise.io/rolling-style: partition
spec:
  objectRef:
    workloadRef:
      apiVersion: apps/v1
      kind: Deployment
      name: echoserver
  strategy:
    canary:
      steps:
      - replicas: 1   # first batch
      - replicas: 60% # second batch
      - replicas: 100%# final batch

Step 3 – Execute the Batch Release

Create the Rollout with kubectl apply -f and monitor its status. Use kubectl‑kruise rollout approve to confirm each batch.

Header & Cookie Traffic Shading Example

apiVersion: rollouts.kruise.io/v1alpha1
kind: Rollout
metadata:
  name: rollouts-demo
  namespace: default
spec:
  objectRef:
    workloadRef:
      apiVersion: apps/v1
      kind: Deployment
      name: echoserver
  strategy:
    canary:
      steps:
      - matches:
        - headers:
          - name: UserAgent
            type: Exact
            value: iOS
        pause: {}
        replicas: 1
      - replicas: 50%
      - replicas: 100%
      trafficRoutings:
      - ingress:
          classType: nginx
          name: echoserver
        service: echoserver

This configuration routes only traffic with UserAgent=iOS to the new pods in the first batch.

Lua Script for Ingress (Nginx example)

-- Modify Ingress annotations for canary routing
annotations = {}
if obj.annotations then
  annotations = obj.annotations
end
annotations["nginx.ingress.kubernetes.io/canary"] = "true"
annotations["nginx.ingress.kubernetes.io/canary-by-cookie"] = nil
annotations["nginx.ingress.kubernetes.io/canary-by-header"] = nil
annotations["nginx.ingress.kubernetes.io/canary-by-header-pattern"] = nil
annotations["nginx.ingress.kubernetes.io/canary-by-header-value"] = nil
annotations["nginx.ingress.kubernetes.io/canary-weight"] = nil
if obj.weight ~= "-1" then
  annotations["nginx.ingress.kubernetes.io/canary-weight"] = obj.weight
end
if not obj.matches then
  return annotations
end
for _,match in ipairs(obj.matches) do
  local header = match.headers[1]
  if header.name == "canary-by-cookie" then
    annotations["nginx.ingress.kubernetes.io/canary-by-cookie"] = header.value
  else
    annotations["nginx.ingress.kubernetes.io/canary-by-header"] = header.name
    if header.type == "RegularExpression" then
      annotations["nginx.ingress.kubernetes.io/canary-by-header-pattern"] = header.value
    else
      annotations["nginx.ingress.kubernetes.io/canary-by-header-value"] = header.value
    end
  end
end
return annotations

Future Plans

Support more gateway protocols via Lua plug‑ins.

Build a complete release system with hooks, Prometheus metric analysis, auto‑rollback, and unattended operation, integrating with KubeVela workflow.

Community Involvement

Contributions are welcomed via GitHub. The project repository is https://github.com/openkruise/rollouts.