Master GitOps-driven canary deployments using Argo Rollouts and Flagger. Learn how to automate Kubernetes progressive delivery for safer, faster production releases.
We’ve all been there: it’s 4:55 PM on a Friday, and you’re staring at a "deploy" button. You know the drill—if something breaks, your weekend is toast. This is where Kubernetes progressive delivery saves your sanity. By shifting from manual "big bang" deployments to automated canary releases, you reduce the blast radius of every change.
Today, I’m going to show you how to implement GitOps-driven canary deployments using two of the industry's most powerful tools: Argo Rollouts and Flagger.
Traditional Kubernetes Deployment objects are binary. You update the image, the replica set rolls over, and if the new version crashes, your users feel it immediately. Canary deployments change this by shifting traffic incrementally—say, 5% to the new version, then 10%, then 50%—while watching metrics. If error rates spike, the system automatically rolls back.
Argo Rollouts is a Kubernetes controller that replaces the standard Deployment resource. It’s perfect if you’re already deep in the Argo ecosystem (like Argo CD).
First, install the Argo Rollouts controller:
Bashkubectl create namespace argo-rollouts kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
Instead of a standard Deployment, you define a Rollout resource:
YAMLapiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: name: my-app spec: replicas: 5 strategy: canary: steps: - setWeight: 20 - pause: {duration: 1m} - setWeight: 40 - pause: {duration: 1m} template: spec: containers: - name: app image: my-app:v2.0.0
The beauty here is the AnalysisTemplate. You can point Argo at your Prometheus instance to automatically verify the health of the canary pods. If the success rate drops below 99%, Argo aborts the rollout automatically.
If you’re running Istio, Linkerd, or NGINX ingress, Flagger is often the cleaner choice. It works by monitoring your existing deployments and creating "Canary" resources that define the traffic shifting logic.
Flagger doesn't replace your deployment object; it observes it. When you update your image in Git, Flagger detects the change and creates a "primary" and "canary" version of your service.
Here’s a sample Canary resource:
YAMLapiVersion: flagger.app/v1beta1 kind: Canary metadata: name: my-app spec: targetRef: apiVersion: apps/v1 kind: Deployment name: my-app analysis: interval: 1m threshold: 5 maxWeight: 50 stepWeight: 10 metrics: - name: request-success-rate thresholdRange: min: 99
Flagger is incredibly aggressive about automation. It doesn't just wait; it actively queries your metrics provider (Prometheus, Datadog, or New Relic) to decide if the canary should progress.
You might be asking, "Rubel, which one should I pick?" It comes down to your operational philosophy:
Regardless of the tool, don't ignore these three rules:
Implementing a canary deployment strategy isn't just about the tooling; it’s about shifting your team's culture. You're moving from a "deploy and pray" mindset to one where we trust data, not luck. Both Argo Rollouts and Flagger are production-grade tools. Start small, pick one, and watch your MTTR (Mean Time To Recovery) plummet.
Have you tried either of these in production? Drop a comment or reach out on social—I’m always curious to see how different teams handle these edge cases.
Master Kubernetes Canary Deployments using Flagger and Istio. Learn how to automate traffic shifting, run health checks, and achieve safer progressive delivery.
Read moreMaster Kubernetes Secret Management by syncing HashiCorp Vault with External Secrets Operator. Learn how to automate secure, GitOps-friendly secret injection.