Weekly: Share your EXPLOSIONS thread

Looked into Flagger for the company I just started. We’re running an AKS cluster with LinkerD as our service mesh, and considering it was the second task on the LinkerD website it seemed like a good option. Followed the tutorial and installed flagger, setup the Canary CRD, and added a Canary to our existing Hello World app...

Everything broke immediately. Turns out flagger modifies the generic app name labels (app, kubernetes.io/name, etc) and appends “-primary” to them... this didn’t play well with the default deny network policy we had setup. But I soldiered on and figured how StrategicMergePatches for Kustomize to add in the extra labell to our network policy. That seemed to have fixed everything.

We ran another deploy and got a small burst of 503 on the initial switch over. Flagger was also editing the service selectors and our deploy would overwrite them and cause 503s while we waited for Flagger to overwrite them back. At the point where I was writing my second StrategicMergePatch we realized this might not be the tool for us.

/r/kubernetes Thread