Canary / Blue Green Deployment for M324

Overview

This deployment setup was part of a closed‑source DevOps project where I implemented a blue‑green / canary hybrid deployment workflow using Docker and Traefik on a Raspberry Pi–based environment. The goal was to enable zero‑downtime releases, safe migration between versions, and automatic fallback in case of deployment failures.

Because the project was private, no source code can be shared — this document describes the architecture and the deployment logic.

Deployment Approach

The original plan was a classic blue‑green deployment, where two full environments run in parallel and traffic is switched entirely between them.

In practice, the system evolved into a canary deployment, where:

• the new version receives only a small fraction of traffic,
• the stable version continues to serve most users,
• rollout progresses by adjusting Traefik weight labels,
• on failure, traffic automatically returns to the stable environment.

This created a safe incremental rollout strategy with seamless rollback.

Key Features

• Docker Compose-based multi-service deployment
• Traefik reverse proxy controlling routing, HTTPS, and load balancing
• Canary traffic distribution via Traefik weights
• Zero-downtime switching between versions
• Automatic rollback when the new version fails
• arm64 Raspberry Pi production environment

Example Traefik Configuration

services:
  dotnet-blue:
    image: registry.gitlab.com/.../dotnet:latest
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dotnet-blue.rule=Host(`dotnet.ermfox.ch`)"
      - "traefik.http.routers.dotnet-blue.entrypoints=web,websecure"
      - "traefik.http.routers.dotnet-blue.tls.certresolver=leresolver"
      - "traefik.http.services.dotnet-blue.loadbalancer.server.port=8080"
      - "traefik.http.services.dotnet-blue.loadbalancer.weight=1"
    networks:
      - pi_traefik

Label Explanation

• Host rule → routes the subdomain to the service
• Entrypoints → supports both HTTP (80) and HTTPS (443)
• TLS resolver → automatic Let's Encrypt certificates
• Port mapping → internal container port exposed to Traefik
• Weight → determines how much traffic this version receives

Future Improvements

• Pipeline‑controlled rollouts: gradually increase Traefik weights after successful deployments.
• Auto‑rollback logic: health checks and routing rules to immediately reroute traffic on failure.
• Dynamic weight control UI: small dashboard or script to modify weights without editing Compose files.

Evidence

Screenshots from the private deployment environment (e.g., running containers, IDs, Traefik routing) were captured and used to verify correct operation. These confirm:

• containers were running on the Raspberry Pi,
• the correct blue/green or canary versions were active,
• Traefik routing was functioning as expected.