A policy is a set of rules that define how a version of a service should be validated when it's added to an application. If the policy conditions are not met then the new version will be rolled back with the minimum of impact on your user's experience.
In SRE terms, a policy validates that a new version of a service complies with the SLOs defined for that service.
Vamp supports two classes of policy: release policy and validation only policies.
A release policy defines a set validation rules for how Vamp will objectively test if a version of a service meets its objectives. It also defines the user segments to be targeted during the tests.
Release policies are used for services that support progressive releases using traffic shaping. This requires that a new version of a service is deployed in parallel with the existing, live version of the service.
For this reason, release policies are limited to only those services that:
Are deployed as Kubernetes Deployments; and
Expose a REST-based API or a GraphQL-based API
Normally as the release progresses, larger and larger numbers of API requests are sent to the newly deployed version of the service. If it passes all the tests defined in the policy then it is designated as the live version replacing the current version.
If validation of the newly deployed version of the service fails for any reason then it is rolled back. The current version remains live and receives all API requests. The failed version no longer receives any API requests.
A validation only policy defines only the set validation rules for how Vamp will objectively test if a version of a service meets its objectives.
Validation only policies can be are used for services that use a Kubernetes rolling update strategy. This means that validation only policies be used with services that:
Are deployed using a Kubernetes StatefulSet; or
Are deployed using a Kubernetes Deployment; or
Do not expose a REST-based API or a GraphQL-based API, for example message-based APIs
Validation only policies rely on calling a user defined webhook to rollback a failed version. If the newly released version passes all the tests defined in the policy then it remains as the live version.
If validation of the newly deployed version of the service fails for any reason then Vamp calls a webhook to the roll the service back to the previous version. Typically, this webhook triggers an action on a CD pipeline.