A functional Kubernetes install

If you don't have one, GKE quick start guide is a great resource to get one set up quickly.

Install the tbnctl command line interface (CLI)

tbnctl is a CLI for interacting with the Turbine Labs public API, and is used throughout this guide to set up tbnproxy. Install tbnctl with these commands (Requires installation of Go, and that $GOPATH/bin is in your $PATH):

$ go get -u
$ go install
$ tbnctl login

Use your Houston username and password to login.

Username []:

See the tbnctl Guide for more information.

Get an API Access Token

Create an API Access Token using tbnctl:

$ tbnctl access-tokens add "demo key"
  "access_token_key": "<redacted>",
  "description": "demo key",
  "signed_token": "<redacted>",
  "user_key": "<redacted>",
  "created_at": "2017-08-25T22:11:30.907200482Z",
  "checksum": "d60ed8a6-1a40-49a5-5bb1-5bad322d9723"

You'll need the value of signed_token later on, so keep it somewhere secure.

Create a Zone

The highest-level unit of organization in the Turbine Labs API is a zone. We'll use the zone "testbed" in this guide, but you can substitute your own if you've already created one. To create the testbed zone, run

$ tbnctl init-zone testbed

You should now be able to see your zone by running

$ tbnctl list zone

Adding your API key to Kubernetes

To avoid having your API key visible in environment variables (which can inadvertently be exposed in logs and the command line) we recommend you store it as a Kubernetes secret. Running the following command will create a new secret with the signed_token AccessToken you obtained from tbnctl, which can then be referenced by other Kubernetes specs.

$ kubectl create secret generic tbnsecret --from-literal=apikey=<value of signed_token>

Setting up service discovery

The tbncollect binary scans your Kubernetes cluster for pods and groups them into clusters in the Turbine Labs API. To deploy tbncollect to your Kubernetes cluster, run

$ kubectl create -f

Customizing tbncollect For Your Kubernetes Environment

The all-in-one demo

We'll use the same client application described in our quickstart for these examples. To deploy the all-in-one client, run

$ kubectl create -f

Next, deploy the all-in-one server by running

kubectl create -f

Ensure that these pods have started correctly by running:

$ kubectl get pods
NAME                                       READY     STATUS    RESTARTS   AGE
all-in-one-client-680519093-jdx7g          1/1       Running   0          2m
all-in-one-server-1015810482-rgf8f         1/1       Running   0          1m
tbncollect-3235735371-f594t                1/1       Running   0          3m

Now verify that tbncollect has discovered your new pods and added them to the appropriate clusters by running:

$ tbnctl list --format=summary cluster

You should see a name: all-in-one-client cluster and a name: all-in-one-server cluster, each with a single instance. It may take up to 30 seconds for the new clusters to appear.

Adding a domain and proxy

Tbnproxy is the container that handles request routing. It serves traffic for a set of domains, which in turn contain release groups and routes. We'll create the domain first.

Go to, and login with your email address and password.

Click "Settings" in the top right portion of the screen, then "Edit Routes".

The screen should indicate that you have no domains. Click "Add One".

type "testbed-domain" in the Name field, then Click "Add Domain"

The screen should now indicate that you have no proxies. Click "Add One".

type "testbed-proxy" in the Name field, and then check the box next to testbed-domain:80. This indicates that the proxy you're adding will serve traffic for testbed-domain. Click "Add Proxy"

Deploying tbnproxy

Now we're ready to deploy tbnproxy to Kubernetes:

$ kubectl create -f

Expose tbnproxy to the external network

This is environment specific. If you're running in GKE you can use the following path. First, expose the deployment on a NodePort to make it accessible outside the local Kubernetes network:

$ kubectl expose deployment tbnproxy --target-port=80 --type=LoadBalancer

Then wait for an external IP address to be created (this may take some time)

$ kubectl get services --watch
Kubernetes     <none>            443/TCP   24m
tbnproxy   80/TCP    5m

Configure routes

Now we have a proxy running and exposed to the Internet, along with clusters and instances configured in the Turbine Labs service. Next we map requests to clusters. Log in to with your email address and API key.

First we'll create a route to send traffic to the all-in-one client.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "More" menu, then select "Add Route".
  4. Select your domain in the domain drop down
  5. Enter "/" in the path field
  6. Click the release group dropdown and select "Create New Release Group..."
  7. Select "all-in-one-client" from the service drop down
  8. Enter "client" in the release group name field
  9. Click the "Create Route + Release Group" button

Now we'll repeat these steps to create a route to send anything going to /api to the all-in-one server

  1. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  2. Click the "More" menu, then select "Add Route".
  3. Select your domain in the domain drop down
  4. Enter "/api" in the path field
  5. Click the release group dropdown and select "Create New Release Group..."
  6. Select "all-in-one-server" from the service drop down
  7. Enter "server" in the release group name field
  8. Click the "Create Route + Release Group" button

Verifying your deploy

Now visit your load balancer, and you should see the all-in-one client running. To get the IP address for your deployment you can run

kubectl get service

copy the EXTERNAL-IP field for the tbnproxy service, and paste that into the address bar of your browser.

Demo exercises

Now that you're up and running with Houston on Kubernetes, let's walk through some product use cases.

What's going on here?

The all-in-one client/server provide a UI and a set of services that help visualize changes in the mapping of user requests to backend services. This lets you visualize the impact of Houston on a real deployment without having to involve real customer traffic or load generators.

The application is composed of three sets of blocks, each simulating a user making a request. These are simple users, and they all repeat the same request forever. The services they call return a color. When a user receives a response it paints the box that color, then waits a random amount of time to make another request. While it’s waiting the colors in the box fade. Users are organized into rows based on URL.

You should see pulsating blue boxes for each service, to indicate the initial state of your production services.

Deployed state

Let’s dig deeper into how tbnproxy routes traffic. Traffic is received by a proxy that handles traffic for a given domain. The proxy maps requests to service instances via routes and rules. Routes let you split your domain into manageable segments, for example /bar and /baz. Rules let you map requests to a constrained set of service instances in clusters, for example “by default send traffic to servers labeled stage=prod. Clusters contain sets of service instances, each of which can be labeled with key/value pairs to provide more information to the routing engine.

Your environment should look like the following:

There is a single domain, local.domain that contains two routes. /api handles requests to our demo service instances, and / handles requests for everything else (in this case the demo app). There are two clusters:

  • The all-in-one-server cluster has one instance, labeled as stage=prod,version=blue. The all-in-one-client cluster has a single instance labeled stage=prod.

  • The all-in-one-server cluster has a single instance labeled stage=prod.

Set up an initial route

The rules currently map api traffic to all instances in the cluster. To enable the release workflow we need to constrain routing to a single version at a single stage, so let's configure Houston to route traffic to the blue version.

  1. Make sure you have the 'testbed' zone selected in the top left portion of the screen.
  2. Click the "Settings" menu in the top right portion of the screen, and then select "Edit Routes".
  3. Click the "Select View" menu in the top left portion of the screen, and select the api route.
  4. Change 1 to 'all-in-one-server' to 1 to 'all-in-one-server' stage = prod & version = blue
  5. Click "Save Release Group"

If you look at the all-in-one client you should still see all blue blocks, because we've constrained the routing to only go to servers in the cluster labeled with version=blue.

Deploying a new version

Now we'll deploy a new version of the server that returns green as the color to paint blocks.

kubectl create -f

if you run

$ kubectl get pods
NAME                                       READY     STATUS    RESTARTS   AGE
all-in-one-client-680519093-jdx7g          1/1       Running   0          2m
all-in-one-server-1015810482-rgf8f         1/1       Running   0          1m
all-in-one-server-green-3537570873-7npmx   1/1       Running   0          22s
tbncollect-3235735371-f594t                1/1       Running   0          3m

Your environment now looks like the following:

The new instance has been added to the all-in-one-server cluster, but no traffic is routed to it. When returning to your client app, you should still see only blue blocks, because we set our routing constraints in the previous step.

Testing before release

Let’s test our green version before we release it to customers. tbnproxy allows you to route to service instances based on headers set in the request. Navigate to, log in and select the zone you’re working with (testbed by default). Click "Settings" -> "Edit Routes", and select testbed-domain:80/api from the top left dropdown. You should see the following screen

Click “Add Rule” from the top right, and enter the following values.

This tells the proxy to look for a header called X-Tbn-Version. If the proxy finds that header, it uses the value to find servers in the all-in-one-client cluster that have a matching version label. For example, setting X-Tbn-Version: blue on a request would match blue servers, and X-Tbn-Version: green would match green servers.

The demo app converts a X-Tbn-Version query parameter into a header in calls to the backend; if you navigate to http://<your external IP>?X-Tbn-Version=green you should see all green boxes. Meanwhile going to http://<your-client> without that parameter still shows blue.

This technique is extremely powerful. New software was previewed in production without customers being affected. You were able to test the new software on the live site before releasing to customers. In a real world scenario your testers can perform validation, you can load test, and you can demo to stakeholders without running through a complicated multi-environment scenario, even during another release.

Incremental release

Now we're ready to do an incremental release from blue to green. Right now the default rules for /api send all traffic to blue. Let’s introduce a small percentage of green traffic to customers.

Navigate to, then click "Release Groups" below the top-line charts. The row "server" should be marked "RELEASE READY". Click anywhere in the row to expand it, then click "Start Release".

Let's send 25% of traffic to our new green version by moving the slider and clicking "Start Release". The release group should now be marked "RELEASING".

The all in one client should now show a mix of blue and green. You can increment the green percentage as you like. When you get to 100%, the release is complete.

Congratulations! You've safely and incrementally released a new version of your production software. Both blue and green versions are still running; if a problem were found with green, a rollback to blue would be just as easy.

Testing latency and error rates

In order to demo what errors and latency issues may look like in a production environment, we implemented a few parameters that can be set to illustrate these scenarios. By default, each of the demo servers returns a successful (status code 200) response with its color (as a hex string) as the response body.

URL parameters passed to the client web page at can be used to control the mean latency and error rate of each of the different server colors.

An example

The following URL will show an error rate and delayed response for green and blue servers.

http://<your external IP>/?x-blue-delay=25&x-blue-error=.001&x-green-delay=10&x-green-error=.25

This will simulate a bad green release, and a need to rollback to a known good blue release.

Parameter effect

These parameters can be modified in the above example as follows:

  • x-color-delay: sets the mean delay in milliseconds.
  • x-color-error: sets the error rate, describe as a fraction of 1 (e.g., 0.5 causes an error 50% of the time).

The latency and error rates are passed to the demo servers as HTTP headers with the same name and value as the URL parameters described. You can use these parameters to help you visualize the effects of a bad release, or an issue with the code in a new version of your application, which would be cause to step-down the release and return traffic to a known-good version.

Driving synthetic traffic

If you'd like to drive steady traffic to your all-in-one server without keeping a browser window open, you can run the all-in-one-driver image in your kubernetes environment. You can use the template below, filling in the value for ALL_IN_ONE_DRIVER_HOST with the EXTERNAL-IP field from your tbnproxy service. You can also add error rates and latencies for various using environment variables.

apiVersion: extensions/v1beta1
kind: Deployment
  name: all-in-one-driver
  replicas: 1
        run: all-in-one-driver
      - image: turbinelabs/all-in-one-driver:0.10.1
        imagePullPolicy: IfNotPresent
        name: all-in-one-driver
        - name: ALL_IN_ONE_DRIVER_HOST
          value: "<YOUR PUBLIC IP OR HOSTNAME>:80"
          value: "blue:50ms,green:20ms"
          value: "blue:0.01,green:0.005"

Now start your traffic driver with:

$ kubectl create -f all-in-one-driver.yaml


Now that you've seen what Houston can do with our all-in-one examples and Kubernetes , you can try it out with your own services. If you have questions or run into any trouble, please drop us a line, we're here to help.