Enhancing delivery using Kubernetes Gateway API and Istio

At DigitalOcean's internal platform team, we use a tool called docc to make deploying apps easier for our teams. It’s designed to hide the complexity of Kubernetes so teams can focus on getting their apps running without needing to understand Kubernetes itself.

When we deploy updates to applications, we usually use a simple method where old versions are replaced with new ones, one by one, over a short time. This works fine most of the time, but if the new version has bugs—causing slower performance or errors for users—this method doesn’t have a built-in way to catch those problems early or quickly switch back to the previous version.

To solve this, we’ve added safer deployment strategies like canary and A/B testing. These allow us to release updates more cautiously by directing only a small percentage of user traffic to the new version first. If everything looks good, we slowly increase the traffic. If not, we can automatically roll back quickly.

We achieved this by using tools like the Kubernetes Gateway API, Envoy proxy, and Istio to manage and control how traffic flows between different versions of an app. These tools work together to create a "service mesh," which helps us balance traffic and make deployment smoother and safer.

In this talk, we’ll share what we learned while setting this up and how it’s helping us ensure more reliable application updates at DigitalOcean.