[FR-126] Rollback

[eniko-dif]

What was changed

Add a separate rollback config to the deployment specification that can be used to have different rollback behavior from the rollout one. It supports AllAtOnce or Progressive and does not have a gate. Uses the LastCurrentTime of a deployment to decide if the target version supposed to be rolled out or rolled back.

Why?

Open feature issue: #126

Checklist

1. Closes [Feature Request] Rollback mode #126

2. How was this tested:

Unit and integration tests (ongoing actual test with local setup).

3. Any docs updates needed?

Yes, but needs to be decided where.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[jlegrone]

I think it would be helpful to add a comments clarifying a couple things:

1. How/when a rollback is triggered. I think right now it's only when the worker's pod spec is updated, AND the build ID has been previously set as the default worker version?
2. How rollback strategy applies to new vs. currently running workflows. Ie. running workflows that are pinned will remain on the version we are rolling back from, while new workflows will start on the rollback version.

[jlegrone]

I think if we have a progressive rollout mode, we should also require that there be at least 1 step defined. It could be reasonable to assume that choosing the progressive rollout mode without also adding steps would reuse the existing steps from the rollout config. Without steps, progressive and all at once modes would behave the same way, right?

[jlegrone]

Nit: we have a mix of existing styles between SunsetStrategy and DefaultVersionUpdateStrategy, but I think I prefer dropping the Default prefix.

Suggested change

	type DefaultVersionRollbackStrategy string
	type VersionRollbackStrategy string

[jlegrone]

I think we should add an additional condition to only consider it a rollback if LastCurrentTime is recent (maybe defaulting to <24h before now). Otherwise accidentally deploying a version from weeks ago could skip the normal rollout steps, which might be unexpected.

[jlegrone]

Can we add a MaxRollbackAge field (struggling to come up with a better name)? I think a reasonable default would be 24h. If the LastCurrentTime is less than time.Now() - MaxRollbackAge, then the controller should treat the deployment as a standard rollout rather than a rollback.

[jlegrone]

This is a change in behavior that should be called out in release notes.

Is there a way to disable rollbacks and keep the existing behavior of treating every version change as a new rollout? This should be documented as well.

[jlegrone]

I'm not quite convinced that progressive rollbacks are necessary. What are the reasons to prefer a progressive rollback vs. disabling rollback and using the progressive rollout strategy?

It's probably not a big deal to maintain this functionality, but it also looks straightforward to add in a future release without introducing breaking changes.