Back to Docs
Recipe

Canary Deployment

Ship to a fraction of users first, validate in production, then roll out with confidence.

Overview

A canary deployment routes a small percentage of traffic to a new version of your service while the majority stays on the stable release. If error rates, latency, or user sentiment stay healthy, you gradually increase the rollout until 100% of traffic hits the new version. If anything breaks, you roll back instantly — most users never see the bad build.

Why Canary?

  • Blast-radius reduction — a bad deploy affects 5% of users, not 100%.
  • Real-traffic validation — staging never matches production load or data shapes.
  • Fast rollback — revert the routing rule, not the entire deployment pipeline.
  • Gradual confidence — metrics-driven promotion gates replace gut-feel ship decisions.

Implementation Pattern

  1. Deploy the new version alongside the existing one (blue/green or side-by-side).
  2. Configure your load balancer or service mesh to send 5-10% of traffic to the canary.
  3. Monitor key signals: error rate, p99 latency, crash count, business metrics.
  4. If signals stay green for the bake period (e.g. 30 min), increase to 25%, then 50%, then 100%.
  5. If any signal degrades, set canary weight to 0% and investigate.

Signals to Watch

Error rate

5xx ratio vs baseline

Latency

p50 / p99 drift

Crash loops

Restart count delta

User reports

Support ticket spike

Nimbus Integration

Nimbus can gate canary rollouts by license tier or hardware fingerprint cohort. Route your canary traffic to a Nimbus-protected endpoint that validates the session before serving the experimental build — ensuring only authorized users enter the canary group.

← Return to documentation