Team Project
KiriminAja Rollout Manager
A platform that manages the rollout of new features and updates for KiriminAja, ensuring smooth transitions and minimal disruptions.
Tech Stack
Teammates
KiriminAja Rollout Manager is an internal platform built on top of Argo Rollouts, extended with OAuth-based authentication and a fine-grained Access Control Layer. It gives Product, QA, and Engineering teams a single governed interface for managing progressive deployments — without needing direct access to the underlying Kubernetes cluster.
This project is closed source and currently in active use at KiriminAja.
The Problem
Argo Rollouts is a powerful engine for canary and blue/green deployments, but it ships with no concept of user identity or role-based permissions. Anyone with sufficient kubectl access could pause, promote, or abort a rollout — regardless of whether they were the right person to do so.
For a team operating at scale, this is a real operational risk. A developer accidentally promoting a canary to 100% during peak hours isn't hypothetical — it's a matter of when, not if.
What We Built
We wrapped Argo Rollouts with a product-grade control plane that adds identity, access control, and a significantly better user experience.
OAuth & Identity
Every user authenticates via OAuth, integrated with KiriminAja's internal SSO. Sessions are short-lived and tied to real identities — no shared credentials, no anonymous kubectl calls.
Access Control List (ACL)
Actions are gated by role:
| Role | Permissions |
|---|---|
| Developer | View rollout status, read logs |
| QA | Pause, resume, adjust canary weight |
| Product Owner | Promote to full rollout, abort |
| Platform | Full access including rollback and config changes |
The ACL is enforced server-side — the UI simply reflects what the current user is allowed to do.
Better UX
The original Argo Rollouts dashboard is functional but sparse. We rebuilt the interface around the actual workflow:
- Timeline view — shows each canary step, current weight, and analysis results at a glance
- Contextual actions — only the buttons you're allowed to press are visible
- Audit log — every action (who did what, when) is recorded and surfaced in-app
- Slack notifications — promotion and abort events automatically notify the relevant channel
Outcome
The platform reduced deployment incidents caused by unauthorized or mistimed rollout actions. Product Owners can now self-serve promotions with confidence, and the Platform team has full visibility without being a bottleneck for every release.