The Banzai Cloud Backyards (Backyards) product:

  • simplifies service mesh configuration and management,
  • guides you through setting up complex traffic routing rules
  • takes care of creating, merging and validating the YAML configuration.

And unlike some other similar products, it’s working in both directions: you can edit the YAML files manually, and you can still view and manipulate the configuration from Backyards. That’s possible because there’s no intermediate configuration layer in Backyards.

To support the bi-directional mesh configuration, Backyards provides a validation subsystem for the entire mesh. Istio itself provides some syntactic and semantic validation for the individual Istio resources, but Backyards goes even further. Backyards performs complex validations which take the whole cluster state and related resources into account to check whether everything is configured correctly within the whole mesh.

Backyards performs a lot of syntactical and semantical validation checks for various aspects of the configuration. The validation checks are constantly curated and new checks added with every release. For example:

  • Sidecar injection template validation: Validates whether there are any pods in the environment that run with outdated sidecar proxy image or configuration.
  • Gateway port protocol configuration conflict validation: Detects conflicting port configuration in different Gateway resources.
  • Multiple gateways with the same TLS certificate validation: Configuring multiple gateways to use the same TLS certificate causes most browsers to produce 404 errors when accessing a second host after a connection to another host has already been established.

Check validation results on the Backyards UI 🔗︎

The validations are constantly running in the background. To display the actual results, navigate to OVERVIEW > VALIDATIONS.

Show validation results Show validation results

To display the invalid part of the configuration in the invalid resource, click the icon on the right.

Show validation details Show validation details

Check validation results from the CLI 🔗︎

To check the results of the validation from the CLI, run the backyards analyze command. To show only results affecting a specific namespace, use the –namespace option, for example: backyards analyze --namespace backyards-demo, or backyards analyze --namespace istio-system

The backyards analyze command can also produce JSON output, for example:

backyards analyze --namespace istio-system -o json
{
  "gateway.networking.istio.io:master:istio-system:demo-gw-demo1": [
    {
      "checkID": "gateway/reused-cert",
      "istioRevision": "cp-v17x.istio-system",
      "subjectContextKey": "gateway.networking.istio.io:master:istio-system:demo-gw-demo1",
      "passed": false,
      "error": {},
      "errorMessage": "multiple gateways configured with same TLS certificate"
    }
  ],
  "gateway.networking.istio.io:master:istio-system:demo-gw-demo2": [
    {
      "checkID": "gateway/reused-cert",
      "istioRevision": "cp-v17x.istio-system",
      "subjectContextKey": "gateway.networking.istio.io:master:istio-system:demo-gw-demo2",
      "passed": false,
      "error": {},
      "errorMessage": "multiple gateways configured with same TLS certificate"
    }
  ]
}