What is Backyards? π︎
Backyards helps you to confidently scale your microservices over single- and multi-cluster environments and to make daily operational routines standardized and more efficient. The componentization and scaling of modern applications inevitably lead to a number of optimization and management issues:
- How do you spot bottlenecks? Are all components functioning correctly?
- How are connections between components secured?
- How does one reliably upgrade service components?
Backyards helps you accomplish these tasks and many others in a simple and scalable way, by leveraging the Istio service mesh and building a large number of automations around it. Our tag-line for the product captures this succinctly:
“Banzai Cloud Backyards operationalizes the service mesh to bring deep observability, convenient management, and policy-based security to modern container-based applications.”
What are the key features? π︎
- Backyards not only handles the automated installation, operation and upgrade of service mesh infrastructure, but also provides a rich, high-level, multi-modal user experience that eliminates the complexity associated with service meshes.
- High-level functionality, such as deep observability, Zero-Trust security, canary deployments, traffic routing, ingress / egress exposure, or fault injection can be conveniently managed and visualized through its user interface.
- Backyards’ automation engine reduces the risk inherent in the performance of complex tasks such as canary upgrades of microservice components, thereby cutting operational risk and cost.
- The system provides a detailed real-time dashboard for debugging and an audit log for compliance.
What does the Backyards architecture look like? π︎
Why is Backyards using Istio? π︎
Istio is still the most feature complete and mature service mesh solution by far. It may have its shortcomings, especially around complexity, but it has a great community around it that continuously works towards making it better. We also aim to solve some of these problems with Backyards. One of the main use cases of Backyards is the ability to connect multiple clusters even across different networks, and Istio has several flexible topologies for different use cases to achieve this.
What is the Banzai Cloud Istio operator? π︎
We developed the open source Banzai Cloud Istio operator to solve the first tier of problems related to the installation, management and upgrade of the Istio infrastructure components. The operator continuously reconciles the state of the Istio components to keep them healthy, and facilitates multi-cluster federation. We offer community and paid support for the Istio operator.
Should I use Backyards or the Istio operator? π︎
The Banzai Cloud Istio operator is an open-source component of the commercial Backyards product. In addition to the Banzai Cloud Istio operator, Backyards:
- includes a battle-hardened Istio distribution,
- installs and manages the observability infrastructure, including Prometheus, Grafana, Jaeger
- provides a UI (Web UI, CLI, API) for developers and ops to easily observe and configure all the service mesh components
- tracks all changes made through Backyards in an audit log
- picks up user roles from native Kubernetes RBAC
- provides UI-based automation to carry out complex management tasks such as canary upgrades, traffic routing, and so on.
All Backyards features work in multi-cluster configurations as well, and a unified cross-cluster application view is provided.
How do I integrate Backyards with my application? π︎
After you’ve installed Backyards, and want to put your application in the mesh, you need to inject a sidecar in the pods of your application. You can do that manually, or by enabling automatic injection for your namespaces, and restarting your pods. While in theory it’s usually that simple, we know that in practice an application can have some problems running a sidecar, and won’t behave the same anymore. We have a deep domain knowledge of Istio and have seen a lot of these problems. When integrating your application, we can help you overcome these issues.
What’s the overhead of Backyards? π︎
Most of the overhead of Backyards is coming from Istio itself, and it’s there in two different layers.
- First, it has some CPU and memory resource requirements. It needs to have a control plane running in a cluster that handles the discovery of services, injects sidecars to pods, pushes down configuration to them, and manages certificates for handling service-to-service security.
- The sidecars themselves also consume some CPU and memory. If the mesh is configured properly, this overhead shouldn’t be significant.
- The second layer of the overhead appears in network requests. Because all traffic flows through Envoy proxies, it means 2 additional hops for every request, and that adds some minimal latency. Other than for a few very latency-critical applications, this shouldn’t be significant, but see latency overheads for details.
Should I worry about latency overheads? π︎
In general, no. There is some latency overhead added for every request because of the sidecar proxies, but if the mesh is configured properly it shouldn’t be more than a few milliseconds. Per Istio’s own measurements, with 16 concurrent connections and 1000 RPS, Istio adds 3ms over the baseline (P50) when a request travels through both a client and server proxy. At 64 concurrent connections, Istio adds 7ms over the baseline, with Mixer disabled. There could be some latency critical applications where it matters, but for most apps it won’t make a difference.
How does Backyards keep my mesh healthy? π︎
Backyards provides a few handy features to keep a mesh healthy. The most important of these is the mesh validation feature. Other than doing basic validation of Istio configuration, Backyards analyses the whole mesh state and tries to find ambiguous or invalid configs. For example, a label selector that points to an invalid service, or there is some shadowed or ambiguous routing config present.
Backyards also provides debugging features like tapping an Envoy proxy and analyzing requests. You can also keep track of real-time metrics on the dashboard and check if your latency or error rate values are increasing.
Is this a new abstraction layer over Istio? π︎
No, we’ve designed Backyards in a way that it doesn’t add a new abstraction layer. We thought that Istio is complicated enough in itself and it wouldn’t do any good introducing a few new CRDs. Backyards can help you configure your mesh through a CLI or the dashboard, but those commands are always translated to plain old Istio CRs. Doing it this way enables Backyards to be completely compatible with all Istio configuration changes. If you write Istio config directly, Backyards will still be able to detect it, display it, and validate it properly.
Does Backyards support GitOps? π︎
Yes. Since there is no additional abstraction layer involved, Backyards is able to interpret your Istio configurations. If your virtual services, service entries, and other Istio resources are deployed through a CI/CD flow, Backyards will instantly parse them and display your configuration on the dashboard.