Banzai Cloud Logo Close
Home Products Benefits Blog Company Contact
Get Started
Author András Tóth

Automatic canary deployments with Backyards and Pipeline

Many organizations are embracing a more decentralized decision making process, allowing them to better build cloud native applications, and to deliver them more rapidly and safely. Often, different teams manage different microservices, with each team able to release their microservices independent of the others. Istio is exceedingly helpful for this, since it provides low level contructs able to enforce policies in the network and configure traffic control, observability, rate limiting, circuit breaking and programmable rollouts. These configurations are expressed on Layer 7, and allow the decoupling of traffic flows from infrastructure, across multiple network topologies.

At Banzai Cloud we’ve been simplifying and automating how our customers provision Istio service meshes across multiple topologies. We do this on five cloud providers and on on-premise datacenters using our multi and hybrid-cloud platform, Pipeline. The core components at work behind the scenes are our open source Istio operator and Backyards. We have often found that managing the deployment and control of microservices deployed to the Istio mesh was too complex or insufficiently automated, especially in multi-cluster, multi-cloud or hybrid-cloud scenarios. In contrast, building out and managing service meshes across single or multi-cluster topologies with Backyards was extremely simple.

Today, the wait is over, we’re about to make it easier than ever to manage microservices; this post will focus on making canary releases available in Backyards!

Canary releases - quick intro

The main goal of canary releases is to reduce the risk of introducing new versions of microservices by rolling them out gradually to a small subset of users before making them available to everyone. This process starts with an unused deployment of the service’s new version, which receives no traffic. Throughout the canary release, the service is monitored and observed via Prometheus metrics, and the traffic is increasingly routed towards the new service (e.g. from 10% to 20% onward, until reaching 100%). The health of the new service, error rates, and other configurable metrics are constantly checked, until exit criteria have been met (or have otherwise been failed to be met), and the new microservice serves all requests.

A canary release is a special instance of a Blue/Green deployment, where the transition happens gradually, rather than instantly. In Istio terms, the relative weighing of traffic between service versions is programatically adjusted during a control loop, which constantly observes the service health and adjusts routing accordingly.

Try it out

Create a service mesh

Let’s start by creating a cluster on AWS, using Banzai Cloud’s lightweight and CNCF certified Kubernetes distribution, PKE. Next, we’ll create an Istio service mesh on top of that cluster.

After a few seconds, the mesh will have beeen installed and be ready to use.

Create service mesh

Deploy Bookinfo

Now we’ll deploy a sample Bookinfo application so that we can use it to showcase our canary feature:

~ ❯ kubectl apply -f

Generate load

The Backyards UI has a test flight feature that sends traffic to a selected endpoint. If you hit the HTTP button in the top right corner of the screen, you’ll be able to fill out a form with endpoint details, and send test traffic to your services. Let’s use this to generate a continuous load on our productpage service.

Send load to productpage

Let’s see how traffic flows through the cluster with Backyards.

Without canary

Enable Canary on deployment

Okay, now let’s say we’d like to do a canary release for our productpage deployment. We can easily enable this from the Backyards UI. Once we enable the canary, we will have a primary and a canary pod, with traffic being routed through the primary:

Canary init

Trigger canary release

We can trigger a canary release on the deployment by changing a specification, like, for example, the deployment’s image:

~ ❯ kubectl set image deploy/productpage-v1

This triggers a canary deployment process; as the application receives a continuous load, more and more traffic will be forwarded to the canary, providing the Prometheus metrics are within their thresholds for maximum error rates and request durations.

If the canary pod responds successfully to these requests, at the end of the process all traffic will be being forwarded to it. Then, the primary will be rolling updated and all traffic will be routed to that instead.

Canary progress

Delete canary

After the canary is enabled for a deployment, any image change will trigger a canary release process. To disable it, simply disable the canary on the UI.

Disable canary

After disabling the canary, traffic will begin to flow in the same way it did before the canary feature was enabled to the original productpage workload.

No canary load


Canary releases are an enormously useful tool. They reduce the risk of introducing a new microservice version, but they require lots of machinery. With the Pipeline platform and Backyards, our users can executre canary releases through the UI, CLI or API, more easily than ever before. Happy canary releasing!

About Backyards

Banzai Cloud’s Backyards is a multi and hybrid-cloud enabled service mesh platform for constructing modern applications. Built on Kubernetes, our Istio operator and Pipeline enable flexibility, portability and consistency across on-premise datacenters and on five cloud environments. Use our simple, yet extremely powerful, UI and CLI, and experience automated canary releases, traffic shifting, routing, secure service communication, in-depth observability and more.

About Pipeline

Banzai Cloud’s Pipeline provides a platform which allows enterprises to develop, deploy and scale container-based applications. It leverages best-of-breed cloud components, such as Kubernetes, to create a highly productive, yet flexible environment for developers and operations teams alike. Strong security measures—multiple authentication backends, fine-grained authorization, dynamic secret management, automated secure communications between components using TLS, vulnerability scans, static code analysis, CI/CD, etc.—are a tier zero feature of the Pipeline platform, which we strive to automate and enable for all enterprises.

About Banzai Cloud

Banzai Cloud is changing how private clouds are built: simplifying the development, deployment, and scaling of complex applications, and putting the power of Kubernetes and Cloud Native technologies in the hands of developers and enterprises, everywhere.

#multicloud #hybridcloud #BanzaiCloud

If you are interested in our technology and open source projects, follow us on GitHub, LinkedIn or Twitter:


comments powered by Disqus