Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

  • By null
  • Last update: Dec 12, 2022
  • Comments: 11

Open Service Mesh (OSM)

build report codecov License: MIT release

Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

The OSM project builds on the ideas and implementations of many cloud native ecosystem projects including Linkerd, Istio, Consul, Envoy, Kuma, Helm, and the SMI specification.

Table of Contents

Overview

OSM runs an Sidecar based control plane on Kubernetes, can be configured with SMI APIs, and works by injecting an Sidecar proxy as a sidecar container next to each instance of your application. The proxy contains and executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually configures proxies to ensure policies and routing rules are up to date and ensures proxies are healthy.

Core Principles

  1. Simple to understand and contribute to
  2. Effortless to install, maintain, and operate
  3. Painless to troubleshoot
  4. Easy to configure via Service Mesh Interface (SMI)

Documentation

Documentation pertaining to the usage of Open Service Mesh is made available at docs.openservicemesh.io.

Documentation pertaining to development, release workflows, and other repository specific documentation, can be found in the docs folder.

Features

  1. Easily and transparently configure traffic shifting for deployments
  2. Secure service to service communication by enabling mTLS
  3. Define and execute fine grained access control policies for services
  4. Observability and insights into application metrics for debugging and monitoring services
  5. Integrate with external certificate management services/solutions with a pluggable interface
  6. Onboard applications onto the mesh by enabling automatic sidecar injection of Sidecar proxy

Project status

OSM is under active development and is NOT ready for production workloads.

Support

Please search open issues on GitHub, and if your issue isn't already represented please open a new one. The OSM project maintainers will respond to the best of their abilities.

SMI Specification support

Kind SMI Resource Supported Version Comments
TrafficTarget traffictargets.access.smi-spec.io v1alpha3
HTTPRouteGroup httproutegroups.specs.smi-spec.io v1alpha4
TCPRoute tcproutes.specs.smi-spec.io v1alpha4
UDPRoute udproutes.specs.smi-spec.io not supported
TrafficSplit trafficsplits.split.smi-spec.io v1alpha2
TrafficMetrics *.metrics.smi-spec.io v1alpha1 🚧 In Progress 🚧

OSM Design

Read more about OSM's high level goals, design, and architecture.

Install

Prerequisites

  • Kubernetes cluster running Kubernetes v1.20.0 or greater
  • kubectl current context is configured for the target cluster install
    • kubectl config current-context

Get the OSM CLI

The simplest way of installing Open Service Mesh on a Kubernetes cluster is by using the osm CLI.

Download the osm binary from the Releases page. Unpack the osm binary and add it to $PATH to get started.

sudo mv ./osm /usr/local/bin/osm

Install OSM

$ osm install

OSM Install Demo

See the installation guide for more detailed options.

Demonstration

The OSM Bookstore demo is a step-by-step walkthrough of how to install a bookbuyer and bookstore apps, and configure connectivity between these using SMI.

Using OSM

After installing OSM, onboard a microservice application to the service mesh.

OSM Usage Patterns

  1. Traffic Management
  2. Observability
  3. Certificates
  4. Sidecar Injection

Community

Connect with the Open Service Mesh community:

Development Guide

If you would like to contribute to OSM, check out the development guide.

Code of Conduct

This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.

License

This software is covered under the Apache 2.0 license. You can read the license here.

Download

osm-edge.zip

Comments(11)

  • 1

    Integrate ebpf on sidecar side

    Please describe the Improvement and/or Feature Request Integrate ebpf on the sidecar side to replace iptables.

    Scope (please mark with X where applicable)

    • New Functionality [X]

    Possible use cases

  • 2

    osm verify connectivity return incorrect result

    Bug description:

    Using the command osm verify connectivity to verify pod accessibility, the result shows the failure below while pod is accessible.

     osm verify connectivity --from-pod curl/curl-54bf6469ff-crwds --to-pod httpbin/httpbin-c8b4bfc5c-kctrd --to-service httpbin
---------------------------------------------
[+] Context: Verify if pod "curl/curl-54bf6469ff-crwds" can access pod "httpbin/httpbin-c8b4bfc5c-kctrd" for service "httpbin/httpbin"
Status: Failure
Reason: A verification step failed
Suggestion: Please follow the suggestions listed in the failed steps below to resolve the issue

[++] Context: Verify if namespace "curl" is monitored
Status: Failure
Reason: Missing label "openservicemesh.io/monitored-by" on namespace "curl"
Suggestion: Add label "openservicemesh.io/monitored-by" on namespace "curl" to include it in the mesh and restart the app

[++] Context: Verify if namespace "httpbin" is monitored
Status: Success

[++] Context: Verify Envoy sidecar on pod "curl/curl-54bf6469ff-crwds"
Status: Failure
Reason: Did not find Envoy sidecar on pod "curl/curl-54bf6469ff-crwds"
Suggestion: Ensure pod "curl/curl-54bf6469ff-crwds" has sidecar injection enabled

[++] Context: Verify Envoy sidecar on pod "httpbin/httpbin-c8b4bfc5c-kctrd"
Status: Success

[++] Context: Verify Envoy config for traffic:
	source pod: curl/curl-54bf6469ff-crwds
	source service: <nil>
	destination pod: httpbin/httpbin-c8b4bfc5c-kctrd
	destination service: httpbin/httpbin
	destination protocol: http
Status: Failure

[+++] Context: Verify Envoy config on source
Status: Unknown
Reason: Error retrieving Envoy config for pod "curl/curl-54bf6469ff-crwds", err: "Pod curl-54bf6469ff-crwds in namespace curl is not a part of a mesh"

---------------------------------------------

    kubectl exec "$(kubectl get pod -n curl -l app=curl -o jsonpath='{.items..metadata.name}')" -n curl -- curl -sI http://httpbin.httpbin:14001/get
HTTP/1.1 200 OK
server: gunicorn
date: Fri, 21 Oct 2022 19:27:39 GMT
content-type: application/json
content-length: 267
access-control-allow-origin: *
access-control-allow-credentials: true
osm-stats-namespace: httpbin
osm-stats-kind: Deployment
osm-stats-name: httpbin
osm-stats-pod: httpbin-c8b4bfc5c-kctrd
connection: keep-alive

    Affected area (please mark with X where applicable):

    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Sidecar Control Plane [ ]
    • CLI Tool [x]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • Demo [ ]
    • CI System [ ]

    Expected behavior:

    curl pod is out of mesh and httpbin one is inside of mesh. There is one AccessControl policy applied:

    kubectl get accesscontrol httpbin -n httpbin -o yaml
apiVersion: policy.openservicemesh.io/v1alpha1
kind: AccessControl
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"policy.openservicemesh.io/v1alpha1","kind":"AccessControl","metadata":{"annotations":{},"name":"httpbin","namespace":"httpbin"},"spec":{"backends":[{"name":"httpbin","port":{"number":14001,"protocol":"http"}}],"sources":[{"kind":"Service","name":"curl","namespace":"curl"}]}}
  creationTimestamp: "2022-10-14T06:49:07Z"
  generation: 1
  name: httpbin
  namespace: httpbin
  resourceVersion: "2246510"
  uid: ca333e5e-498f-4bde-b9e6-58f906c0dab3
spec:
  backends:
  - name: httpbin
    port:
      number: 14001
      protocol: http
  sources:
  - kind: Service
    name: curl
    namespace: curl
status:
  currentStatus: committed
  reason: successfully committed by the system

    Steps to reproduce the bug (as precisely as possible):

    Execute command osm verify connectivity --from-pod curl/curl-54bf6469ff-crwds --to-pod httpbin/httpbin-c8b4bfc5c-kctrd --to-service httpbin.

    How was osm-edge installed?:

    Installed with osm CLI.

    Anything else we need to know?:

    Bug report archive:

    Environment: Ubuntu 20.04

    • osm-edge version (use osm version): v1.23.8+k3s2
    • Kubernetes version (use kubectl version): k3s v1.23.8+k3s2
    • Size of cluster (number of worker nodes in the cluster): 2
    • Others:
  • 3

    Add method/command to validate mTLS

    Please describe the Improvement and/or Feature Request osm validate/verify mTLS between pod1 and pod2

    Scope (please mark with X where applicable)

    • New Functionality [X ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases As a user I need a simple and convenient way to verify that mTLS is working

  • 4

    add osm status sogar cmd, let install experience more smooths

    Please describe the Improvement and/or Feature Request

    osm install will take some minutes with any outputs. it likes hangs. please add osm status to let user can aynsc fetch osm-edge install stsatus.

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

  • 5

    feat: Support explicitly automatic sidecar injection on deployment

    Please describe the Improvement and/or Feature Request

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [x]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

    • namespace is added to osm, but it's disabled for automatic sidecar injection at ns level
    • add osm command/subcommand to change the pod template to add annotation to enable sidecar injection for all pods of this deployment
    • should also handle the case use edit/patch the deployment manually to add annotation
  • 6

    Support custom prometheus address

    Please describe the Improvement and/or Feature Request

    https://github.com/flomesh-io/osm-edge/blob/main/charts/osm/README.md Please add [osm.prometheus.address] to the helm values so that we can use the existing prometheus

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [X]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

  • 7

    Get error while install osm on new k3s

    Bug description:

    Affected area (please mark with X where applicable):

    • Install [*]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Sidecar Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • Demo [ ]
    • CI System [ ]

    Expected behavior: Follow installation guide, https://osm-edge-docs.flomesh.io/docs/getting_started/setup_osm/#在-kubernetes-上安装-osm-edge , osm should be installed.

    Steps to reproduce the bug (as precisely as possible):

    1. install a fresh new ubuntu2.
    2. install k3s by 'curl -sfL https://get.k3s.io | sh -'
    3. install osm follow this guide : https://osm-edge-docs.flomesh.io/docs/getting_started/setup_osm/#在-kubernetes-上安装-osm-edge

    How was OSM installed?**:

    Anything else we need to know?: Error message : Error: unable to list meshes within the cluster: Could not list deployments Get "http://localhost:8080/apis/apps/v1/deployments?labelSelector=app%3Dosm-controller": dial tcp 127.0.0.1:8080: connect: connection refused

    Bug report archive:

    Environment:

    • OSM version (use osm version): ubuntu21, arm64 verison

    • Kubernetes version (use kubectl version): k3s latest, Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8+k3s1", GitCommit:"53f2d4e7d80c09a7db1858e3f4e7ddfa13256c45", GitTreeState:"clean", BuildDate:"2022-06-27T21:49:50Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/arm64"} Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8+k3s1", GitCommit:"53f2d4e7d80c09a7db1858e3f4e7ddfa13256c45", GitTreeState:"clean", BuildDate:"2022-06-27T21:49:50Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/arm64"}

    • Size of cluster (number of worker nodes in the cluster):1

    • Others:

  • 8

    Provide documents for osm edge

    Content:

    • What
      • What is osm-edge
      • The improvements compared to osm
    • Why
      • Why use osm-edge? (What is osm-edge for)
      • Why use Pipy as a sidecar proxy?
    • How
      • How does osm-edge work?
    • Guides (How to)
      • Install/Uninstall
      • Operating
      • Scenarios (Demos)
        • Cloud
        • Edge
      • Extensible
        • Extend proxy logic
      • Integration
        • Integrate with FSM
    • Internationalization: English, Chinese, Japanese, etc.
  • 9

    Collect more info in PipyJS from /metrics and make grafana ready

    Please describe the Improvement and/or Feature Request

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ * ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

    Get more info in PipyJS and expose in /metrics and make it grafana-ready

  • 10

    Support B3 style tracing and send tracing info to Jaeger

    Please describe the Improvement and/or Feature Request

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [ ]
    • CLI Tool [ ]
    • Metrics [ X ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ X ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

    =============================================================================================== Generate b3 style tracing/span in PipyJS, and send to jaeger. Reference doc : https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/overview.md & https://github.com/openzipkin/b3-propagation

  • 11

    Support Circuit Breaking

    Please describe the Improvement and/or Feature Request

    Scope (please mark with X where applicable)

    • New Functionality [ ]
    • Install [ ]
    • SMI Traffic Access Policy [ ]
    • SMI Traffic Specs Policy [ ]
    • SMI Traffic Split Policy [ ]
    • Permissive Traffic Policy [ ]
    • Ingress [ ]
    • Egress [ ]
    • Envoy Control Plane [X]
    • CLI Tool [ ]
    • Metrics [ ]
    • Certificate Management [ ]
    • Sidecar Injection [ ]
    • Logging [ ]
    • Debugging [ ]
    • Tests [ ]
    • CI System [ ]
    • Demo [ ]
    • Project Release [ ]

    Possible use cases

Popular Tag

Related