README
¶
Open Service Mesh (OSM)
Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.
The OSM project builds on the ideas and implementations of many cloud native ecosystem projects including Linkerd, Istio, Consul, Envoy, Kuma, Helm, and the SMI specification.
Table of Contents
- Overview
- OSM Design
- Install
- Demonstration
- Using OSM
- Community
- Development Guide
- Code of Conduct
- License
Overview
OSM runs an Envoy based control plane on Kubernetes, can be configured with SMI APIs, and works by injecting an Envoy proxy as a sidecar container next to each instance of your application. The proxy contains and executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually configures proxies to ensure policies and routing rules are up to date and ensures proxies are healthy.
Core Principles
- Simple to understand and contribute to
- Effortless to install, maintain, and operate
- Painless to troubleshoot
- Easy to configure via Service Mesh Interface (SMI)
Documentation
Documentation pertaining to the usage of Open Service Mesh is made available at docs.openservicemesh.io.
Documentation pertaining to development, release workflows, and other repository specific documentation, can be found in the docs folder.
Features
- Easily and transparently configure traffic shifting for deployments
- Secure service to service communication by enabling mTLS
- Define and execute fine grained access control policies for services
- Observability and insights into application metrics for debugging and monitoring services
- Integrate with external certificate management services/solutions with a pluggable interface
- Onboard applications onto the mesh by enabling automatic sidecar injection of Envoy proxy
Project status
OSM is under active development and is NOT ready for production workloads.
Support
Please search open issues on GitHub, and if your issue isn't already represented please open a new one. The OSM project maintainers will respond to the best of their abilities.
SMI Specification support
| Kind | SMI Resource | Supported Version | Comments |
|---|---|---|---|
| TrafficTarget | traffictargets.access.smi-spec.io | v1alpha3 | |
| HTTPRouteGroup | httproutegroups.specs.smi-spec.io | v1alpha4 | |
| TCPRoute | tcproutes.specs.smi-spec.io | v1alpha4 | |
| UDPRoute | udproutes.specs.smi-spec.io | not supported | |
| TrafficSplit | trafficsplits.split.smi-spec.io | v1alpha2 | |
| TrafficMetrics | *.metrics.smi-spec.io | v1alpha1 | 🚧 In Progress #379 🚧 |
OSM Design
Read more about OSM's high level goals, design, and architecture.
Install
Prerequisites
- Kubernetes cluster running Kubernetes v1.19.0 or greater
- kubectl current context is configured for the target cluster install
kubectl config current-context
Get the OSM CLI
The simplest way of installing Open Service Mesh on a Kubernetes cluster is by using the osm CLI.
Download the osm binary from the Releases page. Unpack the osm binary and add it to $PATH to get started.
sudo mv ./osm /usr/local/bin/osm
Install OSM
$ osm install
See the installation guide for more detailed options.
Demonstration
The OSM Bookstore demo is a step-by-step walkthrough of how to install a bookbuyer and bookstore apps, and configure connectivity between these using SMI.
Using OSM
After installing OSM, onboard a microservice application to the service mesh.
OSM Usage Patterns
Community
Connect with the Open Service Mesh community:
- GitHub issues and pull requests in this repo
- OSM Slack: Join the CNCF Slack for related discussions in #openservicemesh
- OSM Community meetings take place on the second Tuesday of each month, 10:30am-11am Pacific in the CNCF OSM Zoom room
- Mailing list
- OSM Twitter
Development Guide
If you would like to contribute to OSM, check out the development guide.
Code of Conduct
This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.
License
This software is covered under the Apache 2.0 license. You can read the license here.
Directories
¶
| Path | Synopsis |
|---|---|
|
ci
|
|
|
cmd
|
|
|
osm-bootstrap
Package main implements the main entrypoint for osm-bootstrap and utility routines to bootstrap the various internal components of osm-bootstrap.
|
Package main implements the main entrypoint for osm-bootstrap and utility routines to bootstrap the various internal components of osm-bootstrap. |
|
osm-controller
Package main implements the main entrypoint for osm-controller and utility routines to bootstrap the various internal components of osm-controller.
|
Package main implements the main entrypoint for osm-controller and utility routines to bootstrap the various internal components of osm-controller. |
|
osm-injector
Package main implements the main entrypoint for osm-injector and utility routines to bootstrap the various internal components of osm-injector.
|
Package main implements the main entrypoint for osm-injector and utility routines to bootstrap the various internal components of osm-injector. |
|
demo
|
|
|
cmd/tcp-client
package main implements a TCP client that sends TCP data to a TCP echo server and prints the response.
|
package main implements a TCP client that sends TCP data to a TCP echo server and prints the response. |
|
cmd/tcp-echo-server
package main implements a TCP echo server that echoes back the TCP client's request as a part of its response.
|
package main implements a TCP echo server that echoes back the TCP client's request as a part of its response. |
|
pkg
|
|
|
announcements
Package announcements provides the types and constants required to contextualize events received from the Kubernetes API server that are propagated internally within the control plane to trigger configuration changes.
|
Package announcements provides the types and constants required to contextualize events received from the Kubernetes API server that are propagated internally within the control plane to trigger configuration changes. |
|
apis/config/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
|
Package v1alpha1 is the v1alpha1 version of the API. |
|
apis/policy/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
|
Package v1alpha1 is the v1alpha1 version of the API. |
|
bugreport
Package bugreport implements functionality related to generating bug reports.
|
Package bugreport implements functionality related to generating bug reports. |
|
catalog
Package catalog is a generated GoMock package.
|
Package catalog is a generated GoMock package. |
|
certificate
Package certificate is a generated GoMock package.
|
Package certificate is a generated GoMock package. |
|
certificate/pem
Package pem defines the types for the attributes of a Certificate.
|
Package pem defines the types for the attributes of a Certificate. |
|
certificate/providers
Package providers implements generic certificate provider related functionality
|
Package providers implements generic certificate provider related functionality |
|
certificate/providers/certmanager
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
|
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider. |
|
certificate/providers/tresor
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
|
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM. |
|
certificate/providers/vault
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.
|
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider. |
|
certificate/rotor
Package rotor implements functionality to rotate certificates provided by a certificate provider.
|
Package rotor implements functionality to rotate certificates provided by a certificate provider. |
|
cli
Package cli describes the operating environment for the OSM cli and includes convenience functions for the OSM cli.
|
Package cli describes the operating environment for the OSM cli and includes convenience functions for the OSM cli. |
|
config
Package config is a generated GoMock package.
|
Package config is a generated GoMock package. |
|
configurator
Package configurator is a generated GoMock package.
|
Package configurator is a generated GoMock package. |
|
constants
Package constants defines the constants that are used by multiple other packages within OSM.
|
Package constants defines the constants that are used by multiple other packages within OSM. |
|
crdconversion
Package crdconversion implements OSM's CRD conversion facility.
|
Package crdconversion implements OSM's CRD conversion facility. |
|
debugger
Package debugger is a generated GoMock package.
|
Package debugger is a generated GoMock package. |
|
endpoint
Package endpoint is a generated GoMock package.
|
Package endpoint is a generated GoMock package. |
|
envoy
Package envoy implements utility routines related to Envoy proxy, and models an instance of a proxy to be able to generate XDS configurations for it.
|
Package envoy implements utility routines related to Envoy proxy, and models an instance of a proxy to be able to generate XDS configurations for it. |
|
envoy/ads
Package ads implements Envoy's Aggregated Discovery Service (ADS).
|
Package ads implements Envoy's Aggregated Discovery Service (ADS). |
|
envoy/bootstrap
Package bootstrap implements functionality related to Envoy's bootstrap config.
|
Package bootstrap implements functionality related to Envoy's bootstrap config. |
|
envoy/cds
Package cds implements Envoy's Cluster Discovery Service (CDS).
|
Package cds implements Envoy's Cluster Discovery Service (CDS). |
|
envoy/eds
Package eds implements Envoy's Endpoint Discovery Service (EDS).
|
Package eds implements Envoy's Endpoint Discovery Service (EDS). |
|
envoy/lds
Package lds implements Envoy's Listener Discovery Service (LDS).
|
Package lds implements Envoy's Listener Discovery Service (LDS). |
|
envoy/rbac
Package rbac implements Envoy XDS RBAC policies.
|
Package rbac implements Envoy XDS RBAC policies. |
|
envoy/rds
Package rds implements Envoy's Route Discovery Service (RDS).
|
Package rds implements Envoy's Route Discovery Service (RDS). |
|
envoy/rds/route
Package route implements utility routines to build HTTP route configurations for Envoy proxies.
|
Package route implements utility routines to build HTTP route configurations for Envoy proxies. |
|
envoy/sds
Package sds implements Envoy's Secret Discovery Service (SDS).
|
Package sds implements Envoy's Secret Discovery Service (SDS). |
|
errcode
Package errcode defines the error codes for error messages and an explanation of what the error signifies.
|
Package errcode defines the error codes for error messages and an explanation of what the error signifies. |
|
gen/client/config/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
|
gen/client/config/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
gen/client/config/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
gen/client/config/clientset/versioned/typed/config/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
gen/client/config/clientset/versioned/typed/config/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
gen/client/policy/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
|
gen/client/policy/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
gen/client/policy/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
gen/client/policy/clientset/versioned/typed/policy/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
gen/client/policy/clientset/versioned/typed/policy/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
health
Package health implements functionality for readiness and liveness health probes.
|
Package health implements functionality for readiness and liveness health probes. |
|
httpserver
Package httpserver implements an HTTP server and utility routines to manage its lifecycle.
|
Package httpserver implements an HTTP server and utility routines to manage its lifecycle. |
|
identity
Package identity implements types and utility routines related to the identity of a workload, as used within OSM.
|
Package identity implements types and utility routines related to the identity of a workload, as used within OSM. |
|
ingress
Package ingress is a generated GoMock package.
|
Package ingress is a generated GoMock package. |
|
injector
Package injector implements OSM's automatic sidecar injection facility.
|
Package injector implements OSM's automatic sidecar injection facility. |
|
injector/test
Package test implements utility routes to test the functionality provided by the injector package.
|
Package test implements utility routes to test the functionality provided by the injector package. |
|
k8s
Package k8s is a generated GoMock package.
|
Package k8s is a generated GoMock package. |
|
k8s/events
Package events implements the eventing framework to receive and relay kubernetes events, and a framework to publish events to the Kubernetes API server.
|
Package events implements the eventing framework to receive and relay kubernetes events, and a framework to publish events to the Kubernetes API server. |
|
logger
Package logger implements utility routines to initialize the logging facility used by OSM components.
|
Package logger implements utility routines to initialize the logging facility used by OSM components. |
|
metricsstore
Package metricsstore implements a Prometheus metrics store for OSM's control plane metrics.
|
Package metricsstore implements a Prometheus metrics store for OSM's control plane metrics. |
|
policy
Package policy is a generated GoMock package.
|
Package policy is a generated GoMock package. |
|
reconciler
Package reconciler implements routines to reconcile Kubernetes resources, currently limited to OSM's mutating webhook configuration.
|
Package reconciler implements routines to reconcile Kubernetes resources, currently limited to OSM's mutating webhook configuration. |
|
service
Package service is a generated GoMock package.
|
Package service is a generated GoMock package. |
|
signals
Package signals implements functionality related to being notified on signals from the Operating System.
|
Package signals implements functionality related to being notified on signals from the Operating System. |
|
smi
Package smi is a generated GoMock package.
|
Package smi is a generated GoMock package. |
|
strings
Package strings implements utility routines related to the string type.
|
Package strings implements utility routines related to the string type. |
|
tests
Package tests implements utility routines used for unit testing.
|
Package tests implements utility routines used for unit testing. |
|
tests/certificates
Package certificates defines sample certificates used for unit testing.
|
Package certificates defines sample certificates used for unit testing. |
|
trafficpolicy
Package trafficpolicy defines the types to represent traffic policies internally in the OSM control plane, and utility routines to process them.
|
Package trafficpolicy defines the types to represent traffic policies internally in the OSM control plane, and utility routines to process them. |
|
utils
Package utils provides generic utility routines used within OSM.
|
Package utils provides generic utility routines used within OSM. |
|
validator
Package validator implements utility routines related to Kubernetes' admission webhooks.
|
Package validator implements utility routines related to Kubernetes' admission webhooks. |
|
version
Package version provides version information for the compiled binary, and an HTTP handler to serve the version information via an HTTP request.
|
Package version provides version information for the compiled binary, and an HTTP handler to serve the version information via an HTTP request. |
|
webhook
Package webhook implements utility routines related to Kubernetes' admission webhooks.
|
Package webhook implements utility routines related to Kubernetes' admission webhooks. |
|
scripts
|
|
|
tests
|
|
Click to show internal directories.
Click to hide internal directories.