Azure Arc enabled Open Service Mesh is now Generally Available!

The Azure Arc team is happy to announce the GA of Azure Arc enabled Open Service Mesh. This is an extension for Arc enabled Kubernetes clusters. Open Service Mesh (OSM) is lightweight and extensible. It can be configured with Service Mesh Interface APIs and works by injecting Envoy proxy as a sidecar to each application instance. This service mesh provides some of the core features like:

• mTLS traffic encryption between microservices
• Traffic splitting for canary and blue/green deployments
• Fine grained access control policies for microservices communicating over HTTP, TCP, and gRPC
• Observability for application performance
• Traffic control for ingress with various tools such as Contour
• Progressive delivery with Flagger

OSM was released as a managed add-on for Azure Kubernetes service in Nov 2021 and now with this release, we bring parity for Azure Arc customers. Arc enabled OSM is an Arc extension that provides just the same functionality as offered by the OSM add-on for AKS. The installation is highly simplified and can be done through Azure Portal, Az k8s CLI or REST APIs of Cluster Extensions. These utilize the Arc cluster extension APIs for installation and upgrades.

Onboarding through Azure Portal takes a single click. You can navigate to the Open Service Mesh blade under Settings for an Arc enabled Kubernetes cluster and click on 'Install extension'.

Open Service Mesh blade under Settings

Once the extension is installed and you have access to cluster resources using Cluster Connect feature, you can onboard namespaces from the portal itself by clicking on +Add from the OSM blade. Ensure that any existing workloads in these namespaces are restarted since the Envoy sidecar only gets injected at the time of pod creation.

Click on +Add on Open Service Mesh blade to onboard namespaces

You can also view or change the configuration of Open Service Mesh by clicking on 'Edit configuration' on the Open Service Mesh blade. 

At-scale deployment of OSM on multiple Kubernetes clusters can also be enabled using an ARM template or via a built-in Azure Policy. Read the documentation on Azure Arc enabled Open Service Mesh to explore other ways to install, customize and onboard namespaces. Once the service mesh is set up, you can apply SMI traffic policies for security and management through CLI. Another great way to onboard namespaces and apply the traffic policies to an Arc cluster is through manifest files in a Git repository. You can use GitOps with Flux v2 to maintain your cluster remotely.

What next?

This GA comes with a stable version of Open Service Mesh. It is not only very simple to install, but also very easy to maintain because of auto-upgrades. We have a bunch of exciting new functionality to add to this Arc extension over the next 6 months, including items like:

• Circuit breaking
• mTLS encryption across microservices belonging to different clusters
• Retries for failed communication between microservices
• Advanced troubleshooting
• Integration with Azure Key Vault for secret storage
• Support for UDP services
• Integration with OPA Gatekeeper
• Automated root cert rotation and
• Improved observability

To learn more about Open Service Mesh project, go to OSM documentation. Visit the documentation for managed OSM on AKS and Arc extension of Open Service Mesh based on your scenario.

Watch out for MS Build and Hybrid Digital event registrations to learn more!