Azure Arc enabled Open Service Mesh is now Generally Available!
The Azure Arc team is happy to announce the GA of Azure Arc enabled Open Service Mesh. This is an extension for Arc enabled Kubernetes clusters. Open Service Mesh (OSM) is lightweight and extensible. It can be configured with Service Mesh Interface APIs and works by injecting Envoy proxy as a sidecar to each application instance. This service mesh provides some of the core features like:
- mTLS traffic encryption between microservices
- Traffic splitting for canary and blue/green deployments
- Fine grained access control policies for microservices communicating over HTTP, TCP, and gRPC
- Observability for application performance
- Traffic control for ingress with various tools such as Contour
- Progressive delivery with Flagger
OSM was released as a managed add-on for Azure Kubernetes service in Nov 2021 and now with this release, we bring parity for Azure Arc customers. Arc enabled OSM is an Arc extension that provides just the same functionality as offered by the OSM add-on for AKS. The installation is highly simplified and can be done through Azure Portal, Az k8s CLI or REST APIs of Cluster Extensions. These utilize the Arc cluster extension APIs for installation and upgrades.
Onboarding through Azure Portal takes a single click. You can navigate to the Open Service Mesh blade under Settings for an Arc enabled Kubernetes cluster and click on 'Install extension'.
Open Service Mesh blade under Settings
Once the extension is installed and you have access to cluster resources using Cluster Connect feature, you can onboard namespaces from the portal itself by clicking on +Add from the OSM blade. Ensure that any existing workloads in these namespaces are restarted since the Envoy sidecar only gets injected at the time of pod creation.
Click on +Add on Open Service Mesh blade to onboard namespaces
You can also view or change the configuration of Open Service Mesh by clicking on 'Edit configuration' on the Open Service Mesh blade.
At-scale deployment of OSM on multiple Kubernetes clusters can also be enabled using an ARM template or via a built-in Azure Policy. Read the documentation on Azure Arc enabled Open Service Mesh to explore other ways to install, customize and onboard namespaces. Once the service mesh is set up, you can apply SMI traffic policies for security and management through CLI. Another great way to onboard namespaces and apply the traffic policies to an Arc cluster is through manifest files in a Git repository. You can use GitOps with Flux v2 to maintain your cluster remotely.
What next?
This GA comes with a stable version of Open Service Mesh. It is not only very simple to install, but also very easy to maintain because of auto-upgrades. We have a bunch of exciting new functionality to add to this Arc extension over the next 6 months, including items like:
- Circuit breaking
- mTLS encryption across microservices belonging to different clusters
- Retries for failed communication between microservices
- Advanced troubleshooting
- Integration with Azure Key Vault for secret storage
- Support for UDP services
- Integration with OPA Gatekeeper
- Automated root cert rotation and
- Improved observability
To learn more about Open Service Mesh project, go to OSM documentation. Visit the documentation for managed OSM on AKS and Arc extension of Open Service Mesh based on your scenario.
Watch out for MS Build and Hybrid Digital event registrations to learn more!
Published on:
Learn moreRelated posts
Azure SDK Release (April 2025)
Azure SDK releases every month. In this post, you find this month's highlights and release notes. The post Azure SDK Release (April 2025) appe...
Getting Started with Azure Cosmos DB Using the Python SDK
If you’re new to Azure Cosmos DB and looking to build applications with Python, you’re in the right place. I’ve created a four-par...
Azure Developer CLI (azd) in a real-life scenario
This post shares some useful tips and lessons learned while using azd during a migration. The post Azure Developer CLI (azd) in a real-life sc...
Webinar: Translate Dynamics 365 Data in Real-Time using Azure AI Translator with our New App!
Is your business operating across multiple regions? Managing multilingual CRM data in Microsoft Dynamics 365 can lead to communication gaps, d...
Getting Started with AI Agents in Azure
Spring Cleaning: A CTA for Azure DevOps OAuth Apps with expired or long-living secrets
Today, we officially closed the doors on any new Azure DevOps OAuth app registrations. As we prepare for the end-of-life for Azure DevOps OAut...
Azure SDK modularized libraries for JavaScript
This post announces new modularized libraries for the Azure SDK for JavaScript. The post Azure SDK modularized libraries for JavaScript appear...