Microsoft Unveils Open Service Mesh Project for Use with Kubernetes
Microsoft wants to donate the code for a new Open Service Mesh (OSM) project, designed to run on Kubernetes, to the Cloud Native Computing Foundation (CNCF), according to a Wednesday announcement.
The CNCF is derived from the Linux Foundation, which oversees various open source Linux projects. In the CNCF’s case, it steers technologies that “enable cloud portability without vendor lock-in,” per its FAQ.
A service mesh is used with microservices to better route traffic and report issues. Some good definitions of a service mesh can be had from Red Hat with its OpenShift Service Mesh and F5 Networks with its open source Nginix project. Another open source service mesh is the platform-independent Istio, which provides for “traffic management, policy enforcement and telemetry collection,” according to an Istio FAQ page.
Microservices are a collection of services that perform a business function that get assembled into applications. A service mesh uses so-called “sidecars,” which are proxies that sit outside a microservice, forming a sort of mesh network around the microservices that can be used to gauge performance issues.
The microservices typically are housed in containers on servers, enabling operating system virtualization, which makes it easier for developers to spin up applications without infrastructure or software conflicts. Kubernetes, on the other hand, is an open source container orchestration service for clusters, originally fostered by Google, that has gained prominence in the microservices development world.
The proposed OSM technology is described as running on Kubernetes and ensuring communications “in highly dynamic microservices environments.” OSM uses the application programming interface (API) of the Service Mesh Interface (SMI), which is a “standard interface for service meshes on Kubernetes,” according to the CNCF. Microsoft donated SMI to the CNCF back in April, per a CNCF blog description.
In addition to being compatible with SMI, OSM “uses Envoy for the data plane, due to the strong community momentum around Envoy,” Microsoft’s announcement explained. Envoy is an open source service proxy that creates a “universal data plane” for services and applications and was originally built by rideshare software company Lyft.
“I’m thrilled to see OSM join the Envoy family and build a vendor neutral service mesh solution for Kubernetes with an explicit focus on simplicity,” said Matt Klein, creator of Envoy, in a released statement that was published by Microsoft.
Microsoft claims that OSM will simplify traffic configurations and add security for service-to-service communications with “automatic mTLS,” which stands for Mutual Transport Layer Security (TLS). Mutual TLS is an “optional feature for TLS that enables the server to authenticate the identity of the client,” per a definition by DocuSign. Typically, a standard TLS connection would just verify the identity of the server to the client, but mTLS does both.
Other OSM benefits include:
- Fine-grained access control policies for services
- Metrics for debugging and monitoring of services
- Integration with native or external certificate management solutions, and
- Automatic sidecar injection for onboarding applications onto the mesh
Microsoft is planning to demonstrate OSM at the upcoming KubeCon EU Virtual 2020 event in mid-August. It also plans to show off OSM during an upcoming CNCF webinar on Aug. 14.