| title | description | services | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|
Install the Open Service Mesh add-on by using the Azure CLI |
Use Azure CLI commands to install the Open Service Mesh (OSM) add-on on an Azure Kubernetes Service (AKS) cluster. |
container-service |
article |
11/10/2021 |
pgibson |
This article shows you how to install the Open Service Mesh (OSM) add-on on an Azure Kubernetes Service (AKS) cluster and verify that it's installed and running.
Important
The OSM add-on installs version 1.0.0 of OSM on your cluster.
- An Azure subscription. If you don't have an Azure subscription, you can create a free account.
- Azure CLI installed.
To install the OSM add-on, use --enable-addons open-service-mesh when creating or updating a cluster.
The following example creates a myResourceGroup resource group. Then it creates a myAKSCluster cluster with three nodes and the OSM add-on.
az group create --name myResourceGroup --location eastus
az aks create \
--resource-group myResourceGroup \
--name myAKSCluster \
--enable-addons open-service-mesh
For existing clusters, use az aks enable-addons. The following code shows an example.
Important
You can't enable the OSM add-on on an existing cluster if an OSM mesh is already on your cluster. Uninstall any existing OSM meshes on your cluster before enabling the OSM add-on.
az aks enable-addons \
--resource-group myResourceGroup \
--name myAKSCluster \
--addons open-service-mesh
Get the credentials for your AKS cluster by using the az aks get-credentials command. The following example command gets the credentials for myAKSCluster in the myResourceGroup resource group:
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
To see if the OSM add-on is installed on your cluster, verify that the enabled value is true for openServiceMesh under addonProfiles. The following example shows the status of the OSM add-on for myAKSCluster in myResourceGroup:
az aks show --resource-group myResourceGroup --name myAKSCluster --query 'addonProfiles.openServiceMesh.enabled'
You can verify the version, status, and configuration of the OSM mesh that's running on your cluster. Use kubectl to display the image version of the osm-controller deployment. For example:
kubectl get deployment -n kube-system osm-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}'
The following example output shows version 0.11.1 of the OSM mesh:
$ kubectl get deployment -n kube-system osm-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}'
mcr.microsoft.com/oss/openservicemesh/osm-controller:v0.11.1
To verify the status of the OSM components running on your cluster, use kubectl to show the status of the app.kubernetes.io/name=openservicemesh.io deployments, pods, and services. For example:
kubectl get deployments -n kube-system --selector app.kubernetes.io/name=openservicemesh.io
kubectl get pods -n kube-system --selector app.kubernetes.io/name=openservicemesh.io
kubectl get services -n kube-system --selector app.kubernetes.io/name=openservicemesh.io
Important
If any pods have a status other than Running, such as Pending, your cluster might not have enough resources to run OSM. Review the sizing for your cluster, such as the number of nodes and the virtual machine's SKU, before continuing to use OSM on your cluster.
To verify the configuration of your OSM mesh, use kubectl get meshconfig. For example:
kubectl get meshconfig osm-mesh-config -n kube-system -o yaml
The following example output shows the configuration of an OSM mesh:
apiVersion: config.openservicemesh.io/v1alpha1
kind: MeshConfig
metadata:
creationTimestamp: "0000-00-00A00:00:00A"
generation: 1
name: osm-mesh-config
namespace: kube-system
resourceVersion: "2494"
uid: 6c4d67f3-c241-4aeb-bf4f-b029b08faa31
spec:
certificate:
serviceCertValidityDuration: 24h
featureFlags:
enableEgressPolicy: true
enableMulticlusterMode: false
enableWASMStats: true
observability:
enableDebugServer: true
osmLogLevel: info
tracing:
address: jaeger.osm-system.svc.cluster.local
enable: false
endpoint: /api/v2/spans
port: 9411
sidecar:
configResyncInterval: 0s
enablePrivilegedInitContainer: false
envoyImage: mcr.microsoft.com/oss/envoyproxy/envoy:v1.18.3
initContainerImage: mcr.microsoft.com/oss/openservicemesh/init:v0.9.1
logLevel: error
maxDataPlaneConnections: 0
resources: {}
traffic:
enableEgress: true
enablePermissiveTrafficPolicyMode: true
inboundExternalAuthorization:
enable: false
failureModeAllow: false
statPrefix: inboundExtAuthz
timeout: 1s
useHTTPSIngress: falseThe preceding example shows enablePermissiveTrafficPolicyMode: true, which means OSM has permissive traffic policy mode enabled. With this mode enabled in your OSM mesh:
- The SMI traffic policy enforcement is bypassed.
- OSM automatically discovers services that are a part of the service mesh.
- OSM creates traffic policy rules on each Envoy proxy sidecar to be able to communicate with these services.
When you no longer need the cluster, use the az group delete command to remove the resource group, the cluster, and all related resources:
az group delete --name myResourceGroup --yes --no-wait
Alternatively, you can uninstall the OSM add-on and the related resources from your cluster. For more information, see Uninstall the Open Service Mesh add-on from your AKS cluster.
This article showed you how to install the OSM add-on on an AKS cluster, and then verify that it's installed and running. With the OSM add-on installed on your cluster, you can deploy a sample application or onboard an existing application to work with your OSM mesh.