Skip to content

Files

105 lines (77 loc) · 5.59 KB

open-service-mesh-integrations.md

File metadata and controls

105 lines (77 loc) · 5.59 KB
title description services ms.topic ms.date
Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)
Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)
container-service
article
03/23/2022

Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)

The Open Service Mesh (OSM) add-on integrates with features provided by Azure as well as open source projects.

Important

Integrations with open source projects are not covered by the AKS support policy.

Ingress

Ingress allows for traffic external to the mesh to be routed to services within the mesh. With OSM, you can configure most ingress solutions to work with your mesh, but OSM works best with Web Application Routing, NGINX ingress, or Contour ingress. Open source projects integrating with OSM, including NGINX ingress and Contour ingress, are not covered by the AKS support policy.

Using Azure Gateway Ingress Controller (AGIC) for ingress with OSM is not supported and not recommended.

Metrics observability

Observability of metrics allows you to view the metrics of your mesh and the deployments in your mesh. With OSM, you can use Prometheus and Grafana for metrics observability, but those integrations are not covered by the AKS support policy.

You can also integrate OSM with Azure Monitor.

Before you can enable metrics on your mesh to integrate with Azure Monitor:

  • Enable Azure Monitor on your cluster
  • Enable the OSM add-on for your AKS cluster
  • Onboard your application namespaces to the mesh

To enable metrics for a namespace in the mesh use osm metrics enable. For example:

osm metrics enable --namespace myappnamespace

Create a Configmap in the kube-system namespace that enables Azure Monitor to monitor your namespaces. For example, create a monitor-configmap.yaml with the following to monitor the myappnamespace:

kind: ConfigMap
apiVersion: v1
data:
  schema-version: v1
  config-version: ver1
  osm-metric-collection-configuration: |-
    # OSM metric collection settings
    [osm_metric_collection_configuration]
      [osm_metric_collection_configuration.settings]
          # Namespaces to monitor
          monitor_namespaces = ["myappnamespace"]
metadata:
  name: container-azm-ms-osmconfig
  namespace: kube-system

Apply that ConfigMap using kubectl apply.

kubectl apply -f monitor-configmap.yaml

To access your metrics from the Azure portal, select your AKS cluster, then select Logs under Monitoring. From the Monitoring section, query the InsightsMetrics table to view metrics in the enabled namespaces. For example, the following query shows the envoy metrics for the myappnamespace namespace.

InsightsMetrics
| where Name contains "envoy"
| extend t=parse_json(Tags)
| where t.app == "myappnamespace"

Automation and developer tools

OSM can integrate with certain automation projects and developer tooling to help operators and developers build and release applications. For example, OSM integrates with Flagger for progressive delivery and Dapr for building applications. OSM's integration with Flagger and Dapr are not covered by the AKS support policy.

External authorization

External authorization allows you to offload authorization of HTTP requests to an external service. OSM can use external authorization by integrating with Open Policy Agent (OPA), but that integration is not covered by the AKS support policy.

Certificate management

OSM has several types of certificates it uses to operate on your AKS cluster. OSM includes its own certificate manager called Tresor, which is used by default. Alternatively, OSM allows you to integrate with Hashicorp Vault, Tresor, and cert-manager, but those integrations are not covered by the AKS support policy.