title | description | services | ms.topic | ms.date |
---|---|---|---|---|
Integrations with Open Service Mesh on Azure Kubernetes Service (AKS) |
Integrations with Open Service Mesh on Azure Kubernetes Service (AKS) |
container-service |
article |
03/23/2022 |
The Open Service Mesh (OSM) add-on integrates with features provided by Azure as well as open source projects.
Important
Integrations with open source projects are not covered by the AKS support policy.
Ingress allows for traffic external to the mesh to be routed to services within the mesh. With OSM, you can configure most ingress solutions to work with your mesh, but OSM works best with Web Application Routing, NGINX ingress, or Contour ingress. Open source projects integrating with OSM, including NGINX ingress and Contour ingress, are not covered by the AKS support policy.
Using Azure Gateway Ingress Controller (AGIC) for ingress with OSM is not supported and not recommended.
Observability of metrics allows you to view the metrics of your mesh and the deployments in your mesh. With OSM, you can use Prometheus and Grafana for metrics observability, but those integrations are not covered by the AKS support policy.
You can also integrate OSM with Azure Monitor.
Before you can enable metrics on your mesh to integrate with Azure Monitor:
- Enable Azure Monitor on your cluster
- Enable the OSM add-on for your AKS cluster
- Onboard your application namespaces to the mesh
To enable metrics for a namespace in the mesh use osm metrics enable
. For example:
osm metrics enable --namespace myappnamespace
Create a Configmap in the kube-system
namespace that enables Azure Monitor to monitor your namespaces. For example, create a monitor-configmap.yaml
with the following to monitor the myappnamespace
:
kind: ConfigMap
apiVersion: v1
data:
schema-version: v1
config-version: ver1
osm-metric-collection-configuration: |-
# OSM metric collection settings
[osm_metric_collection_configuration]
[osm_metric_collection_configuration.settings]
# Namespaces to monitor
monitor_namespaces = ["myappnamespace"]
metadata:
name: container-azm-ms-osmconfig
namespace: kube-system
Apply that ConfigMap using kubectl apply
.
kubectl apply -f monitor-configmap.yaml
To access your metrics from the Azure portal, select your AKS cluster, then select Logs under Monitoring. From the Monitoring section, query the InsightsMetrics
table to view metrics in the enabled namespaces. For example, the following query shows the envoy metrics for the myappnamespace namespace.
InsightsMetrics
| where Name contains "envoy"
| extend t=parse_json(Tags)
| where t.app == "myappnamespace"
OSM can integrate with certain automation projects and developer tooling to help operators and developers build and release applications. For example, OSM integrates with Flagger for progressive delivery and Dapr for building applications. OSM's integration with Flagger and Dapr are not covered by the AKS support policy.
External authorization allows you to offload authorization of HTTP requests to an external service. OSM can use external authorization by integrating with Open Policy Agent (OPA), but that integration is not covered by the AKS support policy.
OSM has several types of certificates it uses to operate on your AKS cluster. OSM includes its own certificate manager called Tresor, which is used by default. Alternatively, OSM allows you to integrate with Hashicorp Vault, Tresor, and cert-manager, but those integrations are not covered by the AKS support policy.