OSM runs on Kubernetes. The control plane implements Envoy's xDS and is configured with SMI APIs. OSM injects an Envoy proxy as a sidecar container next to each instance of an application.
The data plane (the set of Envoy proxies running as part of OSM) executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually programs the data plane to ensure policies and routing rules are up to date and ensures the data plane is healthy.
The OSM project builds on the ideas and implementations of many cloud native ecosystem projects including Linkerd, Istio, Consul, Envoy, Kuma, Helm, and the SMI specification.
Features
- Easily and transparently configure traffic shifting for deployments
- Secure end-to-end service to service communication by enabling mTLS
- Define and execute fine grained access control policies for services
- Observability and insights into application metrics for debugging and monitoring services
- Integrate with external certificate management services/solutions with a pluggable interface
- Onboard applications onto the mesh by enabling automatic sidecar injection of Envoy proxy
- Flexible enough to handle both simple and complex scenarios through SMI and Envoy XDS APIs