Azure Open Service Mesh in AKS

Azure Open Service Mesh is a managed service mesh implementation offered by Microsoft Azure. A service mesh is a dedicated infrastructure layer that handles service-to-service communication within a microservices architecture. It helps manage the complexity of distributed systems by providing features like traffic routing, service discovery, load balancing, and observability.

Azure Open Service Mesh is built on top of the open-source service mesh project called Open Service Mesh (OSM), which is hosted by the Cloud Native Computing Foundation (CNCF). It provides a simplified way to deploy and manage service mesh capabilities in Azure Kubernetes Service (AKS) clusters.

Some key features of Azure Open Service Mesh include:

1. Traffic management: It allows you to control and manage traffic between services, enabling features like request routing, load balancing, and traffic splitting.
2. Service discovery: It provides automatic service discovery, allowing services to locate and communicate with each other without requiring explicit configuration.
3. Secure communication: Azure Open Service Mesh secures communication between services using mutual TLS (mTLS) encryption. It ensures that only authenticated and authorized services can communicate with each other.
4. Observability and monitoring: It offers built-in monitoring and observability features, allowing you to gain insights into the performance and behavior of your services. This includes metrics, logs, and distributed tracing.
5. Integration with Azure services: Azure Open Service Mesh integrates with other Azure services, such as Azure Monitor and Azure Application Gateway, to provide enhanced monitoring, security, and traffic management capabilities.

Limitations

The OSM AKS add-on has the following limitations:

• After installation, you must enable Iptables redirection for port IP address and port range exclusion using kubectl patch. For more information, see iptables redirection.
• Any pods that need access to IMDS, Azure DNS, or the Kubernetes API server must have their IP addresses added to the global list of excluded outbound IP ranges using Global outbound IP range exclusions.
• The add-on doesn’t work on AKS clusters that are using Istio based service mesh addon for AKS.
• OSM doesn’t support Windows Server containers.

By using Azure Open Service Mesh, you can simplify the management of your microservices architecture and improve the reliability, scalability, and security of your applications running on Azure.