Quick Start
osm-edge quick start guide
This guide shows how to download, install, and run osm-edge, deploy a demo application, and complete SMI standard functionality like link encryption, access control, and traffic splitting in less than 5 minutes. This demo assumes you are running Ubuntu 21 on x86 architecture, running the k3s version ‘V1.23.8 + K3S1’. For more version and platform support, please refer to the complete Beginner’s Guide.
Pre-requisites
Running Kubernetes cluster. If you don’t have one, you can use below script to install k3s:
export INSTALL_K3S_VERSION=v1.23.8+k3s1
curl -sfL https://get.k3s.io | sh -s - --disable traefik --write-kubeconfig-mode 644 --write-kubeconfig ~/.kube/config
Minimum Kubernetes version supported by osm-edge is v1.19.0
Download and install osm-edge CLI
system=$(uname -s | tr [:upper:] [:lower:])
arch=$(dpkg --print-architecture)
release=v1.1.2
curl -L https://github.com/flomesh-io/osm-edge/releases/download/${release}/osm-edge-${release}-${system}-${arch}.tar.gz | tar -vxzf -
./${system}-${arch}/osm version
cp ./${system}-${arch}/osm /usr/local/bin/
Install osm-edge on Kubernetes cluster
Below command installs and enable Prometheus,Grafana, and Jaeger
export osm_namespace=osm-system
export osm_mesh_name=osm
osm install \
--mesh-name "$osm_mesh_name" \
--osm-namespace "$osm_namespace" \
--set=osm.enablePermissiveTrafficPolicy=true \
--set=osm.deployPrometheus=true \
--set=osm.deployGrafana=true \
--set=osm.deployJaeger=true \
--set=osm.tracing.enable=true
Deploy Applications
In this section we will deploy 5 different Pods, and we will apply policies to control the traffic between them.
bookbuyer
is an HTTP client making requests tobookstore
. This traffic is permitted.bookthief
is an HTTP client and much likebookbuyer
also makes HTTP requests tobookstore
. This traffic should be blocked.bookstore
is a server, which responds to HTTP requests. It is also a client making requests to thebookwarehouse
service. This traffic is permitted.bookwarehouse
is a server and should respond only tobookstore
. Bothbookbuyer
andbookthief
should be blocked.mysql
is a MySQL database only reachable bybookwarehouse
.
Use below script to install:
kubectl create namespace bookstore
kubectl create namespace bookbuyer
kubectl create namespace bookthief
kubectl create namespace bookwarehouse
osm namespace add bookstore bookbuyer bookthief bookwarehouse
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/release-v1.1/manifests/apps/bookbuyer.yaml
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/release-v1.1/manifests/apps/bookthief.yaml
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/release-v1.1/manifests/apps/bookstore.yaml
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/release-v1.1/manifests/apps/bookwarehouse.yaml
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/release-v1.1/manifests/apps/mysql.yaml
Expose the GUI ports of each service, so that with a browser we can access these ports of demo application.
git clone https://github.com/flomesh-io/osm-edge.git -b release-v1.1
cd osm-edge
cp .env.example .env
./scripts/port-forward-all.sh #可以忽略错误信息
In a browser, open the following URL.
_Note: If you need to access from the host, you need to replace localhost
with the IP address of the virtual machine; or run the port-forward-all.sh
script on the host. _
- http://localhost:8080 - bookbuyer
- http://localhost:8083 - bookthief
- http://localhost:8084 - bookstore
Access Control
By installing osm-edge with the above command, all services are without access control (permissive traffic policy mode), or all access is allowed. The situation when there is no access control can be seen by looking at the growth in the number of books counts per service in the browser.
The counts in the bookbuyer
, bookthief
UI correspond to the number of books purchased and stolen, respectively, while in bookstore-v1
these should be increasing by.
- http://localhost:8080 - bookbuyer
- http://localhost:8083 - bookthief
The count for book sales in the bookstore
UI should also be increasing.
- http://localhost:8084 - bookstore
The following demonstrates denying access to the bookstore
service by disabling the permissive traffic policy mode.
kubectl patch meshconfig osm-mesh-config -n osm-system -p '{"spec":{"traffic":{"enablePermissiveTrafficPolicyMode":false}}}' --type=merge
You will see that the count is no longer increasing.
Execute below command to allow bookbuyer
privileges to access bookstore
:
kubectl apply -f https://raw.githubusercontent.com/flomesh-io/osm-edge-docs/main/manifests/access/traffic-access-v1.yaml
Here we go back to the bookbuyer
and bookstore
UI and see that the count resumes increasing while the count for the bookthief
UI remains stopped.
With access control, we have successfully prevented bookthief
from stealing books from bookstore
, while normal purchases are unaffected.
Observability
Metrics
Use below command to enable namespace metrics generation and capturing, or else metrics generated by Pods won’t be gathered.
osm metrics enable --namespace "bookstore,bookbuyer,bookthief,bookwarehouse"
After running port-forwarding script, open url http://localhost:3000
in browser to access Grafan console. Dashboard default username and passwords are admin
, admin
.
osm-edge has several built-in dashboards to provide visualization of metrics in the control plane and data plane. For example, the following figure shows the metrics of pod http://localhost:3000
of the bookthief
service accessing other services
.
The following figure shows the metrics of bookthief
accessing other services
at the granularity of deployment
. The difference from the previous figure is that if bookthief
has multiple replicas, the aggregate data for all replicas is shown here: !
The next metrics for the osm-edge component, and for the mesh base information are shown here.
Tracing
Jaeger’s dashboard can be accessed by typing http://localhost:16686/search
in your browser: !
The dashboard allows you to look up service-related tracing information: !
Show service topology diagram.
Logging
The osm-edge control plane outputs diagnostic logs to the standard output for service mesh management, and the output of logging information can be controlled by adjusting the level of logging. The logs output to the standard output can be aggregated and stored by the log collection tool.
Uninstall Service Mesh
To uninstall all resources associated with osm-edge after completing the quick experience with osm-edge, you will need to delete these sample applications and associated SMI resources and uninstall the osm-edge control plane and cluster-wide osm-edge resources.
To delete the sample applications.
kubectl delete ns bookbuyer bookthief bookstore bookwarehouse
Uninstall the control plane.
osm uninstall mesh
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.