fsm
fsm copied to clipboard
Lightweight service mesh for Kubernetes East-West and North-South traffic management, uses ebpf for layer4 and pipy proxy for layer7 traffic management, support multi cluster network.
Flomesh Service Mesh (FSM)
The Flomesh Service Mesh (FSM) inherits a portion of the archived OSM code and introduces the following enhancements while maintaining compatibility with OSM:
- FSM utilizes Flomesh Pipy proxy as a replacement for OSM's Envoy proxy. This enables FSM to achieve lightweight control and data planes, optimizing CPU and memory resources effectively.
- Implemented traffic interception using eBPF-based technology instead of iptables-based traffic interception.
- FSM offers comprehensive north-south traffic management capabilities, including Ingress and Gateway APIs.
- Additionally, it facilitates seamless interconnectivity among multiple clusters and incorporates service discovery functionality.
Flomesh Pipy is a programmable network proxy that provides a high-performance, low-latency, and secure way to route traffic between services.
FSM is dedicated to providing a holistic, high-performance, and user-friendly suite of traffic management and service governance capabilities for microservices operating on the Kubernetes platform. By harnessing the combined strengths of FSM and Pipy, we present a dynamic and versatile service mesh solution that empowers Kubernetes-based environments.
Table of Contents
-
Flomesh Service Mesh (FSM)
- Table of Contents
-
Overview
- Core Principles
- Documentation
- Features
- Project status
- Support
- SMI Specification support
- FSM Design
-
Install
- Prerequisites
- Get the FSM CLI
- Install FSM
- Demonstration
-
Using FSM
- Quick Start
- FSM Usage Patterns
- Community
- Development Guide
- Code of Conduct
- License
Overview
FSM runs an Sidecar based control plane on Kubernetes, can be configured with SMI APIs, and works by injecting a Pipy Sidecar proxy as a sidecar container next to each instance of your application. The proxy contains and executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually configures proxies to ensure policies and routing rules are up to date and ensures proxies are healthy.
Core Principles
- Simple to understand and contribute to
- Effortless to install, maintain, and operate
- Painless to troubleshoot
- Easy to configure via Service Mesh Interface (SMI)
Documentation
Documentation pertaining to the usage of Flomesh Service Mesh is made available at fsm-docs.flomesh.io.
Documentation pertaining to development, release workflows, and other repository specific documentation, can be found in the docs folder.
Features
- Easily and transparently configure traffic shifting for deployments
- Secure service to service communication by enabling mTLS
- Define and execute fine grained access control policies for services
- Observability and insights into application metrics for debugging and monitoring services
- Integrate with external certificate management services/solutions with a pluggable interface
- Onboard applications onto the mesh by enabling automatic sidecar injection of Sidecar proxy
Project status
FSM is under active development and is ready for production workloads.
Support
Please search open issues on GitHub, and if your issue isn't already represented please open a new one. The FSM project maintainers will respond to the best of their abilities.
SMI Specification support
Kind | SMI Resource | Supported Version | Comments |
---|---|---|---|
TrafficTarget | traffictargets.access.smi-spec.io | v1alpha3 | |
HTTPRouteGroup | httproutegroups.specs.smi-spec.io | v1alpha4 | |
TCPRoute | tcproutes.specs.smi-spec.io | v1alpha4 | |
UDPRoute | udproutes.specs.smi-spec.io | not supported | |
TrafficSplit | trafficsplits.split.smi-spec.io | v1alpha4 | |
TrafficMetrics | *.metrics.smi-spec.io | v1alpha1 | 🚧 In Progress 🚧 |
FSM Design
Read more about FSM's high level goals, design, and architecture.
Install
Prerequisites
- Kubernetes cluster running Kubernetes v1.19.0 or greater
- kubectl current context is configured for the target cluster install
-
kubectl config current-context
-
Get the FSM CLI
The simplest way of installing Flomesh Service Mesh on a Kubernetes cluster is by using the fsm
CLI.
Download the fsm
binary from the Releases page. Unpack the fsm
binary and add it to $PATH
to get started.
sudo mv ./fsm /usr/local/bin/fsm
Install FSM
$ fsm install
See the installation guide for more detailed options.
Demonstration
The FSM Bookstore demo is a step-by-step walkthrough of how to install a bookbuyer and bookstore apps, and configure connectivity between these using SMI.
Using FSM
After installing FSM, onboard a microservice application to the service mesh.
Quick Start
Refer to Quick Start guide for step-by-step guide on how to start quickly.
FSM Usage Patterns
Community
Connect with the Flomesh Service Mesh community:
- GitHub issues and pull requests in this repo
- FSM Slack: Join the Flomesh-io Slack for related discussions
Development Guide
If you would like to contribute to FSM, check out the development guide.
Code of Conduct
This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.
License
This software is covered under the Apache 2.0 license. You can read the license here.