The Flomesh Service Mesh (FSM) inherits a portion of the archived OSM code and introduces the following enhancements while maintaining compatibility with OSM:
- FSM utilizes Flomesh Pipy proxy as a replacement for OSM's Envoy proxy. This enables FSM to achieve lightweight control and data planes, optimizing CPU and memory resources effectively.
- Implemented traffic interception using eBPF-based technology instead of iptables-based traffic interception.
- FSM offers comprehensive north-south traffic management capabilities, including Ingress and Gateway APIs.
- Additionally, it facilitates seamless interconnectivity among multiple clusters and incorporates service discovery functionality.
Flomesh Pipy is a programmable network proxy that provides a high-performance, low-latency, and secure way to route traffic between services.
FSM is dedicated to providing a holistic, high-performance, and user-friendly suite of traffic management and service governance capabilities for microservices operating on the Kubernetes platform. By harnessing the combined strengths of FSM and Pipy, we present a dynamic and versatile service mesh solution that empowers Kubernetes-based environments.
FSM runs an Sidecar based control plane on Kubernetes, can be configured with SMI APIs, and works by injecting a Pipy Sidecar proxy as a sidecar container next to each instance of your application. The proxy contains and executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually configures proxies to ensure policies and routing rules are up to date and ensures proxies are healthy.
- Simple to understand and contribute to
- Effortless to install, maintain, and operate
- Painless to troubleshoot
- Easy to configure via Service Mesh Interface (SMI)
Documentation pertaining to the usage of Flomesh Service Mesh is made available at fsm-docs.flomesh.io.
Documentation pertaining to development, release workflows, and other repository specific documentation, can be found in the docs folder.
- Easily and transparently configure traffic shifting for deployments
- Secure service to service communication by enabling mTLS
- Define and execute fine grained access control policies for services
- Observability and insights into application metrics for debugging and monitoring services
- Integrate with external certificate management services/solutions with a pluggable interface
- Onboard applications onto the mesh by enabling automatic sidecar injection of Sidecar proxy
FSM is under active development and is ready for production workloads.
Please search open issues on GitHub, and if your issue isn't already represented please open a new one. The FSM project maintainers will respond to the best of their abilities.
| Kind | SMI Resource | Supported Version | Comments |
|---|---|---|---|
| TrafficTarget | traffictargets.access.smi-spec.io | v1alpha3 | |
| HTTPRouteGroup | httproutegroups.specs.smi-spec.io | v1alpha4 | |
| TCPRoute | tcproutes.specs.smi-spec.io | v1alpha4 | |
| UDPRoute | udproutes.specs.smi-spec.io | not supported | |
| TrafficSplit | trafficsplits.split.smi-spec.io | v1alpha4 | |
| TrafficMetrics | *.metrics.smi-spec.io | v1alpha1 | 🚧 In Progress 🚧 |
| Kind | Supported Version | Comments |
|---|---|---|
| GatewayClass | v1 | |
| Gateway | v1 | |
| HTTPRoute | v1 | |
| GRPCRoute | v1 | |
| TLSRoute | v1alpha2 | |
| TCPRoute | v1alpha2 | |
| UDPRoute | v1alpha2 | |
| ReferenceGrant | v1beta1 |
Read more about FSM's high level goals, design, and architecture.
- Kubernetes cluster running Kubernetes v1.19.0 or greater
- kubectl current context is configured for the target cluster install
kubectl config current-context
The simplest way of installing Flomesh Service Mesh on a Kubernetes cluster is by using the fsm CLI.
Download the fsm binary from the Releases page. Unpack the fsm binary and add it to $PATH to get started.
sudo mv ./fsm /usr/local/bin/fsm$ fsm install
See the installation guide for more detailed options.
The FSM Bookstore demo is a step-by-step walkthrough of how to install a bookbuyer and bookstore apps, and configure connectivity between these using SMI.
After installing FSM, onboard a microservice application to the service mesh.
Refer to Quick Start guide for step-by-step guide on how to start quickly.
Connect with the Flomesh Service Mesh community:
- GitHub issues and pull requests in this repo
- FSM Slack: Join the Flomesh-io Slack for related discussions
If you would like to contribute to FSM, check out the development guide.
This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.
This software is covered under the Apache 2.0 license. You can read the license here.