Introducing Open Service Mesh (OSM): A Lightweight, Extensible Service Mesh for Kubernetes

Although micro‑service environments bring portability and faster deployment cycles, they also increase demands for traffic management, security, and observability, leading to many service‑mesh implementations. Microsoft contributes to the Service Mesh Interface (SMI) project to define portable APIs that work across different meshes.

Today Microsoft announced Open Service Mesh (OSM), an open‑source, lightweight, and scalable service mesh that runs on Kubernetes. OSM follows three design guidelines: it provides an SMI‑compatible control plane, uses Envoy as the data plane, and embraces a “no cliffs” philosophy to stay flexible for simple or complex scenarios.

Matt Klein, founder of Envoy, praised OSM as a vendor‑neutral mesh solution for Kubernetes that emphasizes simplicity.

OSM simplifies many tasks such as traffic shifting, mTLS‑based service‑to‑service security, fine‑grained access‑control policies, observability with metrics, certificate management, and automatic sidecar injection. Microsoft plans to showcase OSM at KubeCon EU Virtual 2020 and a CNCF webinar.

The article also discusses the evolution of application infrastructure from physical hardware to virtualized, auto‑scaling cloud platforms, and how a service mesh becomes the infrastructure layer that handles load balancing, service discovery, and policy‑driven security via sidecar proxies.

SMI, a CNCF sandbox project, defines a set of core APIs for Kubernetes service meshes, enabling portability across different mesh implementations without vendor lock‑in. It is not a mesh itself but a specification that meshes can implement.

OSM is Microsoft’s open‑source implementation of SMI, hosted on GitHub. It uses Envoy for the data plane and provides common mesh features such as traffic routing, security, access control, and observability, while remaining easy to install and operate.

To get started, download the OSM CLI from the GitHub releases page and run osm install . This command installs the OSM control plane into a Kubernetes cluster, after which services can be onboarded, policies defined, and sidecar proxies automatically injected. OSM includes Prometheus and Grafana for monitoring and integrates with AKS, Git, and Azure Arc to form a comprehensive cloud‑native management stack.