stefanprodan / flagger-appmesh-gateway

A Kubernetes API Gateway for AWS App Mesh powered by Envoy

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool


build e2e report release

Flagger Gateway for AWS App Mesh is an edge L7 load balancer that exposes applications outside the mesh.

Note this project has been deprecated in favour of the official AWS AppMesh Gateway.


  • allows running canary deployments and A/B testing with Flagger for user-facing web applications and APIs
  • allows binding a public or internal domain to a mesh address
  • enables App Mesh client load-balancing for AWS NLB, ALB and Amazon API Gateway
  • allows setting retries polices and timeouts for each service
  • exports metrics in Prometheus format (request rate, error rate and latency)
  • provides access logging for ingress traffic
  • tags incoming requests and facilitates distributed tracing

The gateway is composed of:

  • Envoy proxy
  • Envoy control plane (xDS gRPC server)
  • Kubernetes controller (service discovery)


An application running on App Mesh can be exposed outside the mesh by annotating its virtual service with:

kind: VirtualService
  name: frontend.test
  annotations: "true" "5" "25s" ","

If you want to expose the service inside the Kubernetes cluster you can omit the domain annotation. By default the gateway exposes a virtual service by its name, a service can be accessed by setting the host HTTP header e.g.:

curl -H 'Host: frontend.test' http://<gateway-host>/

The gateway registers/de-registers virtual services automatically as they come and go in the cluster.



  • App Mesh CRDs, controller and inject installed
  • A mesh called appmesh

Install the API Gateway as NLB in appmesh-gateway namespace:

kubectl apply -k

To run the gateway behind an ALB you can install the NodePort version:

kubectl apply -k

Wait for the deployment rollout to finish:

kubectl -n appmesh-gateway rollout status deploy/flagger-appmesh-gateway

When the gateway starts it will create a virtual node. You can verify the install with:

watch kubectl -n appmesh-gateway describe virtualnode flagger-appmesh-gateway

    Status:                True
    Type:                  VirtualNodeActive


Deploy podinfo in the test namespace:

kubectl -n test apply -k

Port forward to the gateway:

kubectl -n appmesh-gateway port-forward svc/flagger-appmesh-gateway 8080:80

Access the podinfo API by setting the host header to podinfo.test:

curl -vH 'Host: podinfo.test' localhost:8080

Access podinfo on its custom domain:

curl -vH 'Host: podinfo.internal' localhost:8080

Access podinfo using the gateway NLB address:

URL="http://$(kubectl -n appmesh-gateway get svc/flagger-appmesh-gateway -ojson | \
jq -r ".status.loadBalancer.ingress[].hostname")"

curl -vH 'Host: podinfo.internal' $URL


App Mesh Gateway is Apache 2.0 licensed and accepts contributions via GitHub pull requests.


A Kubernetes API Gateway for AWS App Mesh powered by Envoy

License:Apache License 2.0


Language:Go 84.6%Language:Shell 11.5%Language:Makefile 2.7%Language:Dockerfile 1.3%