Git Product home page Git Product logo

flagger-appmesh-gateway's Introduction

flagger-appmesh-gateway

build e2e report release

Flagger Gateway for AWS App Mesh is an edge L7 load balancer that exposes applications outside the mesh.

Note this project has been deprecated in favour of the official AWS AppMesh Gateway.

Features:

  • allows running canary deployments and A/B testing with Flagger for user-facing web applications and APIs
  • allows binding a public or internal domain to a mesh address
  • enables App Mesh client load-balancing for AWS NLB, ALB and Amazon API Gateway
  • allows setting retries polices and timeouts for each service
  • exports metrics in Prometheus format (request rate, error rate and latency)
  • provides access logging for ingress traffic
  • tags incoming requests and facilitates distributed tracing

The gateway is composed of:

  • Envoy proxy
  • Envoy control plane (xDS gRPC server)
  • Kubernetes controller (service discovery)

flagger-appmesh-gateway

An application running on App Mesh can be exposed outside the mesh by annotating its virtual service with:

apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualService
metadata:
  name: frontend.test
  annotations:
    gateway.appmesh.k8s.aws/expose: "true"
    gateway.appmesh.k8s.aws/retries: "5"
    gateway.appmesh.k8s.aws/timeout: "25s"
    gateway.appmesh.k8s.aws/domain: "example.com,www.example.com"

If you want to expose the service inside the Kubernetes cluster you can omit the domain annotation. By default the gateway exposes a virtual service by its name, a service can be accessed by setting the host HTTP header e.g.:

curl -H 'Host: frontend.test' http://<gateway-host>/

The gateway registers/de-registers virtual services automatically as they come and go in the cluster.

Install

Requirements:

  • App Mesh CRDs, controller and inject installed
  • A mesh called appmesh

Install the API Gateway as NLB in appmesh-gateway namespace:

kubectl apply -k github.com/stefanprodan/flagger-appmesh-gateway//kustomize/nlb

To run the gateway behind an ALB you can install the NodePort version:

kubectl apply -k github.com/stefanprodan/flagger-appmesh-gateway//kustomize/nodeport

Wait for the deployment rollout to finish:

kubectl -n appmesh-gateway rollout status deploy/flagger-appmesh-gateway

When the gateway starts it will create a virtual node. You can verify the install with:

watch kubectl -n appmesh-gateway describe virtualnode flagger-appmesh-gateway

Status:
  Conditions:
    Status:                True
    Type:                  VirtualNodeActive

Example

Deploy podinfo in the test namespace:

kubectl -n test apply -k github.com/stefanprodan/flagger-appmesh-gateway//kustomize/test

Port forward to the gateway:

kubectl -n appmesh-gateway port-forward svc/flagger-appmesh-gateway 8080:80

Access the podinfo API by setting the host header to podinfo.test:

curl -vH 'Host: podinfo.test' localhost:8080

Access podinfo on its custom domain:

curl -vH 'Host: podinfo.internal' localhost:8080

Access podinfo using the gateway NLB address:

URL="http://$(kubectl -n appmesh-gateway get svc/flagger-appmesh-gateway -ojson | \
jq -r ".status.loadBalancer.ingress[].hostname")"

curl -vH 'Host: podinfo.internal' $URL

Contributing

App Mesh Gateway is Apache 2.0 licensed and accepts contributions via GitHub pull requests.

flagger-appmesh-gateway's People

Contributors

stefanprodan avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

flagger-appmesh-gateway's Issues

e2e testing

Implement end-to-end testing with Kubernetes Kind and GitHub Actions.

Possible to add an annotation to the NLB?

I'd like to use this for an private only NLB.

Wold it be possible to add a config variable that optionally adds the
service.beta.kubernetes.io/aws-load-balancer-internal: "true" annotation?

Error adding/updating listener(s) listener_http

Hi,

I setup the appmesh gateway on EKS 1.14 ingress NLB.

After publishing a virtual service:

apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualService
metadata:
  name: s1.apps.svc.cluster.local
  namespace: apps
  annotations:
    gateway.appmesh.k8s.aws/expose: "true"
    gateway.appmesh.k8s.aws/retries: "5"
    gateway.appmesh.k8s.aws/timeout: "25s"
    gateway.appmesh.k8s.aws/domain: "example.com,www.example.com"
....

And check that the service has been registered in the controller:

I0316 09:52:01.373887       1 snapshot.go:119] cache updated for 1 services, version 1, checksum 1014069415403572753
I0316 09:52:01.420517       1 virtualnode.go:114] virtual node flagger-appmesh-gateway updated with 1 backends

I see errors registering in the proxy, not sure why the -3000 is being added:

[2020-03-16 09:52:01.386][1][warning][config] [source/common/config/grpc_mux_subscription_impl.cc:82] gRPC config for type.googleapis.com/envoy.api.v2.Listener rejected: Error adding/updating listener(s) listener_http: route: unknown cluster 's1.apps.svc.cluster.local-3000'

Some tip?

Virtual Node flagger-appmesh-gateway-appmesh-gateway not adding new backends

Hi,

I have and exposed service and I can access it via the NLB -> Gateway:

apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualService
metadata:
  name: s1.apps.svc.cluster.local
  namespace: apps
  annotations:
    gateway.appmesh.k8s.aws/expose: "true"
    gateway.appmesh.k8s.aws/retries: "5"
    gateway.appmesh.k8s.aws/timeout: "25s"
    gateway.appmesh.k8s.aws/domain: "s1.com"

I see in the virtual node flagger-appmesh-gateway-appmesh-gateway that the backend s1.apps.svc.cluster.localis added .

But, when I added a second exposed service:

apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualService
metadata:
  name: s2.apps.svc.cluster.local
  namespace: apps
  annotations:
    gateway.appmesh.k8s.aws/expose: "true"
    gateway.appmesh.k8s.aws/retries: "5"
    gateway.appmesh.k8s.aws/timeout: "25s"
    gateway.appmesh.k8s.aws/domain: "s2.com"

This second exposed virtual service is not being added to the gateway virtual node and a 404 response is being returned.

Checking the logs I only see I0317 16:43:43.011647 1 virtualnode.go:114] virtual node flagger-appmesh-gateway updated with 1 backends How can I debug what's going on?

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.