Envoy is powerful, but configuring it can be painful.
If you've ever tried to set up a dynamic Envoy control plane, you know the drill: write protobuf definitions, implement xDS protocols, figure out why your CDS response isn't being picked up. It's a lot of ceremony just to route traffic to a backend.
I built Flowplane to skip all that.
What is Flowplane?
Flowplane is an open source control plane that exposes REST APIs for managing Envoy configuration. Instead of writing raw protobuf, you POST JSON to create clusters, routes, and listeners. Flowplane translates it into xDS and serves it to your Envoy proxies via gRPC.
# Create a cluster
curl -X POST http://localhost:8080/api/v1/clusters \
-H "Authorization: Bearer $TOKEN" \
-d '{
"team": "platform",
"name": "httpbin-cluster",
"endpoints": [{"host": "httpbin.org", "port": 443}],
"useTls": true
}'
That's it. No protobuf compilation, no xDS protocol knowledge required.
How is Flowplane different from Envoy Gateway?
If you're familiar with the Envoy ecosystem, you might be wondering how Flowplane compares to Envoy Gateway. They solve similar problems but take different approaches.
Envoy Gateway is the official Envoy project for managing proxies. It implements the Kubernetes Gateway API, so you configure it with CRDs like Gateway and HTTPRoute via kubectl apply. It's designed for teams already working in Kubernetes who think in those abstractions.
Flowplane exposes Envoy's xDS concepts directly through REST. You're still working with clusters, listeners, and routes — the same mental model as Envoy — but through JSON and HTTP rather than protobuf or Kubernetes manifests.
| Envoy Gateway | Flowplane | |
|---|---|---|
| Config model | Kubernetes Gateway API | REST API (JSON) |
| Primary environment | Kubernetes-native | Runs anywhere |
| How you configure | kubectl apply |
curl, CLI, or Web UI |
| Multi-tenancy | K8s namespace isolation | Built-in team scoping |
Choose Envoy Gateway if: You're on Kubernetes and want tight integration with the Gateway API ecosystem.
Choose Flowplane if: You're running Envoy outside Kubernetes, want API-driven configuration for CI/CD integration, or prefer working with REST over YAML manifests.
Why I built this
Envoy is a battle-tested proxy that powers infrastructure at Lyft, Google, and Stripe. It's fast, extensible, and includes features other gateways charge for — OAuth2, JWT authentication, rate limiting, external authorization — all built in.
The problem is the learning curve.
Envoy's configuration is notoriously complex. You need to understand xDS protocols, write protobuf, and piece together listeners, clusters, and filter chains. For teams that just want to route traffic and secure their APIs, it's a steep hill to climb.
There are existing open source projects that help you build Envoy control planes, but most are either bare-bones xDS implementations that still require deep protocol knowledge, or they assume you're running Kubernetes. If you're on ECS, VMs, or bare metal and just want an API gateway with OAuth2 and rate limiting, a full service mesh is overkill.
I built Flowplane to bridge that gap — a RESTful abstraction that gives teams access to Envoy's powerful features without requiring Kubernetes or a PhD in xDS. POST some JSON, get a working proxy config.
Key features
REST API for everything — Clusters, listeners, routes, filters, secrets. All manageable through standard HTTP endpoints.
CLI support — Prefer the command line? Flowplane includes a CLI for managing resources.
13 HTTP filters out of the box — JWT auth, OAuth2, rate limiting, CORS, header mutation, external authorization. Configure them with JSON, not protobuf.
Multi-tenant by default — Resources are scoped to teams with token-based auth. Useful when multiple teams share proxy infrastructure.
API schema learning — This one's a bit different. Flowplane can capture traffic samples and infer JSON schemas from observed requests/responses. Handy for documenting APIs that don't have specs.
Web UI included — A SvelteKit dashboard for managing resources if you prefer clicking over curling.
Quick start
Docker (Recommended)
docker run -d \
--name flowplane \
-p 8080:8080 \
-p 50051:50051 \
-v flowplane_data:/app/data \
-e FLOWPLANE_DATABASE_URL=sqlite:///app/data/flowplane.db \
ghcr.io/rajeevramani/flowplane:latest
Binary
Download from GitHub Releases:
# Linux (x86_64)
curl -LO https://github.com/rajeevramani/flowplane/releases/download/v0.0.11/flowplane-x86_64-unknown-linux-gnu.tar.gz
tar xzf flowplane-x86_64-unknown-linux-gnu.tar.gz
# macOS (Apple Silicon)
curl -LO https://github.com/rajeevramani/flowplane/releases/download/v0.0.11/flowplane-aarch64-apple-darwin.tar.gz
tar xzf flowplane-aarch64-apple-darwin.tar.gz
# Run
./flowplane-*/flowplane
Access points
| Service | URL |
|---|---|
| API | http://localhost:8080/api/v1/ |
| UI | http://localhost:8080/ |
| Swagger UI | http://localhost:8080/swagger-ui/ |
| xDS (gRPC) | localhost:50051 |
What's next
Flowplane is at v0.0.11 — functional but early. I'm using it for my own projects and looking for feedback from others who've felt the Envoy configuration pain.
If you've struggled with Envoy configuration or want a simpler path to its features, give it a try:
- GitHub: github.com/rajeevramani/flowplane
-
Docs: Available in the repo under
/docs
Star the repo, open an issue with feedback, or drop a comment here. I'd love to hear what's working and what's missing.
Top comments (0)