Install AWS App Mesh Controller

This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at www.eksworkshop.com.

Prerequisites

We assume that we have already have the following setup before we start this chapter.

Install App Mesh Helm Chart

Check that Helm is installed.

helm list

This command should either return a list of helm charts that have already been deployed or nothing.

If you get an error message, see installing helm for instructions.

Add EKS Helm Repo The AWS App Mesh Controller for Kubernetes is easily installed using Helm. To get started, add the EKS Charts repository.

helm repo add eks https://aws.github.io/eks-charts

"eks" has been added to your repositories

Install App Mesh Controller

Create the namespace appmesh-system, enable OIDC and create IRSA (IAM for Service Account) for AWS App Mesh installation

# Create the namespace
kubectl create ns appmesh-system

# Install the App Mesh CRDs
kubectl apply -k "github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master"

# Create your OIDC identity provider for the cluster
eksctl utils associate-iam-oidc-provider \
  --cluster eksworkshop-eksctl \
  --approve

# Download the IAM policy for AWS App Mesh Kubernetes Controller
curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json

# Create an IAM policy called AWSAppMeshK8sControllerIAMPolicy
aws iam create-policy \
    --policy-name AWSAppMeshK8sControllerIAMPolicy \
    --policy-document file://controller-iam-policy.json

# Create an IAM role for the appmesh-controller service account
eksctl create iamserviceaccount --cluster eksworkshop-eksctl \
    --namespace appmesh-system \
    --name appmesh-controller \
    --attach-policy-arn arn:aws:iam::$ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy  \
    --override-existing-serviceaccounts \
    --approve

Install App Mesh Controller into the appmesh-system namespace

helm upgrade -i appmesh-controller eks/appmesh-controller \
  --namespace appmesh-system \
  --set region=$AWS_REGION \
  --set serviceAccount.create=false \
  --set serviceAccount.name=appmesh-controller

Release "appmesh-controller" has been upgraded. Happy Helming!     
NAME: appmesh-controller     
LAST DEPLOYED: Wed Jan 20 21:07:01 2021     
NAMESPACE: appmesh-system     
STATUS: deployed     
REVISION: 1    
TEST SUITE: None     
NOTES:     
AWS App Mesh controller installed! 

Confirm that the controller version is v1.0.0 or later.

kubectl get deployment appmesh-controller \
    -n appmesh-system \
    -o json  | jq -r ".spec.template.spec.containers[].image" | cut -f2 -d ':'
 
v1.3.0

Confirm all the App Mesh CRDs are created in the Cluster

kubectl get crds | grep appmesh

gatewayroutes.appmesh.k8s.aws                2020-11-02T16:02:14Z
meshes.appmesh.k8s.aws                       2020-11-02T16:02:15Z
virtualgateways.appmesh.k8s.aws              2020-11-02T16:02:15Z
virtualnodes.appmesh.k8s.aws                 2020-11-02T16:02:15Z
virtualrouters.appmesh.k8s.aws               2020-11-02T16:02:15Z
virtualservices.appmesh.k8s.aws              2020-11-02T16:02:15Z    

Get all the resources created in appmesh-system Namespace

kubectl -n appmesh-system get all          
  
NAME                                     READY   STATUS    RESTARTS   AGE     
pod/appmesh-controller-fcc7c4ffc-mldhk   1/1     Running   0          47s 
NAME                                         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE     
service/appmesh-controller-webhook-service   ClusterIP   10.100.xx.yy   <none>        443/TCP   27m å   
NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE     
deployment.apps/appmesh-controller   1/1     1            1           27m 
NAME                                            D kubectl get crds ESIRED   CURRENT   READY   AGE    
replicaset.apps/appmesh-controller-fcc7c4ffc    1         1         1       47s 

Congratulations on installing the AWS App Mesh Controller in your EKS Cluster!