diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md index d43a7c339..e0c7ee425 100644 --- a/stable/appmesh-controller/README.md +++ b/stable/appmesh-controller/README.md @@ -20,6 +20,8 @@ App Mesh controller Helm chart for Kubernetes "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance", "servicediscovery:ListInstances", + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", "route53:GetHealthCheck", "route53:CreateHealthCheck", "route53:UpdateHealthCheck", @@ -48,13 +50,91 @@ kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=m Install the App Mesh CRD controller: +### Regular Kubernetes distribution + ```sh helm upgrade -i appmesh-controller eks/appmesh-controller \ ---namespace appmesh-system + --namespace appmesh-system ``` The [configuration](#configuration) section lists the parameters that can be configured during installation. +### EKS on Fargate + +``` +export CLUSTER_NAME= +export AWS_REGION= +``` + +Create namespace +```sh +kubectl create ns appmesh-system +``` + +Setup fargate-profile +```sh +eksctl create fargateprofile --cluster $CLUSTER_NAME --namespace appmesh-system +``` + +Enable IAM OIDC provider +```sh +eksctl utils associate-iam-oidc-provider --region=$AWS_REGION --cluster=$CLUSTER_NAME --approve +``` + +Create IRSA for appmesh-controller +```sh +eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ + --namespace appmesh-system \ + --name appmesh-controller \ + --attach-policy-arn arn:aws:iam::aws:policy/AWSCloudMapFullAccess,arn:aws:iam::aws:policy/AWSAppMeshFullAccess \ + --override-existing-serviceaccounts \ + --approve +``` + +Deploy appmesh-controller +```sh +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller +``` + +### EKS with IAM Roles for Service Account + +``` +export CLUSTER_NAME= +export AWS_REGION= +``` + +Create namespace +```sh +kubectl create ns appmesh-system +``` + +Create IRSA for appmesh-controller +```sh +eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \ + --cluster=$CLUSTER_NAME \ + --approve + +eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ + --namespace appmesh-system \ + --name appmesh-controller \ + --attach-policy-arn arn:aws:iam::aws:policy/AWSCloudMapFullAccess,arn:aws:iam::aws:policy/AWSAppMeshFullAccess \ + --override-existing-serviceaccounts \ + --approve +``` + +Deploy appmesh-controller +```sh +helm upgrade -i appmesh-controller eks/appmesh-controller \ + --namespace appmesh-system \ + --set region=$AWS_REGION \ + --set serviceAccount.create=false \ + --set serviceAccount.name=appmesh-controller +``` + ## Uninstalling the Chart To uninstall/delete the `appmesh-controller` deployment: @@ -87,6 +167,3 @@ Parameter | Description | Default `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` `serviceAccount.create` | If `true`, create a new service account | `true` `serviceAccount.name` | Service account to be used | None - - -