From 60ec6c9d1cb6477fb2211d8199aff7b79d2e0082 Mon Sep 17 00:00:00 2001
From: Kiran Meduri <meduri@amazon.com>
Date: Thu, 16 Jan 2020 16:10:47 -0800
Subject: [PATCH 1/3] Update README with steps to use EKS IAM Roles for Service
 Account

---
 stable/appmesh-controller/README.md | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md
index c031802b5..bf4085cf8 100644
--- a/stable/appmesh-controller/README.md
+++ b/stable/appmesh-controller/README.md
@@ -20,6 +20,8 @@ App Mesh controller Helm chart for Kubernetes
                 "servicediscovery:RegisterInstance",
                 "servicediscovery:DeregisterInstance",
                 "servicediscovery:ListInstances",
+                "servicediscovery:ListNamespaces",
+                "servicediscovery:ListServices",
                 "route53:GetHealthCheck",
                 "route53:CreateHealthCheck",
                 "route53:UpdateHealthCheck",
@@ -55,6 +57,16 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \
 
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
+## Use EKS IAM Roles for service account
+
+Find the service account used by appmesh-controller
+
+```sh
+kubectl get deployment -n appmesh-system appmesh-controller -o json | jq -r ".spec.template.spec.serviceAccount"
+```
+
+Setup IAM role for service account using the policy above. See https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `appmesh-controller` deployment:
@@ -84,7 +96,4 @@ Parameter | Description | Default
 `rbac.create` | if `true`, create and use RBAC resources | `true`
 `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
 `serviceAccount.create` | If `true`, create a new service account | `true`
-`serviceAccount.name` | Service account to be used | None
-
-
-
+`serviceAccount.name` | Service account to be used | None
\ No newline at end of file

From 7c7c08aad5c69737aa1a646215a8b8619f60392e Mon Sep 17 00:00:00 2001
From: Kiran Meduri <meduri@amazon.com>
Date: Fri, 7 Feb 2020 12:35:47 -0800
Subject: [PATCH 2/3] Fix README.md

---
 stable/appmesh-controller/README.md | 82 ++++++++++++++++++++++++++---
 1 file changed, 75 insertions(+), 7 deletions(-)

diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md
index bf4085cf8..8f917ff80 100644
--- a/stable/appmesh-controller/README.md
+++ b/stable/appmesh-controller/README.md
@@ -50,22 +50,90 @@ kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=m
 
 Install the App Mesh CRD controller:
 
+### EKS on Fargate
+
+```
+export CLUSTER_NAME=<eks-cluster-name>
+export AWS_REGION=<aws-region e.g. us-east-1>
+```
+
+Create namespace
+```sh
+kubectl create ns appmesh-system
+```
+
+Setup fargate-profile
+```sh
+eksctl create fargateprofile --cluster $CLUSTER_NAME --namespace appmesh-system
+```
+
+Enable IAM OIDC provider
+```sh
+eksctl utils associate-iam-oidc-provider --region=$AWS_REGION --cluster=$CLUSTER_NAME --approve
+```
+
+Create IRSA for appmesh-controller
+```sh
+eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
+        --namespace appmesh-system \
+        --name appmesh-controller \
+        --attach-policy-arn  arn:aws:iam::aws:policy/AWSCloudMapFullAccess,arn:aws:iam::aws:policy/AWSAppMeshFullAccess \
+        --override-existing-serviceaccounts \
+        --approve
+```
+
+Deploy appmesh-controller
 ```sh
 helm upgrade -i appmesh-controller eks/appmesh-controller \
---namespace appmesh-system
+    --namespace appmesh-system \
+    --set region=$AWS_REGION \
+    --set serviceAccount.create=false \
+    --set serviceAccount.name=appmesh-controller
 ```
 
-The [configuration](#configuration) section lists the parameters that can be configured during installation.
+### EKS with IAM Roles for Service Account
 
-## Use EKS IAM Roles for service account
+```
+export CLUSTER_NAME=<eks-cluster-name>
+export AWS_REGION=<aws-region e.g. us-east-1>
+```
 
-Find the service account used by appmesh-controller
+Create namespace
+```sh
+kubectl create ns appmesh-system
+```
 
+Create IRSA for appmesh-controller
 ```sh
-kubectl get deployment -n appmesh-system appmesh-controller -o json | jq -r ".spec.template.spec.serviceAccount"
+eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \
+    --cluster=$CLUSTER_NAME \
+    --approve
+
+eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
+    --namespace appmesh-system \
+    --name appmesh-controller \
+    --attach-policy-arn  arn:aws:iam::aws:policy/AWSCloudMapFullAccess,arn:aws:iam::aws:policy/AWSAppMeshFullAccess \
+    --override-existing-serviceaccounts \
+    --approve
 ```
 
-Setup IAM role for service account using the policy above. See https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html
+Deploy appmesh-controller
+```sh
+helm upgrade -i appmesh-controller eks/appmesh-controller \
+    --namespace appmesh-system \
+    --set region=$AWS_REGION \
+    --set serviceAccount.create=false \
+    --set serviceAccount.name=appmesh-controller
+```
+
+### Regular Kubernetes distribution
+
+```sh
+helm upgrade -i appmesh-controller eks/appmesh-controller \
+    --namespace appmesh-system
+```
+
+The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
 ## Uninstalling the Chart
 
@@ -96,4 +164,4 @@ Parameter | Description | Default
 `rbac.create` | if `true`, create and use RBAC resources | `true`
 `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
 `serviceAccount.create` | If `true`, create a new service account | `true`
-`serviceAccount.name` | Service account to be used | None
\ No newline at end of file
+`serviceAccount.name` | Service account to be used | None

From 993ffada897fcbcba645271f0582517f5901e079 Mon Sep 17 00:00:00 2001
From: Kiran Meduri <meduri@amazon.com>
Date: Thu, 20 Feb 2020 07:38:09 -0800
Subject: [PATCH 3/3] Moved regular-kubernetes-distribution section to top

---
 stable/appmesh-controller/README.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md
index 8f917ff80..ea9f4aa4d 100644
--- a/stable/appmesh-controller/README.md
+++ b/stable/appmesh-controller/README.md
@@ -50,6 +50,15 @@ kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=m
 
 Install the App Mesh CRD controller:
 
+### Regular Kubernetes distribution
+
+```sh
+helm upgrade -i appmesh-controller eks/appmesh-controller \
+    --namespace appmesh-system
+```
+
+The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
 ### EKS on Fargate
 
 ```
@@ -126,15 +135,6 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \
     --set serviceAccount.name=appmesh-controller
 ```
 
-### Regular Kubernetes distribution
-
-```sh
-helm upgrade -i appmesh-controller eks/appmesh-controller \
-    --namespace appmesh-system
-```
-
-The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
 ## Uninstalling the Chart
 
 To uninstall/delete the `appmesh-controller` deployment: