App Mesh Gateway Helm chart for Kubernetes.
- App Mesh CRDs
- App Mesh Manager >= 1.0.0
Note App Mesh Gateway is a release candidate and can be used by enabling App Mesh preview features (available only in us-west-2 region).
To enable the preview features:
- When configuring IAM policies, use
appmesh-preview
as the service name instead ofappmesh
- Install the App Mesh CRDs with:
kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=preview
- Install the App Mesh Controller chart from the preview branch
- When configuring pods, add the following annotation so Envoy sidecars point to the preview as well:
annotations:
appmesh.k8s.aws/preview: enabled
Add the EKS repository to Helm:
helm repo add eks https://aws.github.io/eks-charts
Create a namespace with injection enabled:
kubectl create ns appmesh-ingress
kubectl label namespace appmesh-ingress appmesh.k8s.aws/sidecarInjectorWebhook=enabled
Deploy the App Mesh Gateway in the appmesh-ingress
namespace:
helm upgrade -i appmesh-gateway eks/appmesh-gateway \
--namespace appmesh-ingress
Find the NLB address:
kubectl get svc appmesh-gateway -n appmesh-ingress
The configuration section lists the parameters that can be configured during installation.
Install the Horizontal Pod Autoscaler (HPA) metrics server:
helm upgrade -i metrics-server stable/metrics-server \
--namespace kube-system \
--set args[0]=--kubelet-preferred-address-types=InternalIP
Configure CPU requests for the gateway pods and enable HPA by setting an average CPU utilization per pod:
helm upgrade -i appmesh-gateway eks/appmesh-gateway \
--namespace appmesh-ingress \
--set hpa.enabled=true \
--set hap.minReplicas=2 \
--set hap.maxReplicas=5 \
--set hap.averageUtilization=90 \
--set resources.requests.cpu=1000m
To uninstall/delete the appmesh-gateway
deployment:
$ helm delete appmesh-gateway -n appmesh-ingress
The command removes all the Kubernetes components associated with the chart and deletes the release.
The following tables lists the configurable parameters of the chart and their default values.
Parameter | Description | Default |
---|---|---|
image.repository |
image repository | 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy |
image.tag |
image tag | <VERSION> |
image.pullPolicy |
image pull policy | IfNotPresent |
skipImageOverride |
when enabled the App Mesh injector will not override the Envoy image | false |
service.type |
service type | LoadBalancer |
service.port |
service port | 80 |
service.annotations |
service annotations | NLB load balancer type |
service.externalTrafficPolicy |
when set to Local it preserves the client source IP |
Cluster |
appmesh.gateway |
create a VirtualGateway object |
true |
appmesh.preview |
enable App Mesh Preview (us-west-2 only) | false |
resources.requests/cpu |
pod CPU request | 100m |
resources.requests/memory |
pod memory request | 64Mi |
hpa.enabled |
enabled CPU based auto-scaling | false |
hpa.minReplicas |
minimum number of replicas | 2 |
hpa.maxReplicas |
maximum number of replicas | 5 |
hpa.averageUtilization |
CPU average utilization percentage | 90 |
hpa.enabled |
enabled CPU based auto-scaling | false |
podAntiAffinity |
soft pod anti-affinity, one replica per node | true |
podAnnotations |
annotations to add to each pod | {} |
nodeSelector |
node labels for pod assignment | {} |
tolerations |
list of node taints to tolerate | [] |
rbac.pspEnabled |
If true , create and use a restricted pod security policy |
false |
serviceAccount.create |
If true , create a new service account |
true |
serviceAccount.name |
Service account to be used | None |