apiVersion: appmesh.k8s.aws/v1beta2 kind: VirtualNode metadata: name: yelb-appserver namespace: yelb spec: podSelector: matchLabels: app: yelb-appserver listeners: - portMapping: port: 4567 protocol: http tls: mode: STRICT certificate: sds: secretName: spiffe://am-multi-account-mesh/yelbapp validation: trust: sds: secretName: spiffe://am-multi-account-mesh subjectAlternativeNames: match: exact: - spiffe://am-multi-account-mesh/frontend serviceDiscovery: awsCloudMap: namespaceName: am-multi-account.local serviceName: yelb-appserver backends: - virtualService: virtualServiceRef: name: yelb-db - virtualService: virtualServiceRef: name: redis-server backendDefaults: clientPolicy: tls: enforce: true mode: STRICT certificate: sds: secretName: spiffe://am-multi-account-mesh/yelbapp validation: trust: sds: secretName: spiffe://am-multi-account-mesh subjectAlternativeNames: match: exact: - spiffe://am-multi-account-mesh/yelbdb - spiffe://am-multi-account-mesh/redis --- apiVersion: appmesh.k8s.aws/v1beta2 kind: VirtualRouter metadata: namespace: yelb name: yelb-appserver spec: awsName: yelb-appserver-virtual-router listeners: - portMapping: port: 4567 protocol: http routes: - name: route-to-yelb-appserver httpRoute: match: prefix: / action: weightedTargets: - virtualNodeRef: name: yelb-appserver weight: 1 retryPolicy: maxRetries: 2 perRetryTimeout: unit: ms value: 2000 httpRetryEvents: - server-error - client-error - gateway-error --- apiVersion: appmesh.k8s.aws/v1beta2 kind: VirtualService metadata: name: yelb-appserver namespace: yelb spec: awsName: yelb-appserver provider: virtualRouter: virtualRouterRef: name: yelb-appserver