---
apiVersion: v1
kind: Namespace
metadata:
  name: appmesh-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-mesh-controller
  namespace: appmesh-system
  labels:
    app: app-mesh-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app-mesh-controller
  template:
    metadata:
      labels:
        app: app-mesh-controller
    spec:
      serviceAccountName: app-mesh-sa
      containers:
        - name: app-mesh-controller
          image: 672518094988.dkr.ecr.us-west-2.amazonaws.com/amazon/app-mesh-controller:v0.1.0
          ports:
            - containerPort: 10555
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: app-mesh-sa
  namespace: appmesh-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: app-mesh-controller
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["*"]
  - apiGroups: ["appmesh.k8s.aws"]
    resources: ["meshes", "virtualnodes", "virtualservices", "meshes/status", "virtualnodes/status", "virtualservices/status"]
    verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: app-mesh-controller-binding
subjects:
  - kind: ServiceAccount
    name: app-mesh-sa
    namespace: appmesh-system
    apiGroup: ""
roleRef:
  kind: ClusterRole
  name: app-mesh-controller
  apiGroup: ""