#!/bin/bash set -eo pipefail if [ -z $AWS_REGION ]; then echo "AWS_REGION environment variable is not set." exit 1 fi if [ -z $CLUSTER_NAME ]; then echo "CLUSTER_NAME environment variable is not set." exit 1 fi if [ -z $ENVOY_IMAGE_REPO ]; then echo "ENVOY_IMAGE_REPO environment variable is not set." exit 1 fi if [ -z $ENVOY_IMAGE_TAG ]; then echo "ENVOY_IMAGE_TAG environment variable is not set." exit 1 fi echo "Enabling IAM OIDC Provider" eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \ --cluster=$CLUSTER_NAME \ --approve echo "Creating namespace appmesh-system" kubectl create ns appmesh-system echo "Creating namespace howto-k8s-multi-region" kubectl create ns howto-k8s-multi-region echo "Creating AppMesh Controller IAM service account" eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ --namespace appmesh-system \ --name appmesh-controller \ --attach-policy-arn arn:aws:iam::aws:policy/AWSCloudMapFullAccess,arn:aws:iam::aws:policy/AWSAppMeshFullAccess \ --override-existing-serviceaccounts \ --approve echo "Creating Envoy IAM Service Account" # The output is assigned to a variable just so that the script does not stop for a user input PolicyARN=$(aws iam create-policy \ --policy-name ${CLUSTER_NAME}-${AWS_REGION}-AWSAppMeshK8sEnvoyIAMPolicy \ --policy-document file://envoy-iam-policy.json \ --output json --query 'Policy.Arn') eksctl create iamserviceaccount --cluster $CLUSTER_NAME \ --namespace howto-k8s-multi-region \ --name appmesh-controller \ --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/${CLUSTER_NAME}-${AWS_REGION}-AWSAppMeshK8sEnvoyIAMPolicy \ --approve echo "Adding eks helm repo" helm repo add eks https://aws.github.io/eks-charts helm repo update echo "Install appmesh-controller helm chart" helm upgrade -i appmesh-controller eks/appmesh-controller \ --namespace appmesh-system \ --set region=$AWS_REGION \ --set serviceAccount.create=false \ --set serviceAccount.name=appmesh-controller \ --set sidecar.image.repository=$ENVOY_IMAGE_REPO \ --set sidecar.image.tag=$ENVOY_IMAGE_TAG