Merge branch 'master' into fix/rbac-apiVersion

.github/CODEOWNERS

@@ -0,0 +1,21 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+*       @bwagner5 @kishorj @fawadkhaliq @jaypipes
+
+/stable/appmesh-controller/ @achevuru @fawadkhaliq
+/stable/appmesh-gateway/ @stefanprodan
+/stable/appmesh-grafana/ @achevuru @fawadkhaliq
+/stable/appmesh-inject/ @achevuru @fawadkhaliq
+/stable/appmesh-jaeger/ @achevuru @fawadkhaliq
+/stable/appmesh-prometheus/ @achevuru @fawadkhaliq
+
+/stable/aws-load-balancer-controller/ @kishorj @M00nF1sh
+
+/stable/aws-calico/ @jayanthvn
+/stable/aws-vpc-cni/ @jayanthvn
+
+/stable/aws-node-termination-handler/ @bwagner5
+
+/stable/aws-sigv4-proxy-admission-controller/ @alanprot @alolita
+
+/stable/aws-for-fluent-bit/ @PettitWesley @hossain-rayhan

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,25 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A concise description of what the bug is.
+
+**Steps to reproduce**
+
+**Expected outcome**
+A concise description of what you expected to happen.
+
+**Environment**
+
+* Chart name:
+* Chart version:
+* Kubernetes version:
+* Using EKS (yes/no), if so version?
+
+**Additional Context**:

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem?**
+A description of what the problem is. For example: I'm frustrated when [...]
+
+**Is your feature request related to a specific Helm chart, if yes mention name of the chart?**
+e.g. appmesh-controller
+
+**Describe the solution you'd like**
+A description of what you want to happen.
+
+**Describe alternatives you've considered**
+A description of any alternative solutions or features you've considered.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,5 +1,19 @@
-Issue #, if available:
+### Issue
 
-Description of changes:
+<!-- Please link the GitHub issues related to this PR, if available -->
+
+### Description of changes
+
+<!-- Please explain the changes you made here. -->
+
+### Checklist
+- [ ] Added/modified documentation as required (such as the `README.md` for modified charts)
+- [ ] Incremented the chart `version` in `Chart.yaml` for the modified chart(s)
+- [ ] Manually tested. Describe what testing was done in the testing section below
+- [ ] Make sure the title of the PR is a good description that can go into the release notes
+
+### Testing
+
+<!-- Please explain what testing was done. -->
 
 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

README.md

@@ -13,6 +13,8 @@ helm repo add eks https://aws.github.io/eks-charts
 * [appmesh-prometheus](stable/appmesh-prometheus): App Mesh Prometheus Helm chart for Kubernetes
 * [appmesh-grafana](stable/appmesh-grafana): App Mesh Grafana Helm chart for Kubernetes
 * [appmesh-jaeger](stable/appmesh-jaeger): App Mesh Jaeger Helm chart for Kubernetes
+* [appmesh-spire-server](stable/appmesh-spire-server): App Mesh SPIRE Server Helm chart for Kubernetes
+* [appmesh-spire-agent](stable/appmesh-spire-agent): App Mesh SPIRE Agent Helm chart for Kubernetes
 * [appmesh-gateway](stable/appmesh-gateway): App Mesh Gateway Helm chart for Kubernetes
 * [appmesh-inject](stable/appmesh-inject)(**deprecated**): App Mesh inject Helm chart for Kubernetes
 
@@ -23,7 +25,7 @@ helm repo add eks https://aws.github.io/eks-charts
 * [aws-calico](stable/aws-calico): Install Calico network policy enforcement on AWS
 
 ### AWS CloudWatch Metrics
-* [aws-cloudwatch-metrics](stable/aws-cloudwatch): A helm chart for CloudWatch Agent to Collect Cluster Metrics
+* [aws-cloudwatch-metrics](stable/aws-cloudwatch-metrics): A helm chart for CloudWatch Agent to Collect Cluster Metrics
 
 ### AWS for Fluent Bit
 * [aws-for-fluent-bit](stable/aws-for-fluent-bit): A helm chart for [AWS-for-fluent-bit](https://github.com/aws/aws-for-fluent-bit)
@@ -34,6 +36,9 @@ helm repo add eks https://aws.github.io/eks-charts
 ### AWS VPC CNI
 * [aws-vpc-cni](stable/aws-vpc-cni): Networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS. https://github.com/aws/amazon-vpc-cni-k8s
 
+### AWS SIGv4 Proxy Admission Controller
+* [aws-sigv4-proxy-admission-controller](stable/aws-sigv4-proxy-admission-controller): A helm chart for [AWS SIGv4 Proxy Admission Controller](https://github.com/aws-observability/aws-sigv4-proxy-admission-controller)
+
 ## License
 
 This project is licensed under the Apache-2.0 License.

scripts/install-toolchain.sh

@@ -37,7 +37,9 @@ mv "${TMP_DIR}/helmv3/${PLATFORM}-${ARCH}/helm" "${TOOLS_DIR}/helmv3"
 rm -rf "${PLATFORM}-${ARCH}"
 
 ## Initialize helm
-helm init --client-only --kubeconfig="${BUILD_DIR}/.kube/kubeconfig"
+
+helm init --stable-repo-url https://charts.helm.sh/stable --client-only --kubeconfig="${BUILD_DIR}/.kube/kubeconfig"
+
 
 ## Install kind
 curl -sSL "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-${PLATFORM}-${ARCH}" -o "${TOOLS_DIR}/kind"

stable/appmesh-controller/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: appmesh-controller
 description: App Mesh controller Helm chart for Kubernetes
-version: 1.1.16
-appVersion: 1.1.1
+version: 1.3.1
+appVersion: 1.3.0
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

stable/appmesh-controller/README.md

@@ -62,8 +62,10 @@ aws iam create-policy \
 ```
 Take note of the policy ARN that is returned
 
-
 Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above
+
+> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665))
+
 ```
 eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
     --namespace appmesh-system \
@@ -74,6 +76,9 @@ eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
 ```
 
 Deploy appmesh-controller
+
+**Note:** To enable mTLS via SDS(SPIRE), please set "sds.enabled=true".
+
 ```sh
 helm upgrade -i appmesh-controller eks/appmesh-controller \
     --namespace appmesh-system \
@@ -142,6 +147,9 @@ aws iam create-policy \
 Take note of the policy ARN that is returned
 
 Create an IAM role for service account for the App Mesh Kubernetes controller, use the ARN from the step above
+
+> Note: if you deleted `serviceaccount` in the `appmesh-system` namespace, you will need to delete and re-create `iamserviceaccount`. `eksctl` does not override the `iamserviceaccount` correctly ([see this issue](https://github.com/weaveworks/eksctl/issues/2665))
+
 ```
 eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
     --namespace appmesh-system \
@@ -152,6 +160,9 @@ eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
 ```
 
 Deploy appmesh-controller
+
+**Note:** mTLS via SDS(SPIRE) is not supported on Fargate.
+
 ```sh
 helm upgrade -i appmesh-controller eks/appmesh-controller \
     --namespace appmesh-system \
@@ -305,6 +316,8 @@ Parameter | Description | Default
 `image.tag` | image tag | `<VERSION>`
 `image.pullPolicy` | image pull policy | `IfNotPresent`
 `log.level` | controller log level, possible values are `info` and `debug`  | `info`
+`sds.enabled` | If `true`, SDS will be enabled in Envoy | `false`
+`sds.udsPath` | Unix Domain Socket Path of the SDS Provider(SPIRE in the current release) | `/run/spire/sockets/agent.sock`
 `resources.requests/cpu` | pod CPU request | `100m`
 `resources.requests/memory` | pod memory request | `64Mi`
 `resources.limits/cpu` | pod CPU limit | `2000m`
@@ -322,6 +335,8 @@ Parameter | Description | Default
 `sidecar.image.repository` | Envoy image repository. If you override with non-Amazon built Envoy image, you will need to test/ensure it works with the App Mesh | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy`
 `sidecar.image.tag` | Envoy image tag | `<VERSION>`
 `sidecar.logLevel` | Envoy log level | `info`
+`sidecar.envoyAdminAccessPort` | Envoy Admin Access Port | `9901`
+`sidecar.envoyAdminAccessLogFile` | Envoy Admin Access Log File | `/tmp/envoy_admin_access.log`
 `sidecar.resources.requests` | Envoy container resource requests | `requests: cpu 10m memory 32Mi`
 `sidecar.resources.limits` | Envoy container resource limits | `limits: cpu "" memory ""`
 `sidecar.lifecycleHooks.preStopDelay` | Envoy container PreStop Hook Delay Value | `20s`
@@ -331,6 +346,8 @@ Parameter | Description | Default
 `init.image.tag` | Route manager image tag | `<VERSION>`
 `stats.tagsEnabled` |  If `true`, Envoy should include app-mesh tags | `false`
 `stats.statsdEnabled` |  If `true`, Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 | `false`
+`stats.statsdAddress` |  DogStatsD daemon IP address | `127.0.0.1`
+`stats.statsdPort` |  DogStatsD daemon port | `8125`
 `cloudMapCustomHealthCheck.enabled` |  If `true`, CustomHealthCheck will be enabled for CloudMap Services | `false`
 `cloudMapDNS.ttl` |  Sets CloudMap DNS TTL | `300`
 `tracing.enabled` |  If `true`, Envoy will be configured with tracing | `false`
@@ -342,3 +359,4 @@ Parameter | Description | Default
 `xray.image.tag` | X-Ray image tag | `latest`
 `accountId` | AWS Account ID for the Kubernetes cluster | None
 `env` |  environment variables to be injected into the appmesh-controller pod | `{}`
+`livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`)

stable/appmesh-controller/ci/values.yaml

@@ -4,6 +4,6 @@
 accountId: 123456789
 region: us-west-2
 image:
-  repository: fawadkhaliq/appmesh-controller
-  tag: v1.1.1-rc2
+  repository: apuroop/appmesh-controller
+  tag: v1.3.0
   pullPolicy: IfNotPresent