The indent for the nodeselector is only 6. It should be 8. With 6 the keys in the nodeselector are level with the nodeselector: key. This is the same issue for affinity and tolerations.

The file in question: https://github.com/aws/eks-charts/blob/master/stable/appmesh-controller/templates/deployment.yaml

See the following lines:

• 78
• 82
• 86

Hi, there seems to be issue with step to Enable X-Ray tracing for the App Mesh data plane.

When you run this command, it actually takes default mesh name value "global" from Values.yaml and overwrites mesh name that you set during admission controller deployment. This basically breaks up mesh connectivity and is kind of unexpected, because you think you are just enabling
additional component and not touching mesh name at this point.

helm upgrade -i appmesh-inject eks/appmesh-inject \
--namespace appmesh-system \
--set tracing.enabled=true \
--set tracing.provider=x-ray

Workaround as of now is to run command like below, but it would be great if you can update README to specify this. I've spent considerable amount of time troubleshooting this.

helm upgrade -i appmesh-inject eks/appmesh-inject \
--namespace appmesh-system \
--set tracing.enabled=true \
--set tracing.provider=x-ray \
--set mesh.name=<your_mesh_name>

According the documentation in aws-VPC-CNI helm chart,
“ If you receive an error similar to Error: release aws-vpc-cni failed: "aws-node" already exists, simply rerun the above command.”

This causes issues with automation. This should be handled automatically in the helm chart and not require a rerun of the command by user.

The Calico chart lacks a PDB for the typha-autoscaler deployment, which of course makes the cluster autoscaler unhappy :-(

cluster-autoscaler-aws-cluster-autoscaler-fb47d97f5-zsg8p aws-cluster-autoscaler I0527 06:49:06.265085       1 cluster.go:107] Fast evaluation: node ip-10-2-142-113.eu-north-1.compute.internal cannot be removed: non-daemonset, non-mirrored, non-pdb-assigned kube-system pod present: calico-typha-horizontal-autoscaler-5bf589dd7d-sl4nm

Publish charts from CircleCI to gh-pages branch and expose the Helm repository with GitHub pages on https://aws.github.io/eks-charts

typha autoscaler logs:
E0416 03:30:41.156961 1 reflector.go:283] github.com/kubernetes-incubator/cluster-proportional-autoscaler/pkg/autoscaler/k8sclient/k8sclient.go:96: Failed to watch *v1.Node: unknown (get nodes) │
│ E0416 03:30:42.163238 1 reflector.go:283] github.com/kubernetes-incubator/cluster-proportional-autoscaler/pkg/autoscaler/k8sclient/k8sclient.go:96: Failed to watch *v1.Node: unknown (get nodes) │
│ E0416 03:30:43.170184 1 reflector.go:283] github.com/kubernetes-incubator/cluster-proportional-autoscaler/pkg/autoscaler/k8sclient/k8sclient.go:96: Failed to watch *v1.Node: unknown (get nodes) │
│ I0416 03:30:44.157683 1 k8sclient.go:221] Falling back to extensions/v1beta1, error using apps/v1: deployments.apps "calico-typha" is forbidden: User "system:serviceaccount:kube-system:calico-ty │
│ pha-cpha" cannot get resource "deployments/scale" in API group "apps" in the namespace "kube-system" │
│ E0416 03:30:44.463196 1 reflector.go:283] github.com/kubernetes-incubator/cluster-proportional-autoscaler/pkg/autoscaler/k8sclient/k8sclient.go:96: Failed to watch *v1.Node: unknown (get nodes) │
│ E0416 03:30:45.563406 1 reflector.go:283] github.com/kube

it looks like there is missing permission in typha-cpha Rola and ClusterRole:

--- a/stable/aws-calico/templates/rbac.yaml
+++ b/stable/aws-calico/templates/rbac.yaml
ClusterRole:
resources: ["nodes"]
old verbs: ["list"]
new verbs: ["watch", "list"]

Role:
old - apiGroups: ["extensions"]
new - apiGroups: ["extensions", "apps"]
resources: ["deployments/scale"]
verbs: ["get", "update"]

Create a Grafana chart with an App Mesh overview dashboard based on Prometheus metrics.

Would be good to have a chart for this also: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/config/v1.5/cni-metrics-helper.yaml

Can you release the latest version of AWS VPC CNI ?
Thanks

https://github.com/aws/eks-charts/tree/gh-pages

#126

Create a Prometheus chart configured to scrape and store App Mesh control pane and data plane metrics. The mesh metrics should be compatible with Flagger's builtin checks (request success rate and request duration).

helm/helm#6753 (comment)

thanks!

Add the X-Ray tracing option to App Mesh Inject chart.

The release (to Helm repo) process for the eks-charts source repository is automated in a CircleCI job:

However, we do not currently ensure that when a Chart is updated in a Git commit since the last git tag on the source repository (i.e. the last release) that the Chart's version field is also updated.

We should ensure the Chart.version has changed for all charts that have been modified, otherwise we will have the same published Helm Chart version point to different configurations.

Add the App Mesh controller and injector Helm charts:

• App Mesh Controller
• App Mesh Injector

Hello,

Using VPC endpoints creates DNS records for the services that include regional names. In order to use the STS regional endpoint it's required to pass en environment variable to the Go SDK (AWS_STS_REGIONAL_ENDPOINTS).

Helm chart should include this option as an override for the default variable value.

It appears that version 0.4.0 of this helm chart is missing from https://aws.github.io/eks-charts repository.

$ helm repo add eks https://aws.github.io/eks-charts
"eks" has been added to your repositories

$ helm search eks/aws-node-termination-handler
NAME CHART VERSION APP VERSION DESCRIPTION
eks/aws-node-termination-handler 0.3.0 1.0.0 A Helm chart for the AWS Node Termination Handler

Description

• Stefanprodan/aws-app-mesh-controller-for-k8s:v0.2.0 is used for CI, but the latest version is not tested with the latest image at v0.5.0
  • https://github.com/aws/eks-charts/blob/master/stable/appmesh-inject/ci/values.yaml#L5
  • https://github.com/aws/eks-charts/blob/master/stable/appmesh-controller/ci/values.yaml#L5
• The latest image is in ECR (602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-app-mesh-inject), but I can not pull docker from circleCI, so it is for CI separately Image needs to be prepared or changed so that it can be obtained from ECR.

error msg:
failed to upgrade chart for release [calico]: failed to install CRD crds/kustomization.yaml: unable to recognize "": no matches for kind "Kustomization" in version "kustomize.config.k8s.io/v1beta1"

fluxcd helm-operator can't process the kustomization.yaml file. After adding skipCRDs in helm-operator seems to process ok.
Looking at this commit can aws calico do same?

Hey,

right now the latest chart version in your repo for the "aws-node-termination-handler" is 0.2.0. The master branch is on version 0.3.0 but this version is nowhere to be found.

The 0.2.0 version does not align with your chart description on master, because in the 0.2.0 chart you use .Values.namespace to set the namespace for the subject in the clusterrolebinding. In the 0.3.0 values description this is not mentioned and the 0.3.0 chart uses (rightfully so) the .Release.Namespace value.

EKS is one of the few managed Kubernetes platforms that doesn't provide kube-proxy as a part of the control plane upgrade, as we still have to manage/upgrade kube-proxy during EKS upgrades.

I was surprised to find 0 public helm charts for kube-proxy, and I think it's because it's pretty specific to EKS.

In the meantime I'll create my own. If you think it's a good idea, I'll PR it up to this repo, but was more curious as to why no-one else has one.

For example, the CNI chart is not there:

$ helm repo add eks https://aws.github.io/eks-charts
"eks" has been added to your repositories

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "anchore" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.

$ helm search eks
NAME                  	CHART VERSION	APP VERSION	DESCRIPTION
eks/appmesh-controller	0.3.0        	0.2.0      	App Mesh controller Helm chart for Kubernetes
eks/appmesh-inject    	0.4.0        	0.2.0      	App Mesh Inject Helm chart for Kubernetes
eks/appmesh-jaeger    	0.2.0        	1.14.0     	App Mesh Jaeger Helm chart for Kubernetes
eks/appmesh-prometheus	0.3.0        	2.13.1     	App Mesh Prometheus Helm chart for Kubernetes

Is this automated?

Hi Team,

The existing version of typha which is offered in https://github.com/aws/eks-charts/blob/v0.0.13/stable/aws-calico/values.yaml is v3.8.1. This version is facing issue in Typha Rebalancing (https://github.com/projectcalico/typha/issues/291). This issue has been fixed in version v3.12.0.

Please upgrade the version

It would be very helpful to have a helm chart for aws-for-fluent-bit in this repo,

There is a closed PR on helm incubator repo but didn't get enough attention as they don't accept any new chart.

I'm using the AWS Calico Helm chart on an EKS cluster that uses normal EC2 nodes and Fargate. I know that Calico is not supported on Fargate, but I would still like it to run on the EC2 nodes.

The Calico DaemonSet, however, is configured in such a way that it attempts to schedule Calico pods on the Fargate "nodes", which fails:

      tolerations:
        # Make sure calico/node gets scheduled on all nodes.
        - effect: NoSchedule
          operator: Exists

0/7 nodes are available: 1 Insufficient pods, 6 node(s) didn't match node selector.

I believe this could be solved using node affinity.

Please note in the Chart.yaml file, currently says appVersion: 1.0.0 should be v1.0.0

Additionally, the values.yaml file currently says:

image:
  repository: amazon/aws-node-termination-handler
  tag: 1.0.0

should be v1.0.0

Lastly, the values.yaml file must have namespace value. It is required by ClusterRoleBinding

Hello! 👋

I see version 0.8.0 of the aws-node-termination-handler has been pushed to this repository, but the Helm repository only offers 0.7.5 as the latest version:

NAME  	URL
stable	https://kubernetes-charts.storage.googleapis.com
eks   	https://aws.github.io/eks-charts
[16:26:56]~ λ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "eks" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
[16:27:02]~ λ helm search repo aws-node-termination-handler
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION
eks/aws-node-termination-handler	0.7.5        	1.4.0      	A Helm chart for the AWS Node Termination Handler

Could the chart repository be updated please?

cc @bwagner5 as you wrote the relevant commit :)

Thank you!

The readme from master should be published to the gh-pages along with the charts.

Issue
Currently is not possible to change the Egress Filter on the mesh created by the injector.
Tried to change it manually after the helm deployment, but it gets overwritten after a couple of seconds.

#112

Validate the stable charts with e2e tests on Kubernetes Kind.

Charts should have the following metadata:

home
sources
maintainers
icon
keywords

All charts must contain a readme file with a table that lists all configurable parameters.

Within the appmesh-grafana charts dashboards there is one called canary-releases.json with some json errors. These are simple syntax issues.

On line 1179 there is an extra style key:

  "style": "light",
  "style": "light",

On line 1182 there is a missing comma:

  "tags": [
    "flagger"
  ]
  "templating": { 

Update Envoy to fix CVEs https://groups.google.com/forum/m/#!topic/envoy-announce/Zo3ZEFuPWec

Currently calico helm chart do not allow for nodeSelector or nodeAffinity manipulation. Tolerations are only available in one of deployments are are hardcoded same way as 2 previous attributes.

Above makes impossible to choose nodes in cluster on which calico is installed.

Deployment.yaml file needs to be updated to allow using custom values in nodeSelector, nodeAffinity, tollerations:

    spec:
      priorityClassName: system-cluster-critical
      nodeSelector:
        beta.kubernetes.io/os: linux
      tolerations:
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists

AWS Docs and eksctl are now deploying 1.6.3. (Edit: Was 1.6.2 when the issue was submitted, see #171 (comment))

That should be stable-enough to also apply to the Helm chart? (Unless this is frozen pending aws/amazon-vpc-cni-k8s#758, I guess)

Create a chart for the App Mesh Gateway allowing users to configure NLB/ELB, auto scaling, taints and affinity. The appmesh-gateway chart should be added to the eksctl App Mesh profile.

We would like to provide some custom annotations but it fails while installing

Error: YAML parse error on appmesh-controller/templates/deployment.yaml: error converting YAML to JSON: yaml: line 24: did not find expected key
helm.go:84: [debug] error converting YAML to JSON: yaml: line 24: did not find expected key

I've tried to run the template to see more details and it seems to have a indentation problem

# values-for-appmesh-controller.yaml
podAnnotations:
  custom: test

helm template -f ./values-for-appmesh-controller.yaml  eks/appmesh-controller --debug

...
      annotations:
        prometheus.io/scrape: "true"
          custom: "test"
...
correct would be:
      annotations:
        prometheus.io/scrape: "true"
        custom: "test"

The latest appmesh-manager reads region and availability zone metadata [1] from k8s nodes and adds it as instance attributes in AWS CloudMap. The existing appmesh-manager RBAC does not setup the permission to list nodes

Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:appmesh-system:appmesh-manager" cannot list resource "nodes" in API group "" at the cluster scope

RBAC for appmesh-manager should be updated to handle this

[1] aws/aws-app-mesh-controller-for-k8s#241

Add Datadog tracing options to Inject chart.

Use CircleCI to lint and validate the stable charts manifests.

Hello, as the title, does aws-for-fluent-bit support lua?

there are few related PRs that have been closed.
helm/charts#15776

The CNI Metrics helper resources found here need to be reflected in the aws-vpc-cni chart. If given the green light I can gladly add this over the next few days

It's just confusing for everyone otherwise.

For example:
#46
#36

Add a values.yaml entry for preview option and modify the deployment template to conditionally pass the --preview argument. This will be useful to enable appmesh preview channel without having to add individual pod annotation.

Currently, On the creation of an EKS cluster, Workload like AWS CNI, Kube proxy are created automatically (I wish they were not so we can manage them in helm).

Would you be against adding a chart for Kube proxy here?
Usecase here is we want to be able to enable metric endpoints without manual intervention.

aws/containers-roadmap#657

Latest release bumped the tag for Spot instance handler. However, the image hasn't been uploaded to dockerhub so it fails to install with appVersion 1.4.0

https://github.com/aws/eks-charts/blob/v0.0.19/stable/aws-node-termination-handler/values.yaml#L6

edit the image isn't on dockerhub because it hasn't been released yet:
https://github.com/aws/aws-node-termination-handler/releases is still at 1.3.1

It would be good to have the ability to specify cpu/memory requests/limits via values file. I'd be happy to provide PR if issue is accepted.

• Create Jaeger all-in-one chart
• Add Jaeger tracing to App Mesh Inject chart

While upgrading from the version 1.0.2 to version 1.0.3, the aws-node pods of the daemonset enter in CrashLoopBackoff

  Normal   Pulling    2m15s (x2 over 3m42s)  kubelet, ec2.internal  Pulling image "602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon-k8s-cni:v1.5.5"
  Normal   Pulled     2m15s (x2 over 3m41s)  kubelet, ec2.internal  Successfully pulled image "602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon-k8s-cni:v1.5.5"
  Normal   Created    2m15s (x2 over 3m41s)  kubelet, ec2.internal  Created container aws-node
  Normal   Started    2m15s (x2 over 3m41s)  kubelet, ec2.internal  Started container aws-node
  Warning  Unhealthy  76s (x6 over 3m6s)     kubelet, ec2.internal  Liveness probe failed: OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"/app/grpc-health-probe\": stat /app/grpc-health-probe: no such file or directory": unknown
  Normal   Killing    76s (x2 over 2m46s)    kubelet, ec2.internal  Container aws-node failed liveness probe, will be restarted

It don't know if its related, but it seems that in the Daemonset the image tag wasn't changed to 1.6.0.

        containers:
          - name: aws-node
            image: "602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon-k8s-cni:v1.5.5"

Even when helm ls shows that version 1.6.0 of the application is installed:

NAME       	REVISION	UPDATED                 	STATUS         	CHART            	APP VERSION	NAMESPACE  
aws-vpc-cni	1       	Wed Mar 25 11:38:33 2020	PENDING_INSTALL	aws-vpc-cni-1.0.3	v1.6.0     	kube-system

hello,
I'm experiencing this issue while trying to run eks/appmesh-prometheus

prometheus/prometheus#5976

% kubectl logs appmesh-prometheus-5f9b989c88-gz5mr -n appmesh-system
level=warn ts=2019-10-23T07:02:45.771Z caller=main.go:282 deprecation_notice="'storage.tsdb.retention' flag is deprecated use 'storage.tsdb.retention.time' instead."
level=info ts=2019-10-23T07:02:45.771Z caller=main.go:329 msg="Starting Prometheus" version="(version=2.12.0, branch=HEAD, revision=43acd0e2e93f9f70c49b2267efa0124f1e759e86)"
level=info ts=2019-10-23T07:02:45.771Z caller=main.go:330 build_context="(go=go1.12.8, user=root@7a9dbdbe0cc7, date=20190818-13:53:16)"
level=info ts=2019-10-23T07:02:45.771Z caller=main.go:331 host_details="(Linux 4.14.146-119.123.amzn2.x86_64 #1 SMP Mon Sep 23 16:58:43 UTC 2019 x86_64 appmesh-prometheus-5f9b989c88-gz5mr (none))"
level=info ts=2019-10-23T07:02:45.771Z caller=main.go:332 fd_limits="(soft=65536, hard=65536)"
level=info ts=2019-10-23T07:02:45.771Z caller=main.go:333 vm_limits="(soft=unlimited, hard=unlimited)"
level=error ts=2019-10-23T07:02:45.771Z caller=query_logger.go:82 component=activeQueryTracker msg="Error opening query log file" file=data/queries.active err="open data/queries.active: permission denied"
panic: Unable to create mmap-ed active query log

I've installed with:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: prometheus
  namespace: appmesh-system
  labels:
    app.kubernetes.io/name: appmesh-prometheus
spec:
  storageClassName: gp2
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
EOF

helm3 upgrade -i appmesh-prometheus eks/appmesh-prometheus \
--namespace appmesh-system \
--set retention=12h \
--set persistentVolumeClaim.claimName=prometheus

Allow the App Mesh charts to be used for the App Mesh Preview Channel.

Depends on:

• Injector: amazon-archives/aws-app-mesh-inject#78
• Controller: aws/aws-app-mesh-controller-for-k8s#75