Install the App Mesh Controller

This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at

Helm V3

If the command below gives you an error, follow this link to install the latest version of Helm.

helm version --short

The AWS App Mesh Controller for Kubernetes is easily installed using Helm. To get started, add the EKS Charts repository.

helm repo add eks

helm repo list | grep eks-charts


Create the appmesh-system namespace and attach IAM Policies for AWS App Mesh and AWS Cloud Map full access.

if you are new to the IAM Roles for Service Accounts (IRSA) concept, Click here for me information.

kubectl create ns appmesh-system

# Create your OIDC identity provider for the cluster
eksctl utils associate-iam-oidc-provider \
  --cluster eksworkshop-eksctl \

# Download the IAM policy document for the controller
curl -o controller-iam-policy.json

# Create an IAM policy for the controller from the policy document
aws iam create-policy \
    --policy-name AWSAppMeshK8sControllerIAMPolicy \
    --policy-document file://controller-iam-policy.json

# Create an IAM role and service account for the controller
eksctl create iamserviceaccount \
  --cluster eksworkshop-eksctl \
  --namespace appmesh-system \
  --name appmesh-controller \
  --attach-policy-arn arn:aws:iam::$ACCOUNT_ID:policy/AWSAppMeshK8sControllerIAMPolicy  \
  --override-existing-serviceaccounts \

Now install App Mesh Controller into the appmesh-system namespace using the project’s Helm chart.

helm upgrade -i appmesh-controller eks/appmesh-controller \
  --namespace appmesh-system \
  --set region=${AWS_REGION} \
  --set serviceAccount.create=false \

Now list all resources in the appmesh-system namespace and verify the installation was successful.

kubectl -n appmesh-system get all

The output should be similar to this:

NAME                                   READY   STATUS    RESTARTS   AGE
pod/appmesh-controller-866f8b8cdf-twkcq   1/1     Running   0          2m

NAME                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/appmesh-controller-webhook-service   ClusterIP   <none>        443/TCP   2m

NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/appmesh-controller        1/1     1            1           2m

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/appmesh-controller-866f8b8cdf   1         1         1       2m

You can also see that the App Mesh Custom Resource Definitions were installed.

kubectl get crds | grep appmesh                2020-10-15T15:49:26Z                       2020-10-15T15:49:26Z              2020-10-15T15:49:26Z                 2020-10-15T15:49:26Z               2020-10-15T15:49:26Z              2020-10-15T15:49:26Z