[BUG] Enoy Proxy container fails to initialize while trying to create an app mesh using the dj-app #435
Labels
bug
Something isn't working
Comments
arunvthangaraj
changed the title
|
We do mention about the envoy policies in the installation instructions. Which service account to use for these envoy policy attachment is left to the customers as instructed here. |
|
Thanks for the information. I was following the instructions in "Getting started with App Mesh" section on eksworkshop.com. The instructions in the workshop does not mention to update the POD spec to use the correct service account. I will review the workshop instructions one more time before raising this issue in the right channel. |
madrian
added a commit
to madrian/eks-workshop
that referenced
this issue
Nov 16, 2021
This is to fix an issue in app-mesh-examples aws/aws-app-mesh-examples#435 to add the serviceAccountName before restarting the pods.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Ran into an issue while trying to create an app mesh using the dj-app at aws-app-mesh-examples/examples/apps/djapp/
With the current deployment files, when the envoy proxy sidecar container is automatically injected, it will not have the necessary permission "appmesh:StreamAggregatedResources". This is because the iamserviceaccount that is created as part of the tutorial is not included in the base app deployment definition.
Platform
EKS
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The Envoy proxy sidecar container should initialize successfully and there should not be any iam permission error.
Additional context
After adding the serviceAccountName (which has the correct role with policies attached) to all the deployment definition in 1_base_application/base_app.yaml the envoy proxy container initialized successfully without any issue.
The text was updated successfully, but these errors were encountered: