Update README.md for Xray private cluster instruction (#746)

* Update README.md for private cluster instruction * Update README.md for xray setting in private cluster
aws · Nov 22, 2023 · 5a8bba5 · 5a8bba5
1 parent b7715a5
commit 5a8bba5
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/config/helm/appmesh-controller/README.md b/config/helm/appmesh-controller/README.md
@@ -92,7 +92,22 @@ The [configuration](#configuration) section lists the parameters that can be con
 
 **Note**
 If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`.   
-More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html (ECR VPC endpoint doc says ECR VPC endpoint [does not support public repo](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). It's outdated information.)
+If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like:
+```
+helm upgrade -i appmesh-controller eks/appmesh-controller \
+    --namespace appmesh-system \
+    --set region=$AWS_REGION \
+    --set serviceAccount.create=false \
+    --set serviceAccount.name=appmesh-controller \
+    --set accountId=$AWS_ACCOUNT_ID \
+    --set log.level=debug \
+    --set tracing.enabled=true \
+    --set tracing.provider=x-ray \
+    --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \
+    --set xray.image.tag={your-xray-daemon-image-tag} 
+```
+Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway.   
+More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html 
 
 **Note**
 Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration