From 5a8bba57f282be7e283fa577dd20fba4962e743f Mon Sep 17 00:00:00 2001
From: Yuanshun Dong <123429070+ysdongAmazon@users.noreply.github.com>
Date: Wed, 22 Nov 2023 13:40:32 -0800
Subject: [PATCH] Update README.md for Xray private cluster instruction (#746)

* Update README.md for private cluster instruction

* Update README.md for xray setting in private cluster
---
 config/helm/appmesh-controller/README.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/config/helm/appmesh-controller/README.md b/config/helm/appmesh-controller/README.md
index 4067e8e1..c3044e94 100644
--- a/config/helm/appmesh-controller/README.md
+++ b/config/helm/appmesh-controller/README.md
@@ -92,7 +92,22 @@ The [configuration](#configuration) section lists the parameters that can be con
 
 **Note**
 If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`.   
-More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html (ECR VPC endpoint doc says ECR VPC endpoint [does not support public repo](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). It's outdated information.)
+If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like:
+```
+helm upgrade -i appmesh-controller eks/appmesh-controller \
+    --namespace appmesh-system \
+    --set region=$AWS_REGION \
+    --set serviceAccount.create=false \
+    --set serviceAccount.name=appmesh-controller \
+    --set accountId=$AWS_ACCOUNT_ID \
+    --set log.level=debug \
+    --set tracing.enabled=true \
+    --set tracing.provider=x-ray \
+    --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \
+    --set xray.image.tag={your-xray-daemon-image-tag} 
+```
+Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway.   
+More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html 
 
 **Note**
 Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration