in pkg/inject/config.go [144:239]
func (cfg *Config) BindFlags(fs *pflag.FlagSet) {
fs.BoolVar(&cfg.EnableIAMForServiceAccounts, flagEnableIAMForServiceAccounts, true,
`If enabled, a fsGroup: 1337 will be injected in the absence of it within pod securityContext`)
fs.BoolVar(&cfg.EnableECRSecret, flagEnableECRSecret, false,
"If enabled, 'appmesh-ecr-secret' secret will be injected in the absence of it within pod imagePullSecrets")
fs.BoolVar(&cfg.EnableSDS, flagEnableSDS, false,
"If enabled, mTLS support via SDS will be enabled")
//Set to the SPIRE Agent's default UDS path for now as App Mesh only supports SPIRE as SDS provider for preview.
fs.StringVar(&cfg.SdsUdsPath, flagSdsUdsPath, "/run/spire/sockets/agent.sock",
"Unix Domain Socket path for SDS provider")
fs.BoolVar(&cfg.EnableBackendGroups, flagEnableBackendGroups, false, "If enabled, experimental Backend Groups feature will be enabled.")
fs.StringVar(&cfg.SidecarImageRepository, flagSidecarImageRepository, "public.ecr.aws/appmesh/aws-appmesh-envoy",
"Envoy sidecar container image repository.")
fs.StringVar(&cfg.SidecarImageTag, flagSidecarImageTag, "v1.29.12.1-prod", "Envoy sidecar container image tag.")
fs.StringVar(&cfg.SidecarCpuRequests, flagSidecarCpuRequests, "10m",
"Sidecar CPU resources requests.")
fs.StringVar(&cfg.SidecarMemoryRequests, flagSidecarMemoryRequests, "32Mi",
"Sidecar memory resources requests.")
fs.StringVar(&cfg.SidecarCpuLimits, flagSidecarCpuLimits, "",
"Sidecar CPU resources limits.")
fs.StringVar(&cfg.SidecarMemoryLimits, flagSidecarMemoryLimits, "",
"Sidecar memory resources limits.")
fs.BoolVar(&cfg.Preview, flagPreview, false,
"Enable preview channel")
fs.StringVar(&cfg.LogLevel, flagLogLevel, "info",
"AWS App Mesh envoy log level")
fs.Int32Var(&cfg.EnvoyAdminAcessPort, flagEnvoyAdminAccessPort, 9901,
"AWS App Mesh envoy admin access port")
fs.StringVar(&cfg.EnvoyAdminAccessLogFile, flagEnvoyAdminAccessLogFile, "/tmp/envoy_admin_access.log",
"AWS App Mesh envoy access log path")
fs.StringVar(&cfg.PreStopDelay, flagPreStopDelay, "20",
"AWS App Mesh envoy preStop hook sleep duration")
fs.Int32Var(&cfg.PostStartTimeout, flagPostStartTimeout, 180,
"AWS App Mesh envoy postStart hook timeout duration")
fs.Int32Var(&cfg.PostStartInterval, flagPostStartInterval, 5,
"AWS App Mesh envoy postStart hook interval duration")
fs.Int32Var(&cfg.ReadinessProbeInitialDelay, flagReadinessProbeInitialDelay, 1,
"Number of seconds after Envoy has started before readiness probes are initiated")
fs.Int32Var(&cfg.ReadinessProbePeriod, flagReadinessProbePeriod, 10,
"How often (in seconds) to perform the readiness probe on Envoy container")
fs.StringVar(&cfg.InitImage, flagInitImage, "840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager:v7-prod",
"Init container image.")
fs.StringVar(&cfg.IgnoredIPs, flagIgnoredIPs, "169.254.169.254",
"Init container ignored IPs.")
fs.BoolVar(&cfg.EnableJaegerTracing, flagEnableJaegerTracing, false,
"Enable Envoy Jaeger tracing")
fs.StringVar(&cfg.JaegerAddress, flagJaegerAddress, "appmesh-jaeger.appmesh-system",
"Jaeger address")
fs.StringVar(&cfg.JaegerPort, flagJaegerPort, "9411",
"Jaeger port")
fs.BoolVar(&cfg.EnableDatadogTracing, flagEnableDatadogTracing, false,
"Enable Envoy Datadog tracing")
fs.StringVar(&cfg.DatadogAddress, flagDatadogAddress, "datadog.appmesh-system",
"Datadog Agent address")
fs.Int32Var(&cfg.DatadogPort, flagDatadogPort, 8126,
"Datadog Agent tracing port")
fs.BoolVar(&cfg.EnableXrayTracing, flagEnableXrayTracing, false,
"Enable Envoy X-Ray tracing integration and injects xray-daemon as sidecar")
fs.Int32Var(&cfg.XrayDaemonPort, flagXrayDaemonPort, 2000,
"X-Ray Agent tracing port")
fs.StringVar(&cfg.XraySamplingRate, flagXraySamplingRate, "0.05",
"X-Ray tracer sampling rate")
fs.StringVar(&cfg.XrayLogLevel, flagXrayLogLevel, "prod",
"X-Ray Agent log level")
fs.StringVar(&cfg.XrayConfigRoleArn, flagXrayConfigRoleArn, "",
"X-Ray Agent IAM role to upload segments to a different account")
fs.StringVar(&cfg.XRayImage, flagXRayImage, "public.ecr.aws/xray/aws-xray-daemon",
"X-Ray daemon container image")
fs.BoolVar(&cfg.EnableStatsTags, flagEnableStatsTags, false,
"Enable Envoy to tag stats")
fs.BoolVar(&cfg.EnableStatsD, flagEnableStatsD, false,
"If enabled, Envoy will send DogStatsD metrics to 127.0.0.1:8125")
fs.StringVar(&cfg.StatsDAddress, flagStatsDAddress, "127.0.0.1",
"DogStatsD Agent address")
fs.Int32Var(&cfg.StatsDPort, flagStatsDPort, 8125,
"DogStatsD Agent tracing port")
fs.StringVar(&cfg.StatsDSocketPath, flagStatsDSocketPath, "",
"DogStatsD Agent unix domain socket")
fs.BoolVar(&cfg.DualStackEndpoint, flagDualStackEndpoint, false, "Use DualStack Endpoint")
fs.BoolVar(&cfg.DualStackEndpoint, flagEnvoyAdminAccessEnableIpv6, false, "Enable Admin access when using IPv6")
fs.StringVar(&cfg.ClusterName, flagClusterName, "", "ClusterName in context")
fs.BoolVar(&cfg.WaitUntilProxyReady, flagWaitUntilProxyReady, false,
"Enable pod postStart hook to delay application startup until proxy is ready to accept traffic")
fs.BoolVar(&cfg.FipsEndpoint, flagFipsEndpoint, false, "Use Fips Endpoint")
fs.StringVar(&cfg.EnvoyAwsAccessKeyId, flagEnvoyAwsAccessKeyId, "",
"Access key for envoy container (for integration testing)")
fs.StringVar(&cfg.EnvoyAwsSecretAccessKey, flagEnvoyAwsSecretAccessKey, "",
"Secret access key for envoy container (for integration testing)")
fs.StringVar(&cfg.EnvoyAwsSessionToken, flagEnvoyAwsSessionToken, "",
"Session token for envoy container (for integration testing)")
fs.StringVar(&cfg.TlsMinVersion, flagTlsMinVersion, "VersionTLS12",
"Minimum TLS version supported. Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants.")
fs.StringSliceVar(&cfg.TlsCipherSuite, flagTlsCipherSuite, nil,
"Comma-separated list of cipher suites for the server. Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). If omitted, the default Go cipher suites will be used")
}