Add tls configuration options to helm README

Author: joesbigidea

config/helm/appmesh-controller/README.md

@@ -50,7 +50,7 @@ eksctl utils associate-iam-oidc-provider --region=$AWS_REGION \
     --approve
 ```
 
-Download the IAM policy for AWS App Mesh Kubernetes Controller 
+Download the IAM policy for AWS App Mesh Kubernetes Controller
 ```
 curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/controller-iam-policy.json
 ```
@@ -91,7 +91,7 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
 **Note**
-If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`.   
+If you want to start the controller in the EKS private cluster, enable the app mesh and service discovery VPC endpoints to the linked private subnet first. Also accountId is a required field now as `--set accountId=$AWS_ACCOUNT_ID`.
 If you want to enable X-ray tracing in private cluster, enable the X-ray VPC endpoint. Also, ECR VPC endpoint [does not support public repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). Controller uses `public.ecr.aws/xray/aws-xray-daemon:latest` by default, so you need to pull this image to local and [push it into your personal ECR repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html). Set it when deploying the controller like:
 ```
 helm upgrade -i appmesh-controller eks/appmesh-controller \
@@ -104,17 +104,17 @@ helm upgrade -i appmesh-controller eks/appmesh-controller \
     --set tracing.enabled=true \
     --set tracing.provider=x-ray \
     --set xray.image.repository={your-account-id}.dkr.ecr.{your-region}.amazonaws.com/{your-repository} \
-    --set xray.image.tag={your-xray-daemon-image-tag} 
+    --set xray.image.tag={your-xray-daemon-image-tag}
 ```
-Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway.   
-More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html 
+Verify if the X-ray daemon being injected successfully when binding application deployment with virtual node/gateway.
+More troubleshooting please see: https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html
 
 **Note**
 Make sure that the Envoy proxies have the following IAM policies attached for the Envoy to authenticate with AWS App Mesh and fetch it's configuration
 - https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
 
-There are **2 ways** you can attach the above policy to the Envoy Pod  
-#### With IRSA     
+There are **2 ways** you can attach the above policy to the Envoy Pod
+#### With IRSA
 Download the Envoy IAM policy
 ```
 curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
@@ -129,7 +129,7 @@ aws iam create-policy \
 
 Take note of the policy ARN that is returned
 
-If your Mesh enabled applications are already using IRSA then you can attach the above policy to the role belonging to the existing IRSA or you can edit the Trust Relationship of the existing iam role which has this envoy policy so that some other service account in your mesh can also assume this role.  
+If your Mesh enabled applications are already using IRSA then you can attach the above policy to the role belonging to the existing IRSA or you can edit the Trust Relationship of the existing iam role which has this envoy policy so that some other service account in your mesh can also assume this role.
 
 If not then you can create a service account for your application namespace and use the ARN from the step above. Ensure that Application Namespace already exists
 
@@ -145,9 +145,9 @@ eksctl create iamserviceaccount --cluster $CLUSTER_NAME \
 Reference this Service Account in your application pod spec. This should be the pod which would get injected with the Envoy. Refer below example:
 ```
 https://github.com/aws/aws-app-mesh-examples/blob/5a2d04227593d292d52e5e2ca638d808ebed5e70/walkthroughs/howto-k8s-fargate/v1beta2/manifest.yaml.template#L220
-``` 
+```
 
-#### Without IRSA   
+#### Without IRSA
 Find the Node Instance IAM Role from your worker nodes and attach below policies to it.
 **Note** If you created service account for the controller as indicated above then you can skip attaching the Controller IAM policy to worker nodes. Instead attach only the Envoy IAM policy.
 
@@ -160,7 +160,7 @@ curl -o controller-iam-policy.json https://raw.githubusercontent.com/aws/aws-app
 
 Envoy IAM policy
 Attach the below envoy policy to your Worker Nodes (Node Instance IAM Role)
-- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json  
+- https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
 Use below command to download the policy if not already
 ```sh
 curl -o envoy-iam-policy.json https://raw.githubusercontent.com/aws/aws-app-mesh-controller-for-k8s/master/config/iam/envoy-iam-policy.json
@@ -449,3 +449,5 @@ Parameter | Description | Default
 `env` |  environment variables to be injected into the appmesh-controller pod | `{}`
 `livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`)
 `podDisruptionBudget` | PodDisruptionBudget | `{}`
+`tlsMinVersion` | Minimum TLS version for the controller webhook server as shown in [here](https://github.com/kubernetes/component-base/blob/master/cli/flag/ciphersuites_flag.go#L114) | `VersionTLS12`
+`tlsCipherSuite` | Comma delimited TLS cipher suites for the controller webhook server as shown [here](https://pkg.go.dev/crypto/tls#pkg-constants) | None