diff --git a/cmd/deploy.yaml b/cmd/deploy.yaml
index f9d725d..cb22393 100644
--- a/cmd/deploy.yaml
+++ b/cmd/deploy.yaml
@@ -17,9 +17,10 @@ spec:
     spec:
       containers:
         - name: APP
-          image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
+          image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:dev
           imagePullPolicy: Always
           args:
+            - server
             - --tls-cert-file-path=/etc/webhook/certs/cert.pem
             - --tls-key-file-path=/etc/webhook/certs/key.pem
           ports:
diff --git a/cmd/server.go b/cmd/server.go
index a3c7397..fa03fd8 100644
--- a/cmd/server.go
+++ b/cmd/server.go
@@ -40,6 +40,7 @@ type Config struct {
 	WebhookListenAddr string
 	TLSCertFilePath   string
 	TLSKeyFilePath    string
+	XffNumTrustedHops int
 }
 
 var (
@@ -108,7 +109,7 @@ var (
 										})
 										typedConfig["upgradeConfigs"] = upgradeConfigs
 										typedConfig["useRemoteAddress"] = true
-										typedConfig["xffNumTrustedHops"] = 2
+										typedConfig["xffNumTrustedHops"] = cmdConfig.XffNumTrustedHops
 									}
 								}
 							}
@@ -181,4 +182,5 @@ func init() {
 	serverCmd.PersistentFlags().StringVar(&cmdConfig.WebhookListenAddr, "webhook-listen-address", ":8080", "The address where the HTTPS server will be listening to serve the webhooks.")
 	serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSCertFilePath, "tls-cert-file-path", "", "The path for the webhook HTTPS server TLS cert file.")
 	serverCmd.PersistentFlags().StringVar(&cmdConfig.TLSKeyFilePath, "tls-key-file-path", "", "The path for the webhook HTTPS server TLS key file.")
+	serverCmd.PersistentFlags().IntVar(&cmdConfig.XffNumTrustedHops, "xff-num-trusted-hops", 1, "The number of trusted hops for the X-Forwarded-For header.")
 }