-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
75 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,76 @@ | ||
| # tfmod-istio | ||
|
|
||
| Istio is a service mesh that provides encryption services to network traffic within the node and externally. | ||
|
|
||
| Generally, for services exposed outside of the EKS cluster, istio terminates TLS connections at the istio-ingressgateay in the istio-system namespace. | ||
| Then, for pod-to-pod communication, istio sidecar proxies provide encryption for in-cluster communication. | ||
| Istio is a highly configurable service mesh and can be configured permissively (enable encryption where possible, allow non-encrypted communication if one of the services is not configured with the istio proxy) or restrictively (enforce all encryption requirements, if a pod does not have a istio proxy configured, prevent communication with that pod.) | ||
|
|
||
| Important Topics / Concepts: | ||
| - Gateway/VirtualService/DestinationRule objects allow for services to be exposed outside of the cluster. | ||
| - AuthorizationPolicy/RequestAuthentication objects allow for configuration of which identities are allowed to call services, and which services are allowed to interact with other services. | ||
|
|
||
| ## Input | ||
|
|
||
| **profile** `string` | ||
|
|
||
| AWS_PROFILE to use to apply the terraform script. | ||
|
|
||
| Default: `""` | ||
|
|
||
|
|
||
| **cluster_name** `string` | ||
|
|
||
| The name of the cluster into which istio will be installed. | ||
|
|
||
|
|
||
| **region** `string` | ||
|
|
||
| The region in which the cluster is running. | ||
|
|
||
|
|
||
| **namespace** `string` | ||
|
|
||
| The namespace to install the istio components. | ||
|
|
||
| Default: `"istio-system"` | ||
|
|
||
|
|
||
| **istio_chart_version** `string` | ||
|
|
||
| The version of istio to install into the cluster. | ||
|
|
||
| Default: `"1.18.2"` | ||
|
|
||
|
|
||
| **istio_version** `string` | ||
|
|
||
| The version of istio to install into the cluster. | ||
|
|
||
| Default: `"1.18.2"` | ||
|
|
||
|
|
||
| **enable_telemetry** `string` | ||
|
|
||
| Enable Istio's stracing, monitoring, and logging features. | ||
|
|
||
| Default: `"true"` | ||
|
|
||
|
|
||
| **enable_egress_gateway** `bool` | ||
|
|
||
| Enable Istio to control outbound traffic from the cluster. | ||
|
|
||
| Default: `true` | ||
|
|
||
|
|
||
| # Output | ||
|
|
||
| **module_name** | ||
|
|
||
| The name of this module. | ||
|
|
||
| **module_version** | ||
|
|
||
| The version of this module. | ||
|
|