diff --git a/README.md b/README.md index e861a44..5174baa 100644 --- a/README.md +++ b/README.md @@ -1 +1,76 @@ # tfmod-istio + +Istio is a service mesh that provides encryption services to network traffic within the node and externally. + +Generally, for services exposed outside of the EKS cluster, istio terminates TLS connections at the istio-ingressgateay in the istio-system namespace. +Then, for pod-to-pod communication, istio sidecar proxies provide encryption for in-cluster communication. +Istio is a highly configurable service mesh and can be configured permissively (enable encryption where possible, allow non-encrypted communication if one of the services is not configured with the istio proxy) or restrictively (enforce all encryption requirements, if a pod does not have a istio proxy configured, prevent communication with that pod.) + +Important Topics / Concepts: +- Gateway/VirtualService/DestinationRule objects allow for services to be exposed outside of the cluster. +- AuthorizationPolicy/RequestAuthentication objects allow for configuration of which identities are allowed to call services, and which services are allowed to interact with other services. + +## Input + +**profile** `string` + +AWS_PROFILE to use to apply the terraform script. + +Default: `""` + + +**cluster_name** `string` + +The name of the cluster into which istio will be installed. + + +**region** `string` + +The region in which the cluster is running. + + +**namespace** `string` + +The namespace to install the istio components. + +Default: `"istio-system"` + + +**istio_chart_version** `string` + +The version of istio to install into the cluster. + +Default: `"1.18.2"` + + +**istio_version** `string` + +The version of istio to install into the cluster. + +Default: `"1.18.2"` + + +**enable_telemetry** `string` + +Enable Istio's stracing, monitoring, and logging features. + +Default: `"true"` + + +**enable_egress_gateway** `bool` + +Enable Istio to control outbound traffic from the cluster. + +Default: `true` + + +# Output + +**module_name** + +The name of this module. + +**module_version** + +The version of this module. +