Skip to content

Commit

Permalink
Autogenerated.
Browse files Browse the repository at this point in the history
  • Loading branch information
@zawac002
zawac002 committed Nov 1, 2023
1 parent 23a6618 commit 84b37aa
Showing 1 changed file with 72 additions and 72 deletions.
144 changes: 72 additions & 72 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,76 +1,76 @@
# tfmod-istio

Istio is a service mesh that provides encryption services to network traffic within the node and externally.
Istio is a service mesh that provides encryption services to network
traffic within the node and externally.

Generally, for services exposed outside of the EKS cluster, istio
terminates TLS connections at the istio-ingressgateway in the
istio-system namespace. For pod-to-pod communication, istio sidecar
proxies provide encryption for in-cluster communication. Istio is a
highly configurable service mesh and can be configured permissively
(enable encryption where possible, allow non-encrypted communication
if one of the services is not configured with the istio proxy) or
restrictively (enforce all encryption requirements, if a pod does not
have a istio proxy configured, prevent communication with that pod.)

## Important Topics / Concepts:

- Gateway/VirtualService/DestinationRule objects allow for services to
be exposed outside of the cluster.
- AuthorizationPolicy/RequestAuthentication objects allow for
configuration of which identities are allowed to call services, and
which services are allowed to interact with other services.

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which istio will be installed. | `string` | n/a | yes |
| <a name="input_enable_egress_gateway"></a> [enable\_egress\_gateway](#input\_enable\_egress\_gateway) | Enable Istio to control outbound traffic from the cluster. | `bool` | `true` | no |
| <a name="input_enable_telemetry"></a> [enable\_telemetry](#input\_enable\_telemetry) | Enable Istio's stracing, monitoring, and logging features. | `string` | `"true"` | no |
| <a name="input_extra_listener_ports"></a> [extra\_listener\_ports](#input\_extra\_listener\_ports) | A list of additional ports that the ingress load balancer should listen to, 9094 for kafka as an example. | <pre>list(object({<br> name = string<br> port = string<br> }))</pre> | `[]` | no |
| <a name="input_istio_chart_version"></a> [istio\_chart\_version](#input\_istio\_chart\_version) | The version of istio to install into the cluster. | `string` | `"1.18.2"` | no |
| <a name="input_istio_version"></a> [istio\_version](#input\_istio\_version) | The version of istio to install into the cluster. | `string` | `"1.18.2"` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the istio components. Defaults to 'istio-system' | `string` | `"istio-system"` | no |
| <a name="input_profile"></a> [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
| <a name="input_region"></a> [region](#input\_region) | The region in which the cluster is running. | `string` | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | Tags to be added to the load balancer in AWS. | `map(string)` | `{}` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |

## Resources

| Name | Type |
|------|------|
| [helm_release.base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.egress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
| [kubernetes_service.apiserver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | 2.0.2 |

Generally, for services exposed outside of the EKS cluster, istio terminates TLS connections at the istio-ingressgateay in the istio-system namespace.
Then, for pod-to-pod communication, istio sidecar proxies provide encryption for in-cluster communication.
Istio is a highly configurable service mesh and can be configured permissively (enable encryption where possible, allow non-encrypted communication if one of the services is not configured with the istio proxy) or restrictively (enforce all encryption requirements, if a pod does not have a istio proxy configured, prevent communication with that pod.)

Important Topics / Concepts:
- Gateway/VirtualService/DestinationRule objects allow for services to be exposed outside of the cluster.
- AuthorizationPolicy/RequestAuthentication objects allow for configuration of which identities are allowed to call services, and which services are allowed to interact with other services.

## Input

**profile** `string`

AWS_PROFILE to use to apply the terraform script.

Default: `""`


**cluster_name** `string`

The name of the cluster into which istio will be installed.


**region** `string`

The region in which the cluster is running.


**namespace** `string`

The namespace to install the istio components.

Default: `"istio-system"`


**istio_chart_version** `string`

The version of istio to install into the cluster.

Default: `"1.18.2"`


**istio_version** `string`

The version of istio to install into the cluster.

Default: `"1.18.2"`


**enable_telemetry** `string`

Enable Istio's stracing, monitoring, and logging features.

Default: `"true"`


**enable_egress_gateway** `bool`

Enable Istio to control outbound traffic from the cluster.

Default: `true`


# Output

**module_name**

The name of this module.

**module_version**

The version of this module.

0 comments on commit 84b37aa

Please sign in to comment.