From 84b37aa7021b2e1d6e087e2e7bf7cd7461c50d69 Mon Sep 17 00:00:00 2001 From: Anthony Zawacki Date: Wed, 1 Nov 2023 10:45:31 -0400 Subject: [PATCH] Autogenerated. --- README.md | 144 +++++++++++++++++++++++++++--------------------------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 5174baa..f13b0c3 100644 --- a/README.md +++ b/README.md @@ -1,76 +1,76 @@ # tfmod-istio -Istio is a service mesh that provides encryption services to network traffic within the node and externally. +Istio is a service mesh that provides encryption services to network +traffic within the node and externally. + +Generally, for services exposed outside of the EKS cluster, istio +terminates TLS connections at the istio-ingressgateway in the +istio-system namespace. For pod-to-pod communication, istio sidecar +proxies provide encryption for in-cluster communication. Istio is a +highly configurable service mesh and can be configured permissively +(enable encryption where possible, allow non-encrypted communication +if one of the services is not configured with the istio proxy) or +restrictively (enforce all encryption requirements, if a pod does not +have a istio proxy configured, prevent communication with that pod.) + +## Important Topics / Concepts: + +- Gateway/VirtualService/DestinationRule objects allow for services to + be exposed outside of the cluster. +- AuthorizationPolicy/RequestAuthentication objects allow for + configuration of which identities are allowed to call services, and + which services are allowed to interact with other services. + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.5.0 | +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 5.14.0 | +| [helm](#requirement\_helm) | >= 2.11.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | +| [null](#requirement\_null) | >= 3.2.1 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which istio will be installed. | `string` | n/a | yes | +| [enable\_egress\_gateway](#input\_enable\_egress\_gateway) | Enable Istio to control outbound traffic from the cluster. | `bool` | `true` | no | +| [enable\_telemetry](#input\_enable\_telemetry) | Enable Istio's stracing, monitoring, and logging features. | `string` | `"true"` | no | +| [extra\_listener\_ports](#input\_extra\_listener\_ports) | A list of additional ports that the ingress load balancer should listen to, 9094 for kafka as an example. | 
list(object({
    name = string
    port = string
  }))
| `[]` | no | +| [istio\_chart\_version](#input\_istio\_chart\_version) | The version of istio to install into the cluster. | `string` | `"1.18.2"` | no | +| [istio\_version](#input\_istio\_version) | The version of istio to install into the cluster. | `string` | `"1.18.2"` | no | +| [namespace](#input\_namespace) | The namespace to install the istio components. Defaults to 'istio-system' | `string` | `"istio-system"` | no | +| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | +| [region](#input\_region) | The region in which the cluster is running. | `string` | n/a | yes | +| [tags](#input\_tags) | Tags to be added to the load balancer in AWS. | `map(string)` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [module\_name](#output\_module\_name) | The name of this module. | +| [module\_version](#output\_module\_version) | The version of this module. | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.egress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | +| [kubernetes_service.apiserver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | 2.0.2 | -Generally, for services exposed outside of the EKS cluster, istio terminates TLS connections at the istio-ingressgateay in the istio-system namespace. -Then, for pod-to-pod communication, istio sidecar proxies provide encryption for in-cluster communication. -Istio is a highly configurable service mesh and can be configured permissively (enable encryption where possible, allow non-encrypted communication if one of the services is not configured with the istio proxy) or restrictively (enforce all encryption requirements, if a pod does not have a istio proxy configured, prevent communication with that pod.) - -Important Topics / Concepts: -- Gateway/VirtualService/DestinationRule objects allow for services to be exposed outside of the cluster. -- AuthorizationPolicy/RequestAuthentication objects allow for configuration of which identities are allowed to call services, and which services are allowed to interact with other services. - -## Input - -**profile** `string` - -AWS_PROFILE to use to apply the terraform script. - -Default: `""` - - -**cluster_name** `string` - -The name of the cluster into which istio will be installed. - - -**region** `string` - -The region in which the cluster is running. - - -**namespace** `string` - -The namespace to install the istio components. - -Default: `"istio-system"` - - -**istio_chart_version** `string` - -The version of istio to install into the cluster. - -Default: `"1.18.2"` - - -**istio_version** `string` - -The version of istio to install into the cluster. - -Default: `"1.18.2"` - - -**enable_telemetry** `string` - -Enable Istio's stracing, monitoring, and logging features. - -Default: `"true"` - - -**enable_egress_gateway** `bool` - -Enable Istio to control outbound traffic from the cluster. - -Default: `true` - - -# Output - -**module_name** - -The name of this module. - -**module_version** - -The version of this module.