This page explains the steps to deploy the ONAP4K8s behind an ISTIO Service mesh. It also explains how to expose the application behind the services to the outside world, enforce authentication policies and implement RBAC Rules.

Following are the steps to deploy the ONAP4K8s profile.


Clone the repository from the below link 

git clone https://github.com/onap/multicloud-k8s.git

  1. Deploy ISTIO Service mesh with mutual authentication enabled. This stage has 2 steps as below.a. Deploy ISTIO Operator - Refer README from here.
    b. Deploy the ISTIO configuration  - Refer README from here

  2. Deploy services - multicloud-k8s - Refer here

  3. Deploy ISTIO Gateway and VirtualService to expose the application outside the cluster - Refer

  4. Deploy an Authentication mechanism - Keycloak is being used in ONAP4K8s. But other Authentication and Authorization can be used. (ORY/Hydra, Auth0) - Refer here

  5. Apply ISTIO Policy on istio-ingressgateway to restrict the access of unauthorized user into the cluster

  6. Apply ISTIO RBAC Rules to have fine-grained access to application resources to specific user/Applications.
    a. Enable RBAC for namespaces if it is not enabled already.