Recording of introduction

video1075568932.mp4

Phase 1

Used Components

This PoC will use at least the following ONAP components:

AAI
- Schema Service
- Traversal (data queries)
- Search Data (only needed if using the UI)
- Resources (CRUD interaction)
- GraphAdmin (needed to set up the backend)
- others?
SDC
- BE
- FE
- Onboarding BE
VID
SO
- BPMN infra
- Catalog DB Adapter
- Monitoring
- Openstack Adapter
- Request DB Adapter
- SDNC Adapter
- SDC Controller
- API Handler (SO "base" c
DMaaP:
- Message Router
SDNC:
- DMaaP listener
- SDNC Portal
- UEB listener

Integrating the other sub components of AAI, DMaaP, SDC, SDNC and SO will be done if possible

client → https → Ingress → http → svc → http → pod

Ingress → http → sidecar → mtls → sidecar pod → http → pod

Validation Scenarios

The Validation Scenario will be to onboard and then deploy "basicUbuntu" VNF from gating system using GR API.

The validation scenario will be performed at each steps

Phase 2 (if time allows)

If "Step 1" of phase one is validated, we may move in parallel to step 2 → 4 of phase 1 to Phase 2

Used Components

On top of Phase 1 component, we'll add:

CDS
Multicloud k8s

Validation Scenario

The validation scenario will be to onboard and then deploy a CNF with values processed thanks to CDS

Flow Matrix

We have two possibilities to perform the Authoritypolicy with service mesh:

Simple

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name:so-vnfm-adapter-policy
namespace: onap
spec:
selector:
    matchLabels:
      app: aaf-cert-service                           --> name of target (service)
action: ALLOW
rules:
- from:
- source:
       principals: ["/cluster.local/ns/onap/sa/so-vnfm-adapter-sa"] --> source, in this case the service account of POD

Simple to maintain
but less secure.

Complex

apiVersion: "security.istio.io/v1beta1"
kind: AuthorizationPolicy
metadata:
    name: so-vnfm-adapter-policy
    namespace: onap
spec:
    selector:
      matchLabels:
       app: aaf-cert-service                                  --> name of target (service)
    action: ALLOW
   rules:
   - from:
   - source:
           principals: ["/cluster.local/ns/onap/sa/so-vnfm-adapter-sa"]    --> source, in this case the service account of POD
       to:
        - operation:
            ports: ["27017"]                                   --> the target port
           methods: ["GET", "POST"]                   --> the used methods

more complex to deploy
very hard to maintain if you modify the API
more secure.

Exemple of complex matrix (for simple, remove the 2 last columns):

Name of Source POD	Name of Target POD	Port Number	name of Methods
so-vnfm-adapter	aaf-cert-service	27017	GET, POST
so	aaf-locate.onap	8095
	logstash	4544
	8095
	, mariadb 3306,
	sdncOamPort: 8282,

This flows are an information but due to the complexity and the heterogeneous of configuration, Could be miss some flow.

This information were find into values.yaml or overrides.yml, depend on the component.

aai	aai	cassandra
	aai-babel	No value
	aai-data-router	No value
	aai-elasticsearch	No value
	aai-graphadmin	No value
	aai-graphadmin-job	No value
	aai-modelloader	No value
	aai-resources	No value
	aai-schema-service	No value
	aai-search-data	No value
	aai-sparky-be	aai, aai-elasticsearch, aai-gizmo, aai-search-data
	aai-traversal	No value
	aai-traversal-job	No directory
SDC	sdc	cassandra, logstashPort "5044"
	sdc-be	No value
	sdc-be-job	No directory
	sdc-cs	cassandra
	sdc-cs-job	sdc-be:8443
	sdc-dcae-be	sdc-dcae-be-8082, sdc-dcae-be-8444
	sdc-dcae-be-job	No directory
	sdc-dcae-dt	No value
	sdc-dcae-fe	No value
	sdc-dcae-tosca-lab	sdc-dcae-tosca-lab-8085 sdc-dcae-tosca-lab-8445
	sdc-fe	sdc-dcae-fe:9444, sdc.dcae.plugin.simpledemo.onap.org:30264, https://sdc.dcae.plugin.simpledemo.onap.org:30266, sdc-wfd-fe:8443, sdc.workflow.plugin.simpledemo.onap.org:30256
	sdc-onboarding-be	cassandra
	sdc-onboarding-be-job	No directory
	sdc-wfd-be	cassandraClientPort: 9042, sdc-be:8443
	sdc-wfd-be-job	No directory
	sdc-wfd-fe	/sdc-wfd-be:8443
vid	vid	mariadb, asdcclient 8443, so vidaai 8443, msoport "8080"
	vid-galera	no directory
	vid-job	no firectory
so	so	aaf-locate.onap:8095 logstashPort: 5044, mariadb 3306, sdncOamPort: 8282, mso, sdc, dmaap, nbi.onap:8080/nbi/api/v3, dmaap-bc, aai
	~~so-appc-orchestrator~~	~~appc, aaf, so-bpmn-infra ~~(Deprecated in the Guilin release)~~~~
	so-bpmn-infra	cds-blueprints-processor-grpc, aai, mso, aaf, sdnc; sniro, mso-adapter-db, mso-adapter-po, aaf , oof-osdf, so-vnfm-adapter, camanda so-openstack-adapter, so-request-db-adapter, so-sdnc-adapter, so-vfc-adapter, so-nssmf-adapter so-catalog-db-adapter, pdp, naming.demo.onap/com
	so-catalog-db-adapter	aaf , Maria DB (Gallera)
	so-mariadb	Gallera (cluster deployment)
	so-monitoring	No value
	so-nssmf-adapter	aaf, aai,so-request-request-db-adapter
	so-openstack-adapter	aaf, aai, so-request-db-adapter, so-bpmn-infra, so-catalog-db-adapter
	so-request-db-adapter	aaf, Maria DB (Gallera)
	so-sdc-controller	aai, aaf, asdc, so-catalog-db-adapter, request-db-adapter, asdc-connections, sdc-wfd-be, Maria DB (Gallera)
	so-sdnc-adapter	aaf, sndc, so-catalog-db-adapter
	~~so-ve-vnfm-adapter~~	msb-iag, aai, message-router (Deprecated in the Guilin release)
	so-vfc-adapter	aaf, so-request-db-adapter
	so-vnfm-adapter - Renamed as Sol003-adapter in Guilin	aaf, sdc-be, msb-iag, modeling-etsicatalog, aai
	so-etsi-nfvo - introduced in Guilin	aaf, sdc-be, msb-iag, modeling-etsicatalog, aai
	so-cnf-adapter -Introduced in Guilin	so-bpmn-infra
	so-oof-adater - Introduced in Guilin	oof, bpmn-infa
Dmaap	dmaap	aaf
	dmaap-bc	https://aaf-service:8100/, https://aaf-locate:8095
	dmaap-dr-node	aaf
	dmaap-dr-prov	mariadb 3306
	message-router	message-router-kafka, message-router-zookeeper
	message-router-kafka	no directory
	message-router-zookeeper	no directory
sdnc	sdnc	aaf sdnc-cert-initializer, netbox, aai, modeling, restconf, scaleout, ansible
	sdnc-ansible-server	mariadbGalera
	sdnc-db	mariadbGalera
	sdnc-dgbuilder	mariadbGalera
	sdnc-dmaap-listener	dmaap , mariadbGalera
	sdnc-portal	mariadbGalera – Sdnc portal is disabled in Frankfurt and removed in Guilin
	sdnc-ueb-listener	mariadbGalera logging sdc-be
ccsdk/cds	cds	mariadbGalera
	cds-blueprints-processor	mariadb-galera, cds-db, dmaap
	cds-command-executor	No value
	cds-db	No Directory
	cds-py-executor	No value
	cds-sdc-listener	No value
	cds-ui	cds-blueprints-processor
Multicloud	multicloud	msb-iag, log-ls, aai
	multicloud-azure	msb-iag, aai
	multicloud-fcaps	msb-iag, aai
	multicloud-k8s	No value
	multicloud-k8s-mongo	no directory
	multicloud-promotheus	logging
	multicloud-pike	msb-iag, aai
	multicloud-starlingx	msb-iag, aai
	multicloud-vio	msb-iag, aai
	multicloud-windriver	msb-iag, aai

Space shortcuts

Page tree

Recording of introduction

Phase 1

Used Components

Validation Scenarios

Phase 2 (if time allows)

Used Components

Validation Scenario

Flow Matrix

2 Comments

Seshu Kumar Mudiganti

Seshu Kumar Mudiganti

Space shortcuts

Page tree

Service Mesh PoC plan

Recording of introduction

Phase 1

Used Components

Validation Scenarios

Phase 2 (if time allows)

Used Components

Validation Scenario

Flow Matrix

2 Comments

Seshu Kumar Mudiganti

Seshu Kumar Mudiganti