Page History

...

1. No ONAP internal encryption:

   1. Intra-Component: unencrypted
   2. Inter-Component: unencrypted
   3. External: unencrypted/encrypted
2. Inter-Component encryption:
   1. Intra-Component: unencrypted
   2. Inter-Component: encrypted
   3. External: unencrypted/encrypted
3. Full encryption:
   1. Intra-Component: encrypted
   2. Inter-Component: encrypted
   3. External: unencrypted/encrypted

Implementation proposals

Option 1 (no ONAP internal Encryption)

• External communication:
  • Components expose (external) interfaces to Ingress 
  • Encryption
  optional encryption
  • on Ingress (
  for external communication)
  • optional)
• Internal communication: 
  • No service Mesh
  • No TLS port encryption on pods
  direct connection between component pods
  • Direct unencrypted inter-component communication

Option 2 (inter-component encryption)

• External communication:
  • Components expose (external) interfaces to Ingress 
  • Encryption
  optional encryption
  • on Ingress (
  for external communication)
  • optional)
• Internal communication: 
  • No service Mesh
  • No TLS port encryption on pods
  connection between components
  • Inter-component communication via Ingress (encrypted)

Option 3 (full encryption)

• External communication:
  • Components expose (external) interfaces to Ingress 
  optional encryption
  • Encryption on Ingress (
  for external communication)
  • optional)
• Internal communication: 
  • Service Mesh enabled
  • No TLS port encryption on pods
  direct connection between component pods
  • Direct encrypted inter-component communication (via sidecars)

Solution using Istio:

...