...
No ONAP internal encryption:
- Intra-Component: unencrypted
- Inter-Component: unencrypted
- External: unencrypted/encrypted
- Inter-Component encryption:
- Intra-Component: unencrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
- Full encryption:
- Intra-Component: encrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
Implementation proposals
Option 1 (no ONAP internal Encryption)
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption
- on Ingress (
- optional)
- Internal communication:
- No service Mesh
- No TLS port encryption on pods
- Direct unencrypted inter-component communication
draw.io Diagram | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Option 2 (inter-component encryption)
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption
- on Ingress (
- optional)
- Internal communication:
- No service Mesh
- No TLS port encryption on pods
- Inter-component communication via Ingress (encrypted)
draw.io Diagram | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Option 3 (full encryption)
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption on Ingress (
- optional)
- Internal communication:
- Service Mesh enabled
- No TLS port encryption on pods
- Direct encrypted inter-component communication (via sidecars)
Solution using Istio:
draw.io Diagram | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...