...
- Integration of an Ingress Controller for Northbound access control and reduction of NodePorts
- Network Policies (Deferred to El Alto - due to lack of available resources)
- Transparent TLS enablement via Istio reference integration required Istio→AFF integration (de-prioritized by security subcommittee)
Addressed to a degree with M3 Checkpoint item under Security - "Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?".
With the ability to disable all embedded encryption mechanisms, allows for Service Providers to choose to use Istio or other similar technologies.
Footprint Optimization
- Database Consolidation (DBaaS)
- single shared MariaDB-Galera instance (clients in Dublin: SO, SDNC)
- includes removing mySQL from SDNC in favor of MariaDB-Galera
- single shared Cassandra instance (clients in Dublin: AAI, SDC)
- Portal on shared MariaDB-Galera and Cassandra being investigated (Stretch Goal - has not yet been communicated with Portal Team)
- single shared Postgres instance (deferred to El Alto)
- single shared MariaDB-Galera instance (clients in Dublin: SO, SDNC)
...