...
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption on Ingress (optional)
- Internal communication:
- Service Mesh enabled
- No TLS port encryption on pods
- Direct encrypted inter-component communication (via sidecars)
Solution using Istio (all ONAP components deployed on one k8s cluster):
| draw.io Diagram |
|---|
| border | true |
|---|
| diagramName | dia-4 |
|---|
| simpleViewer | false |
|---|
| width | 400 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 801 |
|---|
| revision | 35 |
|---|
|
Solution using Istio (all ONAP components deployed on different k8s clusters):
| draw.io Diagram |
|---|
| border | true |
|---|
| diagramName | dia-6 |
|---|
| simpleViewer | false |
|---|
| width | 400 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 1111 |
|---|
| revision | 10 |
|---|
|
Alternative future solution using eBPF via Cilium:
...
| draw.io Diagram |
|---|
| border | true |
|---|
| diagramName | Dia5 |
|---|
| simpleViewer | false |
|---|
| width | 400 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 972 |
|---|
| revision | 78 |
|---|
|
Alternative (insecure options)
...
| draw.io Diagram |
|---|
| border | true |
|---|
| diagramName | Unbenanntes Diagramm |
|---|
| simpleViewer | false |
|---|
| width | 400 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 801 |
|---|
| revision | 45 |
|---|
|
Option 2 (inter-component encryption)
...
| draw.io Diagram |
|---|
| border | true |
|---|
| diagramName | Dia3 |
|---|
| simpleViewer | false |
|---|
| width | 400 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 801 |
|---|
| revision | 1 |
|---|
|
...
