You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Assumptions

  • ONAP Components:
    • AAF will be removed
    • → No Container port encryption
  • Services must not use NodePorts 
    • → external communication only via Ingress
    • Inter-component communication
      • direct communication (as today)
      • via Ingress (Seshu's proposal) ?
  • Ingress support:
    • Istio IngressGateway
    • Nginx Ingress ?
  • Communication encryption:
    • on Ingress level (adding certificate to Gateway)
    • on SM (e.g. Istio sidecars)
    • on Kernel Level (using eBPF via Cilium)

Communication patterns

  • Intra-Component communication (e.g. between so-bpmn-infra and so-sdnc-adapter)
  • Inter-Component communication (e.g. between onap-cli and so)
  • External communication (e.g. user → sdc-ui)

Options

  • No ONAP internal encryption:

    1. Intra-Component: unencrypted
    2. Inter-Component: unencrypted
    3. External: unencrypted/encrypted

  • Inter-Component encryption:
    1. Intra-Component: unencrypted
    2. Inter-Component: encrypted
    3. External: unencrypted/encrypted

Full encryption:

    1. Intra-Component: encrypted
    2. Inter-Component: encrypted
    3. External: unencrypted/encrypted

Implementation proposals

Option 1

  • No service Mesh


  • No labels