You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
Assumptions
- ONAP Components:
- AAF will be removed
- → No Container port encryption
- Services must not use NodePorts
- → external communication only via Ingress
- Inter-component communication
- direct communication (as today)
- via Ingress (Seshu's proposal) ?
- Ingress support:
- Istio IngressGateway
- Nginx Ingress ?
- Communication encryption:
- on Ingress level (adding certificate to Gateway)
- on SM (e.g. Istio sidecars)
- on Kernel Level (using eBPF via Cilium)
Communication patterns
- Intra-Component communication (e.g. between so-bpmn-infra and so-sdnc-adapter)
- Inter-Component communication (e.g. between onap-cli and so)
- External communication (e.g. user → sdc-ui)
Options
No ONAP internal encryption:
- Intra-Component: unencrypted
- Inter-Component: unencrypted
- External: unencrypted/encrypted
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkFuZHJlYXMgR2Vpc3NsZXIiLCJvdXRwdXRUeXBlIjoiYmxvY2siLCJsYXN0TW9kaWZpZXJOYW1lIjoiQW5kcmVhcyBHZWlzc2xlciIsImxhbmd1YWdlIjoiZW4iLCJkaWFncmFtRGlzcGxheU5hbWUiOiIiLCJzRmlsZUlkIjoiIiwiYXR0SWQiOiIxMzg4NzMxNjciLCJkaWFncmFtTmFtZSI6IlVuYmVuYW5udGVzIERpYWdyYW1tIiwiYXNwZWN0IjoiIiwibGlua3MiOiJhdXRvIiwiY2VvTmFtZSI6Ik9OQVAgXCJOZXR3b3JraW5nXCIgT3B0aW9ucyAoXHUwMDNlXHUwMDNkS29obikiLCJ0YnN0eWxlIjoidG9wIiwiY2FuQ29tbWVudCI6ZmFsc2UsImRpYWdyYW1VcmwiOiIiLCJjc3ZGaWxlVXJsIjoiIiwiYm9yZGVyIjp0cnVlLCJtYXhTY2FsZSI6IjEiLCJvd25pbmdQYWdlSWQiOjEzODg3MzEwOSwiZWRpdGFibGUiOmZhbHNlLCJjZW9JZCI6MTM4ODczMTkwLCJwYWdlSWQiOiIiLCJsYm94Ijp0cnVlLCJzZXJ2ZXJDb25maWciOnsiZW1haWxwcmV2aWV3IjoiMSJ9LCJvZHJpdmVJZCI6IiIsInJldmlzaW9uIjoxLCJtYWNyb0lkIjoiZjVkYTA5YmMtZWU5ZC00NTE0LTliMmEtMTYzNjg3ZDUyOTAyIiwicHJldmlld05hbWUiOiJVbmJlbmFubnRlcyBEaWFncmFtbS5wbmciLCJsaWNlbnNlU3RhdHVzIjoiT0siLCJzZXJ2aWNlIjoiIiwiaXNUZW1wbGF0ZSI6IiIsIndpZHRoIjoiNDAwIiwic2ltcGxlVmlld2VyIjpmYWxzZSwibGFzdE1vZGlmaWVkIjoxNjU4MzI4MzM0MDAwLCJleGNlZWRQYWdlV2lkdGgiOmZhbHNlLCJvQ2xpZW50SWQiOiIifQ==
- Inter-Component encryption:
- Intra-Component: unencrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
- Intra-Component: encrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
Implementation proposals
Option 1