Status <London
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkFuZHJlYXMgR2Vpc3NsZXIiLCJvdXRwdXRUeXBlIjoiYmxvY2siLCJsYXN0TW9kaWZpZXJOYW1lIjoiQW5kcmVhcyBHZWlzc2xlciIsImxhbmd1YWdlIjoiZW4iLCJkaWFncmFtRGlzcGxheU5hbWUiOiIiLCJzRmlsZUlkIjoiIiwiYXR0SWQiOiIxNjIxMDQ0NTYiLCJkaWFncmFtTmFtZSI6IktvaG4iLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiT05BUCBvbiBTZXJ2aWNlTWVzaCAoTG9uZG9uKSIsInRic3R5bGUiOiJ0b3AiLCJjYW5Db21tZW50IjpmYWxzZSwiZGlhZ3JhbVVybCI6IiIsImNzdkZpbGVVcmwiOiIiLCJib3JkZXIiOnRydWUsIm1heFNjYWxlIjoiMSIsIm93bmluZ1BhZ2VJZCI6MTYyMTA0NDU1LCJlZGl0YWJsZSI6ZmFsc2UsImNlb0lkIjoxNjIxMDQ0NTUsInBhZ2VJZCI6IiIsImxib3giOnRydWUsInNlcnZlckNvbmZpZyI6eyJlbWFpbHByZXZpZXciOiIxIn0sIm9kcml2ZUlkIjoiIiwicmV2aXNpb24iOjIsIm1hY3JvSWQiOiIwNTQ0MDNiOC1mYjBjLTRiZjktYWVjMS0wMDgzYjJkNDRkMDgiLCJwcmV2aWV3TmFtZSI6IktvaG4ucG5nIiwibGljZW5zZVN0YXR1cyI6Ik9LIiwic2VydmljZSI6IiIsImlzVGVtcGxhdGUiOiIiLCJ3aWR0aCI6IjgwNiIsInNpbXBsZVZpZXdlciI6ZmFsc2UsImxhc3RNb2RpZmllZCI6MTY3NjAzMTYyNjAwMCwiZXhjZWVkUGFnZVdpZHRoIjpmYWxzZSwib0NsaWVudElkIjoiIn0=
Default deployment:
- ONAP pods providing TLS (HTTPs) interfaces
- Retrieve certificates during startup from AAF Certificate Manager
- ONAP pod interface is exposed via service using "NodePort" (if cluster external access is required)
- Hosts expose the "NodePort" via its Host IPs
Example (SDC-UI):
London (Development)
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkFuZHJlYXMgR2Vpc3NsZXIiLCJvdXRwdXRUeXBlIjoiYmxvY2siLCJsYXN0TW9kaWZpZXJOYW1lIjoiQW5kcmVhcyBHZWlzc2xlciIsImxhbmd1YWdlIjoiZW4iLCJkaWFncmFtRGlzcGxheU5hbWUiOiIiLCJzRmlsZUlkIjoiIiwiYXR0SWQiOiIxNjIxMDQ0NjMiLCJkaWFncmFtTmFtZSI6IkxvbmRvbiAoRGV2ZWxvcG1lbnQpIiwiYXNwZWN0IjoiIiwibGlua3MiOiJhdXRvIiwiY2VvTmFtZSI6Ik9OQVAgb24gU2VydmljZU1lc2ggKExvbmRvbikiLCJ0YnN0eWxlIjoidG9wIiwiY2FuQ29tbWVudCI6ZmFsc2UsImRpYWdyYW1VcmwiOiIiLCJjc3ZGaWxlVXJsIjoiIiwiYm9yZGVyIjp0cnVlLCJtYXhTY2FsZSI6IjEiLCJvd25pbmdQYWdlSWQiOjE2MjEwNDQ1NSwiZWRpdGFibGUiOmZhbHNlLCJjZW9JZCI6MTYyMTA0NDU1LCJwYWdlSWQiOiIiLCJsYm94Ijp0cnVlLCJzZXJ2ZXJDb25maWciOnsiZW1haWxwcmV2aWV3IjoiMSJ9LCJvZHJpdmVJZCI6IiIsInJldmlzaW9uIjoyLCJtYWNyb0lkIjoiMzg2NzI2OGItZDk1ZS00ZGYwLTg0ODItYjJmNGFlNzhiNzY1IiwicHJldmlld05hbWUiOiJMb25kb24gKERldmVsb3BtZW50KS5wbmciLCJsaWNlbnNlU3RhdHVzIjoiT0siLCJzZXJ2aWNlIjoiIiwiaXNUZW1wbGF0ZSI6IiIsIndpZHRoIjoiODA2Iiwic2ltcGxlVmlld2VyIjpmYWxzZSwibGFzdE1vZGlmaWVkIjoxNjc2MDMzMDkwMDAwLCJleGNlZWRQYWdlV2lkdGgiOmZhbHNlLCJvQ2xpZW50SWQiOiIifQ==
- Removal of AAF
- ONAP pods providing non-TLS (HTTP) interfaces
- ONAP pod interface is exposed via service using "NodePort" (if cluster external access is required)
- Hosts expose the "NodePort" via its Host IPs
Example (SDC-UI):
London (Production)
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkFuZHJlYXMgR2Vpc3NsZXIiLCJvdXRwdXRUeXBlIjoiYmxvY2siLCJsYXN0TW9kaWZpZXJOYW1lIjoiQW5kcmVhcyBHZWlzc2xlciIsImxhbmd1YWdlIjoiZW4iLCJkaWFncmFtRGlzcGxheU5hbWUiOiIiLCJzRmlsZUlkIjoiIiwiYXR0SWQiOiIxNjIxMDQ0NjciLCJkaWFncmFtTmFtZSI6IkxvbmRvbiAoUHJvZHVjdGlvbikiLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiT05BUCBvbiBTZXJ2aWNlTWVzaCAoTG9uZG9uKSIsInRic3R5bGUiOiJ0b3AiLCJjYW5Db21tZW50IjpmYWxzZSwiZGlhZ3JhbVVybCI6IiIsImNzdkZpbGVVcmwiOiIiLCJib3JkZXIiOnRydWUsIm1heFNjYWxlIjoiMSIsIm93bmluZ1BhZ2VJZCI6MTYyMTA0NDU1LCJlZGl0YWJsZSI6ZmFsc2UsImNlb0lkIjoxNjIxMDQ0NTUsInBhZ2VJZCI6IiIsImxib3giOnRydWUsInNlcnZlckNvbmZpZyI6eyJlbWFpbHByZXZpZXciOiIxIn0sIm9kcml2ZUlkIjoiIiwicmV2aXNpb24iOjUsIm1hY3JvSWQiOiI3NDA0M2FiMS0zYWEwLTQ3MTAtYTQxNS0yYmJmN2Y5YzRjZjQiLCJwcmV2aWV3TmFtZSI6IkxvbmRvbiAoUHJvZHVjdGlvbikucG5nIiwibGljZW5zZVN0YXR1cyI6Ik9LIiwic2VydmljZSI6IiIsImlzVGVtcGxhdGUiOiIiLCJ3aWR0aCI6IjcyNCIsInNpbXBsZVZpZXdlciI6ZmFsc2UsImxhc3RNb2RpZmllZCI6MTY3NjI4NTQ4MDAwMCwiZXhjZWVkUGFnZVdpZHRoIjpmYWxzZSwib0NsaWVudElkIjoiIn0=
- ONAP pods provide non-TLS (HTTP) interfaces
- Encrypted communication via Envoy Proxies (nTLS) provided by ServiceMesh (Istio)
- ONAP pod interface is exposed through Ingress (Istio-Gateway)
- Service access via hostname (configured by Gateway/VirtualService in Ingress GW)
- External TLS interface on Ingress Gateway
- Authentication/Authorisation via oauth2-proxy and Keycloak
- Example (SDC-UI):
