You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Assumptions
- ONAP Components:
- AAF will be removed
- → No Container port encryption
- Services must not use NodePorts
- → external communication only via Ingress
- Inter-component communication
- direct communication (as today)
- via Ingress (Seshu's proposal) ?
- Ingress support:
- Istio IngressGateway
- Nginx Ingress ?
- Communication encryption:
- on Ingress level (adding certificate to Gateway)
- on SM (e.g. Istio sidecars)
- on Kernel Level (using eBPF via Cilium)
Communication patterns
- Intra-Component communication (e.g. between so-bpmn-infra and so-sdnc-adapter)
- Inter-Component communication (e.g. between onap-cli and so)
- External communication (e.g. user → sdc-ui)
Options
- No ONAP internal encryption:
- Intra-Component: unencrypted
- Inter-Component: unencrypted
- External: unencrypted/encrypted
- Inter-Component encryption:
- Intra-Component: unencrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
- Full encryption:
- Intra-Component: encrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
Implementation proposals
Option 1