...
CBS Api’s are used by all Service components to retrieve the configuration from consul during startup (and for periodic polling after). To support ONAP S3P security needs, Configbinding Service apis should be switched to HTTPS. As this has impact across all DCAE services, this has to be introduced in phased manner. El-Alto focus will on getting CBS HTTPS deployed and corresponding libraries updated.
Proposed solution diagram (author: Kornel Janiak@Nokia):
| Gliffy | ||||
|---|---|---|---|---|
|
Assumptions
- Not all service will switch to TLS interface for El-Alto
- CBS deployments must support both HTTPS and HTTP in-parallel
- SDK library (python and java) have separate api/version to let application choose migration
- *Can* deploy two instances in the same pod (CBS http and CBS HTTPS) under the same K8S service
- CBS is not be enabled for client-auth
...