Versions Compared

Old Version 1

changes.mady.by.user Andreas Geißler

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Geißler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status <London

Drawio
bordertrue
diagramNameKohn
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth806
revision2

...

  • ONAP pods providing TLS (HTTPs) interfaces
  • Retrieve certificates during startup from AAF Certificate Manager
  • ONAP pod interface is exposed via service using "NodePort" (if cluster exteernal external access is required)
  • Hosts expose the "NodePort" via its Host IPs

  • Example (SDC-UI):

    • https://<HostIP>:30207/sdc1/portal

London (Development)

Drawio
bordertrue
diagramNameLondon (Development)
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth806
revision2

  • Removal of AAF
  • ONAP pods providing non-TLS (HTTP) interfaces
  • ONAP pod interface is exposed via service using "NodePort" (if cluster external access is required)
  • Hosts expose the "NodePort" via its Host IPs

  • Example (SDC-UI):

    • http://<HostIP>:30207/sdc1/portal


London (Production)

Drawio
bordertrue
diagramNameLondon (Production)
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth724
revision5

  • ONAP pods provide non-TLS (HTTP) interfaces
  • Encrypted communication via Envoy Proxies (nTLS) provided by ServiceMesh (Istio)
  • ONAP pod interface is exposed through Ingress (Istio-Gateway)
  • Service access via hostname (configured by Gateway/VirtualService in Ingress GW)
  • External TLS interface on Ingress Gateway
  • Authentication/Authorisation via oauth2-proxy and Keycloak
  • Example (SDC-UI):