...
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption on Ingress (optional)
- Internal communication:
- Service Mesh enabled
- No TLS port encryption on pods
- Direct encrypted inter-component communication (via sidecars)
Solution using Istio (ONAP components deployed on one k8s cluster):
Drawio |
---|
border | true |
---|
diagramName | dia-4 |
---|
simpleViewer | false |
---|
width | 400 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 801 |
---|
revision | 35 |
---|
|
Solution using Istio (ONAP components deployed on different k8s clusters):
Drawio |
---|
border | true |
---|
diagramName | dia-46 |
---|
simpleViewer | false |
---|
width | 400 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 8011111 |
---|
revision | 310 |
---|
|
Solution Alternative future solution using eBPF via Cilium:
https://cilium.io/blog/2020/11/10/ebpf-future-of-networking/
https://ebpf.io/
...
Drawio |
---|
border | true |
---|
diagramName | Dia5 |
---|
simpleViewer | false |
---|
width | 400 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 972 |
---|
revision | 78 |
---|
|
Alternative (insecure options)
...
Drawio |
---|
border | true |
---|
diagramName | Unbenanntes Diagramm |
---|
simpleViewer | false |
---|
width | 400 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 801 |
---|
revision | 45 |
---|
|
Option 2 (inter-component encryption)
...
Drawio |
---|
border | true |
---|
diagramName | Dia3 |
---|
simpleViewer | false |
---|
width | 400 |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 801 |
---|
revision | 1 |
---|
|
...