Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »


Phase 1

Used Components

This PoC will use at least the following ONAP components:

  • AAI
    • Schema Service
    • Traversal (question) (data queries)
    • Search Data (question) (only needed if using the UI)
    • Resources (CRUD interaction)
    • GraphAdmin (needed to set up the backend)
    • others?
  • SDC
    • BE
    • FE
    • Onboarding BE
  • VID
  • SO
    • BPMN infra
    • Catalog DB Adapter
    • Monitoring
    • Openstack Adapter
    • Request DB Adapter
    • SDNC Adapter
    • SDC Controller
    • API Handler (SO "base" c
  • DMaaP:
    • Message Router
  • SDNC:
    • DMaaP listener
    • SDNC Portal (question)
    • UEB listener

Integrating the other sub components of AAI, DMaaP, SDC, SDNC and SO will be done if possible



client → https → Ingress → http → svc → http → pod

Ingress → http → sidecar → mtls → sidecar pod → http →  pod



Validation Scenarios

The Validation Scenario will be to onboard and then deploy "basicUbuntu" VNF from gating system using GR API.

The validation scenario will be performed at each steps

Phase 2 (if time allows)

If "Step 1" of phase one is validated, we may move in parallel to step 2 → 4 of phase 1 to Phase 2

Used Components

On top of Phase 1 component, we'll add:

  • CDS
  • Multicloud k8s

Validation Scenario

The validation scenario will be to onboard and then deploy a CNF with values processed thanks to CDS


Flow Matrix

We have two possibilities to perform the Authoritypolicy with service mesh:

Simple

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name:so-vnfm-adapter-policy
  namespace: onap
spec:
  selector:
    matchLabels:
      app: aaf-cert-service                           --> name of target (service)
  action: ALLOW
  rules:
    - from:
      - source:
         principals: ["/cluster.local/ns/onap/sa/so-vnfm-adapter-sa"] --> source, in this case the service account of POD






  •  Simple to maintain
  •  but less secure.

Complex

apiVersion: "security.istio.io/v1beta1"
kind: AuthorizationPolicy
  metadata:
    name: so-vnfm-adapter-policy
    namespace: onap
  spec:
    selector:
      matchLabels:
       app: aaf-cert-service                                  --> name of target (service)
    action: ALLOW
   rules:
     - from:
       - source:
           principals: ["/cluster.local/ns/onap/sa/so-vnfm-adapter-sa"]      --> source, in this case the service account of POD
       to:
        - operation:                                              
            ports: ["27017"]                                   --> the target port
           methods: ["GET", "POST"]                   --> the used methods



  • more complex to deploy
  • very hard to maintain if you modify the API 
  •  more secure.


Exemple of complex matrix (for simple, remove the 2 last columns):

Name of Source PODName of Target PODPort Numbername of Methods
so-vnfm-adapteraaf-cert-service27017GET, POST



This flows are an informations but due to the complexity and the heterogenous of configuration, Could be miss some flow.

This informations were find into values.yaml or overrides.yml, depend on the component.

aaiaaicassandra
aai-babelNo value
aai-data-routerNo value
aai-elasticsearchNo value
aai-graphadminNo value
aai-graphadmin-jobNo value
aai-modelloaderNo value
aai-resourcesNo value
aai-schema-serviceNo value
aai-search-dataNo value
aai-sparky-beaai, aai-elasticsearch, aai-gizmo, aai-search-data
aai-traversalNo value
aai-traversal-jobNo directory
SDCsdccassandra, logstashPort "5044"
sdc-beNo value
sdc-be-jobNo directory 
sdc-cscassandra
sdc-cs-jobsdc-be:8443
sdc-dcae-besdc-dcae-be-8082, sdc-dcae-be-8444
sdc-dcae-be-jobNo directory
sdc-dcae-dtNo value
sdc-dcae-feNo value
sdc-dcae-tosca-labsdc-dcae-tosca-lab-8085 sdc-dcae-tosca-lab-8445
sdc-fesdc-dcae-fe:9444, sdc.dcae.plugin.simpledemo.onap.org:30264, https://sdc.dcae.plugin.simpledemo.onap.org:30266, sdc-wfd-fe:8443, sdc.workflow.plugin.simpledemo.onap.org:30256
sdc-onboarding-becassandra
sdc-onboarding-be-jobNo directory
sdc-wfd-becassandraClientPort: 9042, sdc-be:8443
sdc-wfd-be-jobNo directory 
sdc-wfd-fe/sdc-wfd-be:8443
vidvidmariadb, asdcclient 8443, so vidaai 8443, msoport "8080"
vid-galerano directory 
vid-jobno firectory
sosoaaf-locate.onap:8095 logstashPort: 5044, mariadb 3306, sdncOamPort: 8282, mso, sdc, dmaap, nbi.onap:8080/nbi/api/v3, dmaap-bc, aai
so-appc-orchestratorappc, aaf, so-bpmn-infra
so-bpmn-infracds-blueprints-processor-grpc, aai, mso, aaf, sdnc; sniro, mso-adapter-db, mso-adapter-po, aaf , oof-osdf, so-vnfm-adapter, camanda so-openstack-adapter,
so-request-db-adapter, so-sdnc-adapter, so-vfc-adapter, so-nssmf-adapter so-catalog-db-adapter, pdp, naming.demo.onap/com
so-catalog-db-adapteraaf 
so-mariadbNo value
so-monitoringNo value
so-nssmf-adapteraaf, aai,so-request-request-db-adapter
so-openstack-adapteraaf, aai, so-request-db-adapter, so-bpmn-infra, so-catalog-db-adapter
so-request-db-adapteraaf
so-sdc-controlleraai, aaf, asdc, so-catalog-db-adapter,  request-db-adapter, asdc-connections, sdc-wfd-be
so-sdnc-adapteraaf, sndc, so-catalog-db-adapter
so-ve-vnfm-adaptermsb-iag,  aai, message-router
so-vfc-adapteraaf, so-request-db-adapter
so-vnfm-adapteraaf, sdc-be, msb-iag, modeling-etsicatalog, aai
Dmaapdmaapaaf
dmaap-bc https://aaf-service:8100/, https://aaf-locate:8095
dmaap-dr-nodeaaf
dmaap-dr-provmariadb 3306
message-routermessage-router-kafka, message-router-zookeeper
message-router-kafkano directory
message-router-zookeeperno directory
sdncsdncaaf sdnc-cert-initializer, netbox, aai, modeling, restconf, scaleout, ansible
sdnc-ansible-servermariadbGalera
sdnc-dbmariadbGalera
sdnc-dgbuildermariadbGalera
sdnc-dmaap-listener dmaap , mariadbGalera
sdnc-portalmariadbGalera – Sdnc portal is disabled in Frankfurt and removed in Guilin
sdnc-ueb-listenermariadbGalera logging sdc-be
ccsdk/cdscdsmariadbGalera
cds-blueprints-processormariadb-galera, cds-db, dmaap
cds-command-executorNo value
cds-dbNo Directory
cds-py-executorNo value
cds-sdc-listenerNo value
cds-uicds-blueprints-processor
Multicloudmulticloudmsb-iag, log-ls, aai
multicloud-azuremsb-iag, aai
multicloud-fcapsmsb-iag, aai
multicloud-k8sNo value
multicloud-k8s-mongono directory
multicloud-promotheuslogging
multicloud-pikemsb-iag, aai
multicloud-starlingxmsb-iag, aai
multicloud-viomsb-iag, aai
multicloud-windrivermsb-iag, aai






  • No labels