Istio Service Mesh Integration

In Casablanca, MSB mainly focuses on the integration of Istio service mesh with ONAP to enhance OMSA, while keeping the Istio integration compatible with the existing MSB API Gateway approach. 

• Integrate Istio with ONAP to provide a reliable, secure and flexible service communication layer (service discovery/retries/circuit breaker/route rule/policy)

• Integrate with CNCF projects jaeger to provide distributed tracing Prometheus and Grafana for metrics collection and display

• Add MSB Portal to control plane to provide service catalog, swagger UI of Restful API, service mesh configuration, etc

Current integration progress:

• Manage ONAP Microservices with Istio Service Mesh

• Manage ONAP Microservices with Istio Service Mesh-Mutual TLS Authentication Enabled

• Current issues with Istio integration with mTLS enabled

Proposed migration approach:  Service Mesh Migration

S3P Updates

1. Security

   1. CII passing Badge

   2. SONAR code coverage.  Reach or surpass the 50% goal on all repos.

   3. Nexus IQ scans: 

      1. All critical license issues are cleared

      2. Most of the critical security issues are cleared. The left one is Remote Code Execution (RCE) introduced by the jackson-bind, which is an indirect dependency of some fundamental 3-party libraries such as dropwizard, Hibernate and swagger and it can't be simply replaced/removed. After analyzing these reports, It turns out all these issues are false positive, see this wiki page for detailed explanation.

   4. HTTPS endpoint at MSB API gateway has been provided for encrypted communication
      
      
      

2. Scalability and Resiliency
   
   

   1. Scalability: MSB API Gateway and Discovery have been deployed in a cluster of two instances, and they can be horizontally scaled to more instances for large scale.

   2. Resiliency: K8s liveness probe is used to check the health status of MSB component. 
      
      
      

3. Performance and stability
   
   

   1. Test the API Gateway baseline performance 
      
      
      

4. Manageability

   1. Integrate with logging enhancement project to provide central Logging
      Filebeat sidecar has been installed in MSB pod to collect the logs.  
      Could Logging project support the collection of Docker container logs(stdout/stderr) besides file log?
        

Information/Data Model Alignment

N/A, MSB doesn't use Information/Data Model produced by Modelling subcommittee. 

API Updates

No API change in this release.