Service Mesh Impact on Projects

Owned by Amy Zwarico
Last updated: Aug 10, 2020 by Sunder Tattavarada
1 min read

Please update the table with the information about your project's use of AAF

  • Uses AAF RBAC - yes/no

  • Uses AAF Certificate Management - full certificate management / certificate retrieval using Init Container

  • Project documentation for integration with AAF RBAC - links to any project documentation explaining how the project uses with AAF RBAC

  • Project documentation for integration with AAF Certificate Management - links to any project documentation explaining how the project uses AAF's certificate management features



Project

Uses AAF RBAC

Project Documentation for Integration with AAF RBAC

Uses AAF Certificate Management

Project Documentation for Integration with AAF Certificate Management

Project

Uses AAF RBAC

Project Documentation for Integration with AAF RBAC

Uses AAF Certificate Management

Project Documentation for Integration with AAF Certificate Management

AAI

Yes

AAF integration

No



AAF









APPC









CCSDK









CLAMP









CLI









DCAE

No

NA

Yes

DCAE uses custom TLS init container based off onap/aaf/aaf_agent:2.1.15  for cert generation. Details of resultant artifacts generated is documented below - 

Note: Not all DCAE components are installed through Helm. DCAE Services components are deployed through Cloudify and some components (e.g collectors) expects AAF certificates by default, hence any change to remove AAF dependency will have considerable impact.

DMaaP

Bus Controller: Yes (but off by default)

Message Router: Yes

Data Router: Yes (but off by default)

Bus Controller: None

Message Router: Authenticated Topic Provisioning

Data Router: N/A

Bus Controller: Yes (init container)

Message Router: Yes (full cert mgmt)

Data Router: Yes (init container)

Bus Controller: N/A

Message Router:

Data Router: 

ExtAPI









HOLMES

No

N/A

No



Logging









Modelling









MSB









MultiCloud

No

N/A

No



MUSIC









OOF









OOM









Policy

Partial support, some components use RBAC, others need additional AAF side configuration.

RBAC is disabled by default for all components.

None

Manual Periodic certificate  management following AAF procedures (no init container)

Certificate stores (AAF generated or non-AAF ones) can be overriden following procedures at https://onap.readthedocs.io/en/latest/submodules/policy/parent.git/docs/installation/oom.html#overriding-certificate-stores.

Portal

Yes

AAF integration

Yes

The process can be found here: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/portal/components/portal-app/templates/deployment.yaml;hb=refs/heads/master

SDC









SDNC









SO









UsecaseUI









VFC









VID

No



No (AAF Cert is hardcoded in OOM charts)



VNFSDK









VVP