Service Mesh Impact on Projects
Please update the table with the information about your project's use of AAF
Uses AAF RBAC - yes/no
Uses AAF Certificate Management - full certificate management / certificate retrieval using Init Container
Project documentation for integration with AAF RBAC - links to any project documentation explaining how the project uses with AAF RBAC
Project documentation for integration with AAF Certificate Management - links to any project documentation explaining how the project uses AAF's certificate management features
Project | Uses AAF RBAC | Project Documentation for Integration with AAF RBAC | Uses AAF Certificate Management | Project Documentation for Integration with AAF Certificate Management |
|---|---|---|---|---|
AAI | Yes | No |
| |
AAF |
|
|
|
|
APPC |
|
|
|
|
CCSDK |
|
|
|
|
CLAMP |
|
|
|
|
CLI |
|
|
|
|
DCAE | No | NA | Yes | DCAE uses custom TLS init container based off onap/aaf/aaf_agent:2.1.15 for cert generation. Details of resultant artifacts generated is documented below -
Note: Not all DCAE components are installed through Helm. DCAE Services components are deployed through Cloudify and some components (e.g collectors) expects AAF certificates by default, hence any change to remove AAF dependency will have considerable impact. |
DMaaP | Bus Controller: Yes (but off by default) Message Router: Yes Data Router: Yes (but off by default) | Bus Controller: None Message Router: Authenticated Topic Provisioning Data Router: N/A | Bus Controller: Yes (init container) Message Router: Yes (full cert mgmt) Data Router: Yes (init container) | Bus Controller: N/A Message Router: Data Router: |
ExtAPI |
|
|
|
|
HOLMES | No | N/A | No |
|
Logging |
|
|
|
|
Modelling |
|
|
|
|
MSB |
|
|
|
|
MultiCloud | No | N/A | No |
|
MUSIC |
|
|
|
|
OOF |
|
|
|
|
OOM |
|
|
|
|
Policy | Partial support, some components use RBAC, others need additional AAF side configuration. RBAC is disabled by default for all components. | None | Manual Periodic certificate management following AAF procedures (no init container) | Certificate stores (AAF generated or non-AAF ones) can be overriden following procedures at https://onap.readthedocs.io/en/latest/submodules/policy/parent.git/docs/installation/oom.html#overriding-certificate-stores. |
Portal | Yes | Yes | The process can be found here: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/portal/components/portal-app/templates/deployment.yaml;hb=refs/heads/master | |
SDC |
|
|
|
|
SDNC |
|
|
|
|
SO |
|
|
|
|
UsecaseUI |
|
|
|
|
VFC |
|
|
|
|
VID | No |
| No (AAF Cert is hardcoded in OOM charts) |
|
VNFSDK |
|
|
|
|
VVP |
|
|
|
|