Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page explains the steps to deploy the ONAP4K8s behind an ISTIO Service mesh. It also explains how to expose the application behind the services to the outside world, enforce authentication policies and implement RBAC Rules.

Following are the steps to deploy the ONAP4K8s profile.


Clone the repository from the below link 

git clone https://github.com/onap/multicloud-k8s.git

  1. Deploy ISTIO Service mesh with mutual authentication enabled. This stage has 2 steps as below.a. Deploy ISTIO Operator - Refer README from here.
    b. Deploy the ISTIO configuration  - Refer README from here

  2. Deploy services - multicloud-k8s - Refer here

  3. Deploy ISTIO Gateway and VirtualService to expose the application outside the cluster - Refer

  4. Deploy an Authentication mechanism - Keycloak is being used in ONAP4K8s. But other Authentication and Authorization can be used. (ORY/Hydra, Auth0) - Refer here

  5. Apply ISTIO Policy on istio-ingressgateway to restrict the access of unauthorized user into the cluster

  6. Apply ISTIO RBAC Rules to have fine-grained access to application resources to specific user/Applications.a. Enable RBAC for namespaces if it is not enabled already.

  • No labels