ONAP on ServiceMesh (London)

Owned by Andreas Geißler
Last updated: Feb 13, 2023
1 min read

Status <London

Default deployment:

  • ONAP pods providing TLS (HTTPs) interfaces

  • Retrieve certificates during startup from AAF Certificate Manager

  • ONAP pod interface is exposed via service using "NodePort" (if cluster external access is required)

  • Hosts expose the "NodePort" via its Host IPs

  • Example (SDC-UI):

    • https://<HostIP>:30207/sdc1/portal

London (Development)

  • Removal of AAF

  • ONAP pods providing non-TLS (HTTP) interfaces

  • ONAP pod interface is exposed via service using "NodePort" (if cluster external access is required)

  • Hosts expose the "NodePort" via its Host IPs

  • Example (SDC-UI):

    • http://<HostIP>:30207/sdc1/portal



London (Production)

  • ONAP pods provide non-TLS (HTTP) interfaces

  • Encrypted communication via Envoy Proxies (nTLS) provided by ServiceMesh (Istio)

  • ONAP pod interface is exposed through Ingress (Istio-Gateway)

  • Service access via hostname (configured by Gateway/VirtualService in Ingress GW)

  • External TLS interface on Ingress Gateway

  • Authentication/Authorisation via oauth2-proxy and Keycloak

  • Example (SDC-UI):