Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-1508

Integrate Ingress Controller into ONAP Cluster

    XMLWordPrintable

Details

    • Story
    • Status: Closed
    • Medium
    • Resolution: Done
    • None
    • Frankfurt Release
    • None

    Description

      In Casablanca there are over 100 NodePorts externally accessible to an ONAP Cluster. Not only is this unnecessary and unmanageable but it poses a security risk with so many potential points of attack. By using an Ingress Controller to handle northbound traffic coming into and out of a k8s cluster, we dramatically reduce the attack surface and have a much simpler means of accessing deployed services within the cluster.

      One such Ingress Controller (reverse proxy/load balancer) is the Ambassador Envoy Proxy. It is the same one used by Istio for which we may need to integrate with for TLS connectivity and certificate management.

      More info in separate tasks related to the ISTIO and NGINX

      Attachments

        Issue Links

          is blocked by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OOM-1598 Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)

          • High - Severely impaired functionality. Erratic performance and reduced system availability. It may cause major components or features of the system to be unavailable although certain parts of the system remain functional. A workaround may exist but its use is unsatisfactory or at a high time cost (manual intervention required). Must be fixed in any of the upcoming builds and should be included in the current release.
          • Closed
          is duplicated by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OOM-1598 Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)

          • High - Severely impaired functionality. Erratic performance and reduced system availability. It may cause major components or features of the system to be unavailable although certain parts of the system remain functional. A workaround may exist but its use is unsatisfactory or at a high time cost (manual intervention required). Must be fixed in any of the upcoming builds and should be included in the current release.
          • Closed
          relates to

          Task - A task that needs to be done. OOM-1992 Investigate use of nginx as an ingress controller in the ONAP platform.

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Task - A task that needs to be done. OOM-1993 Investigate use of istio as an ingress controller in the ONAP platform.

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Task - A task that needs to be done. OOM-2018 Compare memory usage of nginx ingress vs istio ingress

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OOM-1598 Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)

          • High - Severely impaired functionality. Erratic performance and reduced system availability. It may cause major components or features of the system to be unavailable although certain parts of the system remain functional. A workaround may exist but its use is unsatisfactory or at a high time cost (manual intervention required). Must be fixed in any of the upcoming builds and should be included in the current release.
          • Closed
          # Subject Branch Project Status CR V
          90608,5 Add nginx ingress controller support master oom Status: MERGED +2 +1
          90609,12 Add ingress nginx common template master oom Status: MERGED +2 +1
          90610,7 Add ingress configuration for so-monitoring master oom Status: ABANDONED +1 +1
          91430,7 Add nginx ingress configuration overrides master oom Status: MERGED +2 +1
          93417,1 Fix identation in the ingress common template master oom Status: MERGED +2 +1
          93748,4 Add ingress configuration for so-monitoring master oom Status: MERGED +2 +1
          93749,6 Add ingress configuration for vid master oom Status: MERGED +2 +1
          93750,5 Improved nginx configuration overrrides master oom Status: MERGED +2 +1

          Activity

            People

              lucjan.bryndza.s Lucjan Bryndza
              melliott Mike Elliott
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: