-
Story
-
Resolution: Done
-
Medium
-
None
-
None
-
Dublin-1 (12/03-01/23), OOM-El Alto Sprint 1
In Casablanca there are over 100 NodePorts externally accessible to an ONAP Cluster. Not only is this unnecessary and unmanageable but it poses a security risk with so many potential points of attack. By using an Ingress Controller to handle northbound traffic coming into and out of a k8s cluster, we dramatically reduce the attack surface and have a much simpler means of accessing deployed services within the cluster.
One such Ingress Controller (reverse proxy/load balancer) is the Ambassador Envoy Proxy. It is the same one used by Istio for which we may need to integrate with for TLS connectivity and certificate management.
More info in separate tasks related to the ISTIO and NGINX
- is blocked by
-
OOM-1598
Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)
-
- Closed
-
- is duplicated by
-
OOM-1598
Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)
-
- Closed
-
- relates to
-
OOM-1992 Investigate use of nginx as an ingress controller in the ONAP platform.
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
OOM-1598
Document a Highly-Available K8s Cluster Deployment (RKE 0.2.1 / K8S 1.13.5 / Helm (2.12.3 - not 2.13.1) / Docker 18.09.5)
-
- Closed
-