-
Story
-
Resolution: Unresolved
-
Medium
-
None
-
None
Original:
ONAP SHOULD support network segregation on ONAP internal interfaces: both between and inside the Kubernetes clusters.
Primarily: Separation of O&M traffic from other traffic. Secondarily: the possibility for further separation (like: DB traffic, traffic between VNFs and ONAP).
The separation is realized eg. using network namespaces and K8s network policies. It must be carefully considered if multiple applications can be deployed in one K8s cluster, if the network segregation by namespaces and policies alone is sufficient - or if separation to different machines / VMs is required for increased security.
Modified: TO BE REVISITED
ONAP SHOULD support network segregation on ONAP internal interfaces: both between and inside the Kubernetes cluster(s). This means isolation of the internal APIs with different types of traffic (like: DB traffic, monitoring traffic, ...).
Info: The separation is realized eg. using network namespaces and K8s network policies. It must be carefully considered if multiple applications can be deployed in one K8s cluster, if the network segregation by namespaces and policies alone is sufficient - or if separation to different machines / VMs is required for increased security.