1 .. This work is licensed under a Creative Commons Attribution 4.0
2 .. International License.
3 .. http://creativecommons.org/licenses/by/4.0
4 .. Copyright (C) 2022 Nordix Foundation
7 .. _Kubernetes: https://kubernetes.io/
8 .. _Kubernetes best practices: https://kubernetes.io/docs/setup/best-practices/cluster-large/
9 .. _kubelet config guide: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
13 ONAP Deployment Options
14 =======================
16 OOM supports 2 different deployment options of ONAP.
21 In the following sections describe the different setups.
26 The development setup deploys ONAP components exposing its external services
27 via NodePorts and without TLS termination and internal traffic encryption.
32 The production setup deploys ONAP components exposing its external services
33 via Ingress with TLS termination.
34 Internal traffic encryption will be ensured by using Istio ServiceMesh.
36 .. figure:: ../../resources/images/servicemesh/ServiceMesh.png
39 For external access we propose to establish Authentication via Oauth2-proxy
40 and Keycloak which is described in this document.