+(Optional) "ONAP on Service Mesh"
+*********************************
+
+To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
+configuration entries need to be configured before deployment.
+
+Global settings relevant for ServiceMesh:
+
+.. code-block:: yaml
+
+ global:
+ ingress:
+ # generally enable ingress for ONAP components
+ enabled: false
+ # enable all component's Ingress interfaces
+ enable_all: false
+ # default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+ # All http requests via ingress will be redirected on Ingress controller
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ namespace: istio-ingress
+ ...
+ serviceMesh:
+ enabled: true
+ tls: true
+ # be aware that linkerd is not well tested
+ engine: "istio" # valid value: istio or linkerd
+ aafEnabled: false
+ cmpv2Enabled: false
+ tlsEnabled: false
+ msbEnabled: false
+
+ServiceMesh settings:
+
+- enabled: true → enables ServiceMesh functionality in the ONAP Namespace (Istio: enables Sidecar deployment)
+- tls: true → enables mTLS encryption in Sidecar communication
+- engine: istio → sets the SM engine (currently only Istio is supported)
+- aafEnabled: false → disables AAF usage for TLS interfaces
+- tlsEnabled: false → disables creation of TLS in component services
+- cmpv2Enabled: false → disable cmpv2 feature
+- msbEnabled: false → MSB is not used in Istio setup (Open, if all components are MSB independend)
+
+Ingress settings:
+
+- enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled)
+- enable_all: true → enables Ingress configuration in each component
+- virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
+ resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
+- config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
+- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
+
+.. note::
+ For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+ can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
Code Review / oom.git / blobdiff