Versions Compared

Old Version 44

changes.mady.by.user Kuralamudhan Ramakrishnan

Saved on

compared with

New Version 45

changes.mady.by.user Kuralamudhan Ramakrishnan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue

...

Multi-Cluster Tenant controller

<This section is incomplete and a work in progress ... needs rework and further updates ... >

Srini notes:

  1. Define CRUD API - add/delete/modify/read MC Tenant.
  2. Design note :
    • On how this would be done as Micro-service in the ONAP.
    • How does interact with K8S clusters.
    • How does it ensure that all the configuration is applied (rollbacks, unsuccessful edges).
    • Visibility of the configuration applied on per MCTenant basis.
    • When new K8S cluster is added with the label of interest, taking care of creating tenant-specific information in that edge etc..
    • Extensibility (future K8S clusters having some other features that require configuration for multi-tenancy).

...

  1. Slice the tenant with the cluster "--context" 
    1. [Kural] 
      1. Tenant creation from the ONAP4K8s should be shared down to the cluster in the edge location
      2. Tenant should have kubeconfig context a slice of his their namespace alone 
  2. How to connect the istio Citadel certificates with Tenant? how to authenticate from the centralised location from onap4k8s to multi-cluster location?
    1. [Kural]
      1. Discuss so far with Istio folks and expertise, suggested that citadel certificate are bonded to namespace and specific for the application level. They are not targeted for the K8s Users
      2. For the k8s user, the certificates should be generated by the external entity and bind to the service account and the tenant as shown in the example - https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
  3. Tenant user bind to the certificates created from Citadel?
    1. [kural ]
      1. Initial Pathfinding show that Citadel may not be the right candidate for the K8s User certificate creation
  4.  How the cluster labels are configured in ONAP? how the MC tenant controller can identify them?
    1. [ kural ]
      1. Adding KUD and ONAP folks here Srinivasa Addepalli Akhila Kishore (Deactivated) @Ritu  @Kiran Itohan Ukponmwan (Deactivated) Enyinna Ochulor
      2. Kubeconfig context should be passed from each KUD cluster to the ONAP
      3. KUD should invoke NFD immediately and enable the overall labels. And add those labels to cluster details and send back to the ONAP
      4. Cluster feature Discovery controller should be there in each Edge location cluster along with KUD, Run for each interval along with the NFD 

...