| .. This work is licensed under a Creative Commons Attribution 4.0 International License. |
| .. http://creativecommons.org/licenses/by/4.0 |
| .. _tls_enablement: |
| |
| TLS Support |
| =========== |
| |
| Beginning with the London release, ONAP is using a service mesh (Istio) to encrypt and authenticate traffic between ONAP components. In earlier releases, each component was responsible for protecting its HTTP interfaces with TLS, |
| using certificates generated by the (now obsolete) AAF component. |
| |
| Some DCAE components offer HTTP interfaces to clients outside the ONAP Kubernetes cluster. In earlier releases, ONAP offered a mechanism allowing components to obtain |
| TLS certificates from an external source using the CMPv2 protocol. (See `these design notes <https://wiki.onap.org/display/DW/DCAE+CertService+integration>`_ for details on how that approach worked in conjunction with AAF.) |
| Beginning with the London release, external HTTP interfaces should be exposed via the Istio Gateway. The gateway can terminate TLS and can be configured with the necessary certificates. |