Re: Istio Mutual TLS Authentication Enabled //Re: [onap-discuss] [MSB] [Istio] Try Out Managing ONAP Microservices with Istio Service Mesh

2018-08-02 Thread Huabing Zhao 
Yes, I'm using 1.0.0 version.

On Fri, Aug 3, 2018, 12:55 AM Kamineni, Kiran K 
wrote:

> Are you using the 1.0.0 version of Istio for testing?
>
>
>
> *-- K i r a n*
>
>
>
> *From:* onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] *On
> Behalf Of *Huabing Zhao
> *Sent:* Thursday, August 02, 2018 4:48 AM
> *To:* onap-discuss@lists.onap.org; tli...@redhat.com
> *Subject:* Istio Mutual TLS Authentication Enabled //Re: [onap-discuss]
> [MSB] [Istio] Try Out Managing ONAP Microservices with Istio Service Mesh
>
>
>
> MSB, Multicloud and VFC have been tested with Istio
> mutual TLS Authentication enabled. You can simply follow this wiki page to 
> try it yourself:
>
>
> https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh-Mutual+TLS+Authentication+Enabled
>
>
>
> For the next step, we will experiment Istio RBAC
> for ONAP inter-services authorization,
> and provide a user-friendly Istio UI to manage Istio rules and policies. Join
> our weekly project meeting
> <https://wiki.onap.org/display/DW/MSB+Meeting+Notes> if you're interested.
>
>
>
>
> On Wed, Aug 1, 2018 at 2:44 PM Huabing Zhao  wrote:
>
> Hi Tal,
>
> You're correct, TLS and routing rules are the next steps.
>
>
>
> On Tue, Jul 31, 2018 at 10:20 PM Tal Liron  wrote:
>
> Great initial work and documentation! This shows just how easy it is to
> add Istio, and that it really is quite transparent from a usability
> perspective.
>
>
>
> It seems like you do not implement TLS quite yet, is that correct?
>
>
>
> Also, I don't see use of VirtualService quite yet. Installing Istio is
> indeed the easy part, but our challenge would be to map out the complicated
> internetworking between all of ONAP's pods, so that if someone would want
> to control routing (circuit breaking, etc.) they would have a template from
> which to start.
>
>
>
>
>
> On Tue, Jul 31, 2018 at 2:17 AM Huabing Zhao 
> wrote:
>
> Dear ONAPer,
>
>
>
> In Casablanca release, MSB project is integrating Istio Service Mesh with
> ONAP to manage ONAP microservices. Istio Service Mesh is a dedicated
> infrastructure layer to connect, manage and secure microservices, which
> brings the below benefits:
>
>- Stability and Reliability: Reliable communication with retries and
>circuit breaker
>- Security: Secured communication with TLS
>- Performance: Latency aware load balancing with warm cache
>- Observability: Metrics measurement and distributed tracing without
>instrumenting application
>- Manageability: Routing rule and rate limiting enforcement
>- Testability: Fault injection to test resilience of the services
>
> If you are interested, you can now try it out by following this
> tutorial on the wiki:
> https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh
>
>
>
> Note: MSB project is working with VF-C and MultiCloud as pilot projects in
> Casablanca, we would like to suggest to roll out it to the other ONAP
> projects after verifying the integration and Istio features.
>
>
>
> Best regards,
>
> Huabing
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11633): https://lists.onap.org/g/onap-discuss/message/11633
Mute This Topic: https://lists.onap.org/mt/24142250/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Istio Mutual TLS Authentication Enabled //Re: [onap-discuss] [MSB] [Istio] Try Out Managing ONAP Microservices with Istio Service Mesh

2018-08-02 Thread Kiran Kamineni 
Are you using the 1.0.0 version of Istio for testing?

-- K i r a n

From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On 
Behalf Of Huabing Zhao
Sent: Thursday, August 02, 2018 4:48 AM
To: onap-discuss@lists.onap.org; tli...@redhat.com
Subject: Istio Mutual TLS Authentication Enabled //Re: [onap-discuss] [MSB] 
[Istio] Try Out Managing ONAP Microservices with Istio Service Mesh

MSB, Multicloud and VFC have been tested with Istio mutual TLS Authentication 
enabled. You can simply follow this wiki page to try it yourself:
https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh-Mutual+TLS+Authentication+Enabled

For the next step, we will experiment Istio RBAC for ONAP inter-services 
authorization, and provide a user-friendly Istio UI to manage Istio rules and 
policies. Join our weekly project 
meeting<https://wiki.onap.org/display/DW/MSB+Meeting+Notes> if you're 
interested.

On Wed, Aug 1, 2018 at 2:44 PM Huabing Zhao 
mailto:zhaohuab...@gmail.com>> wrote:
Hi Tal,
You're correct, TLS and routing rules are the next steps.

On Tue, Jul 31, 2018 at 10:20 PM Tal Liron 
mailto:tli...@redhat.com>> wrote:
Great initial work and documentation! This shows just how easy it is to add 
Istio, and that it really is quite transparent from a usability perspective.

It seems like you do not implement TLS quite yet, is that correct?

Also, I don't see use of VirtualService quite yet. Installing Istio is indeed 
the easy part, but our challenge would be to map out the complicated 
internetworking between all of ONAP's pods, so that if someone would want to 
control routing (circuit breaking, etc.) they would have a template from which 
to start.


On Tue, Jul 31, 2018 at 2:17 AM Huabing Zhao 
mailto:zhaohuab...@gmail.com>> wrote:
Dear ONAPer,

In Casablanca release, MSB project is integrating Istio Service Mesh with ONAP 
to manage ONAP microservices. Istio Service Mesh is a dedicated infrastructure 
layer to connect, manage and secure microservices, which brings the below 
benefits:

  *   Stability and Reliability: Reliable communication with retries and 
circuit breaker
  *   Security: Secured communication with TLS
  *   Performance: Latency aware load balancing with warm cache
  *   Observability: Metrics measurement and distributed tracing without 
instrumenting application
  *   Manageability: Routing rule and rate limiting enforcement
  *   Testability: Fault injection to test resilience of the services
If you are interested, you can now try it out by following this tutorial on the 
wiki: 
https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh

Note: MSB project is working with VF-C and MultiCloud as pilot projects in 
Casablanca, we would like to suggest to roll out it to the other ONAP projects 
after verifying the integration and Istio features.

Best regards,
Huabing


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11623): https://lists.onap.org/g/onap-discuss/message/11623
Mute This Topic: https://lists.onap.org/mt/24142250/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Istio Mutual TLS Authentication Enabled //Re: [onap-discuss] [MSB] [Istio] Try Out Managing ONAP Microservices with Istio Service Mesh

2018-08-02 Thread Huabing Zhao 
MSB, Multicloud and VFC have been tested with Istio
mutual TLS Authentication enabled. You can simply follow this wiki
page to try it yourself:
https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh-Mutual+TLS+Authentication+Enabled

For the next step, we will experiment Istio RBAC
for ONAP inter-services authorization,
and provide a user-friendly Istio UI to manage Istio rules and policies. Join
our weekly project meeting
 if you're interested.


On Wed, Aug 1, 2018 at 2:44 PM Huabing Zhao  wrote:

> Hi Tal,
> You're correct, TLS and routing rules are the next steps.
>
> On Tue, Jul 31, 2018 at 10:20 PM Tal Liron  wrote:
>
>> Great initial work and documentation! This shows just how easy it is to
>> add Istio, and that it really is quite transparent from a usability
>> perspective.
>>
>> It seems like you do not implement TLS quite yet, is that correct?
>>
>> Also, I don't see use of VirtualService quite yet. Installing Istio is
>> indeed the easy part, but our challenge would be to map out the complicated
>> internetworking between all of ONAP's pods, so that if someone would want
>> to control routing (circuit breaking, etc.) they would have a template from
>> which to start.
>>
>>
>> On Tue, Jul 31, 2018 at 2:17 AM Huabing Zhao 
>> wrote:
>>
>>> Dear ONAPer,
>>>
>>> In Casablanca release, MSB project is integrating Istio Service Mesh
>>> with ONAP to manage ONAP microservices. Istio Service Mesh is a dedicated
>>> infrastructure layer to connect, manage and secure microservices, which
>>> brings the below benefits:
>>>
>>>- Stability and Reliability: Reliable communication with retries and
>>>circuit breaker
>>>- Security: Secured communication with TLS
>>>- Performance: Latency aware load balancing with warm cache
>>>- Observability: Metrics measurement and distributed tracing without
>>>instrumenting application
>>>- Manageability: Routing rule and rate limiting enforcement
>>>- Testability: Fault injection to test resilience of the services
>>>
>>> If you are interested, you can now try it out by following this
>>> tutorial on the wiki:
>>> https://wiki.onap.org/display/DW/Manage+ONAP+Microservices+with+Istio+Service+Mesh
>>>
>>> Note: MSB project is working with VF-C and MultiCloud as pilot projects
>>> in Casablanca, we would like to suggest to roll out it to the other ONAP
>>> projects after verifying the integration and Istio features.
>>>
>>> Best regards,
>>> Huabing
>>>
>> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11610): https://lists.onap.org/g/onap-discuss/message/11610
Mute This Topic: https://lists.onap.org/mt/24142250/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-