...
- Slice the tenant with the cluster "--context"
- [Kural]
- Tenant creation from the ONAP4K8s should be shared down to the cluster in the edge location
- Tenant should have kubeconfig context a slice of his namespace alone
- [Kural]
- How to connect the istio Citadel certificates with Tenant? how to authenticate from the centralised location from onap4k8s to multi-cluster location?
- [Kural]
- Discuss so far with Istio folks and expertise, suggested that citadel certificate are bonded to namespace and specific for the application level. They are not targeted for the K8s Users
- For the k8s user, the certificates should be generated by the external entity and bind to the service account and the tenant as shown in the example - https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
- [Kural]
- Tenant user bind to the certificates created from Citadel?
- [kural ]
- Initial Pathfinding show that Citadel may not be the right candidate for the K8s User certificate creation
- [kural ]
- How the cluster labels are configured in ONAP? how the MC tenant controller can identify them?
...