...
- Define CRUD API - add/delete/modify/read MC Tenant.
- Design note :
- On how this would be done as Micro-service in the ONAP.
- How does interact with K8S clusters.
- How does it ensure that all the configuration is applied (rollbacks, unsuccessful edges).
- Visibility of the configuration applied on per MCTenant basis.
- When new K8S cluster is added with the label of interest, taking care of creating tenant-specific information in that edge etc..
- Extensibility (future K8S clusters having some other features that require configuration for multi-tenancy).
Open Questions:
- Slice the tenant with the cluster "--context"
- How to connect the istio Citadel certificates with Tenant? how to authenticate from the centralised location from onap4k8s to multi-cluster location?
- [Kural]
- Discuss so far with Istio folks and expertise, suggested that citadel certificate are bonded to namespace and specific for the application level. They are not targeted for the K8s Users
- For the k8s user, the certificates should be generated by the external entity and bind to the service account and the tenant as shown in the example - https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
- [Kural]
- Tenant user bind to the certificates created from Citadel?
- How the cluster labels are configured in ONAP? how the MC tenant controller can identify them?
...