3.3.2 Key Trust Boundaries
Following are the key trust boundaries:
Table 3-3 Key Trust Boundaries
| Trust Boundary | Access Control |
|---|---|
| OCNADD | Kubernetes Namespace for OCNADD where its internal micro-services are deployed. |
| Site | Where the Kubernetes cluster is deployed. |
| Control Plane |
This trust boundary delineates the control plane elements of the clusters, that is, API Server, kubelet, containerd and etcd. The configuration database (ETCD service) is isolated so that only control plane services can access it. |
| Database | MySQL service deployed in a separate Kubernetes namespace. |
| CNE Infra | Namespace containing all the infrastructure related services (like Prometheus). Provided by CNE. |
| Orchestration | Includes the orchestration server and the Code and Image Repository. |