What is NSP artifact administration?

Artifacts

An artifact, in the context of an NSP function, is one of a range of objects that evolves with the NSP product. Examples of artifacts include workflows, intent types, and operation types. Artifacts are packaged for installation as bundles, in zip format.

NSP supports signing of customer-created artifact bundles. Signatures provide visibility of the authorship of an artifact bundle, and ability to easily verify that the bundle comes from a trusted source. Bundles created by Nokia are signed by Nokia.

The procedures in this chapter describe operations performed on NSP host servers to support signing artifact bundles.

Signatures

Signing artifact bundles requires the creation of a public/private key pair.To ensure authenticity of artifacts, artifact bundles are signed with a private key that must only be known to the original author or organization who developed the artifact bundle.

The corresponding public key is installed, along with the corresponding author name, in NSP. When a signed artifact bundle is installed, NSP looks up the corresponding public key registered for the author name and validates the artifact bundle signature. The private key must be stored in a safe place.

After the keys are generated, the public key and the bundle author name are saved to a secret YAML file, which is loaded into Kubernetes.

The secret file must be saved to all standby sites in a DR NSP deployment. If an NSP upgrade requires removal of Kubernetes resources such as secrets, the files will need to be loaded again after the upgrade is completed.

Nokia recommends backing up all secret YAML files before performing an NSP upgrade.