Content Comparison

...

• OOM Oslo release

  • Chart versions have to be fixed (TBD)

  Policy patch (

  • https://gerrit.onap.org/r/c/oom/+/

  139964

  • 140114?usp=search)

  • Cherrypick to Oslo

• Istio TLS version

  • Is Istio/Ingress supporting TLS 1.3 ?

  • https://istio.io/latest/docs/tasks/security/tls-configuration/workload-min-tls-version/

• ArgoCD deployment

  • Taken over work from Marek Szwałkiewicz

  • Start modifications…

  • 2 Parts of a gating solution:

    • Gitlab project to start a pipeline to deploy the nodes/network (terraform), create Kubernetes cluster (via kubespray), deploy ArgoCD and register Project/Applications

    • Gitlab project (later part of OOM) including the ArgoCD Application configurations for Infrastructure components (Istio, operators) and ONAP components

• PM usecases require DCAE components (Viresh Navalli ):

  Support required to code contribution in Gerrit….

  Sign CLA of your company:

• Logging improvement proposal (TCL) Mateusz Pilat 

  • All components have to log to STDOUT

  • They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)

  • A list will be provided for the required changes in components

  • Presentation next week in the TSC

• Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
  Used in Nephio

  • see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31

  • FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study

  • There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40

  • https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p

  • https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1

• Tata (ematpil ) install ONAP Montreal/London and made improvements

  • will show improvements Tata did and might contribute to OOM

  • Presentation shown: (Platform Customization-oom v2.pptx) .

  • → Enhancements proposed:

    • Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf

    • Logging enhancements,...

• Change "bash" to "sh"

• • https://gerrit.onap.org/r/q/topic:bashisms

  • Started by Orange, but not finished

  Describe ONAP component deployment via ArgoCD

  • datafile-collector (DFC)

    • patch created to remove MR dependency (https://corporategerrit.v1.easycla.lfx.linuxfoundation.org/#/loginDevelopment Guide: onap.org/r/c/dcaegen2/collectors/datafile/+/139981?usp=search)

    • Jenkins job manually triggered to create a docker image (https://lf-jenkins.onap.atlassian.netorg/wikiview/spacesdcaegen2/DW/pages/16220184/Required+Tools

    datafile-collector

    • job/dcaegen2-collectors-datafile-maven-docker-stage-master/)

    • Release patch required (TBD)

  • pm-mapper

    • Patch required to remove the MR dependency

  • Current issues:

    • DFC uses:

    • DMAAP message-router

      • DMAAP data-router

    • Problem:

      • DMAAP is deprecated and unmaintained and DCAE components are not deployed because of the DMaaP removal

    • possible solution

    • DFC uses Kafka-native connection (as e.g. VES-collector), example: https://git.onap.org/dcaegen2/collectors/ves/commit/?id=47195e4ac559963cd33dc155f219bd2b127ef025

    • data-router replacement or reactivation of DMaaP DR (or add DR to DCAE)

  • I take it to the TSC

• Shrikant.Tarale presented findings related to ONAP installation and usage of DB-Operators

  • Problems in MariaDB installation

    • found issues in template and created ticket: https://lf-onap.atlassian.net/browse/OOM-3324 → fix: https://gerrit.onap.org/r/c/oom/+/139909?usp=search

  • Problems in Cassandra startup (joining pods to cluster)

    • “serviceName” settings in SDC and AAI required, when “non-operator” deployment is used (e.g https://git.onap.org/oom/tree/kubernetes/aai/values.yaml?h=oslo#n49)

    • maybe a better documentation is required…

    #Service Name of the cassandra cluster to connect to.
    #Override it to aai-cassandra if localCluster is enabled.
    #in case of using k8ssandra-operator in the common cassandra installation
    #the service name is:
    serviceName: cassandra-dc1-service
    #in case of local k8ssandra-operator instance it is
    #serviceName: aai-cassandra-dc1-service
    #in case the older cassandra installation is used:
    #serviceName: cassandr

Others:

• • create "Application" config dir in oom repo ?

    • (Jack Lucas )

      • instead of re-activation of DMaaP DR

      • DFC could send the file directly to PM-Mapper

      • Possible enhancement would be a retry mechanism

      • or instead of sending the file to use an object-store as an intermediate storage between DFC and PM-Mapper

Open Jira issues:

T	Key	Summary	Assignee	Reporter	P	Status	Resolution	Created	Updated	Due
	OOM-3172	[Common] rendering issue of template "common.nginxIngress"	Alexander Dehn	Alexander Dehn		In Progress	Unresolved	Apr 27, 2023	Apr 27, 2023
	OOM-3171	service-mesh-wait-for-job-container fails, when no sidecar exists	Andreas Geissler	Andreas Geissler		Open	Unresolved	Apr 27, 2023	Apr 27, 2023
	OOM-3170	[SDNC] Support kafka native interface	Alexander Dehn	Alexander Dehn		In Progress	Unresolved	Apr 25, 2023	Apr 26, 2023
	OOM-3169	For SDNC setup consider new Websocketport	Alexander Dehn	Herbert Eiselt		In Progress	Unresolved	Apr 24, 2023	Apr 27, 2023
	OOM-3168	Introduce cassandra-operator to OOM	Andreas Geissler	Andreas Geissler		Open	Unresolved	Apr 24, 2023	Apr 24, 2023
	OOM-3167	DOC: change the plugin installation instructions	Marek Szwałkiewicz	Marek Szwałkiewicz		Open	Unresolved	Apr 24, 2023	Apr 24, 2023
	OOM-3166	Kiali Validation - KIA0601 - Port name must follow [-suffix] form	Fiete Ostkamp	Fiete Ostkamp		In Progress	Unresolved	Apr 19, 2023	Apr 19, 2023
	OOM-3165	Policy-gui Ingress target is wrong	Andreas Geissler	Andreas Geissler		Open	Unresolved	Apr 19, 2023	Apr 19, 2023
	OOM-3162	Update Strimzi Operator to 0.34.0 and Kafka to 3.4.3	Fiachra Corcoran	Andreas Geissler		Open	Unresolved	Apr 13, 2023	Apr 13, 2023
	OOM-3161	[COMMON] Add monitoring to postgres	Miroslav Masaryk	Miroslav Masaryk		Open	Unresolved	Apr 12, 2023	Apr 13, 2023
	OOM-3159	Update OOM documentation	Andreas Geissler	Andreas Geissler		Open	Unresolved	Mar 31, 2023	Apr 13, 2023
	OOM-3155	Review license scan issues	Andreas Geissler	David McBride		In Progress	Unresolved	Mar 30, 2023	Apr 26, 2023
	OOM-3153	Feature Freeze	Andreas Geissler	David McBride		Open	Unresolved	Mar 30, 2023	Mar 30, 2023	Mar 23, 2023
	OOM-3151	Improve stability in Daily Master Deployments	Andreas Geissler	Andreas Geissler		Open	Unresolved	Mar 21, 2023	Mar 21, 2023
	OOM-3149	The chartmuseum binary download URL not working in OOM deployment	Andreas Geissler	Sankar Palanivel		Open	Unresolved	Mar 09, 2023	Apr 13, 2023
	OOM-3147	Create authorization policy for platform	Unassigned	Andrew Lamb		Open	Unresolved	Mar 06, 2023	Mar 08, 2023
	OOM-3146	Create authorization policy for Holmes	Unassigned	Andrew Lamb		Open	Unresolved	Mar 06, 2023	Mar 08, 2023
	OOM-3145	Create authorization policy for CPS	Unassigned	Andrew Lamb		Open	Unresolved	Mar 06, 2023	Mar 08, 2023
	OOM-3144	Create authorization policy for Cassandra	Unassigned	Andrew Lamb		Open	Unresolved	Mar 06, 2023	Mar 08, 2023
	OOM-3143	Create authorization policy for Consul	Unassigned	Andrew Lamb		Open	Unresolved	Mar 06, 2023	Mar 08, 2023

...