Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Harbor feedback from TSC

Security Documentation – Harald

Service Mesh progress

Honolulu security requirements

Integration Testing – Sylvain

#1 Establish the list of enforcements planned for Guilin through the OOM gating

  • REQ-361 Automated certificate retrieval including HTTPS enablement
  • REQ-362 All containers must run as non root
  • REQ-373 Python 3.8 support – enforcement after notification from the PTLs that migration complete
  • REQ 351 Java Language 11 support – enforcement after notification from the PTLs that migration complete

#2Timeline for enforcement

#3 Establish a grace period so PTLs can communicate to their projects team

presented to PTLsREQ-368

Service Mesh POC – Sylvain

  • Automated deployment of Istio, CertManager, KeyCloak
  • Analyzing ONAP components for inclusion: Dmaap, AAI, etc
  • CertManager can use ACME, Venafi, Vault, self signed certs, external CA

Harbor presentation to TSC – Fabian

  • Solene to present to TSC 23/7

REQ-376

Flow Management – Fabian

REQ-323

Vulnerable package upgrade – Amir

Jackson databind upgrades complete for SDC – did not require much work

  • 2.x -> 2.11: no code changes
  • 1.x -> 2.11: minor code changes

    Solene provided presentation to TSC. We have a go decision for a PoC. LFN to be contacted to be in the loop for infra on which Harbor could be installed. Harbor v2 will be used and all images for Frankfurt will be scanned.

    Process for update was discussed (support for 1 release ba ck) and fixing vulnerability within 60 days period.

    ongoing

    To keep LFN in the loop for this PoC.

    To make a SCA tools (Nexus-IQ and Whitesource) demo for Fabian.

    REQ-376

    Service Mesh progress

    Slow but moving forward. Keyclock configuration job under migration. Automated deployment created for Cert and Cert Manager.

    Service Mesh PoC plan

    Phase 1: modify the code fro the components to provide possibility to use or not AAF.

    Flow matrix: 

    Still needs to be updated by some projects.

    ongoing






    To remind PTLs about Flow Matrix inputs that are required from the community.


    Last PTLs call update

    If a project is ran by a single company it has a status declined = project is at risk.

    Virtual event planned end of September:

    New Dates Open Networking & Edge Summit North America 2020  September 28 & 29, 2020 (Virtual Event is now confirmed) - https://lists.onap.org/g/onap-tsc/message/6513

    • ONAP TSC Abstract “ONAP and Cloud Native” was approved.


    ongoing
    REQ-323

    Packages upgrades

    Progress tracked:

    • SDC packages upgrade by Amir.
    • M2/M3 is August 6th
    ongoingto be presented to PTLs

    Licences in ONAPWaiting for TSC decision - feedback on impact provided by Krzysztof.ongoing
    REQ-377ONAP must implement IAM solutions

    M1 scorecard to be provided by Fabian. 

    ongoing






    OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 4th OF AUGUST'20. 

    Topics proposed:



    ...

    View file
    name2020-07-28_SECCOM_week.mp4
    height150

    SECCOM presentation

    View file
    name2020-07-28 ONAP Security Meeting - AgendaAndMinutes.pptx
    height150