Attendee-List:
...
- CI/CD for open source SMO (James Li) →
- Comments required:
- Created page: Feedback for OOM
- Additional :
- Comments required:
- Keycloak/Oauth2Proxy/Realm
- Update of Keycloak version
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3267 - Update of Oauth2Proxy version (7.5.1) and update of configuration (check with Mateusz Pilat ):
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3268 - Received charts for "authentication" creating:
- Keycloak deployment
- Realm creation for keycloak
- Oauth2 setup and configuration incl. Redis setup
- Created a page to sum up the proposal (Improvement for NewDelhi Release)
- Questions:
- MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
vs. RequestAuthentication Oauth2-proxy config
- MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
- Questions:
- Received charts for "authentication" creating:
- Update of Keycloak version
- SDNC API update
- today we had a meeting with Dan and Sanket to discuss the required changes for SO
- result: both SDNC and SO need to be upgraded as selflink attributes in SDNC are hardcoded
- Strimzi/Kafka Update
- Currently testing strimzi-operator update and Kafka update 3.4.0→3.6.x
- Possibly the MR is not compatible with a new Kafka version
- I checked with Fiachra Corcoran , he thinks Lifeness/Readiness probes
- DMaaP removal, components updates
- DCAE:
- dcae-ves-collector → https://gerrit.onap.org/r/c/oom/+/137002?usp=search code: https://git.onap.org/dcaegen2/collectors/ves/commit/?id=47195e4ac559963cd33dc155f219bd2b127ef025
- dcae-prh → Gating planned, https://gerrit.onap.org/r/c/oom/+/137153
- dcae-pmsh
- dcae-tcagen2
- dcae-son-handler
- dcae-slice-analysis-ms
- dcae-heartbeat
- dcae-kpi-ms
- dcae-datafile-collector
- dcae-snmptrap-collector
- (UPDATE info by DT) So there is a DCAE SDK for interaction with DMaaP.
We have changed the implementation of that SDK to talk to Kafka directly.
This new SDK is now used in VES collector and PRH services.
If other services are using the SDK to talk to DMaaP, they can use this new version now.
We have updated documentation of this SDK as well.https://docs.onap.org/projects/onap-dcaegen2/en/latest/sections/sdk/apis.html
- NBI → is archived, DT has a fork and implement the DMaaP removal (maybe remove from OOM deployment)
- AAI-resources → planned by DT
- SO-bpmn-infra → planned by DT
- SDC-BE → is checked and patch provided: https://gerrit.onap.org/r/c/oom/+/137197
- Michael Morris :
From SDC point of view yes, but for any components subscribing to the messages (using sdc-distribution-client or their own implementation)
then they will need to be updated to new kafka based version of sdc-distribution-client (2.0.1) or update their own impl if not using the sdc-distribution-client
sdc-BE and sdc-distibution-client were both updated to support using either DMaaP or kafka.
- Michael Morris :
- Policy
- apex-pdp
- xacml-pdp
- apew-pdp
- SDNC
- dmaap-listener
- Holmes
- DCAE:
- DB Operators:
- Postgres-operator → https://gerrit.onap.org/r/c/oom/+/136179?usp=search
- needed patches for CPS, Multicloud, UUI
- MongoDB → TBD https://gerrit.onap.org/r/c/oom/+/136873?usp=search
- Postgres-operator → https://gerrit.onap.org/r/c/oom/+/136179?usp=search
- Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio - Tata (ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
- Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
- Logging enhancements,...
Others:
...
- External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
- Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy
...
(2023-05-03: No update)
- Documentation: Oauth2-Proxy implementation and configuration
- Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
- Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699
...