Page Comparison

...

ONAP release branching
- "newdelhi" branch for OOM
TSC accepted ONAP component disabling: OOM New Delhi Release
- New AAI patch (DMaaP independency for AAI-resources) https://gerrit.onap.org/r/c/oom/+/137990?usp=search
- TBD:
- Patch to disable components
- TBD: Update healthchecks, smoke tests to exclude component related tests
Update of New Delhi Key Updates: New Delhi Release Key Updates
Logging improvement proposal (TCL) Mateusz Pilat
- All components have to log to STDOUT
- They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)
- A list will be provided for the required changes in components
- Presentation next week in the TSC
Patches:
- Make ONAP production ready, Epic:
  Jira Legacy
  server System Jira
  serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176
  key OOM-3288
  - Charts have host paths mounted (etc. /etc/localtime), which conflicts with common policies (at least in DT)
    - we need to check the OOM charts and remove these paths, if possible
    - e.g. https://gerrit.onap.org/r/c/oom/+/137479?usp=search (AAI)
    - Removed entries: https://gerrit.onap.org/r/c/oom/+/137689?usp=search
  - Kyverno Policy Patches
    - https://gerrit.onap.org/r/c/oom/+/137861?usp=search → common charts
    - https://gerrit.onap.org/r/c/oom/+/137817?usp=search → common/mongodb
    - ...
  - ...
- Keycloak/Oauth2Proxy/Realm
  - Configurable REALM and AuthorizationPolicies:
    Jira Legacy
    server System Jira
    serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176
    key OOM-3292
    - Patch ready: https://gerrit.onap.org/r/c/oom/+/137736
    - Review with Mateusz Pilat on Friday
Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio
- see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31
- FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study
- There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40
- https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p
- https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1
Tata (ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
  - Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
  - Logging enhancements,...

...

External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- Doc: Test external Kafka access in London
SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy

...

(2023-05-03: No update)

Documentation: Oauth2-Proxy implementation and configuration
Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699

...

Versions Compared

Old Version 1

New Version Current

Key