Page Comparison

...

• Marek Szwałkiewicz Try to establish an ArgoCD deployment to provide an alternative the helm deloyment

  • in oom chart provide directory for ArgoCD application definitions

  • Will be used in Gating/Daily Pipelines

  • Fixes needed for Docker image build jobs: → work started
    https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-docker-merge-master/, https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-py3-docker-merge-master/

  TSC accepted ONAP component disabling: OOM New Delhi Release

  • Update healthchecks https://gerrit.onap.org/r/c/testsuite/+/138386 → need to release it

  • Patch to move charts to "archive" folder → https://gerrit.onap.org/r/c/oom/+/138709?usp=search

  • (TBD) smoke tests to exclude component related tests

• Update of Oslo Release info: Oslo Release Key Updates 

   Patches:

• Make ONAP production ready, Epic:

  Jira Legacy
  server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3288

  • Charts have host paths mounted (etc. /etc/localtime), which conflicts with common policies (at least in DT)
    

    • we need to check the OOM charts and remove these paths, if possible

    • e.g. https://gerrit.onap.org/r/c/oom/+/137479?usp=search (AAI)

    • Removed entries: https://gerrit.onap.org/r/c/oom/+/137689?usp=search

  • Kyverno Policy Patches

    • https://gerrit.onap.org/r/c/oom/+/138496 →

    • "common" chart →https://gerrit.onap.org/r/c/oom/+/138624?usp=search

    • POLICY: https://gerrit.onap.org/r/c/oom/+/138587?usp=search,

    • CPS

    • AAI

  • ...

Keycloak/Oauth2Proxy/Realm

Configurable REALM and AuthorizationPolicies:

Jira Legacy
server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3292

• Patch merged in New Dehli: https://gerrit.onap.org/r/c/oom/+/137736

Currently testing and enhancing in DT 

new patch (https://gerrit.onap.org/r/c/oom/+/138498?usp=search) →

• Update Operators, Keycloak,…

  • Update component versions and documents

• Logging improvement proposal (TCL) Mateusz Pilat 

  • All components have to log to STDOUT

  • They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)

  • A list will be provided for the required changes in components

  • Presentation next week in the TSC

• Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
  Used in Nephio

  • see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31

  • FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study

  • There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40

  • https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p

  • https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1

• Tata (ematpil ) install ONAP Montreal/London and made improvements
  

  • will show improvements Tata did and might contribute to OOM

  • Presentation shown: (Platform Customization-oom v2.pptx) .

  • → Enhancements proposed:

    • Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf

    • Logging enhancements,...

...