...
- Platform version updates: Andreas Geißler
- Kubespray, as part of Integration Chains (2.17 → 2.18)
- Kubernetes (1.21.5 → 1.22.5)
- Helm (3.6.3 → 3.7.1)
- Istio (1.10.2 → 1.13.1)
- ...
- Cassandra updates: (DT team is trying to support)
- Version update
- Use proper resource settings (flavors for testing, production,...)
- Remove AAF dependencies Fiachra Corcoran
- DMaaP
ONAP "Networking" Options (to be clarified with SECCOM/ARC) and discussion required....
Code Block # Global ingress configuration ingress: enabled: false virtualhost: baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production serviceMesh: enabled: false tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd
- General Assumption: AAF replacement → No support for Container Port encryption
Option 1: (serviceMesh.enabled: false, ingress.enabled: false)
- internal encryption: NO
- external communication:
- Enable Service Nodeports
- No encryption one nodeports
Option 2: (serviceMesh.enabled: false, ingress.enabled: true)
- internal encryption: NO
- external communication:
- Disable Service Nodeports
- Enable Ingress (nginx)
- Encryption on Ingress port (optional)
- Option 3: (serviceMesh.enabled: true, serviceMesh.tls: true, ingress.enabled: true)
- internal encryption: YES
- external communication:
- Disable Service Nodeports
- Enable Ingress (IstioGatway)
- Encryption on Ingress port (optional)
- Ingress setup: (SO/Ericsson)
- Ingress will be the default deployment option (via Nginx Ingress or Istio Gateway?).
- No more access via NodePort per default → need to change the charts and remove all NodePort configurations...
- → maybe instead of
- No more access via NodePort per default → need to change the charts and remove all NodePort configurations...
- IstioGateway/VirtualService(s) creation for ServiceMesh
- Certificate creation for Ingress (in platform ?) - https://istio.io/latest/docs/ops/integrations/certmanager/#:~:text=Usage-,Istio%20Gateway,as%20the%20istio%2Dingressgateway%20deployment.
- Ingress will be the default deployment option (via Nginx Ingress or Istio Gateway?).
- Service Mesh (Istio) support
- Document Istio Installation (PaaS doc)
- Create Daily SM pipeline (check with Integration Team)
- Component SM support:
- Multicloud Andreas Geißler
- Policy Andreas Geißler
- DCAE Gareth Roper
- OOF Adrian Matthews
- VFC Andrew Lamb
- Modeling Andrew Lamb
- A1PolicyManagement
- UUI
- others (e.g. VFC, OOF,...)Contrib (NetBox, AWX) Andreas Geißler
- NBI
- MSB ? - is that needed ?
- Holmes
- DCAEMOD - seems to work already
- DMaaP (disable AAF dependency)
- AuthorizationPolicy resources for each component ("Step 2")
- RBAC ("Step 3")
- Keycloak installation and configuration
- OOM deployment options
- Kubespray installation (DT)
- ArgoCD support
- OOM Documentation
- which repos to maintain
- oom → yes
- offline-installer ?
- platform/cert-service ?
- Content:
- Release Notes:
- Only one location for Release Notes (OOM repo) ?
- Remove links to old Release Notes
- OOM PaaS
- What should be described and added?
- Istio stetup
- Keycloak ?
- OOM Quick guide
- Document "traditional" Helm installation using released charts from the Nexus repo instead of cloning the oom repo and building charts locally
- OOM Project Description
- OOM User Guide
- OOM Developer Guide
- OOM HA guide
- OOM Ingress Setup
- Release Notes:
- which repos to maintain
...