Attendee-List:
...
- DB Operators:
- Postgres-operator → https://gerrit.onap.org/r/c/oom/+/136179?usp=search
- needed patches for CPS, Multicloud, UUI
- MariaDB Operator needs to be updated to 0.27.0
- Means also update of CRD !!
- Update of documentation and template (TBD)
- MongoDB
- Internal DB (Bitnami) update → https://gerrit.onap.org/r/c/oom/+/137439?usp=search
- Operator (Percona) → (TBD) https://gerrit.onap.org/r/c/oom/+/136873?usp=search
- Postgres-operator → https://gerrit.onap.org/r/c/oom/+/136179?usp=search
- Readiness patches for MariaDB-operator based components
- https://gerrit.onap.org/r/c/oom/+/137498 flexible check target
- better: more flexible ReadinessCheck to e.g. to wait for CR readiness (https://git.onap.org/oom/readiness/)
- Check "Service" and use Selector to get the pods → STS/Depl
- SDNC API update
- Sanket found the issues and we clarified with the CCSDK team, that the SO will be changed to be compatible with the RFC API
- see: https://onapproject.slack.com/archives/C01CXF3JH2L/p1709822174923959
- SDNC Bug:
- DGBuilder not working →
createdJira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key SDNC-1836 - no further news..
- DGBuilder not working →
- Charts have host paths mounted (etc. /etc/localtime), which conflicts with common policies (at least in DT)
- we need to check the OOM charts and remove these paths, if possible
- e.g. https://gerrit.onap.org/r/c/oom/+/137479?usp=search (AAI)
- Question: is the /etc/localtime required by components to set the timezone ?
- Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio - Keycloak/Oauth2Proxy/Realm
- Update of Keycloak version
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3267 - Update of Oauth2Proxy version (7.5.1) and update of configuration (check with Mateusz Pilat ):
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key OOM-3268 - Received charts for "authentication" creating:
- Keycloak deployment
- Realm creation for keycloak
- Oauth2 setup and configuration incl. Redis setup
- Created a page to sum up the proposal (Improvement for NewDelhi Release)
- Questions:
- MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
vs. RequestAuthentication Oauth2-proxy config
- MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
- Questions:
- Received charts for "authentication" creating:
- Update of Keycloak version
- Strimzi/Kafka Update
- Currently testing strimzi-operator update and Kafka update 3.4.0→3.6.x
- Possibly the MR is not compatible with a new Kafka version
- I checked with Fiachra Corcoran , he thinks Lifeness/Readiness probes
- DMaaP removal, components updates
- DCAE:
- dcae-ves-collector → https://gerrit.onap.org/r/c/oom/+/137002?usp=search code: https://git.onap.org/dcaegen2/collectors/ves/commit/?id=47195e4ac559963cd33dc155f219bd2b127ef025
- dcae-prh → , https://gerrit.onap.org/r/c/oom/+/137153
- dcae-pmsh
- dcae-tcagen2
- dcae-son-handler
- dcae-slice-analysis-ms
- dcae-heartbeat
- dcae-kpi-ms
- dcae-datafile-collector
- dcae-snmptrap-collector
- (UPDATE info by DT) So there is a DCAE SDK for interaction with DMaaP.
We have changed the implementation of that SDK to talk to Kafka directly.
This new SDK is now used in VES collector and PRH services.
If other services are using the SDK to talk to DMaaP, they can use this new version now.
We have updated documentation of this SDK as well.https://docs.onap.org/projects/onap-dcaegen2/en/latest/sections/sdk/apis.html
- NBI → is archived, DT has a fork and implement the DMaaP removal (maybe remove from OOM deployment)
- AAI-resources → planned by DT
- SO-bpmn-infra → planned by DT
- SDC-BE → patch provided: https://gerrit.onap.org/r/c/oom/+/137197
- Policy →
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key POLICY-4941 - apex-pdp
- xacml-pdp
- apew-pdp
- → The implementation in the images is done, but a OOM patch is required
- SDNC
- dmaap-listener
- Holmes
- DCAE:
- Tata (ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
- Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
- Logging enhancements,...
...
- External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
- Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy
...
(2023-05-03: No update)
- Documentation: Oauth2-Proxy implementation and configuration
- Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
- Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699
...