Attendee-List:
Agenda
Video:
Today's topic:
Check Versions: https://lf-onap.atlassian.net/wiki/spaces/DW/pages/16415999/Database+Java+Python+Docker+Kubernetes+and+Image+Versions
ubuntu@control01-daily-master-sm:~$ kubectl get pods --all-namespaces -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c 1 curlimages/curl:7.85.0 10 docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:0.34.0 1 docker.io/curlimages/curl:7.85.0 1 docker.io/grafana/grafana:9.3.6 22 docker.io/istio/install-cni:1.23.1 2 dockerhub.devops.telekom.de/bitnami/postgresql:17.0.0-debian-12-r3 2 dockerhub.devops.telekom.de/busybox:1.32 2 dockerhub.devops.telekom.de/istio/pilot:1.23.1 48 dockerhub.devops.telekom.de/istio/proxyv2:1.23.1 18 dockerhub.devops.telekom.de/k8scloudprovider/cinder-csi-plugin:v1.22.0 6 dockerhub.devops.telekom.de/k8scloudprovider/openstack-cloud-controller-manager:v1.25.3 2 dockerhub.devops.telekom.de/k8ssandra/cass-operator:v1.22.4 2 dockerhub.devops.telekom.de/k8ssandra/k8ssandra-operator:v1.20.2 2 dockerhub.devops.telekom.de/kubernetesui/dashboard:v2.7.0 2 dockerhub.devops.telekom.de/kubernetesui/metrics-scraper:v1.0.8 16 dockerhub.devops.telekom.de/library/nginx:1.25.2-alpine 1 grafana/grafana:9.3.6 110 quay.io/cilium/cilium:v1.13.4 4 quay.io/cilium/operator:v1.13.4 2 quay.io/google-cloud-tools/kube-eagle:1.1.4 2 quay.io/jetstack/cert-manager-cainjector:v1.16.1 2 quay.io/jetstack/cert-manager-controller:v1.16.1 2 quay.io/jetstack/cert-manager-webhook:v1.16.1 2 quay.io/keycloak/keycloak:22.0.4 2 quay.io/kiali/kiali-operator:v1.89.7 2 quay.io/kiali/kiali:v1.89.7 4 quay.io/kiwigrid/k8s-sidecar:1.22.0 2 quay.io/kubernetes_incubator/nfs-provisioner:v2.3.0 6 quay.io/prometheus-operator/prometheus-config-reloader:v0.63.0 2 quay.io/prometheus-operator/prometheus-operator:v0.63.0 2 quay.io/prometheus/alertmanager:v0.25.0 22 quay.io/prometheus/node-exporter:v1.5.0 2 quay.io/prometheus/prometheus:v2.42.0 2 quay.io/strimzi/operator:0.43.0 4 registry.k8s.io/coredns/coredns:v1.10.1 2 registry.k8s.io/cpa/cluster-proportional-autoscaler:v1.8.8 22 registry.k8s.io/dns/k8s-dns-node-cache:1.22.28 2 registry.k8s.io/external-dns/external-dns:v0.15.0 6 registry.k8s.io/kube-apiserver:v1.28.6 6 registry.k8s.io/kube-controller-manager:v1.28.6 22 registry.k8s.io/kube-proxy:v1.28.6 6 registry.k8s.io/kube-scheduler:v1.28.6 2 registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.8.0 2 registry.k8s.io/metrics-server/metrics-server:v0.6.4 2 registry.k8s.io/sig-storage/csi-attacher:v3.3.0 16 registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0 2 registry.k8s.io/sig-storage/csi-provisioner:v3.0.0 2 registry.k8s.io/sig-storage/csi-resizer:v1.3.0 2 registry.k8s.io/sig-storage/csi-snapshotter:v5.0.0 18 registry.k8s.io/sig-storage/livenessprobe:v2.5.0 2 registry.k8s.io/sig-storage/snapshot-controller:v4.2.1
Testing environment disrupted by connection problems between DT and CogentCo
New SDNC patch (https://gerrit.onap.org/r/c/oom/+/139164) tests started, Sanket tests SO changes
Need a fix for the Java Memory (sdnc pod)
Need update of PythonSDK/Xtesting images for RFC8040 interface usage (ToDo Michal)
Update Robot testcases for Biermann interface removal
Marek Szwałkiewicz Try to establish an ArgoCD deployment to provide an alternative the helm deloyment
in oom chart provide directory for ArgoCD application definitions
Will be used in Gating/Daily Pipelines
Fixes needed for Docker image build jobs: →
https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-docker-merge-master/, https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-py3-docker-merge-master/
Update of Oslo Release info: Oslo Release Key Updates
Update Operators, Keycloak,…
Update component versions and documents
Logging improvement proposal (TCL) Mateusz Pilat
All components have to log to STDOUT
They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)
A list will be provided for the required changes in components
Presentation next week in the TSC
Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in NephioFYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study
There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40
Tata (ematpil ) install ONAP Montreal/London and made improvements
will show improvements Tata did and might contribute to OOM
Presentation shown: (Platform Customization-oom v2.pptx) .
→ Enhancements proposed:
Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
Logging enhancements,...
Others:
Change "bash" to "sh"
Started by Orange, but not finished
Describe ONAP component deployment via ArgoCD
create "Application" config dir in oom repo ?
Open Jira issues:
T | Key | Summary | Assignee | Reporter | P | Status | Resolution | Created | Updated | Due |
|---|---|---|---|---|---|---|---|---|---|---|
Alexander Dehn | Alexander Dehn |  | In Progress | Unresolved | Apr 27, 2023 | Apr 27, 2023 | ||||
service-mesh-wait-for-job-container fails, when no sidecar exists | Andreas Geissler | Andreas Geissler | | Open | Unresolved | Apr 27, 2023 | Apr 27, 2023 | |||
Alexander Dehn | Alexander Dehn | | In Progress | Unresolved | Apr 25, 2023 | Apr 26, 2023 | ||||
Alexander Dehn | Herbert Eiselt | | In Progress | Unresolved | Apr 24, 2023 | Apr 27, 2023 | ||||
Andreas Geissler | Andreas Geissler | | Open | Unresolved | Apr 24, 2023 | Apr 24, 2023 | ||||
Marek Szwałkiewicz | Marek Szwałkiewicz |  | Open | Unresolved | Apr 24, 2023 | Apr 24, 2023 | ||||
Kiali Validation - KIA0601 - Port name must follow [-suffix] form | Fiete Ostkamp | Fiete Ostkamp | | In Progress | Unresolved | Apr 19, 2023 | Apr 19, 2023 | |||
Andreas Geissler | Andreas Geissler | | Open | Unresolved | Apr 19, 2023 | Apr 19, 2023 | ||||
Fiachra Corcoran | Andreas Geissler | | Open | Unresolved | Apr 13, 2023 | Apr 13, 2023 | ||||
Miroslav Masaryk | Miroslav Masaryk | | Open | Unresolved | Apr 12, 2023 | Apr 13, 2023 | ||||
 | Andreas Geissler | Andreas Geissler | | Open | Unresolved | Mar 31, 2023 | Apr 13, 2023 | |||
Andreas Geissler | David McBride | | In Progress | Unresolved | Mar 30, 2023 | Apr 26, 2023 | ||||
| Andreas Geissler | David McBride | | Open | Unresolved | Mar 30, 2023 | Mar 30, 2023 | Mar 23, 2023 | ||
Andreas Geissler | Andreas Geissler | | Open | Unresolved | Mar 21, 2023 | Mar 21, 2023 | ||||
The chartmuseum binary download URL not working in OOM deployment | Andreas Geissler | Sankar Palanivel |  | Open | Unresolved | Mar 09, 2023 | Apr 13, 2023 | |||
Unassigned | Andrew Lamb | | Open | Unresolved | Mar 06, 2023 | Mar 08, 2023 | ||||
Unassigned | Andrew Lamb | | Open | Unresolved | Mar 06, 2023 | Mar 08, 2023 | ||||
Unassigned | Andrew Lamb | | Open | Unresolved | Mar 06, 2023 | Mar 08, 2023 | ||||
Unassigned | Andrew Lamb | | Open | Unresolved | Mar 06, 2023 | Mar 08, 2023 | ||||
Unassigned | Andrew Lamb | | Open | Unresolved | Mar 06, 2023 | Mar 08, 2023 |
Showing 20 out of 103 issues Refresh
Backlog from older meetings (to be cleaned up)
Pending component fixes:
(2023-05-03: No update)
CDS-UI
CCSDK-3814 - CDS-UI must be able to listen on HTTP Open → DT /TM has a look
maybe postpone to M
SO Monitor
→ postpone to MontrealCLI will not work without fix... (
UUI - not clear if working
Helm chart cleanup: OOM-2975 - Remove dependencies on AAF Open
(2023-05-10: No update)
Common → Andreas
Platform
MSB
VFC
Ingress enhancements for non-HTTP interfaces:
External Kafka access
→ https://gerrit.onap.org/r/c/oom/+/133767SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy
Oauth2-proxy setup (Andreas):
(2023-05-03: No update)
Documentation: Oauth2-Proxy implementation and configuration
Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699
To be started:
(2023-05-03: No update)
Ingress template improvements:
Remove unused components:
- OOM-3074 - Remove components and options from charts Open
MariaDB:
- OOM-3072 - Resolve and improve the existing MariaDB-Galera templates Open → DT (with TM) to investigate
Remove NodePort in Ingress environments:
- OOM-3012 - Remove NodePort in Service definitions under ServiceMesh In Progress → will be automatically fixed with cleanups
UDP Ingress support:
UDP Nodeport support in _service-tpl
Possible solution: UDPRoute support in Gatway-API
Others:
(2023-05-03: No update)
SDC Listener HTTP issue
SDC-4233 - SDC Distribution Client should work with lower-case Header entries Closed → Marek provided patch → merged, need to be released and can be used in the clients
When released, all clients need to be updated (CDS, AAI, Policy, SO, ...)
Create tickets for all clients....
2023-05-31: Discussed presentation to TSC/PTL meeting proposing a new global requirement to rely (exclusively) on service mesh mechanisms for intra-ONAP authentication and authorization (get rid of HTTP basic auth). To be presented to TSC on 2023-06-01.