2021-11-23 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Nov 25, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 23rd of November 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

ONAP Logging Architecture & design

Byung presented ONAP logging architecture:

In there (page 5), presented an old view of ONAP logging architecture (leveraging filebeat, logstash, others) Option A preferred. There are some reasons we don't want to use the architecture (filebeat not necessary):

1) Since the log sidecar is no longer favored by OOM and others after the global requirement REQ-441 - all ONAP applications generate log events to STDOUT/STDERR; so logging side car is no longer desired

2) LogStash has some license issue that is why Fluentbit (on each node) and FluentD as aggregator proposed

3) new architecture simplifies ONAP logging

Diagrams are editable in Gliffy.

Sylvain shared info on Orange docuementation: https://gitlab.com/Orange-OpenSource/lfn/infra/kubernetes_cofor gating llection

ongoing

Resources supporting this project are welcome.

To elaborate how to assure security for Fluenbit and FluenntD communication - maybe service mesh proxy could be used.

Byung will be back from PTO in January.

 

Synch of versions with OOM and Integration teams 

  • Kubernetes version synch (1.20 vs. 1.19) for Istanbul, for 1.19 support ended 30 September 2021 - K8s ployments on Azure for gating used - we have no control over the version and with 1.20 Maria DB did not work that is why 1.19 is used. Currently 1.22 for preview only.

  • Helm 3.6.0 vs. 3.6.3 - for Jakarta compatibility issue for HELM 3.7 to deploy and push - name has changed. 

  • Docker 20.10.6 vs. 19.03.x <- do we need to recommend Docker? Lot of K8s deployment are not using Docker but Containerd.

ongoing

Sylvain to get a monthly e-mail on possible move towards 1.22 and we would start on 1.21.2

 

SECCOM presentations for incoming DDF (January).

  • SECCOM topics backlog for DDF:

    • Logging requirements clarification

    • New requirements for Jakarta

    • Recommended versions (SECCOM and OOM)

    • Packages upgrades - Jakarta update

    • Unmaintained code handling and its impact on documentation (SECCOM + Documentation) - main session stream

    • Code quality demo - main session stream

  • Interproject proposals:

    • SBOMs ONAP story

ongoing

Proposals to be reviewed next SECCOM (last minute)

 

TSC voting process for submitted requirements

Deadline is on 2nd of December.

ongoing

No action required on our side.

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 30th OF NOVEMBER'21. 

Part 1

Synch with OOM (Sylvain)

ONAP Logging Architecture & design by Byung.

SECCOM proposal for DDF:

  • Logging requiremets clarification

  • New requirements for Jakarta

  • Recommended versions (SECCOM and OOM)

  • Packages upgrades - Jakarta update

  • Umnaintained code handling and its impact on documentation (SECCOM + Documentation) - main session stream

  • Code quality demo - main session stream

Interproject proposals:

  • SBOMs ONAP story

 

 

 

SECCOM MEETING CALL WILL BE HELD ON 30th OF NOVEMBER'21. 

Part 2

Request from the Policy project group (Ramesh and Liam) for the ‘cluster-admin’ permission on one of their helm charts in OOM for automate helm chart installation for microservice. 

 

 

 

Recording: 

 

SECCOM presentation: