Agenda

Video:

Today's topic:

Istio TLS version
- Is Istio/Ingress supporting TLS 1.3, tested in the new ArgoCD environment
- https://istio.io/latest/docs/tasks/security/tls-configuration/workload-min-tls-version/
- needs to be documented (TBD)
ArgoCD deployment
- 2 Parts of a gating solution:
  - Gitlab project to start a pipeline to deploy the nodes/network (terraform), create Kubernetes cluster (via kubespray), deploy ArgoCD and register Project/Applications
  - Gitlab project (later part of OOM) including the ArgoCD Application configurations for Infrastructure components (Istio, operators) and ONAP components
  - Found a number of issues during tests and fixed them:
    - https://gerrit.onap.org/r/c/oom/+/140331?usp=search (SDNC size limit)
    - https://gerrit.onap.org/r/c/oom/+/140325?usp=search (Optional jobAnnotations)
    - https://gerrit.onap.org/r/c/oom/+/140382?usp=search (Update MariaDB Operator and template, Fix SO resource limits)
    - …
Fixes for Security Vulnerabilities
PM usecases require DCAE components (@Viresh Navalli ):
- datafile-collector (DFC)
  - patch created to remove MR dependency (https://gerrit.onap.org/r/c/dcaegen2/collectors/datafile/+/139981?usp=search)
  - Jenkins job manually triggered to create a docker image (https://jenkins.onap.org/view/dcaegen2/job/dcaegen2-collectors-datafile-maven-docker-stage-master/)
  - Release patch required (TBD)
- pm-mapper
  - Patch required to remove the MR dependency
- Current issues:
  - DFC uses:
    - DMAAP data-router
  - Problem:
    - DMAAP is deprecated and unmaintained and DCAE components are not deployed because of the DMaaP removal
  - possible solution (@Jack Lucas )
    - instead of re-activation of DMaaP DR
    - DFC could send the file directly to PM-Mapper
    - Possible enhancement would be a retry mechanism
    - or instead of sending the file to use an object-store as an intermediate storage between DFC and PM-Mapper

Open Jira issues:

T	Key	Summary	Assignee	Reporter	P	Status	Resolution	Created	Updated	Due

Key	Summary	Assignee	Reporter	Status	Resolution	Created	Updated	Due
OOM-3172	[Common] rendering issue of template "common.nginxIngress"	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3171	service-mesh-wait-for-job-container fails, when no sidecar exists	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3170	[SDNC] Support kafka native interface	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 25, 2023	Apr 26, 2023
OOM-3169	For SDNC setup consider new Websocketport	Alexander Dehn	Herbert Eiselt	In Progress	Unresolved	Apr 24, 2023	Apr 27, 2023
OOM-3168	Introduce cassandra-operator to OOM	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3167	DOC: change the plugin installation instructions	Marek Szwałkiewicz	Marek Szwałkiewicz	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3166	Kiali Validation - KIA0601 - Port name must follow [-suffix] form	Fiete Ostkamp	Fiete Ostkamp	In Progress	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3165	Policy-gui Ingress target is wrong	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3162	Update Strimzi Operator to 0.34.0 and Kafka to 3.4.3	Fiachra Corcoran	Andreas Geissler	Open	Unresolved	Apr 13, 2023	Apr 13, 2023
OOM-3161	[COMMON] Add monitoring to postgres	Miroslav Masaryk	Miroslav Masaryk	Open	Unresolved	Apr 12, 2023	Apr 13, 2023
OOM-3159	Update OOM documentation	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 31, 2023	Apr 13, 2023
OOM-3155	Review license scan issues	Andreas Geissler	David McBride	In Progress	Unresolved	Mar 30, 2023	Apr 26, 2023
OOM-3153	Feature Freeze	Andreas Geissler	David McBride	Open	Unresolved	Mar 30, 2023	Mar 30, 2023	Mar 23, 2023
OOM-3151	Improve stability in Daily Master Deployments	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 21, 2023	Mar 21, 2023
OOM-3149	The chartmuseum binary download URL not working in OOM deployment	Andreas Geissler	Sankar Palanivel	Open	Unresolved	Mar 09, 2023	Apr 13, 2023
OOM-3147	Create authorization policy for platform	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3146	Create authorization policy for Holmes	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3145	Create authorization policy for CPS	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3144	Create authorization policy for Cassandra	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3143	Create authorization policy for Consul	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023

Showing 20 out of 103 issues Refresh

Backlog from older meetings (to be cleaned up)

Pending component fixes:

(2023-05-03: No update)

CDS-UI
CCSDK-3814 - CDS-UI must be able to listen on HTTP Open → DT /TM has a look
- maybe postpone to M
SO Monitor
SO-4027 - Make SO-Service-Monitor ServiceMesh compatible Open → Byung mentioned, that E/// team try to resolve the issue (Byung's note: It was assigned to Viresh Navalli, Capgemini. E/// plans to assist Viresh as needed.)
→ postpone to Montreal
CLI will not work without fix... (
OOM-3096 - [CLI] Remove AAF dependency Delivered )
UUI - not clear if working
- MSB issue reported:
  MSB-755 - The route from the MSB module to the usecase-ui module does not support HTTP Closed (helong <hwx171157@163.com>)

Helm chart cleanup:

OOM-2975 - Remove dependencies on AAF Open

(2023-05-10: No update)

Common → Andreas
Platform
MSB
VFC

Ingress enhancements for non-HTTP interfaces:

External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- Doc: Test external Kafka access in London
SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy

Oauth2-proxy setup (Andreas):

(2023-05-03: No update)

Documentation: Oauth2-Proxy implementation and configuration
Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445

OOM Meeting Notes - 2025-03-05

Agenda