2020-01-21 Security Subcommittee Meeting Notes
Please fibd below the Minutes of Meetings and recording for the SECCOM meeting that was held on 21st of January 2020.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| ONAP SECCOM and CNTT alignement meeting | First meeting done between both communities. CNTT reference model has a security chapter. CNTT has Kubernetes Reference Architecture - a security chapter with a very initial content and goal is to ultimate only testable items. | CCNT to review Kubernetes CIS Benchmarks (v.1.4.1) | CNTT will check ONAP VNF security requirements. Joint meeting to be organized. |
| SECCOM F2F meeting | Meeting was focussed mainly on Frankfurt status updates in security domain. | Coverity scans to be check with fd.io – waiting for a feedback from Jessica. | Interesting discussions with Krzysztof and Robert on password storage in ONAP (we want to avoid storing passwords in the OOM CHART = different master password = different combo passwords in the components, and other topc is passwords that are generated for external components like for Openstack instance) – we should have written proposals that could be reviewed within SECCOM, proposal to use user management from ODL – to be checked. E-mail to be sent to Robert and Krzysztof. Impact of the selected feature to be checked. Vault should be introduced to ONAP community for handling secrets. |
| CIS benchmark | Ongoing implementation of Kubebench | Should be working by the end of the day and it would be tested every day. | Fabian made a script to verify which container runs as root. + pods that are using unlimited resources. |
| Service Mesh summary by Sylvain Desberaux |
| Maesh and Kuma do not work very well. For Consul Connect 2 issues opened - one of them still not solved. ISTIO is less greedy than AAF. No tests on the delay. | PoC with core components working in Frankfurt release however:
Guilin "official" support of service mesh. Requirements to be colected to compare Service mesh and AAF. Draft for Authentication and Authorisation to be prepared by Amy. Pawel Baniewski will present at the Archi meeting options for CMPv2 proposal. |
| ONAP - DCAE communication matrix | Presentation provided at the F2F in Prague. |
| Ingress controller to be taken into account for a communication matrix. |
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 28TH OF JANUARY'20 |
|
|
|