2020-09-01 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 1st of September 2020.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| SECCOM elections | Please validate your company representative status to be able to vote as requested by Kenny in his e-mail. | ongoing | Please check this site. |
| Last PTL's meeting (31st of August) update | Takeaway from Pawel W. script run: For a number of containers version checker finds with multiple versions either Java or Python. Example conatainer is running both Python 2 and 3. It has to do with an image that has preloaded Python 2 and then developers go with Python 3 they need to run but not eliminate old Python 2. Numbers are not as good as we would expected but will improve by M4 milestone - people are in theprocess of delivering into the master branch. Some containers appear as out of scope ones -example hearbeat. Stay tuned by Friday Pawel will get an another copy o fthe script. |
ongoing
|
Requirement owners please update your M4 statuses in Jira by 10th of September. |
| Service Mesh PoC update by Krzysztof | Slowly but moving forward: we are ready in therms of Service Mesh itself. We know the design, we know that it work sat least for test appliction. What is left: to put that together with ONAP components. All depends how much ONAP community wouldlike to go into this direction. Instead of PoC naming aarchitectural change could be considered. Mostly it is about the authentication. Impact of architectural change into operators using now extensively AAF. Cert Initializer moved away from the projects to OOM and switch available to either use it or Service Mesh. |
| It might be that operators could need a more time to support Service Mesh architectural change = Istambul release.
Reach Architecture Subcommittee and TSC. List of project is critical to represent who is going to do the work. |
| HELMv2 EoL | https://helm.sh/blog/helm-v2-deprecation-timeline/ Amount of work to validate charts copmatibility to be evaluated based on Intern from Samsung. |
| Charts to be tested for their compatibilty with version 3. Krzysztof plans to first discuss it on OOM call. |
| Open Networking & Edge Summit North America 2020 |
|
|
|
| LFN Fall Technical Meetings October 13 - 15, 2020 |
Topics from SECCOM: Service Mesh and packges upgrades. |
| Fabian to share outputs from Service Mesh and flow matrix. |
| Guilin priorities | For secrets management some support from the community.- patches coming to fix hardcoded passwords. For no root access at least 3 components working to eliminte this issue. For All config files inside the main container should be ReadOnly - one project working hard on it. Automated security testing - still to be checked for status. MVP requirement is in the backlog. SIEM inegration for ONAP logs collection Some updates appreciated from Krzysztof. CII Badging - session planned on the PTLs call. in 2+ weeks. |
|
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 8th OF SEPTEMBER'20. |
|
|
|
Recording
SECCOM presentation