2020-09-15 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the  SECCOM meeting that was held on 15th of September 2020.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

SECCOM elections

Please validate your company representative status to be able to vote as requested by Kenny in his e-mail.

done

To know when elections are scheduled.

 

Guilin M4 status update 

To be provided by SECCOM requirements leaders - requirements

ongoing

M4 deadline shifted to next TSC on 17th of September.

 

Meeting with David last Friday for Correlation of Guilin Issues to Release Requirements and Component Commitments

Requirements under review:

  • Upgrades on java (REQ-351)

  • Upgrades on Python (REQ-373)

  • Ensuring HTTPS runs (REQ-231)

  • Non running as root (REQ-362)

  • Limits on amount of resources that are consumed by a container - part of CIS Benchmak (REQ-356REQ-357)

There are tests built for the pipeline for all of above. If not meeting those requirements, exception process must be issued, so integration team could white list it and not block the tests.

Krzysztof presented on the last PTL call how to remove Python2 interpreter. 

 

 

 

PTL update

Maintenance release – too much proces.

Issue with Windriver lab

HELMv2 EoL – Krzysztof - https://helm.sh/blog/helm-v2-deprecation-timeline/ - next step – TSC meeting, suggestion to migrate in RC0. Impact only on OOM.

 

 

 

TSC update

Need to present the table and how we are going to handle it.

Need to present HELMv2 EoL.

 

To synch up with Morgan, on who is going to fill-out the table with exceptions.

Amy to check for availability.

 

Last SECCOM actions review

Ticket was opened to LFN IT (Nexus replacement with Harbor) but no response yet.

Fabian has service account and authorization policy.

 

 

 

E-mail was sent to Seshu (for Flow matrix update for SO), but no response received so far. 

 

 

 

Sylvain need to modofy the code to give achance to install ONAP with or without Service Mesh.

 

Open Networking & Edge Summit North America 2020
September 28 & 29, 2020 (Virtual Event)

 

Samuli and Amy will present a topic at ONES - presentation  to be shared with SECCOM 

 

LFN Fall Technical Meetings October 13 - 15, 2020

Topics from SECCOM: Service Mesh and packges upgrades.

 

Fabian to share outputs from Service Mesh and flow matrix.

Flow matrix must be top Priority for Honolulu release and its lack shall be blocking. 

To review the logs to collect flow matrix inputs! For external one we must get the info from PTLs, for internal we can get info from Service Mesh Kiali.

 

CII Badging

Session to be organized by Tony  at the PTLs call just after M4 is completed.

 

To review Silver level questions for nomination for PTLs work in Honolulu release.

 

Redhat presentation for ONAP container registry

To be shared with SECCOM distribution list.

 

 

 

MVP for ONAP

For the definition it could be based on exception fields.

 

Check list shall be defined and discussed.

 

Service account - update

One service account can be shared with several pods.

 

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 22nd OF SEPTEMBER'20. 

MVP check list.

CII Silver level questions

 

 

 

Recording

 

SECCOM presentation