OOM Meeting Notes - 2021-05-05

Owned by Sylvain Desbureaux
May 05, 2021
1 min read



Agenda



  • Dual Stack networking:  @Magdalena Biernacka

    • K8S dual stack API is changing in K8S 1.20+

    • test:

      • add 2 new fields in service template

      • on k8s 1.20: ok on ipv4 and dual stack

      • on k8s 1.19:

        • NOK if values are provided

        • OK if values are provided

    • options:

    • move to 1.20 seems cleared!

  • Honolulu release leftovers: @Sylvain Desbureaux

    • tag 8.0.0 done on Friday

    • release note are not there yet

  • Honolulu maintenance release: @Sylvain Desbureaux

    • Mariadb enhancement for Camunda + reliability (issue is OOMKilled → raise up limits)

    • DCAE Dashboard

    • CNF Orchestration bugfixes

    • startupProbes would go to Istanbul

  • MR Guilin: almost done: @Sylvain Desbureaux

  • Service accounts: Farida Azmy

    • several reviews ongoing

    • some are ready to be merged IMHO (@Sylvain Desbureaux ) → set a +1 on them

  • Service mesh:

    • AAI service enablement: https://gerrit.onap.org/r/c/oom/+/120964 (Ondrej Frindrich)

      • need to check  it works as before without service mesh

      • need to be tested on service meshed platform

    • Keycloak integration for test (@Krzysztof Opasiak )

      • no progress

      • main blocking point: oom/paas repo creation

  • OOM on "hardened k8s": @Sylvain Desbureaux

    • using rke2 with cis-1.5 profile (https://docs.rke2.io/)

    • no Internet access (nexus)

    • using containerd (no docker)

    • default pod security policies enabled

    • in particular, we can't be root

    • using a subset of OOM

    • outcomes:

      • mostly works out the box

      • issue with mariadb galera (init containers needs to root) → specific policies to be created

      • issue on SDC where we tried to retrieve an image directly on docker.io (https://gerrit.onap.org/r/c/oom/+/121059)