OOM Meeting Notes - 2021-05-19

Agenda:

• Bugs in H release:  @Marat Salakhutdinov

  • most of them because AAF is disabled

  • maybe work on a specific gate system for that with people who wants it

  • two bugs are merged:

    • https://gerrit.onap.org/r/c/oom/+/121338

    • https://gerrit.onap.org/r/c/oom/+/121323

    • cherry pick?

  • a bug on DMAAP MR:

    • DMAAP-1609: DMaaP message router pod does not start with disabled aafClosed

  • SDC doesn't start as dedicated DB (with subcharts part) → need to validate the exact situation (at least 'if local part' is missing but other stuff may be also missing)

  • some "gating" environment may be proposed by Bell in order to validate all patch against this configuration

• Kubernetes version and dual stack status update: @Magdalena Biernacka @Daniel Milaszkiewicz
  
  

  • https://gerrit.onap.org/r/c/oom/+/121369 → provided dual stack for all services running on k8s 1.20 and using service template

• ONAP vF2F: @damian.nowak
  
  

  • 3 slots proposed:

    • OOM: what has been done in H

    • OOM: plans for I: @Sylvain Desbureaux @Krzysztof Opasiak (consider to  ask for 60min)

      • couple of slides on dual stack

      • slides on monitoring (prometheus + spring boot "enabler")

      • internal helm repository

    • service mesh and logging: @Byung-Woo Jun @Sylvain Desbureaux @Krzysztof Opasiak (already 60min)

• service mesh initiative rererebooted: @Sylvain Desbureaux @Byung-Woo Jun @Gareth Roper
  
  

  • 3 topics:

    • make (subset of) ONAP to run on a "simple" service mesh (mTLS, no AAA)

      • dmaap mr is OK

      • AAI is ongoing → https://gerrit.onap.org/r/c/oom/+/120964

      • SDC

      • SO (subset of)

      • SDNC

      • (VID)

    • AAA

      • onboard roles and realm on Keycloak for tests / reference implementation (use of OIDC / JWT)

        • in progress @Krzysztof Opasiak

      • add oauth2 proxy in the solution to redirect unauthenticated traffic to SSO Portal (keycloak as example)

        • prototype was OK but then istio has changed the conf part

      • add some rules to enforce (AuthorizationPolicy)

        • work by @rouzaut in order to automatically create a bunch of them

      • add some service accounts (work ongoing)

    • add reference implementation for "PaaS" part installation (keycloak, prometheus, istio, cert-manager, ...) and use it during gating/daily installations

• prometheus monitoring and internal ports: @Lukasz Grech @Sylvain Desbureaux

  • patch ongoing : https://gerrit.onap.org/r/c/oom/+/121390

  • needs to add label on internal service

• idea: move to operator?

  • what would be the work to do?

  • how to transform common part in to "common for operator" (services, secrets, aaf, repositories, ...)?

Next meeting:

• chartmuseum integration