OOM Kohn Release Proposal

Collection (not ordered by priority)

• Platform version updates: @Andreas Geißler 

  • Kubespray, as part of Integration Chains (2.17 → 2.18)

  • Kubernetes (1.21.5 → 1.22.5)

  • Helm (3.6.3 → 3.7.1)

  • Istio (1.10.2 → 1.13.1)

  • ...

• Cassandra updates: (DT team is trying to support)

  • Version update

  • Use proper resource settings (flavors for testing, production,...)

• Remove AAF dependencies @Fiachra Corcoran 

  • DMaaP

• ONAP "Networking" Options (to be clarified with SECCOM/ARC) and discussion required....

  # Global ingress configuration ingress: enabled: false virtualhost: baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production serviceMesh: enabled: false tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd

  
  
  

  • General Assumption: AAF replacement → No support for Container Port encryption

  • Option 1: (serviceMesh.enabled: false, ingress.enabled: false)

    • internal encryption: NO

    • external communication:

      • Enable Service Nodeports

      • No encryption one nodeports

  • Option 2: (serviceMesh.enabled: false, ingress.enabled: true)

    • internal encryption: NO

    • external communication:

      • Disable Service Nodeports

      • Enable Ingress (nginx)

      • Encryption on Ingress port (optional)

  • Option 3: (serviceMesh.enabled: true, serviceMesh.tls: true, ingress.enabled: true)

    • internal encryption: YES

    • external communication:

      • Disable Service Nodeports

      • Enable Ingress (IstioGatway)

      • Encryption on Ingress port (optional)

• Ingress setup: (SO/Ericsson) 

  • Ingress will be the default deployment option (via Nginx Ingress or Istio Gateway?).

    • No more access via NodePort per default → need to change the charts and remove all NodePort configurations...

      • → maybe instead of 

  • IstioGateway/VirtualService(s) creation for ServiceMesh

  • Certificate creation for Ingress (in platform ?) - https://istio.io/latest/docs/ops/integrations/certmanager/#:~:text=Usage-,Istio%20Gateway,as%20the%20istio%2Dingressgateway%20deployment.

• Service Mesh (Istio) support

  • Document Istio Installation (PaaS doc)

  • Create Daily SM pipeline (check with Integration Team)

  • Component SM support:

    • Multicloud @Andreas Geißler

    • Policy @Andreas Geißler 

    • DCAE @Gareth Roper 

    • OOF @Adrian Matthews 

    • VFC @Andrew Lamb 

    • Modeling @Andrew Lamb 

    • A1PolicyManagement

    • UUI

    • Contrib (NetBox, AWX) @Andreas Geißler 

    • NBI

    • MSB ? - is that needed ?

    • Holmes

    • DCAEMOD - seems to work already

    • DMaaP (disable AAF dependency)

  • AuthorizationPolicy resources for each component ("Step 2")

  • RBAC ("Step 3")

    • Keycloak installation and configuration

• OOM deployment options

  • Kubespray installation (DT)

  • ArgoCD support

• OOM Documentation

  • which repos to maintain

    • oom → yes

    • offline-installer ?

    • platform/cert-service ?

  • Content:

    • Release Notes:

      • Only one location for Release Notes (OOM repo) ?

      • Remove links to old Release Notes 

    • OOM PaaS

      • What should be described and added?

      • Istio stetup

      • Keycloak ?

    • OOM Quick guide

      • Document "traditional" Helm installation using released charts from the Nexus repo instead of cloning the oom repo and building charts locally

    • OOM Project Description

    • OOM User Guide

    • OOM Developer Guide

    • OOM HA guide

    • OOM Ingress Setup