Agenda

Video:

Today's topic:

Check Versions: https://lf-onap.atlassian.net/wiki/spaces/DW/pages/16415999/Database+Java+Python+Docker+Kubernetes+and+Image+Versions
- root@control01-daily-master-sm:/# kubectl get pods -n onap -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c 2 artifactory.devops.telekom.de/onap-repo/mariadb:10.1.38 2 artifactory.devops.telekom.de/onap-repo/memcached:alpine3.15 4 artifactory.devops.telekom.de/onap-repo/onap/aai-graphadmin:1.14.7 2 artifactory.devops.telekom.de/onap-repo/onap/aai-resources:1.14.7 2 artifactory.devops.telekom.de/onap-repo/onap/aai-schema-service:1.12.5 4 artifactory.devops.telekom.de/onap-repo/onap/aai-traversal:1.14.7 2 artifactory.devops.telekom.de/onap-repo/onap/babel:1.13.3 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-apps-ms-neng:1.4.0 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-blueprintsprocessor:1.5.3 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-cds-ui-server:1.5.3 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-commandexecutor:1.5.3 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-dgbuilder-image:2.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-oran-a1policymanagementservice:1.5.0 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-py-executor:1.5.3 2 artifactory.devops.telekom.de/onap-repo/onap/ccsdk-sdclistener:1.5.3 2 artifactory.devops.telekom.de/onap-repo/onap/cps-and-ncmp:3.4.9 2 artifactory.devops.telekom.de/onap-repo/onap/cps-temporal:1.2.1 2 artifactory.devops.telekom.de/onap-repo/onap/model-loader:1.14.2 2 artifactory.devops.telekom.de/onap-repo/onap/multicloud/framework-artifactbroker:1.9.0 2 artifactory.devops.telekom.de/onap-repo/onap/multicloud/framework:1.8.1 2 artifactory.devops.telekom.de/onap-repo/onap/multicloud/k8s:0.10.1 2 artifactory.devops.telekom.de/onap-repo/onap/multicloud/openstack-fcaps:1.5.7 2 artifactory.devops.telekom.de/onap-repo/onap/ncmp-dmi-plugin:1.5.0 130 artifactory.devops.telekom.de/onap-repo/onap/oom/readiness:6.0.3 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.11.0 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.12.4 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.1 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.1 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.services.datalake.exposure.service:1.1.1 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.services.datalakefeeder:1.1.1 2 artifactory.devops.telekom.de/onap-repo/onap/org.onap.dcaegen2.services.prh.prh-app-server:1.10.1 2 artifactory.devops.telekom.de/onap-repo/onap/policy-apex-pdp:3.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-api:3.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-ac-a1pms-ppnt:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-ac-http-ppnt:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-ac-k8s-ppnt:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-ac-kserve-ppnt:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-ac-pf-ppnt:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-clamp-runtime-acm:7.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-db-migrator:3.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-distribution:3.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-pap:3.1.3 2 artifactory.devops.telekom.de/onap-repo/onap/policy-xacml-pdp:3.1.3 4 artifactory.devops.telekom.de/onap-repo/onap/portal-ng/bff:0.1.0 2 artifactory.devops.telekom.de/onap-repo/onap/portal-ng/history:0.1.1 2 artifactory.devops.telekom.de/onap-repo/onap/portal-ng/preferences:0.1.1 2 artifactory.devops.telekom.de/onap-repo/onap/portal-ng/ui:0.1.2 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-backend-all-plugins:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-backend-init:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-cassandra-init:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-frontend:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-helm-validator:1.3.1 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-onboard-backend:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-onboard-cassandra-init:1.13.6 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-workflow-backend:1.12.0 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-workflow-frontend:1.12.0 2 artifactory.devops.telekom.de/onap-repo/onap/sdc-workflow-init:1.12.0 2 artifactory.devops.telekom.de/onap-repo/onap/sdnc-ansible-server-image:3.0.0 6 artifactory.devops.telekom.de/onap-repo/onap/sdnc-image:3.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/sdnc-ueb-listener-image:3.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/sdnc-web-image:3.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/api-handler-infra:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/bpmn-infra:1.13.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/catalog-db-adapter:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/openstack-adapter:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/request-db-adapter:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/sdc-controller:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/sdnc-adapter:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-admin-cockpit:1.9.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-cnf-adapter:1.10.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-cnfm-as-lcm:1.12.1 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-etsi-nfvo-ns-lcm:1.9.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-etsi-sol003-adapter:1.9.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-etsi-sol005-adapter:1.9.0 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-nssmf-adapter:1.9.1 2 artifactory.devops.telekom.de/onap-repo/onap/so/so-oof-adapter:1.8.3 2 artifactory.devops.telekom.de/onap-repo/onap/sparky-be:2.0.5 2 artifactory.devops.telekom.de/onap-repo/onap/testsuite:1.12.2 2 artifactory.devops.telekom.de/onap-repo/onap/usecase-ui-intent-analysis:14.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/usecase-ui-llm-adaptation:14.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/usecase-ui-nlp:1.0.5 2 artifactory.devops.telekom.de/onap-repo/onap/usecase-ui-server:14.0.0 2 artifactory.devops.telekom.de/onap-repo/onap/usecase-ui:14.0.0 2 artifactory.devops.telekom.de/onap-repo/rabbitmq:alpine 6 docker.io/bitnami/mongodb:7.0.8-debian-12-r2 6 docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7 6 docker.io/bitnami/redis:7.2.4-debian-12-r9 2 dockerhub.devops.telekom.de/adorsys/keycloak-config-cli:5.12.0-22.0.4 2 dockerhub.devops.telekom.de/alpine:latest 8 dockerhub.devops.telekom.de/bitnami/elasticsearch:7.9.3 4 dockerhub.devops.telekom.de/bitnami/mariadb:10.5.8 2 dockerhub.devops.telekom.de/bitnami/nginx:1.21.4 40 dockerhub.devops.telekom.de/busybox:1.34.1 30 dockerhub.devops.telekom.de/crunchydata/crunchy-postgres:centos8-13.2-4.6.1 68 dockerhub.devops.telekom.de/dibi/envsubst:1 520 dockerhub.devops.telekom.de/istio/proxyv2:1.23.1 12 dockerhub.devops.telekom.de/k8ssandra/cass-management-api:4.1.3-ubi8 6 dockerhub.devops.telekom.de/k8ssandra/k8ssandra-client:v0.5.0 6 dockerhub.devops.telekom.de/k8ssandra/system-logger:v1.22.4 10 dockerhub.devops.telekom.de/mariadb:11.2.2 2 dockerhub.devops.telekom.de/onap/aai-haproxy:1.11.0 2 dockerhub.devops.telekom.de/sdesbure/so_crypto:latest 4 dockerhub.devops.telekom.de/thelastpickle/cassandra-reaper:latest 2 dockerhub.devops.telekom.de/timescale/timescaledb:2.16.1-pg14 12 ghcr.io/mariadb-operator/mariadb-operator:v0.0.28 2 k8s.gcr.io/etcd-amd64:3.2.24 2 quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 2 quay.io/strimzi/kafka-bridge:0.30.0 12 quay.io/strimzi/kafka:0.43.0-kafka-3.8.0 4 quay.io/strimzi/operator:0.43.0
Testing environment disrupted by connection problems between DT and CogentCo
New SDNC patch (https://gerrit.onap.org/r/c/oom/+/139164) tests started, Sanket tests SO changes
- Need a fix for the Java Memory (sdnc pod)
- Need update of PythonSDK/Xtesting images for RFC8040 interface usage (ToDo Michal)
- Update Robot testcases for Biermann interface removal
@Marek Szwałkiewicz Try to establish an ArgoCD deployment to provide an alternative the helm deloyment
- in oom chart provide directory for ArgoCD application definitions
- Will be used in Gating/Daily Pipelines
- Fixes needed for Docker image build jobs: →
  https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-docker-merge-master/, https://jenkins.onap.org/view/integration/job/integration-xtesting-smoke-usecases-robot-py3-docker-merge-master/
Update of Oslo Release info: Oslo Release Key Updates
Update Operators, Keycloak,…
- Update component versions and documents
Logging improvement proposal (TCL) @Mateusz Pilat
- All components have to log to STDOUT
- They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)
- A list will be provided for the required changes in components
- Presentation next week in the TSC
Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio
- see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31
- FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study
- There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40
- https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p
- https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1
Tata (@ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
  - Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
  - Logging enhancements,...

Others:

Change "bash" to "sh"
- https://gerrit.onap.org/r/q/topic:bashisms
- Started by Orange, but not finished
Describe ONAP component deployment via ArgoCD
- create "Application" config dir in oom repo ?

Open Jira issues:

T	Key	Summary	Assignee	Reporter	P	Status	Resolution	Created	Updated	Due

Key	Summary	Assignee	Reporter	Status	Resolution	Created	Updated	Due
OOM-3172	[Common] rendering issue of template "common.nginxIngress"	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3171	service-mesh-wait-for-job-container fails, when no sidecar exists	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3170	[SDNC] Support kafka native interface	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 25, 2023	Apr 26, 2023
OOM-3169	For SDNC setup consider new Websocketport	Alexander Dehn	Herbert Eiselt	In Progress	Unresolved	Apr 24, 2023	Apr 27, 2023
OOM-3168	Introduce cassandra-operator to OOM	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3167	DOC: change the plugin installation instructions	Marek Szwałkiewicz	Marek Szwałkiewicz	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3166	Kiali Validation - KIA0601 - Port name must follow [-suffix] form	Fiete Ostkamp	Fiete Ostkamp	In Progress	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3165	Policy-gui Ingress target is wrong	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3162	Update Strimzi Operator to 0.34.0 and Kafka to 3.4.3	Fiachra Corcoran	Andreas Geissler	Open	Unresolved	Apr 13, 2023	Apr 13, 2023
OOM-3161	[COMMON] Add monitoring to postgres	Miroslav Masaryk	Miroslav Masaryk	Open	Unresolved	Apr 12, 2023	Apr 13, 2023
OOM-3159	Update OOM documentation	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 31, 2023	Apr 13, 2023
OOM-3155	Review license scan issues	Andreas Geissler	David McBride	In Progress	Unresolved	Mar 30, 2023	Apr 26, 2023
OOM-3153	Feature Freeze	Andreas Geissler	David McBride	Open	Unresolved	Mar 30, 2023	Mar 30, 2023	Mar 23, 2023
OOM-3151	Improve stability in Daily Master Deployments	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 21, 2023	Mar 21, 2023
OOM-3149	The chartmuseum binary download URL not working in OOM deployment	Andreas Geissler	Sankar Palanivel	Open	Unresolved	Mar 09, 2023	Apr 13, 2023
OOM-3147	Create authorization policy for platform	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3146	Create authorization policy for Holmes	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3145	Create authorization policy for CPS	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3144	Create authorization policy for Cassandra	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023
OOM-3143	Create authorization policy for Consul	Unassigned	Andrew Lamb	Open	Unresolved	Mar 06, 2023	Mar 08, 2023

Showing 20 out of 103 issues Refresh

Backlog from older meetings (to be cleaned up)

Pending component fixes:

(2023-05-03: No update)

CDS-UI CCSDK-3814 - CDS-UI must be able to listen on HTTP Open → DT /TM has a look
- maybe postpone to M
SO Monitor SO-4027 - Make SO-Service-Monitor ServiceMesh compatible Open → Byung mentioned, that E/// team try to resolve the issue (Byung's note: It was assigned to Viresh Navalli, Capgemini. E/// plans to assist Viresh as needed.)
→ postpone to Montreal
CLI will not work without fix... ( OOM-3096 - [CLI] Remove AAF dependency Delivered )
UUI - not clear if working
- MSB issue reported: MSB-755 - The route from the MSB module to the usecase-ui module does not support HTTP Closed (helong <hwx171157@163.com>)

Helm chart cleanup: OOM-2975 - Remove dependencies on AAF Open

(2023-05-10: No update)

Common → Andreas
Platform
MSB
VFC

Ingress enhancements for non-HTTP interfaces:

External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- Doc: Test external Kafka access in London
SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy

Oauth2-proxy setup (Andreas):

(2023-05-03: No update)

Documentation: Oauth2-Proxy implementation and configuration
Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699

To be started:

(2023-05-03: No update)

Ingress template improvements:
- OOM-3108 - Investigate to change to K8S Gateway-API Open
- OOM-3075 - Extend the Ingress template and add Component ingress configuration Open
Remove unused components:
- OOM-3074 - Remove components and options from charts Open
MariaDB:
- OOM-3072 - Resolve and improve the existing MariaDB-Galera templates Open → DT (with TM) to investigate
Remove NodePort in Ingress environments:
- OOM-3012 - Remove NodePort in Service definitions under ServiceMesh In Progress → will be automatically fixed with cleanups
UDP Ingress support:
- UDP Nodeport support in _service-tpl OOM-3107 - Allow NodePorts for UDP services Open → can be closed
- Possible solution: UDPRoute support in Gatway-API

Others:

(2023-05-03: No update)

SDC Listener HTTP issue SDC-4233 - SDC Distribution Client should work with lower-case Header entries Closed → Marek provided patch → merged, need to be released and can be used in the clients
- When released, all clients need to be updated (CDS, AAI, Policy, SO, ...)
- Create tickets for all clients....

2023-05-31: Discussed presentation to TSC/PTL meeting proposing a new global requirement to rely (exclusively) on service mesh mechanisms for intra-ONAP authentication and authorization (get rid of HTTP basic auth). To be presented to TSC on 2023-06-01.

ONAP Wiki

OOM Meeting Notes - 2024-10-23

Agenda