Agenda

  • Joint OOM/Integration/SECCOM discussion on providing PTLs with Helm Chart templates to address security test cases
  • Frankfurt Epic Status review
  • No labels

1 Comment

  1. Mike Elliott

    • ONAP Security Tests in Chained CI failing today - support needed by projects
      • What are the security testing goals we would like to achieve in Frankfurt?
      •  
      • root_pods
      • jdwp_ports
      • http_public_endpoints (potentially best effort?)
      • cis_kubernetes  (best effort)
      • Are there any helm chart templates we can provide in common OOM?
        • resource limit .tpls exist today
        • .tpls for nodeport_ingress exists
        • Action Mike Elliott raise Jira to track effort - create a common .tpl (exists today in aaf hello, DMaaP, 2 others) to be reused by all project charts to standardize aaf certificate generation
    • Ingress Status
      • Global flag has been introduced to toggle ingress on/off
      • Working towards support for NGINX and ISTIO Gateway
      • All services will be routable via ingress, however, some services may not function correctly (ie. UIs)
      • Ingress impacts UI's in that base URL with relative paths must be used
    • Password Removal
      • Eliminate root passwords - randomly generated (via global master key)
      • Maridb hardcoded password removal near complete
      • Postgress password removal work underway (patch coming)
        • working through BGPool password removal issues - not sure if this sub chart is being used
        • Action Krzysztof Opasiak to remove unused bgpool sub chart
      • Services will be migrated to the shared mariadb-galera and postgres over the course of the next week or 2