ONAP Security Tests in Chained CI failing today - support needed by projects
What are the security testing goals we would like to achieve in Frankfurt?
root_pods
jdwp_ports
http_public_endpoints (potentially best effort?)
cis_kubernetes (best effort)
Are there any helm chart templates we can provide in common OOM?
resource limit .tpls exist today
.tpls for nodeport_ingress exists
Action Mike Elliott raise Jira to track effort - create a common .tpl (exists today in aaf hello, DMaaP, 2 others) to be reused by all project charts to standardize aaf certificate generation
Ingress Status
Global flag has been introduced to toggle ingress on/off
Working towards support for NGINX and ISTIO Gateway
All services will be routable via ingress, however, some services may not function correctly (ie. UIs)
Ingress impacts UI's in that base URL with relative paths must be used
Password Removal
Eliminate root passwords - randomly generated (via global master key)
Maridb hardcoded password removal near complete
Postgress password removal work underway (patch coming)
working through BGPool password removal issues - not sure if this sub chart is being used
1 Comment
Mike Elliott