Versions Compared

Old Version 2

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Andreas presented first draft, summarized recent achievements and future plans for Service Mesh. First part (almost completed) is to get ready for ISTIO, get rid of AAF. Many components which are working already. In AAI comunicaio issues between Model Loader and Babel, some minor issues with DCAE, no work done yet for VNFSDK or UUI.  

Daily heath checks are done.Smoke use cases are using Ingress APIs.

Plans for London: please refer to slide 8

Keycloak and CertManager would be kept outside of ONAP deployments - discusion with Fiachra.

Jira No
SummaryDescriptionStatusSolutionService Mesh plans for London release 

Requirements setup for London release.

AAF and MSB to be removed.

In DMaaP AAF still must be enald to have it running.

Architecture Subcommittee shall do the recomendation to TSC, requirement to e tracked with Requirement Subcommittee.

SECCOM could suport in AuthN/AuthZ policies setup.

Proper upgrade scenario in ONAP to be elaborated. 

Q&A session Security Call Data Record Presentation No feedback received so far received by David.Slide and 2 pager to be sent to seccom distribution list by David.NEXUS-IQ scansOnly Master will be scanned, so now % increase will be well represented.  Python PoCInteral resource wil help. Vijay and Michal in the loop. Base image modification. ongoingArchitecture review templateByung prsented he current template: ONAP Component Architecture Review Template Security related comments were shared on cotainer hardening, pen testing, API security, logging requirements.  

TSC elections

ongoing - Voting will automatically end at 23:59 pacific time on Wednesday, Oct. 12th, 2022.




Logging and security update – Byung

Application should not handle non functional requirement, should be delegated to platfom level.

Deamon set is used and it should be avoided (as having root privilege user) – to be discussed with Bob.


How to distribute FluentBit to each node without root access.

Architecture Subcommittee 

multitenancy – major discussion area:

  • User management
  • Resources
  • Operational

SDC started some tests for multitenanacy. In case of SQL injection big problem potentially.


Byung to work with Andreas on updates tomorrow.

TSC meeting (October 6th)

TSC approves the Kohn M4 milestone as being met with the following exceptions to be completed by the RC milestone: INT-2145, INT-2146, & OPTFRA-1093.




PTL meeting (October 10th)

Packages upgrade – DMaaP whitelisting results for some AT&T packages where no upgrade is expected.

https://wiki.onap.org/display/DW/Release+Planning%3A+London




New repo is neededNot only PTL might request for a repo. Sub- repo from unmaintained project (owner: David MCbride) could be used as well as OJSI.


DTF SECCOM topics

Expectations for multiproject topics:




Security asessment questionaire 

Ongoing Tony with Vijay for DCAE, some adjustments needed.




Gerrit reviews

Presentation delivered by Tony to PTLs meeting - ongoing eschanges with several PTLs inb the contect of London efforts.ongoing


Daylight saving time To be further elaborated. In US in the week of November 4th, last weekend of October for Europe/Poland.


SECCOM MEETING CALL WILL BE HELD ON 18th OF October'22. 







Recordings: 

View file
name2022-10-11_SECCOM_week.mp4
height150


SECCOM presentation:

View file
name2022-10-11 ONAP Security Meeting - AgendaAndMinutes.pptx
height150