Topics:

  • Security Enhancements
    • Internal AuthorizationPolicies (continue and test inter-component policies)
    • External OAuth2 proxy integration and AuthorizationPolicies for Ingress
  • Ingress enhancements
    • Gateway-API support → should replace Istio Gateway/VirtualService
    • template enhancement for AuthorizationPolicies
  • Chart Cleanup
    • MSB removal
    • ...
  • DB Operator introduction and update of DB versions
    • k8ssandra-operator
    • mariadb-operator
    • postgres
    • mongodb
    • ...
  • Helm versioning concept 
  • (DMaaP) MessageRouter removal → all clients should use native Kafka


Global requirements:

  • ONAP component external API/UIs should provide an oauth profile (Ingress interfaces should use an AuthorizatioPolicy to use Keycloak Authentication via Oauth2-proxy)
    • Portal-NG is using Oauth2 token (tick)
    • SDC-UI ?, other UIs ? 
  • ONAP component internal APIs should not use authentication (AuthorizationPolicy is provided instead)
    • new REQ created (tick)
  • No labels