You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Topics:

  • Security Enhancements
    • Internal AuthorizationPolicies (continue and test inter-component policies)
    • External OAuth2 proxy integration and AuthorizationPolicies for Ingress
  • Ingress enhancements
    • Gateway-API support → should replace Istio Gateway/VirtualService
    • template enhancement for AuthorizationPolicies
  • Chart Cleanup
    • MSB removal
    • ...
  • DB Operator introduction and update of DB versions
    • k8ssandra-operator
    • mariadb-operator
    • postgres
    • mongodb
    • ...
  • Helm versioning concept 
  • (DMaaP) MessageRouter removal → all clients should use native Kafka


Global requirements:

  • ONAP component external API/UIs should provide an oauth profile (Ingress interfaces should use an AuthorizatioPolicy to use Keycloak Authentication via Oauth2-proxy)
    • Portal-NG is using Oauth2 token (tick)
    • e.g Ingress (Oauth2-Proxy→Keycloak) → ExtNBI → 
  • → new REQ needed for 
    • seperate Interface for external communication + authentication via oauth2 token
    • Next week in SECCOM
  • ONAP component internal APIs should not use authentication (AuthorizationPolicy is provided instead)
    • new REQ created (tick)
  • No labels