Agenda:
- Bugs in H release: Marat Salakhutdinov
- most of them because AAF is disabled
- maybe work on a specific gate system for that with people who wants it
- two bugs are merged:
- a bug on DMAAP MR:
- SDC doesn't start as dedicated DB (with subcharts part) → need to validate the exact situation (at least 'if local part' is missing but other stuff may be also missing)
- some "gating" environment may be proposed by Bell in order to validate all patch against this configuration
- Kubernetes version and dual stack status update: Magdalena Biernacka Daniel Milaszkiewicz
- https://gerrit.onap.org/r/c/oom/+/121369 → provided dual stack for all services running on k8s 1.20 and using service template
- ONAP vF2F: Damian Nowak
- 3 slots proposed:
- OOM: what has been done in H
- OOM: plans for I: Sylvain Desbureaux Krzysztof Opasiak (consider to ask for 60min)
- couple of slides on dual stack
- slides on monitoring (prometheus + spring boot "enabler")
- internal helm repository
- service mesh and logging: Byung-Woo Jun Sylvain Desbureaux Krzysztof Opasiak (already 60min)
- 3 slots proposed:
- service mesh initiative rererebooted: Sylvain Desbureaux Byung-Woo Jun Gareth Roper
- 3 topics:
- make (subset of) ONAP to run on a "simple" service mesh (mTLS, no AAA)
- dmaap mr is OK
- AAI is ongoing → https://gerrit.onap.org/r/c/oom/+/120964
- SDC
- SO (subset of)
- SDNC
- (VID)
- AAA
- onboard roles and realm on Keycloak for tests / reference implementation (use of OIDC / JWT)
- in progress Krzysztof Opasiak
- add oauth2 proxy in the solution to redirect unauthenticated traffic to SSO Portal (keycloak as example)
- prototype was OK but then istio has changed the conf part
- add some rules to enforce (AuthorizationPolicy)
- work by fabian rouzaut in order to automatically create a bunch of them
- add some service accounts (work ongoing)
- onboard roles and realm on Keycloak for tests / reference implementation (use of OIDC / JWT)
- add reference implementation for "PaaS" part installation (keycloak, prometheus, istio, cert-manager, ...) and use it during gating/daily installations
- make (subset of) ONAP to run on a "simple" service mesh (mTLS, no AAA)
- 3 topics:
- prometheus monitoring and internal ports: Lukasz Grech Sylvain Desbureaux
- patch ongoing : https://gerrit.onap.org/r/c/oom/+/121390
- needs to add label on internal service
- idea: move to operator?
- what would be the work to do?
- how to transform common part in to "common for operator" (services, secrets, aaf, repositories, ...)?
Next meeting:
- chartmuseum integration