The following is a matrix of projects initiated by members are actively engaged which have been suggested for future LCOO Sharing Sessions:
Indicate topics of interest and their priority (1, 2, 3, etc...) -->
|ATT||Charter||Intel||NTT||Orange||Reliance Jio||SKT||Would you like to lead/host the session?||Specific Sub-Topics that could be the focus of a Topical Session||Notes|
|Security by Design||Security related priorities, pain points, activities underway, etc...||1||3||1||2|
Role Based Access Controls (RBAC)
Secure Secrets (eliminating plain text passwords, etc., from config files)
does it include RBAC or do you consider it as a seperated topic (marcb)? Yes, I would consider RBAC to definitely be a subject here. Also for us, Cosde scanning/vulnerabilities, secrets management, hypervisor isolation... (AndyU).
From 2017.11.16 LCOO General:
Objective: Next Steps in RBAC
Topic #1 What projects are needed? Patrole (RBAC testing) came out LCOO in 2016, what is needed, more on Patrole or new projects?
Topic #2 Moon (OPNFV project providing an External Policy Decision Point with associated developments already embedded in Keystone roadmap) .
Topic #3 oslo.policy is a library for RBAC for OpenStack projects (but not yet commonly used)
Objective #2 Security screening - Additional projects/tools or entry into the CI process needed to screen core projects or all projects for security vulnerabilities.
Objective #3 Security frameworks we need to comply with. Next steps - list session to continue from Austin on this topic
Objective#4 Key Management
|Top OpenStack Priorities ||Members share their top community priority areas including any culture and/or community governance/process changes members may be seeking to drive|
|Cloud Native Focused Deployments|
Applications deployments that are Cloud Native focused, without standard Chef, Ansible, Puppet, Salt. Deployments must include embedded security and network declarations. They must be containerized.
Security Related: CPU Pinning, NUMA, CPU slicing, etc for containerized workloads. →this sounds interesting(shinaro)
is this like OpenStack+K8S deployments? Similar, but this is a general deployment methodology for all applications.
OK we were looking into more hybrid environment where cloud native app and legacy app exist side-by-side.(shintaro) >> this is very similar to skt's interest (jayahn)
|Network Performance||Not just performance, but also multi-CNI Cloud Native containerized workloads.||1||2||2||3||4|
SR-IOV/DPDK/CPU pinning operation/troube shooting issues are pain for us (shintaro). Potentially NIC offloading performance results and publishing with the overall LCOO group? This would be an R&D function, but it would provide high value, and could potentially drive industry standards. Thoughts?
For ex. some of AT&T's areas of interest under this topic would include: ability to automatically move tenant workloads without impact, speed of updates to controle plane, API normalizaion, N-2 upgrade backward compatibility... (AndyU)
|Simplified Operations||3||5||2||For ex. some of AT&T's areas of interest under this topic would include: log standardization & transactional traceability, service health api's, error coding vs stack traces... (AndyU)|
|Onboarding||Onboarding new VNF's and/or enterprise applications onto our openstack clouds. Challenges, processes followed, steps, etc.|