2024-01-02 Meeting notes

Date

Attendees

Minutes of Meeting

Discussion items

TimeItemWhoNotes
Service Mesh
  • Certain part of Nephio uses SRIOV and default Service Mesh might not work out of the box (Wim Henderickx
  • We cannot enable Service Mesh blindly .. We might have to selectively enable for certain workloads.
  • Target Service Mesh for control plane services. Enable service mesh for "default" k8s network. VPC-RAN, VPC-Internal, VPC-Internet (data plane towards the Internet) k8s should not be used.
  • Service Mesh use for Management cluster
  • Communication channel between mgmt cluster and workload cluster needs to be secure. Currently mgmt cluster connects to worker cluster .. and not vice versa. Eventually we will need worker cluster to connect mgmt cluster in a secure way.
  • Consider dual stack and full IPv6/IPv4 

Secrets Mgmt
  • Mgmt cluster to worker cluster connection uses secrets ... This could be the first step to target.
  • Secrets mgmt across multiple clusters
  • Every new repo created using gittea per worker cluster requires a token to be used... this token is pushed to the worker cluster.

Action items

  • Clomonitor PR to be raised to add LFN section (Ved)
  • Service Mesh Requirements (Shiv)
  • Secrets Mgmt flow for the identified scenarios (Anurag)