ODP Post-install Checklist

Version 1.1

  1. Backup security keys

    1. odp-sec 
      kubectl -n <namespace> get secret odp-sec --export -o yaml > odp-sec.yaml

    2. odp-nginx-sec (optional)
      kubectl -n <namespace> get secret odp-nginx-sec --export -o yaml > odp-nginx-sec.yaml

  2. DB

    1. Persistent storage added

    2. Clustered

    3. Non-root user secured with a password over SSL

    4. DB backups scheduled

    5. MongoDB network access should be restricted to the ODP machine.

  3. Configuration

    1. Create a unique name for the namespace

    2. It is recommended to not expose K8s ports publicly and use the following: Nginx, HA-Proxy, AKS/GKS/EKS Ingress.

    3. All ConfigMap variables.

    4. No K8s pod policies.

    5. DM has to be run with elevated privileges. 

    6. Disable ODP admin account. In the DB make enabled=false

    7. Check Readiness/Liveness probe for all services.

    8. Verify if the latest hotfixes have been applied for the application minor version.

    9. Change the default ODP password.

    10. Log level should be set to info

    11. Certificate details are updated

    12. FQDN values updated

    13. Security headers checked

    14. B2B Throttling is configured in the configmap.

  4. Infrastructure

    1. Disk space monitoring with alerts

    2. Increase the maximum number of pods limit as required on each node.

    3. Multiple K8s nodes in alignment with target deployment architecture

    4. NATS configuration

    5. Redis configuration

    6. Log management to preserve logs of terminated pods.

  5. Docker 

    1. Base image and runner image should be started as a vanilla docker container. Example command : 
      docker run -d odp/odp_base.3.9-hotfix-10