...
- Use KUD to setup 3 clusters (sdewan-hub, edge-a, edge-b)
- Run the SDEWAN CRD Controller in each clusters.
- Create SDEWAN CNF instance and dummy pod (using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge-b
- Create IPSec CR to configure sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses through SDEWAN CRD Controller.
- Create IPSec CR to configure edge-a and edge-b IPSec configuration to get the IP addresses through SDEWAN CRD Controller.
- Establish edge-a tunnel to sdewan-hub, edge-b tunnel to sdewan-hub, and hub XFRM policies will automatically route traffic between edge-a and edge-b
- Create SNAT CR to establish SNAT rule in edge-a and DNAT CR to establish DNAT rule in edge-b which will enable TCP connection from edge-a to edge-b's httpbin service.
- Verify curl command is successful from edge-a dummy pod (using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.
BluVal Testing
Status as of March 14th 2022:
...
Layer
...
Result
...
Comments
...
os/vuls
...
PASS with exceptions
...
Exceptions:
- CVE-2021-33574
- CVE-2019-19814
- CVE-2021-35942
...
os/lynis
...
PASS with exceptions
...
Exceptions:
- BOOT-5122
- USB-2000
- SSH-7408: Checking MaxSessions, Checking Port
- KRNL-6000: kernel.modules_disabled, net.ipv4.conf.all.forwarding
...
k8s/kube-hunter
...
PASS
...
With aquasec/kube-hunter:0.6.5
...
Release 6 Blueprint Scanning Status
...
Akraino BluVal Exception Request
CD logs
...
ICN Master Bare Metal Deployment Verifier
ICN Master Virtual Deployment Verifier
ICN SDEWAN Master End2End Testing
...