This section will include occasional ICN Bluval reports and observations. Please check the sub-sections on the side bar.
Additionally, if you are looking to deploy ICN Bluval Jenkins, please jump over to Deploy ICN Bluval.
Important links from security sub-committee:
Reports
Please check the sub-sections on the side bar.
Current status (updated as of May 13th 2020):
...
Layer
...
Result
...
Comment
...
os/lynis
...
PASS
...
If libvirt or weave are installed, lynis will no longer pass. Virtlet KUD plugin requires libvirt, so if it is enabled during installation lynis will no longer pass.
...
os/vuls
...
FAIL: 153 vulnerabilities found
...
Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. Most, if not all, of the vulnerabilities seem to come from the validation containers, not the host OS itself.
...
k8s/conformance
...
PASS
...
KUD deployment without additional plugins lets sonobuoy pass (takes about 2h15min to run).
...
k8s/kubehunter
...
FAIL Inside-a-Pod Scanning: 5 vulnerabilities
...
Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. All others kubehunter tests are a PASS.
How to deploy Bluval for ICN in private Jenkins instance
This is coming soon.
These 2 patches needs to get merged first:
...