Versions Compared

Old Version 18

changes.mady.by.user Kuralamudhan Ramakrishnan

Saved on

compared with

New Version Current

changes.mady.by.user Tingjie Chen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Use Kud to setup 3 clusters (traffic sdewan-hub, edge1, edge2edge-a, edge-b)
  • Create SDEWAN CNF instance and dummy pod in edge1(using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge2edge-b
  • Configure traffic sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses.
  • Configure edge1 and edge2 edge-a and edge-b IPSec configuration to get the IP addresses.
  • Establish edge1 edge-a tunnel to traffic sdewan-hub, edge2 edge-b tunnel to sdewan-hub, and hub policy for XFRM policies will automatically route traffic between edge1 and edge2edge-a and edge-b
  • Establish SNAT rule in edge1 edge-a and DNAT rule in edge2 edge-b to enable tcp connection from edge1 to edge2edge-a to edge-b's httpbin service.
  • Verify curl command is successful from edge1 edge-a dummy pod to edge2(using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.

Image Added

Openness
  • Install EAA helm charts through ONAP4K8S in the edge location.
  • Install Openness simple EAA producer and simple EAA consumer through ONAP4K8S
  • Verify EAA consumer can consume the service provided by EAA producer.

...

EdgeX Foundry helm chart are installed through ONAP in the edge location. Test case ensure that all the EdgeX Framework containers are up and running

BluVal Testing

...

Status as of May 13th 28th 2020:

Layer

Result

Comment

Comments

Nexus

os/lynis

PASS

if disabling ICN pluginsIf libvirt or weave are installed, lynis will no longer pass. This is a problem because the virtlet ICN plugin requires libvirt.


Logs

os/vuls

FAIL:

153

141 unfixed vulnerabilities found

141 unfixed vulnerabilities.

Total: 153 (High:

33

30 Medium:

93

96 Low:27 ?:0),

1

 12/153 Fixed,

801

795 installed, 0 exploits, en: 2, ja: 0 alerts

Logs

k8s/conformance

PASS

if disabling ICN pluginsNeed to enable ICN plugins and understand reason for failures. Just the basic KUD deployment is enough to make conformance pass.


Logs

k8s/kubehunter

FAIL

PASS except:

  • Inside-a-Pod Scanning:
5 vulnerabilities

Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer.

Important links:

Steps To Implement Security Scan Requirements

Security Scan Status

  • 1 vulnerability: CAP_NET_RAW

Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW.

Logs

CI logs: 

The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/

...

ICN Master Hardware Baremetal Deployment Verifer

ICN SDEWAN Master End2End Testing Ruoyu Ying

ICN Master Optane Hardware Baremetal Deployment Verifier Tingjie Chen

Test Dashboards

All the testing results are in logs

...