...
- High Level Overall Requirements
- CI, Blueprint Validation Lab Sub-Committee Requirements
- Present Pod Topology document.
- Peering w/LF Jenkins - (Note: peering is an optional requirement)
- Push logs through Nexus. (Note: This is mandatory for Incubation self-certified and Maturity)
Releases >= 1.0 (e.g. 1.xyz, 2.xyz etc) are reserved for BP that have been approved as Core by the TSC (considered ‘GA’ quality).
Releases <1.0 (e.g. 0.xyz etc) are reserved for projects that have not reached the Akraino Core level (i.e. anything that is in Incubation (‘alpha’ quality) and Mature (‘beta’ quality).
Enforcement of Static Code Analysis through SonarCloud (SaaS), WIP LF Release Engineering & Security Subcommittee. (Note: This is an optional requirement for Incubation self certified and mandatory for Maturity)
- Security Sub-Committee Requirements, please fill in Release 4 Blueprint Scanning Status. Instructions can be found at: Steps To Implement Security Scan Requirements
- Blueprint Validation Framework Feature Project Requirements See TSC meeting.
- Projects going for Maturity Review please refer to Maturity Criteria defined by Process subcommittee BP Graduation Review Processes and Criteria (Note this is not required for self certification, only required for maturity review)
- Documentation Sub-Committee Requirements
User Documents:
The following documentation with the following sections called out should be on the wiki with links to rest of the sections as applicable. We prefer that the entire doc is on the wiki but we do not require it.
Architecture - Blue print Overview and overall architecture
Release Notes – Summary and What is released
Installation Doc – Introduction and deployment architecture
Test Document – Introduction and Overall Test Architecture
Developer Documents:
We are also recommending that Blueprints include via ReadtheDocs, with each Blue Print given their own repo, but we do not require it
- API Sub-Committee Requirements (Note: See this link for requirements: Blueprint Projects R4 and R5 API Reporting Requirements)
- Community Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity)
- Process Sub-Committee Requirements (Note: See the Process Sub Committee page defining the TSC approved Maturity review process and requirements for those requesting inclusion in R3 at Mature level BP Graduation Review Processes and Criteria)
- Upstream Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity). Here is the R4 release Upstream BP review status, Release Upstream Compliance. Also please refer to the page for the R4 requirement as well.
...
| No. | Project Name | TSC Subgroup Release Status | Is this your first release | Blue Print Stage
| CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/ | CVB_Akraino_R5_blueprint_Datasheet.docx | Per e-mail from WANG Tao (Tucker Wang) 20Aug21, no changes from R4 | Completed by 8/24/2021 | |||||||||||||||||||||||||||||||||||||||||||
| 2 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/ | Per e-mail from Bart 7Sep21, no changes from R4 | |||||||||||||||||||||||||||||||||||||||||||||
| 3 | |||||||||||||||||||||||||||||||||||||||||||||||||
| 4 | No | Incubation | ICN R5 Datasheet | Per notice from Kural 5Aug21, no change from R4 | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/6/2021 | |||||||||||||||||||||||||||||||||||||||||||
| 5 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/ | ICN-MTSCN R5 Datasheet | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/10/2021 | ||||||||||||||||||||||||||||||||||||||||||
| 6 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed 8/6/2021 | ||||||||||||||||||||||||||||||||||||||||||
| 7 | NO | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | ELIOT R5 - SD-WAN / WAN Edge / uCPE Data Sheet | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed on 8/6/2021 | |||||||||||||||||||||||||||||||||||||||||
| 8 | TSC 2021-08-12 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/ | Blueprint Data Sheet | Per e-mail from Sukhdev 5Aug21, no change from R4 | Not required as there is no change from Release 4 | Not required as there is no change from Release 4 | Completed by 8/10/2021 | 08/12/2021 | |||||||||||||||||||||||||||||||||||||||
| 9 | No | Incubation | https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/ | Per e-mail from Ricardo 10Aug21, he uploaded R5 API info forms for both KNI blueprints, with no substantive changes from R4. The API subcommittee has a review scheduled for of the new API info forms and will update this table afterwards On the API Subcommittee reviewed and accepted the updated KNI R5 API forms | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||||||||||||||||||||||||||||||||||||||
| 10 | No | Incubation | Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ | See above note | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||||||||||||||||||||||||||||||||||||||
| 11 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| 12 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | No | incubation | https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge/6/ | Per e-mail from Liya Yu 21Sep21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/4/result/1 | Incubation Level Review Results: | 30 Sep
Vuls: | All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists.Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Pod: Accepted Cluster: Accepted | 9/20/2021 | 9/21/2021 | ||||||||||||||||||||||||||||||||||||||
| 13 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet | Per e-mail from Zhuming Zhang (Simmy Zhang) 30Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | No new features or bugs have been added after R4 release | Missing Upstream information | |||||||||||||||||||||||||||||||||||||||||
| 14 | No | Incubation | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Per e-mail from Eagan Fu 15Aug21, no change from R4 | Completed by 8/24/2021 | ||||||||||||||||||||||||||||||||||||||||||||
| 15 | No | Incubation | As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects API Reporting Requirements) API info form uploaded by Rajeev API info form reviewed , no APIs offered or consumed, as Blueprint constructs and provides an Android cloud run-time environment for user applications Note - would like to further understand this when the BP comes up for review and voting approval during TSC call | ||||||||||||||||||||||||||||||||||||||||||||||
| 16 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/ | Per e-mail from Leo Li (Socnoc AI Inc) 11Aug21, no change from R4 | Bluval Exception has been accepted for the project. | No new features or bugs have been added after R4 release | R5 Release Notes of IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family Completed by 8/30/2021 | |||||||||||||||||||||||||||||||||||||||||
| 17 | No | 9/20/2021 | 9/21/2021 | 13 | No | Incubation | https://nexus.akraino.org/content/sites/logs/fatehuawei/job/I-VICS/5/ | Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet | ealt-edge-build/51/home/jenkins/log/ | EALTEDGE Release 5 Datasheet | Per e-mail from Khemendra 20Aug21 (with Gaurav cc'd)Per e-mail from Zhuming Zhang (Simmy Zhang) 30Aug21, no changes from R4Confirmed by Sihui Wang in e-mail 30Aug21 | https://nexus.akraino.org/content/sites/logs/ fateI-VICS/5/ | No new features or bugs have been added after R4 release | Missing Upstream information | 14 | No | Incubation | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Per e-mail from Eagan Fu 15Aug21, no change from R4 | Completed by 8/24/2021 | 15 | No | Incubation | As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) API info form uploaded API info form reviewed , no APIs offered or consumed, as Blueprint constructs and provides an Android cloud run-time environment for user applications Note - would like to further understand this when the BP comes up for review and voting approval during TSC call | ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/10/2021 | ||||||||||||||||||||||
| 18 | TSC 2021-08-10 (Tuesday) 7:00 am Pacific | No | 16 | No | Incubationhttps://nexus.akraino.org/content/sites/logs/cmti/job | /iec5_r4/15/Per e-mail from Leo Li (Socnoc AI Inc) 11Aug21, no change from R4 | Bluval Exception has been accepted for the project. | /pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | 17 | No | Incubation | huaweiealt-edge-build/51/home/jenkins/log/ | EALTEDGE Release 5 Datasheet | Per e-mail from Khemendra 20Aug21 (with Gaurav cc'd), no changes from R4huaweiealt-security-validation-build/19/results/Akraino BluVal Exception Request | Incubation Level Review Results: 19 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 19 Jul Lynis: Accepted Accepted with exceptions shown at: Release 5 Blueprint Scanning Status ______________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAgR5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/6/2021 | /
| 18||||||||||||||||||||||||||||||
| 19 | 10 Tuesday | No |
| https://nexus.akraino.org/content/sites/logs/cmtifate/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | /Fate_test/15/ | Akraino R5 Federated ML blueprint datasheet.docx | Per e-mail from Zifan 8Aug21Per API Subcommittee meeting 30Jul21, no change from R4 PCEI R5 API Doc: | wiki/x/qgHkAg
02
Fixed: fs.suid_dumpable
https://nexus.akraino.org/content/sites/logs/fate/fml/5/ Fixed 3 issues.net.ipv4.conf.default.accept_source_route | Incubation Level Review Results: 29 Jul Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 16 Lynis: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status __Accepted __________________________________________________________ Kube-Hunter: ClusterException granted: AcceptedPod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021 |
| K8s not used by this BP. | federated ML Release Notes R5 Federated ML application at edge Release Notes Completed by 8/30/2021 | ||||||||||||||||||||||||||||||||||||
| 20 | @Alexande | ||||||||||||||||||||||||||||||||||||||||||||||||
| 21 | 19 | TSC 2021-08-2603 (ThursdayTuesday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/fatejuniper/job/Fate_testPrivate%205G%20BP/15/ | Akraino R5 Federated ML blueprint datasheet.docxPrivate LTE/5G BP Datasheet | Per e-mail from Zifan 8Aug21Prem 27Aug21, no change from R4 | https:Completed by 8//nexus.akraino.org/content/sites/logs/fate/job/fate_security/110/2021 | |||||||||||||||||||||||||||||||||||||||||
| 22 | |||||||||||||||||||||||||||||||||||||||||||||||||
| 23 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/myais/fatejob/fmlparsec/10/ | API info form uploadedto API Subcommittee review page (Blueprint Projects API Reporting Requirements). Approved based on informal review | fatefml3
| Smart Cities R5 Security Certification Incubation Level Review Results: 20 Aug Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ 20 Aug Lynis: Accepted __________________________________________________________ 16 Aug Kube-Hunter: Exception granted: K8s not used by this BP for R5. federated ML Release Notes R5 Federated ML application at edge Release Notes Completed by 8/30/2021 However, in R6 it is planning to use K3s. | Completed by 9/30/2021 R5 Smart Cities BP release notes: Smart Cities R5 Release Notes | 9/20/2021 | 9/21/2021 | ||||||||||||||||||||||||||||||||||||||||
| 24 | TSC 2021-09-21 | 20 | @Alexande | 21 | TSC 2021-08-03 (Tuesday) 7:00 am PacificNo | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/juniperjejunu-pred-vanet-mec/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | Per e-mail from Prem 27Aug21, no change from R4 | Completed by 8/10/2021 | push-logs/ | API info form uploaded by Asif , scheduled for review by API Subcommittee Reviewed completed and info accepted | 9/20/2021 | 9/21/2021 | ||||||||||||||||||||||||||||||||||
| 25 | 22 | 23 | TSC 2021-09-21 16 (TuesdayThursday) 7:00 am Pacific | YesNo | Incubation | https://nexus.akraino.org/content/sites/logs/myaisarm-china/job/parsec/10/ | jenkins092/iec-type2-terraform/cdlogs/ | Ashvin Kumar uploaded API info form. API subcommittee review scheduled for (Note - the form was originally uploaded 27Aug21 but had a file corruption issue) Review completed and info accepted As of , waiting for API info form to be uploaded API info form uploadedto API Subcommittee review page (Blueprint Projects R4 and R5 . Approved based on informal reviewSmart Cities R5 API Document
| /myais/validation/2 | /arm-china/jenkins092/iec-type2-terraform/blueval/k8s/conformance/ | Incubation Level Review Results: | 30 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ | 05 Oct Lynis: Accepted | __________________________________________________________ | 01 Oct Kube-Hunter:
| Exception grantedCluster: | K8s not used by this BP for R5. However, in R6 it is planning to use K3s.Completed by 9/30/2021 R5 Smart Cities BP release notes: Smart Cities R5 Release Notes | 9/20/2021 | 9/21/2021 | 24 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/jejunu-pred-vanet-mec/job/push-logs/ | API info form uploaded by Asif , scheduled for review by API Subcommittee Reviewed completed and info accepted | 9/20/2021 | 9/21/2021 | 25 | TSC 2021-09-16 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/ | Ashvin Kumar uploaded API info form. API subcommittee review scheduled for (Note - the form was originally uploaded 27Aug21 but had a file corruption issue) Review completed and info accepted As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) | Accepted with exceptions shown at: Release 5 Blueprint Scanning Status This issues must be resolved prior to maturity. Pod: Could the same comparison between k3s and microk8s be provided for the kube-hunter pod.log as was provided for the cluster.log? The following vulnerabilities must be fixed:
| Missing Upstream information in IEC Type 2 Release Notes for R5 | ||||||||||||||
| 26 | No | ||||||||||||||||||||||||||||||||||||||||||||||||
| 27 | TSC 2021-10-14 (Thursday) 7:00 am Pacific | Yes | Incubation | R5 Datasheet | Per e-mail , Deepak is in process of uploading API info form As of , Deepak sent API info form, and expects to upload to the API subcommittee page. The form shows Karmada APIs (enabled by CRD method) offered inside Kubernetes environment, but no 3rd party APIs offered or consumed. Deepak uploaded API info form , API subcommittee review scheduled for API info reviewed and approved by API subcommittee . The subcommittee e-mailed Deepak asking to attend 29Oct (Fri) meeting and give more explanation about ETSI MEC interfaces in their Blueprint | N/A | Incubation Level Review Results:
Vuls: All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists. CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25038 CVE-2019-25039 CVE-2019-25042 CVE-2019-9169 CVE-2020-27619 CVE-2021-27219 CVE-2021-3177 CVE-2021-3520 CVE-2020-12403 CVE-2020-36242 _____________________________________________________ Lynis: Need to fix the following vulnerabilities:
_____________________________________________________ Kube-Hunter: Cluster: Please provide cluster.log file | Missing Upstream information in IEC Type 2 Release Notes for R5 | 26 | No | 27 | TSC 2021-10-14 (Thursday) 7:00 am Pacific | Yes | Incubation | R5 Datasheet | N/A Pod: Please provide pod.log file | 10/14/2021 |