Page History

...

No.	Project Name	TSC Subgroup Release Status	Is this your first release	Blue Print Stage Self-Certify Incubation Mature Core	CD Logs URL to be used for review (Column filled in by PTLs) How to: Push Logs to Nexus Jenkins Master for Private Lab Jenkins Peering Guide Example: KubeEdge BP Test Documents	Link to executive one pager (editable doc format) (Column filled in by PTLs)	API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form)	BluVal Certification Bluval User Guide	Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: Release 5: Akraino CVE Vulnerability Exception Request	Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details)	Date ready for TSC review (Column filled in by PTLs)
1	Connected Vehicle Blueprint Thor Chin Tao Wang			Mature		CVB_Akraino_R5_blueprint_Datasheet.docx	Per e-mail from WANG Tao (Tucker Wang) 20Aug21, no changes from R4			Completed by 8/24/2021
2	IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family Bart Dong Thor Chin			Mature
3
4	ICN - Integrated Cloud-Native Family Kuralamudhan Ramakrishnan		No	Incubation	ICN Master Bare Metal Deployment Verifier ICN Master Virtual Deployment Verifier	ICN R5 Datasheet	Per notice from Kural 5Aug21, no change from R4	https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/os/lynis/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/os/vuls/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/k8s/conformance/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/k8s/kube-hunter/	Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results: 09 Aug 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 09 Aug 2021 Lynis: Accepted ____________________________________________________________ 09 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted	Completed by 8/6/2021
5	ICN - Multi-Tenant Secure Cloud Native Platform Salvador Fuentes		Yes	Incubation	https://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/	ICN-MTSCN R5 Datasheet	API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee 23 Jul 2021 API subcommittee review completed and info accepted 23 Jul 2021	https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/os/lynis/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210712-025145/results/os/vuls/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/k8s/conformance/ https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/k8s/kube-hunter/	Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results: 09 Aug 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 09 Aug 2021 Lynis: Accepted ____________________________________________________________ 09 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted	Completed by 8/10/2021
6	ELIOT IoT Gateway Blueprint khemendra kumar		No	Incubation	https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/	ELIOT R5 IoT-Gateway Datasheet	Per e-mail from Khemendra 26Aug21, no changes from R4	https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/	Incubation Level Review Results: 19 Jul 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 19 Jul 2021 Lynis: Accepted ____________________________________________________________ 16 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	Completed 8/6/2021
7	ELIOT SD-WAN/WAN Edge/uCPE Blueprint khemendra kumar		NO	Incubation	https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/		Per e-mail from Khemendra 26Aug21, no changes from R4	https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/	Incubation Level Review Results: 20 Jul 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 20 Jul 2021 Lynis: Accepted ____________________________________________________________ 16 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	Completed on 8/6/2021
8	Network Cloud and TF (Tungsten Fabric) Integration Project Sukhdev Kapur		No		https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/	Blueprint Data Sheet	Per e-mail from Sukhdev 5Aug21, no change from R4	Not required as there is no change from Release 4		Completed by 8/10/2021
9	KNI Provider Access Edge Ricardo Noriega		No	Incubation	https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/	Akraino R5 blueprint Datasheet_ KNI PAE.odt	Per e-mail from Ricardo 10Aug21, he uploaded R5 API info forms for both KNI blueprints, with no substantive changes from R4. The API subcommittee has a review scheduled for 20 Aug 2021 of the new API info forms and will update this table afterwards		https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: 20 Jul 2021 Vuls: Need to provide vul.log output file __________________________________________________________ 20 Jul 2021 Lynis: FAILED test ID AUTH-9328 (Default umask values)Suggestion: Default umask in /etc/login.defs could be more strict like 027 sysctl key kernel.dmesg_restrictSuggestion: value should be set to '1' sysctl key net.ipv4.conf.default.accept_source_routeSuggestion: value should be set to '0' ____________________________________________________________ 20 Aug 2021 Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	Completed by 8/10/2021
10	KNI Industrial Edge Ricardo Noriega		No	Incubation	Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ Industrial Edge: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-ie-verify-deploy-gcp/4/	Akraino R5 blueprint Datasheet_ KNI IE.odt	See above note		https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: 20 Jul 2021 Vuls: Need to provide vul.log output file __________________________________________________________ 20 Jul 2021 Lynis: FAILED test ID AUTH-9328 (Default umask values)Suggestion: Default umask in /etc/login.defs could be more strict like 027 sysctl key kernel.dmesg_restrictSuggestion: value should be set to '1' sysctl key net.ipv4.conf.default.accept_source_routeSuggestion: value should be set to '0' ____________________________________________________________ 20 Aug 2021 Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	Completed by 8/10/2021
11	Micro-MEC Ferenc Székely						Ashwin Kumar uploaded API info form27 Aug 2021. API subcommittee review scheduled for 03 Sep 2021
12	The AI Edge: School/Education Video Security Monitoring Yu, Liya
13	The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Yu, Liya		No	Incubation	https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/	Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet		https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/	No new features or bugs have been added after R4 release	Missing Upstream information
14	5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint Feng Yang	TSC 2021-08-17 (Tuesday) 7:00 am Pacific	No		https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/	5G MEC_Akraino R4&5 blueprint Datasheet.docx	Per e-mail from Eagan Fu 15Aug21, no change from R4			Completed by 8/24/2021
15	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family hanyu ding
16	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family yihui wang		No	Incubation	https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/	IEC Release4-SmartNIC datasheet.docx	Per e-mail from Leo 11Aug21, no change from R4	Bluval Exception has been accepted for the project. Akraino BluVal Exception Request
17	Enterprise Applications on Lightweight 5G Telco Edge Gaurav Agrawal		No	Incubation	https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/	EALTEDGE Release 5 Datasheet	Per e-mail from Khemendra 20Aug21, no changes from R4	https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/	Incubation Level Review Results: 19 Jul 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 19 Jul 2021 Lynis: Accepted ____________________________________________________________ 16 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/10/2021
18	Public Cloud Edge Interface (PCEI) Blueprint Oleg Berzin	TSC 2021-08-10 (Tuesday) 7:00 am Pacific	No		https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/	https://wiki.akraino.org/x/lwHkAg	Per API Subcommittee meeting 30Jul21, no change from R4 PCEI R5 API Doc: https://wiki.akraino.org/x/qgHkAg	https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/ 02 Aug 2021 https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route	Incubation Level Review Results: 29 Jul 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ 16 Aug 2021 Lynis: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status ____________________________________________________________ 16 Aug 2021 Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status	PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021	10 Aug 2021
19	The AI Edge: Federated ML application at edge zifan wu		No	Incubation	https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/	Akraino R5 Federated ML blueprint datasheet.docx	Per e-mail from Zifan 8Aug21, no change from R4	~~https://nexus.akraino.org/content/sites/logs/fate/job/fate_security/1~~ 04 Aug 2021 ~~https://nexus.akraino.org/content/sites/logs/fate/fml/2/~~ 17 Aug 2021 ~~https://nexus.akraino.org/content/sites/logs/fate/fml/3~~ ~~Fix Lynis issues and upgrade curl to 7.78.~~ 19 Aug 2021 https://nexus.akraino.org/content/sites/logs/fate/fml/5/ Fixed 3 issues.	Incubation Level Review Results: 20 Aug 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ 20 Aug 2021 Lynis: Accepted __________________________________________________________ 16 Aug 2021 Kube-Hunter: Exception granted: K8s not used by this BP.	federated ML Release Notes R5 Federated ML application at edge Release Notes
20	KubeEdge Edge Service Blueprint Yin Ding
21	Private LTE/5G ICN Blueprint Prem Sankar G	TSC 2021-08-03 (Tuesday) 7:00 am Pacific	No	Incubation	https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/	Akraino Private LTE/5G BP Datasheet				Completed by 8/10/2021
22	Rural Edge blueprint for Tami COVID-19 Blueprint Family Surojit Banerjee
23	Smart Cities Olivier Bernard Cindy Xing Alexander Su Jason Wen Jack Liu		Yes
24	MEC-based Stable Topology Prediction for Vehicular Networks Asif Mehmood
25	IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family Vinothini Raju ashvin kumar Trevor Tao		No	Incubation	https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/	Akraino Light Weight μMEC on AWS.pdf		https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/blueval/k8s/conformance/ https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/blueval/k8s/kube-hunter/	23 Aug 2021 Vuls: Need to provide vuls.log output file __________________________________________________________ 23 Aug 2021 Lynis: Need to provide lynis.log output file __________________________________________________________ 23 Aug 2021 Kube-Hunter: Cluster: The following vulnerabilities must be fixed: KHV043 - Cluster Health DisclosureSuggestion: Disable --enable-debugging-handlers kubelet flag. KHV044 - Privileged ContainerSuggestion: Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy. Pod: The following vulnerabilities must be fixed: Access to pod's secrets Suggestion: https://blog.aquasec.com/managing-kubernetes-secrets Securing etcdsecret data is stored in etcd. By default, etcd data is not encrypted and neither are your secrets. You should enable encryption at rest, limit access to etcd to admin users only, and safely dispose of disks where etcd data was formerly stored Use SSL/TLSwhen running etcd in a cluster, you must use secure peer-to-peer communication. Exposed PodsDescription: An attacker could view sensitive information about pods that are bound to a Node using the /pods endpoint. KHV043 - Cluster Health DisclosureSuggestion: Disable --enable-debugging-handlers kubelet flag. KHV007 - Specific Access to Kubernetes API Suggestion: Review the RBAC permissions to Kubernetes API server for the anonymous and default service account KHV005 - Access to Kubernetes API KHV002 - Kubernetes version disclosureSuggestion: Disable --enable-debugging-handlers kubelet flag. KHV050 - Read access to Pod service account token Suggestion: It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principle. Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec. KHV044 - Privileged ContainerSuggestion: Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.	Missing Upstream information in IEC Type 2 Release Notes for R5
26	IoT Workloads at the Smart Device Edge - Predictive Maintenance (with a Thermal Imaging Camera, vibration sensors, etc.) V S Aaron Williams		No
27	Federated Multi-Access Edge Cloud Platform Deepak Vij		Yes

...

Space shortcuts

Page tree

Versions Compared

Old Version 149

New Version 150

Key

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 149

New Version 150

Key

TSC 2021-08-03 (Tuesday) 7:00 am Pacific