Versions Compared

Old Version 11

changes.mady.by.user Fukano Haruhisa

Saved on

compared with

New Version 12

changes.mady.by.user Jeff Brower

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

No.Project NameTSC Subgroup Release StatusIs this your first release 

Blue Print Stage

  • Self-Certify
  • Incubation
  • Mature
  • Core

CD Logs URL to be used for review

(Column filled in by PTLs)

How to: Push Logs to Nexus

Jenkins Master for Private Lab

Jenkins Peering Guide

Example: 

KubeEdge BP Test Documents

Link to executive one pager

(editable doc format)

(Column filled in by PTLs)

API Info Reporting Review

(Column filled in by API Subcommittee)

(note for PTLs – go here for steps to fill in project API info form)

BluVal

Certification

Bluval User Guide

Security

Certification

Provide link to Vuls, Lynis, and Kube-Hunter logs below.

Pass/Fail Criteria:  Steps To Implement Security Scan Requirements

Exception requests should be filed at:

Release 5: Akraino CVE Vulnerability Exception Request

Upstream Review (Column filled by Upstream Subcommittee and PTLs)


(note PTL can go to Release 5 BP/Feature Upstream Status to find details)

Date ready for TSC review

(Column filled in by PTLs)

 TSC Review Date

(Column filled in by TSC)


1

Connected Vehicle Blueprint

Thor Chin

Tao Wang


NoMature








2

IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family

Bart Dong

Thor Chin


NoMature








3














4

ICN - Integrated Cloud-Native Family

Kuralamudhan Ramakrishnan


NoIncubation

ICN Master Bare Metal Deployment Verifier

ICN Master Virtual Deployment Verifier

ICN R5 Datasheet

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/os/lynis/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/os/vuls/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/k8s/conformance/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20210707-182026/results/k8s/kube-hunter/

Filed Release 5: Akraino CVE Vulnerability Exception Request

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

LynisAccepted 

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted 

Completed by 8/6/2021


5

ICN - Multi-Tenant Secure Cloud Native Platform 

Salvador Fuentes


YesIncubationhttps://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/ICN-MTSCN R5 Datasheet

 

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/os/lynis/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210712-025145/results/os/vuls/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/k8s/conformance/

https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master-kata/20210624-025354/results/k8s/kube-hunter/

Filed Release 5: Akraino CVE Vulnerability Exception Request

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

LynisAccepted 

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted 

Completed by 8/10/2021


6

ELIOT IoT Gateway Blueprint

khemendra kumar


NoIncubationhttps://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/

ELIOT R5 IoT-Gateway Datasheet


https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/


Akraino BluVal Exception Request

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

LynisAccepted 

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

Completed 8/6/2021


7

ELIOT SD-WAN/WAN Edge/uCPE Blueprint

khemendra kumar


NOIncubationhttps://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ELIOT R5 - SD-WAN / WAN Edge / uCPE Data Sheet

https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/


Akraino BluVal Exception Request

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

LynisAccepted 

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

Completed on 8/6/2021


8

Network Cloud and TF (Tungsten Fabric) Integration Project

Sukhdev Kapur

TSC 2021-08-12 (Thursday) 7:00 am PacificNoIncubation

https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/

Blueprint Data Sheet
Not required as there is no change from Release 4Not required as there is no change from Release 4Completed by 8/10/202108/12/2021

9

KNI Provider Access Edge

Ricardo Noriega


NoIncubationhttps://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/

Akraino R5 blueprint Datasheet_ KNI PAE.odt



https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/

Incubation Level Review Results:

Vuls:  Accepted with exception.  The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls.

__________________________________________________________

LynisAccepted 

____________________________________________________________

Output manually generated, located at:

Release 5 Security Scan Manual Logs

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

Completed by 8/10/20219/16/2021

10

KNI Industrial Edge

Ricardo Noriega


NoIncubation

Management Hub:

https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/

Industrial Edge:

https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-ie-verify-deploy-gcp/4/

Akraino R5 blueprint Datasheet_ KNI IE.odt



https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/

Incubation Level Review Results:

Vuls:  Accepted with exception.  The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls.

__________________________________________________________

LynisAccepted 

____________________________________________________________

Output manually generated, located at:

Release 5 Security Scan Manual Logs

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

Completed by 8/10/20219/16/2021

11

Micro-MEC

Ferenc Székely







 







12

The AI Edge: School/Education Video Security Monitoring

Yu, Liya

TSC 2021-09-21 (Tuesday) 7:00 am PacificNoincubationhttps://nexus.akraino.org/content/sites/logs/baidu/job/aiedge/6/

AIEdge_Akraino R5 blueprint Datasheet.docx


https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1

Incubation Level Review Results:

 

VulsAll vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists.

CVE-2017-18017 10.0

CVE-2018-15686 10.0

CVE-2019-14901 10.0

CVE-2017-15670 9.8

CVE-2017-15804 9.8

CVE-2018-1000007 9.8

CVE-2018-1000120 9.8

CVE-2018-11236 9.8

CVE-2018-1126 9.8

CVE-2018-12910 9.8

CVE-2018-15688 9.8

CVE-2018-16402 9.8

CVE-2018-18074 9.8

CVE-2018-18751 9.8

CVE-2018-20060 9.8

CVE-2018-6485 9.8

CVE-2019-10126 9.8

CVE-2019-10160 9.8

CVE-2019-14895 9.8

CVE-2019-16746 9.8

CVE-2019-17041 9.8

CVE-2019-17042 9.8

CVE-2019-17133 9.8

CVE-2019-5482 9.8

CVE-2019-9636 9.8

CVE-2016-7913 9.3

CVE-2017-15126 9.3

CVE-2017-16997 9.3

CVE-2017-9725 9.3

CVE-2018-10897 9.3

CVE-2019-12735 9.3

CVE-2018-1000122 9.1

CVE-2018-1000301 9.1

CVE-2019-9948 9.1

CVE-2016-10745 9.0

CVE-2018-19788 9.0

CVE-2019-14287 9.0

____________________________________________________________

Lynis:  Accepted 

____________________________________________________________

Kube-Hunter: 

  Pod:  The following vulnerability must be corrected.

  • CAP_NET_RAW Enabled

    CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed.

  Cluster:  Accepted 


9/20/20219/21/2021
13

The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS)

Yu, Liya


No
  • Incubation
https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet


https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/No new features or bugs have been added after R4 releaseMissing Upstream information


14

5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint

Feng Yang

TSC 2021-08-17 (Tuesday) 7:00 am Pacific

NoIncubationhttps://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/

5G MEC_Akraino R4&5 blueprint Datasheet.docx




Completed by 8/24/2021


15

IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family

hanyu ding Rajeev Gadgil


NoIncubation








16

IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family

Leo Li


NoIncubationhttps://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/


IEC Release5-SmartNIC datasheet.docx

IEC Release5 SmartNIC System Architecture.pdf


Bluval Exception has been accepted for the project.

Akraino BluVal Exception Request


R5 Release Notes of IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family


Completed by 8/30/2021




17

Enterprise Applications on Lightweight 5G Telco Edge

Gaurav Agrawal


NoIncubationhttps://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/EALTEDGE Release 5 Datasheet

https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/


Akraino BluVal Exception Request

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

LynisAccepted 

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge


Completed by 8/10/2021




18

Public Cloud Edge Interface (PCEI) Blueprint

Oleg Berzin

TSC 2021-08-10 (Tuesday) 7:00 am PacificNo
https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/https://wiki.akraino.org/x/lwHkAg


https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/


 

https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/

Fixed:

fs.suid_dumpable

net.ipv4.conf.default.accept_source_route


Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

____________________________________________________________

Lynis:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

____________________________________________________________

Kube-Hunter: 

  Cluster:  Accepted 

  Pod:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

PCEI R5 Release Notes

https://wiki.akraino.org/x/LgLkAg



Completed by 8/6/2021

 



19

The AI Edge: Federated ML application at edge

zifan wu

haihui wang

TSC 2021-08-26 (Thursday) 7:00 am Pacific

No
  • Incubation
https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/Akraino R6 Federated ML blueprint datasheet.docx

https://nexus.akraino.org/content/sites/logs/fate/fml/5/



Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

__________________________________________________________

LynisAccepted

__________________________________________________________

Kube-Hunter:  Exception granted:  K8s not used by this BP.

federated ML

Release Notes

R6 Federated ML application at edge Release Notes


Completed by 8/30/2021




20

KubeEdge Edge Service Blueprint

Yin Ding




@Alexande







21

Private LTE/5G ICN Blueprint

Prem Sankar G

TSC 2021-08-03 (Tuesday) 7:00 am Pacific

NoIncubationhttps://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/Akraino Private LTE/5G BP Datasheet


Completed by 8/10/2021


22

Rural Edge blueprint for Tami COVID-19 Blueprint Family

Surojit Banerjee













23

Smart Cities

Olivier Bernard Cindy Xing Alexander Su (alexander@nexcom.com)

Jason Wen

Jack Liu

TSC 2021-09-21 (Tuesday) 7:00 am Pacific

YesIncubationhttps://nexus.akraino.org/content/sites/logs/myais/job/parsec/10/

Smart Cities R5 Executive One Pager


https://nexus.akraino.org/content/sites/logs/myais/validation/1/

 

https://nexus.akraino.org/content/sites/logs/myais/validation/2

fix lynis issues.

 

Smart Cities R5 Security Certification

Incubation Level Review Results:

 

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

__________________________________________________________

Lynis:  Accepted

__________________________________________________________

Kube-Hunter:  Exception granted:  K8s not used by this BP for R5.  However, in R6 it is planning to use K3s.

Completed by 9/30/2021

R5 Smart Cities BP release notes: Smart Cities R5 Release Notes

9/20/20219/21/2021
24

MEC-based Stable Topology Prediction for Vehicular Networks

Asif Mehmood

TSC 2021-09-21 (Tuesday) 7:00 am PacificYesIncubationhttps://nexus.akraino.org/content/sites/logs/jejunu-pred-vanet-mec/job/push-logs/

one-pager - release-5-1 (v1).docx 

one-pager - release-5-1 (v1).pdf





9/20/20219/21/2021
25

IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family

Vinothini Raju

ashvin kumar Trevor Tao
TSC 2021-09-16 (Thursday) 7:00 am PacificNoIncubationhttps://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/

Akraino Light Weight μMEC on AWS.pdf


https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/blueval/k8s/conformance/


https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/blueval/k8s/kube-hunter/

Incubation Level Review Results:

VulsAccepted with exceptions shown at:

Release 5 Vuls Exception Request

__________________________________________________________



Here are the updated logs of the Lynis test : 
https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/k3s/k3s-logs/

LynisNeed to fix the following vulnerabilities:

  • sysctl key fs.suid_dumpable: FAILED Expected value:  0
  • sysctl key kernel.dmesg_restrict: FAILED Expected value:  1
  • sysctl key net.ipv4.conf.default.accept_source_route: FAILED Expected value:  0
  • The following compilers must be removed:

    as (compiler) - /usr/bin/as

    cc (compiler) - /usr/bin/cc

    g++ (compiler) - /usr/bin/g++

    gcc (compiler) - /usr/bin/gcc

_____________________________________________________

Kube-Hunter: 

  Cluster:  Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

This issues must be resolved prior to maturity.

  Pod:  Could the same comparison between k3s and microk8s be provided for the kube-hunter pod.log as was provided for the cluster.log?

The following vulnerabilities must be fixed:

  • Access to pod's secrets

    Suggestion: 

    https://blog.aquasec.com/managing-kubernetes-secrets

    Securing etcdsecret data is stored in etcd. By default, etcd data is not encrypted and neither are your secrets. You should enable encryption at rest, limit access to etcd to admin users only, and safely dispose of disks where etcd data was formerly stored

    Use SSL/TLSwhen running etcd in a cluster, you must use secure peer-to-peer communication.

  • Exposed PodsDescription:  An attacker could view sensitive information about pods that are bound to a Node using the /pods endpoint.

  • KHV043 - Cluster Health DisclosureSuggestion:  Disable --enable-debugging-handlers kubelet flag.

  • KHV007 - Specific Access to Kubernetes API Suggestion:  Review the RBAC permissions to Kubernetes API server for the anonymous and default service account

  • KHV005 - Access to Kubernetes API

  • KHV002 - Kubernetes version disclosureSuggestion:  Disable --enable-debugging-handlers kubelet flag.

  • KHV050 - Read access to Pod service account token

    Suggestion:  It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principle.

    Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.

  • KHV044 - Privileged ContainerSuggestion:  Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged:  false policy.

Missing Upstream information in IEC Type 2 Release Notes for R5


26

IoT Workloads at the Smart Device Edge - Predictive Maintenance (with a Thermal Imaging Camera, vibration sensors, etc.)

V S Aaron Williams


No









27

Federated Multi-Access Edge Cloud Platform

Deepak Vij

TSC 2021-10-14 (Thursday) 7:00 am PacificYesIncubation
R5 Datasheet


N/A


10/14/2021


28

Smart Data Transaction

Colin Peters


Yes




Per e-mail from Colin Peters  , blueprint consumes Kubernetes and EdgeX APIs. They are uploading API info form

API info form uploaded . Scheduled for review by API subcommittee review    







29

Robot basic architecture based on SSES

Fukano Haruhisa


YesIncubation








...