Page History

...

Incubation Level Review Results:

17 Sep 2021

Vuls: Accepted with exceptions shown at:

__________________________________________________________

28 Sep 2021
Here are the updated logs of the Lynis test :
https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/k3s/k3s-logs/

Lynis: Need to fix the following vulnerabilities:

sysctl key fs.suid_dumpable: FAILED Expected value: 0
sysctl key kernel.dmesg_restrict: FAILED Expected value: 1
sysctl key net.ipv4.conf.default.accept_source_route: FAILED Expected value: 0
The following compilers must be removed:
as (compiler) - /usr/bin/as
cc (compiler) - /usr/bin/cc
g++ (compiler) - /usr/bin/g++
gcc (compiler) - /usr/bin/gcc

_____________________________________________________

23 Aug 2021

Kube-Hunter:

Cluster: Accepted with exceptions shown at:

Release 5 Blueprint Scanning Status

This issues must be resolved prior to maturity.

Pod: Could the same comparison between k3s and microk8s be provided for the kube-hunter pod.log as was provided for the cluster.log?

The following vulnerabilities must be fixed:

Access to pod's secrets
Suggestion:
https://blog.aquasec.com/managing-kubernetes-secrets
Securing etcdsecret data is stored in etcd. By default, etcd data is not encrypted and neither are your secrets. You should enable encryption at rest, limit access to etcd to admin users only, and safely dispose of disks where etcd data was formerly stored
Use SSL/TLSwhen running etcd in a cluster, you must use secure peer-to-peer communication.
Exposed PodsDescription: An attacker could view sensitive information about pods that are bound to a Node using the /pods endpoint.
KHV043 - Cluster Health DisclosureSuggestion: Disable --enable-debugging-handlers kubelet flag.
KHV007 - Specific Access to Kubernetes API Suggestion: Review the RBAC permissions to Kubernetes API server for the anonymous and default service account
KHV005 - Access to Kubernetes API
KHV002 - Kubernetes version disclosureSuggestion: Disable --enable-debugging-handlers kubelet flag.
KHV050 - Read access to Pod service account token
Suggestion: It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principle.
Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.
KHV044 - Privileged ContainerSuggestion: Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.

Missing Upstream information in IEC Type 2 Release Notes for R5N/A

No.	Project Name	TSC Subgroup Release Status	Is this your first release	Blue Print Stage Self-Certify Incubation Mature Core	CD Logs URL to be used for review (Column filled in by PTLs) How to: Push Logs to Nexus Jenkins Master for Private Lab Jenkins Peering Guide Example: KubeEdge BP Test Documents	Link to executive one pager (editable doc format) (Column filled in by PTLs)	API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form)	BluVal Certification Bluval User Guide	Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: Release 5: Akraino CVE Vulnerability Exception Request	Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details)	Date ready for TSC review (Column filled in by PTLs)	TSC Review Date (Column filled in by TSC)
1	Connected Vehicle Blueprint Thor Chin Tao Wang		No	Mature
2	IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family Bart Dong Thor Chin		No	Mature
3
4	ICN - Integrated Cloud-Native Family Kuralamudhan Ramakrishnan			Incubation
5	ICN - Multi-Tenant Secure Cloud Native Platform Salvador Fuentes		No	Incubation
6	ELIOT IoT Gateway Blueprint khemendra kumar		No	Incubation
7	ELIOT SD-WAN/WAN Edge/uCPE Blueprint khemendra kumar		NO	Incubation
8	Network Cloud and TF (Tungsten Fabric) Integration Project Sukhdev Kapur		No	Incubation
9	KNI Provider Access Edge Ricardo Noriega		No	Incubation
10	KNI Industrial Edge Ricardo Noriega		No	Incubation
11	Micro-MEC Ferenc Székely
12	The AI Edge: School/Education Video Security Monitoring Yu, Liya		No	incubation
13	The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Yu, Liya		No	Incubation				https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/	No new features or bugs have been added after R4 release	Missing Upstream information
14	5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint Feng Yang		No	Incubation						Completed by 8/24/2021
15	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family hanyu ding Rajeev Gadgil		No	Incubation
16	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family Leo Li		No	Incubation
17	Enterprise Applications on Lightweight 5G Telco Edge Gaurav Agrawal		No	Incubation
18	Public Cloud Edge Interface (PCEI) Blueprint Oleg Berzin		No
19	The AI Edge: Federated ML application at edge zifan wu haihui wang	TSC 2022-03-17 (Thursday) 7:00 am Pacific	No	IncubationMature	https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/	Akraino R6 Federated ML blueprint datasheet.docx	No changes from R5, per e-mail from HaiHui Wang 17 Mar 2022	https://nexus.akraino.org/content/sites/logs/fate/fml/5/	Incubation Level Review Results: 20 Aug 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ 20 Aug 2021 Lynis: Accepted __________________________________________________________ 16 Aug 2021 Kube-Hunter: Exception granted: K8s not used by this BP.	federated ML Release Notes R6 Federated ML application at edge Release Notes Completed by 8/30/2021
20	KubeEdge Edge Service Blueprint Yin Ding		No	@AlexandeIncubation
21	Private LTE/5G ICN Blueprint Prem Sankar G	TSC 2021-08-03 (Tuesday) 7:00 am Pacific	No	Incubation	https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/	Akraino Private LTE/5G BP Datasheet	Completed by 8/10/2021	22	Rural Edge blueprint for Tami COVID-19 Blueprint Family Surojit Banerjee	has been merged with PCEI blueprint
22	Rural Edge blueprint for Tami COVID-19 Blueprint Family Surojit Banerjee		Yes	Incubation
23	Smart Cities Olivier Bernard Cindy	23	Xing Alexander Su (alexander@nexcom.com) Jason Wen Jack Liu	TSC 2021-09-21 (Tuesday) 7:00 am Pacific	Yes	Incubation	https://nexus.akraino.org/content/sites/logs/myais/job/parsec/10/	Smart Cities R5 Executive One Pager	~~https://nexus.akraino.org/content/sites/logs/myais/validation/1/~~ 16 Sep 2021 https://nexus.akraino.org/content/sites/logs/myais/validation/2 fix lynis issues. 05 Oct 2021	Smart Cities R5 Security Certification Incubation Level Review Results: 30 Sep 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ 05 Oct 2021 Lynis: Accepted __________________________________________________________ 01 Oct 2021 Kube-Hunter: Exception granted: K8s not used by this BP for R5. However, in R6 it is planning to use K3s.	Completed by 9/30/2021 R5 Smart Cities BP release notes: Smart Cities R5 Release Notes	9/20/2021	9/21/2021	24	MEC-based Stable Topology Prediction for Vehicular Networks Asif Mehmood	TSC 2021-09-21 (Tuesday) 7:00 am Pacific	Yes	Incubation	https://nexus.akraino.org/content/sites/logs/jejunu-pred-vanet-mec/job/push-logs/	one-pager - release-5-1 (v1).docx one-pager - release-5-1 (v1).pdf	9/20/2021	9/21/2021	25	IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family Vinothini Raju ashvin kumar Trevor Tao	TSC 2021-09-16 (Thursday) 7:00 am Pacific	No	Incubation	https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/	Akraino Light Weight μMEC on AWS.pdf	No	Incubation
24	MEC-based Stable Topology Prediction for Vehicular Networks Asif Mehmood		No	Incubation
25	IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family Vinothini Raju ashvin kumar Trevor Tao		No	Incubation
26	IoT Workloads at the Smart Device Edge - Predictive Maintenance (with a Thermal Imaging Camera, vibration sensors, etc.) V S Aaron Williams		No
27	Federated Multi-Access Edge Cloud Platform Deepak Vij	TSC 2021-10-14 (Thursday) 7:00 am Pacific	Yes	Incubation	R5 Datasheet		No	Incubation								10/14/2021
28	Smart Data Transaction Colin Peters		Yes	Incubation	BluVal: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-bluval/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-lynis/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-vuls/ Other: https://nexus.akraino.org/content/sites/logs/fujitsu/job/edgex-install/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/edgex-lora/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/lfedge-cluster/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/lfedge-install/	SDT Datasheet.docx	Per e-mail from Colin Peters 13 Mar 2022 , blueprint consumes Kubernetes and EdgeX APIs. They are uploading API info form API info form uploaded 15 Mar 2022 Scheduled for review by API subcommittee review25 Mar 2022
29	Robot basic architecture based on SSES Fukano Haruhisa		Yes	Incubation		Robot basic architecture based on SSES One Pager	Per e-mail from Inoue Reo 17 Mar 2022 , blueprint does not export or consume APIs. They are uploading an API info form to indicate this, along with comments about future / possible API plans

...

Space shortcuts

Page tree

Versions Compared

Old Version 26

New Version 27

Key