Page History

...

No.	Project Name	TSC Subgroup Release Status	Is this your first release	Blue Print Stage Self-Certify Incubation Mature Core	CD Logs URL to be used for review (Column filled in by PTLs) How to: Push Logs to Nexus Jenkins Master for Private Lab Jenkins Peering Guide Example: KubeEdge BP Test Documents	Link to executive one pager (editable doc format) (Column filled in by PTLs)	API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form)	BluVal BlueVal Logs or Manual Logs Bluval User Guide	Security Certification (TO be filled by Security Subcommittee) Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: Release 6: Akraino CVE and KHV Vulnerability Exception Request	Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 6 Upstream Review Status to find details)	Date ready for TSC review (Column filled in by PTLs)	TSC Review Date (Column filled in by TSC)
1	Connected Vehicle Blueprint Thor Chin Tao Wang		No	Mature
2	IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family Bart Dong Thor Chin		No	Mature			No API changes expected from R5, per Bart Dong in TSC meeting 07 Apr 2022. Waiting for e-mail from Bart to confirm this
3
4	ICN - Integrated Cloud-Native Family Kuralamudhan Ramakrishnan		No	Incubation	ICN Master Bare Metal Deployment Verifier ICN Master Virtual Deployment Verifier	ICN R6 Datasheet	No API changes from R5, per e-mail from Kural Ramakrishnan 28 Apr 2022	BluVal Results	02 May 2022 lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted		29 Apr 2022
5	ICN - Multi-Tenant Secure Cloud Native Platform Salvador Fuentes		No	Incubation
6	ELIOT IoT Gateway Blueprint khemendra kumar		No	Incubation	https://nexus.akraino.org/content/sites/logs/huawei/job/Eliot-aio-log/19/	ELIOT R6 IoT-Gateway Datasheet	No API changes from R5, per e-mail from Khemendra Kumar 28 Apr 2022 Info for ELIOT IOTGateway APIs: https://wiki.akraino.org/display/AK/ELIOT+R6+IOTGateway+API+documentation	https://nexus.akraino.org/content/sites/logs/huawei/job/Eliot-security-test/31/results/	02 May 2022 lynis results: Result: sysctl key fs.suid_dumpable: FAILED Result: sysctl key kernel.dmesg_restrict: FAILED Result: sysctl key net.ipv4.conf.default.accept_source_route: FAILED vuls results: Accepted kube-hunter results: pod: KHV043 - Cluster Health Disclosure Disable --enable-debugging-handlers kubelet flag. KHV044 - Privileged Container Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.
7	ELIOT SD-WAN/WAN Edge/uCPE Blueprint khemendra kumar		NO	Incubation
8	Network Cloud and TF (Tungsten Fabric) Integration Project Sukhdev Kapur		No	Mature
9	KNI Provider Access Edge Ricardo Noriega		No	Incubation
10	KNI Industrial Edge Ricardo Noriega		No	Incubation
11	Micro-MEC Ferenc Székely
12	The AI Edge: School/Education Video Security Monitoring Yu, Liya		No	incubation			No API changes expected from R5, per Liya Yu in TSC meeting 31 Mar 2022. Waiting for e-mail from Liya to confirm this
13	The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Yu, Liya		No	Incubation			No API changes from R5, per e-mail from ZhuMing Zhang 28 Apr 2022	https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/	No new features or bugs have been added after R4 release
14	5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint Feng Yang		No	Incubation
15	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family hanyu ding Rajeev Gadgil Davy Zhang		No	Incubation	https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/upload/iec-tox-verify-master_317/	https://wiki.akraino.org/download/attachments/24084647/IEC%20Release3-IEC%20Type3-datasheet.docx?version=5&modificationDate=1591272863000&api=v2	API form uploaded by Davy Zhang 28 Apr 2022, scheduled for review at API subcommittee meeting 29 Apr 2022 Approved by API subcommittee at weekly meeting 29 Apr 2022	https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/ak_results/ https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/validation_results_v2/ 06 May 2022	02 May 2022 lynis results: Test: Checking PASS_MAX_DAYS option in /etc/login.defs: FAILED 2022-04-17 23:44:10 Result: password aging limits are not configured 2022-04-17 23:44:10 Suggestion: Configure maximum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-] Performing test ID AUTH-9328 (Default umask values): FAILED 2022-04-17 23:44:10 Result: found umask 022, which could be improved 2022-04-17 23:44:10 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:-] [solution:-] Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups): FAILED 2022-04-17 23:44:50 Result: AllowUsers is not set 2022-04-17 23:44:50 Result: AllowGroups is not set 2022-04-17 23:44:50 Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine. Result: sysctl key fs.suid_dumpable: FAILED Result: sysctl key kernel.dmesg_restrict: FAILED Result: sysctl key net.ipv4.conf.default.accept_source_route: FAILED Performing test ID HRDN-7220 (Check if one or more compilers are installed): FAILED 2022-04-17 23:45:42 Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler' 2022-04-17 23:37:28 Found known binary: as (compiler) - /usr/bin/as 2022-04-17 23:37:28 Found known binary: cc (compiler) - /usr/bin/cc 2022-04-17 23:37:28 Found known binary: g++ (compiler) - /usr/bin/g++ 2022-04-17 23:37:28 Found known binary: gcc (compiler) - /usr/bin/gcc 2022-04-17 23:44:13 Found package: device-tree-compiler (version: 1.4.5-3) 2022-04-17 23:44:21 Found package: protobuf-compiler (version: 3.0.0-9.1ubuntu1) vuls results: CVE-2017-12194: failed in scan CVE-2018-12892: failed in scan CVE-2019-17113: failed in scan CVE-2019-19948: failed in scan CVE-2019-19949: failed in scan kube-hunter results: *cluster:* KHV002 - Kubernetes version disclosure Disable --enable-debugging-handlers kubelet flag. pod: CAP_NET_RAW Enabled CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed. https://www.suse.com/c/demystifying-containers-part-iv-container-security/ Access to pod's secrets https://blog.aquasec.com/managing-kubernetes-secrets Securing etcdsecret data is stored in etcd. By default, etcd data is not encrypted and neither are your secrets. You should enable encryption at rest, limit access to etcd to admin users only, and safely dispose of disks where etcd data was formerly stored Use SSL/TLSwhen running etcd in a cluster, you must use secure peer-to-peer communication. KHV005 - Access to Kubernetes API KHV002 - Kubernetes version disclosure Disable --enable-debugging-handlers kubelet flag. KHV050 - Read access to Pod service account token It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principle. Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.
16	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family Leo Li		No	Incubation	upload CT log links	one page link	No API changes expected from R5, per Leo Li in TSC meeting 07 Apr 2022. Waiting for e-mail from Leo to confirm this
17	Enterprise Applications on Lightweight 5G Telco Edge Gaurav Agrawal		No	Incubation	https://nexus.akraino.org/content/sites/logs/huawei/job/Ealtedge-aio-log/15/	EALTEDGE Release 6 Datasheet	No API changes from R5, per e-mail from Khemendra Kumar 28 Apr 2022 Info for EALTEdge APIs: https://wiki.akraino.org/pages/viewpage.action?pageId=53478299	https://nexus.akraino.org/content/sites/logs/huawei/job/Ealt-edge-security-test/26/results/	02 May 2022 lynis results: Result: sysctl key fs.suid_dumpable: FAILED Result: sysctl key kernel.dmesg_restrict: FAILED Result: sysctl key net.ipv4.conf.default.accept_source_route: FAILED vuls results: Accepted kube-hunter results: pod: CAP_NET_RAW Enabled CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed. https://www.suse.com/c/demystifying-containers-part-iv-container-security/ KHV043 - Cluster Health Disclosure Disable --enable-debugging-handlers kubelet flag. KHV044 - Privileged Container Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.
18	Public Cloud Edge Interface (PCEI) Blueprint Oleg Berzin		No	Incubation		https://wiki.akraino.org/x/SC0wAw	Revised API info form sent to Oleg per his requirements (see API Subcommittee meeting minutes 22 Apr 2022 for details) Note - PCEI Blueprint R6 API documentation located here (as of 12 Apr 2022): https://wiki.akraino.org/x/Qy0wAw	12 Apr 2022 https://nexus.akraino.org/content/sites/logs/pcei/job/r6/v1/	26 Apr 2022 lynis results: Performing test ID AUTH-9328 (Default umask values): FAILED 2022-04-13 01:07:38 Result: found umask 022, which could be improved 2022-04-13 01:07:38 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:-] [solution:-] vuls results: Accepted kube-hunter results: pod: CAP_NET_RAW Enabled CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed. https://www.suse.com/c/demystifying-containers-part-iv-container-security/	12 Apr 2022Approved per the upstream review https://wiki.akraino.org/x/Ui0wAw
19	The AI Edge: Federated ML application at edge zifan wu haihui wang	TSC 2022-03-17 (Thursday) 7:00 am Pacific	No	Mature	https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/	Akraino R6 Federated ML blueprint datasheet.docx	No API changes from R5, per e-mail from HaiHui Wang 17 Mar 2022	https://nexus.akraino.org/content/sites/logs/fate/fml/5/	Incubation Level Review Results: 20 Aug 2021 Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ 20 Aug 2021 Lynis: Accepted __________________________________________________________ 16 Aug 2021 Kube-Hunter: Exception granted: K8s not used by this BP.	s
20	KubeEdge Edge Service Blueprint Yin Ding		No	Incubation
21	Private LTE/5G ICN Blueprint Prem Sankar G has been merged with PCEI blueprint
22	Rural Edge blueprint for Tami COVID-19 Blueprint Family Surojit Banerjee		Yes	Incubation
23	Smart Cities Olivier Bernard Cindy Xing Alexander Su (alexander@nexcom.com) Jason Wen Jack Liu		No	Incubation	https://nexus.akraino.org/content/sites/logs/myais/job/smartcities/8	Smart Cities R6 Executive One Pager - Akraino - Akraino Confluence	No API changes expected from R5, per TSC meeting discussion 21 Apr 2022. Waiting for e-mail from Jason or Jack to confirm this. Update - API form uploaded by Jason 22 Apr 2022 , scheduled for review at API subcommittee meeting 29 Apr 2022 Approved by API subcommittee at weekly meeting 29 Apr 2022	~~https://nexus.akraino.org/content/sites/logs/myais/validation/1/~~ 14 Apr 2022 https://nexus.akraino.org/content/sites/logs/myais/validation/2 fix lynis issue, in pb use k3s, add kube-hunter test. 29 Apr 2022	02 May 2022 lynis results: Accepted vuls results: Accepted kube-hunter results: pod: Access to pod's secrets https://blog.aquasec.com/managing-kubernetes-secrets Securing etcdsecret data is stored in etcd. By default, etcd data is not encrypted and neither are your secrets. You should enable encryption at rest, limit access to etcd to admin users only, and safely dispose of disks where etcd data was formerly stored Use SSL/TLSwhen running etcd in a cluster, you must use secure peer-to-peer communication. CAP_NET_RAW Enabled CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed. https://www.suse.com/c/demystifying-containers-part-iv-container-security/ KHV005 - Access to Kubernetes API KHV002 - Kubernetes version disclosure Disable --enable-debugging-handlers kubelet flag. KHV050 - Read access to Pod service account token It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principle. Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.	Smart Cities R6 Upstream
24	MEC-based Stable Topology Prediction for Vehicular Networks Asif Mehmood		No	Incubation
25	IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family Vinothini Raju ashvin kumar Trevor Tao		No	Incubation
26	IoT Workloads at the Smart Device Edge - Predictive Maintenance (with a Thermal Imaging Camera, vibration sensors, etc.) V S Aaron Williams		No
27	Federated Multi-Access Edge Cloud Platform Deepak Vij		No	Incubation
28	Smart Data Transaction Colin Peters		Yes	Incubation	BluVal: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-bluval/2/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-lynis/3/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-vuls/2/ Other: https://nexus.akraino.org/content/sites/logs/fujitsu/job/edgex-install/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/edgex-lora/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/lfedge-cluster/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/lfedge-install/	SDT Datasheet.docx	Per e-mail from Colin Peters 13 Mar 2022 , blueprint consumes Kubernetes and EdgeX APIs. They are uploading API info form API info form uploaded 15 Mar 2022 Scheduled for review by API subcommittee review25 Mar 2022 Reviewed and approved by API subcommittee 25 Mar 2022	https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-bluval/2/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-lynis/3/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-vuls/2/	15 Apr 2022 sdt-lynis results: Accepted sdt-vuls results: Accepted All Exceptions are granted Release 6: Akraino CVE Vulnerability Exception Request	Smart Data Transaction for CPS Release Notes Approved	2022/04/13	2022/04/14
29	Robot basic architecture based on SSES Fukano Haruhisa		Yes	Incubation	https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/	Robot basic architecture based on SSES One Pager	Per e-mail from Inoue Reo 17 Mar 2022 , blueprint does not export or consume APIs. They are uploading an API info form to indicate this, along with comments about future / possible API plans Inoue Reo uploaded an API info form 17 Apr 2022. Review by API subcommittee is scheduled for 01 Apr 2022 Reviewed and approved by API subcommittee 01 Apr 2022	https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/	20 Apr 2022 robot Lynis results: Accepted iotgateway Lynis results: Accepted robot vuls results: Accepted All exceptions are granted iotgateway vuls results: Accepted All exceptions are granted Release 6: Akraino CVE Vulnerability Exception Request	Approved per the BP upstream review	2022/04/13	2022/04/14

...

Space shortcuts

Page tree

Versions Compared

Old Version 106

New Version 107

Key