Versions Compared

Old Version 21

changes.mady.by.user ruoyu.ying

Saved on

compared with

New Version 22

changes.mady.by.user Igor D.C.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue
Introduction

...

Hostname

CPU Model

Memory

BMC 

Firmware

Storage

1GbE: NIC#, VLAN,

(Connected

extreme 480 switch)

10GbE: NIC# VLAN, Network

(Connected with IZ1 switch)

40GbE: NIC#

Jump

Intel

2xE5-2699

64GB

 1.46.9995

3TB (Sata)
180 (SSD)

IF0: VLAN 110 (DMZ)
IF1: VLAN 111 (Admin)

IF2: VLAN 112 (Private)
VLAN 114 (Management)
IF3: VLAN 113 (Storage)
VLAN 1115 (Public)


node1

Intel

2xE5-2699

64GB

1.46.9995

3TB (Sata)
180 (SSD)

IF0: VLAN 110 (DMZ)
IF1: VLAN 111 (Admin)

IF2: VLAN 112 (Private)
VLAN 114 (Management)
IF3: VLAN 113 (Storage)
VLAN 1115 (Public)


node2

Intel

2xE5-2699

64GB

1.46.9995

3TB (Sata)
180 (SSD)

IF0:  VLAN 110 (DMZ)
IF1: VLAN 111 (Admin)

IF2: VLAN 112 (Private)
VLAN 114 (Management)
IF3: VLAN 113 (Storage)
VLAN 1115 (Public)

IF4: SRIOV

Virtual deployment

Hostname

CPU Model

Memory

Storage

1GbE: NIC#, VLAN,

(Connected

extreme 480 switch)

10GbE: NIC# VLAN, Network

(Connected with IZ1 switch)

node1

Intel

2xE5-2699

64GB

3TB (Sata)
180 (SSD)

IF0: VLAN 110 (DMZ)
IF1: VLAN 111 (Admin)

IF2: VLAN 112 (Private)
VLAN 114 (Management)
IF3: VLAN 113 (Storage)
VLAN 1115 (Public)

Test Framework

All components are tested with end-to-end testing

...

Igor D.C.

Status as of May 13th 28th 2020:

Layer

Result

Comment

Comments

Nexus

os/lynis

PASS

if disabling ICN pluginsIf libvirt or weave are installed, lynis will no longer pass. This is a problem because the virtlet ICN plugin requires libvirt.


Logs

os/vuls

FAIL:

153

141 unfixed vulnerabilities found

141 unfixed vulnerabilities.

Total: 153 (High:

33

30 Medium:

93

96 Low:27 ?:0),

1

 12/153 Fixed,

801

795 installed, 0 exploits, en: 2, ja: 0 alerts

Logs

k8s/conformance

PASS

if disabling ICN pluginsNeed to enable ICN plugins and understand reason for failures. Just the basic KUD deployment is enough to make conformance pass.


Logs

k8s/kubehunter

FAIL

PASS except:

  • Inside-a-Pod Scanning
: 5 vulnerabilities

Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer.

Important links:

Steps To Implement Security Scan Requirements

...

  • : 1 vulnerability: CAP_NET_RAW

Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW.

Logs

CI logs: 

The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/

...