| Table of Contents | ||
|---|---|---|
|
ICN Pod Topology
| View file | ||
|---|---|---|
|
|
Jenkins Information
Akraino community has a public Jenkins cluster. ICN leverages the Akriano public Jenkins to run CI jobs. While the CD jobs run in our private Jenkins cluster.
...
To add more Jenkins slave nodes, please follow the akriano jenkins guide
To setup private jenkins, please refer to the README.md under icn/ci/
...
Hostname | CPU Model | Memory | BMC Firmware | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) | 40GbE: NIC# |
|---|---|---|---|---|---|---|---|
Jump | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node1 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node2 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | IF4: SRIOV |
Virtual deployment
Hostname | CPU Model | Memory | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) |
|---|---|---|---|---|---|
node1 | Intel 2xE5-2699 | 64GB | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) |
Test Framework
All components are tested with end-to-end testing
...
- Virtlet is a Kubernetes runtime server which allows you to run VM workloads, based on QCOW2 images.
- We create a Virtlet VM pod-spec file adhering to the standards for virtlet to create a VM in a K8S env.
- The pod spec file is applied to bring up Virtlet deployment and make sure it is running. We attach to the pod and test to make sure the VM is running fine by connecting to it and checking details.
OVN4NFV:
- We use the Multus CNI container to create multiple ovn interfaces using OVNOVN4NFV provide Provider networks using VLAN networking and Service Function Chaining.
- After the pod is up and running we will be able to attach to the pod and check for multiple interfaces created inside the container.
...
- OVN4NFV networking is setup and created along the EMCO composite vFW testing
Node feature Discovery
- Node feature discovery for Kubernetes detects hardware features available on each node in a Kubernetes cluster and advertises those features using node labels.
- Create a pod with specific label information in the case the pods are scheduled only on nodes whose Major Kernal version is 3 and above. Since the NFD Master and worker Daemonset is already running, the master has all the label information about the nodes which is collected by the worker.
- If the O.S version matches, the PoD will be scheduled and up. Otherwise, the Pod will be in a pending state in case there are no nodes with matching labels that are requested by the pod
...
- Use Kud to setup 3 clusters (sdewan-hub, edge-a, edge-b)
- Run the SDEWAN CRD Controller in each clusters.
- Create SDEWAN CNF instance and dummy pod (using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge-b
- Configure Create IPSec CR to configure sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses through SDEWAN CRD Controller.
- Configure Create IPSec CR to configure edge-a and edge-b IPSec configuration to get the IP addresses through SDEWAN CRD Controller.
- Establish edge-a tunnel to sdewan-hub, edge-b tunnel to sdewan-hub, and hub XFRM policies will automatically route traffic between edge-a and edge-b
- Establish Create SNAT CR to establish SNAT rule in edge-a and DNAT CR to establish DNAT rule in edge-b to which will enable tcp connection from edge-a to edge-b's httpbin service.
- Verify curl command is successful from edge-a dummy pod (using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.
Openness
- Install EAA helm charts through ONAP4K8S in the edge location.
- Install Openness simple EAA producer and simple EAA consumer through ONAP4K8S
- Verify EAA consumer can consume the service provided by EAA producer.
ONAP4K8s:
...
EMCO:
- EMCO Sanity testing check the health connectivity EMCO Micro service, once it is installed
...
- Cloud Native FW having multiple components such packetgen generator, sink and cFW
- Packet generator: Sends packets to the packet sink through the firewall. This includes a script that periodically generates different volumes of traffic inside the container
- Firewall: Reports the volume of traffic passing though to the ONAP DCAE collector.
- Traffic sink: Displays the traffic volume that lands at the sink container using the link node port through your browser and enable automatic page refresh by clicking the "Off" button. You can see the traffic volume in the charts.
...
EdgeX Foundry:
EdgeX Foundry helm chart are installed through ONAP in the edge location. Test case ensure that all the EdgeX Framework containers are up and running
BluVal Testing
Status as of Dec 10th 2020: << Todd Malsbary Please update the table below>>
...
Layer
...
Result
...
Comments
BluVal Testing
Status as of Dec 10th 2020:
Layer | Result | Comments | Nexus |
os/lynis | PASS with exceptions | Logs | |
os/vuls | FAIL: 141 unfixed vulnerabilities found | 141 unfixed vulnerabilities. Total: 153 (High:30 Medium:96 Low:27 ?:0), 12/153 Fixed, 795 installed, 0 exploits, en: 2, ja: 0 alerts | Logs |
k8s/conformance | PASS Exceptions:
| Logs | |
os/vuls | PASS with exceptions | Exceptions:
| Logs |
k8s/kubehunterconformance | PASS except:
| Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW. | Logs |
...
with exceptions | Exceptions:
| Logs | |
k8s/kube-hunter | PASS | With aquasec/kube-hunter:edge image | Logs |
Release 4 Blueprint Scanning Status
Akraino CVE Vulnerability Exception Request
...
The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/
CD Logs:
...
ICN Master Baremetal Deployment Verifier
ICN Master Virtual Deployment Verifier
ICN SDEWAN Master End2End Testing
...