Jeff Brower - added items in red
Release 5 target date is June 30th 2021.
Classes of release 5 Blueprints and the requirements to be included in Release 5
The requirements for the blueprints to be included in release 5 are as follows:
Depending upon the situation, the PTLs are suggested to meet the following criteria -
Class 1: The Blueprints moving from Release 4 to Release 5
If the blueprint is already part of release 4 and you want this to be included in release 5, please follow the following steps:
- Did you make any improvements in release 5 - e.g. you fixed bugs or added additional features?
- If Yes:
- Does it impact the APIs or Documentation?
- If yes,
- Please update
the APIs andthe documentation and send the email to respective sub-committee chairs. - For APIs, please see API Subcommittee Guidelines below
- Please update
- Run the security scans and upload the link in the table below next to your blueprint
- Upload the latest CI/CD logs
- Send an email to tsc@lists.akraino.org to notify the TSC
- Put yourself on the TSC agenda and request for the approval
- If yes,
- Does it impact the APIs or Documentation?
- If No:
- No additional formalities are required
- Send an email to tsc@lists.akraino.org to notify the TSC
- Put yourself on the TSC agenda and request for the approval
- If Yes:
Class 2: The Blueprints moving from Release 3 to Release 5
If the blueprint is already part of release 3 and not release 4 and you want this to be included in release 5, please follow the following steps:
Note that in release 4, a new requirement was introduced to expose all the API consumed and offered by your blueprint.
- Please update the documentation to include new API section.
- Follow the guidelines to submit API information as per the requirements specified in the API sub-committee
- send the email to respective documentation and API sub-committee lists.
- If you require assistance with documentation
or APIs, please reach out the respective subcommittee to be included on their agenda and discuss with them otherwise you are done - For APIs, please see API Subcommittee Guidelines below
- If you require assistance with documentation
- Run the security scans and upload the link in the table below next to your blueprint
- Upload the latest CI/CD logs
- Send an email to tsc@lists.akraino.org to notify the TSC
- Put yourself on the TSC agenda and request for the approval
Class 3: The Blueprints moving from Release 2 or earlier to Release 5
If the blueprint is already part of release 1 or 2 and not release 3 or 4 and you want this to be included in release 5, please follow the following steps described under Class 4 below.
Class 4: New Blueprints being introduced for the first time in Release 5
Please follow the requirements specified in release 4 with the following exceptions:
- The sub-committee presentations are optional starting from release 5 and for your benefit only. If you require assistance on any of the areas such as
APIs,documentation, Security scans or CI/CD logs, please schedule a meeting with appropriate subcommittee. - For APIs, please see API Subcommittee Guidelines below
- Once you meet the requirements of respective subcommittee, please send them an email to notify them. Except for APIs, as noted in 2., if they require any clarification, they will either invite you to meet with them or they will approve your blueprint via email.
- Send an email to tsc@lists.akraino.org to notify the TSC
- Put yourself on the TSC agenda and request for the approval
API Subcommittee Guidelines
Please follow step-by-step instructions on the API Subcommittee API reporting wiki page. If after submitting your API info form (or an updated form, if you are in Class 1 and the form has changed since Release 4) and notifying the subcommittee by e-mail they have questions, then schedule a time when either subcommittee members may attend your weekly BP meeting or you can attend the API subcommittee weekly meeting in order to discuss and resolve the questions. When meeting, please be prepared with architecture and data flow diagrams so the API subcommittee can understand and confirm 1) APIs consumed and offered by your BP, 2) upstream project APIs, and 3) customer-facing demo APIs. This information will be used to update the Akraino website API Map, which makes your BP visible and searchable to customers and entities outside of Akraino, so completeness and accuracy is important.
- Self Certified Milestones Achievement Due Date May 31st 2021 ( Milestone 4)
2. Maturity Review Milestone Achievement Due date May 31st 2021
Please add targeted and achieved R4 milestones at:
BP Incubation Stage Reporting R4 (To be updated)
Define area of focus
(to be updated)
- Virtual meeting to start to have a session to discuss all of the agenda items.
- Different patches from different blueprints need to be up-streamed.
- Need a consistent framework
- New blueprints have been committed for R5.
- Want to increase standards on Release 5.
- Validation Project test layers and test cases
- Self Certification in R4?
Release 5 Requirements
- High Level Overall Requirements
- CI, Blueprint Validation Lab Sub-Committee Requirements
- Present Pod Topology document.
- Peering w/LF Jenkins - (Note: peering is an optional requirement)
- Push logs through Nexus. (Note: This is mandatory for Incubation self-certified and Maturity)
Releases >= 1.0 (e.g. 1.xyz, 2.xyz etc) are reserved for BP that have been approved as Core by the TSC (considered ‘GA’ quality).
Releases <1.0 (e.g. 0.xyz etc) are reserved for projects that have not reached the Akraino Core level (i.e. anything that is in Incubation (‘alpha’ quality) and Mature (‘beta’ quality).
Enforcement of Static Code Analysis through SonarCloud (SaaS), WIP LF Release Engineering & Security Subcommittee. (Note: This is an optional requirement for Incubation self certified and mandatory for Maturity)
- Security Sub-Committee Requirements, please fill in Release 4 Blueprint Scanning Status. Instructions can be found at: Steps To Implement Security Scan Requirements
- Blueprint Validation Framework Feature Project Requirements See TSC meeting.
- Projects going for Maturity Review please refer to Maturity Criteria defined by Process subcommittee BP Graduation Review Processes and Criteria (Note this is not required for self certification, only required for maturity review)
- Documentation Sub-Committee Requirements
User Documents:
The following documentation with the following sections called out should be on the wiki with links to rest of the sections as applicable. We prefer that the entire doc is on the wiki but we do not require it.
Architecture - Blue print Overview and overall architecture
Release Notes – Summary and What is released
Installation Doc – Introduction and deployment architecture
Test Document – Introduction and Overall Test Architecture
Developer Documents:
We are also recommending that Blueprints include via ReadtheDocs, with each Blue Print given their own repo, but we do not require it
- API Sub-Committee Requirements (Note: See this link for requirements: Blueprint Projects R4 and R5 API Reporting Requirements)
- Community Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity)
- Process Sub-Committee Requirements (Note: See the Process Sub Committee page defining the TSC approved Maturity review process and requirements for those requesting inclusion in R3 at Mature level BP Graduation Review Processes and Criteria)
- Upstream Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity). Here is the R4 release Upstream BP review status, Release Upstream Compliance. Also please refer to the page for the R4 requirement as well.
Blue Prints Participating in Release 5
Internal Target date to meet Rel 5 Criteria is June 30th ( please add your target/achieved date at the BP Incubation Stage Reporting R2 (To Be Updated))
(To be updated)
No. | Project Name | TSC Subgroup Release Status | Is this your first release | Blue Print Stage
| CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/ | CVB_Akraino_R5_blueprint_Datasheet.docx | Per e-mail from WANG Tao (Tucker Wang) 20Aug21, no changes from R4 | Completed by 8/24/2021 | |||||||
2 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/ | Per e-mail from Bart 7Sep21, no changes from R4 | |||||||||
3 | |||||||||||||
4 | No | Incubation | ICN R5 Datasheet | Per notice from Kural 5Aug21, no change from R4 | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/6/2021 | |||||||
5 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/ | ICN-MTSCN R5 Datasheet | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/10/2021 | ||||||
6 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed 8/6/2021 | ||||||
7 | NO | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | ELIOT R5 - SD-WAN / WAN Edge / uCPE Data Sheet | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed on 8/6/2021 | |||||
8 | TSC 2021-08-12 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/ | Blueprint Data Sheet | Per e-mail from Sukhdev 5Aug21, no change from R4 | Not required as there is no change from Release 4 | Not required as there is no change from Release 4 | Completed by 8/10/2021 | 08/12/2021 | |||
9 | No | Incubation | https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/ | Per e-mail from Ricardo 10Aug21, he uploaded R5 API info forms for both KNI blueprints, with no substantive changes from R4. The API subcommittee has a review scheduled for of the new API info forms and will update this table afterwards On the API Subcommittee reviewed and accepted the updated KNI R5 API forms | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||
10 | No | Incubation | Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ | See above note | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||
11 |
| ||||||||||||
12 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | No | incubation | https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge/6/ | Per e-mail from Liya Yu 21Sep21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1 | Incubation Level Review Results:
Vuls: All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists. CVE-2017-18017 10.0 CVE-2018-15686 10.0 CVE-2019-14901 10.0 CVE-2017-15670 9.8 CVE-2017-15804 9.8 CVE-2018-1000007 9.8 CVE-2018-1000120 9.8 CVE-2018-11236 9.8 CVE-2018-1126 9.8 CVE-2018-12910 9.8 CVE-2018-15688 9.8 CVE-2018-16402 9.8 CVE-2018-18074 9.8 CVE-2018-18751 9.8 CVE-2018-20060 9.8 CVE-2018-6485 9.8 CVE-2019-10126 9.8 CVE-2019-10160 9.8 CVE-2019-14895 9.8 CVE-2019-16746 9.8 CVE-2019-17041 9.8 CVE-2019-17042 9.8 CVE-2019-17133 9.8 CVE-2019-5482 9.8 CVE-2019-9636 9.8 CVE-2016-7913 9.3 CVE-2017-15126 9.3 CVE-2017-16997 9.3 CVE-2017-9725 9.3 CVE-2018-10897 9.3 CVE-2019-12735 9.3 CVE-2018-1000122 9.1 CVE-2018-1000301 9.1 CVE-2019-9948 9.1 CVE-2016-10745 9.0 CVE-2018-19788 9.0 CVE-2019-14287 9.0 ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Pod: The following vulnerability must be corrected.
Cluster: Accepted | 9/20/2021 | 9/21/2021 | ||||
13 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet | Per e-mail from Zhuming Zhang (Simmy Zhang) 30Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | No new features or bugs have been added after R4 release | Missing Upstream information | |||||
14 | No | Incubation | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Per e-mail from Eagan Fu 15Aug21, no change from R4 | Completed by 8/24/2021 | ||||||||
15 | No | Incubation | As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) API info form uploaded by Rajeev API info form reviewed , no APIs offered or consumed, as Blueprint constructs and provides an Android cloud run-time environment for user applications Note - would like to further understand this when the BP comes up for review and voting approval during TSC call | ||||||||||
16 | No | Incubation | https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/ | Per e-mail from Leo Li (Socnoc AI Inc) 11Aug21, no change from R4 | Bluval Exception has been accepted for the project. | R5 Release Notes of IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family Completed by 8/30/2021 | |||||||
17 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | EALTEDGE Release 5 Datasheet | Per e-mail from Khemendra 20Aug21 (with Gaurav cc'd), no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/10/2021 | |||||
18 | TSC 2021-08-10 (Tuesday) 7:00 am Pacific | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/
https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021 |
| ||||
19 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | Akraino R5 Federated ML blueprint datasheet.docx | Per e-mail from Zifan 8Aug21, no change from R4 |
https://nexus.akraino.org/content/sites/logs/fate/fml/5/ Fixed 3 issues. | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ Lynis: Accepted __________________________________________________________ Kube-Hunter: Exception granted: K8s not used by this BP. | federated ML Release Notes R5 Federated ML application at edge Release Notes Completed by 8/30/2021 | |||||
20 | @Alexande | ||||||||||||
21 | TSC 2021-08-03 (Tuesday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | Per e-mail from Prem 27Aug21, no change from R4 | Completed by 8/10/2021 | ||||||
22 | |||||||||||||
23 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/myais/job/parsec/10/ | API info form uploadedto API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements). Approved based on informal review | Smart Cities R5 Security Certification Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ Lynis: Accepted __________________________________________________________ Kube-Hunter: Exception granted: K8s not used by this BP for R5. However, in R6 it is planning to use K3s. | Completed by 9/30/2021 R5 Smart Cities BP release notes: Smart Cities R5 Release Notes | 9/20/2021 | 9/21/2021 | |||||
24 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/jejunu-pred-vanet-mec/job/push-logs/ | API info form uploaded by Asif , scheduled for review by API Subcommittee Reviewed completed and info accepted | 9/20/2021 | 9/21/2021 | ||||||
25 | TSC 2021-09-16 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/ | Ashvin Kumar uploaded API info form. API subcommittee review scheduled for (Note - the form was originally uploaded 27Aug21 but had a file corruption issue) Review completed and info accepted As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) | Incubation Level Review Results: Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________
Lynis: Need to fix the following vulnerabilities:
_____________________________________________________ Kube-Hunter: Cluster: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status This issues must be resolved prior to maturity. Pod: Could the same comparison between k3s and microk8s be provided for the kube-hunter pod.log as was provided for the cluster.log? The following vulnerabilities must be fixed:
| Missing Upstream information in IEC Type 2 Release Notes for R5 | ||||||
26 | No | ||||||||||||
27 | TSC 2021-10-14 (Thursday) 7:00 am Pacific | Yes | Incubation | R5 Datasheet | Per e-mail , Deepak is in process of uploading API info form As of , Deepak sent API info form, and expects to upload to the API subcommittee page. The form shows Karmada APIs (enabled by CRD method) offered inside Kubernetes environment, but no 3rd party APIs offered or consumed. Deepak uploaded API info form , API subcommittee review scheduled for API info reviewed and approved by API subcommittee . The subcommittee e-mailed Deepak asking to attend 29Oct (Fri) meeting and give more explanation about ETSI MEC interfaces in their Blueprint | N/A | Incubation Level Review Results:
Vuls: All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists. CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25038 CVE-2019-25039 CVE-2019-25042 CVE-2019-9169 CVE-2020-27619 CVE-2021-27219 CVE-2021-3177 CVE-2021-3520 CVE-2020-12403 CVE-2020-36242 _____________________________________________________ Lynis: Need to fix the following vulnerabilities:
_____________________________________________________ Kube-Hunter: Cluster: Please provide cluster.log file Pod: Please provide pod.log file | 10/14/2021 |