Blueprints that have to run the BluVal testing and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:
- Running at least the minimum OS version required by the Akraino BluVal
- Ubuntu
- CentOS
- Debian
- Fedora
- Suse Enterprise Server
| Testing Item | Blueprint | Blueprint OS/Ver | Reason for exception (Problem description) | Contact Name | Contact Email | Comment | Exception Approved (Y/N) |
|---|---|---|---|---|---|---|---|
| Sonobuoy/Conformance | KubeEdge Edge Service Blueprint | Ubuntu 20.04 | Please refer to KubeEdge BP Test Documents#ConformanceTest(Sonobuoy) | Due to BluVal cannot support Sonobuoy in KubeEdge and the Conformance testing image only support v1.16, cannot support v1.19, this blueprint can have an exception during R4. | Y | ||
| Sonobuoy/Conformance | ELIOT IotGateway Blueprint | Ubuntu 16.04 | We are using kubernetes version 1.17.2. Sonobuoy only supports k8s version <=1.16 | We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2 | Y | ||
| Sonobuoy/Conformance | ELIOT uCPE Blueprint | CentOS 7.8 | We are using kubernetes version 1.17.2. Sonobuoy only supports k8s version <=1.16 | srinivasan.s.n@huawei.com | We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2 | Y | |
| Sonobuoy/Conformance | EALT-EDGE Blueprint | Ubuntu 18.04 | We are using Kubernetes version above 1.17. Sonobuoy only supports k8s version <=1.16 | srinivasan.s.n@huawei.com | We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2 | Y | |
| Eve + Fledge (container) | Predictive Maintainance | EVE | We are using EVE as OS | Vladimir Suvorov | hello.fleandr@gmail.com | We use EVE as OS. Can you access that? I'm not sure, what os kernel does EVE used? linux 5.10 & alpine 3.8 | Y |
| Sonobuoy/Conformance | ICN | Ubuntu 18.04 | ICN uses Kubernetes version 1.18.9. Sonobuoy currently support k8s version <= 1.16 | BluVal Sonobuoy/Conformance only support v1.16. | Y | ||
| Sonobuoy/Conformance | KNI Blueprint family | Red Hat Enterprise Linux CoreOS release 4.5 | Kubernetes Version: v1.18.3+3107688 Sonobuoy currently support k8s version <= 1.16 | rnoriega@redhat.com | We need exception for conformance test since sonobuoy doesn't support k8s version 1.18.3 We also need exception since Vuls does not support RH CoreOS as valid OS | Y | |
| Sonobuoy/Conformance | PCEI | Ubuntu 18.04 | Getting error message from BluVal robot: level=error msg="could not get tests from archive: failed to find results file \"plugins/e2e/results/global/junit_01.xml\" in archive"' does not contain 'failed tests: 0' | Oleg Berzin | Further troubleshooting shows the Docker image for Sonobuoy does not get pulled: message": "Back-off pulling image \"akraino/validation:kube-conformance-v1.14\" The Docker Hub does not have the image tagged akraino/validation:kube-conformance-v1.14 | Y | |
| Sonobuoy/Conformance | IEC Type3 | Host os:Ubuntu18 Guest os:Android9 | We build android OS in arm server and Bluval did not support Andorid. | hanyu ding | dinghanyu@chinamobile.com | We need exception for conformance test cause we use android OS in our project. Bluval did not support android test. | Y |
| Sonobuoy/Conformance | Host OS: debian | The bluval validation doesn't support the debian system. | wangyihui@chinamobile.com | We need exception for conformance test cause we use debian OS in our project. Bluval did not support this OS. | Y | ||
RELEASE 5 EXCEPTION REQUEST | |||||||
| Sonobuoy / Conformance | EALT-EDGE Blueprint and ELIOT IotGateway Blueprint | Ubuntu 18.04 | Kubernetes version 1.18.7 Sonobuoy unable to run on Single node cluster Daemon set will rollback without unnecessary restarts error
| We need exception for conformance test because sonobuoy will not execute in a single node cluster. ( Daemon set test error ) Snapshot attached on issue description column khemendra kumar BPs k8s is single node cluster and so can not run SonoBouy. Kindly provide exception | Y | ||
| Sonobuoy / Conformance | ELIOT uCPE Blueprint | Ubuntu 18.04 | Kubernetes version 1.17.2 Sonobuoy unable to run 1.17.2 k8s cluster throwing below error
| We need exception for conformance test because sonobuoy can not execute for K8s 1.17.2 with 1 master and 1 worker node Unable to replicate it. All test cases executed but the daemon set failed due to single node limitation. Please find the screenshots attached.
khemendra kumar BPs k8s is single node cluster and so can not run SonoBouy. Kindly provide exception | Y | ||
Sonobuoy/ + Kube-hunter | Integrated Edge Cloud (IEC) Type 2 | Ubuntu 18.04 | Security issues observed seem to be specific to Microk8s. Microk8s Version - 1.21 | We would like to apply for an exception on the conformance test & Kube-hunter for IEC Type 2 release 5 since the security issues observed seem to be specific to the microk8s cluster. We ran the sonobuoy tests & kube-hunter against k3s and there are no issues in the master setup. We are working with Canonical to review our configuration. We will try to get these issues resolved in our next IEC release. Here are the cluster logs against the microk8s cluster.
microk8s pod log k3s pod log | Y | ||
| Lynis & Vuls | Integrated Edge Cloud (IEC) Type 2 | Ubuntu 18.04 | No alternate AWS AMI was found for ARM-based ubuntu 18.04 | Since there's no alternate ARM-based Ubuntu AMI to run lynis & Vuls OS tests, except ami-026141f3d5c6d2d0c, we're planning to file an exception for this release. A custom AMI can be built to run the test on the next release. The logs have been pushed to the nexus server. | Y | ||
