/
Akraino BluVal Exception Request

Akraino BluVal Exception Request

Nov 09, 2021

Blueprints that have to run the BluVal testing and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:

  • Running at least the minimum OS version required by the Akraino BluVal

    • Ubuntu

    • CentOS

    • Debian

    • Fedora

    • Suse Enterprise Server

 

Testing Item

Blueprint

Blueprint OS/Ver

Reason for exception (Problem description)

Contact Name

Contact Email

Comment

Exception Approved (Y/N)

Testing Item

Blueprint

Blueprint OS/Ver

Reason for exception (Problem description)

Contact Name

Contact Email

Comment

Exception Approved (Y/N)

Sonobuoy/Conformance

KubeEdge Edge Service Blueprint

Ubuntu 20.04

Please refer to KubeEdge BP Test Documents#ConformanceTest(Sonobuoy)

@Yin Ding @Hao Xu

yin.ding@futurewei.com 

Due to BluVal cannot support Sonobuoy in KubeEdge and the Conformance testing image only support v1.16, cannot support v1.19, this blueprint can have an exception during R4.

Y

Sonobuoy/Conformance

ELIOT IotGateway Blueprint

Ubuntu 16.04

We are using kubernetes version 1.17.2.  Sonobuoy only supports k8s version <=1.16

@Srinivasan Selvam 

srinivasan.s.n@huawei.com

We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2

Y

Sonobuoy/Conformance

ELIOT uCPE Blueprint

CentOS 7.8

We are using kubernetes version 1.17.2.  Sonobuoy only supports k8s version <=1.16

@Srinivasan Selvam

srinivasan.s.n@huawei.com

We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2

Y

Sonobuoy/Conformance

EALT-EDGE Blueprint

Ubuntu 18.04

We are using Kubernetes version above 1.17.  Sonobuoy only supports k8s version <=1.16

@Srinivasan Selvam

srinivasan.s.n@huawei.com

We need exception for conformance test since sonobuoy doesn't support k8s version 1.17.2

Y

Eve + Fledge (container)

Predictive Maintainance

EVE

We are using EVE as OS

@Vladimir Suvorov

hello.fleandr@gmail.com

We use EVE as OS. Can you access that? I'm not sure, what os kernel does EVE used?

linux 5.10 & alpine 3.8

Y

Sonobuoy/Conformance

ICN

Ubuntu 18.04

ICN uses Kubernetes version 1.18.9. Sonobuoy currently support k8s version <= 1.16

@Kuralamudhan Ramakrishnan (Deactivated)

@Todd Malsbary

kuralamudhan.ramakrishnan@intel.com

todd.malsbary@intel.com

BluVal Sonobuoy/Conformance only support v1.16.

Y

Sonobuoy/Conformance

KNI Blueprint family

Red Hat Enterprise Linux CoreOS release 4.5

Kubernetes Version: v1.18.3+3107688

Sonobuoy currently support k8s version <= 1.16

@Ricardo Noriega

rnoriega@redhat.com

We need exception for conformance test since sonobuoy doesn't support k8s version 1.18.3

We also need exception since Vuls does not support RH CoreOS as valid OS

Y

Sonobuoy/Conformance

PCEI

Ubuntu 18.04

Getting error message from BluVal robot: level=error msg="could not get tests from archive: failed to find results file \"plugins/e2e/results/global/junit_01.xml\" in archive"' does not contain 'failed tests: 0'

@Oleg Berzin (Deactivated)

oberzin@equinix.com

 

Further troubleshooting shows the Docker image for Sonobuoy does not get pulled:

message": "Back-off pulling image \"akraino/validation:kube-conformance-v1.14\"

The Docker Hub does not have the image tagged

akraino/validation:kube-conformance-v1.14

Y

Sonobuoy/Conformance

IEC Type3 

Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family

Host os:Ubuntu18 Guest os:Android9

We build android OS in arm server and Bluval did not support Andorid.

@hanyu ding

dinghanyu@chinamobile.com 

We need exception for conformance test cause we use android OS in our project. Bluval did not support android test.

Y

Sonobuoy/Conformance

IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family

Host OS: debian

The bluval validation doesn't support the debian system.

@Yihui Wang

wangyihui@chinamobile.com

We need exception for conformance test cause we use debian OS in our project. Bluval did not support this OS.

Y

 

 

 

 

 

 

 

 

RELEASE 5 EXCEPTION REQUEST

 

Sonobuoy / Conformance

EALT-EDGE Blueprint

and 

ELIOT IotGateway Blueprint

Ubuntu 18.04

Kubernetes version 1.18.7

Sonobuoy unable to run on Single node cluster

Daemon set will rollback without unnecessary restarts error

@Srinivasan Selvam

srinivasan.s.n@huawei.com

We need exception for conformance test because sonobuoy will not execute in a single node cluster. ( Daemon set test error )

Snapshot attached on issue description column

@khemendra kumar BPs k8s is single node cluster and so can not run SonoBouy. 

Kindly provide exception

Y

Sonobuoy / Conformance

ELIOT uCPE Blueprint

Ubuntu 18.04

Kubernetes version 1.17.2

Sonobuoy unable to run 1.17.2 k8s cluster throwing below error

@Srinivasan Selvam

srinivasan.s.n@huawei.com

We need exception for conformance test because sonobuoy can not execute for K8s 1.17.2 with 1 master and 1 worker node

 

@Sirisha Gopigiri

Unable to replicate it. All test cases executed but the daemon set failed due to single node limitation. Please find the screenshots attached.

 

 

 

@khemendra kumar BPs k8s is single node cluster and so can not run SonoBouy. 

Kindly provide exception

Y

Sonobuoy/
Conformance

 

Integrated Edge Cloud (IEC) Type 2

Ubuntu 18.04

Getting error message from BluVal robot: level=error msg="could not get tests from archive: failed to find results file \"plugins/e2e/results/global/junit_01.xml\" in archive"' does not contain 'failed tests: 0'

Microk8s Version - 1.21 

@ashvin kumar

@Site Administrator

ashvin.p@gopaddle.io

vinothiniraju@gopaddle.io

We would like to apply for an exception on the conformance test  for IEC Type 2 release 5. We ran the sonobuoy tests against microk8s & upon troubleshooting, we discovered that  Image for Sonobuoy does not get pulled

message": "Back-off pulling image \"akraino/validation:kube-conformance-v1.14\"

The Docker Hub does not have the image tagged

akraino/validation:kube-conformance-v1.14



 

 

 

 

Kube-hunter

Integrated Edge Cloud (IEC) Type 2

Ubuntu 18.04

When running the Kube-hunter test against the microk8s cluster, 1 of the 3 critical tests case fails with the following log.

Inside-a-Pod Scanning | FAIL | 1 != 0 ------------------------------------------------------------------------------ Kube-Hunter.Kube-Hunter :: Hunt for security weaknesses in Kuberne... | FAIL | 3 critical tests, 2 passed, 1 failed 3 tests total, 2 passed, 1 failed ============================================================================== Kube-Hunter | FAIL | 3 critical tests, 2 passed, 1 failed 3 tests total, 2 passed, 1 failed


@ashvin kumar

@Site Administrator

ashvin.p@gopaddle.io

vinothiniraju@gopaddle.io

 

The pod.log file in results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter is empty. To get more logs related to this test case, we changed the loglevel from 'INFO' to 'DEBUG' in the variable.yaml under validation/tests  . But the loglevel was still set to INFO. So we ran the kube-hunter container locally & logged in to directly change the bluval.py file using the following commands.

But still, the loglevel remained at 'INFO' when running the tests.  We're currently unable to fix the issue because of the lack of sufficient logs.