From 4ac47be2e9fb27625f4e06746dd618261b62ce44 Mon Sep 17 00:00:00 2001 From: Italo Valcy Date: Thu, 19 Jun 2025 09:26:57 -0300 Subject: [PATCH 1/2] adding example for frr ospf --- lab08-frr-ospf/README.md | 42 +++++++++ lab08-frr-ospf/manifest.yaml | 136 +++++++++++++++++++++++++++++ lab08-frr-ospf/topology-mnsec.yaml | 44 ++++++++++ 3 files changed, 222 insertions(+) create mode 100644 lab08-frr-ospf/README.md create mode 100644 lab08-frr-ospf/manifest.yaml create mode 100644 lab08-frr-ospf/topology-mnsec.yaml diff --git a/lab08-frr-ospf/README.md b/lab08-frr-ospf/README.md new file mode 100644 index 0000000..9f2ebb5 --- /dev/null +++ b/lab08-frr-ospf/README.md @@ -0,0 +1,42 @@ +# Laboratório de Roteamento OSPF com FRR + +Este laboratório descreve um cenário de roteamento com OSPF através do FRR. + +## 1. Make sure this lab is working + +To make sure this lab is working, you should open the helloworld service as ilustrated below: + +![open-service](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-open-service.png) + +You should see something like this: + +![service](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-service.png) + +> [!IMPORTANT] +> The hello world service shows a message indicating the status of the system. Which option below best describe the status indicated by the hello world service? +> +>
+>
+>
+>
+ +## 2. Accessing the lab console + +Sometimes you will need to run commands on some components of the Lab. Follow the indication below to run commands on the Lab container: + +![open-terminal](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-open-term.png) + +You should see something like this: + +![terminal](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-terminal.png) + +> [!IMPORTANT] +> When you clicked on the link indicated above, which component was loaded from the Lab: +> +> diff --git a/lab08-frr-ospf/manifest.yaml b/lab08-frr-ospf/manifest.yaml new file mode 100644 index 0000000..53695ca --- /dev/null +++ b/lab08-frr-ospf/manifest.yaml @@ -0,0 +1,136 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-custom-topo-${pod_hash} +data: + customTopology.yaml: |- + name: Lab OSPF Routing with FRR + settings: + hosts: + h1: + ip: 10.1.0.1/24 + defaultRoute: via 10.1.0.254 + h2: + ip: 10.2.0.1/24 + defaultRoute: via 10.2.0.254 + h3: + ip: 10.3.0.1/24 + defaultRoute: via 10.3.0.254 + router1: + ip: 10.1.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + router2: + ip: 10.2.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + router3: + ip: 10.3.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + links: + - node1: h1 + node2: r1 + - node1: h2 + node2: r2 + - node1: h3 + node2: r3 + - node1: r1 + node2: r2 + ipv4_node1: 10.255.12.1/24 + ipv4_node2: 10.255.12.2/24 + - node1: r2 + node2: r3 + ipv4_node1: 10.255.23.2/24 + ipv4_node2: 10.255.23.3/24 + - node1: r1 + node2: r3 + ipv4_node1: 10.255.13.1/24 + ipv4_node2: 10.255.13.3/24 + ipv4_node1: 192.168.3.254/24 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mininet-sec-${pod_hash} + labels: + app: mininet-sec-${pod_hash} +spec: + replicas: 1 + selector: + matchLabels: + app: mininet-sec-${pod_hash} + template: + metadata: + name: mininet-sec-${pod_hash} + labels: + app: mininet-sec-${pod_hash} + annotations: + container.apparmor.security.beta.kubernetes.io/mininet-sec: unconfined + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: ${allowed_nodes} + containers: + - name: mininet-sec + image: hackinsdn/mininet-sec:latest + imagePullPolicy: Always + ports: + - containerPort: 8050 + - containerPort: 8443 + args: ["mnsec", "--topofile", "/customTopology.yaml"] + env: + - name: K8S_POD_HASH + value: ${pod_hash} + - name: K8S_NODE_AFFINITY + value: ${allowed_nodes_str} + - name: K8S_PROXY_CERT_FILE + value: /usr/local/etc/mnsec-proxy-ca.crt + - name: K8S_PROXY_HOST + value: mnsec-proxy-service.hackinsdn.svc.cnacv5 + securityContext: + capabilities: + add: ["NET_ADMIN", "SYS_MODULE", "SYS_ADMIN"] + volumeMounts: + - name: lib-modules + mountPath: /lib/modules + - name: config-custom-topo-${pod_hash}-volume + readOnly: true + mountPath: "/customTopology.yaml" + subPath: "customTopology.yaml" + - name: mnsec-proxy-ca-volume + mountPath: /usr/local/etc/mnsec-proxy-ca.crt + readOnly: true + subPath: ca.crt + volumes: + - name: lib-modules + hostPath: + path: /lib/modules + type: Directory + - name: config-custom-topo-${pod_hash}-volume + configMap: + name: config-custom-topo-${pod_hash} + - name: mnsec-proxy-ca-volume + configMap: + defaultMode: 0600 + name: mnsec-proxy-ca-configmap +--- +apiVersion: v1 +kind: Service +metadata: + name: mininet-sec-${pod_hash} + labels: + app: mininet-sec-${pod_hash} +spec: + type: NodePort + ports: + - port: 8050 + targetPort: 8050 + name: http-mininet-sec + selector: + app: mininet-sec-${pod_hash} diff --git a/lab08-frr-ospf/topology-mnsec.yaml b/lab08-frr-ospf/topology-mnsec.yaml new file mode 100644 index 0000000..0fc7b23 --- /dev/null +++ b/lab08-frr-ospf/topology-mnsec.yaml @@ -0,0 +1,44 @@ + name: Lab OSPF Routing with FRR + settings: + hosts: + h1: + ip: 10.1.0.1/24 + defaultRoute: via 10.1.0.254 + h2: + ip: 10.2.0.1/24 + defaultRoute: via 10.2.0.254 + h3: + ip: 10.3.0.1/24 + defaultRoute: via 10.3.0.254 + router1: + ip: 10.1.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + router2: + ip: 10.2.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + router3: + ip: 10.3.0.254/24 + kind: k8spod + image: frrouting/frr:v7.5.1 + links: + - node1: h1 + node2: r1 + - node1: h2 + node2: r2 + - node1: h3 + node2: r3 + - node1: r1 + node2: r2 + ipv4_node1: 10.255.12.1/24 + ipv4_node2: 10.255.12.2/24 + - node1: r2 + node2: r3 + ipv4_node1: 10.255.23.2/24 + ipv4_node2: 10.255.23.3/24 + - node1: r1 + node2: r3 + ipv4_node1: 10.255.13.1/24 + ipv4_node2: 10.255.13.3/24 + ipv4_node1: 192.168.3.254/24 From 3b27e301298540eeede9834d024f9c2563b507ee Mon Sep 17 00:00:00 2001 From: Italo Valcy S Brito Date: Thu, 19 Jun 2025 09:35:16 -0300 Subject: [PATCH 2/2] Update topology-mnsec.yaml --- lab08-frr-ospf/topology-mnsec.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lab08-frr-ospf/topology-mnsec.yaml b/lab08-frr-ospf/topology-mnsec.yaml index 0fc7b23..8a79740 100644 --- a/lab08-frr-ospf/topology-mnsec.yaml +++ b/lab08-frr-ospf/topology-mnsec.yaml @@ -10,15 +10,15 @@ h3: ip: 10.3.0.1/24 defaultRoute: via 10.3.0.254 - router1: + r1: ip: 10.1.0.254/24 kind: k8spod image: frrouting/frr:v7.5.1 - router2: + r2: ip: 10.2.0.254/24 kind: k8spod image: frrouting/frr:v7.5.1 - router3: + r3: ip: 10.3.0.254/24 kind: k8spod image: frrouting/frr:v7.5.1