hackinsdn · italovalcy · Jun 19, 2025 · Jun 19, 2025
diff --git a/lab08-frr-ospf/README.md b/lab08-frr-ospf/README.md
@@ -0,0 +1,42 @@
+# Laboratório de Roteamento OSPF com FRR
+
+Este laboratório descreve um cenário de roteamento com OSPF através do FRR.
+
+## 1. Make sure this lab is working
+
+To make sure this lab is working, you should open the helloworld service as ilustrated below:
+
+![open-service](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-open-service.png)
+
+You should see something like this:
+
+![service](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-service.png)
+
+> [!IMPORTANT]  
+> The hello world service shows a message indicating the status of the system. Which option below best describe the status indicated by the hello world service?
+>
+> <input type="radio" name="answer_helloworld_q1" id="id1" value="system-degradated" /> <label for="id1">System is working in a degradated status.</label><br>
+> <input type="radio" name="answer_helloworld_q1" id="id2" value="system-not-working" /> <label for="id2">System is not working.</label><br>
+> <input type="radio" name="answer_helloworld_q1" id="id3" value="system-working" /> <label for="id3">System is working correctly.</label><br>
+> <input type="radio" name="answer_helloworld_q1" id="id4" value="system-unknow" /> <label for="id4">It is not possible to know the system status.</label><br>
+
+## 2. Accessing the lab console
+
+Sometimes you will need to run commands on some components of the Lab. Follow the indication below to run commands on the Lab container:
+
+![open-terminal](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-open-term.png)
+
+You should see something like this:
+
+![terminal](https://raw.githubusercontent.com/hackinsdn/labs/refs/heads/main/lab00-helloworld/images/helloworld-terminal.png)
+
+> [!IMPORTANT]  
+> When you clicked on the link indicated above, which component was loaded from the Lab:
+>
+> <select name="answer_helloworld_q2">
+>  <option value="">--</option>
+>  <option>The Kubernetes cluster</option>
+>  <option>The terminal of the container</option>
+>  <option>Nothing was opened</option>
+>  <option>All options are correct</option>
+> </select>
diff --git a/lab08-frr-ospf/manifest.yaml b/lab08-frr-ospf/manifest.yaml
@@ -0,0 +1,136 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-custom-topo-${pod_hash}
+data:
+  customTopology.yaml: |-
+    name: Lab OSPF Routing with FRR
+    settings:
+    hosts:
+      h1:
+        ip: 10.1.0.1/24
+        defaultRoute: via 10.1.0.254
+      h2:
+        ip: 10.2.0.1/24
+        defaultRoute: via 10.2.0.254
+      h3:
+        ip: 10.3.0.1/24
+        defaultRoute: via 10.3.0.254
+      router1:
+        ip: 10.1.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+      router2:
+        ip: 10.2.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+      router3:
+        ip: 10.3.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+    links:
+      - node1: h1
+        node2: r1
+      - node1: h2
+        node2: r2
+      - node1: h3
+        node2: r3
+      - node1: r1
+        node2: r2
+        ipv4_node1: 10.255.12.1/24
+        ipv4_node2: 10.255.12.2/24
+      - node1: r2
+        node2: r3
+        ipv4_node1: 10.255.23.2/24
+        ipv4_node2: 10.255.23.3/24
+      - node1: r1
+        node2: r3
+        ipv4_node1: 10.255.13.1/24
+        ipv4_node2: 10.255.13.3/24
+        ipv4_node1: 192.168.3.254/24
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mininet-sec-${pod_hash}
+  labels:
+    app: mininet-sec-${pod_hash}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mininet-sec-${pod_hash}
+  template:
+    metadata:
+      name: mininet-sec-${pod_hash}
+      labels:
+        app: mininet-sec-${pod_hash}
+      annotations:
+        container.apparmor.security.beta.kubernetes.io/mininet-sec: unconfined
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/hostname
+                operator: In
+                values: ${allowed_nodes}
+      containers:
+      - name: mininet-sec
+        image: hackinsdn/mininet-sec:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8050
+        - containerPort: 8443
+        args: ["mnsec", "--topofile", "/customTopology.yaml"]
+        env:
+        - name: K8S_POD_HASH
+          value: ${pod_hash}
+        - name: K8S_NODE_AFFINITY
+          value: ${allowed_nodes_str}
+        - name: K8S_PROXY_CERT_FILE
+          value: /usr/local/etc/mnsec-proxy-ca.crt
+        - name: K8S_PROXY_HOST
+          value: mnsec-proxy-service.hackinsdn.svc.cnacv5
+        securityContext:
+          capabilities:
+            add: ["NET_ADMIN", "SYS_MODULE", "SYS_ADMIN"]
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
+        - name: config-custom-topo-${pod_hash}-volume
+          readOnly: true
+          mountPath: "/customTopology.yaml"
+          subPath: "customTopology.yaml"
+        - name: mnsec-proxy-ca-volume
+          mountPath: /usr/local/etc/mnsec-proxy-ca.crt
+          readOnly: true
+          subPath: ca.crt
+      volumes:
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
+          type: Directory
+      - name: config-custom-topo-${pod_hash}-volume
+        configMap:
+          name: config-custom-topo-${pod_hash}
+      - name: mnsec-proxy-ca-volume
+        configMap:
+          defaultMode: 0600
+          name: mnsec-proxy-ca-configmap
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mininet-sec-${pod_hash}
+  labels:
+    app: mininet-sec-${pod_hash}
+spec:
+  type: NodePort
+  ports:
+  - port: 8050
+    targetPort: 8050
+    name: http-mininet-sec
+  selector:
+    app: mininet-sec-${pod_hash}
diff --git a/lab08-frr-ospf/topology-mnsec.yaml b/lab08-frr-ospf/topology-mnsec.yaml
@@ -0,0 +1,44 @@
+    name: Lab OSPF Routing with FRR
+    settings:
+    hosts:
+      h1:
+        ip: 10.1.0.1/24
+        defaultRoute: via 10.1.0.254
+      h2:
+        ip: 10.2.0.1/24
+        defaultRoute: via 10.2.0.254
+      h3:
+        ip: 10.3.0.1/24
+        defaultRoute: via 10.3.0.254
+      r1:
+        ip: 10.1.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+      r2:
+        ip: 10.2.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+      r3:
+        ip: 10.3.0.254/24
+        kind: k8spod
+        image: frrouting/frr:v7.5.1
+    links:
+      - node1: h1
+        node2: r1
+      - node1: h2
+        node2: r2
+      - node1: h3
+        node2: r3
+      - node1: r1
+        node2: r2
+        ipv4_node1: 10.255.12.1/24
+        ipv4_node2: 10.255.12.2/24
+      - node1: r2
+        node2: r3
+        ipv4_node1: 10.255.23.2/24
+        ipv4_node2: 10.255.23.3/24
+      - node1: r1
+        node2: r3
+        ipv4_node1: 10.255.13.1/24
+        ipv4_node2: 10.255.13.3/24
+        ipv4_node1: 192.168.3.254/24