install frps

2023-12-27 21:33:16 +01:00 · 2023-12-27 21:33:16 +01:00 · e2790e48f0
parent 9bb9b623c8
commit e2790e48f0
8 changed files with 161 additions and 0 deletions
--- a/apps/frps/configmap.yaml
+++ b/apps/frps/configmap.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: frps-config
+data:
+  frps.toml: |
+    auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
+    bindPort = 7000
+    vhostHTTPPort = 8080
+    webServer.addr = "0.0.0.0"
+    webServer.port = 7500
+    webServer.user = "{{ .Envs.FRP_SERVER_USER }}"
+    webServer.password = "{{ .Envs.FRP_SERVER_PASS }}"
+    subDomainHost = "frp.tbrnt.ch"
--- a/apps/frps/deployment.yaml
+++ b/apps/frps/deployment.yaml
@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frps
+  labels:
+    app.kubernetes.io/name: frps
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: frps
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: frps
+    spec:
+      serviceAccountName: default
+      containers:
+        - name: frps
+          image: ghcr.io/fatedier/frps:v0.53.2
+          imagePullPolicy: IfNotPresent
+          args:
+            - -c
+            - /etc/frps/frps.toml
+          envFrom:
+            - secretRef: 
+              name: frps-env
+          ports:
+            - name: frps
+              containerPort: 7000
+              protocol: TCP
+            - name: webserver
+              containerPort: 7500
+              protocol: TCP
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - name: config
+              mountPath: /etc/frps
+      volumes:
+        - name: config
+          configMap:
+            name: frps-config
--- a/apps/frps/ingress.yaml
+++ b/apps/frps/ingress.yaml
@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+  name: frps
+spec:
+  rules:
+    - host: frps.tbrnt.ch
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: frps
+                port:
+                  number: 7000
+  tls:
+    - hosts:
+        - frps.tbrnt.ch
+      secretName: ingress-cert
--- a/apps/frps/kustomization.yaml
+++ b/apps/frps/kustomization.yaml
@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: frps
+resources:
+  - configmap.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+generators:
+  - secret-generator.yaml
--- a/apps/frps/secret-generator.yaml
+++ b/apps/frps/secret-generator.yaml
@ -0,0 +1,6 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret.sops.yaml
--- a/apps/frps/secret.sops.yaml
+++ b/apps/frps/secret.sops.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: frps-env
+stringData:
+    FRP_SERVER_USER: ENC[AES256_GCM,data:q5tQlBhRLnJF,iv:A1r5RcTGsfBpoJO1opT5I0/E1hnyHPTaPE3OyQ2oNZw=,tag:bDhqxc5LXZSR2pLaIqHjaA==,type:str]
+    FRP_SERVER_PASS: ENC[AES256_GCM,data:A4ElHqk4NZawSRcn/tKey5cbMK/Z9M9nI2rGah9xVnI=,iv:iG4LXEO0nuPVmbZu6jDcHK/7vJiGudmXy0BI1AlJYt4=,tag:VaYIjs/0oLdjiAu60I27BQ==,type:str]
+    FRP_SERVER_TOKEN: ENC[AES256_GCM,data:3IaGB1kqrylaZMJATukDy8OL1uF7Y5KqwgvxOyXQSds=,iv:22esdT6FDyBIy2GYZZuTOZvhGuaN6v6xonHy9834qkA=,tag:kifPflC8n1VZqcyDCrC1qQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRM2hyc2UyZnlnZ2xiU0s0
+            S09ORmNtOW1xMzdWTmxpSCtUdXFsOHp4cTNZCnJKSXZ2c1R5VWtybjBDSzN5MnJM
+            ZVZxRFh0QVlVN3pFS3BHblZKTncxT3MKLS0tIFo4UkJCRXZjV1E1MEUyeEFhd2dm
+            Mm9qUWt0V2lEZHZjUmdITEZMSWwxRzQKW7d530fUfuvyaO1M7D1cUTo4tImmKRab
+            GhMWQZHVbnT69RIi2lRnFQcQffBEc3w3FpW3XP2Dykuky6kafPPyUQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-27T20:32:58Z"
+    mac: ENC[AES256_GCM,data:n0rusMzOVv3m5Ia2y8Ww8pcrX9nufIgvGWLHZSe4T+YmFryhDCtJMreUR2/ODVZZkc0DhiFfXpCK18Bh65c42ZVz556cvONoXSDgMkDNUFb8KQro4G4HMsPzSysEU+N9SvC/cf6I20pl6MYbH+teA3HiB5F4eiQ9oIwPmFA7bUU=,iv:4+WV1zoW5Cex09DGjFSsbjBLKK8aTANstvprMFbBVIc=,tag:SCFNMCAMrhxnp74ZB3asbw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
--- a/apps/frps/service.yaml
+++ b/apps/frps/service.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frps
+  labels:
+    app.kubernetes.io/name: frps
+spec:
+  type: ClusterIP
+  ports:
+    - name: frps
+      port: 7000
+      targetPort: frps
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: frps
--- a/system/apps/user/frps.yaml
+++ b/system/apps/user/frps.yaml
@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: frps
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: apps
+  source:
+    path: apps/frps
+    repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+    targetRevision: HEAD
+  destination:
+    namespace: frps
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true