Expose your service in Kubernetes to the Internet with open source FRP!
Custom Resources
Client— declarative FRP client instance connecting to an external FRP serverUpstream— a Kubernetes Service/port exposed through FRPVisitor— inbound tunnel that consumes another client's STCP/XTCPUpstream(for P2P scenarios)
Upstream protocols
TCPandUDP— straightforward port forwarding with optional health checks and bandwidth limitsSTCP— secret-key TCP, private to clients that share the key (withallowUsers)XTCP— encrypted peer-to-peer with NAT traversal, including theenableAssistedAddrstoggle for STUN-only or full address discoveryHTTP/HTTPS— virtual-host routing, custom headers, locations, basic auth, and per-route health checksTCPMUX— multiplexed TCP for sharing a single server port across upstreams
Secure access to the FRP Server
- Token authentication (sourced from Kubernetes
Secret) - OIDC authentication
- TLS to the FRP server, including mutual TLS verification
- STCP/XTCP secret keys and
allowUsers(sourced from KubernetesSecret)
Advanced traffic features
- FRP plugins on
Upstream(e.g. static_file, unix_domain_socket, http_proxy, socks5, https2http, etc.) - Transport tuning per
Upstream(protocol, pool count, multiplex, bandwidth limits) - Load balancing across upstreams via FRP groups
- Group-level health checks
Operational features
- Pod templates on
Clientto set resources, node selectors, tolerations, labels, annotations, affinity, security context, and more - Reliable, restart-free config reload — operator
execs into the pod and verifies/frp/config.tomlmatches the expected state before triggering the FRP admin API reload - Validation for duplicate
Upstreamserver ports and duplicateVisitorports, surfaced via descriptive errors - Helm chart with native CRDs and RBAC
- Secure metrics endpoint served directly by the manager on
:8443using Kubernetes TokenReview / SubjectAccessReview (nokube-rbac-proxysidecar)
To install the chart with the release name my-release:
helm repo add frp-operator https://zufardhiyaulhaq.com/frp-operator/charts/releases/
helm install my-frp-operator frp-operator/frp-operator --values values.yamlTo expose your private Kubernetes service into public network. You need public machine running FRP Server that act as a proxy. Currently the operator doesn't have capability to spine a new machine on cloud providers, but this can be setup in a minute.
- Create machine on cloud provider
- Download
frpsbinary - Create server configuration
vi frps.ini
[common]
bind_address = 0.0.0.0
bind_port = 7000
token = yourtoken
- Run FRP server
frps -c ./frps.ini
You can reuse our build-in ansible playbook to setup the FRP server on your machine, please check https://github.com/zufardhiyaulhaq/frp-operator/tree/main/ansible/server
- Apply some example
kubectl apply -f examples/deployment/
kubectl apply -f examples/client/- Check frpc object
kubectl get client
NAME AGE
client-01 17m
kubectl get upstream
NAME AGE
nginx 17m- access the URL
http://178.128.100.87:8080/| Key | Type | Default | Description |
|---|---|---|---|
| operator.image | string | "ghcr.io/zufardhiyaulhaq/frp-operator" |
|
| operator.replica | int | 1 |
|
| operator.tag | string | "v0.7.0" |
|
| resources.limits.cpu | string | "200m" |
|
| resources.limits.memory | string | "100Mi" |
|
| resources.requests.cpu | string | "100m" |
|
| resources.requests.memory | string | "20Mi" |
see example files here
Autogenerated from chart metadata using helm-docs v1.14.2