add initial deployments terraform and helm

.gitignore

@@ -0,0 +1 @@
+.idea/0

Dockerfile

@@ -0,0 +1,15 @@
+# Use a lightweight base image
+FROM alpine:3.18.0
+
+# Install SSH and necessary tools
+RUN apk update && \
+    apk add --no-cache openssh-client
+
+# Copy the relay_tunnel.sh script to the container
+COPY internal/relay_tunnel.sh /usr/local/bin/relay_tunnel.sh
+
+# Set execute permissions on the script
+RUN chmod +x /usr/local/bin/relay_tunnel.sh
+
+# Set the script as the entrypoint
+ENTRYPOINT ["/usr/local/bin/relay_tunnel.sh"]

README.md

@@ -1 +1,103 @@
-# flytube
+# Flytube - Firefly Relay Backend
+
+This repository provides a solution for creating a reverse SSH tunnel between a local service and the Firefly Relay frontend. The reverse SSH tunnel allows the local service to securely expose a local port to the Firefly Relay frontend, enabling communication between them.
+
+## Background
+
+A reverse SSH tunnel establishes a secure connection from a remote server to a local server, allowing traffic to be forwarded from the local server to the remote server. In the context of Firefly Relay, this enables the local service to communicate with the Firefly Relay frontend by forwarding traffic through the established reverse SSH tunnel.
+
+## Installation
+
+### Helm
+
+1. Install Helm on your local machine.
+
+2. Clone this repository:
+
+```helm repo add firefly https://gofireflyio.github.io/flytube```
+
+3. Fill in the required values in `values.yaml` file:
+
+```yaml
+certificate:
+    data: GIVEN_BY_FIREFLY
+env:
+    user: "username"
+    remoteHost: "relay.gofirefly.io
+    remotePort: 22
+    sourcePort: 8080
+    targetHost: "target-host"
+    targetPort: 80
+    certificatePath: "secrets/ssh-certificate"
+    sleepDuration: 5
+
+image:
+  repository: flytube
+  tag: 1.0.0
+
+resources:
+  limits:
+    cpu: "1"
+    memory: "512Mi"
+  requests:
+    cpu: "500m"
+    memory: "256Mi"
+
+```
+
+4. Deploy the application using Helm:
+
+```helm install flytube firefly/flytube --values values.yaml --namespace=firefly --create-namespace```
+
+
+### Terraform
+
+1. Install Terraform on your local machine.
+
+2. Update the variables in `terraform.tfvars` file with the desired values.
+
+3. Add a module call to the flytube terraform module.
+```terraform
+provider "aws" {
+  region = var.aws_region
+}
+
+module "ec2_instance" {
+  source = "github.com/gofireflyio/flytube//flytube-terraform?ref=v0.1.0"
+
+  instance_ami         = "ami-12345678"
+  instance_type        = "t2.micro"
+  key_pair_name        = "my-keypair"
+  security_group_id    = "sg-12345678"
+  user                 = "myuser"
+  remote_host          = "relay.gofirefly.io"
+  remote_port          = 22
+  source_port          = 8080
+  target_host          = "target-host"
+  target_port          = 80
+  certificate_path     = "secrets/ssh-certificate"
+  certificate_pem      = "GIVEN_BY_FIREFLY"
+  sleep_duration       = var.sleep_duration
+  aws_region           = var.aws_region
+}
+```
+
+4. Initialize the Terraform working directory:
+
+```terraform init```
+
+6. View the Terraform execution plan:
+
+```terraform plan```
+
+7. Provision the EC2 instance:
+
+```terraform apply```
+
+## Configuration
+
+The configuration options for the application can be modified by updating the values in the `values.yaml` file for Docker Helm installation or the `terraform.tfvars` file for Terraform installation.
+
+## License
+
+This project is licensed under the [MIT License](LICENSE).

flytube-chart/flytube/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

flytube-chart/flytube/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: flytube
+description: A Helm chart for Kubernetes Relay backend for Firefly.
+  The deployment contains a single pod that creates SSH reverse tunnel between
+  a local service and Firefly Relay frontend.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"

flytube-chart/flytube/templates/deployment.yaml

@@ -0,0 +1,61 @@
+# deployment.yaml
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "flytube.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "flytube.name" . }}
+    helm.sh/chart: {{ include "flytube.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "flytube.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "flytube.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: user
+              value: "{{ .Values.env.user }}"
+            - name: remoteHost
+              value: "{{ .Values.env.remoteHost }}"
+            - name: sourcePort
+              value: "{{ .Values.env.sourcePort }}"
+            - name: targetHost
+              value: "{{ .Values.env.targetHost }}"
+            - name: targetPort
+              value: "{{ .Values.env.targetPort }}"
+            - name: certificatePath
+              value: "{{ .Values.env.certificatePath }}"
+            - name: remotePort
+              value: "{{ .Values.env.remotePort }}"
+            - name: sleepDuration
+              value: "{{ .Values.env.sleepDuration }}"
+          {{- if .Values.certificate.enabled }}
+          volumeMounts:
+            - name: certificateVolume
+              mountPath: {{ .Values.env.certificatePath }}
+              readOnly: true
+          {{- end }}
+          resources:
+            limits:
+              cpu: {{ .Values.resources.limits.cpu }}
+              memory: {{ .Values.resources.limits.memory }}
+            requests:
+              cpu: {{ .Values.resources.requests.cpu }}
+              memory: {{ .Values.resources.requests.memory }}
+      volumes:
+        - name: certificateVolume
+          secret:
+            secretName: {{ include "flytube.fullname" . }}CertificateSecret

flytube-chart/flytube/templates/secret.yaml

@@ -0,0 +1,8 @@
+# certificate-secret.yaml
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "flytube.fullname" . }}CertificateSecret
+stringData:
+  certificate.pem: {{ .Values.certificate.data | b64enc | quote }}

flytube-chart/flytube/values.yaml

@@ -0,0 +1,27 @@
+# values.yaml
+
+image:
+  repository: your-registry/flytube
+  tag: latest
+  pullPolicy: IfNotPresent
+
+env:
+  user: ""
+  remoteHost: ""
+  sourcePort: ""
+  targetHost: ""
+  targetPort: ""
+  certificatePath: ""
+  remotePort: "22"
+  sleepDuration: "5"
+
+certificate:
+  data: ""
+
+resources:
+  limits:
+    cpu: "500m"
+    memory: "512Mi"
+  requests:
+    cpu: "200m"
+    memory: "256Mi"

flytube-terraform/main.tf

@@ -0,0 +1,64 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+resource "aws_instance" "ec2_instance" {
+  ami           = var.instance_ami
+  instance_type = var.instance_type
+
+  key_name               = var.key_pair_name
+  vpc_security_group_ids = [var.security_group_id]
+
+  user_data = <<-EOF
+    #!/bin/bash
+
+    # Get the user, remote host, remote port, source port, target host, target port, and certificate path from instance metadata
+    USER="${var.user}"
+    REMOTE_HOST="${var.remote_host}"
+    REMOTE_PORT="${var.remote_port}"
+    SOURCE_PORT="${var.source_port}"
+    TARGET_HOST="${var.target_host}"
+    TARGET_PORT="${var.target_port}"
+    CERTIFICATE_PATH="${var.certificate_path}"
+    SLEEP_DURATION="${var.sleep_duration}"
+
+    # Install SSH
+    yum install -y openssh-server
+
+    # Write the certificate PEM to a file
+    echo "${var.certificate_pem}" > /home/ec2-user/certificate.pem
+
+    # Make the script executable
+    chmod +x /home/ec2-user/certificate.pem
+
+    # Function to check if the target host and port are accessible
+    check_target_accessibility() {
+        nc -z -w 2 "${TARGET_HOST}" "${TARGET_PORT}" >/dev/null 2>&1
+        return $?
+    }
+
+    # Check if the target host and port are accessible
+    if check_target_accessibility; then
+        echo "Target host and port are accessible."
+    else
+        echo "Error: Target host and/or port are not accessible."
+        exit 1
+    fi
+
+    # Start the script
+    while true; do
+      if ssh -i /home/ec2-user/certificate.pem -N -R ${SOURCE_PORT}:${TARGET_HOST}:${TARGET_PORT} -p ${REMOTE_PORT} ${USER}@${REMOTE_HOST}; then
+        echo "Reverse tunnel created successfully."
+      else
+        echo "Failed to create reverse tunnel. Retrying in ${SLEEP_DURATION} seconds..."
+        sleep ${SLEEP_DURATION}
+      fi
+    done
+    EOF
+
+  tags = merge(var.tags, {
+    Name = "Firefly-Relay-Backend"
+    AppVersion = var.app_version
+    ModuleVersion = var.module_version
+  })
+}

flytube-terraform/providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.0"
+    }
+  }
+}