{"id":16639494,"url":"https://github.com/borchero/meerkat","last_synced_at":"2025-09-06T13:32:48.919Z","repository":{"id":55423806,"uuid":"325564278","full_name":"borchero/meerkat","owner":"borchero","description":"Kubernetes Operator for a Cloud-Native OpenVPN Deployment.","archived":false,"fork":false,"pushed_at":"2020-12-31T13:19:58.000Z","size":53,"stargazers_count":39,"open_issues_count":1,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-03T22:22:41.837Z","etag":null,"topics":["kubernetes-operator","openvpn","security","vault"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/borchero.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-30T13:58:33.000Z","updated_at":"2024-02-29T00:23:02.000Z","dependencies_parsed_at":"2022-08-15T00:00:52.910Z","dependency_job_id":null,"html_url":"https://github.com/borchero/meerkat","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/borchero/meerkat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borchero%2Fmeerkat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borchero%2Fmeerkat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borchero%2Fmeerkat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borchero%2Fmeerkat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/borchero","download_url":"https://codeload.github.com/borchero/meerkat/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/borchero%2Fmeerkat/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273912607,"owners_count":25189969,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes-operator","openvpn","security","vault"],"created_at":"2024-10-12T07:06:14.815Z","updated_at":"2025-09-06T13:32:48.657Z","avatar_url":"https://github.com/borchero.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Meerkat\n\nMeerkat is a Kubernetes Operator that facilitates the deployment of OpenVPN in a Kubernetes\ncluster. By leveraging [Hashicorp Vault](https://www.vaultproject.io/), Meerkat securely manages\nthe underlying PKI.\n\n## Features\n\nMeerkat revolves around two CRDs, namely `OvpnServer` and `OvpnClient`. There may exist arbitrarily\nmany servers while clients are always associated with a single server. These two CRDs give rise to\nthe following features:\n\n- Generation of shared secrets for TLS Auth\n- Creation of a PKI for each server independently with secure private key\n- Dynamic OVPN server configuration\n- Rendering of `ovpn` client files for each client\n- Revocation of client certificates as an `OvpnClient` is deleted\n\n## Usage\n\nThis section gives a very brief overview of how Meerkat may be installed in your cluster.\n\n### Prerequisites\n\nIn order to use Meerkat, you must have access to a Vault instance. It requires the following:\n\n- Kubernetes Auth has to be enabled and a role for Meerkat has to be defined\n- A service account must be configured with a policy to manage PKIs at a specified path (and its\n  subpaths).\n\n### Operator Deployment\n\nThen, you can deploy the operator using Helm:\n\n```bash\nhelm repo add borchero https://charts.borchero.com\nhelm install meerkat borchero/meerkat \\\n    --set rbac.serviceAccountName=${SERVICE_ACCOUNT_NAME} \\\n    --set vault.auth.config.role=${KUBERNETES_ROLE} \\\n    --set vault.pkiPath=${PKI_PATH}\n```\n\nYou can also leave all of these fields blank and they choose sensible defaults. Consult the\n[values file](./deploy/values.yaml) for further details.\n\n### Custom Resources\n\nOnce the operator is running, you can install the custom resources, creating a server and your\nclients. Have a look at the [example manifests](./tests/manifests).\n\nOnce a client is created, there exists a secret with the client's name, containing the client's\nOVPN certificate. It can be retrieved by using `kubectl`:\n\n```bash\nkubectl get secret \u003cSECRET_NAME\u003e -o json | jq -r '.data.\"certificate.ovpn\"' | base64 -d\n```\n\n## License\n\nMeerkat is licensed under the [MIT License](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborchero%2Fmeerkat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fborchero%2Fmeerkat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fborchero%2Fmeerkat/lists"}