{"id":17888293,"url":"https://github.com/squat/kilo-wg-gen-web","last_synced_at":"2025-03-22T19:33:58.827Z","repository":{"id":73956852,"uuid":"261253923","full_name":"squat/kilo-wg-gen-web","owner":"squat","description":"Use Wg Gen Web to manage Kilo peers","archived":false,"fork":false,"pushed_at":"2021-04-07T15:09:11.000Z","size":4438,"stargazers_count":10,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-19T14:55:51.647Z","etag":null,"topics":["kilo","kubernetes","vpn","wg-gen-web","wireguard"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/squat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-04T17:39:46.000Z","updated_at":"2024-02-02T17:10:57.000Z","dependencies_parsed_at":"2023-03-13T20:17:29.597Z","dependency_job_id":null,"html_url":"https://github.com/squat/kilo-wg-gen-web","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squat%2Fkilo-wg-gen-web","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squat%2Fkilo-wg-gen-web/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squat%2Fkilo-wg-gen-web/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squat%2Fkilo-wg-gen-web/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/squat","download_url":"https://codeload.github.com/squat/kilo-wg-gen-web/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221832797,"owners_count":16888318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kilo","kubernetes","vpn","wg-gen-web","wireguard"],"created_at":"2024-10-28T13:37:01.615Z","updated_at":"2024-10-28T13:37:02.409Z","avatar_url":"https://github.com/squat.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kilo-wg-gen-web\n\n`kilo-wg-gen-web` enables using [Wg Gen Web](https://github.com/vx3r/wg-gen-web) as a UI to define and manage peers for [Kilo](https://github.com/squat/kilo).\n\n[![Build Status](https://travis-ci.org/squat/kilo-wg-gen-web.svg?branch=master)](https://travis-ci.org/squat/kilo-wg-gen-web)\n[![Go Report Card](https://goreportcard.com/badge/github.com/squat/kilo-wg-gen-web)](https://goreportcard.com/report/github.com/squat/kilo-wg-gen-web)\n\n## Getting Started\n\nTo run `kilo-wg-gen-web`, first [install Kilo](https://github.com/squat/kilo#installing-on-kubernetes).\nNext, edit the [included manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web.yaml) and set the `NODE` variable to the name of one of the nodes in the Kilo mesh, i.e. the node that clients should use to connect to the mesh.\nFinally, deploy the included manifest, which contains the configuration for both Wg Gen Web as well as kilo-wg-gen-web:\n\n```shell\nkubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web.yaml\n```\n\n## OIDC + RBAC\n\nAnyone with access to the Wg Gen Web UI will have access to create, read, update, and delete Kilo Peers, which means they can grant access to the VPN to other users.\nOIDC and RBAC can be used in order to restrict access to only users who are authenticated and authorized to perform certain actions on Peer resources.\nTo get started, first ensure that the Kubernetes API server is configured to validate OIDC tokens.\nAfterwards, edit the [included OIDC + RBAC manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml), which configures an [OAuth2 proxy](https://github.com/oauth2-proxy/oauth2-proxy) and an [RBAC proxy](https://github.com/brancz/kube-rbac-proxy) in front of the Wg Gen Web UI to set the `NODE` variable as well as add the necessary OIDC configuration and credentials to the `kilo-wg-gen-web` Secret.\nNext, deploy Wg Gen Web with OIDC and RBAC:\n\n```shell\nkubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml\n```\n\nFinally, grant access to certain privileges in Wg Gen Web by creating Kubernetes ClusterRoles and ClusterRoleBindings.\nFor example, the following command could be used to grant access to view the Wg Gen Web UI to the user `example@example.com`:\n\n```shell\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: view-peers\nrules:\n- apiGroups:\n  - kilo.squat.ai\n  resources:\n  - peers\n  verbs:\n  - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: example-view\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: view-peers\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n  kind: User\n  name: example@example.com\nEOF\n```\n\nAccess to create Peers via the UI could be granted to the user `example@example.com` with the following command:\n\n```shell\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: edit-peers\nrules:\n- apiGroups:\n  - kilo.squat.ai\n  resources:\n  - peers\n  verbs:\n  - update\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: example-view\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: edit-peers\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n  kind: User\n  name: example@example.com\nEOF\n```\n\n## Usage\n\n[embedmd]:# (tmp/help.txt)\n```txt\nUse Kilo as a backend for Wg Gen Web\n\nUsage:\n  kilo-wg-gen-web [flags]\n  kilo-wg-gen-web [command]\n\nAvailable Commands:\n  help        Help about any command\n  setnode     Set the Wg Gen Web server config for the selected node.\n\nFlags:\n      --dir string          Path to the Wg Gen Web configuration directory.\n  -h, --help                help for kilo-wg-gen-web\n      --kubeconfig string   Path to kubeconfig. (default \"/home/squat/src/infrastructure/liao/kubeconfig\")\n      --listen string       The address at which to listen for health and metrics. (default \":1107\")\n      --log-level string    Log level to use. Possible values: all, debug, info, warn, error, none (default \"info\")\n\nUse \"kilo-wg-gen-web [command] --help\" for more information about a command.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquat%2Fkilo-wg-gen-web","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquat%2Fkilo-wg-gen-web","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquat%2Fkilo-wg-gen-web/lists"}