Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/squat/kilo-wg-gen-web

Use Wg Gen Web to manage Kilo peers
https://github.com/squat/kilo-wg-gen-web

kilo kubernetes vpn wg-gen-web wireguard

Last synced: about 2 months ago
JSON representation

Use Wg Gen Web to manage Kilo peers

Awesome Lists containing this project

README

        

# kilo-wg-gen-web

`kilo-wg-gen-web` enables using [Wg Gen Web](https://github.com/vx3r/wg-gen-web) as a UI to define and manage peers for [Kilo](https://github.com/squat/kilo).

[![Build Status](https://travis-ci.org/squat/kilo-wg-gen-web.svg?branch=master)](https://travis-ci.org/squat/kilo-wg-gen-web)
[![Go Report Card](https://goreportcard.com/badge/github.com/squat/kilo-wg-gen-web)](https://goreportcard.com/report/github.com/squat/kilo-wg-gen-web)

## Getting Started

To run `kilo-wg-gen-web`, first [install Kilo](https://github.com/squat/kilo#installing-on-kubernetes).
Next, edit the [included manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web.yaml) and set the `NODE` variable to the name of one of the nodes in the Kilo mesh, i.e. the node that clients should use to connect to the mesh.
Finally, deploy the included manifest, which contains the configuration for both Wg Gen Web as well as kilo-wg-gen-web:

```shell
kubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web.yaml
```

## OIDC + RBAC

Anyone with access to the Wg Gen Web UI will have access to create, read, update, and delete Kilo Peers, which means they can grant access to the VPN to other users.
OIDC and RBAC can be used in order to restrict access to only users who are authenticated and authorized to perform certain actions on Peer resources.
To get started, first ensure that the Kubernetes API server is configured to validate OIDC tokens.
Afterwards, edit the [included OIDC + RBAC manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml), which configures an [OAuth2 proxy](https://github.com/oauth2-proxy/oauth2-proxy) and an [RBAC proxy](https://github.com/brancz/kube-rbac-proxy) in front of the Wg Gen Web UI to set the `NODE` variable as well as add the necessary OIDC configuration and credentials to the `kilo-wg-gen-web` Secret.
Next, deploy Wg Gen Web with OIDC and RBAC:

```shell
kubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml
```

Finally, grant access to certain privileges in Wg Gen Web by creating Kubernetes ClusterRoles and ClusterRoleBindings.
For example, the following command could be used to grant access to view the Wg Gen Web UI to the user `[email protected]`:

```shell
cat <