Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/squat/kilo-wg-gen-web
Use Wg Gen Web to manage Kilo peers
https://github.com/squat/kilo-wg-gen-web
kilo kubernetes vpn wg-gen-web wireguard
Last synced: about 2 months ago
JSON representation
Use Wg Gen Web to manage Kilo peers
- Host: GitHub
- URL: https://github.com/squat/kilo-wg-gen-web
- Owner: squat
- License: apache-2.0
- Created: 2020-05-04T17:39:46.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-04-07T15:09:11.000Z (over 3 years ago)
- Last Synced: 2024-06-19T14:55:51.647Z (6 months ago)
- Topics: kilo, kubernetes, vpn, wg-gen-web, wireguard
- Language: Go
- Size: 4.23 MB
- Stars: 10
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# kilo-wg-gen-web
`kilo-wg-gen-web` enables using [Wg Gen Web](https://github.com/vx3r/wg-gen-web) as a UI to define and manage peers for [Kilo](https://github.com/squat/kilo).
[![Build Status](https://travis-ci.org/squat/kilo-wg-gen-web.svg?branch=master)](https://travis-ci.org/squat/kilo-wg-gen-web)
[![Go Report Card](https://goreportcard.com/badge/github.com/squat/kilo-wg-gen-web)](https://goreportcard.com/report/github.com/squat/kilo-wg-gen-web)## Getting Started
To run `kilo-wg-gen-web`, first [install Kilo](https://github.com/squat/kilo#installing-on-kubernetes).
Next, edit the [included manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web.yaml) and set the `NODE` variable to the name of one of the nodes in the Kilo mesh, i.e. the node that clients should use to connect to the mesh.
Finally, deploy the included manifest, which contains the configuration for both Wg Gen Web as well as kilo-wg-gen-web:```shell
kubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web.yaml
```## OIDC + RBAC
Anyone with access to the Wg Gen Web UI will have access to create, read, update, and delete Kilo Peers, which means they can grant access to the VPN to other users.
OIDC and RBAC can be used in order to restrict access to only users who are authenticated and authorized to perform certain actions on Peer resources.
To get started, first ensure that the Kubernetes API server is configured to validate OIDC tokens.
Afterwards, edit the [included OIDC + RBAC manifest](https://github.com/squat/kilo-wg-gen-web/blob/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml), which configures an [OAuth2 proxy](https://github.com/oauth2-proxy/oauth2-proxy) and an [RBAC proxy](https://github.com/brancz/kube-rbac-proxy) in front of the Wg Gen Web UI to set the `NODE` variable as well as add the necessary OIDC configuration and credentials to the `kilo-wg-gen-web` Secret.
Next, deploy Wg Gen Web with OIDC and RBAC:```shell
kubectl apply -f https://raw.githubusercontent.com/squat/kilo-wg-gen-web/master/manifests/kilo-wg-gen-web-oidc-rbac.yaml
```Finally, grant access to certain privileges in Wg Gen Web by creating Kubernetes ClusterRoles and ClusterRoleBindings.
For example, the following command could be used to grant access to view the Wg Gen Web UI to the user `[email protected]`:```shell
cat <