Skip to content
This repository has been archived by the owner on Apr 30, 2021. It is now read-only.

borchero/meerkat-legacy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

.circleci

.circleci

 
 

api

api

 
 

build

build

 
 

deploy

deploy

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Meerkat

This repository is deprecated. Use borchero/meerkat instead.

Docker Image Version

Meerkat provides a cloud-native OpenVPN deployment that is tightly integrated with Vault to securely provision client certificates.

Compared to existing solutions, Meerkat has the following advantages:

  • Certificates (especially the CA root certificate) are managed securely and cannot be accessed easily.
  • Users can be managed via an HTTP API and certificates can be created/revoked dynamically. This also allows for easily adding a GUI in the future.
  • Meerkat can be deployed fully automatically on Kubernetes, i.e. no manual steps are required.

The HTTP API is currently very minimal and not suited for any serious production environments.

Deployment

Deploying Meerkat consists of multiple steps to ensure a high level of security. Furthermore, the following components must be installed on the cluster prior to this installation:

  • Postgres: Database used for user management. This component is required.
  • Vault: PKI for the OpenVPN server. This component is required (including the agent injector). Optionally, it may be used to provide database credentials. Though recommended, this is up to the user.
  • Traefik: Router which e.g. sets up basic authentication for the API. This component is optional and any resources depending on it are disabled by default.
  • Switchboard: Kubernetes controller to set DNS records on the Google Cloud Platform. This component is optional and any resources depending on it are disabled by default.

Preparing Vault

Meerkat extensively uses Vault and its configuration is therefore provided as Terraform module. To add the Meerkat configuration, run the manual setup steps explained here. Subsequently, you may add the following to your Terraform files configuring Vault:

module "meerkat" {
  source  = "borchero/meerkat/vault"
  version = "<version>"

  pki_common_name  = "vpn.example.com"
  pki_organization = "Example Corp"
}

Additional configuration options are documented here.

Deploying Meerkat

Using Helm, Meerkat itself can be deployed as follows. Make sure that you set the values according to your prior steps.

helm repo add borchero https://charts.borchero.com
helm install meerkat borchero/meerkat

The Helm chart is currently mostly undocumented and does not provide a lot of customization points but focuses on most common use cases at the moment.

Roadmap

Major building blocks that may be added in the future:

  • Additional documentation
  • A more robust API
  • GUI for user management

About

Secure Cloud-Native OpenVPN Deployment.

Topics

kubernetes openvpn vault

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 8

Enable Pod Annotations on CronJob Latest
Aug 10, 2020
+ 7 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages