Private Kubernetes OpenVPN Helm chart

TL;DR: This Chart is intended for deploying a private VPN server without access to other Pods in the cluster. Think of it as roll-your-own Nord/Express VPN in your Kubernetes cluster.

Usage

$ helm repo add k8s-ovpn https://raw.githubusercontent.com/suda/k8s-ovpn-chart/master
$ helm repo update
$ helm install k8s-ovpn/k8s-ovpn-chart

Generate necessary secrets

$ git clone https://github.com/suda/k8s-ovpn-chart.git
$ cd k8s-ovpn-chart
$ export VPN_HOSTNAME=vpn.example.com
# Generate basic OpenVPN config
$ ./bin/generate-config
# Repeat this step for all the clients you need
$ CLIENT_NAME=my-client ./bin/add-client
# Set the Kubernetes secrets. Prepend with REPLACE=true to update existing ones
$ ./bin/set-secrets

After generating the secrets above, you'll have all the config, certificates and the keys on your machine, in the ovpn0 directory. You need it to add more clients later but also isn't very secure to keep those keys just laying around on your machine.

Allowing traffic inside of the cluster

If you want to make debugging the cluster easier and use VPN to access the pods, you might prefer using stable/openvpn chart. But if you really want to, you can enable it by setting limitTraficToNamespace value to false.

Configuration

The following table lists the configurable parameters of the k8s-ovpn chart and their default values.

Acknowledgements

This chart is based on chepurko/k8s-ovpn which is using the great kylemanna/docker-openvpn Docker image.