Tested with google and Dex.
auth-server— implements authentication by OpenID Connect (OIDC) provider and outputs information for connecting to the OpenVPN server (username, one-time password and OpenVPN client configuration file).auth-client— checks the username and password received from OpenVPN client.
ISSUER_URL— URL where auth-server can find the OpenID Provider Configuration Document, which should be available in the /.well-known/openid-configuration.DOMAIN— auth-server domain.CLIENT_ID— unique identifier for your registered application.CLIENT_SECRET— is a secret known only to the application and the authentication server.ADDITIONAL_SCOPES— list of additional scopes.OPENVPN_SERVER_HOST— IP or domain for connect to OpenVPN server.OPENVPN_SERVER_PORT— port that listen OpenVPN server.
ISSUER_URL="https://accounts.google.com"
DOMAIN=openvpn-auth.example.com
CLIENT_ID="0-r.apps.googleusercontent.com"
CLIENT_SECRET="secret"
ADDITIONAL_SCOPES="email"
OPENVPN_SERVER_HOST=openvpn.example.com
OPENVPN_SERVER_PORT=1194git clone [email protected]:vitaliy-sn/openvpn-oidc.git
cd helm
vim values.yaml
helm install openvpn-oidc .- Google.
- Dex - you need to create a custom resource oauth2clients.dex.coreos.com in kubernetes cluster.