diff --git a/templates/openvpn-httpbasic/0/README.md b/templates/openvpn-httpbasic/0/README.md new file mode 100644 index 0000000..a817732 --- /dev/null +++ b/templates/openvpn-httpbasic/0/README.md @@ -0,0 +1,5 @@ +# OpenVPN + +OpenVPN stack made to give access to Rancher network with HTTP Basic authentication. + +OpenVPN version: 1.0-0 \ No newline at end of file diff --git a/templates/openvpn-httpbasic/0/docker-compose.yml b/templates/openvpn-httpbasic/0/docker-compose.yml new file mode 100644 index 0000000..1340a63 --- /dev/null +++ b/templates/openvpn-httpbasic/0/docker-compose.yml @@ -0,0 +1,33 @@ +openvpn-httpbasic-data: + labels: + io.rancher.container.start_once: 'true' + entrypoint: + - /bin/true + image: busybox + volumes: + - /etc/openvpn/ + +openvpn-httpbasic-server: + ports: + - 1194:1194/tcp + environment: + AUTH_METHOD: httpbasic + AUTH_HTTPBASIC_URL: ${AUTH_HTTPBASIC_URL} + CERT_COUNTRY: ${CERT_COUNTRY} + CERT_PROVINCE: ${CERT_PROVINCE} + CERT_CITY: ${CERT_CITY} + CERT_ORG: ${CERT_ORG} + CERT_EMAIL: ${CERT_EMAIL} + CERT_OU: ${CERT_OU} + REMOTE_IP: ${REMOTE_IP} + REMOTE_PORT: ${REMOTE_PORT} + VPNPOOL_NETWORK: ${VPNPOOL_NETWORK} + VPNPOOL_CIDR: ${VPNPOOL_CIDR} + OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF} + labels: + io.rancher.sidekicks: openvpn-httpbasic-data + io.rancher.container.pull_image: always + image: mdns/rancher-openvpn:1.0 + privileged: true + volumes_from: + - openvpn-httpbasic-data diff --git a/templates/openvpn-httpbasic/0/rancher-compose.yml b/templates/openvpn-httpbasic/0/rancher-compose.yml new file mode 100644 index 0000000..ece8c66 --- /dev/null +++ b/templates/openvpn-httpbasic/0/rancher-compose.yml @@ -0,0 +1,123 @@ +.catalog: + name: OpenVPN HTTP Basic + version: 1.0-0 + description: | + OpenVPN for Rancher with HTTP Basic authentication + minimum_rancher_version: v0.56.0 + maintainer: "Alexis Ducastel " + uuid: openvpn-httpbasic-0 + questions: + + - variable: "AUTH_HTTPBASIC_URL" + description: "HTTP server url used for authentication, ex: http[s]://hostname[:port]" + label: "HTTP Server URL:" + required: true + default: "http[s]://hostname[:port]" + type: "string" + + - variable: "REMOTE_IP" + description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint address:" + required: true + default: "IP-address-or-hostname" + type: "string" + + - variable: "REMOTE_PORT" + description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint port :" + required: true + default: "1194" + type: "string" + + - variable: "VPNPOOL_NETWORK" + description: "VPN subnet for OpenVPN to draw client addresses from" + label: "Network pool:" + required: true + default: "10.43.0.0" + type: "string" + + - variable: "VPNPOOL_CIDR" + description: "CIDR netmask for VPN subnet" + label: "CIDR netmask:" + required: true + default: "16" + type: "enum" + options: + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + - 25 + - 26 + - 27 + - 28 + - 29 + - 30 + + + - variable: "CERT_COUNTRY" + description: "Country code part of VPN CA (2 digits only)" + label: "Certificate Country code :" + required: true + default: "US" + type: "string" + + - variable: "CERT_PROVINCE" + description: "Province part of VPN CA" + label: "Certificate Province:" + required: true + default: "AL" + type: "string" + + + - variable: "CERT_CITY" + description: "City part of VPN CA " + label: "Certificate City:" + required: true + default: "Birmingham" + type: "string" + + - variable: "CERT_ORG" + description: "Organization part of VPN CA " + label: "Certificate Organization:" + required: true + default: "ACME" + type: "string" + + - variable: "CERT_OU" + description: "Organizational Unit part of VPN CA " + label: "Certificate OU:" + required: true + default: "IT" + type: "string" + + - variable: "CERT_EMAIL" + description: "Email part of VPN CA " + label: "Certificate Email:" + required: true + default: "foo@example.com" + type: "string" + + - variable: "OPENVPN_EXTRACONF" + description: "Optionnal custom OpenVPN config line, for example to push your own custom route" + label: "OpenVPN custom config:" + required: false + default: "" + type: "string" + +openvpn-httpbasic-data: + scale: 1 +openvpn-httpbasic-server: + scale: 1 + health_check: + port: 1194 + interval: 30000 + unhealthy_threshold: 5 + strategy: none + healthy_threshold: 2 + response_timeout: 2000 diff --git a/templates/openvpn-httpbasic/catalogIcon-openvpn-httpbasic.png b/templates/openvpn-httpbasic/catalogIcon-openvpn-httpbasic.png new file mode 100644 index 0000000..2707a93 Binary files /dev/null and b/templates/openvpn-httpbasic/catalogIcon-openvpn-httpbasic.png differ diff --git a/templates/openvpn-httpbasic/config.yml b/templates/openvpn-httpbasic/config.yml new file mode 100644 index 0000000..7380fe3 --- /dev/null +++ b/templates/openvpn-httpbasic/config.yml @@ -0,0 +1,6 @@ +name: OpenVPN HTTP Basic +description: | + OpenVPN for Rancher with HTTP Basic authentication +version: 1.0-0 +category: Networking +maintainer: Alexis Ducastel \ No newline at end of file diff --git a/templates/openvpn-httpdigest/0/README.md b/templates/openvpn-httpdigest/0/README.md new file mode 100644 index 0000000..6744d70 --- /dev/null +++ b/templates/openvpn-httpdigest/0/README.md @@ -0,0 +1,5 @@ +# OpenVPN + +OpenVPN stack made to give access to Rancher network with HTTP Digest authentication. + +OpenVPN version: 1.0-0 \ No newline at end of file diff --git a/templates/openvpn-httpdigest/0/docker-compose.yml b/templates/openvpn-httpdigest/0/docker-compose.yml new file mode 100644 index 0000000..ec38e8b --- /dev/null +++ b/templates/openvpn-httpdigest/0/docker-compose.yml @@ -0,0 +1,33 @@ +openvpn-httpdigest-data: + labels: + io.rancher.container.start_once: 'true' + entrypoint: + - /bin/true + image: busybox + volumes: + - /etc/openvpn/ + +openvpn-httpdigest-server: + ports: + - 1194:1194/tcp + environment: + AUTH_METHOD: httpdigest + AUTH_HTTPDIGEST_URL: ${AUTH_HTTPDIGEST_URL} + CERT_COUNTRY: ${CERT_COUNTRY} + CERT_PROVINCE: ${CERT_PROVINCE} + CERT_CITY: ${CERT_CITY} + CERT_ORG: ${CERT_ORG} + CERT_EMAIL: ${CERT_EMAIL} + CERT_OU: ${CERT_OU} + REMOTE_IP: ${REMOTE_IP} + REMOTE_PORT: ${REMOTE_PORT} + VPNPOOL_NETWORK: ${VPNPOOL_NETWORK} + VPNPOOL_CIDR: ${VPNPOOL_CIDR} + OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF} + labels: + io.rancher.sidekicks: openvpn-httpdigest-data + io.rancher.container.pull_image: always + image: mdns/rancher-openvpn:1.0 + privileged: true + volumes_from: + - openvpn-httpdigest-data diff --git a/templates/openvpn-httpdigest/0/rancher-compose.yml b/templates/openvpn-httpdigest/0/rancher-compose.yml new file mode 100644 index 0000000..42575da --- /dev/null +++ b/templates/openvpn-httpdigest/0/rancher-compose.yml @@ -0,0 +1,123 @@ +.catalog: + name: OpenVPN HTTP Digest + version: 1.0-0 + description: | + OpenVPN for Rancher with HTTP Digest authentication + minimum_rancher_version: v0.56.0 + maintainer: "Alexis Ducastel " + uuid: openvpn-httpdigest-0 + questions: + + - variable: "AUTH_HTTPDIGEST_URL" + description: "HTTP server url used for authentication, ex: http[s]://hostname[:port]" + label: "HTTP Server URL:" + required: true + default: "http[s]://hostname[:port]" + type: "string" + + - variable: "REMOTE_IP" + description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint address:" + required: true + default: "IP-address-or-hostname" + type: "string" + + - variable: "REMOTE_PORT" + description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint port :" + required: true + default: "1194" + type: "string" + + - variable: "VPNPOOL_NETWORK" + description: "VPN subnet for OpenVPN to draw client addresses from" + label: "Network pool:" + required: true + default: "10.43.0.0" + type: "string" + + - variable: "VPNPOOL_CIDR" + description: "CIDR netmask for VPN subnet" + label: "CIDR netmask:" + required: true + default: "16" + type: "enum" + options: + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + - 25 + - 26 + - 27 + - 28 + - 29 + - 30 + + + - variable: "CERT_COUNTRY" + description: "Country code part of VPN CA (2 digits only)" + label: "Certificate Country code :" + required: true + default: "US" + type: "string" + + - variable: "CERT_PROVINCE" + description: "Province part of VPN CA" + label: "Certificate Province:" + required: true + default: "AL" + type: "string" + + + - variable: "CERT_CITY" + description: "City part of VPN CA " + label: "Certificate City:" + required: true + default: "Birmingham" + type: "string" + + - variable: "CERT_ORG" + description: "Organization part of VPN CA " + label: "Certificate Organization:" + required: true + default: "ACME" + type: "string" + + - variable: "CERT_OU" + description: "Organizational Unit part of VPN CA " + label: "Certificate OU:" + required: true + default: "IT" + type: "string" + + - variable: "CERT_EMAIL" + description: "Email part of VPN CA " + label: "Certificate Email:" + required: true + default: "foo@example.com" + type: "string" + + - variable: "OPENVPN_EXTRACONF" + description: "Optionnal custom OpenVPN config line, for example to push your own custom route" + label: "OpenVPN custom config:" + required: false + default: "" + type: "string" + +openvpn-httpdigest-data: + scale: 1 +openvpn-httpdigest-server: + scale: 1 + health_check: + port: 1194 + interval: 30000 + unhealthy_threshold: 5 + strategy: none + healthy_threshold: 2 + response_timeout: 2000 diff --git a/templates/openvpn-httpdigest/catalogIcon-openvpn-httpdigest.png b/templates/openvpn-httpdigest/catalogIcon-openvpn-httpdigest.png new file mode 100644 index 0000000..2707a93 Binary files /dev/null and b/templates/openvpn-httpdigest/catalogIcon-openvpn-httpdigest.png differ diff --git a/templates/openvpn-httpdigest/config.yml b/templates/openvpn-httpdigest/config.yml new file mode 100644 index 0000000..b1f6053 --- /dev/null +++ b/templates/openvpn-httpdigest/config.yml @@ -0,0 +1,6 @@ +name: OpenVPN HTTP Digest +description: | + OpenVPN for Rancher with HTTP Digest authentication +version: 1.0-0 +category: Networking +maintainer: Alexis Ducastel \ No newline at end of file diff --git a/templates/openvpn-ldap/0/README.md b/templates/openvpn-ldap/0/README.md new file mode 100644 index 0000000..fb8ed27 --- /dev/null +++ b/templates/openvpn-ldap/0/README.md @@ -0,0 +1,5 @@ +# OpenVPN + +OpenVPN stack made to give access to Rancher network with LDAP authentication. + +OpenVPN version: 1.0-0 \ No newline at end of file diff --git a/templates/openvpn-ldap/0/docker-compose.yml b/templates/openvpn-ldap/0/docker-compose.yml new file mode 100644 index 0000000..1ec17f6 --- /dev/null +++ b/templates/openvpn-ldap/0/docker-compose.yml @@ -0,0 +1,37 @@ +openvpn-ldap-data: + labels: + io.rancher.container.start_once: 'true' + entrypoint: + - /bin/true + image: busybox + volumes: + - /etc/openvpn/ + +openvpn-ldap-server: + ports: + - 1194:1194/tcp + environment: + AUTH_METHOD: ldap + AUTH_LDAP_URL: ${AUTH_LDAP_URL} + AUTH_LDAP_BASEDN: ${AUTH_LDAP_BASEDN} + AUTH_LDAP_SEARCH: ${AUTH_LDAP_SEARCH} + AUTH_LDAP_BINDDN: ${AUTH_LDAP_BINDDN} + AUTH_LDAP_BINDPWD: ${AUTH_LDAP_BINDPWD} + CERT_COUNTRY: ${CERT_COUNTRY} + CERT_PROVINCE: ${CERT_PROVINCE} + CERT_CITY: ${CERT_CITY} + CERT_ORG: ${CERT_ORG} + CERT_EMAIL: ${CERT_EMAIL} + CERT_OU: ${CERT_OU} + REMOTE_IP: ${REMOTE_IP} + REMOTE_PORT: ${REMOTE_PORT} + VPNPOOL_NETWORK: ${VPNPOOL_NETWORK} + VPNPOOL_CIDR: ${VPNPOOL_CIDR} + OPENVPN_EXTRACONF: ${OPENVPN_EXTRACONF} + labels: + io.rancher.sidekicks: openvpn-ldap-data + io.rancher.container.pull_image: always + image: mdns/rancher-openvpn:1.0 + privileged: true + volumes_from: + - openvpn-ldap-data diff --git a/templates/openvpn-ldap/0/rancher-compose.yml b/templates/openvpn-ldap/0/rancher-compose.yml new file mode 100644 index 0000000..b78ba7e --- /dev/null +++ b/templates/openvpn-ldap/0/rancher-compose.yml @@ -0,0 +1,151 @@ +.catalog: + name: OpenVPN LDAP + version: 1.0-0 + description: | + OpenVPN for Rancher with LDAP authentication + minimum_rancher_version: v0.56.0 + maintainer: "Alexis Ducastel " + uuid: openvpn-ldap-0 + questions: + + - variable: "AUTH_LDAP_URL" + description: "LDAP server url, ex: ldap[s]://hostname[:port]" + label: "LDAP URL:" + required: true + default: "ldap[s]://hostname[:port]" + type: "string" + + - variable: "AUTH_LDAP_BASEDN" + description: "Base DN for searching user dn" + label: "LDAP Base DN:" + required: true + default: "dc=acme,dc=tld" + type: "string" + + - variable: "AUTH_LDAP_SEARCH" + description: "LDAP Search request, with a parameter $username, ex : (uid=$username) or more complex example : (|(uid=$username)(mail=$username))" + label: "LDAP Search:" + required: true + default: "(uid=$username)" + type: "string" + + - variable: "AUTH_LDAP_BINDDN" + description: "(Optionnal) Bind DN to perfrom search operation, leave blank if not required. Ex : cn=admin,dc=acme,dc=tld" + label: "LDAP Bind DN:" + required: false + default: "" + type: "string" + + - variable: "AUTH_LDAP_BINDPWD" + description: "(Optionnal) Bind password to perfrom search operation, leave blank if not required" + label: "LDAP Bind password:" + required: false + default: "" + type: "password" + + - variable: "REMOTE_IP" + description: "Ip address or hostname that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint address:" + required: true + default: "IP-address-or-hostname" + type: "string" + + - variable: "REMOTE_PORT" + description: "TCP port that will be set in client configuration, you can leave default values and replace them in client config later" + label: "OpenVPN server endpoint port :" + required: true + default: "1194" + type: "string" + + - variable: "VPNPOOL_NETWORK" + description: "VPN subnet for OpenVPN to draw client addresses from" + label: "Network pool:" + required: true + default: "10.43.0.0" + type: "string" + + - variable: "VPNPOOL_CIDR" + description: "CIDR netmask for VPN subnet" + label: "CIDR netmask:" + required: true + default: "16" + type: "enum" + options: + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + - 25 + - 26 + - 27 + - 28 + - 29 + - 30 + + + - variable: "CERT_COUNTRY" + description: "Country code part of VPN CA (2 digits only)" + label: "Certificate Country code :" + required: true + default: "US" + type: "string" + + - variable: "CERT_PROVINCE" + description: "Province part of VPN CA" + label: "Certificate Province:" + required: true + default: "AL" + type: "string" + + + - variable: "CERT_CITY" + description: "City part of VPN CA " + label: "Certificate City:" + required: true + default: "Birmingham" + type: "string" + + - variable: "CERT_ORG" + description: "Organization part of VPN CA " + label: "Certificate Organization:" + required: true + default: "ACME" + type: "string" + + - variable: "CERT_OU" + description: "Organizational Unit part of VPN CA " + label: "Certificate OU:" + required: true + default: "IT" + type: "string" + + - variable: "CERT_EMAIL" + description: "Email part of VPN CA " + label: "Certificate Email:" + required: true + default: "foo@example.com" + type: "string" + + - variable: "OPENVPN_EXTRACONF" + description: "Optionnal custom OpenVPN config line, for example to push your own custom route" + label: "OpenVPN custom config:" + required: false + default: "" + type: "string" + +openvpn-ldap-data: + scale: 1 +openvpn-ldap-server: + scale: 1 + health_check: + port: 1194 + interval: 30000 + unhealthy_threshold: 5 + strategy: none + healthy_threshold: 2 + response_timeout: 2000 diff --git a/templates/openvpn-ldap/catalogIcon-openvpn-ldap.png b/templates/openvpn-ldap/catalogIcon-openvpn-ldap.png new file mode 100644 index 0000000..2707a93 Binary files /dev/null and b/templates/openvpn-ldap/catalogIcon-openvpn-ldap.png differ diff --git a/templates/openvpn-ldap/config.yml b/templates/openvpn-ldap/config.yml new file mode 100644 index 0000000..0e16c54 --- /dev/null +++ b/templates/openvpn-ldap/config.yml @@ -0,0 +1,6 @@ +name: OpenVPN LDAP +description: | + OpenVPN for Rancher with LDAP authentication +version: 1.0-0 +category: Networking +maintainer: Alexis Ducastel \ No newline at end of file