Comments (2)
plorenz
commented on June 19, 2024
1
I'm imagining this leads to a hypothetical where some routers do not require pre configuration with a YAML file (out of band config), favoring an in band configuration managed centrally via client or ctrl plane, kicked off by enrollment.
For example,
1. Router finds client API via token issuer claim and verifies signature with server cert pubkey 2. Router finds ctrl plane in enrollment response and saves in local endpoints file 3. Router saves identity files in its working directory with default filenames, optionally configured by standard ziti env vars implemented in the create config subcommands
The config here is service configurations, not router configuration. There is a desire for controller-provided router configuration, but that's not being addressed here.
from ziti.
qrkourier
commented on June 19, 2024
I'm imagining this leads to a hypothetical where some routers do not require pre configuration with a YAML file (out of band config), favoring an in band configuration managed centrally via client or ctrl plane, kicked off by enrollment.
For example,
- Router finds client API via token issuer claim and verifies signature with server cert pubkey
- Router finds ctrl plane in enrollment response and saves in local endpoints file
- Router saves identity files in its working directory with default filenames, optionally configured by standard ziti env vars implemented in the create config subcommands
from ziti.
Related Issues (20)
- Update Enrollment Processes For HA
- delete of non-existent entity causes panic when run on follower controller
- Implement subscriber model for identity/service events in router HOT 1
- support IPv4 address for controller and router package and container image HOT 3
- renew the controller's leaf certs at interval
- override controller and router run args
- add CITATION.cff HOT 2
- redress how controller db bootstrapping works
- support alt server certs in Linux and Docker deployments
- JWKS endpoints may not refresh on new KID
- hint how to deploy a private router
- uninstall router scriptlet fails to remove temp file
- linux router - require ctrl address HOT 1
- Identities for edge routers with tunneling enabled sometimes show hasEdgeRouterConnection=false even though everything is OK
- harden, scan, and attest container images
- Feature Request - config.d style configuration for ziti controller HOT 7
- let router deployments have separate edge and link ports
- Support mechanism for sticky dials
- add container or guidance for prod Docker controller w/ console HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ziti.