mirror of
https://github.com/openziti/zrok.git
synced 2024-11-28 19:14:07 +01:00
api.zrok.io on https balancer; ziti ctrl on ziti.zrok.io; environment fixes to support this (#39)
This commit is contained in:
parent
817c8a9745
commit
a603f64b2d
@ -15,8 +15,8 @@ import (
|
|||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
pfxlog.GlobalInit(logrus.InfoLevel, pfxlog.DefaultOptions().SetTrimPrefix("github.com/openziti-test-kitchen/"))
|
pfxlog.GlobalInit(logrus.InfoLevel, pfxlog.DefaultOptions().SetTrimPrefix("github.com/openziti-test-kitchen/"))
|
||||||
rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "enable verbose logging")
|
rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Enable verbose logging")
|
||||||
rootCmd.PersistentFlags().StringVarP(&endpoint, "endpoint", "e", "localhost:10888", "zrok endpoint address")
|
rootCmd.PersistentFlags().StringVarP(&apiEndpoint, "endpoint", "e", "api.zrok.io", "zrok API endpoint address")
|
||||||
rootCmd.AddCommand(httpCmd)
|
rootCmd.AddCommand(httpCmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,7 +30,7 @@ var rootCmd = &cobra.Command{
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
var verbose bool
|
var verbose bool
|
||||||
var endpoint string
|
var apiEndpoint string
|
||||||
|
|
||||||
var httpCmd = &cobra.Command{
|
var httpCmd = &cobra.Command{
|
||||||
Use: "http",
|
Use: "http",
|
||||||
@ -44,7 +44,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func newZrokClient() *rest_client_zrok.Zrok {
|
func newZrokClient() *rest_client_zrok.Zrok {
|
||||||
transport := httptransport.New(endpoint, "/api/v1", nil)
|
transport := httptransport.New(apiEndpoint, "/api/v1", []string{"https", "http"})
|
||||||
transport.Producers["application/zrok.v1+json"] = runtime.JSONProducer()
|
transport.Producers["application/zrok.v1+json"] = runtime.JSONProducer()
|
||||||
transport.Consumers["application/zrok.v1+json"] = runtime.JSONConsumer()
|
transport.Consumers["application/zrok.v1+json"] = runtime.JSONConsumer()
|
||||||
return rest_client_zrok.New(transport, strfmt.Default)
|
return rest_client_zrok.New(transport, strfmt.Default)
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
$ source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)"; expressInstall
|
$ source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)"; expressInstall
|
||||||
```
|
```
|
||||||
|
|
||||||
## configure proxy identity
|
## configure frontend identity
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ziti edge create identity device -o ~/.zrok/proxy.jwt proxy
|
$ ziti edge create identity device -o ~/.zrok/proxy.jwt proxy
|
||||||
@ -20,7 +20,9 @@ INFO generating 4096 bit RSA key
|
|||||||
INFO enrolled successfully. identity file written to: proxy.json
|
INFO enrolled successfully. identity file written to: proxy.json
|
||||||
```
|
```
|
||||||
|
|
||||||
Don't forget to add an edge router policy granting access to the `@proxy` router to `#all` routers.
|
```
|
||||||
|
$ ziti edge create erp --edge-router-roles "#all" --identity-roles @proxy
|
||||||
|
```
|
||||||
|
|
||||||
## start zrok resources
|
## start zrok resources
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
`pki_client_server`:
|
`pki_client_server`:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=ctrl-server --dns="api.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io controller server"
|
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=ctrl-server --dns="ziti.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io controller server"
|
||||||
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=ctrl-client --key-file=ctrl-server --client-name="zrok.io controller client"
|
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=ctrl-client --key-file=ctrl-server --client-name="zrok.io controller client"
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -46,7 +46,7 @@
|
|||||||
`pki_client_server`:
|
`pki_client_server`:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=router0-server --dns="api.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io router0 server"
|
$ ziti pki create server --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --server-file=router0-server --dns="ziti.zrok.io,localhost" --ip="0.0.0.0,10.0.0.41,127.0.01" --server-name="zrok.io router0 server"
|
||||||
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=router0-client --key-file=router0-server --client-name="zrok.io router0 client"
|
$ ziti pki create client --pki-root=/home/ubuntu/local/etc/zrok.io/pki --ca-name=intermediate --client-file=router0-client --key-file=router0-server --client-name="zrok.io router0 client"
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -55,14 +55,14 @@
|
|||||||
`createControllerConfig`:
|
`createControllerConfig`:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ cat local/etc/zrok.io/pki/intermediate/certs/ctrl-server.chain.pem > local/etc/zrok.io/cas.pem
|
$ cat local/etc/zrok.io/pki/intermediate/certs/ctrl-server.chain.pem > local/etc/zrok.io/pki/cas.pem
|
||||||
$ cat local/etc/zrok.io/pki/intermediate/certs/signing-intermediate.cert >> local/etc/zrok.io/pki/cas.pem
|
$ cat local/etc/zrok.io/pki/intermediate/certs/signing-intermediate.cert >> local/etc/zrok.io/pki/cas.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
* `ziti-controller edge init`:
|
* `ziti-controller edge init`:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ~/local/ziti/ziti-controller edge init local/etc/zrok.io/ctrl.yml
|
$ ~/local/ziti/ziti-controller edge init local/etc/zrok.io/ziti-ctrl.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
* start controller
|
* start controller
|
||||||
@ -74,8 +74,26 @@
|
|||||||
New edge router router0 created with id: ZAbNbXUL6A
|
New edge router router0 created with id: ZAbNbXUL6A
|
||||||
Enrollment expires at 2022-08-29T21:56:37.418Z
|
Enrollment expires at 2022-08-29T21:56:37.418Z
|
||||||
|
|
||||||
$ ziti-router -v enroll local/etc/zrok.io/router0.yml --jwt router0.jwt
|
$ ziti-router enroll local/etc/zrok.io/ziti-router0.yml --jwt router0.jwt
|
||||||
[ 0.456] DEBUG ziti/ziti/cmd/ziti/util.LogReleaseVersionCheck: this build of ziti-router is the latest release v0.26.5
|
[ 0.456] DEBUG ziti/ziti/cmd/ziti/util.LogReleaseVersionCheck: this build of ziti-router is the latest release v0.26.5
|
||||||
[ 0.467] DEBUG edge/router/enroll.(*RestEnroller).Enroll: JWT parsed
|
[ 0.467] DEBUG edge/router/enroll.(*RestEnroller).Enroll: JWT parsed
|
||||||
[ 3.561] INFO edge/router/enroll.(*RestEnroller).Enroll: registration complete
|
[ 3.561] INFO edge/router/enroll.(*RestEnroller).Enroll: registration complete
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* configure zrok frontend identity
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ziti edge create identity device -o ~/.zrok/proxy.jwt proxy
|
||||||
|
New identity proxy created with id: -zbBF8eVb-
|
||||||
|
Enrollment expires at 2022-08-10T18:46:16.641Z
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ziti edge enroll -j ~/.zrok/proxy.jwt -o ~/.zrok/proxy.json
|
||||||
|
INFO generating 4096 bit RSA key
|
||||||
|
INFO enrolled successfully. identity file written to: proxy.json
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ziti edge create erp --edge-router-roles "#all" --identity-roles @proxy
|
||||||
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user