Good Afternoon @TheLumberjack,
Thank you for taking the time to help me!
I have the following errors with a default install of a Ziti Controller && Router in k8s.
After following steps listed here -> No_edge_routers_available - Support - openziti
ziti edge create edge-router-policy all-ids-public-ers --identity-roles '#all' --edge-router-roles '#public'
ziti edge update edge-router <router name> -a 'public'
ziti edge create service-edge-router-policy <router policy name> --service-roles '#all' --edge-router-roles '#all'
I get the following result.
Also so far, there are no issues with K8s API access, so I am unsure why adding the policies last time took down the network on that cluster.
In anycase, moving onto this command
ziti ops verify ext-jwt-signer oidc --controller-url <ziti controller> <ext-jwt-signer name> --ca <ca-file.crt>
I get a timeout
I am not sure why, when testing from the desktop client I was getting through the auth flow properly from Keycloak's perspective, with browser popups to the localhost callback page showing success.
I got a shell in the controller and can confirm the pod can reach the Keycloak server.
Could you also explain why i need to specify the CA file for every command? I checked my client json and can confirm the ca is there, however if I dont specify it, the ziti cli gives me a x509 validation error.