Context
source: Edge APIs | OpenZiti
Edge Management API
- edge management API provides the ability to create new identities, identities, policies, and other entities used to manage a network
Edge Client API
- edge client API is used by clients that wish to dial (connect) or bind (host) services
source 2: Install the Controller in Kubernetes | OpenZiti
Controller values.yaml
clientApi:
advertisedHost: ziti-controller-managed.example.com
ctrlPlane:
advertisedHost: ziti-controller-managed-ctrl.example.com
Router Config
ctrl:
# router control plane API (:6262)
endpoint: tls:zitictrl.mydomain.com:443
link:
listeners:
- binding: transport
bind: tls:0.0.0.0:10080
advertise: tls:link.mydomain.com:443
listeners:
- binding: edge
address: tls:0.0.0.0:3022
options:
advertise: edge.mydomain.com:443
K8s Ingress
$ kubectl -n ziti get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ziti-controller-client nginx ziticlient.mydomain.com 20.255.214.10 80 53d
ziti-controller-ctrl nginx zitictrl.mydomain.com 20.255.214.10 80 53d
ziti-router-edge nginx edge.mydomain.com 20.255.214.10 80 53d
ziti-router-transport nginx link.mydomain.com 20.255.214.10 80 53d
Questions
- would it be fair to say ziti cli uses edgemanagement endpoint to create resources. and edge routers/tunnels use the edge client endpoint to dial/bind services?
- routerconfig references ctrl, client, and transport/link urls. how does router know about edge client api needed for binding services?
- does it ever make sense for ctrl and client apis to share the same hostname? or would that not work