Docker Compose: no ziti edge list service-edge-router-policies configured

markamind · January 30, 2023, 11:19am

Not sure if this is expected, but when I setup a fresh Docker environment, there are no service edge router policies defined.

This is preventing the terminator from being hosted. I know I have some commands somewhere…

ziti edge list service-edge-router-policies

╭────┬──────┬───────────────┬───────────────────╮

│ ID │ NAME │ SERVICE ROLES │ EDGE ROUTER ROLES │

├────┼──────┼───────────────┼───────────────────┤

╰────┴──────┴───────────────┴───────────────────╯

TheLumberjack · January 30, 2023, 11:20am

The init container runs a small script that adds them.

markamind · January 30, 2023, 11:22am

Ahh.. I disabled that one.. I now know why it's needed

I have a micro compute and need to be mindful of the resources I use.. so I disabled it to keep it really lean.

PS.. I found this command which should fix my problem.

ziti edge create service-edge-router-policy all-routers --edge-router-roles "#all" --service-roles "#all"

markamind · January 30, 2023, 11:23am

Bingo

ziti edge list terminators
╭──────────────────────────────────────┬──────────────────┬──────────────────┬─────────┬──────────────────────────────────────┬──────────┬──────┬────────────┬──────────────╮
│ ID                                   │ SERVICE          │ ROUTER           │ BINDING │ ADDRESS                              │ IDENTITY │ COST │ PRECEDENCE │ DYNAMIC COST │
├──────────────────────────────────────┼──────────────────┼──────────────────┼─────────┼──────────────────────────────────────┼──────────┼──────┼────────────┼──────────────┤
│ d5c0df87-98f7-438e-b3de-8bede254263c │ private-postgres │ ziti-edge-router │ tunnel  │ d5c0df87-98f7-438e-b3de-8bede254263c │          │    0 │ default    │            0 │

markamind · January 30, 2023, 11:23am

Is there anything else this script does that I should be mindful of?

TheLumberjack · January 30, 2023, 11:28am

The 'init container' script? At this time, no. It's tiny. You can look at what it does here: https://github.com/openziti/ziti/blob/release-next/quickstart/docker/image/access-control.sh

#!/bin/bash

echo "*****************************************************"
#### Add service policies

# Allow all identities to use any edge router with the "public" attribute
ziti edge create edge-router-policy all-endpoints-public-routers --edge-router-roles "#public" --identity-roles "#all"

# Allow all edge-routers to access all services
ziti edge create service-edge-router-policy all-routers-all-services --edge-router-roles "#all" --service-roles "#all"

markamind · January 30, 2023, 11:41am

Thanks.. very helpful

Topic		Replies	Views
Error Creating Terminator Ziti Overlay	7	373	October 25, 2022
Want to know more about Ziti concepts General Questions	3	491	May 1, 2022
Question about terminator General Questions	30	437	August 30, 2023
Adding port to Intercept or Host adds another terminator General Questions	5	208	November 7, 2022
No Terminator error routing from any private ERS	1	425	May 3, 2022

Docker Compose: no ziti edge list service-edge-router-policies configured

Related Topics