We can currently enable ziti-unaware service via ziti tunnels either on host or network level (outside of host?).
But theoretically, should'nt it be possible to use ziti for docker networks?
Docker Networks can be extended via plugins.
These networks could be configured via docker api/cli or docker compose.
This has the advantage of pushing the tunnel identities closer to the intended applications, without needing to zitify them.
Possible Problems could be the enrollment and the tunneling feature, but the latter should be possible for a network plugin, i think.
Use Docker Engine plugins | Docker Docs (there are three existing legacy plugins)
I did ask the question previously on the ziti github repo (Docker Network Ziti Plugin · openziti/ziti · Discussion #1433 · GitHub) and dovholuknf pointed out, that the tunnel feature could be tricky to implement.
I myself cannot test/play with this idea for now, due to time constraint.
Any thoughts, ideas for this?