I've a Controller and Edge router running in the cloud, and I want to expose some service that are hosted on my homelab k3s through Openziti without exposing my home network to the internet.
Went through the doc, correct me If I'm wrong, but I think I might need one of these:
a tunneler
router with "edge capability" disabled
What's the pros/cons of either one ? From my understanding the router would add an endpoint to the "fabric" while the tunneler would just serve as a reverse proxy for Openziti to intercept traffic.
I'd tweak this a little bit and say that you need either a tunneler, or a router with tunneling enabled (in reality, these are both 'tunnelers' just depends on the binary running). the edge capability is a bit different and not particularly relevant in this situation....
The big benefit of running a router WITH edge enabled on your local LAN is that you could run other OpenZiti clients (tunnelers) on your home LAN and they would be able to connect to the locally deployed edge router. Avoiding the latency of "out of the LAN and back in".
Other than that, there's some convenience maybe with the Desktop Edge's insofar as they have a UI.
In reality, you could choose to use either a router or a tunneler. Personally, I don't think there's a huge difference in them most of the time and either would solve this use case.
Oh I see !
So the edge part of my controller's config would be blank ?
I just need to configure the listener with a - binding: tunnel, right ? Same for link.listeners I should leave it blank and only configure dialers?
I'd love an example configuration file for this kind of router If you happen to have one
Well. I think you still need binding:tunnel and binding: edge. Paul was working on breaking the need for both but I don't know if he ever got through that yet
You'll see the only difference with a "private" router is that it's expected to be deployed in "private" address space and thus, the link listeners will be commented out (you still want the dialer tho)
It's pretty close to working, but there's still a little bit coupling between edge and tunnel, so for now edge is required when using tunnel. It's on the backlog to tidy that up soon.
