Hi, i want to create lab for ZTNA using openziti, where the environment are in windows 11, using docker desktop and kubernetes, but i seems like can’t do the installation for openziti, it always error when i want to create the openziti, i use the docker compose from netfoundry, but it can’t enroll the new edge router or services and policy, is there any topics or link that i can refer to? Or someone here can help me to set it up?
Can you give us some more details about your environment?
Are you running your openziti network on Docker or Kubernetes?
If you use Docker:
Are you running the quickstart compose (Local - Docker Compose | NetFoundry Documentation) or the deployment ones (Local - Docker Compose | NetFoundry Documentation)?
Are the containers up and running or do they fail to start? On docker you can check this by running docker ps. On Kubernetes run kubectl get pods --all-namespaces.
What do you mean by “create the openziti”? Can you share the error you get when doing this?
Now i try to set up from this tutorial Kubernetes Quickstart | NetFoundry Documentation, and it stuck on init
Hello there, I see you're working through the steps for Windows in the local Kubernetes quickstart for OpenZiti (Kubernetes Quickstart | NetFoundry Documentation).
Did you perform the Windows steps in the "Configure DNS" section (Kubernetes Quickstart | NetFoundry Documentation)?
In Kubernetes, a pod may have zero or more "init" containers. The main application will not start until the init containers have completed successfully. Therefore, you must troubleshoot why the init container has not completed. If you need help with that, please provide the relevant log messages from the init container that failed to complete.
Thanks for clarifying that you completed the Kubernetes quickstart (using Minikube), and now your goal is to create your first Ziti service using your Ziti network running on the local Windows machine.
You mentioned that you're unable to run the ziti command on the Windows machine where you completed the Kubernetes quickstart. For that, you must install the ziti.exe command. The link will show you how to download the latest version for your Windows computer (Downloads | NetFoundry Documentation).
Alternatively, you may run the ziti command inside your Kubernetes cluster with the provided miniziti.bash script from the Kubernetes quickstart. Note that there's an extra step to extract any files you create with this method, such as an enrollment token, since the ziti command can only write to the filesystem of the pod inside the cluster.
Examples of running the ziti CLI with miniziti.bash:
$ ./miniziti.bash ziti edge policy-advisor services --quiet httpbin-service
OKAY : miniziti-client (1) -> httpbin-service (1) Common Routers: (1/1) Dial: Y Bind: N
OKAY : httpbin-host (1) -> httpbin-service (1) Common Routers: (1/1) Dial: N Bind: Y
$ ./miniziti.bash ziti edge create identity "idtest"
New identity idtest created with id: 2Nd2j0Sy6
$ ./miniziti.bash ziti edge list identities 'name="idtest"' -j | jq -r '.data[0].enrollment.ott.jwt' | tee /tmp/idtest.jwt
eyJhbGciOiJSUzI1NiIsImtpZCI6IjhhN2JjMTI0NTg0YzlhOGQ2MzFhOGQxYWExNjE5ODg2OGNlNWZiZTIiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL21pbml6aXRpLWNvbnRyb2xsZXIuMTkyLjE2OC40OS4yLnNzbGlwLmlvOjQ0MyIsInN1YiI6InAwTFRqMFNjNkIiLCJhdWQiOlsiIl0sImV4cCI6MTc2NDY5MjM3MiwianRpIjoiZjg2MjQ2NjMtMTI2Yy00NWZkLWI1YzktNzM2MWFjOWY2NmE3IiwiZW0iOiJvdHQiLCJjdHJscyI6WyJ0bHM6bWluaXppdGktY29udHJvbGxlci4xOTIuMTY4LjQ5LjIuc3NsaXAuaW86NDQzIl19.N6HJdSxaKJ1H5ZE8mBqB9UCNBaWKDwJgRvEnbF7tyyckzCeDQ6zy58C6WYgXS8Ijm7RWoqYcg6b1qwRIlUIyaUgrUxsAFRLz2Zh0ke_kRaW97iUw_SkGabI18W6QZknDp2CbkckomFDDaZhMq3bhv2uq-MxGw7PCiCE7FK1yYrJbNZ-n7LM63_aevFHvGsMvXNsYNNzULDC0kQQY8oEtbMwPGIhwImUIeJ4hp2kbwX4OwLbGB2Awb0emGq3lVXoAr4fvSeaeGMc8gyDsnbW6tqkGKnDjAnNdQfzMps3SEhsJnm4cNoJbz_GOLls_M_Nvpcsjymwv_YrPsGYNNNbXs6fjeNhsEFlhSYcm5BPzelrKYkcDf8O5ZIIOar4qPjEdx4Oz_1k8t5F-AFPF8C9tyyra0vnILvxFpj4ewj7vPuJi4q9LSN1gWDsNVwhcKFfPk0MWvwidMK2SBJwKfp9vu6G_TnoMewb4cLlIv_KfZcwSxfvGSMXIyYprwdOrc-u5bLoITpwF8-sBzRMRt2MYkMQ3_zgAQFAwADdZAKGN-bSt6BNinRQIIYS32N3AWbBXJRRqNPgnlNDRXOimFB05LMu9BD655udVkzKelB0xuLMZipkduHjMxX7wrK5oe7aHQGK3D8cN6AfVE1wfkqPRgXMANlp61AIFjCjt3JNjR1c
Additionally, you mentioned that the test service's Ziti intercept address, "httpbin.miniziti.private", is not resolving in DNS on your Windows computer. For this to work, you'll need to do two things:
- Install a Ziti tunneler for your OS, the Desktop Edge app in this case (Downloads | NetFoundry Documentation).
- Add the identity to Ziti Desktop Edge that was created by the Kubernetes quickstart (
miniziti-client.jwt).