I just deployed a quickstart configuration with two more public routers and I'm amazed by openziti.
I slightly customized the controller: I changed the default port to 443 and I split the management and the client apis.
Now I'd like to migrate my configuration to HA, but I'm struggling to understand the exact steps of the entire procedure.
I added the raft stanza and I already configured the advertise Address.
My server certificate does not have a SPIFFE ID so I need to recreate it.
Is it sufficient to follow this post:
recreating only the server part and adding the --spiffe-id part?
If my controller is deployed as ziti.example.com, SPIFFE ID should be "controller/ziti" or 'example.com/controller/ziti'?
Is the remaining part of the quickstart pki OK?
Does the root CA already have the "trust-domain" part, or the --explict spiffe-id makes it superfluous?
After restarting my controller with the raft part and the update server certificate, I should have a running one node cluster. That's right?
How do I add the second node?
I presume the command 'ziti agent cluster add' does require an already deployed controller.
How should I deploy the new controller? Migrating the configuration, pki included, changing the controller name and creating appropriate server certificate?
Sorry for the long and quite confused post, but I'm trying to figure out the whole process.
Thanks
Fabio