I'm currently setting up OpenZiti on Google Kubernetes Engine (GKE) and have successfully installed the Controller and Router. I've also configured ingress for both, allowing access through port 443. I can create identities and the tunneler is functioning perfectly when installed alone on any instance.
However, I'm encountering an issue when setting up a router with a tunneler on a GCP Compute instance using the following commands:
sudo ./ziti_router_auto_enroll --controller controller.test.ai --controllerMgmtPort 443 --controllerFabricPort 443 --autoTunnelListener --adminUser admin --adminPassword password --routerName pub-er-test-3
After executing the commands, I receive errors in the journalctl and systemctl logs. Here's the relevant output showing the process and the error:
> Service ziti-router.service stop successful.
> Removing previous binaries
> Writing jwt file: pub-er-test-4_enrollment.jwt
> Version not specified, going to check with controller
> Found version 0.34.1
> Downloading file: https://github.com/openziti/ziti/releases/download/v0.34.1/ziti-linux-amd64-0.34.1.tar.gz
> Downloading: 100%
> Successfully downloaded file
> Starting binary install
> Installing service unit file
> Service ziti-router daemon-reload successful.
> Creating config file
> Starting Router Enrollment
> Successfully enrolled Ziti
> Starting Debian DNS setup
> Service systemd-networkd restart successful.
> Service systemd-resolved restart successful.
> Service ziti-router.service start successful.
> Service ziti-router.service enable successful
The error message in the logs reads:
Apr 20 23:20:41 test-dns-openziti.asia-northeast1-a.c.aly-development.internal ziti-router[77989]: {"endpoint":"tls:controller.test.ai:443","error":"error connecting ctrl (remote error: tls: internal error)",">
Ports 443 and 54 are confirmed open via telnet:
> telnet controller.test.ai 443
> Trying 35.243.77.2...
> Connected to controller.test.ai.
> Escape character is '^]'.
Could someone help me resolve this issue?