Open qrkourier opened 1 year ago
The first change is for the controller chart to create the router in Ziti, but the router chart can also be improved as part of this. It can accept a new value that is the name of the existing K8s secret where the token is saved. That way it's unnecessary to fetch the token and feed it to the router chart.
The point of this issue is to simplify the process of getting a Ziti network running in K8s by eliminating these orchestration steps:
yes, if the router will be deployed on the same cluster, then I would make sense to add an option to create a router if needed
I'm still planning to work on this soon.
This is still needed to support a more compact deployment scenario where a default router makes sense.
I'm clawing my way back to this and still think it's an obvious way to simplify k8s bootstrapping.
This avoids Terraforming/Ansible the mgmt API to create the router and is relevant to the "ziti-stack" chart idea (umbrella chart for controller+cert-manager+trust-manager+router w/ optional node proxy daemonset, sidecar injector, etc.)
It's highly likely that a controller deployment is immediately followed by a router deployment. We can simplify and facilitate this by automatically provisioning a router in the Ziti mgmt API and storing the token as a K8s secret.
The implementation will involve Helm hooks and simple shell scripts to be executed by the resulting Job resources that are scheduled during life cycle events.