Open dariuszSki opened 5 months ago
Is this the right goal?
Make single port operation the default while remaining compatible with separate DNS names and ports (needs to keep working with Ingress, NodePort, and LoadBalancer).
I think this is highly desirable as default behavior
Thank for affirming this is the correct goal. After some exploratory conversations about edge cases, here's the status and next steps.
We ruled out the risk of invalidating the existing PKI. Each respective cert will be presented based upon ALPN identifier, e.g., ctrl plane server if ALPN is ziti-ctrl, web server if ALPN is h2,http/1.1, etc.
To use single port to utilize ALPN protocol. Here is what I did to use the existing options to get it working
I get the following error, so I think the options can be optimized not to have to configure 3 different container ports.