You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A new zrok controller config directive like ca_certs or tls_trust_bundle would be great. It could accept a PEM bundle as a string or file path or both.
While working my way back to this, I've mitigated the risk in my zrok instances with two approaches in this order:
two containers (sidecar pattern) or processes sharing a network interface and communicating exclusively via IPC over IP on the loopback interface (ziti mgmt API is not exposed nor published)
two containers in an isolated bridge network communicating exclusively at layer 2 (LAN) (ziti mgmt API is exposed but not published)
zrok should verify Ziti's server certificate before transmitting the Ziti login password
The text was updated successfully, but these errors were encountered: