login with identity config instead of separate cert/key

[qrkourier]

The ziti edge enroll command is the easiest way to obtain an admin client cert. This produces a Ziti identity configuration JSON file, which can be used by the Go SDK to log in like this: https://github.com/openziti/ziti/blob/v1.2.0/ziti/cmd/edge/login.go#L114

[qrkourier]

I assume this will eliminate the step of running ziti ops unwrap to obtain the separate client cert and private key.

[qrkourier]

Does NF_IDENTITY_PATH already do this?

[qrkourier]

Now I see NF_ADMIN_IDENTITY_PATH is used two ways:

1. the agent's login
2. the demo's Postman login

The separate files are only necessary for the Postman demo, and I don't expect most users will use the demo. Most will proceed straight to deployment instructions.

Therefore, I think it's best to eliminate the dependency on jq by using the identity config JSON file created by ziti edge enroll directly in the Go SDK where we log in the agent to the mgmt API.

[dariuszSki]

Right now users need to deploy the webhook using the deployment option. How they pass the parameters needed to run the webhook is up to them. Eventually, the idea would be to go with operator. For right now here are the options:

commandline:

ziti-k8s-agent/ziti-agent/cmd/webhook/root.go

Line 45 in 293b095

webhookCmd.Flags().StringVar(&certFile, "tls-cert-file", "",

env vars:

ziti-k8s-agent/ziti-agent/cmd/webhook/config.go

Line 39 in 293b095

func lookupEnvVars() {

For example, we are not requiring users to get the ziti admin user certs a particular way, but only ask to provide them to the webhook two ways described above..