diff --git a/docker/compose/zrok-instance/README.md b/docker/compose/zrok-instance/README.md index c4219998..46c31b5e 100644 --- a/docker/compose/zrok-instance/README.md +++ b/docker/compose/zrok-instance/README.md @@ -14,27 +14,21 @@ The quickstart makes these assumptions about your global DNS configuration. Create a working directory on your Docker host and save these Docker Compose project files. A OpenZiti network is provided by the "quickstart" container and is managed exclusively by zrok. -#### Shortcut option +#### Shortcut Option -1. Run this script to download the files. +1. Run this script to download the files in the current directory. ```bash curl https://get.openziti.io/zrok-docker/fetch.bash | bash ``` - Optionally, customize the install path instead of using the current directory. + Or, specify the Compose project directory. ```bash - curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/install + curl https://get.openziti.io/zrok-docker/fetch.bash | bash -s /path/to/compose/project/dir ``` -#### Do it Yourself - -1. Fetch the ziti quickstart Compose file. - - ```bash - wget https://get.openziti.io/dock/all-in-one/compose.yml - ``` +#### Manual Option 1. Get the zrok repo ZIP file. @@ -59,8 +53,6 @@ CADDY_DNS_PLUGIN=cloudflare CADDY_DNS_PLUGIN_TOKEN=abcd1234 CADDY_ACME_EMAIL=me@example.com -# this must == ziti.${ZROK_DNS_ZONE} -ZITI_CTRL_ADVERTISED_ADDRESS=ziti.share.example.com ZITI_PWD=zitiadminpw ZROK_ADMIN_TOKEN=zroktoken @@ -68,6 +60,7 @@ ZROK_USER_PWD=zrokuserpw ``` ```bash title=".env options" +# ziti ports ZITI_CTRL_ADVERTISED_PORT=1280 ZITI_ROUTER_PORT=3022 @@ -84,18 +77,12 @@ CADDY_ACME_API=https://acme-staging-v02.api.letsencrypt.org/directory ### Start the Docker Compose Project -1. Start the ziti network. This runs `ziti edge quickstart` ([link to readme](https://github.com/openziti/ziti/tree/main/quickstart/docker/all-in-one#readme)). - - ```bash - docker compose --profile ziti up --detach - ``` - 1. Start the zrok instance. The container images for zrok (including caddy) are built in this step. This provides a simple configuration to get started. You can modify the templates named like `*.envsubst` or mount a customized configuration file to mask the one that was built in. ```bash - docker compose --profile zrok up --build --detach + docker compose up --build --detach ``` ### Set up a User Account diff --git a/docker/compose/zrok-instance/compose.override.yml b/docker/compose/zrok-instance/compose.yml similarity index 63% rename from docker/compose/zrok-instance/compose.override.yml rename to docker/compose/zrok-instance/compose.yml index 8c43937c..bd69780b 100644 --- a/docker/compose/zrok-instance/compose.override.yml +++ b/docker/compose/zrok-instance/compose.yml @@ -2,6 +2,77 @@ # https://get.openziti.io/dock/all-in-one/compose.yml to compose.override.yml services: + ziti-quickstart: + image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_CLI_TAG:-latest} + restart: unless-stopped + networks: + zrok-instance: + # this allows other containers to use the same external DNS name to reach the quickstart container from within the + # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding + aliases: + - ziti.${ZROK_DNS_ZONE} + entrypoint: + - bash + - -euc + - | + ZITI_CMD+=" --ctrl-address ziti.${ZROK_DNS_ZONE}"\ + " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\ + " --router-address ziti.${ZROK_DNS_ZONE}"\ + " --router-port ${ZITI_ROUTER_PORT:-3022}"\ + " --password ${ZITI_PWD:-admin}" + echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" + exec ziti "$${@}" $${ZITI_CMD} + command: -- edge quickstart --home /home/ziggy/quickstart + user: ${ZIGGY_UID:-1000} + environment: + HOME: /home/ziggy + PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" + ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router} + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + ports: + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} + expose: + - ${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_ROUTER_PORT:-3022} + depends_on: + ziti-quickstart-init: + condition: service_completed_successfully + healthcheck: + test: + - CMD + - ziti + - agent + - stats + interval: 3s + timeout: 3s + retries: 5 + start_period: 30s + + # this service is used to initialize the ziti_home volume by setting the owner to the UID of the user running the + # quickstart container + ziti-quickstart-init: + image: busybox + command: chown -Rc ${ZIGGY_UID:-1000} /home/ziggy + user: root + environment: + HOME: /home/ziggy + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + + # add a health check for the quickstart network + ziti-quickstart-check: + image: busybox + command: echo "Ziti is cooking" + depends_on: + ziti-quickstart: + condition: service_healthy + zrok-permissions: image: busybox command: @@ -15,8 +86,6 @@ services: - zrok_frontend:/var/lib/zrok-frontend zrok-controller: - profiles: - - zrok depends_on: zrok-permissions: condition: service_completed_successfully @@ -36,7 +105,7 @@ services: volumes: - zrok_ctrl:/var/lib/zrok-controller networks: - quickstart: + zrok-instance: aliases: - zrok.${ZROK_DNS_ZONE} restart: unless-stopped @@ -50,8 +119,6 @@ services: CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL} # login email address (initial user account) zrok-frontend: - profiles: - - zrok depends_on: zrok-permissions: condition: service_completed_successfully @@ -74,7 +141,7 @@ services: volumes: - zrok_frontend:/var/lib/zrok-frontend networks: - quickstart: + zrok-instance: restart: unless-stopped expose: - ${ZROK_FRONTEND_PORT:-8080} # (not published) @@ -91,8 +158,6 @@ services: ZITI_PWD: ${ZITI_PWD} # ziti controller admin password caddy: - profiles: - - zrok build: context: . dockerfile: ./caddy.Dockerfile @@ -121,17 +186,16 @@ services: - caddy_data:/data - caddy_config:/config networks: - quickstart: - - quickstart: - profiles: - - ziti - quickstart-check: - profiles: - - ziti + zrok-instance: volumes: - caddy_data: - caddy_config: + ziti_home: # this will not be used if you switch from named volume to bind mount volume zrok_ctrl: zrok_frontend: + caddy_data: + caddy_config: + +# define a custom network so that we can also define DNS aliases +networks: + zrok-instance: + driver: bridge diff --git a/docker/compose/zrok-instance/fetch.bash b/docker/compose/zrok-instance/fetch.bash index 9ba80def..c0b76317 100755 --- a/docker/compose/zrok-instance/fetch.bash +++ b/docker/compose/zrok-instance/fetch.bash @@ -3,7 +3,7 @@ set -o errexit set -o nounset set -o pipefail -set -o xtrace +# set -o xtrace requireBashVersion() { if (( "${BASH_VERSION%%.*}" < 4 )); then @@ -77,7 +77,6 @@ main() { echo "WARN: installing anyway in a few seconds...press Ctrl-C to abort" >&2 sleep 9 } - fetchFile "${ZITI_QUICK_COMPOSE:-"https://get.openziti.io/dock/all-in-one/compose.yml"}" "compose.yml" fetchFile "${ZROK_REPO_ZIP:-"https://github.com/openziti/zrok/archive/refs/heads/main.zip"}" "zrok.zip" unzip -j -d . zrok.zip '*/docker/compose/zrok-instance/*' rm zrok.zip .gitignore fetch.bash