Merge branch 'v0.4.0' into v0.4_backend_mode_tunnel

.github/workflows/ci-build.yml

@@ -91,12 +91,12 @@ jobs:
 
       - name: Set Up Container Image Tags for zrok CLI Container
         env:
-          RELEASE_REPO: openziti/zrok
-          ZROK_VERSION: ${{ steps.slug.outputs.branch_tag }}
+          ZROK_CONTAINER_IMAGE_REPO: ${{ vars.ZROK_CONTAINER_IMAGE_REPO || 'openziti/zrok' }}
+          ZROK_CONTAINER_IMAGE_TAG: ${{ steps.slug.outputs.branch_tag }}
         id: tagprep_cli
         run: |
           DOCKER_TAGS=""
-          DOCKER_TAGS="${RELEASE_REPO}:${ZROK_VERSION}"
+          DOCKER_TAGS="${ZROK_CONTAINER_IMAGE_REPO}:${ZROK_CONTAINER_IMAGE_TAG}"
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 

README.md

@@ -36,7 +36,7 @@ See the [Concepts and Getting Started Guide](docs/getting-started.md) for a full
 
 The single `zrok` binary contains everything you need to operate `zrok` environments and also host your own service instances. Just add an OpenZiti network and you're up and running.
 
-See the [Self-Hosting Guide](docs/guides/v0.3_self_hosting_guide.md) for details on getting your own `zrok` service instance running. This builds on top of the [OpenZiti Quick Start](https://docs.openziti.io/docs/learn/quickstarts/network/) to have a running `zrok` service instance in minutes.
+See the [Self-Hosting Guide](docs/guides/self_hosting_guide.md) for details on getting your own `zrok` service instance running. This builds on top of the [OpenZiti Quick Start](https://docs.openziti.io/docs/learn/quickstarts/network/) to have a running `zrok` service instance in minutes.
 
 ## Building
 

cmd/zrok/adminBootstrap.go

@@ -27,7 +27,7 @@ func newAdminBootstrap() *adminBootstrap {
 	command := &adminBootstrap{cmd: cmd}
 	cmd.Run = command.run
 	cmd.Flags().BoolVar(&command.skipCtrl, "skip-ctrl", false, "Skip controller (ctrl) identity bootstrapping")
-	cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Slip frontend identity bootstrapping")
+	cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Skip frontend identity bootstrapping")
 	return command
 }
 

docker/images/zrok/Dockerfile

@@ -1,5 +1,5 @@
 # this builds docker.io/openziti/zrok
-FROM registry.access.redhat.com/ubi8/ubi-minimal
+FROM docker.io/openziti/ziti-cli:0.27.9
 # This build stage grabs artifacts that are copied into the final image.
 # It uses the same base as the final image to maximize docker cache hits.
 
@@ -20,7 +20,7 @@ LABEL name="openziti/zrok" \
 USER root
 
 ### add licenses to this directory
-RUN mkdir -m0755 /licenses
+RUN mkdir -p -m0755 /licenses
 COPY ./LICENSE /licenses/apache.txt
 
 RUN mkdir -p /usr/local/bin

docs/core-features/hosting.md

@@ -5,7 +5,7 @@ sidebar_position: 200
 
 ## Self-Hosted
 
-`zrok` is not limited to a managed offering. You can [host your own](../guides/self-hosting/v0.3_self_hosting_guide.md) instance of `zrok` as well. `zrok` is
+`zrok` is not limited to a managed offering. You can [host your own](../guides/self-hosting/self_hosting_guide.md) instance of `zrok` as well. `zrok` is
 also freely available as open source software hosted by GitHub under a very permissive Apache v2 license.
 
 ## Managed Service

docs/getting-started.md

@@ -430,7 +430,7 @@ You use the `zrok reserve` command to create _reserved shares_. Reserved shares
 
 ## Self-Hosting a Service Instance
 
-Interested in self-hosting your own `zrok` service instance? See the [self-hosting guide](./guides/self-hosting/v0.3_self_hosting_guide.md) for details.
+Interested in self-hosting your own `zrok` service instance? See the [self-hosting guide](./guides/self-hosting/self_hosting_guide.md) for details.
 
 [openziti]: https://docs.openziti.io/docs/learn/introduction/	"OpenZiti"
 [ zrok-download]: https://zrok.io "Zrok Download"

docs/guides/metrics-and-limits/configuring-metrics.md

@@ -30,7 +30,7 @@ events:
 
 You'll want to adjust the `events/jsonLogger/handler/path` to wherever you would like to send these events for ingestion into `zrok`. There are additional OpenZiti options that control file rotation. Be sure to consult the OpenZiti docs to tune these settings to be appropriate for your environment.
 
-By default the OpenZiti events infrastructure reports and batches events in 1 minute buckets. 1 minute is too large of an interval to provide a snappy `zrok` metrics experience. So, let's increase the frequency to every 5 seconds. Add this to the `network` stanza of your OpenZiti controller:
+By default, the OpenZiti events infrastructure reports and batches events in 1 minute buckets. 1 minute is too large of an interval to provide a snappy `zrok` metrics experience. So, let's increase the frequency to every 5 seconds. Add this to the `network` stanza of your OpenZiti controller's configuration:
 
 ```yaml
 network:
@@ -38,9 +38,10 @@ network:
   metricsReportInterval: 5s
 ```
 
-And you'll want to add this stanza to the router configuration for every router on your OpenZiti network:
+And you'll want to add this stanza to the tail-end of the router configuration for every router on your OpenZiti network:
 
 ```yaml
+# this must be the last router configuration stanza
 metrics:
   reportInterval: 5s
   intervalAgeThreshold: 5s
@@ -92,12 +93,12 @@ metrics:
       queue_name:   events
   influx:
     url:            "http://127.0.0.1:8086"
-    bucket:         zrok
-    org:            zrok
+    bucket:         zrok  # the bucket and org must be
+    org:            zrok  # created in advance in InfluxDB
     token:          "<secret token>"
 ```
 
-This configures the `zrok` controller to consume usage events from the AMQP queue, and configures the InfluxDB metrics store.
+This configures the `zrok` controller to consume usage events from the AMQP queue, and configures the InfluxDB metrics store. The InfluxDB organization and bucket must be created in advance. The `zrok` controller will not create these for you.
 
 ## Testing Metrics
 

docs/guides/self-hosting/nginx_tls_guide.md

@@ -11,7 +11,7 @@ sidebar_label: Nginx TLS
 
 ## Before You Begin
 
-I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [Self-Hosting Guide](./v0.3_self_hosting_guide.md) if you still need to spin those up.
+I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [Self-Hosting Guide](./self_hosting_guide.md) if you still need to spin those up.
 
 ## Choose a Reverse Proxy Address
 

docs/guides/self-hosting/self_hosting_guide.md

@@ -47,7 +47,7 @@ Create a controller configuration file in `etc/ctrl.yml`. The controller does no
 #   /___|_|  \___/|_|\_\
 # controller configuration
 
-v:                  2
+v:                  3
 
 admin:
   secrets:
@@ -179,7 +179,9 @@ Nice work! The `zrok` controller is fully configured now that you have created t
 
 ## Configure the Public Frontend
 
-Create `etc/http-frontend.yml`. You must reiterate the pattern you expressed in the public frontend URL template as a `host_match` pattern, and you may change the default address where the frontend will listen for public access requests. The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
+Create `etc/http-frontend.yml`. This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of zrok. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
+
+The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
 
 ```yaml
 host_match: zrok.quigley.com

etc/ctrl.yml

@@ -47,7 +47,7 @@ endpoint:
 #
 email:
   host:                           smtp.server.com
-  port:                           587
+  port:                           587  # this must be a STARTTLS port, not the TLS port (465)
   username:                       ""
   password:                       ""
   from:                           ziggy@zrok.io