From ecb02b29b9ee3996e6b46476465901979766d3fe Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 16 Nov 2022 12:55:19 -0500 Subject: [PATCH] tweaks (#20, #88) --- docs/v0.3_sharing_modes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/v0.3_sharing_modes.md b/docs/v0.3_sharing_modes.md index 78c9d479..7ce786b7 100644 --- a/docs/v0.3_sharing_modes.md +++ b/docs/v0.3_sharing_modes.md @@ -6,12 +6,16 @@ The `v0.3` series introduces new sharing modes, and new types of built-in servic _Note: In `v0.3`, the `tunnel` and `untunnel` concepts get renamed to `share` and `unshare`._ +_Note: We're going to continue using `frontend` and `backend` as concepts, even though those words will be changing in the `zrok` CLI. A `frontend` will continue to describe an "ingress" into the `zrok`service, and is the tool that is used by the user "consuming" or `serv`-ing the the `zrok` service. A `backend` will continue to describe the "binding" created by a user that wants to `share` a resource. + ### Public Sharing In `v0.2`, `zrok` only offered a "public" sharing mode. The public sharing mode will allow any configured `frontend` instances to send traffic to any `backend`. The policy and permission model was very simple and flat. A `v0.2` deployment considers any available `frontend` instance to be allowed to send traffic to configured services. The access for `frontend` instances is controlled by identity provisioning within the underlying Ziti network. In `v0.3`, `zrok` will offer both a "public" and a "private" sharing mode. When `v0.3` configures the policies for a service, a publicly-shared service will have policies created that allow whichever selected public `frontend` instances to access the shared `backend`. A `v0.3` deployment will have a collection of multi-tenant, high-capacity `frontend` instances available to be selected from. The `zrok` CLI will default to selecting the `public` `frontend` instances. +The `frontend` selection approach also gives us a clean implementation for picking public `frontend` instances based on geography (either network or physical). The production `zrok.io` service could easily offer multiple different fleets of `frontend` instances, and this mechanism will allow `backend` users to choose where they want to offer access to their service. + ### Private Sharing `v0.3` introduces a "private" sharing mode. When provisioning a service for private sharing, `zrok` will not create any policies for the service, until a request for a `frontend` binding is created for the service (through the `v0.3` `zrok serve` command).