call the Docker self-hosting compose project 'zrok-instance'

2025-08-18 11:49:51 +02:00 · 2024-04-26 15:14:45 -04:00
parent a770cbc882
commit f466d2dd5c
13 changed files with 4 additions and 4 deletions
--- a/docker/compose/zrok-instance/bootstrap-frontend.bash
+++ b/docker/compose/zrok-instance/bootstrap-frontend.bash
@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace
+
+getZitiPublicFrontend(){
+    local RETURNED
+    local -A FIELDS
+    FIELDS[all]=0
+    FIELDS[zid]=1
+    FIELDS[name]=2
+    FIELDS[type]=3
+    FIELDS[attributes]=4
+    FIELDS[policy]=5
+
+    if (( $# )); then
+        RETURNED="$1"
+        shift
+    else
+        RETURNED="all"
+    fi
+
+    if (( $# )); then
+        echo "WARN: ignoring unexpected parameters: $*" >&2
+    fi
+
+    if [[ -z "${FIELDS[$RETURNED]}" ]]; then
+        echo "ERROR: invalid return field $RETURNED" >&2
+        return 1
+    fi
+
+    ziti edge list identities 'name="public"' --csv \
+        | awk -F, '$'${FIELDS[name]}'=="public" {print $'${FIELDS[$RETURNED]}';}'
+}
+
+getZrokPublicFrontend(){
+    local RETURNED
+    local -A FIELDS
+    FIELDS[all]=0
+    FIELDS[token]=1
+    FIELDS[zid]=2
+    FIELDS[name]=3
+    FIELDS[template]=4
+    FIELDS[created]=5
+    FIELDS[updated]=6
+
+    if (( $# )); then
+        RETURNED="$1"
+        shift
+    else
+        RETURNED="all"
+    fi
+
+    if (( $# )); then
+        echo "WARN: ignoring unexpected parameters: $*" >&2
+    fi
+
+    if [[ -z "${FIELDS[$RETURNED]}" ]]; then
+        echo "ERROR: invalid return field $RETURNED" >&2
+        return 1
+    fi
+
+    # strip ANSI sequences and return the first position from the line with a name exactly matching "public"
+    zrok admin list frontends | sed 's/\x1b\[[0-9;]*m//g' \
+    | awk '$'${FIELDS[name]}'=="public" {print $'${FIELDS[$RETURNED]}'}'
+}
+
+ziti edge login "https://ziti.${ZROK_DNS_ZONE}:${ZITI_CTRL_ADVERTISED_PORT}" \
+    --username admin \
+    --password "${ZITI_PWD}" \
+    --yes
+
+if ! [[ -s ~/.zrok/identities/public.json ]]; then
+    mkdir -p ~/.zrok/identities
+    ziti edge create identity "public" --jwt-output-file /tmp/public.jwt
+    ziti edge enroll --jwt /tmp/public.jwt --out ~/.zrok/identities/public.json
+fi
+
+# find Ziti ID of default "public" frontend
+ZITI_PUBLIC_ID="$(getZitiPublicFrontend zid)"
+until [[ -n "${ZITI_PUBLIC_ID}" ]]; do
+    echo "DEBUG: waiting for default frontend "public" Ziti identity to be created"
+    sleep 3
+    ZITI_PUBLIC_ID="$(getZitiPublicFrontend zid)"
+done
+echo "DEBUG: 'public' ZITI_PUBLIC_ID=$ZITI_PUBLIC_ID"
+
+until curl -sSf "${ZROK_API_ENDPOINT}/api/v1/version"; do
+    echo "DEBUG: waiting for zrok controller API version endpoint to respond"
+    sleep 3
+done
+
+# if default "public" frontend already exists
+ZROK_PUBLIC_TOKEN=$(getZrokPublicFrontend token)
+if [[ -n "${ZROK_PUBLIC_TOKEN}" ]]; then
+    
+    # ensure the Ziti ID of the public frontend's identity is the same in Ziti and zrok
+    ZROK_PUBLIC_ZID=$(getZrokPublicFrontend zid)
+    if [[ "${ZITI_PUBLIC_ID}" != "${ZROK_PUBLIC_ZID}" ]]; then
+        echo "ERROR: existing Ziti Identity named 'public' with id '$ZITI_PUBLIC_ID' is from a previous zrok"\
+        "instance life cycle. Delete it then re-run zrok." >&2
+        exit 1
+    fi
+
+    echo "INFO: updating frontend"
+    zrok admin update frontend "${ZROK_PUBLIC_TOKEN}" \
+        --url-template "https://{token}.${ZROK_DNS_ZONE}"
+else
+    echo "INFO: creating frontend"
+    zrok admin create frontend "${ZITI_PUBLIC_ID}" public \
+        "https://{token}.${ZROK_DNS_ZONE}"
+fi
+
+exec "${@}"