.github/workflows | ||
bin | ||
build | ||
cmd/zrok | ||
controller | ||
docs | ||
endpoints | ||
etc | ||
model | ||
rest_client_zrok | ||
rest_model_zrok | ||
rest_server_zrok | ||
specs | ||
tui | ||
ui | ||
util | ||
zrokdir | ||
.gitignore | ||
.goreleaser-darwin.yml | ||
.goreleaser-linux.yml | ||
.goreleaser-release.yml | ||
.goreleaser-windows.yml | ||
CHANGELOG.md | ||
go.mod | ||
go.sum | ||
README.md |
zrok
zrok
is a service designed to provide frictionless access to ephemeral, geo-scale reverse proxy capabilities. zrok
is implemented on top of OpenZiti as a Ziti Native Application.
Characteristics
zrok
has the following characteristics:
Frictionless
zrok
is designed to provide a "frictionless" experience. Only a single binary and a single command are required to take advantage of all of the power of zrok
.
zrok
works in a large number environments: developer shells, container sidecars, serverless environments, webhooks.
Expand with OpenZiti
zrok
is built on top of OpenZiti, a next-generation solution for secure application connectivity. zrok
is a fantastic way to start working with OpenZiti. Start with simple zrok
ephemeral connectivity, and then layer on additional capabilities provided by the underlying OpenZiti network.
Bring zrok
into your existing OpenZiti deployment to provide rapid, ephemeral connectivity for a number of important HTTP scenarios.
World-Scale
zrok
is the software that powers the zrok.io
world-scale service. zrok
can scale as large as you need.
Multiple Isolated Tenants
A single zrok
instance can support any number of isolated tenants, allowing them to coexist on top of the same OpenZiti deployment in a secure manner.
Self-hosting Capable
Install zrok
on top of your own OpenZiti network. zrok
is simple to operate and scale.
Concepts
zrok
is conceptually structured like this:
zrok Frontend, zrok Backend
The zrok
reverse proxy is broken into two halves, a frontend and a backend. These two components connect over an OpenZiti network. Together the frontend and the backend work together to implement a reverse proxy.
The frontend is designed to be sited on an accessible network (typically the public internet). This allows traffic from that accessible network to ingress into the zrok
frontend, across the dynamic reverse proxy.
The backend is designed to be sited in a private environment, such as a private development server, or a serverless environment, or a container sidecar. The backend only needs outbound connectivity to reach the OpenZiti network and the zrok
controller.
The controller is a lightweight control plane component, which orchestrates connectivity between frontend and backend components.