zrok/docker/compose/zrok-private-access/compose.yml
2023-10-27 19:03:22 -04:00

64 lines
1.8 KiB
YAML

services:
zrok-init:
image: busybox
# matches uid:gid of "nobody" in zrok container image
command: chown -Rc 65534:65534 /mnt/.zrok
user: root
volumes:
- zrok_env:/mnt/.zrok
zrok-enable:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
depends_on:
zrok-init:
condition: service_completed_successfully
entrypoint:
- bash
- -euc
- |
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
echo "INFO: zrok environment is already enabled"
exit 0
else
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
exec zrok "$${@}"
fi
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker private access}" ${ZROK_ENABLE_TOKEN}
volumes:
- zrok_env:/mnt/.zrok
environment:
HOME: /mnt
zrok-access:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
command: access private --headless --bind 0.0.0.0:9191 ${ZROK_ACCESS_TOKEN}
depends_on:
zrok-enable:
condition: service_completed_successfully
ports:
- 9191:9191 # expose the zrok private access proxy to the Docker host
volumes:
- zrok_env:/mnt/.zrok
environment:
HOME: /mnt
PFXLOG_NO_JSON: "true"
# alternatively, access the zrok private access proxy from another container
demo-client:
depends_on:
- zrok-access
image: busybox
entrypoint:
- sh
- -c
- |
while true; do
echo 'INFO: trying wget';
wget -q -O - http://zrok-access:9191/ip;
sleep 3;
done
volumes:
zrok_env: