Hey all - We are building a web service where our users will be using our own self-hosted zrok instance. We create zrok accounts for each of our users using the admin create account functionality. When our users are done with their share they can sometimes exit the application (docker container w/ zrok client) leaving the environment still enabled in the zrok server. The share is stopped fine.
A few questions:
Is there admin functionality in zrok to list current active shares across accounts?
Same for enabled environments.
Is there admin functionality to stop a share?
Is there admin functionality to disable an environment (or multiple) if we believe they are no longer used (docker container has exited w/o doing a zrok disable)?
We're working on ways to do the disable in the docker container (using docker compse pre_stop lifecycle hook) or in our app that wraps all of this functionality but wanted to investigate any admin level functionality that already exists in zrok.
1 and 2. Not currently - some of this visibility is available within Ziti. If you're running the Ziti Controller you can add the ZAC (Ziti Admin Console) if it's not already there, and that can give you a sense of how many environments and shares are enabled.
3. Not, but you can disable a share by changing it or deleting it within ziti. This doesn't clean it up in the zrok database though.
4. We've run into this with hosted zrok as well. The best path for this is to correct the behavior in the container. What we've seen for containers using zrok is that you have to run zrok disable in the container at the end of the job run before the container exits, and that will clean up the resources automatically. If a container exits with a share running and enabled it's actually an unclean exit of the process, so the proper cleanup lifecycle hooks do not run.
Up to this point, most of the API endpoints in the core zrok API have been focused on allowing end users to self-manage their own resources. There are a number of endpoints in /admin, which are useful for managing the overall multi-tenant instance, but there aren't currently endpoints that allow for central management of resources on behalf of users... not opposed to that, it's just not been something that's a priority for the core zrok concept.
I would expect that as 1.0 develops next year, we'll hopefully be able to provide more of these kinds of features. It's the usual situation of being a small team and having to pick our battles.