Configuring Metrics for Zrok deployed docker compose

Where to put fabric.usage & metric bridge file and how when zrok is deployed using official self hosting guide as it should persists restarts and/or rebuild.

my compose.yml as follows:

# this compose file is designed to merge with the ziti all-in-one quickstart compose file by renaming 
# https://get.openziti.io/dock/all-in-one/compose.yml to compose.override.yml

services:
  ziti-quickstart:
    image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_CLI_TAG:-latest}
    restart: unless-stopped
    networks:
      zrok-instance:
        # this allows other containers to use the same external DNS name to reach the quickstart container from within the
        # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding
        aliases:
          - ziti.${ZROK_DNS_ZONE}
    entrypoint:
      - bash
      - -euc
      - |
        ZITI_CMD+=" --ctrl-address ziti.${ZROK_DNS_ZONE}"\
        " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\
        " --router-address ziti.${ZROK_DNS_ZONE}"\
        " --router-port ${ZITI_ROUTER_PORT:-3022}"\
        " --password ${ZITI_PWD:-admin}"
        echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}"
        exec ziti "$${@}" $${ZITI_CMD}
    command: -- edge quickstart --home /home/ziggy/quickstart
    user: ${ZIGGY_UID:-1000}
    environment:
      HOME: /home/ziggy
      PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}"
      ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router}
    volumes:
      # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a
      # directory, ZITI_HOME 
      - ${ZITI_HOME:-ziti_home}:/home/ziggy
    ports:
      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280}
      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
    expose:
      - ${ZITI_CTRL_ADVERTISED_PORT:-1280}
      - ${ZITI_ROUTER_PORT:-3022}
    depends_on:
      ziti-quickstart-init:
        condition: service_completed_successfully
    healthcheck:
      test:
        - CMD
        - ziti
        - agent
        - stats
      interval: 3s
      timeout: 3s
      retries: 5
      start_period: 30s

  # this service is used to initialize the ziti_home volume by setting the owner to the UID of the user running the
  # quickstart container
  ziti-quickstart-init:
    image: busybox
    command: chown -Rc ${ZIGGY_UID:-1000} /home/ziggy
    user: root
    environment:
      HOME: /home/ziggy
    volumes:
      # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a
      # directory, ZITI_HOME 
      - ${ZITI_HOME:-ziti_home}:/home/ziggy

  # add a health check for the quickstart network
  ziti-quickstart-check:
    image: busybox
    command: echo "Ziti is cooking"
    depends_on:
      ziti-quickstart:
        condition: service_healthy

  zrok-permissions:
    image: busybox
    command:
      - /bin/sh
      - -euxc
      - |
        chown -Rc ${ZIGGY_UID:-2171} /var/lib/zrok-*;
        chmod -Rc ug=rwX,o-rwx /var/lib/zrok-*;
    volumes:
      - zrok_ctrl:/var/lib/zrok-controller
      - zrok_frontend:/var/lib/zrok-frontend

  zrok-controller:
    depends_on:
        zrok-permissions:
          condition: service_completed_successfully
    build:
      context: .
      dockerfile: ./zrok-controller.Dockerfile
      args:
        ZROK_CLI_IMAGE: ${ZROK_CLI_IMAGE:-openziti/zrok}
        ZROK_CLI_TAG: ${ZROK_CLI_TAG:-latest}
        ZROK_DNS_ZONE: ${ZROK_DNS_ZONE}  # e.g., "example.com" or "127.0.0.1.sslip.io"
        ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280}
        ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
        ZROK_CTRL_PORT: ${ZROK_CTRL_PORT:-18080}
        ZITI_PWD: ${ZITI_PWD} # ziti controller admin password
    user: ${ZIGGY_UID:-2171}
    command: zrok controller /etc/zrok-controller/config.yml --verbose
    volumes:
      - zrok_ctrl:/var/lib/zrok-controller
    networks:
      zrok-instance:
        aliases:
          - zrok.${ZROK_DNS_ZONE}
    restart: unless-stopped
    expose:
      - ${ZROK_CTRL_PORT:-18080}  # (not published)
    # Caddy's published ports provide a TLS reverse proxy for the zrok controller
    # ports:
    #   - 127.0.0.1:${ZROK_CTRL_PORT:-18080}:${ZROK_CTRL_PORT:-18080}
    environment:
      ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password     (initial user account)
      CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL}  # login email address (initial user account)

  zrok-frontend:
    depends_on:
        zrok-permissions:
          condition: service_completed_successfully
    build:
      context: .
      dockerfile: zrok-frontend.Dockerfile
      args:
        ZROK_CLI_IMAGE: ${ZROK_CLI_IMAGE:-openziti/zrok}
        ZROK_CLI_TAG: ${ZROK_CLI_TAG:-latest}
        ZROK_DNS_ZONE: ${ZROK_DNS_ZONE}  # e.g., "example.com" or "127.0.0.1.sslip.io"
        ZROK_FRONTEND_PORT: ${ZROK_FRONTEND_PORT:-8080}
        ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081}
        ZROK_OAUTH_HASH_KEY: ${ZROK_OAUTH_HASH_KEY-noop}
        ZROK_OAUTH_GOOGLE_CLIENT_ID: ${ZROK_OAUTH_GOOGLE_CLIENT_ID:-noop}
        ZROK_OAUTH_GOOGLE_CLIENT_SECRET: ${ZROK_OAUTH_GOOGLE_CLIENT_SECRET:-noop}
        ZROK_OAUTH_GITHUB_CLIENT_ID: ${ZROK_OAUTH_GITHUB_CLIENT_ID:-noop}
        ZROK_OAUTH_GITHUB_CLIENT_SECRET: ${ZROK_OAUTH_GITHUB_CLIENT_SECRET:-noop}
    user: ${ZIGGY_UID:-2171}
    command: zrok access public /etc/zrok-frontend/config.yml --verbose
    volumes:
      - zrok_frontend:/var/lib/zrok-frontend
    networks:
      zrok-instance:
    restart: unless-stopped
    expose:
      - ${ZROK_FRONTEND_PORT:-8080}  # (not published)
      - ${ZROK_OAUTH_PORT:-8081}     # (not published)
    # ports:
    #   - 127.0.0.1:${ZROK_FRONTEND_PORT:-8080}:${ZROK_FRONTEND_PORT:-8080}
    #   - 127.0.0.1:${ZROK_OAUTH_PORT:-8081}:${ZROK_OAUTH_PORT:-8081}
    environment:
      HOME: /var/lib/zrok-frontend
      ZROK_DNS_ZONE: ${ZROK_DNS_ZONE}  # e.g., "example.com" or "127.0.0.1.sslip.io"
      ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
      ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
      ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280}
      ZITI_PWD: ${ZITI_PWD} # ziti controller admin password

  caddy:
    build:
      context: .
      dockerfile: ./caddy.Dockerfile
      args:
        CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN} # e.g., "digitalocean" (see github.com/caddy-dns)
    restart: unless-stopped
    environment:
      CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN}  # e.g., "digitalocean" (see github.com/caddy-dns)
      CADDY_DNS_PLUGIN_TOKEN: ${CADDY_DNS_PLUGIN_TOKEN}  # API token from DNS provider used by plugin to solve the ACME challenge
      CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL}  # email address sent to CA for ACME account and renewal notifications
      CADDY_ACME_API: ${CADDY_ACME_API:-https://acme-v02.api.letsencrypt.org/directory}  # ACME API endpoint
      ZROK_DNS_ZONE: ${ZROK_DNS_ZONE}  # e.g., "example.com" or "127.0.0.1.sslip.io"
      ZROK_CTRL_PORT: ${ZROK_CTRL_PORT:-18080}
      ZROK_FRONTEND_PORT: ${ZROK_FRONTEND_PORT:-8080}
      ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081}
    expose:
      - 80/tcp
      - 443/tcp
      - 443/udp   # Caddy's HTTP/3 (QUIC) (not published)
      - 2019/tcp  # Caddy's admin API     (not published)
    ports:
      - ${CADDY_INTERFACE:-0.0.0.0}:80:80
      - ${CADDY_INTERFACE:-0.0.0.0}:443:443
      # - ${CADDY_INTERFACE:-0.0.0.0}:443:443/udp"  # future: HTTP/3 (QUIC)
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    networks:
      zrok-instance:

volumes:
  ziti_home:  # this will not be used if you switch from named volume to bind mount volume
  zrok_ctrl:
  zrok_frontend:
  caddy_data:
  caddy_config:

# define a custom network so that we can also define DNS aliases
networks:
  zrok-instance:
    driver: bridge

my compose.override.yml as follows:

services:
  rabbitmq:
    image: rabbitmq:3.11-management
    container_name: rabbitmq_production
    ports:
      - "5672:5672"   # AMQP protocol
      - "15672:15672" # Management UI
    volumes:
      - rabbitmq_data:/var/lib/rabbitmq
      # - ./rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
      # - ./enabled_plugins:/etc/rabbitmq/enabled_plugins
    # environment:
    #   RABBITMQ_DEFAULT_USER: your_user
    #   RABBITMQ_DEFAULT_PASS: your_password
    #   RABBITMQ_ERLANG_COOKIE: 'a_secure_cookie_string'
    #   RABBITMQ_DEFAULT_VHOST: your_vhost
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "rabbitmqctl", "status"]
      interval: 30s
      timeout: 30s
      retries: 3

volumes:
  rabbitmq_data:
    driver: local

Hi there, @yashodhan, You're on the right track.

The config vars provide a minimal interface for generating a basic config. You can override any of the generated configs with a Docker bind volume. For example, if you wish to override the zrok controller's config.yml, you can first copy out the generated /var/lib/ziti-controller/config.yml, tailor it to your use case, then mount it in the same path within your compose.override.yml.

services:
    zrok-controller:
        volumes:
          - ./zrok-controller-config.yml:/var/lib/zrok-controller/config.yml

The mounted file will mask the generated file.

You can use this technique for adding fabric events and handlers to the ziti-quickstart container's ctrl.yaml (the ziti controller config YAML). The ziti-quickstart container respects an env var ZITI_HOME, which, if set to a path on the Docker host, will be used to store the generated ziti config. You must set the variable in the compose .env before the first run, and thereafter, you will be able to modify the generated config directly, and it will be used on the next run.