Multicloud hybrid kubernetes with zrok

Hi! I've found your service very attractive. If I've understood correct from documentation you have everything is needed for the working of a multicloud hybrid kubernetes in zrok from a box. At least what is connected with a network: vpn, loadbalaning, distributed volumes, ingress, webserver/proxy. Do you have any good manuals for integration of your service with kubernetes? I hoped, that I will find answers in this video But, if I understand correct, you just try to convert from compose to kubernetese your core containers. Or maybe do you plan any easy integration like helm package or something like this?

Hello, @mihalt! Yes, I recently released a new Helm chart for zrok 0.4.

It's compatible with CertManager's built-in DNS-01 solver, which is necessary for zrok frontends that always require a wildcard DNS record and TLS certificate.

Nice! Thank you! Will check. Have you moved to nginx? helm-charts/charts/zrok at main · openziti/helm-charts · GitHub

As I saw from docs, you used Caddy zrok frontdoor | Zrok

Not "moved" per se, no. :slightly_smiling_face:

The Helm chart is not opinionated about how you configure ingresses, so you have some options. There's an example in that README that uses the popular Nginx Ingress Controller. That's a good place to start if you're not leaning toward any particular ingress solution. You can use the same Helm chart with any ingress method you prefer as long as it can be configured through ingressClass or annotations, which you must provide as input values to the Helm chart when you create the Helm release (i.e., install the chart).

You could use the Caddy Ingress Controller, the Traefik Gateway Controller, or a LoadBalancer Service. The important thing to know is that zrok itself doesn't terminate TLS, so the ingress solution you choose must terminate TLS for both the zrok controller and the zrok frontend components of the deployment specified in the Helm chart.

In the zrok frontdoor guide there's an example of using Caddy. You can use Caddy with zrok in at least two ways:

  1. as a TLS-terminating reverse proxy for a zrok controller or frontend or both, and
  2. as a zrok backend, e.g., zrok share public --backend-mode caddy ./Caddyfile.

The difference between these is that the Caddy reverse proxy is useful for someone self-hosting their own zrok instance, and wishing to terminate TLS for the zrok controller and frontend components. The zrok backend uses an embedded Caddy server which requires a special Caddyfile template like this example.