Using Zrok on docker for multiple services

zrok
14

I've been playing with this idea today as I'm also interested in multiple shares in a single environment from a single docker compose stack/swarm/instance/[insert proper term here].

What I'm showing here doesn't relate directly to the OP's question, but it's in the ballpark and might be interesting to some.

As a starting point, I used the compose file from here. Using the extends feature of docker compose, you can write a kind of zrok share template service and then use it to declare a service for each share in your compose file.

With the following two files in the same directory, try docker compose up.

Note services zrok-share-1 and zrok-share-2 and the use of extends.

compose.yaml

services:
  zrok-init:
    image: busybox
    # matches uid:gid of "ziggy" in zrok container image
    command: chown -Rc 2171:2171 /mnt/.zrok
    user: root
    volumes:
      - zrok_env:/mnt/.zrok

  # enable zrok environment
  zrok-enable:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    depends_on:
      zrok-init:
        condition: service_completed_successfully
    entrypoint: zrok-enable.bash
    volumes:
      - zrok_env:/mnt
    environment:
      STATE_DIRECTORY: /mnt
      ZROK_ENABLE_TOKEN:
      ZROK_API_ENDPOINT:
      ZROK_ENVIRONMENT_NAME: docker-private-share

  zrok-share-1:
    extends:
      file: zrok-share.yaml
      service: zrok-share
    environment:
      ZROK_TARGET: 'http://localhost:8001'

  zrok-share-2:
    extends:
      file: zrok-share.yaml
      service: zrok-share
    environment:
      ZROK_TARGET: 'http://localhost:8002'

volumes:
  zrok_env:

networks:
  default:

zrok-share.yaml

services:
  zrok-share:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    restart: no
    entrypoint:
    - bash
    - -euxc
    - |
      env
      echo "DEBUG: HOME=$${HOME}"
      ls -lA /mnt/.zrok/
      exec zrok share private --headless --backend-mode proxy "$${ZROK_TARGET}"
    depends_on:
      zrok-enable:
        condition: service_completed_successfully
    volumes:
      - zrok_env:/mnt
    environment:
      HOME: /mnt
      PFXLOG_NO_JSON: "true"

Note: In the zrok-share.yaml, I wasn't able to find a way to get ${ZROK_TARGET} to resolve when it's used in the command element unless it's present in the .env file (which defeats the purpose). I think that the command element is resolved at compose file parse time, but variables specified in the environment element are not available for resolution at that point. This is why the whole zrok command is spelled out in the entrypoint element.

2 Likes