|
| 1 | +# Docker Compose overlay for the canary integration test. |
| 2 | +# Merged by dangerous.docker.test.bash — not part of the user-facing stack. |
| 3 | +# |
| 4 | +# The canary service uses host networking so *.localhost resolves to 127.0.0.1 |
| 5 | +# and reaches published frontend and controller ports directly. |
| 6 | + |
| 7 | +services: |
| 8 | + canary: |
| 9 | + image: ${ZROK2_IMAGE:-docker.io/openziti/zrok2}:${ZROK2_TAG:-latest} |
| 10 | + network_mode: host |
| 11 | + environment: |
| 12 | + ZROK2_API_ENDPOINT: http://127.0.0.1:${ZROK2_CTRL_PORT:-18080} |
| 13 | + ZROK2_ADMIN_TOKEN: ${ZROK2_ADMIN_TOKEN} |
| 14 | + ZROK2_DANGEROUS_CANARY: "1" |
| 15 | + ZROK2_FRONTEND_PORT: ${ZROK2_FRONTEND_PORT:-8080} |
| 16 | + ZROK2_DNS_ZONE: ${ZROK2_DNS_ZONE:-localhost} |
| 17 | + HOME: /tmp/canary |
| 18 | + entrypoint: ["/bin/bash", "-c"] |
| 19 | + command: |
| 20 | + - | |
| 21 | + set -o errexit -o nounset -o pipefail |
| 22 | +
|
| 23 | + FRONTEND_PORT="$${ZROK2_FRONTEND_PORT}" |
| 24 | + DNS_ZONE="$${ZROK2_DNS_ZONE}" |
| 25 | +
|
| 26 | + # Create a throwaway canary account and enable an environment. |
| 27 | + # ZROK2_API_ENDPOINT is already set — zrok2 enable bootstraps |
| 28 | + # the environment in one shot. |
| 29 | + TOKEN=$$(zrok2 admin create account \ |
| 30 | + "canary-$$(date +%s)@zrok.internal" "canarypass") |
| 31 | + echo "canary account token: $${TOKEN}" |
| 32 | + zrok2 enable "$${TOKEN}" --description canary-test |
| 33 | +
|
| 34 | + # ── Test 1: Canary looper (random share token) ────────────────── |
| 35 | + # Exercises the public frontend with random share tokens. The |
| 36 | + # host-networked container reaches the frontend at |
| 37 | + # localhost:ZROK2_FRONTEND_PORT, and *.localhost resolves to |
| 38 | + # 127.0.0.1 (RFC 6761). |
| 39 | + echo "=== Test 1: canary public-proxy looper ===" |
| 40 | + zrok2 test canary public-proxy \ |
| 41 | + --iterations 3 --loopers 1 \ |
| 42 | + --min-payload 256 --max-payload 256 \ |
| 43 | + --min-pacing 1s --max-pacing 1s \ |
| 44 | + --http --frontend-port "$${FRONTEND_PORT}" |
| 45 | +
|
| 46 | + # ── Test 2: Named share via --name-selection ──────────────────── |
| 47 | + # Creates a share with an explicit name in the public namespace, |
| 48 | + # then verifies the AMQP-backed dynamic frontend routes it. |
| 49 | + echo "=== Test 2: named share ===" |
| 50 | + SHARE_NAME="citest-$$(date +%s)" |
| 51 | +
|
| 52 | + BACKEND_PORT=19999 |
| 53 | + zrok2 test endpoint --port "$${BACKEND_PORT}" & |
| 54 | + HTTP_PID=$$! |
| 55 | +
|
| 56 | + # Pre-create the name (v2 equivalent of "zrok reserve"). |
| 57 | + zrok2 create name "$${SHARE_NAME}" |
| 58 | +
|
| 59 | + # Create the named share in the background (long-running). |
| 60 | + zrok2 share public "http://127.0.0.1:$${BACKEND_PORT}" \ |
| 61 | + --name-selection "public:$${SHARE_NAME}" \ |
| 62 | + --backend-mode proxy --headless & |
| 63 | + SHARE_PID=$$! |
| 64 | +
|
| 65 | + # Wait for the share to propagate to the dynamic frontend. |
| 66 | + echo "waiting for named share '$${SHARE_NAME}' ..." |
| 67 | + sleep 5 |
| 68 | + ATTEMPTS=30 |
| 69 | + while (( ATTEMPTS-- > 0 )); do |
| 70 | + if curl -sf -H "Host: $${SHARE_NAME}.$${DNS_ZONE}" \ |
| 71 | + "http://127.0.0.1:$${FRONTEND_PORT}/" 2>/dev/null \ |
| 72 | + | grep -q "zrok"; then |
| 73 | + echo "PASS: named share '$${SHARE_NAME}' content verified" |
| 74 | + break |
| 75 | + fi |
| 76 | + sleep 2 |
| 77 | + done |
| 78 | + if (( ATTEMPTS < 0 )); then |
| 79 | + echo "FAIL: named share '$${SHARE_NAME}' not reachable after 60s" |
| 80 | + kill $${SHARE_PID} $${HTTP_PID} 2>/dev/null || true |
| 81 | + exit 1 |
| 82 | + fi |
| 83 | +
|
| 84 | + # Clean up share and backend. |
| 85 | + kill $${SHARE_PID} $${HTTP_PID} 2>/dev/null || true |
| 86 | + wait $${SHARE_PID} 2>/dev/null || true |
| 87 | + wait $${HTTP_PID} 2>/dev/null || true |
| 88 | +
|
| 89 | + zrok2 disable || true |
| 90 | + echo "=== All canary tests passed ===" |
| 91 | + profiles: ["canary"] |
0 commit comments