From 362ed0830107cfe2288431e44d93391adae66e62 Mon Sep 17 00:00:00 2001 From: Prasoon Kumar Date: Wed, 2 Jul 2025 16:02:06 +0530 Subject: [PATCH] feat(library): Introduce Traefik 3.4.1 as library - Dockerfile: Copy traefik, dependencies and configuration - dynamic.yml: Dynamic routing configuration for traefik - Kraftfile: Configure Traefik unikernel build - README.md: Usage instructions and links - traefik.yml: Main configuration for traefik setup Signed-off-by: Prasoon Kumar --- .github/workflows/library-traefik3.4.1.yaml | 83 +++++++++++ README.md | 1 + library/traefik/3.4.1/Dockerfile | 47 +++++++ library/traefik/3.4.1/Kraftfile | 145 ++++++++++++++++++++ library/traefik/3.4.1/README.md | 66 +++++++++ library/traefik/3.4.1/dynamic.yml | 13 ++ library/traefik/3.4.1/traefik.yml | 11 ++ 7 files changed, 366 insertions(+) create mode 100644 .github/workflows/library-traefik3.4.1.yaml create mode 100644 library/traefik/3.4.1/Dockerfile create mode 100644 library/traefik/3.4.1/Kraftfile create mode 100644 library/traefik/3.4.1/README.md create mode 100644 library/traefik/3.4.1/dynamic.yml create mode 100644 library/traefik/3.4.1/traefik.yml diff --git a/.github/workflows/library-traefik3.4.1.yaml b/.github/workflows/library-traefik3.4.1.yaml new file mode 100644 index 00000000..6fd5347e --- /dev/null +++ b/.github/workflows/library-traefik3.4.1.yaml @@ -0,0 +1,83 @@ +name: library/traefik:3.4.1 + +on: + repository_dispatch: + types: [core_merge, musl_merge, traefik_merge] + + workflow_dispatch: + + schedule: + - cron: '0 0 * * *' # Everyday at 12AM + + push: + branches: [main] + paths: + - 'library/traefik/3.4.1/**' + - '.github/workflows/library-traefik3.4.1.yaml' + + pull_request: + types: [opened, synchronize, reopened] + branches: [main] + paths: + - 'library/traefik/3.4.1/**' + - '.github/workflows/library-traefik3.4.1.yaml' + +# Automatically cancel in-progress actions on the same branch +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - plat: qemu + arch: x86_64 + - plat: fc + arch: x86_64 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Build traefik3.4.1 + uses: unikraft/kraftkit@staging + with: + loglevel: debug + workdir: library/traefik/3.4.1 + runtimedir: /github/workspace/.kraftkit + plat: ${{ matrix.plat }} + arch: ${{ matrix.arch }} + push: false + output: oci://index.unikraft.io/unikraft.org/traefik:3.4.1 + + - name: Archive OCI digests + uses: actions/upload-artifact@v4 + with: + name: oci-digests-${{ matrix.arch }}-${{ matrix.plat }} + path: ${{ github.workspace }}/.kraftkit/oci/digests + if-no-files-found: error + + push: + if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} + needs: [ build ] + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Login to OCI registry + uses: docker/login-action@v3 + with: + registry: index.unikraft.io + username: ${{ secrets.REG_USERNAME }} + password: ${{ secrets.REG_TOKEN }} + + - name: Retrieve, merge and push OCI digests + uses: ./.github/actions/merge-oci-digests + with: + name: index.unikraft.io/unikraft.org/traefik:3.4.1 + push: true diff --git a/README.md b/README.md index 5e3d2c11..688e8f43 100644 --- a/README.md +++ b/README.md @@ -73,3 +73,4 @@ kraft pkg ls --apps --update | [![](https://github.com/unikraft/catalog/actions/workflows/library-ruby3.2.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-ruby3.2.yaml) | [`unikraft.org/ruby:3.2`](library/ruby/3.2) | | [![](https://github.com/unikraft/catalog/actions/workflows/library-skipper0.18.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-skipper0.18.yaml) | [`unikraft.org/skipper:0.18`](library/skipper/0.18) | | [![](https://github.com/unikraft/catalog/actions/workflows/library-surreal1.1.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-surreal1.1.yaml) | [`unikraft.org/surreal:1.1`](library/surreal/1.1) | +| [![](https://github.com/unikraft/catalog/actions/workflows/library-traefik3.4.1.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-traefik3.4.1.yaml) | [`unikraft.org/traefik:3.4.1`](library/traefik/3.4.1) | diff --git a/library/traefik/3.4.1/Dockerfile b/library/traefik/3.4.1/Dockerfile new file mode 100644 index 00000000..b87b0830 --- /dev/null +++ b/library/traefik/3.4.1/Dockerfile @@ -0,0 +1,47 @@ +FROM golang:1.25rc1-alpine3.22 AS builder + +RUN set -xe; \ + apk --no-cache add \ + gcc \ + make \ + musl-dev \ + wget \ + bash \ + git \ + ; \ + git clone https://github.com/traefik/traefik.git; + +RUN set -xe; \ + cd traefik; \ + git checkout tags/v3.4.1; \ + CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \ + -ldflags "-s -w \ + -X github.com/traefik/traefik/v3/pkg/version.Version=3.4.1 \ + -X github.com/traefik/traefik/v3/pkg/version.Codename=cheddar \ + -X github.com/traefik/traefik/v3/pkg/version.BuildDate=$(date -u +%Y-%m-%d T%H:%M:%SZ)" \ + -buildmode=pie -linkshared -o /usr/bin/traefik ./cmd/traefik + +FROM alpine:3.22 AS sys + +RUN set -xe; \ + mkdir -p /target/etc; \ + mkdir -p /blank; \ + apk --no-cache add \ + ca-certificates \ + tzdata \ + ; \ + update-ca-certificates; \ + ln -sf ../usr/share/zoneinfo/Etc/UTC /target/etc/localtime; \ + echo "Etc/UTC" > /target/etc/timezone; + +FROM scratch + +COPY --from=builder /usr/bin/traefik /usr/bin/traefik +COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1 + +COPY --from=sys /target/etc /etc +COPY --from=sys /usr/share/zoneinfo/Etc/UTC /usr/share/zoneinfo/Etc/UTC +COPY --from=sys /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=sys /blank /tmp +COPY ./dynamic.yml /etc/traefik/dynamic.yml +COPY ./traefik.yml /etc/traefik/traefik.yml diff --git a/library/traefik/3.4.1/Kraftfile b/library/traefik/3.4.1/Kraftfile new file mode 100644 index 00000000..06d976a0 --- /dev/null +++ b/library/traefik/3.4.1/Kraftfile @@ -0,0 +1,145 @@ +spec: v0.6 + +name: traefik + +rootfs: ./Dockerfile + +cmd: ["/usr/bin/traefik", "--configFile=/etc/traefik/traefik.yml"] + +template: + source: https://github.com/unikraft/app-elfloader.git + version: staging + +unikraft: + source: https://github.com/unikraft/unikraft.git + version: staging + kconfig: + # Configurations options for app-elfloader + # (they can't be part of the template atm) + CONFIG_APPELFLOADER_BRK: 'y' + CONFIG_APPELFLOADER_CUSTOMAPPNAME: 'y' + CONFIG_APPELFLOADER_STACK_NBPAGES: 128 + CONFIG_APPELFLOADER_VFSEXEC_EXECBIT: 'n' + CONFIG_APPELFLOADER_VFSEXEC: 'y' + CONFIG_APPELFLOADER_HFS: 'y' + CONFIG_APPELFLOADER_HFS_ETCRESOLVCONF: 'y' + CONFIG_APPELFLOADER_HFS_ETCHOSTS: 'y' + CONFIG_APPELFLOADER_HFS_ETCHOSTNAME: 'y' + CONFIG_APPELFLOADER_HFS_REPLACEEXIST: 'y' + # Unikraft options + CONFIG_HAVE_PAGING_DIRECTMAP: 'y' + CONFIG_HAVE_PAGING: 'y' + CONFIG_I8042: 'y' + CONFIG_LIBDEVFS_AUTOMOUNT: 'y' + CONFIG_LIBDEVFS_DEV_NULL: 'y' + CONFIG_LIBDEVFS_DEV_STDOUT: 'y' + CONFIG_LIBDEVFS_DEV_ZERO: 'y' + CONFIG_LIBDEVFS: 'y' + CONFIG_LIBPOSIX_ENVIRON_ENVP0: "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + CONFIG_LIBPOSIX_ENVIRON_ENVP1: "LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib" + CONFIG_LIBPOSIX_ENVIRON_ENVP2: "HOME=/" + CONFIG_LIBPOSIX_ENVIRON: 'y' + CONFIG_LIBPOSIX_ENVIRON_LIBPARAM: 'y' + CONFIG_LIBPOSIX_ENVIRON_LIBPARAM_MAXCOUNT: '64' + CONFIG_LIBPOSIX_EVENTFD: 'y' + CONFIG_LIBPOSIX_FDIO: 'y' + CONFIG_LIBPOSIX_FDTAB: 'y' + CONFIG_LIBPOSIX_FUTEX: 'y' + CONFIG_LIBPOSIX_MMAP: 'y' + CONFIG_LIBPOSIX_NETLINK: 'y' + CONFIG_LIBPOSIX_PIPE: 'y' + CONFIG_LIBPOSIX_POLL: 'y' + CONFIG_LIBPOSIX_PROCESS_ARCH_PRCTL: 'y' + CONFIG_LIBPOSIX_PROCESS_CLONE: 'y' + CONFIG_LIBPOSIX_PROCESS_SIGNAL: 'y' + CONFIG_LIBPOSIX_USER_UID: 0 + CONFIG_LIBPOSIX_USER_USERNAME: "root" + CONFIG_LIBPOSIX_USER: 'y' + CONFIG_LIBPOSIX_SOCKET: 'y' + CONFIG_LIBPOSIX_SYSINFO: 'y' + CONFIG_LIBPOSIX_TIME: 'y' + CONFIG_LIBPOSIX_TIMERFD: 'y' + CONFIG_LIBPOSIX_UNIXSOCKET: 'y' + CONFIG_LIBPOSIX_USER_GID: 0 + CONFIG_LIBPOSIX_USER_GROUPNAME: "root" + CONFIG_LIBRAMFS: 'y' + CONFIG_LIBSYSCALL_SHIM_HANDLER_ULTLS: 'y' + CONFIG_LIBSYSCALL_SHIM_HANDLER: 'y' + CONFIG_LIBSYSCALL_SHIM_LEGACY_VERBOSE: 'y' + CONFIG_LIBSYSCALL_SHIM: 'y' + CONFIG_LIBUKALLOCPOOL: 'y' + CONFIG_LIBUKBLKDEV_MAXNBQUEUES: '1' + CONFIG_LIBUKBLKDEV_DISPATCHERTHREADS: 'y' + CONFIG_LIBUKBLKDEV_SYNC_IO_BLOCKED_WAITING: 'y' + CONFIG_LIBUKBLKDEV: 'y' + CONFIG_LIBUKBOOT_BANNER_MINIMAL: 'y' + CONFIG_LIBUKBOOT_HEAP_BASE: '0x400000000' + CONFIG_LIBUKBOOT_MAINTHREAD: 'y' + CONFIG_LIBUKBOOT_SHUTDOWNREQ_HANDLER: 'y' + CONFIG_LIBUKCPIO: 'y' + CONFIG_LIBUKDEBUG_CRASH_SCREEN: 'y' + CONFIG_LIBUKDEBUG_ENABLE_ASSERT: 'y' + CONFIG_LIBUKDEBUG_PRINT_SRCNAME: 'n' + CONFIG_LIBUKDEBUG_PRINT_TIME: 'y' + CONFIG_LIBUKDEBUG_PRINTK_ERR: 'y' + CONFIG_LIBUKDEBUG_PRINTK: 'y' + CONFIG_LIBUKDEBUG: 'y' + CONFIG_LIBUKFALLOC: 'y' + CONFIG_LIBUKMPI: 'n' + CONFIG_LIBUKSIGNAL: 'y' + CONFIG_LIBUKRANDOM_DEVFS: 'y' + CONFIG_LIBUKRANDOM: 'y' + CONFIG_LIBUKRANDOM_GETRANDOM: 'y' + CONFIG_LIBUKVMEM_DEFAULT_BASE: '0x0000001000000000' + CONFIG_LIBUKVMEM_DEMAND_PAGE_IN_SIZE: 12 + CONFIG_LIBUKVMEM_PAGEFAULT_HANDLER_PRIO: 4 + CONFIG_LIBUKVMEM: 'y' + CONFIG_LIBVFSCORE_AUTOMOUNT_CI: 'y' + CONFIG_LIBVFSCORE_AUTOMOUNT_CI_EINITRD: 'y' + CONFIG_LIBVFSCORE_AUTOMOUNT_UP: 'y' + CONFIG_LIBVFSCORE_AUTOMOUNT: 'y' + CONFIG_LIBVFSCORE_NONLARGEFILE: 'y' + CONFIG_LIBVFSCORE: 'y' + CONFIG_LIBUK9P: 'y' + CONFIG_OPTIMIZE_DEADELIM: 'y' + CONFIG_OPTIMIZE_LTO: 'y' + CONFIG_PAGING: 'y' + CONFIG_STACK_SIZE_PAGE_ORDER: 4 # 128 * 4K = 512K + CONFIG_UKPLAT_MEMREGION_MAX_COUNT: 64 + CONFIG_LIBUKNETDEV_EINFO_LIBPARAM: 'y' + # Debug options + # CONFIG_LIBUKDEBUG_PRINTD: 'y' + # CONFIG_LIBUKDEBUG_PRINTK_INFO: 'y' + # CONFIG_LIBSYSCALL_SHIM_STRACE: 'y' + # CONFIG_LIBSYSCALL_SHIM_DEBUG: 'y' + +libraries: + lwip: + source: https://github.com/unikraft/lib-lwip.git + version: staging + kconfig: + CONFIG_LWIP_LOOPIF: 'y' + CONFIG_LWIP_UKNETDEV: 'y' + CONFIG_LWIP_LOOPBACK: 'y' + CONFIG_LWIP_TCP: 'y' + CONFIG_LWIP_UDP: 'y' + CONFIG_LWIP_RAW: 'y' + CONFIG_LWIP_WND_SCALE: 'y' + CONFIG_LWIP_TCP_KEEPALIVE: 'y' + CONFIG_LWIP_THREADS: 'y' + CONFIG_LWIP_HEAP: 'y' + CONFIG_LWIP_SOCKET: 'y' + CONFIG_LWIP_AUTOIFACE: 'y' + CONFIG_LWIP_IPV4: 'y' + CONFIG_LWIP_DHCP: 'y' + CONFIG_LWIP_DNS: 'y' + CONFIG_LWIP_NUM_TCPCON: 64 + CONFIG_LWIP_NUM_TCPLISTENERS: 64 + CONFIG_LWIP_ICMP: 'y' + libelf: + source: https://github.com/unikraft/lib-libelf.git + version: staging + +targets: +- fc/x86_64 +- qemu/x86_64 diff --git a/library/traefik/3.4.1/README.md b/library/traefik/3.4.1/README.md new file mode 100644 index 00000000..4606809b --- /dev/null +++ b/library/traefik/3.4.1/README.md @@ -0,0 +1,66 @@ +# Traefik 3.4.1 Image + +This directory contains the definition for the `unikraft.org/traefik:3.4.1` image running the Traefik reverse proxy and load balancer. + +## Prerequisites + +* Install Unikraft’s CLI toolchain: + + ```console + curl -sSL https://unikraft.org/install | console + ``` +* On the host, ensure you have a backend HTTP service reachable (e.g. a Python server listening on port `5000`). + +## Configure Traefik + +Modify configuration by changing the `traefik.yml` and `dynamic.yml` files: + + +## Build and Run + +1. **Create a network interface bridge**: + + ```console + kraft net create -n 172.44.0.1/24 virbr0 + ``` +2. **Build the unikernel** (from this directory): + + ```console + kraft build --no-cache --plat qemu --arch x86_64 . + ``` +3. **Run the unikernel** (as root): + + ```console + kraft run \ + --network virbr0 \ + -M 4096M \ + -p 80:80 . + ``` + +By default, this will listen on port **80** for HTTP traffic and port **8080** for the Traefik dashboard. + +## Testing + +* Ensure your backend service (e.g. Python server) is listening on **0.0.0.0:5000** on the host. +* From the host, subscribe or send test requests: + + ```bash + curl http://172.44.0.2/ + ``` + +> **Note:** Replace `172.44.0.2` with the IP assigned to the unikernel, as shown in its console output. + +## Customization + +* To use HTTPS, configure TLS certificates in `dynamic.yml` and add an `entryPoints.websecure` section in `traefik.yml`. +* Adjust router rules in `dynamic.yml` for host-based or path-based routing as needed. + +## Limitations + +* **File watch mode (`watch: true`)** is not supported in Unikraft unikernels; the current image requires watch: false. +* **Dashboard (`api.dashboard: true`)** is currently not supported in this unikernel image; set `dashboard: false`. + +## See also + +* [Unikraft CLI: Running Unikernels Locally](https://unikraft.org/docs/cli/running) +* [Traefik Configuration Reference](https://doc.traefik.io/traefik/) diff --git a/library/traefik/3.4.1/dynamic.yml b/library/traefik/3.4.1/dynamic.yml new file mode 100644 index 00000000..a6a92477 --- /dev/null +++ b/library/traefik/3.4.1/dynamic.yml @@ -0,0 +1,13 @@ +http: + routers: + python-app: + rule: "Path(`/`)" + service: python-service + entryPoints: + - web + + services: + python-service: + loadBalancer: + servers: + - url: "http://172.44.0.1:5000" diff --git a/library/traefik/3.4.1/traefik.yml b/library/traefik/3.4.1/traefik.yml new file mode 100644 index 00000000..1a006013 --- /dev/null +++ b/library/traefik/3.4.1/traefik.yml @@ -0,0 +1,11 @@ +entryPoints: + web: + address: ":80" + +api: + dashboard: false + +providers: + file: + filename: /etc/traefik/dynamic.yml + watch: false