unikraft · prasoon054 · Jul 2, 2025
diff --git a/.github/workflows/library-traefik3.4.1.yaml b/.github/workflows/library-traefik3.4.1.yaml
@@ -0,0 +1,83 @@
+name: library/traefik:3.4.1
+
+on:
+  repository_dispatch:
+    types: [core_merge, musl_merge, traefik_merge]
+
+  workflow_dispatch:
+
+  schedule:
+  - cron: '0 0 * * *' # Everyday at 12AM
+
+  push:
+    branches: [main]
+    paths:
+    - 'library/traefik/3.4.1/**'
+    - '.github/workflows/library-traefik3.4.1.yaml'
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches: [main]
+    paths:
+    - 'library/traefik/3.4.1/**'
+    - '.github/workflows/library-traefik3.4.1.yaml'
+
+# Automatically cancel in-progress actions on the same branch
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - plat: qemu
+          arch: x86_64
+        - plat: fc
+          arch: x86_64
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Build traefik3.4.1
+      uses: unikraft/kraftkit@staging
+      with:
+        loglevel: debug
+        workdir: library/traefik/3.4.1
+        runtimedir: /github/workspace/.kraftkit
+        plat: ${{ matrix.plat }}
+        arch: ${{ matrix.arch }}
+        push: false
+        output: oci://index.unikraft.io/unikraft.org/traefik:3.4.1
+
+    - name: Archive OCI digests
+      uses: actions/upload-artifact@v4
+      with:
+        name: oci-digests-${{ matrix.arch }}-${{ matrix.plat }}
+        path: ${{ github.workspace }}/.kraftkit/oci/digests
+        if-no-files-found: error
+
+  push:
+    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
+    needs: [ build ]
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Login to OCI registry
+      uses: docker/login-action@v3
+      with:
+        registry: index.unikraft.io
+        username: ${{ secrets.REG_USERNAME }}
+        password: ${{ secrets.REG_TOKEN }}
+
+    - name: Retrieve, merge and push OCI digests
+      uses: ./.github/actions/merge-oci-digests
+      with:
+        name: index.unikraft.io/unikraft.org/traefik:3.4.1
+        push: true
diff --git a/README.md b/README.md
@@ -73,3 +73,4 @@ kraft pkg ls --apps --update
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-ruby3.2.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-ruby3.2.yaml) | [`unikraft.org/ruby:3.2`](library/ruby/3.2) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-skipper0.18.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-skipper0.18.yaml) | [`unikraft.org/skipper:0.18`](library/skipper/0.18) |
 | [![](https://github.com/unikraft/catalog/actions/workflows/library-surreal1.1.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-surreal1.1.yaml) | [`unikraft.org/surreal:1.1`](library/surreal/1.1) |
+| [![](https://github.com/unikraft/catalog/actions/workflows/library-traefik3.4.1.yaml/badge.svg)](https://github.com/unikraft/catalog/actions/workflows/library-traefik3.4.1.yaml) | [`unikraft.org/traefik:3.4.1`](library/traefik/3.4.1) |
diff --git a/library/traefik/3.4.1/Dockerfile b/library/traefik/3.4.1/Dockerfile
@@ -0,0 +1,47 @@
+FROM golang:1.25rc1-alpine3.22 AS builder
+
+RUN set -xe; \
+    apk --no-cache add \
+      gcc \
+      make \
+      musl-dev \
+      wget \
+      bash \
+      git \
+    ; \
+    git clone https://github.com/traefik/traefik.git;
+
+RUN set -xe; \
+    cd traefik; \
+    git checkout tags/v3.4.1; \
+    CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \
+        -ldflags "-s -w \
+            -X github.com/traefik/traefik/v3/pkg/version.Version=3.4.1 \
+            -X github.com/traefik/traefik/v3/pkg/version.Codename=cheddar \
+            -X github.com/traefik/traefik/v3/pkg/version.BuildDate=$(date -u +%Y-%m-%d T%H:%M:%SZ)" \
+        -buildmode=pie -linkshared -o /usr/bin/traefik ./cmd/traefik
+
+FROM alpine:3.22 AS sys
+
+RUN set -xe; \
+    mkdir -p /target/etc; \
+    mkdir -p /blank; \
+    apk --no-cache add \
+      ca-certificates \
+      tzdata \
+    ; \
+    update-ca-certificates; \
+    ln -sf ../usr/share/zoneinfo/Etc/UTC /target/etc/localtime; \
+    echo "Etc/UTC" > /target/etc/timezone;
+
+FROM scratch
+
+COPY --from=builder /usr/bin/traefik /usr/bin/traefik
+COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
+
+COPY --from=sys /target/etc /etc
+COPY --from=sys /usr/share/zoneinfo/Etc/UTC /usr/share/zoneinfo/Etc/UTC
+COPY --from=sys /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=sys /blank /tmp
+COPY ./dynamic.yml /etc/traefik/dynamic.yml
+COPY ./traefik.yml /etc/traefik/traefik.yml
diff --git a/library/traefik/3.4.1/Kraftfile b/library/traefik/3.4.1/Kraftfile
@@ -0,0 +1,145 @@
+spec: v0.6
+
+name: traefik
+
+rootfs: ./Dockerfile
+
+cmd: ["/usr/bin/traefik", "--configFile=/etc/traefik/traefik.yml"]
+
+template:
+  source: https://github.com/unikraft/app-elfloader.git
+  version: staging
+
+unikraft:
+  source: https://github.com/unikraft/unikraft.git
+  version: staging
+  kconfig:
+    # Configurations options for app-elfloader
+    # (they can't be part of the template atm)
+    CONFIG_APPELFLOADER_BRK: 'y'
+    CONFIG_APPELFLOADER_CUSTOMAPPNAME: 'y'
+    CONFIG_APPELFLOADER_STACK_NBPAGES: 128
+    CONFIG_APPELFLOADER_VFSEXEC_EXECBIT: 'n'
+    CONFIG_APPELFLOADER_VFSEXEC: 'y'
+    CONFIG_APPELFLOADER_HFS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCRESOLVCONF: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTNAME: 'y'
+    CONFIG_APPELFLOADER_HFS_REPLACEEXIST: 'y'
+    # Unikraft options
+    CONFIG_HAVE_PAGING_DIRECTMAP: 'y'
+    CONFIG_HAVE_PAGING: 'y'
+    CONFIG_I8042: 'y'
+    CONFIG_LIBDEVFS_AUTOMOUNT: 'y'
+    CONFIG_LIBDEVFS_DEV_NULL: 'y'
+    CONFIG_LIBDEVFS_DEV_STDOUT: 'y'
+    CONFIG_LIBDEVFS_DEV_ZERO: 'y'
+    CONFIG_LIBDEVFS: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_ENVP0: "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP1: "LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP2: "HOME=/"
+    CONFIG_LIBPOSIX_ENVIRON: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_LIBPARAM: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_LIBPARAM_MAXCOUNT: '64'
+    CONFIG_LIBPOSIX_EVENTFD: 'y'
+    CONFIG_LIBPOSIX_FDIO: 'y'
+    CONFIG_LIBPOSIX_FDTAB: 'y'
+    CONFIG_LIBPOSIX_FUTEX: 'y'
+    CONFIG_LIBPOSIX_MMAP: 'y'
+    CONFIG_LIBPOSIX_NETLINK: 'y'
+    CONFIG_LIBPOSIX_PIPE: 'y'
+    CONFIG_LIBPOSIX_POLL: 'y'
+    CONFIG_LIBPOSIX_PROCESS_ARCH_PRCTL: 'y'
+    CONFIG_LIBPOSIX_PROCESS_CLONE: 'y'
+    CONFIG_LIBPOSIX_PROCESS_SIGNAL: 'y'
+    CONFIG_LIBPOSIX_USER_UID: 0
+    CONFIG_LIBPOSIX_USER_USERNAME: "root"
+    CONFIG_LIBPOSIX_USER: 'y'
+    CONFIG_LIBPOSIX_SOCKET: 'y'
+    CONFIG_LIBPOSIX_SYSINFO: 'y'
+    CONFIG_LIBPOSIX_TIME: 'y'
+    CONFIG_LIBPOSIX_TIMERFD: 'y'
+    CONFIG_LIBPOSIX_UNIXSOCKET: 'y'
+    CONFIG_LIBPOSIX_USER_GID: 0
+    CONFIG_LIBPOSIX_USER_GROUPNAME: "root"
+    CONFIG_LIBRAMFS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER_ULTLS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER: 'y'
+    CONFIG_LIBSYSCALL_SHIM_LEGACY_VERBOSE: 'y'
+    CONFIG_LIBSYSCALL_SHIM: 'y'
+    CONFIG_LIBUKALLOCPOOL: 'y'
+    CONFIG_LIBUKBLKDEV_MAXNBQUEUES: '1'
+    CONFIG_LIBUKBLKDEV_DISPATCHERTHREADS: 'y'
+    CONFIG_LIBUKBLKDEV_SYNC_IO_BLOCKED_WAITING: 'y'
+    CONFIG_LIBUKBLKDEV: 'y'
+    CONFIG_LIBUKBOOT_BANNER_MINIMAL: 'y'
+    CONFIG_LIBUKBOOT_HEAP_BASE: '0x400000000'
+    CONFIG_LIBUKBOOT_MAINTHREAD: 'y'
+    CONFIG_LIBUKBOOT_SHUTDOWNREQ_HANDLER: 'y'
+    CONFIG_LIBUKCPIO: 'y'
+    CONFIG_LIBUKDEBUG_CRASH_SCREEN: 'y'
+    CONFIG_LIBUKDEBUG_ENABLE_ASSERT: 'y'
+    CONFIG_LIBUKDEBUG_PRINT_SRCNAME: 'n'
+    CONFIG_LIBUKDEBUG_PRINT_TIME: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK_ERR: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK: 'y'
+    CONFIG_LIBUKDEBUG: 'y'
+    CONFIG_LIBUKFALLOC: 'y'
+    CONFIG_LIBUKMPI: 'n'
+    CONFIG_LIBUKSIGNAL: 'y'
+    CONFIG_LIBUKRANDOM_DEVFS: 'y'
+    CONFIG_LIBUKRANDOM: 'y'
+    CONFIG_LIBUKRANDOM_GETRANDOM: 'y'
+    CONFIG_LIBUKVMEM_DEFAULT_BASE: '0x0000001000000000'
+    CONFIG_LIBUKVMEM_DEMAND_PAGE_IN_SIZE: 12
+    CONFIG_LIBUKVMEM_PAGEFAULT_HANDLER_PRIO: 4
+    CONFIG_LIBUKVMEM: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI_EINITRD: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_UP: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT: 'y'
+    CONFIG_LIBVFSCORE_NONLARGEFILE: 'y'
+    CONFIG_LIBVFSCORE: 'y'
+    CONFIG_LIBUK9P: 'y'
+    CONFIG_OPTIMIZE_DEADELIM: 'y'
+    CONFIG_OPTIMIZE_LTO: 'y'
+    CONFIG_PAGING: 'y'
+    CONFIG_STACK_SIZE_PAGE_ORDER: 4 # 128 * 4K = 512K
+    CONFIG_UKPLAT_MEMREGION_MAX_COUNT: 64
+    CONFIG_LIBUKNETDEV_EINFO_LIBPARAM: 'y'
+    # Debug options
+    # CONFIG_LIBUKDEBUG_PRINTD: 'y'
+    # CONFIG_LIBUKDEBUG_PRINTK_INFO: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_STRACE: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_DEBUG: 'y'
+
+libraries:
+  lwip:
+    source: https://github.com/unikraft/lib-lwip.git
+    version: staging
+    kconfig:
+      CONFIG_LWIP_LOOPIF: 'y'
+      CONFIG_LWIP_UKNETDEV: 'y'
+      CONFIG_LWIP_LOOPBACK: 'y'
+      CONFIG_LWIP_TCP: 'y'
+      CONFIG_LWIP_UDP: 'y'
+      CONFIG_LWIP_RAW: 'y'
+      CONFIG_LWIP_WND_SCALE: 'y'
+      CONFIG_LWIP_TCP_KEEPALIVE: 'y'
+      CONFIG_LWIP_THREADS: 'y'
+      CONFIG_LWIP_HEAP: 'y'
+      CONFIG_LWIP_SOCKET: 'y'
+      CONFIG_LWIP_AUTOIFACE: 'y'
+      CONFIG_LWIP_IPV4: 'y'
+      CONFIG_LWIP_DHCP: 'y'
+      CONFIG_LWIP_DNS: 'y'
+      CONFIG_LWIP_NUM_TCPCON: 64
+      CONFIG_LWIP_NUM_TCPLISTENERS: 64
+      CONFIG_LWIP_ICMP: 'y'
+  libelf:
+    source: https://github.com/unikraft/lib-libelf.git
+    version: staging
+
+targets:
+- fc/x86_64
+- qemu/x86_64
diff --git a/library/traefik/3.4.1/README.md b/library/traefik/3.4.1/README.md
@@ -0,0 +1,66 @@
+# Traefik 3.4.1 Image
+
+This directory contains the definition for the `unikraft.org/traefik:3.4.1` image running the Traefik reverse proxy and load balancer.
+
+## Prerequisites
+
+* Install Unikraft’s CLI toolchain:
+
+  ```console
+  curl -sSL https://unikraft.org/install | console
+  ```
+* On the host, ensure you have a backend HTTP service reachable (e.g. a Python server listening on port `5000`).
+
+## Configure Traefik
+
+Modify configuration by changing the `traefik.yml` and `dynamic.yml` files:
+
+
+## Build and Run
+
+1. **Create a network interface bridge**:
+
+   ```console
+   kraft net create -n 172.44.0.1/24 virbr0
+   ```
+2. **Build the unikernel** (from this directory):
+
+   ```console
+   kraft build --no-cache --plat qemu --arch x86_64 .
+   ```
+3. **Run the unikernel** (as root):
+
+   ```console
+   kraft run \
+       --network virbr0 \
+       -M 4096M \
+       -p 80:80 .
+   ```
+
+By default, this will listen on port **80** for HTTP traffic and port **8080** for the Traefik dashboard.
+
+## Testing
+
+* Ensure your backend service (e.g. Python server) is listening on **0.0.0.0:5000** on the host.
+* From the host, subscribe or send test requests:
+
+  ```bash
+  curl http://172.44.0.2/
+  ```
+
+> **Note:** Replace `172.44.0.2` with the IP assigned to the unikernel, as shown in its console output.
+
+## Customization
+
+* To use HTTPS, configure TLS certificates in `dynamic.yml` and add an `entryPoints.websecure` section in `traefik.yml`.
+* Adjust router rules in `dynamic.yml` for host-based or path-based routing as needed.
+
+## Limitations
+
+* **File watch mode (`watch: true`)** is not supported in Unikraft unikernels; the current image requires watch: false.
+* **Dashboard (`api.dashboard: true`)** is currently not supported in this unikernel image; set `dashboard: false`.
+
+## See also
+
+* [Unikraft CLI: Running Unikernels Locally](https://unikraft.org/docs/cli/running)
+* [Traefik Configuration Reference](https://doc.traefik.io/traefik/)
diff --git a/library/traefik/3.4.1/dynamic.yml b/library/traefik/3.4.1/dynamic.yml
@@ -0,0 +1,13 @@
+http:
+  routers:
+    python-app:
+      rule: "Path(`/`)"
+      service: python-service
+      entryPoints:
+        - web
+
+  services:
+    python-service:
+      loadBalancer:
+        servers:
+          - url: "http://172.44.0.1:5000"
diff --git a/library/traefik/3.4.1/traefik.yml b/library/traefik/3.4.1/traefik.yml
@@ -0,0 +1,11 @@
+entryPoints:
+  web:
+    address: ":80"
+
+api:
+  dashboard: false
+
+providers:
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: false