feat(internal/cmd): Add 'instance tunnel' command#248
Draft
craciunoiuc wants to merge 2 commits into
Draft
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a new unikraft instance tunnel subcommand intended to forward a local port to a non-public instance via an intermediate TLS tunnel service, enabling testing scenarios that require internal VM traffic.
Changes:
- Adds
InstancesTunnelCmdto the instances command group. - Implements target parsing, instance/IP resolution, tunnel-proxy instance creation, and local-to-remote relaying over TLS.
- Adds control-channel heartbeats to keep the tunnel service connection alive.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
2 times, most recently
from
49d2539 to
8ae136d
Compare
jedevc
reviewed
Apr 7, 2026
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
from
8ae136d to
5e8f3e5
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
|
I need to fix these + do one more pass so no rush |
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
from
5e8f3e5 to
b8e8437
Compare
Member
Author
|
Should be as decent as it gets, definitely an upgrade compared to kraftkit |
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
from
b8e8437 to
a5b1451
Compare
Member
Author
|
Have to rebase the code and to generate tests on Monday. |
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
2 times, most recently
from
dcaf1a6 to
c7622e6
Compare
jedevc
reviewed
May 1, 2026
Member
jedevc
left a comment
jedevc
left a comment
There was a problem hiding this comment.
Needs a rebase, and to get the tests passing 🎉
Member
Author
|
I'll rebase and fix afterwards |
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
3 times, most recently
from
ccbfb69 to
1aa3b6d
Compare
Member
Author
|
once you agree with the changes, I will fixup the I am pretty sure I covered all your requests. It now even has multi-metro support The API is now: I tested that the usual + new stuff still works |
Signed-off-by: Cezar Craciunoiu <cezar@unikraft.io>
Signed-off-by: Cezar Craciunoiu <cezar@unikraft.io>
craciunoiuc
force-pushed
the
craciunoiuc/add-instance-tunnel
branch
from
1aa3b6d to
ad763de
Compare
Comment on lines
+149
to
+167
| var c *exec.Cmd | ||
| if args[0] == "unikraft" { | ||
| c = exec.CommandContext(t.Context(), env.unikraftPath, args[1:]...) | ||
| } else { | ||
| c = exec.CommandContext(t.Context(), args[0], args[1:]...) | ||
| } | ||
|
|
||
| c.Env = os.Environ() | ||
| c.Env = slices.DeleteFunc(c.Env, func(s string) bool { | ||
| return strings.HasPrefix(s, "UNIKRAFT_") | ||
| }) | ||
| c.Env = append(c.Env, "NO_COLOR=1") | ||
| c.Env = append(c.Env, "UNIKRAFT_CONFIG="+env.configPath) | ||
| c.Env = append(c.Env, "BUILDKIT_PROGRESS=quiet") | ||
| c.Env = append(c.Env, resource.UnikraftSandboxEnv+"="+env.sandboxPath) | ||
| c.Cancel = func() error { | ||
| return c.Process.Signal(os.Interrupt) | ||
| } | ||
| c.WaitDelay = 30 * time.Second |
| } | ||
| time.Sleep(500 * time.Millisecond) | ||
| } | ||
| t.Errorf("timed out waiting for %s to become reachable", addr) |
|
|
||
| TunnelProxyPorts []string `short:"p" name:"tunnel-proxy-port" help:"Remote port(s) exposed by the tunnel service. When a single value is given it is used as the starting port for multiple targets." default:"4444" hidden:""` | ||
| ProxyControlPort uint `short:"P" name:"tunnel-control-port" help:"Command-and-control port of the tunnel service." default:"4443" hidden:""` | ||
| TunnelServiceImage string ` name:"tunnel-image" help:"Image to use for the tunnel service." default:"official/utils/tunnel:1.0" hidden:""` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Nodes need this option
--net-internal-traffic=vmin order to test it.The Tunlr also needs updating to remove the check for inter-vm comms.Done.
TODO: Update tests when platform is stable.
Blocked on: https://github.com/unikraft-cloud/platform/pull/705
Closes: TOOL-714