Service
The service resource provides HTTP/HTTPS proxy access to web applications running in containers. It creates browser-accessible tabs that route traffic to services within the lab environment, enabling users to interact with web applications, APIs, and dashboards.
Use Cases
Section titled “Use Cases”As a lab author, you can use service resources to provide web access:
- Web Application Access: Expose web applications, dashboards, and user interfaces for hands-on interaction
- Development Tools: Access code editors, database admin tools (e.g. pgAdmin), monitoring dashboards (e.g. Grafana)
- Multi-Port Services: Expose different services from the same container on different ports (e.g. frontend and API)
Service resources bridge the gap between isolated lab environments and user browser access, enabling realistic web application scenarios.
HCL Syntax
Section titled “HCL Syntax”Basic Syntax
Section titled “Basic Syntax”resource "service" "name" { target = resource.container.webapp port = 8080}Full Syntax
Section titled “Full Syntax”resource "service" "name" { target = resource.container.webapp scheme = "http" port = 8080 path = "/app"}Fields
Section titled “Fields”| Field | Required | Type | Description |
|---|---|---|---|
target | ✓ | reference to container | Reference to the container hosting the service |
port | ✓ | number | Port number the service is listening on |
scheme | string | Protocol scheme: “http” or “https”. Defaults to “http”. | |
path | string | URL path to append to service requests |
Deprecated Fields
Section titled “Deprecated Fields”| Field | Type | Description |
|---|---|---|
title |
string | DEPRECATED: Use the title field on the tab in your layout instead |
Validation Rules
Section titled “Validation Rules”-
Target limitation: The target can only reference resources of type:
container
Note: Service resources cannot currently target
kubernetes_clusteroringressresources. This is a known limitation that requires workarounds for Kubernetes-based labs. -
Scheme validation: Must be either “http” or “https”
-
Port validation: Must be a valid port number (1-65535)
-
Path format: Must start with ”/” if specified
Examples
Section titled “Examples”Basic HTTP Service
Section titled “Basic HTTP Service”resource "service" "webapp" { target = resource.container.app port = 3000}HTTPS Service with Path
Section titled “HTTPS Service with Path”resource "service" "dashboard" { target = resource.container.monitoring scheme = "https" port = 3000 path = "/dashboard"}Multiple Services from One Container
Section titled “Multiple Services from One Container”resource "container" "multiservice" { image { name = "myapp:latest" }
port { local = 8080 }
port { local = 8081 }}
resource "service" "app_ui" { target = resource.container.multiservice port = 8080}
resource "service" "app_api" { target = resource.container.multiservice port = 8081 path = "/api/v1"}Service in Layout
Section titled “Service in Layout”resource "layout" "default" { column { width = "50" instructions {} }
column { width = "50"
tab "webapp" { target = resource.service.webapp title = "Web Application" } }}Kubernetes Access Pattern
Section titled “Kubernetes Access Pattern”Since service resources cannot directly target kubernetes_cluster resources, use a proxy container to access cluster services:
# Proxy container for Kubernetes dashboardresource "container" "k8s_proxy" { image { name = "bitnami/kubectl:latest" }
command = ["kubectl", "proxy", "--address=0.0.0.0", "--port=8001", "--accept-hosts=.*"]
network { id = resource.network.main.meta.id }
volume { source = resource.kubernetes_cluster.k8s.kubeconfig_path destination = "/root/.kube/config" type = "bind" }
port { local = 8001 }}
# Service pointing to the proxyresource "service" "k8s_dashboard" { target = resource.container.k8s_proxy port = 8001 path = "/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"}Best Practices
Section titled “Best Practices”- Use Meaningful Names: Name your service resources based on their function (e.g.,
webapp,api,dashboard) - Consistent Schemes: Use HTTPS for services when certificates are properly configured
- Path Configuration: Use the
pathfield to route to specific application paths - Port Documentation: Document which ports your services use in comments
- Health Checks: Ensure the target container has health checks configured for service availability
Common Issues
Section titled “Common Issues”-
Target Type Error: “target can only be of the following types: container”
- Solution: Use a proxy container for Kubernetes services
- Solution: Ensure you’re referencing a container resource
-
Service Not Accessible: Service loads but shows connection errors
- Check that the container is running and healthy
- Verify the port number matches the service’s actual listening port
- Ensure the container exposes the port in its configuration
-
HTTPS Certificate Issues: When using scheme “https”
- The service must have valid SSL certificates configured
- Consider using “http” for development/testing scenarios