Skip to content

You are viewing documentation for Instruqt 2.0 Labs - our upcoming product releasing in September 2026. For current Tracks documentation, please visit docs.instruqt.com .

Instruqt Lab Documentation

Service

The service resource provides HTTP/HTTPS proxy access to web applications running in sandbox resources such as containers and VMs. It creates browser-accessible tabs that route traffic to services within the lab environment, enabling users to interact with web applications, APIs, and dashboards.

Use Cases

Section titled “Use Cases”

As a lab author, you can use service resources to provide web access:

  • Web Application Access: Expose web applications, dashboards, and user interfaces for hands-on interaction
  • Development Tools: Access code editors, database admin tools (e.g. pgAdmin), monitoring dashboards (e.g. Grafana)
  • Multi-Port Services: Expose different services from the same container or VM on different ports (e.g. frontend and API)

Service resources bridge the gap between isolated lab environments and user browser access, enabling realistic web application scenarios.

HCL Syntax

Section titled “HCL Syntax”

Basic Syntax

Section titled “Basic Syntax”
resource "service" "name" {
  target = resource.container.webapp
  port   = 8080
}

Full Syntax

Section titled “Full Syntax”
resource "service" "name" {
  target = resource.container.webapp
  scheme = "http"
  port   = 8080
  path   = "/app"
}

Fields

Section titled “Fields”
FieldRequiredTypeDescription
targetreference to a supported target resourceSupported target types: container, vm, k8s_cluster, kubernetes_cluster, nomad_cluster, or ingress
portnumberPort number the service is listening on
schemestringProtocol scheme: “http” or “https”. Defaults to “http”.
pathstringURL path to append to service requests

Deprecated Fields

Section titled “Deprecated Fields”
Field Type Description
title string DEPRECATED: Use the title field on the tab in your layout instead

Validation Rules

Section titled “Validation Rules”

  • Target limitation: The target can only reference resources of type:

    • container
    • vm
    • k8s_cluster
    • kubernetes_cluster
    • nomad_cluster
    • ingress

  • Scheme validation: Must be either “http” or “https”

  • Port validation: Must be a valid port number (1-65535)

  • Path format: Must start with ”/” if specified

Examples

Section titled “Examples”

Basic HTTP Service

Section titled “Basic HTTP Service”
resource "service" "webapp" {
  target = resource.container.app
  port   = 3000
}

HTTPS Service with Path

Section titled “HTTPS Service with Path”
resource "service" "dashboard" {
  target = resource.container.monitoring
  scheme = "https"
  port   = 3000
  path   = "/dashboard"
}

VM Service

Section titled “VM Service”
resource "service" "vm_dashboard" {
  target = resource.vm.devbox
  port   = 8080
  path   = "/dashboard"
}

Multiple Services from One Container

Section titled “Multiple Services from One Container”
resource "container" "multiservice" {
  image {
    name = "myapp:latest"
  }


  port {
    local = 8080
  }


  port {
    local = 8081
  }
}


resource "service" "app_ui" {
  target = resource.container.multiservice
  port   = 8080
}


resource "service" "app_api" {
  target = resource.container.multiservice
  port   = 8081
  path   = "/api/v1"
}

Service in Layout

Section titled “Service in Layout”
resource "layout" "default" {
  column {
    width = "50"
    instructions {}
  }


  column {
    width = "50"


    tab "webapp" {
      target = resource.service.webapp
      title  = "Web Application"
    }
  }
}

Kubernetes Access Pattern

Section titled “Kubernetes Access Pattern”

When you want a controlled browser entry point for Kubernetes API access, use a proxy container:

# Proxy container for Kubernetes dashboard
resource "container" "k8s_proxy" {
  image {
    name = "bitnami/kubectl:latest"
  }


  command = ["kubectl", "proxy", "--address=0.0.0.0", "--port=8001", "--accept-hosts=.*"]


  network {
    id = resource.network.main.meta.id
  }


  volume {
    source      = resource.kubernetes_cluster.k8s.kubeconfig_path
    destination = "/root/.kube/config"
    type        = "bind"
  }


  port {
    local = 8001
  }
}


# Service pointing to the proxy container
resource "service" "k8s_dashboard" {
  target = resource.container.k8s_proxy
  port   = 8001
  path   = "/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"
}

Best Practices

Section titled “Best Practices”
  1. Use Meaningful Names: Name your service resources based on their function (e.g., webapp, api, dashboard)
  2. Consistent Schemes: Use HTTPS for services when certificates are properly configured
  3. Path Configuration: Use the path field to route to specific application paths
  4. Port Documentation: Document which ports your services use in comments
  5. Health Checks: Ensure the target resource has health checks configured for service availability

Common Issues

Section titled “Common Issues”

  1. Target Type Error: “target can only be of the following types: container, vm, k8s_cluster, kubernetes_cluster, nomad_cluster, ingress”

    • Solution: Ensure you’re referencing a supported sandbox resource

  2. Service Not Accessible: Service loads but shows connection errors

    • Check that the target resource is running and healthy
    • Verify the port number matches the service’s actual listening port
    • Ensure the target exposes the port in its configuration

  3. HTTPS Certificate Issues: When using scheme “https”

    • The service must have valid SSL certificates configured
    • Consider using “http” for development/testing scenarios