Declarative Tunnels
Manage tunnels from desired state instead of imperative commands.
Declarative tunnels allow tunnel configuration to be described as desired state. Instead of running rstream forward for each tunnel, a single long-running agent reconciles the desired configuration and keeps tunnels in sync with it.
The declarative entrypoint is rstream run. It supports two sources: a YAML file, and Docker container labels.
In both modes, tunnels created by the reconciler are marked with managed labels so they can be distinguished from manually created tunnels.
Apply mode and Docker mode
In apply mode, rstream run --apply <path> reads a YAML configuration file, validates it strictly, and reconciles tunnels to match it.
In Docker mode, rstream run --docker listens to Docker events and reads labels on running containers to derive tunnels.
Both modes support a watch loop. In watch mode, changes to the YAML file or Docker container labels trigger a reconciliation.
Related pages
YAML documents the configuration file format. Docker Labels documents the label schema and provides compose examples.