config.yml

The sandbox environment configuration file

Sandbox environment

Virtual machine, containers, and cloud accounts in config.yml

Instruqt creates a sandbox environment on-demand when a learner starts a track. The sandbox environment configuration file config.yml contains:

  • Sandbox hosts

    • Virtual machines

    • Containers

  • Cloud accounts

    • Google Cloud projects

    • Azure subscriptions

    • AWS accounts

To learn how to connect to the Cloud accounts from the Instruqt hosts in the Using Cloud Accounts guide

We apply some restrictions to the Cloud accounts we create to prevent abuse. Read the quotas and limits documentation for more details.

config.yml

Field

Type

Description

containers

container[]

(Optional) The containers in the Instruqt sandbox

virtualmachines

virtualmachine[]

(Optional) The virtual machines in the Instruqt sandbox

gcp_projects

gcp_project[]

(Optional) Google Cloud projects

aws_accounts

aws_account[]

(Optional) AWS accounts

azure_subscriptions

azure_subscription[]

(Optional) Azure subscriptions

Container

Field

Type

Description

name

string

The name of the container (visible to learners)

image

string

The container image URL to use for this container

entrypoint

string

Optional: Set the container's ENTRYPOINT. If not specified, the container image's default is used.

cmd

string

Optional: Set the container's CMD. If not specified, the container image's default is used.

shell

string

Optional: Set the command to run as a shell for the learner. If not specified, the /bin/sh is used

ports

list

Optional: Ports to expose

environment

map

Optional: A map of key-value pairs that will be injected as environment variables

memory

int

Optional: The memory limit for the container in MB, maximum 10240 MB

We currently do not support Windows container images.

Virtual machine

Field

Type

Description

name

string

The name of the virtual machine (visible to learners)

image

string

The Google Compute image to use for this VM. Instruqt needs permission to pull the image.

machine_type

string

The machine type of the virtual machine. Overview of all supported machine types (up to 32 vCPUs and 28.8 GB memory)

environment

map

(Optional) A map of key-value pairs that will be injected as environment variables

shell

string

(Optional) Overwrite the default shell (/bin/sh), started for the learner in the web-based terminal

It is possible to specify and run Windows VMs. However, our lifecycle scripts, the web-based terminal, and editor tabs only work with Linux machines.

To learn how you can still run Windows based environments, read How to run Windows based VM images

Google Cloud project

Field

Type

Description

name

string

The name of the GCP project that will be created

services

list

Use this field to enable service on the Google Cloud project. For a list of services available, visit the API library page or run gcloud services list --available. 🚫You can't enable serviceusage.googleapis.com

AWS Account

Field

Type

Description

name

string

The name of the AWS account that will be created

iam_policy

string

The IAM policy document that will be attached to the account

managed_policies

list

A list of all managed policies that should be attached to the account, a full overview of all policies can be found in the AWS Console (requires log in)

scp_policy

string

The SCP policy document that will be attached to the account

Azure subscription

Field

Type

Description

name

string

The name of the Azure Subscription that will be created

user_only

boolean

Only create AAD user, without an Azure Subscription. Useful when you only need an AAD user, for instance when using Azure DevOps

roles

list

A list of roles that should be attached to the account. You can use any built-in role from Azure, like Contributor or Owner. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for details on the available roles.

Full example (config.yml)

# config.yml
version: 2
containers:
- name: container
image: alpine
ports:
- 8080
- 9090
resources:
memory: 128
shell: /bin/bash
environment:
ENV_VAR: value
ANOTHER: one
virtualmachines:
- name: vm
image: debian-9
machine_type: g1-small
pool_size: 1
shell: /bin/bash
environment:
ENV_VAR: value
ANOTHER: one
gcp_projects:
- name: gcp-project
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
aws_accounts:
- name: aws-account
iam_policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudformation:*",
"Resource": "*"
}
]
}
managed_policies:
- arn:aws:iam::aws:policy/AmazonEC2FullAccess