config.yml
The sandbox environment configuration file

Sandbox environment

Virtual machine, containers, and cloud accounts in config.yml
Instruqt creates a sandbox environment on-demand when a learner starts a track. The sandbox environment configuration file config.yml contains:
    Sandbox hosts
      Virtual machines
      Containers
    Cloud accounts
      Google Cloud projects
      Azure subscriptions
      AWS accounts
To learn how to connect to the Cloud accounts from the Instruqt hosts in the Using Cloud Accounts guide
We apply some restrictions to the Cloud accounts we create to prevent abuse. Read the quotas and limits documentation for more details.

config.yml

Field
Type
Description
container[]
(Optional) The containers in the Instruqt sandbox
virtualmachine[]
(Optional) The virtual machines in the Instruqt sandbox
gcp_project[]
(Optional) Google Cloud projects
aws_account[]
(Optional) AWS accounts
azure_subscription[]
(Optional) Azure subscriptions

Container

Field
Type
Description
name
string
The name of the container (visible to learners)
image
string
The container image URL to use for this container
entrypoint
string
Optional: Set the container's ENTRYPOINT. If not specified, the container image's default is used.
cmd
string
Optional: Set the container's CMD. If not specified, the container image's default is used.
shell
string
Optional: Set the command to run as a shell for the learner. If not specified, the /bin/sh is used
ports
list
Optional: Ports to expose
environment
map
Optional: A map of key-value pairs that will be injected as environment variables
memory
int
Optional: The memory limit for the container in MB, maximum 10240 MB
We currently do not support Windows container images.

Virtual machine

Field
Type
Description
name
string
The name of the virtual machine (visible to learners)
image
string
The Google Compute image to use for this VM. Instruqt needs permission to pull the image.
machine_type
string
The machine type of the virtual machine. Overview of all supported machine types (up to 32 vCPUs and 28.8 GB memory)
environment
map
(Optional) A map of key-value pairs that will be injected as environment variables
shell
string
(Optional) Overwrite the default shell (/bin/sh), started for the learner in the web-based terminal
allow_external_ingress
[]string
(Optional) Allow inbound traffic from external sources. Valid values include: http, https, and high-ports. This feature is documented on the networking page: usage instructions.
It is possible to specify and run Windows VMs. However, our lifecycle scripts, the web-based terminal, and editor tabs only work with Linux machines.
To learn how you can still run Windows based environments, read How to run Windows based VM images

Google Cloud project

Field
Type
Description
name
string
The name of the GCP project that will be created
services
list
Use this field to enable service on the Google Cloud project. For a list of services available, visit the API library page or run gcloud services list --available. 🚫You can't enable serviceusage.googleapis.com

AWS Account

Field
Type
Description
name
string
The name of the AWS account that will be created
iam_policy
string
The IAM policy document that will be attached to the account
managed_policies
list
A list of all managed policies that should be attached to the account, a full overview of all policies can be found in the AWS Console (requires log in)
scp_policy
string
The SCP policy document that will be attached to the account

Azure subscription

Field
Type
Description
name
string
The name of the Azure Subscription that will be created
user_only
boolean
Only create AAD user, without an Azure Subscription. Useful when you only need an AAD user, for instance when using Azure DevOps
roles
list
A list of roles that should be attached to the account. You can use any built-in role from Azure, like Contributor or Owner. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for details on the available roles.

Full example (config.yml)

1
# config.yml
2
version: 2
3
containers:
4
- name: container
5
image: alpine
6
ports:
7
- 8080
8
- 9090
9
resources:
10
memory: 128
11
shell: /bin/bash
12
environment:
13
ENV_VAR: value
14
ANOTHER: one
15
virtualmachines:
16
- name: vm
17
image: debian-9
18
machine_type: g1-small
19
pool_size: 1
20
shell: /bin/bash
21
environment:
22
ENV_VAR: value
23
ANOTHER: one
24
gcp_projects:
25
- name: gcp-project
26
services:
27
- cloudresourcemanager.googleapis.com
28
- compute.googleapis.com
29
aws_accounts:
30
- name: aws-account
31
iam_policy: |
32
{
33
"Version": "2012-10-17",
34
"Statement": [
35
{
36
"Effect": "Allow",
37
"Action": "cloudformation:*",
38
"Resource": "*"
39
}
40
]
41
}
42
managed_policies:
43
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
Copied!
Last modified 22d ago