config.yml
The sandbox environment configuration file

Sandbox environment

Virtual machine, containers, and cloud accounts in config.yml
Instruqt creates a sandbox environment on demand when a learner starts a track. The sandbox environment configuration file config.yml may contain:
  • Sandbox hosts
    • Virtual machines
    • Containers
  • Cloud accounts
    • Google Cloud projects
    • Azure subscriptions
    • AWS accounts
To learn how to connect to the Cloud accounts from the Instruqt hosts in the Using Cloud Accounts guide
We apply some restrictions to the Cloud accounts we create to prevent abuse. Read the quotas and limits documentation for more details.

config.yml

Field
Type
Description
version
string
The challenges configuration format version. Can either be "3" (for the standard format) or "2" (for the legacy format).
container[]
(Optional) The containers in the Instruqt sandbox
virtualmachine[]
(Optional) The virtual machines in the Instruqt sandbox
gcp_project[]
(Optional) Google Cloud projects
aws_account[]
(Optional) AWS accounts
azure_subscription[]
(Optional) Azure subscriptions

Container

Field
Type
Description
name
string
Name of the container. Visible to learners and becomes the short DNS hostname of the container.
image
string
The container image URL to use for this container
entrypoint
string
Optional: Set the container's ENTRYPOINT. If not specified, the container image's default is used.
cmd
string
Optional: Set the container's CMD. If not specified, the container image's default is used.
shell
string
Optional: Set the command to run as a shell for the learner. If not specified, /bin/sh is used
ports
list
Optional: Ports to expose
environment
map
Optional: A map of key-value pairs that will be injected as environment variables
memory
int
Optional: The memory limit for the container in MB, maximum 10240 MB
We currently do not support Windows container images.

Virtual machine

Field
Type
Description
name
string
The name of the virtual machine. Visible to learners and becomes part of the short DNS hostname of the VM.
image
string
The Google Compute image to use for this VM. Instruqt needs permission to pull the image.
machine_type
string
The machine type of the virtual machine. Overview of all supported machine types (up to 32 vCPUs and 28.8 GB memory)
environment
map
(Optional) A map of key-value pairs that will be injected as environment variables
shell
string
(Optional) Defaults to /bin/sh for maximum compatibility. Set this to /bin/bash for more features.
allow_external_ingress
[]string
(Optional) Allow inbound traffic from external sources. Valid options include: http, https, and high-ports. This feature is documented on the networking page: usage instructions.
It is possible to specify and run Windows VMs. However, our lifecycle scripts, the web-based terminal, and editor tabs only work with Linux machines.
Read How to run Windows based VM images for a workaround that works on Windows VMs.

Google Cloud project

Field
Type
Description
name
string
The name of the GCP project that will be created
services
list
Use this field to enable services on the Google Cloud project. For a list of available services, visit the API library page or run gcloud services list --available. 🚫You can't enable serviceusage.googleapis.com

AWS Account

Field
Type
Description
name
string
The name of the AWS account that will be created
iam_policy
string
The IAM policy document that will be attached to the account. This can be specified as either YAML or JSON.
managed_policies
list
A list of all managed policies that should be attached to the account, a full overview of all policies can be found in the AWS Console (requires log in)
scp_policy
string
The SCP policy document that will be attached to the account

Azure subscription

Field
Type
Description
name
string
The name of the Azure Subscription that will be created
user_only
boolean
Only create AAD user, without an Azure Subscription. Useful when you only need an AAD user, for instance when using Azure DevOps
roles
list
A list of roles that should be attached to the account. You can use any built-in Azure IAM roles, such as Contributor or Owner. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for details on the available roles.

Full example (config.yml)

The following config.yml file contains a container, a virtual machine, a GCP project, an AWS account, and an Azure subscription.
1
# config.yml
2
version: "3"
3
containers:
4
- name: container
5
image: alpine
6
ports:
7
- 8080
8
- 9090
9
resources:
10
memory: 128
11
shell: /bin/bash
12
environment:
13
ENV_VAR: value
14
ANOTHER: one
15
virtualmachines:
16
- name: vm
17
image: debian-9
18
machine_type: g1-small
19
shell: /bin/bash
20
environment:
21
ENV_VAR: value
22
ANOTHER: one
23
gcp_projects:
24
- name: gcp-project
25
services:
26
- cloudresourcemanager.googleapis.com
27
aws_accounts:
28
- name: aws-account
29
iam_policy: |
30
{
31
"Version": "2012-10-17",
32
"Statement": [
33
{
34
"Effect": "Allow",
35
"Action": "cloudformation:*",
36
"Resource": "*"
37
}
38
]
39
}
40
managed_policies:
41
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
42
azure_subscriptions:
43
- name: azure-subscription
44
roles:
45
- Contributor
Copied!
Last modified 29d ago