Skip to main content

Setting Up Docker Instances for Challenges

Dockerizing a Challenge

To deploy a challenge using the platform, you will need to dockerize your challenge. This means that you will need to write a Dockerfile that will be used to build a docker image for your challenge based on the source code you provide.

You can learn more about Dockerfiles here.

Once you write a Dockerfile, you can test out the challenge locally by building the docker image and running it. To do this, go to the directory that contains your Dockerfile (ideally this should be the root of your codebase) and run the following commands -

docker build -t <challenge_name> .
docker run -p 8000:8000 <challenge_name>

Upon running these commands, you should be able to access your challenge at http://localhost:8000. Once you have verified that your challenge is working as expected, you can proceed to pushing the docker image to a registry. This docker image will be used by the platform to deploy your challenge.

Publishing Dockerized Challenge to a Registry

Once you have dockerized your challenge, and you have a Dockerfile and the source code for your challenge, you will need to build your challenge into a docker image, and publish that docker image to a registry. This docker image will be used by the platform to deploy your challenge, and the platform will pull the docker image from the registry you publish it to.

Using GitHub Actions

If you are using GitHub to store your challenge source code, you can use the GitHub Actions workflow provided by the platform to build and publish your docker image to a registry.

Here is a sample workflow configuration that you can use to build and publish your docker image to GitHub Container Registry.

name: Create and publish a Docker image

on:
push:
branches: ['release']

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Log in to the Container registry
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

You can find more information about the GitHub Actions workflow here.

You need to make a file .github/workflows/<some-name>.yml in your repository and add the above workflow configuration. This example workflow will be triggered on every push to the release branch of your repository.

Now once this workflow is triggered, it will build your docker image and publish it to GitHub Container Registry. You can find more information about GitHub Container Registry here.

You can obtain the docker image URL by going to the Packages tab in your repository, and clicking on the Container Registry tab. You can find more information about this here.

Creating Docker Pull Secrets

The platform supports, automates and manages deployment of your challenges using the private docker images that you provide. To do this, you will need to provide a secret that helps the platform authenticate with your docker registry.

After you have created the pull secret following the instructions below, you will need to provide the secret either globally for all challenges in Settings > Advanced Settings > Docker Configuration or for a specific challenge in the Deployment Tab in the docker pull secret field.

info

The platform, which uses Kubernetes, will use this secret to make a Kubernetes Pull Secret, which will be used to pull your docker images while deploying your challenges.

A typical yaml file for a docker pull secret looks like this:

    apiVersion: v1
kind: Secret
metadata:
name: <challenge>-registry-secret
namespace: <some-namespace>
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <base64 encoded docker config that you provide via the UI>

GitLab

  1. Login to your GitLab and open your project.
  2. Go to Settings > Repository > Deploy Tokens and create a new deployment token.
    • Username - This along with the generate token will be used to generate our secret.
    • Scope - enables the read_registry scope
  3. Copy the generated token. We will use this to generate our secret.
  4. Open a shell terminal and execute the following commands
gitlab_user=<username>
gitlab_token=<generated_token>
echo -n "{\"auths\":{\"registry.gitlab.com\":{\"auth\":\"`echo -n "$gitlab_user:$gitlab_token"|base64`\"}}}"|base64

GitHub

  1. Login to your GitHub and open your project.
  2. Go to Settings > Developer Settings > Personal Access Tokens and create a new personal access token.
    • Note: You will need to have repo scope enabled.
  3. Copy the generated token, we will use this to generate our secret.
  4. Open a shell terminal and execute the following commands -
github_user=<username>
github_token=<generated_token>
echo -n "{\"auths\":{\"ghcr.io\":{\"auth\":\"`echo -n "$github_user:$github_token"|base64`\"}}}"|base64

AWS ECR

  1. Login to your AWS console and open your ECR.
  2. Go to Account > Security Credentials > Access Keys and create a new access key.
  3. Copy the generated access key and secret. We will use this to generate our secret.
  4. Open a shell terminal and execute the following commands -
aws_access_key_id=<access_key_id>
aws_secret_access_key=<secret_access_key>
echo -n "{\"auths\":{\"<aws_account_id>.dkr.ecr.<region>.amazonaws.com\":{\"auth\":\"`echo -n "$aws_access_key_id:$aws_secret_access_key"|base64`\"}}}"|base64