Isolated container sandboxes for students to deploy websites on the NST cluster.
Each student gets their own container with SSH access, nginx, Node.js, and a persistent home directory. Websites are accessible at <student-id>.nstsdc.org.
Student → SSH (port 30xxx) → K8s NodePort → Student Pod (Alpine + sshd + nginx + node)
Browser → <id>.nstsdc.org → Traefik Ingress → Student Pod :80
Per-student resources: 128MB RAM, 200m CPU, 512MB storage
cd docker/
docker build -t registry.nstsdc.org/nst-sandbox:latest .
docker push registry.nstsdc.org/nst-sandbox:latestOr if using a local registry / containerd import:
docker build -t nst-sandbox:latest .
docker save nst-sandbox:latest | ssh nst-n1 'sudo k3s ctr images import -'scp scripts/nst-sandbox nst-n1:/usr/local/bin/
ssh nst-n1 'chmod +x /usr/local/bin/nst-sandbox'
scp -r templates/ nst-n1:/opt/nst-sandbox/templates/Update TEMPLATE path in the script to /opt/nst-sandbox/templates/sandbox-pod.yaml.
Add a wildcard DNS record:
*.nstsdc.org → cluster ingress IP
# Create a single sandbox
nst-sandbox create john-doe
# Output: SSH command, password, web URL
# Bulk provision from CSV
nst-sandbox bulk students.csv
# List all active sandboxes
nst-sandbox list
# Check a student's usage
nst-sandbox info john-doe
# Reset (fresh start, new password)
nst-sandbox reset john-doe
# Stop (preserves data, frees resources)
nst-sandbox stop john-doe
# Delete permanently
nst-sandbox delete john-doejohn-doe
jane-smith,custompassword
roll-2024001
roll-2024002,secretpassCredentials are saved to sandbox-credentials-<timestamp>.txt.
After receiving credentials:
# Connect to your sandbox
ssh your-id@nst-n1.nstsdc.org -p <your-port>
# Your website files go in ~/public/
cd ~/public
nano index.html
# Your site is live at: http://your-id.nstsdc.org| Resource | Per Student | 314 Students |
|---|---|---|
| RAM | 128MB | ~40GB |
| CPU | 200m | 62 cores (burst) |
| Storage | 512MB | ~157GB |
Note: Not all 314 students will be active simultaneously. Use stop/start to manage active sets.
# Stop all sandboxes (preserves data)
for ns in $(kubectl get ns -l app=nst-sandbox -o name); do
nst-sandbox stop "${ns#namespace/sandbox-}"
done
# Nuclear option: delete everything
for ns in $(kubectl get ns -l app=nst-sandbox -o name); do
kubectl delete "$ns" --grace-period=5
done