Manage Container Blueprints¶
The Container Blueprints feature acts as an intermediary template between the technical infrastructure and end-user access. Instance administrators create blueprints to simplify setup for organization or group administrators.
A container blueprint allows you to:
Pre-select the container provider and image so they cannot be changed later.
Lock specific settings, such as clipboard access, to enforce security policies.
Hide technical details from organization or group administrators.
Note
Blueprints are templates. You cannot launch a container directly from a blueprint. An organization or group administrator must first use it to create a container profile.
Create a Container Blueprint¶
Go to verified_user Administration Area > architecture Container Blueprints, then click New Container Blueprint.
Tip: You can also create a blueprint directly from an image — go to stacks Images , select an image, then click Create Container Blueprint.
Select your Provider and Image (if you didn’t start from an existing image).
Note: Once the blueprint is created, the Image and Container Provider cannot be changed.
Configure the blueprint parameters — name, icon, session timeout, clipboard access, file transfer, sessions, labels.
The Options section shows fields specific to the selected image type (e.g. target host and authentication method for an SSH Bastion, browser settings for a Chromium RBI).
For SSH Bastion images, a Secret section also appears:
Primary identifier — select the secret injected at login (
[SSH_KEY],[LOGIN], etc.). Locked by default: organization administrators can see that a secret is configured and replace it, but cannot view its value. Can be unlocked.Secondary identifier (optional) — useful when the primary identifier is an SSH key but a login is required for sudo privilege escalation. Locked by default, can be unlocked.
(Optional) Lock the settings you want to enforce for organization administrators.
Note
Locked configuration is hidden from organization administrators. Security settings (clipboard, file transfer) remain visible but read-only.
(Optional) Assign Applications to the blueprint. You can lock them to prevent organization administrators from removing them. Available for Iron containers only.
(Optional) Create Constraints to restrict node placement (e.g. reserve a blueprint for GPU-equipped servers).
Click Create to save the blueprint.
Assign a Blueprint to an Organization¶
If the association between the container provider and the image used by your blueprint is private, you must assign the blueprint to an organization before it can be used. If the provider-image association is public, the blueprint is automatically available and you can skip this section.
Step 1: Verify Provider Access
Go to verified_user Administration Area > dashboard General > domain Organizations and select the target organization.
Go to the Container Provider section.
Verify that the provider associated with your blueprint is listed. If not, assign it to the organization before proceeding.
Step 2: Assign the Blueprint
Still within the selected organization, go to stacks Images.
Click Add Private Image.
In the dialog, select the matching Provider and Image.
Select your blueprint from the Container Blueprint dropdown. Note: a blueprint only appears here if it is associated with the provider and image selected in the previous step.
Click Save.
The blueprint appears in the organization’s list of available images. Organization administrators can now select this blueprint when creating a new container profile (see Manage Containers).
See Also¶
Manage Container Images — import and configure available images
Configure Container Providers — prerequisite before creating a blueprint
Configure Secret Providers — prerequisite for SSH Bastion blueprints