This document explains how to install and configure Docker for Kernaro AI, which uses containerized execution to securely run Code Nodes inside an isolated sandbox environment. 

Windows Edition Requirements 

Docker requires a Windows edition that supports virtualization and Windows containers. 

Supported Editions: 

• Windows 10/11 Pro or Enterprise (Docker Desktop) 

• Windows Server 2019 or later (Docker Engine) 

⚠️ Windows Home edition does not support Windows containers. 

Check your Windows edition: 

Virtualization Requirements 

Docker requires hardware virtualization to be enabled in the BIOS or UEFI. 

Verify virtualization status: 

Enable Required Windows Features 

• Run the following commands in PowerShell (as Administrator): 

Docker Installation Options 

You can install Docker using either Docker Desktop or Docker Engine. 

Option 1: Docker Desktop 

Download and Install 

Get Docker Desktop from the official Docker website. 

Switch to Windows Containers 

By default, Docker Desktop runs Linux containers. 
   To switch: 

• Right-click the Docker whale icon in the system tray. 

• Select “Switch to Windows containers” (if available). 

Verify container mode 

• To confirm the container mode: 

• You should see: 

Option 2: Docker Engine (Manual Installation) 

Enable Windows Containers feature 

Create Docker directory 

Download the latest Docker Engine binaries (stable build) 

 Extract Docker files 

Add Docker to system PATH 

Register and start the Docker service 

Verify 

• After installation, verify Docker functionality: 

• You should see Docker service information confirming that it is running with Windows containers enabled. 

EA Kernaro AI – Sandbox Installation Instructions 

The Kernaro AI Sandbox image provides a controlled execution environment for Code Nodes. 

1. Download the Sandbox Image 
   Retrieve the Sandbox .tar file from the designated SharePoint location. 

2. Place the Image File 
   Move the downloaded file (e.g., WindowsSandbox.tar) to the same directory where the Kernaro AI executable (.exe) resides 

3. Launch the Application 
   Start the Kernaro AI application. 

 Note: The Docker image loading process may take several minutes to complete. 

4. Verify the Image Installation 
   After the load completes, open PowerShell or Command Prompt and run:  

1. open a terminal or PowerShell window  

2. run the following command to confirm successful import: 

3. Ensure that the image sandbox-windows:latest appears in the list. 

Building a Custom Docker Image (For Internal Developer Use Only) 

This section explains how to build and manage the custom Docker image used internally for the Kernaro AI sandbox environment. The image provides a consistent runtime setup for executing user code securely through Deno and Python inside Docker. 

1. Overview 

The Dockerfile.windows serves as the build definition for creating the Kernaro AI Sandbox image. Any file named Dockerfile or Dockerfile.windows is automatically recognized by Docker as a build configuration for an image. 

• The Dockerfile.windows in our solution is based on the Windows Server Core base image and includes: 

• Python installation (with standard libraries preinstalled) 

• Deno runtime (copied into the image by default) 

• Support for additional Python packages from a local vendor environment 

• The primary execution entry point is the /sandbox/runner.ts file. 

• This script runs user code securely within Deno inside the Docker container. 

Note: If you modify runner.ts or update any environment configurations, you must rebuild the Docker image to apply the changes. 

2.Adding Additional Python Packages 

• By default, the Kernaro AI Sandbox image includes only standard Python libraries. 

• If your Code Node requires additional Python packages, you can create a vendor environment containing the required dependencies. 

• During the image build process, Kernaro AI automatically includes these libraries inside the Docker container. 

Steps to Build a Prebaked Python Environment: 

• You can modify the list of packages as needed by adding or removing items from the pip install command 

Note: All dependencies installed in this vendor environment are automatically bundled inside the Docker image during the build process and become available at runtime within the sandbox container. 

3. Building the Docker Image 

• Navigate to your solution folder and build the image: 

• Then build the image using the following command: 
  

4. Verify the Image 

• Once the build completes, you can verify that Python and required packages are correctly installed by running: 

• This command opens a temporary container, lists installed Python packages, and exits automatically. 

5. Export the Image as a TAR File 

• To export the Docker image as a .tar file (for distribution or sharing), run: 

• This creates a WindowsSandbox.tar file in your solution directory. 

6. .dockerignore Handling 

• If you need to include or exclude specific files from the Docker image during the build, review the .dockerignore file in your solution. 

•  This file defines which items are ignored when copying files into the Docker image. 

7. Sharing the Built Image 

The generated .tar file is excluded from Git commits (as defined in .gitignore). 
To locate it: 

• Open the solution folder in Windows Explorer, and 

• You’ll find WindowsSandbox.tar there. 

Once located, upload the TAR file to SharePoint and share it with the required users