Summary

agent-sandbox addresses the challenge of managing isolated, stateful, singleton workloads on Kubernetes, targeting use cases like AI agent runtimes, development environments, and persistent single-pod services. It introduces a Sandbox Custom Resource Definition (CRD) and controller to provide a declarative API for workloads requiring stable identity, persistent storage, and specialized lifecycle management, offering a lightweight, single-container VM-like experience built on Kubernetes primitives.

How It Works

The core Sandbox CRD defines a declarative API for a single, stateful pod with a stable hostname, network identity, and persistent storage, managed by a dedicated controller. This approach is advantageous for workloads that don't fit the stateless, replicated model of Deployments or the numbered, stable model of StatefulSets. Extensions like SandboxTemplate, SandboxClaim, and SandboxWarmPool further enhance the system by enabling reusable templates, abstracting configuration details, and managing pools of pre-warmed pods for faster allocation.

Quick Start & Requirements

Installation requires applying YAML manifests to a Kubernetes cluster, specifying a version tag (e.g., v0.1.0). Core components and optional extensions can be installed separately.

export VERSION="vX.Y.Z"
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${VERSION}/manifest.yaml # Core
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${VERSION}/extensions.yaml # Extensions

A basic Sandbox is created by applying a YAML definition with a container image.

Highlighted Details

• Provides stable identity (hostname, network) and persistent storage for singleton workloads.
• Features robust lifecycle management, including creation, scheduled deletion, pausing, and resuming.
• Aims for strong isolation via runtimes like gVisor or Kata Containers for enhanced security.
• Supports deep hibernation, saving state to persistent storage.
• Extensions facilitate templating, abstraction, and warm pool management for efficiency.

Maintenance & Community

This is a community-driven project under SIG Apps, welcoming collaboration. Engagement channels include a Slack channel and a mailing list. Issues can be opened for suggestions and contributions.

Licensing & Compatibility

The license type is not explicitly stated in the provided information. As a Kubernetes SIG project, it is likely permissive (e.g., Apache 2.0), but this requires verification.

Limitations & Caveats

The v1alpha1 API version indicates the project is in an early development stage. Features like memory sharing across sandboxes are still under exploration and depend on the chosen runtime.