Website · Docs · DeepWiki · Getting Started · Examples · Roadmap
agent-sandbox enables easy management of isolated, stateful, singleton workloads, ideal for use cases like AI agent runtimes.
This project is developing a Sandbox Custom Resource Definition (CRD) and controller for Kubernetes, under the umbrella of SIG Apps. The goal is to provide a declarative, standardized API for managing workloads that require the characteristics of a long-running, stateful, singleton container with a stable identity, much like a lightweight, single-container VM experience built on Kubernetes primitives.
The Sandbox CRD is the core of agent-sandbox. It provides a declarative API for managing a single, stateful pod with a stable identity and persistent storage. This is useful for workloads that don't fit well into the stateless, replicated model of Deployments or the numbered, stable model of StatefulSets.
Key features of the Sandbox CRD include:
The extensions module provides additional CRDs and controllers that build on the core Sandbox API to provide more advanced features.
SandboxTemplate: Provides a way to define reusable templates for creating Sandboxes, making it easier to manage large numbers of similar Sandboxes.SandboxClaim: Allows users to create Sandboxes from a SandboxWarmPool, abstracting away the details of the underlying Sandbox configuration.SandboxWarmPool: Manages a pool of pre-warmed Sandboxes that can be quickly allocated to users, reducing the time it takes to get a new Sandbox up and running.agent-sandbox follows the Kubernetes controller pattern. Users create a Sandbox custom resource, and the controller manages the underlying runtime resources.
flowchart LR
User[User]
Claim[SandboxClaim]
Template[SandboxTemplate]
Sandbox[Sandbox]
Pod[Pod]
Runtime[Sandbox Runtime]
WarmPool[SandboxWarmPool]
subgraph Extensions[Extensions]
Claim
Template
WarmPool
end
%% User paths
User -->|creates| Sandbox
User -->|creates| Claim
%% Claim workflow
WarmPool -->|references| Template
Claim -->|adopts| Sandbox
%% Pod handling
Claim -->|adopts sandboxes from| WarmPool
Sandbox -->|creates Pod| Pod
%% Runtime
Pod --> Runtime
%% Warm pool
WarmPool -->|pre-warms sandboxes| Sandbox
You can install the agent-sandbox controller and its CRDs with the following command.
# Replace "vX.Y.Z" with a specific version tag (e.g., "v0.1.0") from
# https://github.com/kubernetes-sigs/agent-sandbox/releases
export VERSION="vX.Y.Z"
# To install only the core components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${VERSION}/manifest.yaml
# To install the extensions components:
kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/${VERSION}/extensions.yaml
To interact with the agent-sandbox programmatically, you can use the Python SDK. This client library provides a high-level interface for creating and managing sandboxes.
For detailed installation and usage instructions, please refer to the Python SDK README.
For advanced scale and concurrency tuning (e.g., API QPS and worker counts), please see the Configuration Guide.
Once you have installed the controller, you can create a simple Sandbox by applying the following YAML to your cluster:
apiVersion: agents.x-k8s.io/v1beta1
kind: Sandbox
metadata:
name: my-sandbox
spec:
podTemplate:
spec:
containers:
- name: my-container
image: <IMAGE>
This will create a new Sandbox named my-sandbox running the image you specify. You can then access the Sandbox using its stable hostname, my-sandbox.
For more complex examples, including how to use the extensions, please see the examples/ and extensions/examples/ directories.
Kubernetes excels at managing stateless, replicated applications (Deployments) and stable, numbered sets of stateful pods (StatefulSets). However, there's a growing need for an abstraction to handle use cases such as:
While these can be approximated by combining StatefulSets (size 1), Services, and PersistentVolumeClaims, this approach is cumbersome and lacks specialized lifecycle management like hibernation.
We aim for the Sandbox to be vendor-neutral, supporting various runtimes. Key characteristics include:
The current Roadmap can be found at roadmap.md.
This is a community-driven effort, and we welcome collaboration!
Note on PR Velocity: To maintain high velocity and keep our queues clean, this project uses stale PR management (30-day auto-stale and 15-day auto-close for inactive PRs) and allows maintainers to fast-track or take over approved community PRs. Please read our Contributing Guidelines for our full code review and PR policies.
To help improve our review velocity, we are currently experimenting with AI-assisted code reviews using GitHub Copilot and CodeRabbit as our automated first-pass reviewers. Here is the workflow:
action-required: resolve-copilot-comments.@copilot or clicking the Copilot sparkle icon to ask questions, explain code, or suggest fixes.@coderabbitai on your PR (e.g., @coderabbitai review to request an incremental re-review, or @coderabbitai full review to re-evaluate the entire PR from scratch).ready-for-review.ready-for-review PRs and provide final approval.We actively welcome your feedback on the quality, relevance, and helpfulness of these automated reviews! As we iterate on this process, we also plan to evaluate and test different AI review tools to find the best fit for our project's workflow.
Learn how to engage with the Kubernetes community on the community page.
You can reach the maintainers of this project at:
Please feel free to open issues, suggest features, and contribute code!
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.
$ claude mcp add agent-sandbox \
-- python -m otcore.mcp_server <graph>