feat: Add Python Template and Claim Sandbox Example and Python Code execution Client SDK #88
Conversation
The first commit's message is:
Created a python sandbox example based on sandboxtemplate and sandboxclaim using the controller extensions
which can now create a family of python code execution sandboxes.
Due to issues testing the new Sandboxtemplate and claim extension I fixed 2 issues below.
The second commit's message is:
1. The sandbox-python-claim.yaml was using a field named templateRef to point to the SandboxTemplate.
In extensions/api/v1alpha1/sandboxclaim_types.go, I found that the corresponding field in the SandboxClaimSpec
struct was named sandboxTemplateRef.
To fix this, I modified the Go code to match the YAML - I renamed the TemplateRef field within the SandboxClaimSpec struct and updated its JSON tag from sandboxTemplateRef to templateRef.
2. In k8s/deployment.yaml I added:
containers:
- name: agent-sandbox-controller
image: ko://sigs.k8s.io/agent-sandbox/cmd/agent-sandbox-controller
args:
- --extensions
So it starts with the extensions enabled and makes it recognize and process the SandboxClaim resource to create the Sandbox pod.
… sandboxes and run python code in them using the agent sandbox controller with Sandboxclaim and Sandboxtemplate extension. Added python packaging files to make the client installable with pip. Added a test script that installs the client and runs it against the sandbox in kind. Updated the run-test-kind.sh script to use the new client Now you have a complete client server python code executor on k8s using the agent sandbox controller.
… showing inner information
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: tomergee The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @tomergee. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/XXL
✅ Deploy Preview for agent-sandbox canceled.
|
…sandbox client (the previous version did not show the correct functionality) corrected some previous tests in the python test_client.py that were not pushed to the repo
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
examples/python-template-sandbox/agentic-sandbox-client/agentic_sandbox.egg-info/PKG-INFO
Outdated
Show resolved
Hide resolved
Reverted templateRef and fixed refrences to sandboxTemplateRef in k8s/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml sandboxclaim_types.go and sandbox.py client
…he Sandbox controller as an extention to Gemini CLI. Updated license to Apache-2.0 in several files.
…ment file reverted deployment file changes to allow deploying controller without extentions
…tes.yaml after pending bug fix in PR kubernetes-sigs#122 which will support copying over labels and annotations from Sandboxtemplate
janetkuo
left a comment
janetkuo
left a comment
There was a problem hiding this comment.
Given that the SDK uses a bunch of extensions features, please move examples/python-template-sandbox/* to be under extensions/examples
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
There was a problem hiding this comment.
Given the upcoming KubeCon announcement, it would be great to get the Python SDK merged and released as quickly as possible. I'd like to suggest splitting this pull request into smaller, more focused PRs:
-
Python SDK PR: only includes the agentic-sandbox-client/. This is the core piece of functionality that we need for the announcement.
-
Clear README.md: Update the README.md in the agentic-sandbox-client/ to be more focused on the SDK's usage, with a clear example. The current README.md is a bit dense, and a simpler version would be more user-friendly for people learning about the project at KubeCon, such as:
# Agentic Sandbox Python Client
This Python client provides a simple, high-level interface for creating and interacting with sandboxes managed by the Agent Sandbox controller.
## Usage
### Prerequisites
* A running Kubernetes cluster (e.g., `kind`).
* The Agent Sandbox controller must be deployed with the extensions feature enabled. (--> point to the Sandbox installation guide)
* A `SandboxTemplate` resource must be created in the cluster.
### Installation
Install the client ...
### Example
(some Python example usage of the SDK)
For more detailed examples, please see test_client.py.
(Move the detailed "How It Works" and "Testing" sections to the end of README.)
- Follow-up PRs: The python-runtime-sandbox and tools/run_in_sandbox can be submitted as separate pull requests after the client is merged. These don't need to be merged before KubeCon.
| @@ -0,0 +1 @@ | |||
| build/\nvenv/\n | |||
There was a problem hiding this comment.
Should those \n be newlines?
| @@ -0,0 +1,114 @@ | |||
| # Agentic Sandbox Python Client | |||
There was a problem hiding this comment.
So this is duplicated into egg-info (I believe). I'm not very familiar with checking in egg-info. Which one is the source of truth? Can we use a symlink or a script to avoid them drifting? (Or some other approach?)
| port = sys.argv[2] | ||
| base_url = f"http://{ip}:{port}" | ||
|
|
||
| test_health_check(base_url) |
There was a problem hiding this comment.
Is there a python testing library we use in kube? (Not a blocker)
| from fastapi.responses import FileResponse, JSONResponse | ||
| from pydantic import BaseModel | ||
|
|
||
| class ExecuteRequest(BaseModel): |
There was a problem hiding this comment.
This file looks very similar to examples/python-template-sandbox/python-runtime-sandbox/main.py, what's the difference?
| @@ -0,0 +1,62 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Can we make sure that we actually run this test in prow?
| @@ -0,0 +1,66 @@ | |||
| # Copyright 2025 The Kubernetes Authors. | |||
|
I did read through the PR, it seems fine to me particularly if we can plug it in to prow or github actions testing. I do think there are some duplicated files though, which I think might be accidental, and I would like to figure out if we can avoid duplicating files into egg-info. |
6 participants
This PR introduces a complete example for creating sandboxes using the SandboxTemplate and SandboxClaim extension resources for Python code execution.
It includes a new Python client SDK (agentic-sandbox-client) that provides a high-level, context-managed interface for creating, interacting with, and cleaning up sandboxes based on Sandbox templates and claims.
The SDK is currently basic and will be expanded in the future.
The run-test-kind.sh script has been updated to use the new sandbox controller extensions for template/claim and to use the Python client sdk. It deploys and cleans everything in one script.
Due to issues testing the new Sandboxtemplate and claim extension - The core of the work involved fixing two key bugs: enabling the extensions controller by default and correcting a field name mismatch in the SandboxClaim CRD (templateRef):
The sandbox-python-claim.yaml was using a field named templateRef to point to the SandboxTemplate.
In extensions/api/v1alpha1/sandboxclaim_types.go, I found that the corresponding field in the SandboxClaimSpec
struct was named sandboxTemplateRef.
To fix this, I modified the Go code to match the YAML - I renamed the TemplateRef field within the SandboxClaimSpec struct and updated its JSON tag from sandboxTemplateRef to templateRef.
In k8s/deployment.yaml I added:
containers:
- name: agent-sandbox-controller
image: ko://sigs.k8s.io/agent-sandbox/cmd/agent-sandbox-controller
args:
- --extensions
So it starts with the extensions enabled and makes it recognize and process the SandboxClaim resource to create the Sandbox pod.