generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 59
Docs: Add guides section #140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
k8s-ci-robot
merged 5 commits into
kubernetes-sigs:main
from
volatilemolotov:docs_site_guides
Nov 24, 2025
+752
−0
Merged
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
02ff203
add guides
volatilemolotov be52a09
move all guides to examples
volatilemolotov 67542c6
Merge branch 'kubernetes-sigs:main' into docs_site_guides
volatilemolotov c52d740
minor fixes
volatilemolotov 4a4ae9e
remove reference to platform
volatilemolotov File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| # Arbitrary Code Execution | ||
| The server application includes a FastAPI server that can execute commands that are sent to it through HTTP requests. | ||
|
|
||
| ## Python Classes of the server app | ||
|
|
||
| The `examples/python-runtime-sandbox/main.py` file defines the following Pydantic models to ensure type-safe data for the API endpoints: | ||
|
|
||
| ### `ExecuteRequest` | ||
| This class models the request body for the `/execute` endpoint. | ||
| - **`command: str`**: The shell command to be executed in the sandbox. | ||
|
|
||
| ### `ExecuteResponse` | ||
| This class models the response body for the `/execute` endpoint. | ||
| - **`stdout: str`**: The standard output from the executed command. | ||
| - **`stderr: str`**: The standard error from the executed command. | ||
| - **`exit_code: int`**: The exit code of the executed command. | ||
| ## Install Agent Sandbox on a local Kind cluster | ||
|
|
||
| In this example we will create a [Kind (Kubernetes In Docker)](https://kind.sigs.k8s.io/) cluster to install the Agent Sandbox. | ||
|
|
||
| 1. Clone the `agent-sandbox` repository if needed: | ||
|
|
||
| ```sh | ||
| git clone https://github.com/kubernetes-sigs/agent-sandbox.git | ||
| ``` | ||
|
|
||
| 2. Move to the repository folder: | ||
|
|
||
| ```sh | ||
| cd agent-sandbox | ||
| ``` | ||
|
|
||
| 3. Create a Kind cluster and deploy the agent controller by following this [installation tutorial](../../installation/_index.md). | ||
|
|
||
| ## Deploy Python Runtime Sandbox | ||
|
|
||
| 1. Go to the Python Runtime example folder: | ||
|
|
||
| ```sh | ||
| cd examples/python-runtime-sandbox | ||
| ``` | ||
|
|
||
| 2. Build image with Python Runtime | ||
|
|
||
| ```sh | ||
| docker build -t sandbox-runtime . | ||
| ``` | ||
|
|
||
| 3. Load the resulting image into the Kind cluster: | ||
|
|
||
| ```sh | ||
| kind load docker-image sandbox-runtime:latest --name agent-sandbox | ||
| ``` | ||
|
|
||
| 4. Apply Python runtime sandbox CRD and deployment: | ||
|
|
||
| ```sh | ||
| kubectl apply -f sandbox-python-kind.yaml | ||
| ``` | ||
|
|
||
| 5. Wait for the sandbox pod to be ready: | ||
|
|
||
| ```sh | ||
| kubectl wait --for=condition=ready pod --selector=sandbox=my-python-sandbox --timeout=60s | ||
| ``` | ||
|
|
||
| ## Test runtime sandbox | ||
|
|
||
| 1. Create another terminal session and port-forward sandbox’s pod in order to access it: | ||
|
|
||
| ```sh | ||
| kubectl port-forward "pod/sandbox-python-example" 8888:8888 | ||
| ``` | ||
|
|
||
| 2. Verify that runtime sandbox’s server is up: | ||
|
|
||
| ```sh | ||
| curl 127.0.0.1:8888/ | ||
| ``` | ||
|
|
||
| The output should be similar to: | ||
|
|
||
| ```log | ||
| {"status":"ok","message":"Sandbox Runtime is active."} | ||
| ``` | ||
|
|
||
| 3. Create an environment variable with the command that has to be executed: | ||
|
|
||
| ```sh | ||
| PAYLOAD="{\"command\": \"echo 'hello world'\"}" | ||
| ``` | ||
|
|
||
| 4. Execute the command: | ||
|
|
||
| ```sh | ||
| curl -X POST -H "Content-Type: application/json" -d "${PAYLOAD}" 127.0.0.1:8888/execute | ||
| ``` | ||
|
|
||
| The output should be similar to: | ||
|
|
||
| ```log | ||
| {"stdout":"hello world\n","stderr":"","exit_code":0} | ||
| ``` | ||
|
|
||
| ## Cleanup | ||
|
|
||
| 1. Delete the Kind cluster: | ||
|
|
||
| ```sh | ||
| kind delete cluster --name agent-sandbox | ||
| ``` | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.