Initial push for quickstart example

[alex-akv]

This quickstart example includes setting up Agent Sandbox with Warmpool and Python SDK using one of the two isolation strategies (gVisor on KIND | Kata Containers on minikube).

[netlify]

✅ Deploy Preview for agent-sandbox ready!

Name	Link
🔨 Latest commit	9502c20
🔍 Latest deploy log	https://app.netlify.com/projects/agent-sandbox/deploys/696f4be53cecea000848cf0a
😎 Deploy Preview	https://deploy-preview-237--agent-sandbox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[k8s-ci-robot]

Hi @alex-akv. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[barney-s]

I would rename this to Secure Agent Sandbox Quickstart.

We also have a #220 simple example.

[alex-akv]

Renamed in commit: 979e6a3

[barney-s]

Can this be a separate file instead of being inline here ?
Is there a reason there is a file separator here.

[alex-akv]

You're right, we don't need separator there. I have removed it in the commit: 979e6a3

[barney-s]

Since this is a large file. Would it make sense to split it into 3. The first file acting as a index for

1. gVisor on KIND << separate file for this
   2 Kata Containers on minikube << and this

[alex-akv]

Split into 3 files in commit: 9502c20

[barney-s]

same Q about yaml file separator. If this is meant for a doc-processor, would it work with multiple files instead of a single file separated by this ?

[alex-akv]

We don't need separator there. Addressed it in commit: 979e6a3

[barney-s]

if possible can we split it into 3 files ?

1. index file with common setup/pre-reqs
2. gVisor on KIND
3. Kata Containers on minikube

[barney-s]

Great work on this detailed quickstart! It provides a clear path for users to try out the Agent Sandbox.

My review focuses on:

1. Robustness: Improving the shell commands and Python script to handle edge cases and race conditions.
2. Safety: Reducing the risk of aggressive commands like pkill and rm affecting the user's environment.
3. Maintainability: Avoiding hardcoded version numbers and ensuring instructions don't rot quickly.

[barney-s]

wget is used in the installation steps but not listed in the prerequisites. Consider adding it or offering a curl alternative.

[alex-akv]

Added it as prerequisite in commit: 7a6ea0d

[barney-s]

rm -f *.sha512 in the current directory is risky if the user runs this in a directory with other files. Suggest creating a temporary directory for downloads or being more specific with the removal pattern.

[alex-akv]

Modifed the solution to remove files explicitly in commit: 7a6ea0d

[barney-s]

The script uses sudo to move binaries. It's good practice to warn the user that root privileges will be required for this step.

[alex-akv]

Explained that root privs are required on top of the step in commit: 7a6ea0d

[barney-s]

Overwriting /etc/containerd/config.toml completely using cat > can break existing KIND configurations (e.g., registry mirrors). While acceptable for a demo, a warning or a sed based approach would be safer.

[alex-akv]

Added a warning in commit: 7a6ea0d

[barney-s]

8192MB (8GB) of RAM is a significant requirement for a quickstart. If Kata requires this much, please highlight this hard requirement in the prerequisites section so users don't fail halfway through.

[alex-akv]

Added requirements and explanation in commit: 7a6ea0d

[barney-s]

pkill -f "port-forward ..." is quite aggressive and might terminate other unrelated port-forward sessions running on the user's machine. Consider tracking the specific PID or warning the user.

[alex-akv]

Modified the approach in commit: 7a6ea0d

[barney-s]

Creating the venv in ~/agent-sandbox-venv modifies the user's home directory structure. Standard practice is often to create it in the current directory (e.g., python3 -m venv .venv) or let the user decide the location.

[alex-akv]

Modified the approach in commit: 7a6ea0d

[barney-s]

time.sleep(3) is brittle. It would be better to read the stdout of the portforward_proc process and wait for the "Forwarding from" line to confirm the tunnel is ready.

[alex-akv]

Addressed in commit: 7a6ea0d

[barney-s]

chmod +x is redundant here since the next instruction runs the script explicitly with python3.

[alex-akv]

Removed the chmod in commit: 7a6ea0d

[barney-s]

The guide assumes the default namespace everywhere. While fine for a quickstart, explicitly creating a dedicated namespace (e.g., agent-sandbox-demo) makes cleanup easier (just delete the namespace) and avoids cluttering default.

[alex-akv]

Switched from using default to agent-sandbox-demo dedicated namespace and modified cleanup steps in commit: 7a6ea0d

[alex-akv]

if possible can we split it into 3 files ?

1. index file with common setup/pre-reqs
2. gVisor on KIND
3. Kata Containers on minikube

@barney-s Split into 3 files in commit: 9502c20

[barney-s]

/lgtm
happy to merge and refine

[janetkuo]

Users can use prebuilt staging images to avoid the need to build images locally.

us-central1-docker.pkg.dev/k8s-staging-images/python-runtime-sandbox
us-central1-docker.pkg.dev/k8s-staging-images/sandbox-router

[janetkuo]

Please turn this into an env var

Suggested change

	```bash
	```bash
	# Set the runtime based on your choice
	export RUNTIME_CLASS_NAME=gvisor # or 'kata-qemu'

[janetkuo]

Suggested change

	runtimeClassName: <RUNTIME_CLASS_NAME> # Replace with 'gvisor' or 'kata-qemu'
	runtimeClassName: ${RUNTIME_CLASS_NAME}

[janetkuo]

While there's a warning, overwriting a system-critical file in a docker exec session is an anti-pattern for Kubernetes infrastructure automation. It can lead to NodeNotReady status if KIND-specific networking or mirror configurations are lost. Instead of a manual docker exec and systemctl restart, use the KIND-native way to configure runtimes during cluster creation, via containerdConfigPatches in the initial KIND cluster configuration file.

[janetkuo]

It's better to pin to a specific version for a reproducible quickstart

[janetkuo]

There's no mechanism to stop the loop if the process fails to start or outputs an error. This could lead to orphaned threads if the port-forward fails.

[janetkuo]

Why is runsc.v1 specified, instead of shim-v2?

[janetkuo]

Test 4 waits for the tunnel to be ready. Does this note need to be updated?

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: alex-akv
Once this PR has been reviewed and has the lgtm label, please ask for approval from barney-s. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• examples/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment