init

2026-04-17 10:02:22 +00:00 · 2026-02-07 13:49:11 -05:00 · 2026-02-07 13:49:11 -05:00 · 0595d93c49
commit 0595d93c49
28 changed files with 1763 additions and 0 deletions
--- a/internal/manifest/templates/karpenter-ec2nodeclass.yaml.tmpl
+++ b/internal/manifest/templates/karpenter-ec2nodeclass.yaml.tmpl
@ -0,0 +1,14 @@
+apiVersion: karpenter.k8s.aws/v1
+kind: EC2NodeClass
+metadata:
+  name: sandbox-nodes
+spec:
+  amiSelectorTerms:
+    - alias: "al2023@latest"
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "{{ .Namespace }}-cluster"
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "{{ .Namespace }}-cluster"
+  role: "KarpenterNodeRole-{{ .Namespace }}-cluster"
--- a/internal/manifest/templates/karpenter-nodepool.yaml.tmpl
+++ b/internal/manifest/templates/karpenter-nodepool.yaml.tmpl
@ -0,0 +1,33 @@
+apiVersion: karpenter.sh/v1
+kind: NodePool
+metadata:
+  name: sandbox-pool
+spec:
+  template:
+    spec:
+      requirements:
+        - key: node.kubernetes.io/instance-type
+          operator: In
+          values:
+          {{- range .Compute.InstanceTypes }}
+            - {{ . }}
+          {{- end }}
+        - key: karpenter.sh/capacity-type
+          operator: In
+          values:
+          {{- range .Compute.CapacityTypes }}
+            - {{ . }}
+          {{- end }}
+        - key: kubernetes.io/arch
+          operator: In
+          values:
+            - amd64
+      nodeClassRef:
+        name: sandbox-nodes
+        group: karpenter.k8s.aws
+        kind: EC2NodeClass
+  limits:
+    cpu: {{ .Compute.MaxCPU }}
+    memory: {{ .Compute.MaxMemory }}
+  disruption:
+    consolidationPolicy: {{ if .Compute.Consolidation }}WhenEmptyOrUnderutilized{{ else }}WhenEmpty{{ end }}
--- a/internal/manifest/templates/namespace.yaml.tmpl
+++ b/internal/manifest/templates/namespace.yaml.tmpl
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Namespace }}
--- a/internal/manifest/templates/sandbox-template.yaml.tmpl
+++ b/internal/manifest/templates/sandbox-template.yaml.tmpl
@ -0,0 +1,66 @@
+apiVersion: agentsandbox.dev/v1
+kind: SandboxTemplate
+metadata:
+  name: sandbox-template
+  namespace: {{ .Namespace }}
+spec:
+  template:
+    spec:
+      containers:
+        - name: sandbox
+          image: {{ .Sandbox.Image }}
+          ports:
+          {{- range .Sandbox.Ports }}
+            - containerPort: {{ . }}
+          {{- end }}
+          resources:
+            requests:
+              cpu: {{ .Sandbox.Resources.Requests.CPU }}
+              memory: {{ .Sandbox.Resources.Requests.Memory }}
+            limits:
+              cpu: {{ .Sandbox.Resources.Limits.CPU }}
+              memory: {{ .Sandbox.Resources.Limits.Memory }}
+          securityContext:
+            runAsUser: {{ .Sandbox.SecurityContext.RunAsUser }}
+            runAsGroup: {{ .Sandbox.SecurityContext.RunAsGroup }}
+            runAsNonRoot: {{ .Sandbox.SecurityContext.RunAsNonRoot }}
+          env:
+          {{- range $key, $value := .Sandbox.Env }}
+            - name: {{ $key }}
+              value: "{{ $value }}"
+          {{- end }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Sandbox.Probes.Port }}
+            failureThreshold: {{ .Sandbox.Probes.StartupFailureThreshold }}
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Sandbox.Probes.Port }}
+            periodSeconds: 10
+          volumeMounts:
+            - name: workspace
+              mountPath: {{ .Sandbox.MountPath }}
+  volumeClaimTemplates:
+    - metadata:
+        name: workspace
+      spec:
+        accessModes:
+          - ReadWriteMany
+        storageClassName: efs-sandbox
+        resources:
+          requests:
+            storage: "10Gi"
+  networkPolicy:
+    egress:
+    {{- if .Sandbox.NetworkPolicy.EgressAllowAll }}
+      - to:
+          - ipBlock:
+              cidr: 0.0.0.0/0
+    {{- end }}
+    ingress:
+    {{- range .Sandbox.NetworkPolicy.IngressPorts }}
+      - ports:
+          - port: {{ . }}
+            protocol: TCP
+    {{- end }}
--- a/internal/manifest/templates/storageclass-efs.yaml.tmpl
+++ b/internal/manifest/templates/storageclass-efs.yaml.tmpl
@ -0,0 +1,14 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: efs-sandbox
+provisioner: efs.csi.aws.com
+parameters:
+  provisioningMode: efs-ap
+  fileSystemId: {{ .Storage.FilesystemID }}
+  directoryPerms: "755"
+  uid: "{{ .Storage.UID }}"
+  gid: "{{ .Storage.GID }}"
+  basePath: {{ .Storage.BasePath }}
+reclaimPolicy: {{ .Storage.ReclaimPolicy }}
+volumeBindingMode: Immediate
--- a/internal/manifest/templates/warm-pool.yaml.tmpl
+++ b/internal/manifest/templates/warm-pool.yaml.tmpl
@ -0,0 +1,10 @@
+apiVersion: agentsandbox.dev/v1
+kind: SandboxWarmPool
+metadata:
+  name: sandbox-warm-pool
+  namespace: {{ .Namespace }}
+spec:
+  templateRef:
+    name: sandbox-template
+  replicas: {{ .Sandbox.WarmPool.Size }}
+  ttlMinutes: {{ .Sandbox.WarmPool.TTLMinutes }}