helm was getting gitignored

chart/agentikube/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: agentikube
+description: Isolated agent sandboxes on Kubernetes
+type: application
+version: 0.1.0
+appVersion: "0.1.0"
+keywords:
+  - sandbox
+  - agents
+  - kubernetes
+  - karpenter
+  - efs

chart/agentikube/templates/NOTES.txt

@@ -0,0 +1,25 @@
+agentikube has been installed in namespace {{ .Release.Namespace }}.
+
+Resources created:
+  - StorageClass: efs-sandbox (EFS filesystem: {{ .Values.storage.filesystemId }})
+  - SandboxTemplate: sandbox-template
+{{- if .Values.sandbox.warmPool.enabled }}
+  - SandboxWarmPool: sandbox-warm-pool ({{ .Values.sandbox.warmPool.size }} replicas)
+{{- end }}
+{{- if eq .Values.compute.type "karpenter" }}
+  - NodePool: sandbox-pool
+  - EC2NodeClass: sandbox-nodes
+{{- end }}
+  - NetworkPolicy: sandbox-network-policy
+
+To create a sandbox:
+  agentikube create <handle> --provider <provider> --api-key <key>
+
+To list sandboxes:
+  agentikube list
+
+To SSH into a sandbox:
+  agentikube ssh <handle>
+
+To destroy a sandbox:
+  agentikube destroy <handle>

chart/agentikube/templates/_helpers.tpl

@@ -0,0 +1,42 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "agentikube.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "agentikube.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "agentikube.labels" -}}
+helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{ include "agentikube.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "agentikube.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "agentikube.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

chart/agentikube/templates/karpenter-ec2nodeclass.yaml

@@ -0,0 +1,18 @@
+{{- if eq .Values.compute.type "karpenter" }}
+apiVersion: karpenter.k8s.aws/v1
+kind: EC2NodeClass
+metadata:
+  name: sandbox-nodes
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+spec:
+  amiSelectorTerms:
+    - alias: "al2023@latest"
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: {{ required "compute.clusterName is required for Karpenter" .Values.compute.clusterName | quote }}
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: {{ .Values.compute.clusterName | quote }}
+  role: {{ printf "KarpenterNodeRole-%s" .Values.compute.clusterName | quote }}
+{{- end }}

chart/agentikube/templates/karpenter-nodepool.yaml

@@ -0,0 +1,37 @@
+{{- if eq .Values.compute.type "karpenter" }}
+apiVersion: karpenter.sh/v1
+kind: NodePool
+metadata:
+  name: sandbox-pool
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+spec:
+  template:
+    spec:
+      requirements:
+        - key: node.kubernetes.io/instance-type
+          operator: In
+          values:
+          {{- range .Values.compute.instanceTypes }}
+            - {{ . }}
+          {{- end }}
+        - key: karpenter.sh/capacity-type
+          operator: In
+          values:
+          {{- range .Values.compute.capacityTypes }}
+            - {{ . }}
+          {{- end }}
+        - key: kubernetes.io/arch
+          operator: In
+          values:
+            - amd64
+      nodeClassRef:
+        name: sandbox-nodes
+        group: karpenter.k8s.aws
+        kind: EC2NodeClass
+  limits:
+    cpu: {{ .Values.compute.maxCpu }}
+    memory: {{ .Values.compute.maxMemory }}
+  disruption:
+    consolidationPolicy: {{ if .Values.compute.consolidation }}WhenEmptyOrUnderutilized{{ else }}WhenEmpty{{ end }}
+{{- end }}

chart/agentikube/templates/networkpolicy.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: sandbox-network-policy
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: sandbox
+  policyTypes:
+    - Ingress
+    {{- if .Values.sandbox.networkPolicy.egressAllowAll }}
+    - Egress
+    {{- end }}
+  {{- if .Values.sandbox.networkPolicy.egressAllowAll }}
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+  {{- end }}
+  ingress:
+  {{- range .Values.sandbox.networkPolicy.ingressPorts }}
+    - ports:
+        - port: {{ . }}
+          protocol: TCP
+  {{- end }}

chart/agentikube/templates/sandbox-template.yaml

@@ -0,0 +1,57 @@
+apiVersion: extensions.agents.x-k8s.io/v1alpha1
+kind: SandboxTemplate
+metadata:
+  name: sandbox-template
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+spec:
+  template:
+    spec:
+      containers:
+        - name: sandbox
+          image: {{ required "sandbox.image is required" .Values.sandbox.image }}
+          ports:
+          {{- range .Values.sandbox.ports }}
+            - containerPort: {{ . }}
+          {{- end }}
+          resources:
+            requests:
+              cpu: {{ .Values.sandbox.resources.requests.cpu }}
+              memory: {{ .Values.sandbox.resources.requests.memory }}
+            limits:
+              cpu: {{ .Values.sandbox.resources.limits.cpu | quote }}
+              memory: {{ .Values.sandbox.resources.limits.memory }}
+          securityContext:
+            runAsUser: {{ .Values.sandbox.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.sandbox.securityContext.runAsGroup }}
+            runAsNonRoot: {{ .Values.sandbox.securityContext.runAsNonRoot }}
+          {{- if .Values.sandbox.env }}
+          env:
+          {{- range $key, $value := .Values.sandbox.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- end }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.sandbox.probes.port }}
+            failureThreshold: {{ .Values.sandbox.probes.startupFailureThreshold }}
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.sandbox.probes.port }}
+            periodSeconds: 10
+          volumeMounts:
+            - name: workspace
+              mountPath: {{ .Values.sandbox.mountPath }}
+  volumeClaimTemplates:
+    - metadata:
+        name: workspace
+      spec:
+        accessModes:
+          - ReadWriteMany
+        storageClassName: efs-sandbox
+        resources:
+          requests:
+            storage: "10Gi"

chart/agentikube/templates/storageclass-efs.yaml

@@ -0,0 +1,16 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: efs-sandbox
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+provisioner: efs.csi.aws.com
+parameters:
+  provisioningMode: efs-ap
+  fileSystemId: {{ required "storage.filesystemId is required" .Values.storage.filesystemId }}
+  directoryPerms: "755"
+  uid: {{ .Values.storage.uid | quote }}
+  gid: {{ .Values.storage.gid | quote }}
+  basePath: {{ .Values.storage.basePath }}
+reclaimPolicy: {{ .Values.storage.reclaimPolicy }}
+volumeBindingMode: Immediate

chart/agentikube/templates/warm-pool.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.sandbox.warmPool.enabled }}
+apiVersion: extensions.agents.x-k8s.io/v1alpha1
+kind: SandboxWarmPool
+metadata:
+  name: sandbox-warm-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agentikube.labels" . | nindent 4 }}
+spec:
+  templateRef:
+    name: sandbox-template
+  replicas: {{ .Values.sandbox.warmPool.size }}
+  ttlMinutes: {{ .Values.sandbox.warmPool.ttlMinutes }}
+{{- end }}

chart/agentikube/values.yaml

@@ -0,0 +1,66 @@
+# Compute configuration for sandbox nodes
+compute:
+  # karpenter or fargate
+  type: karpenter
+  instanceTypes:
+    - m6i.xlarge
+    - m5.xlarge
+    - r6i.xlarge
+  capacityTypes:
+    - spot
+    - on-demand
+  maxCpu: 2000
+  maxMemory: 8000Gi
+  consolidation: true
+  # EKS cluster name - used for Karpenter subnet/SG/role discovery
+  clusterName: ""
+
+# Persistent storage configuration
+storage:
+  # efs is the only supported type
+  type: efs
+  # REQUIRED - your EFS filesystem ID
+  filesystemId: ""
+  basePath: /sandboxes
+  uid: 1000
+  gid: 1000
+  reclaimPolicy: Retain
+
+# Sandbox pod configuration
+sandbox:
+  # REQUIRED - container image for sandbox pods
+  image: ""
+  ports:
+    - 18789
+    - 2222
+    - 3000
+    - 5173
+    - 8080
+  mountPath: /home/node/.openclaw
+  resources:
+    requests:
+      cpu: 50m
+      memory: 512Mi
+    limits:
+      cpu: "2"
+      memory: 4Gi
+  env: {}
+  securityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    runAsNonRoot: true
+  probes:
+    port: 18789
+    startupFailureThreshold: 30
+  warmPool:
+    enabled: true
+    size: 5
+    ttlMinutes: 120
+  networkPolicy:
+    egressAllowAll: true
+    ingressPorts:
+      - 18789
+      - 2222
+      - 3000
+      - 5173
+      - 8080