agent-sandbox
Agent Sandbox: Kubernetes Operator for AI Agent Runtimes
kubernetes-sigs/agent-sandbox is a SIG Apps subproject that provides a Kubernetes-native primitive for isolated, stateful, singleton workloads, the shape needed for AI agent runtimes, code interpreters, computer-use browsers, dev sandboxes, and per-user Jupyter notebooks. It fills the gap between Deployment (stateless, replicated) and StatefulSet (numbered, replicated) by modelling a long-lived pod that can be paused, resumed, scheduled for expiry, and optionally pre-warmed.
Current API version is v1alpha1. Latest release at the time this skill was written is v0.4.5 (May 2026). The project launched at KubeCon Atlanta in November 2025, so most training data predates it. Prefer this skill over guessing.
The Four CRDs
| CRD | API group | Purpose | Who creates it |
|---|---|---|---|
Sandbox |
agents.x-k8s.io/v1alpha1 |
The singleton pod + headless service + PVCs. Supports replicas: 0 (paused) or 1 (running). |
Users directly, or SandboxClaim controller |
SandboxTemplate |
extensions.agents.x-k8s.io/v1alpha1 |
Reusable pod blueprint + shared NetworkPolicy per template. |
Platform / infra team |
SandboxClaim |
extensions.agents.x-k8s.io/v1alpha1 |
Ticket-style request that binds to a template and adopts a warm pool pod or creates fresh. Carries shutdownTime. |
Application backend |
SandboxWarmPool |
extensions.agents.x-k8s.io/v1alpha1 |
Pool of pre-warmed Sandbox CRs (as of v0.3.10, no longer bare pods). HPA-friendly via scale subresource. |
Platform / infra team |
The extensions CRDs are the normal way to use the operator in production. Raw Sandbox is available, but you lose warm pools, claim lifecycle, and network policy management.