Skip to content

feat(kubernetes): add security context options to sandbox#2050

Open
iuin8 wants to merge 1 commit into
agentscope-ai:mainfrom
iuin8:agentgov/k8s-security-context-seam-main
Open

feat(kubernetes): add security context options to sandbox#2050
iuin8 wants to merge 1 commit into
agentscope-ai:mainfrom
iuin8:agentgov/k8s-security-context-seam-main

Conversation

@iuin8

@iuin8 iuin8 commented Jul 8, 2026

Copy link
Copy Markdown

Summary

  • Add typed containerSecurityContext and podSecurityContext options to the Kubernetes sandbox client options.
  • Apply those options to generated Fabric8 container and pod specs when set.
  • Preserve existing default behavior because both options are null by default.
  • Cover both direct runtime options and KubernetesSandboxClient#create merge/copy paths.

Tests

  • mvn -f pom.xml -pl agentscope-extensions/agentscope-extensions-sandbox/agentscope-extensions-sandbox-kubernetes -am -Dtest=Fabric8KubernetesPodRuntimeTest test

@iuin8 iuin8 requested a review from a team July 8, 2026 09:28
@CLAassistant

CLAassistant commented Jul 8, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@iuin8 iuin8 force-pushed the agentgov/k8s-security-context-seam-main branch from 63de71a to 1c1f01c Compare July 8, 2026 09:40
@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@iuin8 iuin8 force-pushed the agentgov/k8s-security-context-seam-main branch 2 times, most recently from 330e5b9 to fd23edb Compare July 8, 2026 10:06
@iuin8 iuin8 force-pushed the agentgov/k8s-security-context-seam-main branch from fd23edb to 0c6ebd8 Compare July 8, 2026 10:07
@AgentScopeJavaBot AgentScopeJavaBot added enhancement New feature or request area/ext/integration External protocols & middleware integrations labels Jul 11, 2026

@AgentScopeJavaBot AgentScopeJavaBot left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Review

Adds Pod/Container-level SecurityContext to Kubernetes sandbox. Clean implementation following existing patterns. 3 tests cover all paths. Minor: document immutability contract for SecurityContext in copy().

@@ -183,6 +189,8 @@ private static KubernetesSandboxClientOptions copy(KubernetesSandboxClientOption
o.setContainerName(src.getContainerName());

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[minor] copy() does shallow copy of SecurityContext. Document immutability contract since modifying defaultOptions after construction affects all sandboxes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ext/integration External protocols & middleware integrations enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants