feat: support workspace resource overrides on SandboxClaims#459
feat: support workspace resource overrides on SandboxClaims#459noeljackson wants to merge 7 commits into
Conversation
✅ Deploy Preview for agent-sandbox canceled.
|
|
Hi @noeljackson. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
518b632 to
9347f1d
Compare
codebot-robot
left a comment
There was a problem hiding this comment.
Overall, this PR introduces a clean and narrow way to override workspace resources at the claim level. The struct additions, deep copying, and Sandbox template modifications are solidly implemented.
However, there is a critical flaw regarding the warm pool adoption path. The PR updates the Sandbox CR's PodTemplate upon adoption, but the sandbox_controller (which manages the actual Pod) currently ignores PodTemplate.Spec changes for existing, running pods. As a result, when a claim adopts a warm sandbox, the actual Pod will continue running with the template's default resources instead of the requested overrides.
To fix this, the system must either:
- Support in-place Pod resource resizing in
sandbox_controller(requires K8s 1.27+InPlacePodVerticalScaling), or - Skip warm pool adoption if the claim's requested resources differ from the warm pool's default sizing, ensuring it falls back to a cold start to guarantee the correct sizing.
I've left detailed inline comments on this and a few minor optimizations.
(This review was generated by Overseer)
e68a2e3 to
f361431
Compare
|
Thanks for the thorough review. Warm pool resource drift: The
Redundant nil check: The |
f361431 to
71677e5
Compare
c62e038 to
b3a0c58
Compare
|
Friendly bump. All review comments addressed, tests pass. Could a maintainer run |
b3a0c58 to
6ce4cd1
Compare
|
/ok-to-test |
|
@noeljackson FYI the changes we need for v1beta1 are in. You can now rebase and update the PR accordingly. |
|
@noeljackson: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Been on vacation. Will rebase and ping next week. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: noeljackson The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughSandboxClaim now accepts per-claim workspace resource overrides in the API and CRD. The controller applies those overrides during cold sandbox creation, skips warm-pool adoption when overrides are set, and tests cover the new behavior. ChangesWorkspace resource overrides
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@extensions/controllers/sandboxclaim_controller_test.go`:
- Line 109: The warm pool test fixtures in SandboxClaim controller are
referencing a template name that does not exist in the paired SandboxTemplate
objects. Update each SandboxWarmPool.Spec.TemplateRef.Name in the affected test
cases to match the template object they create, using the TemplateRef field in
the sandboxclaim_controller_test setup so the reconciler resolves the intended
template instead of hitting TemplateNotFound.
- Around line 2568-2572: The new workspace-resource tests are missing the
referenced SandboxWarmPool, so they never reach the workspace-resource code
paths. Update the affected test fixtures in sandboxclaim_controller_test.go to
include a matching SandboxWarmPool object alongside the existing template/claim
setup, using the same warmPoolRef name (test-pool) so the claim can resolve it.
Apply this to the new test cases around the fake.NewClientBuilder setups in the
relevant test functions, including the adoption scenario that also needs the
warm pool present.
In `@helm/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml`:
- Around line 328-342: The served v1beta1 schema is missing the
workspaceResources field, so spec.workspaceResources is not preserved for normal
claims. Update the CRD schema generation in the sandboxclaims CRD so
workspaceResources appears under the v1beta1.spec schema as well as the
deprecated v1alpha1 schema, using the same structure and validation as the
existing workspaceResources definition.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 04881ccf-923b-4dc8-ad23-1dcfa5410396
⛔ Files ignored due to path filters (2)
extensions/api/v1beta1/zz_generated.deepcopy.gois excluded by!**/*_generated*.go,!**/zz_generated.*.gok8s/crds/extensions.agents.x-k8s.io_sandboxclaims.yamlis excluded by!k8s/crds/**
📒 Files selected for processing (4)
extensions/api/v1beta1/sandboxclaim_types.goextensions/controllers/sandboxclaim_controller.goextensions/controllers/sandboxclaim_controller_test.gohelm/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@k8s/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml`:
- Around line 202-216: The workspaceResources schema currently rejects zero
values for cpuMillicores, memoryMiB, and diskGiB, which prevents the
controller’s no-op handling from being used by raw YAML/JSON clients. Update the
SandboxClaim CRD validation on workspaceResources to allow 0 by removing the
minimum constraint on these fields, or alternatively adjust the contract/docs to
make omission the only supported way to express “no override”; use the
workspaceResources properties as the place to make this change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4eafc78f-92e4-44c3-9121-f938f2628e62
📒 Files selected for processing (4)
docs/api.mdextensions/api/v1beta1/zz_generated.deepcopy.gohelm/crds/extensions.agents.x-k8s.io_sandboxclaims.yamlk8s/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml
✅ Files skipped from review due to trivial changes (1)
- extensions/api/v1beta1/zz_generated.deepcopy.go
|
/lgtm |
aditya-shantanu
left a comment
There was a problem hiding this comment.
One blocking compile error in the test; the production changes look good.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@extensions/controllers/sandboxclaim_controller_test.go`:
- Around line 2544-2877: Add a partial-override regression test for
applyWorkspaceResourceOverrides and SandboxClaimReconciler. The current tests
cover fully populated and fully empty WorkspaceResources, but not the case where
only some fields are set and omitted fields should preserve the template’s
existing CPU/memory/disk values. Add a unit test near
TestApplyWorkspaceResourceOverridesEmptyOverridesIsNoOp or the
SandboxClaimCreate* tests that seeds a container with existing Requests/Limits,
applies a WorkspaceResources override with only one or two fields set, and
asserts unmentioned entries remain unchanged while mentioned ones are updated.
- Around line 2779-2780: The warm queue in the sandbox claim test is being
seeded with the template hash instead of the warm-pool key, so the warm sandbox
cannot be found by WarmSandboxQueue. Update the setup around warmQueue.Add in
sandboxclaim_controller_test.go to use the same namespace/warm-pool identifier
that WarmSandboxQueue expects, and keep the check aligned with the warm-pool
lookup path used by the controller/test helpers rather than
sandboxcontrollers.NameHash("test-template").
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 23d9e1e8-1897-4ca3-8fd5-98c5d7c2eedc
⛔ Files ignored due to path filters (2)
extensions/api/v1beta1/zz_generated.deepcopy.gois excluded by!**/*_generated*.go,!**/zz_generated.*.gok8s/crds/extensions.agents.x-k8s.io_sandboxclaims.yamlis excluded by!k8s/crds/**
📒 Files selected for processing (5)
docs/api.mdextensions/api/v1beta1/sandboxclaim_types.goextensions/controllers/sandboxclaim_controller.goextensions/controllers/sandboxclaim_controller_test.gohelm/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml
🚧 Files skipped from review as they are similar to previous changes (4)
- helm/crds/extensions.agents.x-k8s.io_sandboxclaims.yaml
- extensions/api/v1beta1/sandboxclaim_types.go
- docs/api.md
- extensions/controllers/sandboxclaim_controller.go
|
@noeljackson: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| // hasWorkspaceResourceOverrides reports whether the claim asks for any actual | ||
| // override of the workspace container's resources. Returns false when the | ||
| // struct is nil or all its fields are unset (e.g. `workspaceResources: {}`), | ||
| // so callers can distinguish "user explicitly asked for sizing" from "user | ||
| // included an empty struct that would be a no-op". |
|
/lgtm |
2 similar comments
|
/lgtm |
|
/lgtm |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Summary
Adds
SandboxClaim.Spec.WorkspaceResources(CPU / memory / disk) for per-claim sizing of the workspace container at cold-start.API
int32,minimum: 0in the CRD; omitted or zero means no override.workspaceResources: {}is a no-op (gated byhasWorkspaceResourceOverrides).workspace. Other containers untouched.Behavior
Cold creation: override applied to the PodSpec before the Sandbox is created. Pod runs at the requested size from day one.
Warm-pool adoption: skipped when overrides are set. Adopting would mutate
Sandbox.Spec.PodTemplatewhile leaving the running Pod at pool defaults until restart. Cold creation gives a correctly-sized Pod immediately.The skip is permanent. Resize-after-creation is a separate operation; per janetkuo's guidance on #612 it lives at the controller that owns the lifecycle decision (Pod
/resizesubresource).Tests
go test ./extensions/...andmake lint-go/make lint-apiclean. New cases:TestSandboxClaimCreateAppliesWorkspaceResourcesTestSandboxClaimCreateIgnoresWorkspaceResourcesWithoutWorkspaceContainerTestSandboxClaimWithWorkspaceResourcesSkipsWarmAdoptionTestApplyWorkspaceResourceOverridesEmptyOverridesIsNoOpfalls through to cold creation when claim sets WorkspaceResourcesinTestSandboxClaimSandboxAdoptionRefs: #347, #612.
Summary by CodeRabbit
SandboxClaimworkspaceResourcesto override theworkspacecontainer’s CPU, memory, and ephemeral-storage requests/limits.workspacecontainer during sandbox creation.workspaceResourcesis set, the system skips warm-pool adoption; creation fails if theworkspacecontainer is missing.spec.workspaceResources.