Skip to content

support automatic service creation opt-in#775

Merged
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
flpanbin:stop-automic-service-create
May 13, 2026
Merged

support automatic service creation opt-in#775
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
flpanbin:stop-automic-service-create

Conversation

@flpanbin

@flpanbin flpanbin commented May 10, 2026

Copy link
Copy Markdown
Contributor

What this PR does / why we need it:

This PR introduces a new spec.service field to make automatic headless Service creation opt-in instead of the default behavior, while preserving backward compatibility for existing Sandboxes.

spec.service is a *bool so the controller can distinguish three states:

  • unset (nil): default, backward-compatible — preserves existing owned Service but does not create new ones.

  • false: explicitly disables Service management — deletes any existing owned Service.

  • true: explicitly enables Service management — creates or reconciles the headless Service.

Which issue(s) this PR is related to:

Fixes #746

Changes:

  • Added spec.service as *bool with //nolint:kubeapilinter to bypass the nobools linter rule.

  • Updated reconcileService to conditionally create, adopt, or delete the headless Service based on spec.service.

  • Updated computeReadyCondition.

  • Added controller tests covering all three states.

Release Note


The Sandbox controller no longer creates a headless Service by default for new Sandboxes. Existing Sandboxes with an auto-provisioned Service are preserved automatically.

To enable automatic headless Service creation, set spec.service: true. To explicitly remove an existing Service, set spec.service: false.

After upgrading, for new Sandboxes that need an auto-provisioned headless Service, set spec.service: true.

@netlify

netlify Bot commented May 10, 2026

Copy link
Copy Markdown

Deploy Preview for agent-sandbox canceled.

Name Link
🔨 Latest commit 0274558
🔍 Latest deploy log https://app.netlify.com/projects/agent-sandbox/deploys/6a0482f8f74c0800083dc5c6
@linux-foundation-easycla

linux-foundation-easycla Bot commented May 10, 2026

Copy link
Copy Markdown

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: flpanbin / name: bin (e761d3f)

@k8s-ci-robot k8s-ci-robot requested review from barney-s and janetkuo May 10, 2026 14:05
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels May 10, 2026
@flpanbin flpanbin force-pushed the stop-automic-service-create branch from d61d0b0 to 19df48f Compare May 10, 2026 14:49
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels May 10, 2026
@janetkuo janetkuo requested a review from Copilot May 10, 2026 15:00

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes headless Service creation/management by the Sandbox controller opt-in via a new spec.service boolean (default false), aligning behavior with typical Kubernetes patterns and reducing per-Sandbox Service overhead.

Changes:

  • Added spec.service (default false) to the Sandbox API/CRD to gate automatic headless Service management.
  • Updated the Sandbox controller to conditionally create/adopt/repair Services only when spec.service: true, and to delete owned Services when toggled off.
  • Relaxed Ready condition gating so Service readiness is only required when spec.service: true.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
api/v1alpha1/sandbox_types.go Adds SandboxSpec.Service field with defaulting marker and doc comment.
controllers/sandbox_controller.go Gates Service reconcile and Ready-condition logic on spec.service; clears status when disabled; deletes owned Service when toggled off.
controllers/sandbox_controller_test.go Updates existing tests and adds new cases for the new default (no Service) and for Service deletion/ignoring when disabled.
k8s/crds/agents.x-k8s.io_sandboxes.yaml Adds CRD schema for spec.service with default false.
helm/crds/agents.x-k8s.io_sandboxes.yaml Mirrors CRD schema change for Helm packaging.
Comment thread controllers/sandbox_controller.go Outdated
Comment thread controllers/sandbox_controller.go Outdated
Comment thread controllers/sandbox_controller.go
@flpanbin

Copy link
Copy Markdown
Contributor Author

Hi @janetkuo @justinsb
I implemented spec.service as a bool (default false) as discussed, but the CI kube-api-linterfails on the nobools rule:

../../api/v1alpha1/sandbox_types.go:146:2: nobools: field SandboxSpec.Service should not use a bool. Use a string type with meaningful constant values as an enum.

Should I:
Add a //nolint comment to bypass this check for this field, or
Change it to a string enum (e.g., Enabled / Disabled) to satisfy the linter?

@flpanbin flpanbin force-pushed the stop-automic-service-create branch 2 times, most recently from 91072e6 to e761d3f Compare May 10, 2026 15:14
@janetkuo janetkuo added this to the Beta milestone May 11, 2026
Comment thread api/v1alpha1/sandbox_types.go Outdated
@flpanbin flpanbin force-pushed the stop-automic-service-create branch from e761d3f to 1d7047d Compare May 13, 2026 08:50
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 13, 2026
@flpanbin flpanbin force-pushed the stop-automic-service-create branch from 1d7047d to f098788 Compare May 13, 2026 09:32
@flpanbin

Copy link
Copy Markdown
Contributor Author

/retest

@flpanbin flpanbin force-pushed the stop-automic-service-create branch 3 times, most recently from 6e74ff1 to d887353 Compare May 13, 2026 13:46
@flpanbin flpanbin force-pushed the stop-automic-service-create branch from d887353 to 0274558 Compare May 13, 2026 13:56
@aditya-shantanu

Copy link
Copy Markdown
Collaborator

/ok-to-test
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label May 13, 2026
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 13, 2026
@janetkuo janetkuo added the release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. label May 13, 2026
// When unset (nil), the controller preserves existing Services for backward
// compatibility but does not create new ones. Set to true to enable or false
// to explicitly disable and remove the Service.
//nolint:kubeapilinter

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: should be // nolint: nobool. We just want to bypass this lint check. The reason should be clearly documented as well.

Suggested change
//nolint:kubeapilinter
//nolint:nobools // Reason why boolean is used despite the linter rule
sandbox.Annotations[v1alpha1.SandboxTemplateRefAnnotation] = template.Name

template.Spec.PodTemplate.DeepCopyInto(&sandbox.Spec.PodTemplate)
sandbox.Spec.Service = new(true)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SandboxClaim should leverage the new default, instead of keeping the old behavior. Otherwise it will be inconsistent with sandbox.

},
Spec: sandboxv1alpha1.SandboxSpec{
Replicas: &replicas,
Service: new(true),

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment here regarding adopting the right default.


// service controls whether the controller should automatically create a
// headless Service for this Sandbox.
// When unset (nil), the controller preserves existing Services for backward

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit

Suggested change
// When unset (nil), the controller preserves existing Services for backward
// When unset, the controller preserves existing Services for backward

because users can't set nil in json/yaml

@janetkuo janetkuo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

The review comments can be addressed in a follow-up PR.

@k8s-ci-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aditya-shantanu, flpanbin, janetkuo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 13, 2026
@k8s-ci-robot k8s-ci-robot merged commit d02bf9d into kubernetes-sigs:main May 13, 2026
13 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog to Done in Agent Sandbox May 13, 2026
@janetkuo janetkuo moved this from Done to Linked in Agent Sandbox Jun 5, 2026
khirotaka pushed a commit to khirotaka/agent-sandbox that referenced this pull request Jun 12, 2026
alexatakvelon pushed a commit to volatilemolotov/agent-sandbox that referenced this pull request Jun 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. ready-for-review release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

5 participants