Skip to content

Propagate warmpool label from sandbox to pod#927

Merged
k8s-ci-robot merged 6 commits into
kubernetes-sigs:mainfrom
shrutiyam-glitch:fix-swp-label
Jun 8, 2026
Merged

Propagate warmpool label from sandbox to pod#927
k8s-ci-robot merged 6 commits into
kubernetes-sigs:mainfrom
shrutiyam-glitch:fix-swp-label

Conversation

@shrutiyam-glitch

@shrutiyam-glitch shrutiyam-glitch commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

What this PR does / why we need it:

The system labels are not propagated from the sandbox to pod currently - https://github.com/kubernetes-sigs/agent-sandbox/blob/main/controllers/sandbox_controller.go#L836.
However, the label agents.x-k8s.io/warm-pool-sandbox is required by the capacity buffer to identify the pods belonging to a warmpool using this label selector.
Explicitly added the warmpool labels to the pod based on the Sandbox ownership and its labels.

Added unit tests for different cases.

Test:

$ kubectl get swp -n sandbox-test -o yaml | grep selector
    selector: agents.x-k8s.io/warm-pool-sandbox=11ea0998

$ kubectl get pod -n sandbox-test -l agents.x-k8s.io/warm-pool-sandbox=11ea0998
NAME                            READY   STATUS    RESTARTS   AGE
sandboxwarmpool-example-mgzdd   1/1     Running   0          88s
sandboxwarmpool-example-wdqkx   1/1     Running   0          88s

Which issue(s) this PR is related to:

Summary by CodeRabbit

  • Chores
    • Standardized warm-pool sandbox labeling across controllers for consistent identification.
    • Pod label management now automatically syncs warm-pool ownership metadata and removes labels when ownership changes.
  • Tests
    • Expanded test coverage to verify warm-pool label propagation, addition, and cleanup scenarios.
@netlify

netlify Bot commented Jun 3, 2026

Copy link
Copy Markdown

Deploy Preview for agent-sandbox canceled.

Name Link
🔨 Latest commit 6f46ace
🔍 Latest deploy log https://app.netlify.com/projects/agent-sandbox/deploys/6a22f8fe75c66600080a3378
@k8s-ci-robot k8s-ci-robot requested review from barney-s and justinsb June 3, 2026 22:04
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 3, 2026
@shrutiyam-glitch

Copy link
Copy Markdown
Contributor Author

/priority critical-urgent

@k8s-ci-robot k8s-ci-robot added the priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. label Jun 3, 2026
@janetkuo janetkuo requested a review from Copilot June 3, 2026 23:00
Comment thread controllers/sandbox_controller.go

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables propagation of a specific system-reserved label (agents.x-k8s.io/warm-pool-sandbox) from Sandbox.Spec.PodTemplate onto the created/adopted Pod, so warm pool capacity-buffer components can reliably select warm pool Pods by label.

Changes:

  • Introduces an allowlist (“exception”) so agents.x-k8s.io/warm-pool-sandbox is not treated as a blocked system label during Pod label propagation.
  • Adds a unit test verifying the exception label is propagated from the Sandbox PodTemplate to the resulting Pod (and recorded in the propagated-labels annotation).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
controllers/sandbox_controller.go Adds a system-label exception so the warm pool label can propagate from Sandbox PodTemplate to Pod.
controllers/sandbox_controller_test.go Adds a table-driven test case asserting the warm pool label exception is propagated to the Pod.
Comment thread controllers/sandbox_controller_test.go
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 3, 2026
Comment thread controllers/sandbox_controller.go
Comment thread controllers/sandbox_controller.go
@shrutiyam-glitch shrutiyam-glitch changed the title Add exception for label propagation from sandbox to pod Jun 4, 2026
@aditya-shantanu

Copy link
Copy Markdown
Collaborator

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 4, 2026
Comment thread controllers/sandbox_controller.go Outdated
@janetkuo

janetkuo commented Jun 4, 2026

Copy link
Copy Markdown
Member

@coderabbitai full review

@shrutiyam-glitch let's try out Coderabbit reviews

@coderabbitai

coderabbitai Bot commented Jun 4, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0bbc9fc3-e940-45a3-9409-0c67e4c76bc6

📥 Commits

Reviewing files that changed from the base of the PR and between f6b540b and 6f46ace.

📒 Files selected for processing (1)
  • controllers/sandbox_controller.go
🚧 Files skipped from review as they are similar to previous changes (1)
  • controllers/sandbox_controller.go

📝 Walkthrough

Walkthrough

This PR adds an exported SandboxWarmPoolLabel constant and synchronizes that warm-pool label between Sandbox and Pod: the Sandbox controller copies and keeps the Pod label in sync only when the Sandbox is owned by a SandboxWarmPool; the warm-pool controller and tests use the shared constant.

Changes

Warm-pool label constant and propagation

Layer / File(s) Summary
Define warm-pool label constant
api/v1beta1/sandbox_types.go
Exported SandboxWarmPoolLabel constant added to label declaration block with value "agents.x-k8s.io/warm-pool-sandbox".
Implement warm-pool label sync in Sandbox controller
controllers/sandbox_controller.go
Adds imports for owner-kind inspection; reconcilePod propagates the warm-pool label to new Pods when the Sandbox is controlled by a SandboxWarmPool; updatePodMetadata computes expected label and adds/updates/removes the Pod warm-pool label to match Sandbox ownership, marking updates when changes occur.
Test warm-pool label propagation
controllers/sandbox_controller_test.go
TestReconcilePod updated to use sandboxv1beta1.SandboxWarmPoolLabel and expanded with cases: system labels under Sandbox and PodTemplate are not propagated; warm-pool label is added/removed on Pods according to SandboxWarmPool ownership; label added to existing Pods when ownership appears.
Use constant in warm-pool controller
extensions/controllers/sandboxwarmpool_controller.go
warmPoolSandboxLabel updated to reference sandboxv1beta1.SandboxWarmPoolLabel instead of a hard-coded string.

Sequence Diagram(s)

sequenceDiagram
  participant SandboxController
  participant Sandbox
  participant SandboxWarmPool
  participant Pod

  SandboxController->>Sandbox: fetch Sandbox
  Sandbox->>SandboxController: return metadata (labels, ownerRef)
  SandboxController->>SandboxWarmPool: inspect owner kind (Is SandboxWarmPool?)
  alt owner is SandboxWarmPool and warm-pool label present
    SandboxController->>Pod: create/update Pod with warm-pool label value
    Pod->>SandboxController: acknowledge creation/update
  else owner not SandboxWarmPool or label missing
    SandboxController->>Pod: ensure warm-pool label removed
    Pod->>SandboxController: acknowledge removal
  end
Loading

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels: ok-to-test

Suggested reviewers:

  • justinsb
  • barney-s
  • janetkuo

"A rabbit nudges labels true and neat,
Shared constant makes the hops complete,
Controller checks the owner sign,
Pods wear labels when pools align,
Tests hop in — the sync is sweet." 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: propagating the warmpool label from Sandbox to Pod, which matches the core functionality described in the PR description and raw summary.
Description check ✅ Passed The PR description covers the motivation (system labels not propagated, warmpool label needed by capacity buffer), the solution (explicitly add warmpool label based on Sandbox ownership), and includes test cases and validation output. However, the 'Release Note' section required by the template is empty.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@controllers/sandbox_controller.go`:
- Around line 942-958: The OwnerReference check uses only ref.Kind to detect a
SandboxWarmPool; update the logic around metav1.GetControllerOf(sandbox) to
validate both ref.Kind == "SandboxWarmPool" and ref.APIVersion == the expected
API version (the constant used for sandboxv1beta1 group/version) before treating
the sandbox as owned by a warm pool; change the condition that sets
expectedWarmPoolHash (and the similar check in reconcilePod) to require both
fields so the label add/remove logic for
pod.Labels[sandboxv1beta1.SandboxWarmPoolLabel] only runs when both Kind and
APIVersion match the SandboxWarmPool type.
- Around line 846-853: The OwnerReference check in the sandbox-to-pod label
propagation only compares ref.Kind and should also verify ref.APIVersion to
avoid false positives; update the condition around
metav1.GetControllerOf(sandbox) to require both ref.Kind == "SandboxWarmPool"
and ref.APIVersion == sandboxv1beta1.SchemeGroupVersion.String() (or the
appropriate group/version constant) before copying
sandboxv1beta1.SandboxWarmPoolLabel into podLabels, preserving the existing
label lookup logic.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 869c320c-e942-4341-b6ab-66849efc0d0f

📥 Commits

Reviewing files that changed from the base of the PR and between ba47882 and 278c0d6.

📒 Files selected for processing (4)
  • api/v1beta1/sandbox_types.go
  • controllers/sandbox_controller.go
  • controllers/sandbox_controller_test.go
  • extensions/controllers/sandboxwarmpool_controller.go
Comment thread controllers/sandbox_controller.go
Comment thread controllers/sandbox_controller.go Outdated
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 4, 2026
@aditya-shantanu

Copy link
Copy Markdown
Collaborator

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 5, 2026

@janetkuo janetkuo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: janetkuo, shrutiyam-glitch

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 8, 2026
@k8s-ci-robot k8s-ci-robot merged commit f59ad90 into kubernetes-sigs:main Jun 8, 2026
14 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog to Done in Agent Sandbox Jun 8, 2026
khirotaka pushed a commit to khirotaka/agent-sandbox that referenced this pull request Jun 12, 2026
* Add exception for label propagation to pod

* fmt

* Add unit test for existing pod label propagation

* Propagate warmpool label from sandbox to pod

* Add swp label after scrubbing user-supplied labels

* Verify API group
alexatakvelon pushed a commit to volatilemolotov/agent-sandbox that referenced this pull request Jun 24, 2026
* Add exception for label propagation to pod

* fmt

* Add unit test for existing pod label propagation

* Propagate warmpool label from sandbox to pod

* Add swp label after scrubbing user-supplied labels

* Verify API group
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. ready-for-review size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

5 participants