fix(e2b): enforce connect timeout extension semantics#2
Closed
AiRanthem wants to merge 23 commits into
Closed
Conversation
Update the hardcoded EnvdVersion in convertToE2BSandbox function from 0.1.1 to 0.2.10 to match the latest envd release. 🤖 Generated with [Qoder][https://qoder.com]
Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>
Signed-off-by: 守辰 <shouchen.zz@alibaba-inc.com>
Signed-off-by: liheng <liheng.zms@alibaba-inc.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.3 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@cdf6c1f...27d5ce7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: 守辰 <shouchen.zz@alibaba-inc.com>
Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com>
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.44.0 to 1.45.1. - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@631208b...cf5f1c2) --- updated-dependencies: - dependency-name: crate-ci/typos dependency-version: 1.45.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.286.0 to 1.302.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@90be115...7372622) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.302.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> Add the ability to resize CPU requests/limits on warm pool sandboxes during claim time without pod recreation, using the Kubernetes pod resize sub-resource API. - Introduce SandboxClaimInPlaceCPUResizeGate (default: true) to control the feature in both SandboxClaim controller and E2B server. - Implement pod inplace resize logic when Claim sandbox. - Fix json potentially unsafe quoting in CodeQL scan. - Update test/kind-conf.yaml to enable InPlacePodVerticalScaling feature. # Conflicts: # pkg/controller/sandboxclaim/core/common_control.go
Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - Fail fast on cpu resize. - Shorten cpu resize related extension key names. - Add resize subresource fallback for K8s < 1.33. - Watch pod.Status.Resize field changes in pod event handler for K8s 1.27-1.32. - Sync Sandbox Ready condition with Pod Ready regardless of inplace update outcome. - Block checkSandboxReady during InplaceUpdating state to avoid premature ready signal before resize completes. - Enhance E2E tests: verify actual pod spec resources after resize.
…antics Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - add RetryOnConflict for pod resize update and regenerate resize body with latest resourceVersion - set Sandbox InplaceUpdate condition status to False on Failed, keep Succeeded as True - avoid overwriting Ready condition transition metadata when pod ready status is unchanged - move CPU resize feature-gate check from buildClaimOptions to EnsureClaimClaiming precondition - remove unused `pods/resize` permission from sandbox-manager RBAC - clean up/add some comments - add cpu resize and image upgrade failed e2e cases
Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - mark inplace update in-progress per successful sub-step - change feature gate name to SandboxInplaceUpdateReasonInplaceUpdating
…unting capability with parallel mounting capability. Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>
…se#291) Introduce a pluggable key-storage factory with an initial MySQL implementation and focused tests so E2B key persistence can move beyond Secret-only storage. --------- Signed-off-by: AiRanthem <zhongtianyun.zty@alibaba-inc.com>
Signed-off-by: menya <lxs137@hotmail.com>
Allow BrowserUse to accept a cdpPort query parameter and proxy /json/version requests to the requested CDP port. Validate custom ports and return a 400 response for invalid values.
Keep ConnectSandbox from shortening or keeping-equal deadlines for already running sandboxes, while preserving paused-to-resume timeout behavior and SetTimeout scope. Add focused Go/Python regression tests and clarify E2B route/SDK behavior docs. Made-with: Cursor
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5267b9eecb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| logger.Info("sandbox hash-without-image-resources changed, and does not permit in-place upgrades", | ||
| "old hash", box.Annotations[agentsv1alpha1.SandboxHashWithoutImageAndResources], | ||
| "new hash", hashWithoutImageAndResource) | ||
| } else if box.Annotations[agentsv1alpha1.SandboxHashImmutablePart] != hashImmutablePart { |
There was a problem hiding this comment.
This guard now compares only SandboxHashImmutablePart, so sandboxes created before this change (which only have the deprecated SandboxHashWithoutImageAndResources annotation) are treated as immutable-hash mismatches and never enter in-place update flow, even for image/resource-only updates. Because existing objects with finalizers are not backfilled with the new key, upgrades will leave long-lived sandboxes unable to apply in-place updates until they are recreated.
Useful? React with 👍 / 👎.
Comment on lines
+166
to
+170
| if box.Spec.Template != nil { | ||
| for k, v := range box.Spec.Template.Labels { | ||
| if pod.Labels[k] != v { | ||
| labelsPatch[k] = v | ||
| } |
There was a problem hiding this comment.
The new metadata-in-place behavior allows template metadata changes, but this patch generation only syncs box.Spec.Template.Labels and never syncs box.Spec.Template.Annotations. With an annotation-only template change, the pod can be marked updated (revision label moves forward) while its annotations remain stale, so metadata rollouts become silently incomplete.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ConnectSandboxonly updates timeout for already-running sandboxes when the requested deadline is later (extend-only)./timeoutbehavior scoped (it can still shorten running sandbox timeout).Test Plan
go test -count=1 -run 'TestShouldSkipRunningSandboxTimeoutUpdate|TestConnectSandboxRunningTimeoutGuard|TestSetSandboxTimeoutStillShortensRunningSandbox' ./pkg/servers/e2b/...Made with Cursor