Isolated stateful agent sandboxes on Kubernetes
helm install agentikube oci://ghcr.io/harivansh-afk/agentikube \
-n sandboxes --create-namespace \
-f my-values.yaml
Create a my-values.yaml with your cluster details:
compute:
clusterName: my-eks-cluster
storage:
filesystemId: fs-0123456789abcdef0
sandbox:
image: my-registry/sandbox:latest
See values.yaml for all options.
The Go CLI handles runtime operations that are inherently imperative:
agentikube create demo --provider openai --api-key key>
agentikube list
agentikube ssh demo
agentikube status
agentikube destroy demo
Build it with go build ./cmd/agentikube or make build.
The Helm chart installs:
- StorageClass (
efs-sandbox) backed by your EFS filesystem - SandboxTemplate defining the pod spec
- NetworkPolicy for ingress/egress rules
- SandboxWarmPool (optional, enabled by default)
- Karpenter NodePool + EC2NodeClass (optional, when
compute.type: karpenter)
Each agentikube create then adds a Secret, SandboxClaim, and workspace PVC for that user.
cmd/agentikube/ CLI entrypoint
internal/ config, manifest rendering, kube helpers
chart/agentikube/ Helm chart
scripts/ CRD download helper
make build # compile CLI
make helm-lint # lint the chart
make helm-template # dry-run render
go test ./... # run tests
- Storage is EFS-only for now
kubectlmust be installed (used byinitandssh)- Fargate is validated in config but templates only cover Karpenter so far
- k9s is great for browsing sandbox resources