Skip to content

[Feature] Support alicloud as an optional sandbox engine via k8s pod #43

New issue
New issue
Open
Open
[Feature] Support alicloud as an optional sandbox engine via k8s pod#43
Labels
help wantedExtra attention is needed
@JacksonMei

Description

@JacksonMei
JacksonMei
opened on Jan 5, 2026

[Feature] Support alicloud as an optional sandbox engine via k8s pod

Checklist

  • This feature will maintain backward compatibility with the current sdk. If not, please raise a refactor issue first.

Background

Is your feature request related to an enhancement or a new use case? Please describe.

Use Case: "I'd like to support Alibaba Cloud Container Service for Kubernetes (ACK) as an optional sandbox engine, enabling users to deploy environment instances on Alibaba Cloud infrastructure via Kubernetes pods. This will allow users in China or those using Alibaba Cloud services to leverage their existing ACK clusters for running AI agent environments, providing better regional coverage and integration with Alibaba Cloud's ecosystem."

Benefits:

  • Enable deployment on Alibaba Cloud ACK clusters
  • Better support for users in regions where Alibaba Cloud is the primary cloud provider
  • Integration with Alibaba Cloud's Kubernetes services (ACK, ACK Serverless, etc.)
  • Maintain consistency with existing Kubernetes-based sandbox engine architecture

Potential Solution

A clear and concise description of the potential implementation or how similar features are handled in other frameworks.

Implementation Approach:

  1. Extend Schedule Type Support: Add a new schedule-type option (e.g., alicloud-k8s or ack) in api-service/main.go that routes to Alibaba Cloud ACK implementation.

  2. Implement Alibaba Cloud Kubernetes Client: Create a new client implementation (similar to ScheduleClient) that:

    • Uses Alibaba Cloud SDK or standard Kubernetes client-go library configured for ACK
    • Implements the EnvInstanceService interface
    • Handles ACK-specific authentication (AccessKey/SecretKey, STS tokens, etc.)
    • Supports ACK cluster configuration (cluster ID, region, etc.)

  3. Configuration Parameters: Add new configuration flags:

    • alicloud-access-key-id: Alibaba Cloud AccessKey ID
    • alicloud-access-key-secret: Alibaba Cloud AccessKey Secret (or use environment variables/secret management)
    • alicloud-region: ACK cluster region (e.g., cn-hangzhou, cn-beijing)
    • alicloud-cluster-id: ACK cluster identifier
    • alicloud-kubeconfig-path: Optional path to kubeconfig file for ACK cluster

  4. Authentication: Support multiple authentication methods:

    • AccessKey/SecretKey pair
    • STS (Security Token Service) temporary credentials
    • RAM (Resource Access Management) role-based authentication
    • Kubeconfig file for cluster access

  5. Integration Points:

    • Modify api-service/main.go to initialize Alibaba Cloud client when schedule-type=alicloud-k8s
    • Reuse existing pod management logic from Kubernetes implementation
    • Leverage the existing EnvInstanceService interface for consistency

Reference Implementation:

  • Follow the pattern used in ScheduleClient (Kubernetes via Controller) and EnvInstanceClient (standard HTTP API)
  • Similar to how other cloud providers integrate with Kubernetes (AWS EKS, Azure AKS, GCP GKE)
  • Can reuse Kubernetes client-go library with ACK cluster kubeconfig

Additional Information

(Add any relevant context, references, or supporting data here.)

Related Components:

  • api-service/service/schedule_client.go: Kubernetes client implementation reference
  • api-service/service/env_instance.go: Standard HTTP client implementation reference
  • api-service/main.go: Schedule type configuration and routing
  • docs/development/sandbox_integrating.md: Custom sandbox engine integration guide

Technical Considerations:

  • Alibaba Cloud ACK is compatible with standard Kubernetes APIs, so most Kubernetes client-go code can be reused
  • Need to handle ACK-specific features (e.g., Terway/Flannel CNI, VPC integration, etc.) if required
  • Consider network connectivity between api-service and ACK cluster (VPC peering, VPN, or public endpoint)
  • Security: Store credentials securely (secrets management, environment variables, or Alibaba Cloud KMS)

Alternative Approaches:

  • Option 1: Use standard Kubernetes client with ACK kubeconfig (recommended, simpler)
  • Option 2: Create dedicated Alibaba Cloud SDK wrapper (more complex, but better integration with ACK-specific features)

Backward Compatibility:

  • This feature is additive and maintains full backward compatibility
  • Existing schedule-type=k8s and schedule-type=standard options remain unchanged
  • New schedule-type=alicloud-k8s option is opt-in

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions