feat: support inplace CPU resize for warm pool sandboxes by PersistentJZH · Pull Request #228 · openkruise/agents

PersistentJZH · 2026-03-29T09:54:42Z

Ⅰ. Describe what this PR does

Implement pod inplace resize logic when Claim sandbox (both k8s crd api and e2b api).
Introduce SandboxClaimInPlaceCPUResizeGate to control the feature.
Fix json potentially unsafe quoting in CodeQL scan.
CI: Update test/kind-conf.yaml to enable InPlacePodVerticalScaling.

Ⅱ. Does this pull request fix one issue?

#68

Ⅲ. Describe how to verify it

Ⅳ. Special notes for reviews

TODO

return the sandbox immediately once we are sure that the resizing is feasible (we can consider implement it in another PR, this PR already contains too much content)
add docs to openkruise.io

codecov · 2026-03-29T10:17:24Z

Codecov Report

❌ Patch coverage is 88.70293% with 54 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.28%. Comparing base (da8890f) to head (dcb00ed).
⚠️ Report is 6 commits behind head on master.

Files with missing lines	Patch %	Lines
...ller/sandbox/core/common_inplace_update_handler.go	48.00%	39 Missing ⚠️
pkg/sandbox-manager/infra/sandboxcr/claim.go	82.45%	5 Missing and 5 partials ⚠️
pkg/servers/e2b/create.go	66.66%	3 Missing ⚠️
pkg/utils/inplaceupdate/inplace_update.go	99.27%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #228      +/-   ##
==========================================
+ Coverage   67.75%   69.28%   +1.52%     
==========================================
  Files         112      112              
  Lines        7689     8106     +417     
==========================================
+ Hits         5210     5616     +406     
- Misses       2185     2193       +8     
- Partials      294      297       +3

Flag	Coverage Δ
unittests	`69.28% <88.70%> (+1.52%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

PersistentJZH · 2026-04-06T17:17:23Z

@furykerry @zmberg ready to review, thanks!

Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> Add the ability to resize CPU requests/limits on warm pool sandboxes during claim time without pod recreation, using the Kubernetes pod resize sub-resource API. - Introduce SandboxClaimInPlaceCPUResizeGate (default: true) to control the feature in both SandboxClaim controller and E2B server. - Implement pod inplace resize logic when Claim sandbox. - Fix json potentially unsafe quoting in CodeQL scan. - Update test/kind-conf.yaml to enable InPlacePodVerticalScaling feature. # Conflicts: # pkg/controller/sandboxclaim/core/common_control.go

Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - Fail fast on cpu resize. - Shorten cpu resize related extension key names. - Add resize subresource fallback for K8s < 1.33. - Watch pod.Status.Resize field changes in pod event handler for K8s 1.27-1.32. - Sync Sandbox Ready condition with Pod Ready regardless of inplace update outcome. - Block checkSandboxReady during InplaceUpdating state to avoid premature ready signal before resize completes. - Enhance E2E tests: verify actual pod spec resources after resize.

…antics Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - add RetryOnConflict for pod resize update and regenerate resize body with latest resourceVersion - set Sandbox InplaceUpdate condition status to False on Failed, keep Succeeded as True - avoid overwriting Ready condition transition metadata when pod ready status is unchanged - move CPU resize feature-gate check from buildClaimOptions to EnsureClaimClaiming precondition - remove unused `pods/resize` permission from sandbox-manager RBAC - clean up/add some comments - add cpu resize and image upgrade failed e2e cases

Signed-off-by: PersistentJZH <zhihao.kan17@gmail.com> - mark inplace update in-progress per successful sub-step - change feature gate name to SandboxInplaceUpdateReasonInplaceUpdating

furykerry · 2026-04-20T05:08:20Z

+			return infra.ClaimSandboxOptions{}, fmt.Errorf("resources must specify at least one of requests or limits")
+		}
+		for _, rl := range []corev1.ResourceList{res.Requests, res.Limits} {
+			if cpu, ok := rl[corev1.ResourceCPU]; ok {


this check should be generic enough and not limited to cpu resources

furykerry · 2026-04-20T05:19:19Z

+	if pod.Spec.Resources != nil {
+		processResourceList(requests, pod.Spec.Resources.Requests)
+		processResourceList(limits, pod.Spec.Resources.Limits)
+		qosLimitResources := getQOSResources(pod.Spec.Resources.Limits)


rename qosLimitResources to qosLimitsFound to make the name consistent with the one in else clause

furykerry · 2026-04-20T05:35:23Z

+		}
+		utils.SetSandboxCondition(newStatus, cond)
+
+		// Update ready condition to in-progress


can we not update the sandbox ready condition to false?

furykerry · 2026-04-20T05:48:31Z

+		if tmpl, ok := templateContainers[afterPod.Spec.Containers[i].Name]; ok {
+			afterPod.Spec.Containers[i].Resources = tmpl.Resources
+		}
+	}


besides qos changes, can we also check whether limit > request here in case the user only specify request, but the request is larger than the limit in the warm pool

furykerry

/lgtm
/approve

kruise-bot · 2026-04-20T06:57:32Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: furykerry

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

kruise-bot added do-not-merge/work-in-progress size/XXL labels Mar 29, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch from 767e305 to 1d13c3b Compare March 29, 2026 09:58

github-advanced-security AI found potential problems Mar 29, 2026

View reviewed changes

Comment thread pkg/utils/inplaceupdate/inplace_update.go Fixed

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch 2 times, most recently from b3b25d4 to 87510f7 Compare March 29, 2026 10:12

furykerry reviewed Apr 2, 2026

View reviewed changes

Comment thread api/v1alpha1/sandboxclaim_types.go Outdated

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch from 87510f7 to 9ececb9 Compare April 3, 2026 12:19

kruise-bot added the needs-rebase label Apr 3, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch from 9ececb9 to 73c494a Compare April 3, 2026 12:47

kruise-bot removed the needs-rebase label Apr 3, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch 5 times, most recently from 8f0e5ed to 167d42c Compare April 6, 2026 16:58

PersistentJZH changed the title ~~[WIP]feat: support inplace CPU resize for warm pool sandboxes~~ feat: support inplace CPU resize for warm pool sandboxes Apr 6, 2026

kruise-bot removed the do-not-merge/work-in-progress label Apr 6, 2026

kruise-bot added the needs-rebase label Apr 9, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch from 167d42c to 81938f3 Compare April 10, 2026 02:16

kruise-bot removed the needs-rebase label Apr 10, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch 2 times, most recently from c85baf0 to 6ecb3bf Compare April 10, 2026 02:54

kruise-bot added the needs-rebase label Apr 13, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch from 6ecb3bf to 026e3ab Compare April 13, 2026 14:14

kruise-bot removed the needs-rebase label Apr 13, 2026

PersistentJZH force-pushed the feat/support-inplace-resize-cpu branch 2 times, most recently from 90d431e to 95e0097 Compare April 13, 2026 14:36

kruise-bot added the needs-rebase label Apr 17, 2026