K8s Component task-executor v0.2.0

What's New

Changes included since k8s/task-executor/v0.1.0.
Scoped paths: kubernetes.

✨ Features

• feat(k8s): Add auto-assign pool for batchsandbox
• feat(snapshot): support public snapshots api on Kubernetes runtime
• feat(server,helm): support env override for api_key
• feat(release): sign and attest release artifacts
• feat(k8s): Add pool auto-assign proposal doc
• feat(server,k8s): implement pause/resume with rootfs snapshot support (#668)
• feat(k8s): add recycle handler;refactor allocator
• feat(server): implement OSEP-0011 signed endpoint for secure route access (#787)
• feat: auto-create/delete PVC and Docker volumes via per-volume API fields (#660)
• feat(k8s): use patch to update batchsandbox status instead of update
• feat(k8s): opt pool controller sync alloc cocurrently and add controller workers flag
• feat(k8s): add Pool rolling update maxUnavailable, close #610 (#610)
• feat(pool): add scaleStrategy to control scaling behavior
• feat(k8s): fix in-memory allocation state polluted by same pool name bug
• feat(k8s): add eviction handler in pool
• feat(k8s): fix recover failed bug
• feat(k8s): add e2e test cases for in-memory pool allocation state
• feat(k8s): fix multi-namespace pool allocation issue; fix recover bug on startup
• feat(k8s): refactor pool allocation store to in-memory, to fix K8s crd size limitation
• feat(k8s): add logs in alloc & pool
• feat(k8s): fix pool alloc atomic bug
• feat(server): configure egress enforcement mode and centralize sidecar env names
• feat(controller): add kube client rate limiter flags and configuration (#490)
• feat(secure-container): add gVisor and Kata RuntimeClass support with e2e tests and secure-container guide docs

🐛 Bug Fixes

• fix(k8s): batchsandboxe.status.conditions.type missing "Paused"
• fix(snapshot): harden Kubernetes public snapshot runtime
• fix(helm): move extraEnv under server.env for consistent config grouping
• fix(kubernetes): remove pool allocation finalizer on detach
• fix: verify self-signed controller CA signatures
• fix: build controller package target
• fix: enforce crypto key length policy
• fix(chart/controller): coerce kubeClient.qps/burst to int before gt comparison (#770)
• fix(chart/server): wire imagePullSecrets into ServiceAccount and Deployment (#767)
• fix(config): correct log level TOML key across docs, tests, and deploys
• fix(k8s): fix status deep equal compare, close #638 (#638)
• fix(ingress): avoid full scan
• fix(k8s): remove redundant append in scaleBatchSandbox loop
• fix(pool): correct pod creation count calculation and logging
• fix(k8s): fix available status check in pool status cal
• fix(controller): delete dirty pods in pool allocation
• fix(kubernetes): set SandboxImage to always use TaskExecutorImage in test utils for Kind compatibility
• fix(scheduler): schedule tasks on new pods when BatchSandbox scales out (#102)
• fix: add server rbac for secrets
• fix(kubernetes): update deployment namespace and name in Makefile

⚠️ Breaking Changes

• None

📦 Misc

• chore(chart): bump opensandbox-controller chart version to 0.2.0
• chore: bump execd to v1.0.16
• chore: bump egress to v1.0.11
• chore: bump execd to v1.0.15
• chore(chart): bump opensandbox-server image to v0.1.13
• docs(helm): clarify chart and app versioning
• Update agent guidance docs
• chore: bump ingress to v1.0.7
• chore: bump egress to v1.0.10
• chore(deps): bump github.com/moby/spdystream in /kubernetes
• build: make native Go builds repeatable
• fix e2e
• fix ut
• chore: bump execd to v1.0.14
• chore: bump OpenTelemetry Go dependencies
• chore: bump egress to v1.0.9
• refactor(kubernetes): move crypto policy helpers
• chore(chart): bump opensandbox-server image to v0.1.12
• docs(k8s): Add docs to provide harness
• chore: bump execd to v1.0.13
• chore(chart): bump opensandbox-server image to v0.1.11
• chore: bump egress to v1.0.8
• chore: bump execd to v1.0.12
• chore: add Dockerfile.dockerignore to reduce build context (#718)
• chore(k8s): refactor task schedule func call in pool controller
• chore(chart): bump opensandbox-server image to v0.1.10
• chore: bump egress to v1.0.7
• chore: bump execd to v1.0.11
• bump ingress gateway to 1.0.6
• chore: bump execd to v1.0.10
• chore: bump egress to v1.0.6
• test(pool_controller): add MaxUnavailable scale strategy to pool specs in tests
• docs(kubernetes): add scaleStrategy option to control scaling rate
• chore: bump egress to v1.0.4
• chore(deps): bump google.golang.org/grpc in /kubernetes
• test(runtime): improve timing waits in process test cases
• chore: bump ingress to 1.0.5 (#560)
• chore: bump execd to v1.0.9 (#564)
• chore: build image for dockerhub
• chore: bump opensandbox server to 0.1.8
• chore: merge kubernetes test workflow
• chore(kubernetes): refactor test code and Makefile for image variables instead of hard-coded strings
• chore: bump execd to v1.0.7 (#451)
• chore: bump code-interpreter to v1.0.2 (#460)
• chore: dump server to 0.1.7 and ingress to 1.0.4
• chore(charts): bump ingress image to v1.0.3
• docs(kubernetes): clarify pause/resume API support status
• chore(k8s): add opensandbox release chart(all-in-one) & update controller release name
• chore(server): add logger instance to main module
• docs(k8s): update error server version in chart value
• docs(k8s): update pool samples
• chore(k8s): update server helm template
• test(e2e_runtime): remove unused gvisor batchsandbox and pool test data YAML files
• test(gvisor): add gVisor binaries download and improve cluster setup
• chore(deps): bump go.opentelemetry.io/otel/sdk in /kubernetes
• test(kata): remove all e2e Kata Containers runtime tests and related testdata

👥 Contributors

Thanks to these contributors ❤️

• @jiangqianjun.jqj
• @github-actionsbot
• @yoogoc
• @baiaoshh
• @wenxiang.jin
• @pingshan.wj
• @fengjianhui.fjh
• @sauce
• @yutian.taoyt
• @dependabotbot
• @Pangjiping
• @changren-wcr
• @gongxiangfeng
• @premprakashsharma.dev
• @pangjiping.pjp
• @qiyan.zm
• @hi
• @liuxiaopai-ai