encounter/adk-python
0
0
Fork 0
mirror of https://github.com/encounter/adk-python.git synced 2026-03-30 10:57:20 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
a959653cf367d6bbddf32564ebdca3bb52ce299d
adk-python/contributing/samples/code_execution/gke_sandbox_agent.py
T
Google Team Member 72ff9c64a2 feat: Add GkeCodeExecutor for sandboxed code execution on GKE #non-breaking 
Merge https://github.com/google/adk-python/pull/1629

close https://github.com/google/adk-python/issues/2170

### Summary

This PR introduces `GkeCodeExecutor`, a new code executor that provides a secure and scalable method for running LLM-generated code by leveraging GKE Sandbox. It serves as a robust alternative to local or standard containerized executors by leveraging the **GKE Sandbox** environment, which uses gVisor for workload isolation.

For each code execution request, it dynamically creates an ephemeral Kubernetes Job with a hardened Pod configuration, offering significant security benefits and ensuring that each code execution runs in a clean, isolated environment.

### Key Features of GkeCodeExecutor

* **Dynamic Job Creation**: Uses the Kubernetes `batch/v1` API to create a new Job for each code snippet.
* **Secure Code Mounting**: Injects code into the Pod via a temporary `ConfigMap`, which is mounted to a read-only file.
* **gVisor Sandboxing**: Enforces execution within a `gvisor` runtime for kernel-level isolation.
* **Hardened Security Context**: Pods run as non-root with all Linux capabilities dropped and a read-only root filesystem.
* **Resource Management**: Applies configurable CPU and memory limits to prevent abuse.
* **Automatic Cleanup**: Uses the `ttl_seconds_after_finished` feature on Jobs for robust, automatic garbage collection of completed Pods and Jobs.
* **Node Scheduling**: The executor uses Kubernetes `tolerations` in its Pod specification. This allows the k8s scheduler to place the execution Pod onto a **_pre-configured_** gVisor-enabled node.
* **Module Integration**: The `GkeCodeExecutor` is registered in the `code_executors/__init__.py`, making it available for use by agents. The `ImportError` handling is configured to check for the required `kubernetes` SDK.

### Execution Flow:

1.  Agent invokes `GkeCodeExecutor` with the LLM-generated code.
2.  The `GkeCodeExecutor` will `execute_code` – creates a temporary `ConfigMap`, and then create a k8s `Job` to run it.
3.  This Job runs a standard `python:3.11-slim` container. The image is pulled once to the node and cached. The Job will mount the ConfigMap as `/app/code.py`
4.  The GkeCodeExecutor will monitor the Job to completion, fetch `stdout/stderr` logs from the container, return `CodeExecutionResult` to the LlmAgent, and ensure all temp resources are deleted.
5.  The calling agent formats the result and provides a final response to the user. If the result contains error, it will retry up to `error_retry_attempts` times.

PiperOrigin-RevId: 804511467
2025-09-08 11:15:29 -07:00

50 lines
1.9 KiB
Python
Raw Blame History

# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""A Python coding agent using the GkeCodeExecutor for secure execution."""
from google.adk.agents import LlmAgent
from google.adk.code_executors import GkeCodeExecutor
def gke_agent_system_instruction():
"""Returns: The system instruction for the GKE-based coding agent."""
return """You are a helpful and capable AI agent that can write and execute Python code to answer questions and perform tasks.
When a user asks a question, follow these steps:
1. Analyze the request.
2. Write a complete, self-contained Python script to accomplish the task.
3. Your code will be executed in a secure, sandboxed environment.
4. Return the full and complete output from the code execution, including any text, results, or error messages."""
gke_executor = GkeCodeExecutor(
# This must match the namespace in your deployment_rbac.yaml where the
# agent's ServiceAccount and Role have permissions.
namespace="agent-sandbox",
# Setting an explicit timeout prevents a stuck job from running forever.
timeout_seconds=600,
)
root_agent = LlmAgent(
name="gke_coding_agent",
model="gemini-2.0-flash",
description=(
"A general-purpose agent that executes Python code in a secure GKE"
" Sandbox."
),
instruction=gke_agent_system_instruction(),
code_executor=gke_executor,
)
Reference in New Issue View Git Blame Copy Permalink