TencentCloud/CubeSandbox v0.2.0 on GitHub

2026.05.07 Release v0.2.0

Web Management Console (Dashboard): A brand-new visual management UI with cluster overview, node and sandbox status, template management, and API key management; new CubeAPI web endpoints added to back the Dashboard.
PVM Deployment Mode: Powered by PVM (Pagetable-based Virtual Machine), ordinary cloud servers can now run CubeSandbox without bare-metal or nested virtualization. Tencent Cloud has deployed and validated PVM instances at scale in production, with improvements open-sourced in the OpenCloudOS kernel.

Custom DNS for template creation: cubemastercli template gains a --dns flag, allowing a custom DNS server address to be specified when creating a template image.

Fixed disk QoS (blk_qos) having no effect: Cubelet was reading the QoS annotation with the wrong key, silently ignoring IOPS/bandwidth limits; limits now apply as configured.
Fixed host-mount requests being silently dropped: CubeAPI wrote the annotation with key host-mount while CubeMaster read with hostdir-mount; the mismatch caused all host directory mounts to be ignored. Keys are now aligned and host-mount works correctly.
Fixed Cubelet mount namespace not receiving host mount events: Cubelet created its mount namespace in private mode, blocking propagation of subsequent host mounts; changed to slave mode so host mount events propagate one-way into the Cubelet namespace without affecting the host.
Fixed DeadGC permanently freezing paused sandboxes: scanDeadContainer issued a state() call to the shim while the sandbox held its mutex (during pausing/paused), causing a 5 s timeout, Cubelet marking the sandbox UNKNOWN, and CubeMaster giving up on resume. DeadGC now skips sandboxes in pausing/paused states.

Disabled virtio-net TAP offloads (TSO/UFO/CSUM): The hypervisor previously advertised hardware offload features to the guest; CHECKSUM_PARTIAL packets emitted by the guest could cause network errors or even disable tx-checksumming on the host NIC, affecting other tenants. The hypervisor no longer advertises these features; the guest handles checksumming and segmentation itself.

Cubelet CLI logging standardization: Migrated legacy myPrint output in cubecli sub-commands (cubebox, network, storage, volume, etc.) to structured logging.
Dead code removal: Removed the unused AppId field from CubeMaster affinityutil tests.

New PVM Deployment guide (Chinese & English): full walkthrough covering PVM host kernel installation, GRUB configuration, module loading, and verification.
Quick Start updated: ordinary cloud servers can now be used via PVM — no bare-metal required.
Updated code-sandbox-quickstart example README (Chinese & English).