alibaba/OpenSandbox server/v0.1.8 on GitHub

What's New

bump execd's image to v1.0.8 (#502)
Add [egress].mode (dns | dns+nft, default dns); wire to sidecar as OPENSANDBOX_EGRESS_MODE on both Docker and Kubernetes (#501)
add per-sandbox egress auth header generation and propagation through lifecycle endpoint responses (#492)
support no-timeout (manual cleanup) in Kubernetes sandbox service (#466)
support manual cleanup sandboxes (#446)
implement OSSFS storage for Docker service in sandbox lifecycle (#340)

Kubernetes egress: Run the sidecar privileged; use a startup command (sysctl for net.ipv6.conf.all.disable_ipv6, then /egress) instead of Pod securityContext.sysctls for IPv6; remove build_ipv6_disable_sysctls. (#501)
reuse a single volume per claim_name and add multiple volumeMounts instead of one volume per Volume object. (#458)
fix Docker server-proxy endpoint resolution for bridge sandboxes with egress sidecar by falling back to host-mapped endpoint resolution when internal IP resolution is not applicable (#492)
increase default pids_limit to 4096 for production use (#496)
increase default pids_limit to 4096 for production use (#495)
Fixes the issue where GET requests with query parameters fail through the sandbox proxy while POST requests succeed (#485)
fix: sanitize subprocess call in ossfs_mixin.py (#461)
treat the singular Trailer header as hop-by-hop in the sandbox proxy route (#479)
Remove duplicate sandbox_service instantiation in server lifespan (#468)
restore port allocation for user-defined Docker networks (#467)
fix(server): use asyncio.sleep instead of time.sleep in sandbox create (#489)
disable IPv6 in execd init for Kubernetes egress, fix #501 (#514)

Thanks to these contributors ❤️

PyPI: opensandbox-server==0.1.8
Docker Hub: opensandbox/server:v0.1.8
Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.8