Agent Sandbox on Kubernetes: how it works and how to run it in production

Agent sandbox on Kubernetes is an open-source project developed under Kubernetes SIG Apps that provides a declarative, CRD-based API for managing isolated, stateful AI agent workloads on Kubernetes. It addresses the limitations of native Kubernetes primitives by offering lifecycle controls such as pause, resume, and scheduled deletion, along with strong isolation for untrusted code execution using gVisor and Kata Containers. This project formalizes infrastructure patterns previously assembled manually by platform engineers for AI workloads, allowing for the management of long-running, singleton container workloads with stable identity and persistent storage. Northflank offers production-grade sandbox infrastructure using Firecracker, Kata Containers, and gVisor, supporting both ephemeral and persistent environments across various cloud platforms and on-premises infrastructure. The project enhances the operational reality of running agent sandboxes in production by providing a standardized API and lifecycle management, replacing the need for manual combinations of StatefulSets, headless Services, and PersistentVolumeClaims.