Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/alibaba/OpenSandbox/llms.txt

Use this file to discover all available pages before exploring further.

OpenSandbox provides flexible resource management capabilities to control CPU, memory, and other system resources for sandboxed environments.

Resource Limits

Kubernetes-style Resource Specs

OpenSandbox uses Kubernetes-style resource specifications for CPU and memory limits: 
curl -X POST "http://localhost:8080/v1/sandboxes" \
  -H "OPEN-SANDBOX-API-KEY: your-secret-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "image": {"uri": "python:3.11-slim"},
    "entrypoint": ["python", "-m", "http.server", "8000"],
    "timeout": 3600,
    "resourceLimits": {
      "cpu": "500m",
      "memory": "512Mi"
    }
  }'

CPU Specifications

Format: "<number>m" (millicores) or "<number>" (cores) Examples:
  • "100m" = 0.1 CPU cores (100 millicores)
  • "500m" = 0.5 CPU cores
  • "1" = 1 full CPU core
  • "2" = 2 CPU cores
Use Cases:
Workload TypeRecommended CPUExample
Lightweight scripts100m - 250mSimple Python/Node.js scripts
API services250m - 500mREST API endpoints
Compute tasks500m - 2Data processing, ML inference
Heavy computation2+Training, video processing

Memory Specifications

Format: "<number>Ki/Mi/Gi" (Kibibytes/Mebibytes/Gibibytes) Examples:
  • "128Mi" = 128 Mebibytes
  • "512Mi" = 512 Mebibytes
  • "1Gi" = 1 Gibibyte
  • "4Gi" = 4 Gibibytes
Use Cases:
Workload TypeRecommended MemoryExample
Minimal processes64Mi - 128MiShell scripts, curl
Lightweight apps128Mi - 512MiNode.js, Python web servers
Standard apps512Mi - 2GiDjango, Spring Boot
Memory-intensive2Gi+In-memory databases, ML models

Docker Runtime Resource Controls

Process Limits

Prevent fork bombs by limiting the number of processes: 
# ~/.sandbox.toml
[docker]
pids_limit = 512  # Maximum number of processes
Set to null to disable the limit: 
[docker]
pids_limit = null

Security Capabilities

Drop dangerous Linux capabilities to reduce attack surface: 
[docker]
drop_capabilities = [
  "AUDIT_WRITE",
  "MKNOD",
  "NET_ADMIN",
  "NET_RAW",
  "SYS_ADMIN",
  "SYS_MODULE",
  "SYS_PTRACE",
  "SYS_TIME",
  "SYS_TTY_CONFIG"
]
no_new_privileges = true
Security Features:
Removes Linux capabilities from containers:
  • AUDIT_WRITE: Prevents writing to audit log
  • MKNOD: Prevents creating special files
  • NET_ADMIN: Prevents network configuration changes
  • NET_RAW: Prevents raw socket access
  • SYS_ADMIN: Prevents most privileged operations
  • SYS_MODULE: Prevents loading kernel modules
  • SYS_PTRACE: Prevents process tracing
  • SYS_TIME: Prevents system time changes
  • SYS_TTY_CONFIG: Prevents TTY configuration
Prevents processes from gaining additional privileges through setuid/setgid bits or capabilities.When enabled:
  • Blocks privilege escalation attacks
  • Prevents execution of setuid binaries
  • Improves container security posture
Apply mandatory access control using AppArmor:
[docker]
apparmor_profile = "docker-default"
Leave empty ("") to use Docker’s default profile or disable AppArmor.
Restrict system calls using Seccomp:
[docker]
seccomp_profile = "/path/to/custom-seccomp.json"
  • Empty string: Use Docker’s default seccomp profile
  • Absolute path: Load custom seccomp profile from file

Kubernetes Resource Pooling

Pool Configuration

Configure resource pools with capacity limits: 
apiVersion: sandbox.opensandbox.io/v1alpha1
kind: Pool
metadata:
  name: example-pool
spec:
  template:
    spec:
      containers:
      - name: sandbox-container
        image: nginx:latest
        resources:
          limits:
            cpu: "500m"
            memory: "512Mi"
          requests:
            cpu: "250m"
            memory: "256Mi"
  capacitySpec:
    bufferMin: 2      # Minimum standby resources
    bufferMax: 10     # Maximum standby resources
    poolMin: 5        # Minimum total pool size
    poolMax: 20       # Maximum total pool size

Capacity Parameters

ParameterDescriptionPurpose
bufferMinMinimum available resourcesEnsures instant provisioning
bufferMaxMaximum available resourcesControls standby cost
poolMinMinimum total pool sizeBaseline capacity
poolMaxMaximum total pool sizeResource ceiling
Example Scenario:
  • poolMin: 5 → Always maintain 5 total resources
  • poolMax: 20 → Never exceed 20 total resources
  • bufferMin: 2 → Keep at least 2 ready for allocation
  • bufferMax: 10 → Don’t pre-warm more than 10

Resource Requests vs Limits

resources:
  requests:     # Minimum guaranteed resources
    cpu: "250m"
    memory: "256Mi"
  limits:       # Maximum allowed resources
    cpu: "500m"
    memory: "512Mi"
Best Practices:
  • Requests: Set to typical usage for scheduling
  • Limits: Set to maximum expected usage
  • Ratio: Keep limits 1.5-2x requests for burstability

Network Policy Resource Management

Egress Control

Control network egress to manage bandwidth and security: 
{
  "image": {"uri": "python:3.11-slim"},
  "entrypoint": ["python", "-m", "http.server", "8000"],
  "timeout": 3600,
  "resourceLimits": {
    "cpu": "500m",
    "memory": "512Mi"
  },
  "networkPolicy": {
    "defaultAction": "deny",
    "egress": [
      {"action": "allow", "target": "pypi.org"},
      {"action": "allow", "target": "*.python.org"}
    ]
  }
}
Requirements:
  • Docker bridge mode (network_mode = "bridge")
  • Egress sidecar configured:
[egress]
image = "opensandbox/egress:v1.0.1"

Sidecar Resource Impact

When using network policies, an egress sidecar is injected: Additional Resources:
  • CPU overhead: ~50m
  • Memory overhead: ~64Mi
  • Network namespace sharing
Example Total Resources: 
Main container:  500m CPU, 512Mi RAM
Egress sidecar:   50m CPU,  64Mi RAM
─────────────────────────────────────
Total:           550m CPU, 576Mi RAM

Storage and Volume Management

Host Path Allowlist

Restrict bind mount locations for security: 
[storage]
allowed_host_paths = [
  "/data/opensandbox",
  "/tmp/sandbox"
]
Security Considerations:
  • Empty list = all paths allowed (not recommended for production)
  • Restrict to specific directories
  • Use separate paths per team/project
  • Avoid mounting sensitive system paths

Volume Resource Limits

While OpenSandbox doesn’t directly limit disk space, you can:
  1. Use Docker storage driver limits:
docker run --storage-opt size=10G ...
  1. Mount limited tmpfs:
volumes:
- name: temp
  emptyDir:
    sizeLimit: "1Gi"
  1. Set PVC quotas in Kubernetes:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sandbox-storage
spec:
  resources:
    requests:
      storage: 5Gi

Timeout and Expiration Management

Sandbox TTL

Set automatic expiration for resource cleanup: 
{
  "image": {"uri": "python:3.11-slim"},
  "entrypoint": ["sleep", "infinity"],
  "timeout": 3600  // Expires after 1 hour
}

Renew Expiration

Extend sandbox lifetime before expiration: 
curl -X POST \
  "http://localhost:8080/v1/sandboxes/{sandbox_id}/renew-expiration" \
  -H "OPEN-SANDBOX-API-KEY: your-secret-api-key" \
  -H "Content-Type: application/json" \
  -d '{"expiresAt": "2024-01-15T12:30:00Z"}'

Failed Sandbox Cleanup

Configure cleanup for failed sandboxes: 
export PENDING_FAILURE_TTL=3600  # 1 hour in seconds
Failed sandboxes in “Pending” state are automatically cleaned up after this TTL.

Best Practices

Avoid over-provisioning:
  • Start with conservative limits (e.g., 250m CPU, 256Mi RAM)
  • Monitor actual usage via metrics
  • Adjust based on real workload patterns
  • Use requests < limits for burstability
Testing approach:
# Monitor resource usage
curl http://sandbox:44772/metrics

# Adjust limits based on observed usage
# If cpu_used_pct consistently >80%, increase CPU
# If mem_used_mib approaching limit, increase memory
Pool sizing strategy:
  • Set bufferMin to expected concurrent demand
  • Set bufferMax to handle burst traffic
  • Set poolMax to cluster capacity limits
  • Monitor pool allocation rates
Example calculations:
Expected concurrent users: 5
Peak burst: 15
Cluster capacity: 30

Recommended:
bufferMin: 5
bufferMax: 15
poolMax: 30
Production security baseline:
[docker]
drop_capabilities = [
  "AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW",
  "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE",
  "SYS_TIME", "SYS_TTY_CONFIG"
]
no_new_privileges = true
pids_limit = 512
apparmor_profile = "docker-default"
seccomp_profile = ""
Test security settings before deploying to production.
Timeout guidelines:
  • Short-lived tasks: 300-900 seconds (5-15 minutes)
  • Interactive sessions: 1800-3600 seconds (30-60 minutes)
  • Long-running jobs: 3600-7200 seconds (1-2 hours)
  • Background services: Use longer TTLs with renewal
Automatic cleanup:
# Clean up failed sandboxes after 1 hour
export PENDING_FAILURE_TTL=3600
Continuous optimization:
  1. Collect metrics over time
  2. Analyze resource usage patterns
  3. Identify underutilized resources
  4. Adjust limits to improve density
  5. Monitor for resource contention
Tools:
  • Prometheus for metrics aggregation
  • Grafana for visualization
  • Kubernetes resource quotas
  • Custom monitoring scripts

Environment Variables

VariableDescriptionDefault
SANDBOX_CONFIG_PATHOverride config file location~/.sandbox.toml
DOCKER_HOSTDocker daemon URLunix:///var/run/docker.sock
PENDING_FAILURE_TTLTTL for failed sandboxes (seconds)3600

Build docs developers (and LLMs) love

Get started for freeTalk to us