ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2026-05-07 01:02:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cd75ee160e2068ff22cfd3489bc69658274a3b15
FastGPT/deploy/helm/opensandbox/values.yaml
T
Jon 57a505f837 Agent skill dev (#6668) 
* chore: Rename service & container names for consistency in Docker configs (#6710)

* chore: Rename container names for consistency in Docker configs

* chore: Rename service names for consistency in Docker configs

chore: Update OpenSandbox versions and image repositories (#6709)

* chore: Update OpenSandbox versions and image repositories

* yml version

* images

* init yml

* port

---------

Co-authored-by: archer <545436317@qq.com>

refactor(chat): optimize sandbox status logic and decouple UI/Status hooks (#6713)

* refactor(chat): optimize sandbox status logic and decouple UI/Status hooks

* fix: useRef, rename onClose to afterClose

Update .env.template (#6720)

aiproxy默认的请求地址改成http协议

feat: comprehensive agent skill management and sandbox infrastructure optimization

- Skill System: Implemented a full skill management module including CRUD operations, folder organization, AI-driven skill generation, and versioning (switch/update).
- Sandbox Infrastructure: Introduced 'volume-manager' for PVC and Docker volume lifecycle management, replacing the MinIO sync-agent for better data persistence.
- Workflow Integration: Enhanced the Agent node to support skill selection and configuration, including new UI components and data normalization.
- Permission Management: Added granular permission controls for skills, supporting collaborators, owner transfers, and permission inheritance.
- UI/UX: Added a dedicated Skill dashboard, sandbox debug interface (terminal, logs, and iframe proxy), and comprehensive i18n support.
- Maintenance: Migrated Docker services to named volumes, optimized sandbox instance limits, and improved error handling for sandbox providers.

Co-authored-by: chanzhi82020 <chenzhi@sangfor.com.cn>
Co-authored-by: lavine77
Signed-off-by: Jon <ljp@sangfor.com.cn>

feat: hide skill

prettier

* perf: hide skill code

* fix: ts

* lock

* perf: tool code

* fix: ts

* lock

* fix: test

* fix: openapi

* lock

* fix: test

* null model

---------

Co-authored-by: archer <545436317@qq.com>
2026-04-07 22:52:03 +08:00

440 lines
11 KiB
YAML
Raw Blame History

# Default values for opensandbox-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Namespace configuration
# Controller and user resources use this namespace uniformly
namespaceOverride: "opensandbox"
# Name override configuration (optional)
# Used to customize the resource names generated by the Chart
nameOverride: ""
fullnameOverride: ""
# Controller image configuration
controllerManager:
image:
repository: opensandbox/controller
tag: "dev"
pullPolicy: Never
# Number of replicas
replicas: 1
# Resource limits
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
# Enable leader election (high availability)
leaderElect: true
# Health check address
healthProbeBindAddress: ":8081"
# Health check port (extracted from healthProbeBindAddress, or configured separately)
healthProbePort: 8081
# Log level
logLevel: 3
# Security context
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity
affinity: {}
# Environment variables
env: []
# - name: EXAMPLE_ENV
# value: "example-value"
# Additional container arguments
extraArgs: []
# - --some-arg=value
# Task Executor image configuration
# Note: task-executor is not an independently deployed service, but a sidecar container
# injected into Pods created by Pool for executing tasks.
# Only image information is configured here for users to use when creating Pool resources.
taskExecutor:
image:
repository: opensandbox/task-executor
tag: "dev"
pullPolicy: Never
# Task Executor default resource configuration (for Pool template reference)
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
# Task Executor required security context
securityContext:
capabilities:
add: ["SYS_PTRACE"] # Requires ptrace permission to inject processes
# OpenSandbox Server configuration
# Server is the FastAPI control plane that exposes REST API for SDK usage
# SDK creates and manages Sandbox through Server
server:
# Enable Server (required for SDK scenarios)
enabled: true
# Server image configuration
image:
repository: opensandbox/server
tag: "v0.1.9"
pullPolicy: Never
# Number of replicas
replicas: 1
# Resource limits
resources:
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
# Security context
# ⚠️ Security Warning: Server image currently runs as root user (uid=0)
# This is a known security concern and does not comply with Kubernetes best practices
# Production recommendations:
# 1. Use NetworkPolicy to restrict Server's network access
# 2. Use PodSecurityPolicy/PodSecurityStandard to restrict Pod permissions
# 3. Regularly audit Server logs and behavior
#
# TODO: Update Server Dockerfile to support non-root user (Issue: #xxx)
# Planned to be fixed in next version
securityContext: {} # Must be empty to allow root user execution
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity
affinity: {}
# Environment variables
env: []
# Additional container arguments
extraArgs: []
# Development mode (enable hot reload)
reload: false
# Pod annotations
podAnnotations: {}
# Pod labels
podLabels: {}
# Termination grace period (seconds)
terminationGracePeriodSeconds: 10
# Server configuration (written to ConfigMap)
config:
server:
host: "0.0.0.0"
port: 8080
logLevel: "INFO"
# API Key authentication (optional)
apiKey: ""
runtime:
type: "kubernetes"
execdImage: "opensandbox/execd:v1.0.5"
kubernetes:
# workloadProvider: batchsandbox (use Pool) or agent-sandbox
workloadProvider: "batchsandbox"
# BatchSandbox template configuration (for non-Pool mode)
batchsandboxTemplate:
# BatchSandbox labels (optional)
labels: {}
# Pod labels (optional)
podLabels: {}
# Node tolerations
tolerations:
- operator: "Exists"
# Node selector (optional)
nodeSelector: {}
# Service configuration
service:
# Service type: ClusterIP, NodePort, LoadBalancer
type: ClusterIP
port: 8080
# NodePort (effective when type=NodePort)
# Set to specific port number (30000-32767) or leave empty for automatic allocation
# Example: 30080
nodePort: null
annotations: {}
# Ingress configuration (optional)
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: opensandbox.example.com
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: opensandbox-tls
# hosts:
# - opensandbox.example.com
# Health probe configuration
healthProbes:
liveness:
path: /health
initialDelaySeconds: 15
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 3
readiness:
path: /health
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
# Metrics configuration
metrics:
enabled: true
service:
type: ClusterIP
port: 8443
# Enable ServiceMonitor (requires Prometheus Operator)
serviceMonitor:
enabled: false
interval: 30s
scrapeTimeout: 10s
# RBAC configuration
rbac:
# Create RBAC resources
create: true
# ServiceAccount configuration
serviceAccount:
# Create ServiceAccount
create: true
# Use existing ServiceAccount
name: ""
# ServiceAccount annotations
annotations: {}
# CRD configuration
crds:
# Whether to install CRD (set to true for first installation, can be set to false for upgrades)
install: true
# CRD annotations
annotations: {}
# Image pull secrets
imagePullSecrets: []
# - name: regcred
# Global labels
labels: {}
# Global annotations
annotations: {}
# Name prefix, used to generate resource names and namespace (namePrefix + "system")
namePrefix: "opensandbox-"
# Pod annotations
podAnnotations:
kubectl.kubernetes.io/default-container: manager
# Pod labels
podLabels: {}
# Termination grace period (seconds)
terminationGracePeriodSeconds: 10
# Pod Disruption Budget (optional)
# Used for high availability deployment to prevent too many Pods from being unavailable simultaneously
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1 # Mutually exclusive with minAvailable, choose one
# Health probe configuration
healthProbes:
liveness:
initialDelaySeconds: 15
periodSeconds: 20
timeoutSeconds: 1
failureThreshold: 3
readiness:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
# Extra user roles (optional)
extraRoles:
# Create BatchSandbox admin role
batchsandboxAdmin:
enabled: true
# Create BatchSandbox editor role
batchsandboxEditor:
enabled: true
# Create BatchSandbox viewer role
batchsandboxViewer:
enabled: true
# Create Pool admin role
poolAdmin:
enabled: true
# Create Pool editor role
poolEditor:
enabled: true
# Create Pool viewer role
poolViewer:
enabled: true
# Pool resource configuration
# Automatically create Pool resources during Helm deployment
# Default: Enable a general Agent Pool suitable for most SDK scenarios
pools:
# Default Agent Pool - SDK scenario (with execd + task-executor)
- name: agent-pool
enabled: true
labels:
app: opensandbox
component: agent-pool
annotations:
description: "Default Agent Pool with execd and task-executor for SDK usage"
template:
metadata:
labels:
pool: agent-pool
sdk-compatible: "true"
spec:
# Required: Share process namespace (required by task-executor)
shareProcessNamespace: true
# Init Container: Install execd (required for SDK scenario)
initContainers:
- name: execd-installer
image: opensandbox/execd:v1.0.5
imagePullPolicy: Never
command: ["/bin/sh", "-c"]
args:
- |
cp ./execd /opt/opensandbox/bin/execd && \
cp ./bootstrap.sh /opt/opensandbox/bin/bootstrap.sh && \
chmod +x /opt/opensandbox/bin/execd && \
chmod +x /opt/opensandbox/bin/bootstrap.sh
volumeMounts:
- name: opensandbox-bin
mountPath: /opt/opensandbox/bin
containers:
# Main container: Sandbox environment
- name: sandbox-container
image: nginx:latest
imagePullPolicy: Never
command: ["/opt/opensandbox/bin/bootstrap.sh", "sleep", "infinity"]
env:
- name: EXECD
value: /opt/opensandbox/bin/execd
ports:
- containerPort: 44772
name: execd
protocol: TCP
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
volumeMounts:
- name: opensandbox-bin
mountPath: /opt/opensandbox/bin
# Sidecar: Task Executor
- name: task-executor
image: opensandbox/task-executor:dev
imagePullPolicy: Never
ports:
- containerPort: 5758
name: task-executor
protocol: TCP
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
securityContext:
capabilities:
add: ["SYS_PTRACE"]
volumes:
- name: opensandbox-bin
emptyDir: {}
# Capacity configuration: Suitable for small to medium scale deployments (10-50 concurrent Agents)
capacitySpec:
bufferMin: 10 # Minimum available Pods
bufferMax: 20 # Maximum pre-warmed Pods
poolMin: 10 # Minimum total Pods
poolMax: 100 # Maximum total Pods
# Notes:
# - If Pool is not needed, set pools[0].enabled=false
# - If custom configuration is needed, override or add more Pools in values
# - Capacity configuration can be adjusted according to actual concurrency requirements:
# | Concurrent Agents | bufferMin | bufferMax | poolMin | poolMax |
# |------------------|-----------|-----------|---------|---------|
# | 1-10 | 2 | 5 | 2 | 20 |
# | 10-50 | 10 | 20 | 10 | 100 |
# | 50-200 | 50 | 100 | 50 | 300 |
# | 200+ | 100 | 200 | 100 | 500 |
Reference in New Issue View Git Blame Copy Permalink