fix(k8s): add per-process ulimit parity with docker backend#1875
Open
larryro wants to merge 1 commit into
Open
fix(k8s): add per-process ulimit parity with docker backend#1875larryro wants to merge 1 commit into
larryro wants to merge 1 commit into
Conversation
The docker runtime enforces --pids-limit=128, --ulimit fsize=100MB,
--ulimit cpu=600, --ulimit core=0, and nofile=1024:4096
(docker-args.ts:117-135). The k8s runner pod had no per-process
equivalent — a fork-heavy or single-giant-file workload behaved
differently across backends (silent file-skip vs prompt RUNTIME_ERROR).
Fix: add ulimit calls to RUNNER_WRAPPER before the entrypoint
invocation. Busybox sh supports ulimit, making this a zero-dependency
mechanism that works under both runc and gVisor without any image
changes or external tooling.
Map:
docker --pids-limit=128 → ulimit -u 128
docker --ulimit fsize=100MB→ ulimit -f 204800 (100 MB in 512-byte blocks)
docker --ulimit cpu=600 → ulimit -t 600
docker --ulimit core=0 → ulimit -c 0
docker --ulimit nofile=1024:4096 → ulimit -n 1024 (soft only;
the k8s Pod securityContext already prevents ulimit elevation, and
the hard limit is bounded by /etc/security/limits.d in the image)
Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
📝 WalkthroughWalkthroughThis PR implements per-process resource limits in the Kubernetes runner container to achieve parity with the docker backend's resource constraints. The Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@services/sandbox/src/backend/kubernetes/k8s-pod-spec.test.ts`:
- Around line 146-149: The test currently only asserts that 'ulimit -u' appears
before '/entrypoint.sh' which misses regressions for the second ulimit; update
the assertion on c.command?.[2] to also verify that 'ulimit -n 1024' appears
before '/entrypoint.sh' (and optionally assert 'ulimit -u' index is less than
'ulimit -n 1024' to preserve order), i.e. compute indices for 'ulimit -u',
'ulimit -n 1024', and '/entrypoint.sh' and assert both ulimit indices are <
entrypointIndex (and ulimitUIndex < ulimitNIndex if you want strict ordering).
In `@services/sandbox/src/backend/kubernetes/k8s-pod-spec.ts`:
- Around line 103-104: The RUNNER_WRAPPER currently runs `ulimit -u ...` which
the target /bin/sh rejects causing startup failure; update the RUNNER_WRAPPER to
avoid failing on unsupported ulimit flags by either removing the `-u` limit,
executing the commands under a shell that supports `-u` (e.g., bash) when
available, or guarding the call so unsupported options do not cause non‑zero
exit (e.g., test shell capability or append a fallback like `|| true` to the
`ulimit -u` invocation). Modify the RUNNER_WRAPPER definition (the
constant/variable named RUNNER_WRAPPER in k8s-pod-spec.ts) to implement one of
these safe approaches so the wrapper does not abort startup when `/bin/sh`
rejects `-u`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: c823273b-bd57-4a5e-9040-9d58c3bd2b8f
📒 Files selected for processing (2)
services/sandbox/src/backend/kubernetes/k8s-pod-spec.test.tsservices/sandbox/src/backend/kubernetes/k8s-pod-spec.ts
Comment on lines
+146
to
+149
| // ulimit lines appear BEFORE the entrypoint invocation. | ||
| expect(c.command?.[2].indexOf('ulimit -u')).toBeLessThan( | ||
| c.command?.[2].indexOf('/entrypoint.sh'), | ||
| ); |
Contributor
There was a problem hiding this comment.
Order assertion is incomplete for the second ulimit line
Line 147 only verifies ulimit -u appears before /entrypoint.sh. If ulimit -n 1024 moves below entrypoint, this test still passes while parity regresses.
Proposed test hardening
expect(c.command?.[2].indexOf('ulimit -u')).toBeLessThan(
c.command?.[2].indexOf('/entrypoint.sh'),
);
+ expect(c.command?.[2].indexOf('ulimit -n 1024')).toBeLessThan(
+ c.command?.[2].indexOf('/entrypoint.sh'),
+ );📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // ulimit lines appear BEFORE the entrypoint invocation. | |
| expect(c.command?.[2].indexOf('ulimit -u')).toBeLessThan( | |
| c.command?.[2].indexOf('/entrypoint.sh'), | |
| ); | |
| // ulimit lines appear BEFORE the entrypoint invocation. | |
| expect(c.command?.[2].indexOf('ulimit -u')).toBeLessThan( | |
| c.command?.[2].indexOf('/entrypoint.sh'), | |
| ); | |
| expect(c.command?.[2].indexOf('ulimit -n 1024')).toBeLessThan( | |
| c.command?.[2].indexOf('/entrypoint.sh'), | |
| ); |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@services/sandbox/src/backend/kubernetes/k8s-pod-spec.test.ts` around lines
146 - 149, The test currently only asserts that 'ulimit -u' appears before
'/entrypoint.sh' which misses regressions for the second ulimit; update the
assertion on c.command?.[2] to also verify that 'ulimit -n 1024' appears before
'/entrypoint.sh' (and optionally assert 'ulimit -u' index is less than 'ulimit
-n 1024' to preserve order), i.e. compute indices for 'ulimit -u', 'ulimit -n
1024', and '/entrypoint.sh' and assert both ulimit indices are < entrypointIndex
(and ulimitUIndex < ulimitNIndex if you want strict ordering).
Comment on lines
+103
to
+104
| `ulimit -u 128 -f 204800 -t 600 -c 0`, | ||
| `ulimit -n 1024`, |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Verifies shell behavior for the current combined-vs-split ulimit form.
# Expected: combined form fails or behaves unexpectedly; split form succeeds.
if command -v busybox >/dev/null 2>&1; then
echo "== busybox sh =="
busybox sh -c 'ulimit -u 128 -f 204800 -t 600 -c 0; echo "combined_exit=$?"' || true
busybox sh -c 'ulimit -u 128; ulimit -f 204800; ulimit -t 600; ulimit -c 0; ulimit -n 1024; echo "split_exit=$?"'
fi
echo "== system /bin/sh =="
/bin/sh -c 'ulimit -u 128 -f 204800 -t 600 -c 0; echo "combined_exit=$?"' || true
/bin/sh -c 'ulimit -u 128; ulimit -f 204800; ulimit -t 600; ulimit -c 0; ulimit -n 1024; echo "split_exit=$?"'Repository: tale-project/tale
Length of output: 205
Fix ulimit invocation in RUNNER_WRAPPER to prevent startup failure
- In this environment,
/bin/shrejectsulimit -uwithIllegal option -u(exit code2), so the combined form fails and the split form still errors on the-ustep—splitting alone won’t resolve it. - Update the wrapper to only set limits supported by the target shell/container (or guard/ignore unsupported
ulimit -u), especially if the wrapper usesset -e/fails on non-zero.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@services/sandbox/src/backend/kubernetes/k8s-pod-spec.ts` around lines 103 -
104, The RUNNER_WRAPPER currently runs `ulimit -u ...` which the target /bin/sh
rejects causing startup failure; update the RUNNER_WRAPPER to avoid failing on
unsupported ulimit flags by either removing the `-u` limit, executing the
commands under a shell that supports `-u` (e.g., bash) when available, or
guarding the call so unsupported options do not cause non‑zero exit (e.g., test
shell capability or append a fallback like `|| true` to the `ulimit -u`
invocation). Modify the RUNNER_WRAPPER definition (the constant/variable named
RUNNER_WRAPPER in k8s-pod-spec.ts) to implement one of these safe approaches so
the wrapper does not abort startup when `/bin/sh` rejects `-u`.
larryro
added a commit
that referenced
this pull request
Jun 11, 2026
Fixes found by a live chat -> Claude Code -> GitHub PR run (produced #1875): - bifrost_admin: rewrite the VK mint body for the actual v1.4.8 governance API (name required, provider_configs is a per-provider array, budget is singular and rejects reset_duration 'never', team_id/customer_id are mutually exclusive FKs — attribution moves into the key name, response is {virtual_key:{id,value}}) - toGatewayModelRef: Bifrost routes provider/model and rejects Tale's colon-qualified refs; upstreams don't understand the @quant qualifier either — translate at the gateway boundary only - run_external_agent: split EXTERNAL_AGENT_GATEWAY_URL (gateway as seen from inside the session container) from BIFROST_URL (management plane as seen from convex) so host bun-dev convex doesn't leak a host-only URL into the sandbox; wire the until-now-uncalled Tier-2 credential broker (github grant per turn via sessionEnvPatch) so the agent can push branches and open PRs - run_agent: expose runAgentInSessionImpl for direct same-process calls — a ctx.runAction hop is killed at ~300s in self-hosted Convex (the parent's finally then revokes the VK under the still-running agent); forward systemPromptAppend, which previously threw ArgumentValidationError for any agent with instructions - claude-code.json: add openrouter:deepseek/deepseek-v4-flash to supportedModels (verified working through the /anthropic translation path)
larryro
added a commit
that referenced
this pull request
Jun 12, 2026
Fixes found by a live chat -> Claude Code -> GitHub PR run (produced #1875): - bifrost_admin: rewrite the VK mint body for the actual v1.4.8 governance API (name required, provider_configs is a per-provider array, budget is singular and rejects reset_duration 'never', team_id/customer_id are mutually exclusive FKs — attribution moves into the key name, response is {virtual_key:{id,value}}) - toGatewayModelRef: Bifrost routes provider/model and rejects Tale's colon-qualified refs; upstreams don't understand the @quant qualifier either — translate at the gateway boundary only - run_external_agent: split EXTERNAL_AGENT_GATEWAY_URL (gateway as seen from inside the session container) from BIFROST_URL (management plane as seen from convex) so host bun-dev convex doesn't leak a host-only URL into the sandbox; wire the until-now-uncalled Tier-2 credential broker (github grant per turn via sessionEnvPatch) so the agent can push branches and open PRs - run_agent: expose runAgentInSessionImpl for direct same-process calls — a ctx.runAction hop is killed at ~300s in self-hosted Convex (the parent's finally then revokes the VK under the still-running agent); forward systemPromptAppend, which previously threw ArgumentValidationError for any agent with instructions - claude-code.json: add openrouter:deepseek/deepseek-v4-flash to supportedModels (verified working through the /anthropic translation path)
larryro
added a commit
that referenced
this pull request
Jun 13, 2026
Fixes found by a live chat -> Claude Code -> GitHub PR run (produced #1875): - bifrost_admin: rewrite the VK mint body for the actual v1.4.8 governance API (name required, provider_configs is a per-provider array, budget is singular and rejects reset_duration 'never', team_id/customer_id are mutually exclusive FKs — attribution moves into the key name, response is {virtual_key:{id,value}}) - toGatewayModelRef: Bifrost routes provider/model and rejects Tale's colon-qualified refs; upstreams don't understand the @quant qualifier either — translate at the gateway boundary only - run_external_agent: split EXTERNAL_AGENT_GATEWAY_URL (gateway as seen from inside the session container) from BIFROST_URL (management plane as seen from convex) so host bun-dev convex doesn't leak a host-only URL into the sandbox; wire the until-now-uncalled Tier-2 credential broker (github grant per turn via sessionEnvPatch) so the agent can push branches and open PRs - run_agent: expose runAgentInSessionImpl for direct same-process calls — a ctx.runAction hop is killed at ~300s in self-hosted Convex (the parent's finally then revokes the VK under the still-running agent); forward systemPromptAppend, which previously threw ArgumentValidationError for any agent with instructions - claude-code.json: add openrouter:deepseek/deepseek-v4-flash to supportedModels (verified working through the /anthropic translation path)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1851 — the K8s runner pod now applies the same per-process ulimits as the Docker backend, making resource enforcement behavior consistent across backends.
Docker reference (docker-args.ts:117-135)
--pids-limit=128ulimit -u 128--ulimit fsize=104857600ulimit -f 204800--ulimit cpu=600ulimit -t 600--ulimit core=0ulimit -c 0--ulimit nofile=1024:4096ulimit -n 1024Approach
Added
ulimitcalls toRUNNER_WRAPPERbefore the entrypoint invocation. This is the most practical option from the issue's list:ulimit, so no image changes or external tooling neededThe pod-level
securityContextalready prevents ulimit elevation, so the soft limits applied here are authoritative.Tests
All 19 existing
k8s-pod-spec.test.tstests pass. Added ulimit-specific assertions verifying:beforethe entrypoint invocation in the wrapper scriptCo-Authored-By: Claude noreply@anthropic.com
Summary by CodeRabbit
Bug Fixes
Tests