Kubernetes Sandbox Topology
Kubernetes sandbox pods run the OpenShell supervisor in combined topology by
default. Combined topology keeps network, filesystem, and process controls in
the agent pod so the supervisor can enforce the complete OpenShell sandbox
contract before launching the workload.
Choose a Topology
The default combined topology preserves the full OpenShell enforcement model.
Use it when you need OpenShell to apply all sandbox controls inside the workload
pod and your cluster policy permits the required Linux capabilities.
Additional Kubernetes sandbox topologies are still being designed. Until they
are documented as supported configuration values, combined is the only
supported value for supervisor.topology.
Privilege Model
The long-running container permissions for combined topology are:
Short-lived setup containers still have the permissions needed to prepare the pod:
Combined Topology
Combined topology is the original Kubernetes mode and remains the default. The agent container starts the OpenShell supervisor, and the supervisor launches the workload after applying sandbox setup.
Combined topology keeps these controls in one supervisor path:
- Network endpoint and L7 policy enforcement.
- Filesystem policy enforcement.
- Process and binary identity checks.
- Privilege drop into the sandbox user.
- Gateway relay, SSH sessions, exec, and file sync.
Because the supervisor performs network namespace setup and process/filesystem controls from the agent container, Kubernetes grants that container elevated Linux capabilities. Use this mode when you need the complete OpenShell sandbox contract and your cluster policy permits those capabilities.
RuntimeClass Isolation
RuntimeClass isolation can add a stronger container boundary for the sandbox workload when the cluster supports it. Runtime classes do not replace the combined topology’s supervisor controls; they add another isolation boundary around the same supervised workload.
You can set a default runtime class in the Kubernetes driver configuration or override it per sandbox with driver config:
Configure Combined Mode
For direct gateway TOML configuration, leave supervisor_topology unset, or
set it to combined, to use the default single-container supervisor path:
When the Helm chart renders gateway.toml, leave supervisor.topology unset,
or set it to combined, to produce the same driver configuration:
Next Steps
- To install OpenShell on Kubernetes, refer to Setup.
- To configure gateway authentication, refer to Access Control.
- To review the driver fields, refer to Gateway Configuration File.