k8e.sh β Open Source Agentic AI Sandbox Matrix. A CNCF-conformant Kubernetes distribution in a single binary under 100MB, purpose-built for secure, isolated AI agent execution at scale. Up and running in 60 seconds. Inspired by K3s.
curl -sfL https://k8e.sh/install.sh | sh -That's it. Your agentic sandbox matrix is ready. π€
π Table of Contents
π€ What is K8E?
K8E (Kubernetes Easy Engine) is an open-source, enterprise-grade Kubernetes distribution and the foundation for the Agentic AI Sandbox Matrix β a Kubernetes-native platform for running secure, isolated AI agent workloads at scale.
As autonomous AI agents increasingly generate and execute untrusted code, the need for robust sandboxing infrastructure becomes critical. K8E addresses this directly: it ships as a single binary with everything needed to spin up a production-grade Kubernetes cluster in under 60 seconds, with first-class primitives for agent isolation, resource governance, and ephemeral execution environments.
π One cluster. Many agents. Zero trust between them.
K8E is purpose-built for the AI era. The Agentic AI Sandbox Matrix provides Kubernetes-native infrastructure for deploying, isolating, and governing autonomous AI agent workloads.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AGENTIC AI SANDBOX MATRIX (K8E) β
β β
β ββββββββββββββββ ββββββββββββββββββββββββββββββββββββ β
β β LLM Agent βββββΆβ Sandbox Namespace β β
β β (any model) β β β β
β ββββββββββββββββ β ββββββββββββββββββββββββββββββ β β
β β β Isolated Pod β β β
β ββββββββββββββββ β β ββββββββββββββββββββββββ β β β
β β Tool Use βββββΆβ β β Untrusted Code Exec β β β β
β β Code/Browse β β β ββββββββββββββββββββββββ β β β
β ββββββββββββββββ β β Network Policy β β β
β β β Resource Quota β β β
β ββββββββββββββββ β β Kata / runc runtime β β β
β β OrchestratorβββββΆβ ββββββββββββββββββββββββββββββ β β
β β (MCP/A2A) β ββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Deploy an Agent Sandbox
# agent-sandbox.yaml apiVersion: v1 kind: Namespace metadata: name: agent-sandbox labels: sandbox: "true" --- apiVersion: v1 kind: Pod metadata: name: ai-agent namespace: agent-sandbox spec: containers: - name: agent image: python:3.11-slim resources: limits: memory: "512Mi" cpu: "500m" securityContext: runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true restartPolicy: Never
kubectl apply -f agent-sandbox.yaml
Sandbox Capabilities
| Capability | Description |
|---|---|
| π Hardware Isolation | Kata Containers integration for VM-level agent isolation |
| π Network Policies | Prevent agent data exfiltration between sandboxes |
| βοΈ Resource Quotas | Cap compute per agent to prevent runaway costs |
| ποΈ Ephemeral Workspaces | Auto-cleanup after agent session ends |
| π§ Stateful Runtimes | Persistent identity and storage for long-running agents |
| π€ agent-sandbox compatible | Works with kubernetes-sigs/agent-sandbox |
| π MCP / A2A ready | Orchestrate multi-agent pipelines declaratively |
β¨ Why K8E?
| Feature | What it means |
|---|---|
| π€ Agentic Sandbox Matrix | Native platform for secure AI agent execution |
| β‘ 60-second setup | Cluster running before your coffee brews |
| π¦ Single binary < 100MB | Download once, run anywhere |
| π Security hardened | Enterprise-grade policies built in |
| π CNCF Conformant | 100% standard Kubernetes β no vendor lock-in |
| ποΈ HA with embedded etcd | Production-grade clustering out of the box |
| 𧩠Cilium networking | eBPF-powered, high-performance networking |
| π» Multi-arch | x86_64, ARM64, RISC-V all supported |
| π Helm controller built-in | GitOps-ready from day one |
ποΈ Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β K8E CLUSTER β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β CONTROL PLANE (Server Node) β β
β β β β
β β ββββββββββββββββ βββββββββββββββ ββββββββββββ β β
β β β API Server β β Scheduler β β etcd β β β
β β ββββββββββββββββ βββββββββββββββ ββββββββββββ β β
β β ββββββββββββββββββββ βββββββββββββββββββββββββββ β β
β β β Controller Mgr β β Helm Controller β β β
β β ββββββββββββββββββββ βββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βββββββββββββ΄βββββββββββββ β
β ββββββββββββΌβββββββββββ ββββββββββββΌβββββββββββ β
β β WORKER NODE 1 β β WORKER NODE 2 β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β β β Agent Sandbox β β β β Agent Sandbox β β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β β β Containerd β β β β Containerd β β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β β β Cilium (CNI) β β β β Cilium (CNI) β β β
β β βββββββββββββββββ β β βββββββββββββββββ β β
β βββββββββββββββββββββββ βββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βοΈ Components
| Component | Version | Purpose |
|---|---|---|
| βΈοΈ Kubernetes | v1.35.x | Core orchestration engine |
| π· Cilium | Latest | eBPF networking & network policy enforcement |
| π¦ Containerd | v1.7.x | Container runtime |
| π etcd | v3.5.x | Distributed key-value store |
| π CoreDNS | v1.11.x | Cluster DNS |
| β Helm Controller | v0.16.x | GitOps & chart management |
| π Metrics Server | v0.7.x | Resource metrics |
| πΎ Local Path Provisioner | v0.0.30 | Persistent storage |
| π§ Kine | v0.13.x | etcd shim for SQLite/MySQL |
| π‘οΈ Runc / Kata | v1.2.x | OCI & hardware-isolated runtimes |
π Quick Start
Step 1 β Install K8E Server
curl -sfL https://k8e.sh/install.sh | sh -Step 2 β Verify
export KUBECONFIG=/etc/k8e/k8e.yaml
kubectl get nodesStep 3 β Add a Worker Node (Optional)
# Get token from server cat /var/lib/k8e/server/node-token # On worker machine curl -sfL https://k8e.sh/install.sh | \ K8E_TOKEN=<token> \ K8E_URL=https://<server-ip>:6443 \ INSTALL_K8E_EXEC="agent" \ sh -
π₯οΈ Installation Guide
π§ Linux
# Server curl -sfL https://k8e.sh/install.sh | sh - # Agent curl -sfL https://k8e.sh/install.sh | \ K8E_TOKEN=ilovek8e \ K8E_URL=https://<SERVER_IP>:6443 \ INSTALL_K8E_EXEC="agent" \ sh -
π³ Docker / Dev Mode
docker run -d --privileged \ -p 6443:6443 \ --name k8e-dev \ xiaods/k8e:latest server --cluster-init
β Verify
kubectl get nodes -o wide kubectl get pods -n kube-system cilium status
π§ Configuration
Environment Variables
# Server K8E_TOKEN=<secret> K8E_KUBECONFIG_OUTPUT=<path> K8E_KUBECONFIG_MODE=644 # Agent K8E_URL=https://<server>:6443 K8E_TOKEN=<secret>
Systemd
systemctl status k8e journalctl -u k8e -f systemctl restart k8e
π K8E vs The Alternatives
| Feature | K8E π | K3s | K8s (vanilla) | MicroK8s |
|---|---|---|---|---|
| Install time | ~60s | ~90s | ~20min | ~5min |
| Binary size | <100MB | ~70MB | ~1GB+ | ~200MB |
| Agentic Sandbox | β Native | β No | β οΈ Manual | β No |
| eBPF networking | β Cilium | β οΈ Optional | β οΈ Optional | β No |
| Enterprise hardened | β Yes | β οΈ Partial | β Yes | β οΈ Partial |
| HA embedded etcd | β Yes | β Yes | β Yes | β οΈ Limited |
| CNCF conformant | β Yes | β Yes | β Yes | β Yes |
| Multi-arch | β Yes | β Yes | β Yes | β Yes |
π€ Contributing
git clone https://github.com/<your-username>/k8e.git && cd k8e git checkout -b feat/my-feature make make test git push origin feat/my-feature
- π Bug Reports
- π‘ Feature Requests
- π Open PRs
π‘οΈ Security
Report vulnerabilities via GitHub Security Advisories. Do not open public issues for security bugs.
π License
Apache License 2.0 β see LICENSE.
π Acknowledgments
| Project | Contribution |
|---|---|
| π K3s | Lightweight Kubernetes foundation that inspired K8E |
| βΈοΈ Kubernetes | The orchestration engine everything is built on |
| π· Cilium | eBPF-powered networking and security |
| π€ agent-sandbox | Kubernetes-native agent sandboxing primitives |
| π CNCF | Fostering the open-source cloud native ecosystem |
k8e.sh β Open Source Agentic AI Sandbox Matrix
If K8E powers your agents, give us a β β it means the world to us!