Skip to content

Introduction

pkg icon The k8s_sandbox Python package provides a Kubernetes (K8s) sandbox environment for inspect_ai.


Learn more about what sandbox environments are for from the Inspect docs site. At a high level, this package lets you run Docker containers which your agents interact with within a Kubernetes cluster instead of locally (e.g. using Docker Compose).

The Inspect process itself still runs on your local machine.

Why use Kubernetes over Docker Compose?

  • Scalability: A typical Kubernetes cluster is distributed across multiple nodes, allowing you to deploy may containers at once and run your evals at a much larger scale.

  • Security: Leverage Cilium Network Policies to provide fine-grained internet access control. Use gVisor1 to run containers in a sandboxed manner.

  • Tooling: Kubernetes has a rich ecosystem of tools and services which can be used to monitor and debug your containers such as K9s.

About

AISI Logo

Created by the UK AI Safety Institute.

  1. gVisor can also be used in Docker Compose, but is enabled by default with the k8s_sandbox package.