Agent sandbox and Pod snapshotting: Supercharging agents on GKE | The Agent Factory Podcast
We spend a lot of time optimizing the "brain" of our AI agents (models, prompts, memory), but we rarely talk about where they live. Choosing the wrong runtime can lead to security nightmares, spiraling costs, or scaling walls.
In this episode of The Agent Factory, hosts Shir Meir Lador and Mofi Rahman are joined by GKE Product Manager Brandon Royal to settle the debate: Serverless vs. Kubernetes for AI agents.
We dive deep into the technical architecture required for production grade agents, specifically focusing on how to let agents execute code safely without compromising your infrastructure.
In this episode, we cover:
1️⃣ Runtime wars: When to choose the simplicity of Serverless (Cloud Run) vs. the control of Kubernetes (GKE).
2️⃣ The Sandbox challenge: What are the risks of running LLM generated code and how to build a "high fence" around it.
3️⃣ Under the hood: How Agent sandbox on Kubernetes uses gVisor to isolate agentic workloads.
Pod snapshotting: The "save state" feature that cuts startup latency from seconds to milliseconds.
Chapters:
00:00 - Introduction
00:18 - Where does an agent live?
01:03 - Welcome to the Agent Factory
01:17 - Introducing our guest, Brandon Royal
01:49 - Agenda for the episode
02:22 - Why choose GKE for your agent runtime?
04:55 - Agents and models on GKE
06:58 - Agent Development Kit (ADK) and GKE
07:23 - [Demo] Deploying an ADK agent on GKE
13:58 - Kubernetes YAML configuration
15:20 - Code execution agent and the sandbox challenge
19:18 - Building fences for code executing agents in Kubernetes
20:25 - [Demo] Agent sandbox
27:41 - Addressing latency with Pod snapshotting
29:39 - [Demo] Pod snapshotting
38:10 - Efficiency benefits of Pod snapshotting
39:29 - Pod snapshotting beyond sandboxes
40:31 - Conclusion
? Resources & links mentioned:
➖ Deploy an ADK agent to Google Kubernetes Engine (GKE) → https://goo.gle/49T2omU
➖ GKE Agent Sandbox Documentation → https://goo.gle/3Mhzxib
➖ GKE sandbox → https://goo.gle/48goi2i
➖ GKE pod snapshots → https://goo.gle/48SWznt
➖ Connect with Shir → https://goo.gle/49SAveB
➖ Connect with Mofi → https://goo.gle/49UiUTK
➖ Connect with Brandon → https://goo.gle/48x3S40
Join the conversation on social media with the hashtag #TheAgentFactory.
Connect with the community at the Google Developer Program forums. → https://goo.gle/4oP9bmb
Watch more Agent Factory → https://www.youtube.com/playlist?list=PLIivdWyY5sqLXR1eSkiM5bE6pFlXC-OSs
? Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#ADK #GKE #AgentSandbox
Speaker: Shir Meir Lador, Mofi Rahman, Brandon Royal
Products Mentioned: Google Kubernetes Engine, Agent Development Kit, Gemini
In this episode of The Agent Factory, hosts Shir Meir Lador and Mofi Rahman are joined by GKE Product Manager Brandon Royal to settle the debate: Serverless vs. Kubernetes for AI agents.
We dive deep into the technical architecture required for production grade agents, specifically focusing on how to let agents execute code safely without compromising your infrastructure.
In this episode, we cover:
1️⃣ Runtime wars: When to choose the simplicity of Serverless (Cloud Run) vs. the control of Kubernetes (GKE).
2️⃣ The Sandbox challenge: What are the risks of running LLM generated code and how to build a "high fence" around it.
3️⃣ Under the hood: How Agent sandbox on Kubernetes uses gVisor to isolate agentic workloads.
Pod snapshotting: The "save state" feature that cuts startup latency from seconds to milliseconds.
Chapters:
00:00 - Introduction
00:18 - Where does an agent live?
01:03 - Welcome to the Agent Factory
01:17 - Introducing our guest, Brandon Royal
01:49 - Agenda for the episode
02:22 - Why choose GKE for your agent runtime?
04:55 - Agents and models on GKE
06:58 - Agent Development Kit (ADK) and GKE
07:23 - [Demo] Deploying an ADK agent on GKE
13:58 - Kubernetes YAML configuration
15:20 - Code execution agent and the sandbox challenge
19:18 - Building fences for code executing agents in Kubernetes
20:25 - [Demo] Agent sandbox
27:41 - Addressing latency with Pod snapshotting
29:39 - [Demo] Pod snapshotting
38:10 - Efficiency benefits of Pod snapshotting
39:29 - Pod snapshotting beyond sandboxes
40:31 - Conclusion
? Resources & links mentioned:
➖ Deploy an ADK agent to Google Kubernetes Engine (GKE) → https://goo.gle/49T2omU
➖ GKE Agent Sandbox Documentation → https://goo.gle/3Mhzxib
➖ GKE sandbox → https://goo.gle/48goi2i
➖ GKE pod snapshots → https://goo.gle/48SWznt
➖ Connect with Shir → https://goo.gle/49SAveB
➖ Connect with Mofi → https://goo.gle/49UiUTK
➖ Connect with Brandon → https://goo.gle/48x3S40
Join the conversation on social media with the hashtag #TheAgentFactory.
Connect with the community at the Google Developer Program forums. → https://goo.gle/4oP9bmb
Watch more Agent Factory → https://www.youtube.com/playlist?list=PLIivdWyY5sqLXR1eSkiM5bE6pFlXC-OSs
? Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#ADK #GKE #AgentSandbox
Speaker: Shir Meir Lador, Mofi Rahman, Brandon Royal
Products Mentioned: Google Kubernetes Engine, Agent Development Kit, Gemini
Google Cloud Tech
Helping you build what's next with secure infrastructure, developer tools, APIs, data analytics and machine learning....