Tags: beam-cloud/beta9
Tags
Add Ports To Sandboxes (#1541) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Adds a ports parameter to Sandbox to pre-expose specific ports via public URLs at creation. Defaults to [], and dynamic exposure via instance.expose_port(port) still works. <sup>Written for commit 8b233c7. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. -->
Add Ports To Sandboxes (#1541) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Adds a ports parameter to Sandbox to pre-expose specific ports via public URLs at creation. Defaults to [], and dynamic exposure via instance.expose_port(port) still works. <sup>Written for commit 8b233c7. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. -->
fix: bump max message sizes (#1540) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Increase gRPC send and receive message size limits to 16 MB in the container runtime server to support larger payloads. Prevents errors and timeouts when handling big specs or log streams. <sup>Written for commit 917cd42. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. --> Co-authored-by: Luke Lombardi <luke@beam.cloud>
fix: cleanup criu interface (#1530) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Added checkpoint/restore support to both runc and gVisor via a unified Runtime API, with CUDA-aware handling in gVisor. This cleans up the CRIU interface and improves GPU device setup. - **New Features** - Implemented runtime.Checkpoint/Restore for runc and gVisor; gVisor now supports CheckpointRestore and runs cuda-checkpoint to freeze/unfreeze GPU state. - **Refactors** - Switched CRIU managers to runtime.Runtime; Cedana limited to runc and removed the Run path. - gVisor Prepare: detect GPU devices/CDI, enable nvproxy, bind-mount cuda-checkpoint; clear devices when no GPU. - Improved checkpoint/restore error reporting and directory creation; adjusted image caching to prefer local cache for Clip v2; SDK moved yaml imports and fixed compose override quoting. <sup>Written for commit 73bb6ba. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. --> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Luke Lombardi <luke@beam.cloud>
Fix: Moved Runtime (#1526) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Moved Worker.runtime to the end of the Worker message to align schemas and fix mismatched serialization across gateway, proto, and SDK. Protos were regenerated; Swagger and Python SDK updated. - **Bug Fixes** - Moved Worker.runtime after active_containers in Go, proto, Swagger, and SDK to ensure consistent field mapping. - Updated gateway OpenAPI to reflect the new runtime position. - Adjusted NullTime to use a single null_time field; regenerated Go and Python types. - **Migration** - Regenerate clients/SDKs. Worker.runtime now uses field number 18. - Update any code using NullTime to read null_time instead of time/valid. <sup>Written for commit 2618d21. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. -->
Fix: Moved Runtime (#1526) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Moved Worker.runtime to the end of the Worker message to align schemas and fix mismatched serialization across gateway, proto, and SDK. Protos were regenerated; Swagger and Python SDK updated. - **Bug Fixes** - Moved Worker.runtime after active_containers in Go, proto, Swagger, and SDK to ensure consistent field mapping. - Updated gateway OpenAPI to reflect the new runtime position. - Adjusted NullTime to use a single null_time field; regenerated Go and Python types. - **Migration** - Regenerate clients/SDKs. Worker.runtime now uses field number 18. - Update any code using NullTime to read null_time instead of time/valid. <sup>Written for commit 2618d21. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. -->
Add Allow List to Sandboxes (#1513) <!-- This is an auto-generated description by cubic. --> ## Summary by cubic Add outbound network controls to Sandboxes and Pods. You can block all outbound traffic or allow only specific CIDR ranges, while reply traffic to exposed ports stays allowed. - **New Features** - Added block_network to stubs/sandboxes/pods (SDK, gateway/types proto, OpenAPI). Enforced via host-namespace iptables for IPv4/IPv6; reply traffic (ESTABLISHED, RELATED) is allowed. - Added allow_list to permit outbound only to specified CIDR ranges (validated/normalized in worker; supports IPv4 and IPv6). When set, all other outbound is blocked. Cannot be used together with block_network. Limit 10 CIDR entries; invalid CIDR values error immediately. - **Migration** - No changes required. Use block_network=True to block all outbound, or allow_list=["<cidr>"] to allow specific ranges. Do not set both. Allow list must contain valid CIDRs (max 10). <sup>Written for commit 9700ed8. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. -->
PreviousNext