Add support for E2B access tokens in Kubernetes apps#2554
Merged
hosekpeter merged 5 commits intomainfrom Mar 31, 2026
Merged
Conversation
hosekpeter
requested review from
Matovidlo and
jachym-tousek-keboola
as code owners
hosekpeter
requested review from
Copilot and
pepamartinec
and removed request for
jachym-tousek-keboola
Matovidlo
approved these changes
Mar 17, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for injecting an E2B access token (sourced from a Kubernetes Secret referenced by the App CRD) into upstream requests for E2B sandbox-backed apps, enabling Kubernetes apps to authenticate E2B traffic via apps-proxy.
Changes:
- Extend the K8s App state cache to load/store an E2B access token from a referenced Secret.
- Propagate the cached token into the upstream reverse proxy and inject it as an HTTP header.
- Ensure handler recreation when the upstream URL or cached E2B token changes; update fakes/tests to register Secret list kinds and validate token loading behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/pkg/service/appsproxy/proxy/apphandler/upstream/upstream.go | Stores E2B token on AppUpstream and injects it into proxied requests. |
| internal/pkg/service/appsproxy/proxy/apphandler/manager.go | Rebuilds app handler when cached E2B token (or upstream URL/config) changes. |
| internal/pkg/service/appsproxy/dependencies/mocked.go | Registers Secret list kind in fake dynamic client setup. |
| internal/pkg/service/appsproxy/dataapps/k8sapp/watcher_test.go | Adds tests and helpers for E2B token loading from Secrets. |
| internal/pkg/service/appsproxy/dataapps/k8sapp/watcher.go | Loads E2B token from Secret on App upsert and exposes it via cached AppInfo. |
| internal/pkg/service/appsproxy/dataapps/k8sapp/appinfo.go | Extends App CRD minimal structs and cached AppInfo with runtime/backend + E2B sandbox secret reference + token. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
hosekpeter
force-pushed
the
hosan/PAT-1542
branch
from
baad808 to
cddc39f
Compare
Contributor
pepamartinec
left a comment
pepamartinec
left a comment
There was a problem hiding this comment.
Code review of the lazy-loading and error-handling in .
Contributor
|
@hosekpeter jeste jsem to prosel s Claudem a krome nejakyho bordelu nasel par zajimavych veci. To co sem poslal mi prislo relevantni a melo by se pofixovat, ale necham na tobe, jestli hned, nebo na to hodis separatni issue (jelikoz E2B appky zatim v produkci nejsou, nemelo by se nic z toho aktivovat) |
pepamartinec
approved these changes
Mar 27, 2026
Contributor
pepamartinec
left a comment
pepamartinec
left a comment
There was a problem hiding this comment.
I hope just irrelevant tests are failing 🤞
hosekpeter
force-pushed
the
hosan/PAT-1542
branch
from
f0b2d73 to
ee8e7c1
Compare
# Conflicts: # internal/pkg/service/appsproxy/dataapps/k8sapp/appinfo.go
hosekpeter
force-pushed
the
hosan/PAT-1542
branch
from
ee8e7c1 to
50aa8f3
Compare
hosekpeter
force-pushed
the
hosan/PAT-1542
branch
from
50aa8f3 to
367ce2c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release Notes
Added support for E2B access tokens in Kubernetes applications and Secret configuration.
Plans for customer communication
None.
Impact analysis
This change enables Kubernetes apps to securely integrate with E2B using access tokens.
Change type
Feature enhancement.
Justification
Provides additional authentication functionality to Kubernetes apps, improving their integration capabilities with external systems.
Deployment
Merge & automatic deploy.
Rollback plan
Revert of this PR.
Post release support plan
None.