From 4339b02337091171b863c46c57919233a0b723a6 Mon Sep 17 00:00:00 2001
From: inardini <inardini@google.com>
Date: Sat, 13 Jun 2026 13:11:01 -0700
Subject: [PATCH] Add gVisor toleration to SandboxTemplate for GKE 1.35.5+
 secure-sandbox-policy

---
 .../deploy/base/sandbox-template.yaml                        | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ai-ml/anthropic-agent-sandbox/deploy/base/sandbox-template.yaml b/ai-ml/anthropic-agent-sandbox/deploy/base/sandbox-template.yaml
index 83772b028a..c3e68b0700 100644
--- a/ai-ml/anthropic-agent-sandbox/deploy/base/sandbox-template.yaml
+++ b/ai-ml/anthropic-agent-sandbox/deploy/base/sandbox-template.yaml
@@ -32,6 +32,11 @@ spec:
       runtimeClassName: gvisor
       nodeSelector:
         sandbox.gke.io/runtime: gvisor
+      tolerations:
+        - key: sandbox.gke.io/runtime
+          operator: Equal
+          value: gvisor
+          effect: NoSchedule
       automountServiceAccountToken: false
       securityContext:
         runAsNonRoot: true