If it can run kubectl it can run any other command too. Unless you're running it as a different user and have put a bit of thought into limiting what that user can do, that's likely too much leeway.

That's only really relevant I'd you're leaving it unattended though.

▲

gardnr 7 days ago | parent [-]

You can control it with hooks. Most people I know run in yolo mode in a docker container.

▲

__MatrixMan__ 7 days ago | parent | next [-]

What about being in a docker container lets you `kubectl get pod` but prevents you from `kubectl delete deployment`?

▲

dhorthy 7 days ago | parent [-]

this is more about the service account than the runtime environment i think. you put your admin service account in docker the agent can still wreak havoc. Docker lets you hide the admin service account on your host FS from the agent.

▲

__MatrixMan__ 7 days ago | parent [-]

Keeping the powerful credentials where the agent can't reach them does buy you a bit of safety. But I still think its a bit loose when compared with exposing an API to the model which can only do what you intend for that model to do.

	▲	dhorthy 3 days ago \| parent [-]
		sure fair enough. I guess i'm mostly being pragmatic here. Plus i'm not convinced that generating "kubectl"...json..."get"...json..."pod"... is easier for most models than "bash"...json..."kubectl get pod"...

▲

popcorncowboy 7 days ago | parent | prev [-]

Yes... a docker container...