GoogleCloudPlatform
Support container-based sandbox for agent execution to improve safety and portability
Do we have the plan for the container-based sandbox for agent execution?
By isolating each agent’s commands in its own container, we can protect the host to prevent potentially harmful or errant shell commands.
And it can improve portability to package the required kubectl, bash, jq tools container image to ensure consistent behavior across environment.
Thanks
Yes, this is high on our list and we are exploring it and we will be very happy to see POC from community as well.
Can you share the host/environment (linux/mac/windows) container-engine (docker, podman, k8s) where you expect it to run. Recently apple published a container toolkit for running containers on mac, so that is also an interesting option.
/cc @justinsb
@denverdino I also saw bunch of issues/PRs from you. Would you mind sharing -- how you are using kubectl-ai ? We are collecting some data point that will help us shape the roadmap better. Thanks.
Thanks, kubectl-ai is a nice agent to simplify the daily O&M for kubernetes cluster. I’d love to see it become even more practical for common use cases, so that users without deep Kubernetes expertise can benefit from its capabilities.
Thanks, kubectl-ai is a nice agent to simplify the daily O&M for kubernetes cluster. I’d love to see it become even more practical for common use cases, so that users without deep Kubernetes expertise can benefit from its capabilities.
Ack. yes, sandboxing and isolation is high our list and you should see some progress on it soon.
@droot just to make it clear for myself, this is actually the way how KPT call its functions right?
Containers do address some of the issues but we have also learnt that dependency on docker/podman also comes with lot of UX friction. So worth exploring some alternatives.