docs(agent-zero): align kubectl tool text with SEC-6 RBAC
This commit is contained in:
Andrew Stoltz
@@ -3616,7 +3616,8 @@ data:
|
|||||||
kubectl_manager.py: |
|
kubectl_manager.py: |
|
||||||
# Kubernetes Cluster Management Tool
|
# Kubernetes Cluster Management Tool
|
||||||
# Manages Kubernetes resources via kubectl on a Rancher Desktop (k3s) cluster.
|
# Manages Kubernetes resources via kubectl on a Rancher Desktop (k3s) cluster.
|
||||||
# The pod runs with a cluster-admin ServiceAccount so all operations are permitted.
|
# SEC-6: the pod has no mounted Kubernetes API token and no cluster RBAC.
|
||||||
|
# Cluster operations must go through gated FlowerCore MCP tools instead.
|
||||||
# kubectl is located at /usr/local/bin/kubectl.
|
# kubectl is located at /usr/local/bin/kubectl.
|
||||||
|
|
||||||
import subprocess
|
import subprocess
|
||||||
@@ -4442,7 +4443,8 @@ data:
|
|||||||
|
|
||||||
### Notes
|
### Notes
|
||||||
|
|
||||||
- The Agent Zero pod has `cluster-admin` privileges; all kubectl operations are permitted.
|
- The Agent Zero pod has no mounted Kubernetes API token and no cluster RBAC.
|
||||||
|
- Cluster operations must go through gated FlowerCore MCP tools instead of raw kubectl.
|
||||||
- kubectl is located at `/usr/local/bin/kubectl`.
|
- kubectl is located at `/usr/local/bin/kubectl`.
|
||||||
- Long outputs are truncated to 4000 characters to avoid flooding.
|
- Long outputs are truncated to 4000 characters to avoid flooding.
|
||||||
- The `exec_command` action has a 30-second timeout.
|
- The `exec_command` action has a 30-second timeout.
|
||||||
|
|||||||
Reference in New Issue
Block a user