bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

docs(agent-zero): align kubectl tool text with SEC-6 RBAC

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-18 14:47:04 -05:00
parent a77fbd0381
commit fc24102fb9
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/agent-zero/configmaps-bluejay.yaml
View File

@@ -3616,7 +3616,8 @@ data:
kubectl_manager.py: |
# Kubernetes Cluster Management Tool
# Manages Kubernetes resources via kubectl on a Rancher Desktop (k3s) cluster.
# The pod runs with a cluster-admin ServiceAccount so all operations are permitted.
# SEC-6: the pod has no mounted Kubernetes API token and no cluster RBAC.
# Cluster operations must go through gated FlowerCore MCP tools instead.
# kubectl is located at /usr/local/bin/kubectl.
import subprocess
@@ -4442,7 +4443,8 @@ data:
### Notes
- The Agent Zero pod has `cluster-admin` privileges; all kubectl operations are permitted.
- The Agent Zero pod has no mounted Kubernetes API token and no cluster RBAC.
- Cluster operations must go through gated FlowerCore MCP tools instead of raw kubectl.
- kubectl is located at `/usr/local/bin/kubectl`.
- Long outputs are truncated to 4000 characters to avoid flooding.
- The `exec_command` action has a 30-second timeout.