diff --git a/code-interpreter/app/services/executor_kubernetes.py b/code-interpreter/app/services/executor_kubernetes.py index c03c0ea..5247631 100644 --- a/code-interpreter/app/services/executor_kubernetes.py +++ b/code-interpreter/app/services/executor_kubernetes.py @@ -176,7 +176,32 @@ def _create_pod_manifest( ], ) + # Use iptables in an init container to drop all outbound traffic + # before the main executor container starts. Since all containers + # in a pod share a network namespace, rules set here apply to the + # executor container as well. This eliminates the race condition + # where the pod can send network requests before the Kubernetes + # NetworkPolicy is enforced by the CNI. + iptables_script = "set -e && iptables -A OUTPUT -j DROP && ip6tables -A OUTPUT -j DROP" + network_lockdown_container = V1Container( + name="network-lockdown", + image=self.image, + command=["sh", "-c", iptables_script], + security_context={ + "runAsUser": 0, + "runAsNonRoot": False, + "allowPrivilegeEscalation": False, + "readOnlyRootFilesystem": True, + "capabilities": {"drop": ["ALL"], "add": ["NET_ADMIN"]}, + }, + resources={ + "limits": {"cpu": "100m", "memory": "32Mi"}, + "requests": {"cpu": "10m", "memory": "16Mi"}, + }, + ) + spec = V1PodSpec( + init_containers=[network_lockdown_container], containers=[container], restart_policy="Never", service_account_name=self.service_account if self.service_account else None, diff --git a/executor/Dockerfile b/executor/Dockerfile index 6a5da28..33c03a2 100644 --- a/executor/Dockerfile +++ b/executor/Dockerfile @@ -6,6 +6,7 @@ RUN apt-get update \ build-essential \ curl \ gfortran \ + iptables \ libfreetype6-dev \ liblapack-dev \ libopenblas-dev \