FEAT: Add GkeCodeExecutor for Secure Code Execution on GKE #2170
Description
** Please make sure you read the contribution guide and file the issues in the right place. **
Contribution guide.
Is your feature request related to a problem? Please describe.
The Agent Development Kit (ADK) provides frameworks for building agents that can generate and run code. However, for customers running ADK agents on Google Kubernetes Engine (GKE), there isn't a native, secure, and customizable server-side execution environment.
In code_executors module
- The
BuiltInCodeExecutoroffloads execution to a Google backend and is restricted to Gemini models, which isn't ideal for users who need to execute code within their own GKE cluster. - The
ContainerCodeExecutoris incompatible with GKE. It tries to connect directly to a Docker daemon, but a pod in GKE does not have access to the underlying node's container daemon, causing the executor to fail.
Describe the solution you'd like
We propose a new code executor, GkeCodeExecutor, designed specifically for secure code execution on GKE.
This executor leverages the GKE Sandbox environment (gVisor) to provide strong workload isolation. For each code execution request, it dynamically creates an ephemeral Kubernetes Job with a hardened Pod configuration.
Key features list.
Describe alternatives you've considered
We analyzed the existing ADK code_executors. All of them are not suitable to run on GKE.
Additional context
This feature will provide GKE customers with a first-class, secure-by-default mechanism for running LLM-generated code. The implementation relies on a ServiceAccount having the correct RBAC permissions to create/watch Jobs, create/delete ConfigMaps, and read pod logs. A reference implementation for the required Role and RoleBinding would be provided to guide users.
This new executor would be registered within the ADK framework, with ImportError handling to ensure the kubernetes SDK is only required if the executor is used.