Ephemeral Task Pods

Kubernetes jobs with zero ingress, NATS-only egress, and automatic 30-minute cleanup.

The Problem

Some AI tasks require an isolated execution environment. You do not want a code generation task running in the same process as your agent's Brain. You do not want a data processing job to have access to your API keys. Traditional sandboxing approaches -- containers with restricted capabilities -- still share too much surface area when running inside a long-lived pod. What you need is true ephemeral isolation: spin up, execute, report back, disappear.

How Baker Street Solves It

Baker Street launches ephemeral task pods as Kubernetes Jobs. Each task gets its own pod with the strictest security posture in the platform:

Zero RBAC permissions -- no access to the Kubernetes API
No ingress -- nothing can connect to the task pod
NATS-only egress -- the pod can only communicate back to NATS to report results
30-minute timeout -- automatic cleanup prevents orphaned pods
Non-root execution -- runs as UID 1000 with all capabilities dropped

The Brain dispatches a task by creating a Kubernetes Job with the appropriate spec. The task pod connects to NATS, pulls its instructions, executes the work, publishes results, and terminates. Kubernetes garbage-collects the completed pod automatically.

This architecture means a task pod compromise gives an attacker nothing: no API keys, no network access, no persistent storage, no way to reach other services. The blast radius is a single, already-dying container.

Example

# Task pod security context
apiVersion: batch/v1
kind: Job
metadata:
  name: task-abc-123
  namespace: baker-street-tasks
spec:
  ttlSecondsAfterFinished: 60
  activeDeadlineSeconds: 1800
  template:
    spec:
      restartPolicy: Never
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: task
          image: baker-street/task-runner:latest
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
            readOnlyRootFilesystem: true
          env:
            - name: NATS_URL
              value: "nats://nats.baker-street:4222"
            - name: TASK_ID
              value: "task-abc-123"

Learn More

See the Task Pods documentation for details on namespace isolation, resource quotas, and custom task images.

Read the documentation