@@ -57,6 +57,48 @@ like calculations, data manipulation, or running small scripts.
5757 --8<-- "examples/java/snippets/src/main/java/tools/CodeExecutionAgentApp.java:full_code"
5858 ```
5959
60+ ### GKE Code Executor
61+
62+ The ` GkeCodeExecutor ` provides a secure and scalable method for running
63+ LLM-generated code by leveraging the GKE (Google Kubernetes Engine) Sandbox
64+ environment, which uses gVisor for workload isolation.
65+
66+ For each code execution request, it dynamically creates an ephemeral, sandboxed
67+ Kubernetes Job with a hardened Pod configuration. This is the recommended
68+ executor for production environments on GKE where security and isolation are
69+ critical.
70+
71+ !!! note "Prerequisites"
72+
73+ - You must have a GKE cluster with a **gVisor-enabled node pool**.
74+ - The agent's service account requires specific **RBAC permissions**, which allow it to:
75+ - Create, watch, and delete **Jobs** for each execution request.
76+ - Manage **ConfigMaps** to inject code into the Job's pod.
77+ - List **Pods** and read their **logs** to retrieve the execution result
78+ - See the complete, ready-to-use configuration in `contributing/samples/gke_agent_sandbox/deployment_rbac.yaml`.
79+ - Install the necessary client library: `pip install google-adk[gke]`
80+
81+ === "Python"
82+
83+ ```py
84+ from google.adk.agents import LlmAgent
85+ from google.adk.code_executors import GkeCodeExecutor
86+
87+ # Initialize the executor, targeting the namespace where its ServiceAccount
88+ # has the required RBAC permissions.
89+ gke_executor = GkeCodeExecutor(
90+ namespace="agent-sandbox",
91+ timeout_seconds=600,
92+ )
93+
94+ # The agent will now use this executor for any code it generates.
95+ gke_agent = LlmAgent(
96+ name="gke_coding_agent",
97+ model="gemini-2.0-flash",
98+ instruction="You are a helpful AI agent that writes and executes Python code.",
99+ code_executor=gke_executor,
100+ )
101+ ```
60102
61103### Vertex AI Search
62104
0 commit comments