Back to Home

Read-Only Enforcement

Safe by default - can't accidentally break production. KubeMate is designed for troubleshooting and monitoring, not for making changes to your cluster. By enforcing read-only access, we ensure you can investigate issues without risking production outages.

What It Does

Read-only enforcement is to absolute minimum you need to stay safe:

Prevents accidental deletions

Blocks dangerous modifications

Allows safe troubleshooting and monitoring

Protects production clusters from accidents

that's it!

What's Prevented

By enforcing read-only access, we ensure you can't accidentally:

Delete deployments, pods, or services

Modify configurations

Apply changes that break production

Execute arbitrary commands

Allowed Commands

KubeMate only permits safe, read-only kubectl commands:

kubectl get

List resources (pods, nodes, services, etc.)

kubectl describe

Show detailed information about resources

kubectl logs

View pod logs with tail and follow options

kubectl top

Show resource usage (CPU, memory)

kubectl events

View cluster events

Blocked Commands

The following commands are strictly prohibited:

kubectl delete

Delete resources

kubectl apply

Apply configuration changes

kubectl edit

Modify resources in-place

kubectl create

Create new resources

kubectl patch

Partially update resources

kubectl exec (interactive)

Interactive shell access

Technical Details

Command Verification

All commands are verified before execution. Any attempt to run a blocked command is rejected immediately with a clear error message. This multi-layer protection ensures your production clusters stay safe.

Kubectl Wrapper Security

Commands are wrapped with security verification to prevent unauthorized operations. The wrapper validates command types before passing to kubectl.

Safe File Access

File browser implements path sanitization to prevent directory traversal attacks. Only files within pod boundaries can be accessed, and all paths are validated before execution.

Why Users Love It

Can't accidentally delete production - No risk of accidentally removing critical services

Peace of mind for troubleshooting - Investigate issues safely without fear of breaking things

Safe for development teams - Junior developers can explore without production access

Perfect for consultants and MSPs - Provide read-only access to client clusters

Configuration Details

To make things even easier, read-only enforcement is automatic. All kubectl commands are validated before execution, and dangerous operations are blocked by default. You can troubleshoot and monitor with complete peace of mind.

So you don't need to do anything more to stay safe right now, however take your time reading the information below to get a deeper understanding about how these concepts work.