# Kubernetes Access Reference

## The IaC Rule (Why mutations are blocked)
Kubernetes environments are managed via Infrastructure as Code (IaC) and GitOps.
If you manually run `kubectl apply` or `helm upgrade`, the cluster state diverges from the Git repository (configuration drift).
When you find a bug (e.g., a missing environment variable in a deployment):
1. **Wrong:** `kubectl set env deployment/my-app KEY=VALUE`
2. **Right:** Edit `values.yaml` or `deployment.yaml` in the workspace, and let the user commit the changes so the CI/CD pipeline applies them.

## 📊 Debugging Workflow (If AI LACKS Access)
If you don't have terminal access to the cluster, you must delegate to the user.
- **AI instructs user:** "Please get the logs for the crashing pod by running:"
  ```bash
  kubectl logs -n <namespace> deployment/<name> --tail=50
  ```
- **AI instructs user for Port-Forward:**
  If you need to query an API, ask the user to establish a port-forward. Once they do, you can curl it locally from your own context.
  "Please run `kubectl port-forward svc/<service-name> <local-port>:<remote-port>` in your terminal. Once it's running, let me know, and I will curl it locally."