diff --git a/scripts/Dockerfile.ollama b/scripts/Dockerfile.ollama
index a0b1d91..273a06f 100644
--- a/scripts/Dockerfile.ollama
+++ b/scripts/Dockerfile.ollama
@@ -1,6 +1,6 @@
 # debian based - ghcr.io/open-webui/open-webui:ollama
 # from ghcr.io/open-webui/open-webui:ollama
-FROM ollama/ollama:0.4.4
+FROM ollama/ollama:0.5.6
 RUN apt update
 RUN apt-get install -y wget btop htop
 RUN apt-get install -y nix
diff --git a/service/api_pods_podid_func.py b/service/api_pods_podid_func.py
index bb01e6a..131b236 100644
--- a/service/api_pods_podid_func.py
+++ b/service/api_pods_podid_func.py
@@ -1,6 +1,6 @@
 from fastapi import APIRouter, Request
 from fastapi.responses import JSONResponse, RedirectResponse
-from models_pods import Pod, Password, PodResponse, PodPermissionsResponse, PodCredentialsResponse, PodLogsResponse
+from models_pods import Pod, Password, PodResponse, PodPermissionsResponse, PodCredentialsResponse, PodLogsResponse, ExecutePodCommand
 from models_misc import SetPermission
 from channels import CommandChannel
 from codes import OFF, ON, RESTART, REQUESTED, STOPPED
@@ -9,7 +9,8 @@
 from tapisservice.config import conf
 from __init__ import t, BadRequestError
 from models_templates_tags import combine_pod_and_template_recursively
-
+from typing import List, Any
+from kubernetes_utils import run_k8_exec
 
 from tapisservice.logs import get_logger
 logger = get_logger(__name__)
@@ -132,6 +133,45 @@ async def set_pod_permission(pod_id, set_permission: SetPermission):
     return ok(result={"permissions": pod.permissions}, msg = "Pod permissions updated successfully.")
 
 
+@router.post(
+    "/pods/{pod_id}/exec",
+    tags=["Executions"],
+    summary="exec_pod_command",
+    operation_id="exec_pod_command",
+)#response_model=Any)
+async def exec_pod_command(pod_id, command: ExecutePodCommand):
+    """
+    Execute a command in a pod.
+
+    Returns the command output.
+    """
+
+    # TODO .display(), search, permissions
+    logger.info(f"POST /pods/{pod_id}/exec - Top of exec_pod_command.")
+    pod = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
+
+    try:
+        logger.error(f"Running command in pod {pod_id}: {command.command}")
+        stdout, stderr = run_k8_exec(pod.k8_name, command.command)
+        success = True
+    except Exception as e:
+        logger.error(f"Error executing command in pod {pod_id}: {e}")
+        stdout, stderr = "", str(e)
+        success = False
+
+    logs = {
+        "stdout": stdout,
+        "stderr": stderr,
+        "success": success
+    }
+
+    #pod.logs.append(f"exec_pod_command ran by {g.username}: {command} \n stdout: {stdout}")
+    pod.db_update(f"'{g.username}' ran exec_pod_command with command: {command} \n stdout: {stdout}")
+
+
+    return ok(result={"logs": logs}, msg="Pod execution ran successfully." if success else "Pod execution failed.")
+
+
 @router.delete(
     "/pods/{pod_id}/permissions/{user}",
     tags=["Permissions"],
diff --git a/service/auth.py b/service/auth.py
index 9ed3d49..f6d7577 100644
--- a/service/auth.py
+++ b/service/auth.py
@@ -180,6 +180,7 @@ def check_route_permissions(request):
         ["/pods/{pod_id}/start", "GET", codes.ADMIN],
         ["/pods/{pod_id}/restart", "GET", codes.ADMIN],
         ["/pods/{pod_id}/derived", "GET", codes.READ],
+        ["/pods/{pod_id}/exec", "POST", codes.ADMIN],
         ["/pods/{pod_id_net}/auth", "GET", "NOT-API"],
         ["/pods/{pod_id_net}/auth/callback", "GET", "NOT-API"],
         ["/pods/{pod_id}", "GET", codes.READ],