Focus on the network and process boundaries. If they're on separate hosts, this is straightforward. If they're containers on the same host, it gets more interesting.

Monitor these vectors:

* **Network:** eBPF or kernel module (auditd) on the host to track all connections between backend and orchestrator IPs/ports. Alert on any new, unexpected flow.
* **Process execution:** Trace spawns from the model backend's service unit or container. If it tries to execute `oc-adm` or any orchestrator CLI tool, that's a critical event.
* **File access:** Watch for writes to the orchestrator's config directory or socket from the backend's UID/GID.

Example eBPF trace for connections (simplified):
```bash
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_connect /pid == $model_backend_pid/ { printf("%s %sn", comm, str(args->uservaddr)); }'
```

Key question: Are you using separate SELinux domains or at least distinct systemd slices? Without that, monitoring is just alerting on a breach that's already happened.