Skip to content

MCP NetworkPolicy#203

Open
raulcabello wants to merge 3 commits into
mainfrom
network-policy
Open

MCP NetworkPolicy#203
raulcabello wants to merge 3 commits into
mainfrom
network-policy

Conversation

@raulcabello

@raulcabello raulcabello commented May 20, 2026

Copy link
Copy Markdown
Collaborator

Issue #210

The NetworkPolicy restricts the rancher-mcp-server pod so that:

-Ingress: only allows traffic from pods with label app: rancher-ai-agent
-Egress: only allows traffic to pods with label app: rancher-ai-agent

All other inbound and outbound traffic to/from the MCP pod will be denied.

@raulcabello

Copy link
Copy Markdown
Collaborator Author

egress NetworkPolicy won't work until #204 is implemented

Comment thread chart/agent/templates/mcp-network-policy.yaml Outdated
@raulcabello raulcabello marked this pull request as ready for review June 30, 2026 13:28
raulcabello and others added 3 commits June 30, 2026 15:35
The NetworkPolicy restricts the rancher-mcp-server pod so that:

Ingress: only allows traffic from pods with label app: rancher-ai-agent
Egress: only allows traffic to pods with label app: rancher-ai-agent
All other inbound and outbound traffic to/from the MCP pod will be denied.
Co-authored-by: Andy Pitcher <andy.pitcher@suse.com>
@raulcabello

Copy link
Copy Markdown
Collaborator Author

@andypitcher I had to remove the rancher-ai-agent Ingress as it would break the external MCP OAuth2 Authentication. The rancher-ai-agent contains the redirectUrl that will be called by the external OAuth2 server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants