Skip to content

Implement egress proxy for permissionprofile implementation for docker #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JAORMX opened this issue Apr 8, 2025 · 0 comments · May be fixed by #457
Open

Implement egress proxy for permissionprofile implementation for docker #124

JAORMX opened this issue Apr 8, 2025 · 0 comments · May be fixed by #457
Assignees
@yrobla
Labels
enhancement New feature or request p0 High

Comments

@JAORMX
Copy link
Collaborator

JAORMX commented Apr 8, 2025
edited
Loading

Currently, we're merely detecting if an MCP needs network access and granting it access entirely. When, in reality, we want to have an egress proxy for that container. The idea is to implement that.

The implementation should restrict the container if the permission profile says so. The restriction will disallow egress connections unless explicitly allowed by the permission profile.
@JAORMX JAORMX self-assigned this Apr 8, 2025
@dussab dussab added p1 Medium enhancement New feature or request labels Apr 8, 2025
@JAORMX JAORMX added p0 High and removed p1 Medium labels Apr 10, 2025
@JAORMX JAORMX assigned yrobla and unassigned JAORMX May 19, 2025
yrobla added a commit that referenced this issue May 22, 2025
@yrobla
wip: spin egress container for each mcp server
c10353a 
Closes: #124
yrobla added a commit that referenced this issue May 23, 2025
@yrobla
wip: spin egress container for each mcp server
1dc6952 
Closes: #124
@yrobla yrobla linked a pull request May 23, 2025 that will close this issue
Open
yrobla added a commit that referenced this issue May 23, 2025
@yrobla
wip: spin egress container for each mcp server
36379a5 
Closes: #124
yrobla added a commit that referenced this issue May 26, 2025
@yrobla
wip: spin egress container for each mcp server
644ae49 
Closes: #124
yrobla added a commit that referenced this issue Jun 2, 2025
@yrobla
wip: spin egress container for each mcp server
0888ebf 
Closes: #124
yrobla added a commit that referenced this issue Jun 3, 2025
@yrobla
wip: spin egress container for each mcp server
282e6fd 
Closes: #124
yrobla added a commit that referenced this issue Jun 4, 2025
@yrobla
spin egress container for each mcp server
3ed072d 
Closes: #124
yrobla added a commit that referenced this issue Jun 4, 2025
@yrobla
spin egress container for each mcp server
7768aa8 
Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint
yrobla added a commit that referenced this issue Jun 6, 2025
@yrobla
spin egress container for each mcp server
a5b7c35 
Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint
yrobla added a commit that referenced this issue Jun 6, 2025
@yrobla
spin egress container for each mcp server
7dcff62 
Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint

move egress into deploy workload

move pull image

move stop container task

changes from review

add dns container

remove not used profile

modify thv list

resolve ingress connectivity

fix inspector

fixes from review

fix error range

remove gocyclo warnings

fix tests

properly stop and remove containers

add more verbose tests

change docker image

update swagger

retry on cleaning resources
yrobla added a commit that referenced this issue Jun 6, 2025
@yrobla
spin egress container for each mcp server
abbc913 
Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint

move egress into deploy workload

move pull image

move stop container task

changes from review

add dns container

remove not used profile

modify thv list

resolve ingress connectivity

fix inspector

fixes from review

fix error range

remove gocyclo warnings

fix tests

properly stop and remove containers

add more verbose tests

change docker image

update swagger

retry on cleaning resources

fix swagger
yrobla added a commit that referenced this issue Jun 9, 2025
@yrobla
spin egress container for each mcp server
64f93f2 
Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint

move egress into deploy workload

move pull image

move stop container task

changes from review

add dns container

remove not used profile

modify thv list

resolve ingress connectivity

fix inspector

fixes from review

fix error range

remove gocyclo warnings

fix tests

properly stop and remove containers

add more verbose tests

change docker image

update swagger

retry on cleaning resources

fix swagger
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yrobla yrobla

Labels
enhancement New feature or request p0 High
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

spin egress container for each mcp server stacklok/toolhive
3 participants
@JAORMX @dussab @yrobla