Networking
Auto-generated NetworkPolicy
Section titled “Auto-generated NetworkPolicy”The operator generates a NetworkPolicy named mcp-server-{name}-egress for each MCPServer. It always includes egress rules for:
- Redis — port 6379 TCP to pods labeled
app.kubernetes.io/name: mcp-redis/app.kubernetes.io/component: cache - DNS — port 53 UDP and TCP to pods labeled
k8s-app: kube-dns - Tool and resource services — derived from the
spec.servicereferences on every MCPTool and MCPResource selected by the MCPServer
The service egress rules are controlled by annotations on each MCPTool or MCPResource CR.
Egress mode annotations
Section titled “Egress mode annotations”| Annotation | Values | Default |
|---|---|---|
kubemcp.io/egress-mode | selector | namespace | cidr | selector |
kubemcp.io/egress-ports | Comma-separated port numbers, e.g. 8080,8443 | Service port |
kubemcp.io/egress-cidrs | Comma-separated CIDR blocks, e.g. 10.0.0.0/8 | (required when mode is cidr) |
selector (default)
Section titled “selector (default)”Allows egress to pods matched by the Service’s own selector, scoped to the service’s namespace. This is the most restrictive mode and works for standard ClusterIP services.
apiVersion: kubemcp.io/v1alpha1kind: MCPToolmetadata: name: my-tool annotations: {} # selector mode is the default; no annotation neededspec: service: name: my-backend-svc port: 8080namespace
Section titled “namespace”Allows egress to all pods in the service’s namespace. Use this when the Service has no pod selector (e.g. headless or selector-less services).
metadata: annotations: kubemcp.io/egress-mode: namespaceAllows egress to specific CIDR ranges. Required for ExternalName services and external endpoints.
metadata: annotations: kubemcp.io/egress-mode: cidr kubemcp.io/egress-cidrs: "203.0.113.0/24,198.51.100.0/24" kubemcp.io/egress-ports: "443"NetworkPolicy baseline
Section titled “NetworkPolicy baseline”Restrict ingress to operator and tool workloads to only required namespaces and ports.
apiVersion: networking.k8s.io/v1kind: NetworkPolicymetadata: name: allow-mcp-system namespace: mcp-systemspec: podSelector: {} policyTypes: [Ingress, Egress] ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: mcp-system egress: - to: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: mcp-systemCross-namespace access
Section titled “Cross-namespace access”- Keep
MCPServerand related resources in the same namespace by default. - If you require cross-namespace service targets, set
spec.service.namespaceon the MCPTool/MCPResource and usekubemcp.io/egress-mode: namespaceorcidrannotations to match the generated NetworkPolicy to the correct peers. - Enforce cross-namespace access with explicit RBAC scoping.