Secure MCP Server

networkpolicy.yaml•3.9 kB

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: secure-mcp-network-policy namespace: secure-mcp labels: app.kubernetes.io/name: secure-mcp app.kubernetes.io/component: network-security spec: podSelector: matchLabels: app.kubernetes.io/name: secure-mcp policyTypes: - Ingress - Egress ingress: # Allow traffic from ingress controller - from: - namespaceSelector: matchLabels: name: ingress-nginx podSelector: matchLabels: app.kubernetes.io/name: ingress-nginx ports: - protocol: TCP port: 3000 - protocol: TCP port: 9090 # Allow traffic from Prometheus - from: - namespaceSelector: matchLabels: name: monitoring podSelector: matchLabels: app: prometheus ports: - protocol: TCP port: 9090 # Allow traffic between pods in the same namespace - from: - podSelector: matchLabels: app.kubernetes.io/name: secure-mcp ports: - protocol: TCP port: 3000 # Allow traffic from specific IP ranges (internal networks) - from: - ipBlock: cidr: 10.0.0.0/8 except: - 10.0.1.0/24 # Excluded subnet - ipBlock: cidr: 172.16.0.0/12 - ipBlock: cidr: 192.168.0.0/16 ports: - protocol: TCP port: 3000 egress: # Allow DNS resolution - to: - namespaceSelector: matchLabels: name: kube-system podSelector: matchLabels: k8s-app: kube-dns ports: - protocol: UDP port: 53 - protocol: TCP port: 53 # Allow access to PostgreSQL - to: - podSelector: matchLabels: app.kubernetes.io/name: postgres ports: - protocol: TCP port: 5432 # Allow access to Redis - to: - podSelector: matchLabels: app.kubernetes.io/name: redis ports: - protocol: TCP port: 6379 # Allow access to Vault - to: - namespaceSelector: matchLabels: name: vault podSelector: matchLabels: app.kubernetes.io/name: vault ports: - protocol: TCP port: 8200 # Allow access to Jaeger - to: - namespaceSelector: matchLabels: name: observability podSelector: matchLabels: app.kubernetes.io/name: jaeger ports: - protocol: TCP port: 4318 - protocol: TCP port: 4317 # Allow HTTPS traffic to external services - to: - ipBlock: cidr: 0.0.0.0/0 except: - 169.254.169.254/32 # Block metadata service ports: - protocol: TCP port: 443 - protocol: TCP port: 80 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all-default namespace: secure-mcp labels: app.kubernetes.io/name: secure-mcp app.kubernetes.io/component: network-security spec: podSelector: {} policyTypes: - Ingress - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-monitoring namespace: secure-mcp labels: app.kubernetes.io/name: secure-mcp app.kubernetes.io/component: network-security spec: podSelector: matchLabels: app.kubernetes.io/component: monitoring policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring ports: - protocol: TCP port: 9090

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/perfecxion-ai/secure-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server