# Security Configuration K8s MCP Server includes several safety features and security configurations to ensure safe operation when interacting with Kubernetes clusters. ## Security Modes K8s MCP Server supports two security modes: - **Strict Mode** (default): All commands are validated against security rules - **Permissive Mode**: Security validation is skipped, allowing all commands to execute ### Setting Security Mode To run in permissive mode (allow all commands): ```json { "mcpServers": { "k8s-mcp-server": { "command": "docker", "args": [ "run", "-i", "--rm", "-v", "/Users/YOUR_USER_NAME/.kube:/home/appuser/.kube:ro", "-e", "K8S_MCP_SECURITY_MODE=permissive", "ghcr.io/alexei-led/k8s-mcp-server:latest" ] } } } ``` ## Security Features - **Isolation**: When running in Docker, the server operates in an isolated container environment - **Read-only access**: All credentials and configuration files are mounted as read-only - **Non-root execution**: All processes run as a non-root user inside the container - **Command validation**: Potentially dangerous commands require explicit resource names - **Context separation**: Automatic context and namespace injection for commands ## Customizing Security Rules Security rules can be customized using a YAML configuration file. This allows for more flexibility than the built-in rules. 1. **Create a Security Configuration File**: Create a YAML file with your custom rules (e.g., `security_config.yaml`): ```yaml # Security configuration for k8s-mcp-server # Potentially dangerous command patterns (prefix-based) dangerous_commands: kubectl: - "kubectl delete" - "kubectl drain" # Add your custom dangerous commands here # Safe pattern overrides (prefix-based) safe_patterns: kubectl: - "kubectl delete pod" - "kubectl delete deployment" # Add your custom safe patterns here # Advanced regex pattern rules regex_rules: kubectl: - pattern: "kubectl\\s+delete\\s+(-[A-Za-z]+\\s+)*--all\\b" description: "Deleting all resources of a type" error_message: "Deleting all resources is restricted. Specify individual resources to delete." # Add your custom regex rules here ``` 2. **Mount the Configuration File in Docker**: ```json { "mcpServers": { "k8s-mcp-server": { "command": "docker", "args": [ "run", "-i", "--rm", "-v", "/Users/YOUR_USER_NAME/.kube:/home/appuser/.kube:ro", "-v", "/path/to/security_config.yaml:/app/security_config.yaml:ro", "-e", "K8S_MCP_SECURITY_CONFIG=/app/security_config.yaml", "ghcr.io/alexei-led/k8s-mcp-server:latest" ] } } } ``` ## Configuration Structure The security configuration YAML file has three main sections: 1. **dangerous_commands**: Dictionary of command prefixes that are considered dangerous for each tool 2. **safe_patterns**: Dictionary of command prefixes that override dangerous commands (exceptions) 3. **regex_rules**: Advanced regex patterns for more complex validation rules Each regex rule should include: - **pattern**: Regular expression pattern to match against commands - **description**: Description of what the rule checks for - **error_message**: Custom error message to display when the rule is violated ## Examples **Example 1: Restricting Namespace Operations** ```yaml regex_rules: kubectl: - pattern: "kubectl\\s+.*\\s+--namespace=kube-system\\b" description: "Operations in kube-system namespace" error_message: "Operations in kube-system namespace are restricted." ``` **Example 2: Allowing Additional Safe Patterns** ```yaml safe_patterns: kubectl: - "kubectl delete pod" - "kubectl delete job" - "kubectl delete cronjob" ``` **Example 3: Restricting Dangerous File System Access** ```yaml regex_rules: kubectl: - pattern: "kubectl\\s+exec\\s+.*\\s+-[^-]*c\\s+.*(rm|mv|cp|curl|wget|chmod)\\b" description: "Dangerous file operations in exec" error_message: "File system operations within kubectl exec are restricted." ```