Changing the SSRF_ALLOW_PRIVATE_NETWORKS value after deploying on Kubernetes? #3776
Replies: 3 comments
-
|
you'll need to update the config and redeploy the helm chart with the new |
Beta Was this translation helpful? Give feedback.
-
|
Hi @EricWilson-BluePrism, @omni-front is correct — Kubernetes environment variables require a pod redeploy. Here are the exact steps: Option 1 — Helm upgrade (recommended): helm upgrade mcp-stack charts/mcp-stack -n mcp-private \
--set "mcpContextForge.config.SSRF_ALLOW_PRIVATE_NETWORKS=true" \
--waitOption 2 — Allow only specific CIDRs (more secure than blanket-allowing all private networks): helm upgrade mcp-stack charts/mcp-stack -n mcp-private \
--set 'mcpContextForge.config.SSRF_ALLOW_PRIVATE_NETWORKS=false' \
--set 'mcpContextForge.config.SSRF_ALLOWED_NETWORKS=["10.96.0.0/12"]' \
--wait
These settings live in |
Beta Was this translation helpful? Give feedback.
-
|
The helm upgrade really is your simplest path here - it's not as scary as it sounds. K8s won't let you mutate env vars in a running pod, and there's no postgres or nginx setting that maps to this; it's an app-level config baked into the container at deploy time. That said, if you want to minimize friction: helm upgrade mcp-stack charts/mcp-stack -n mcp-private \
--set "mcpContextForge.config.SSRF_ALLOW_PRIVATE_NETWORKS=true" \
--reuse-values |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I'll preface this by saying I'm not a kube guy. :-)
The RC2 release of ContextForge was deployed on a dev Kubernetes instance, but the change to the default SSRF values was missed. Is it possible to change these values in the deployed instance (maybe a setting in the Postgres instance or something on nginx), or does this just require redeploying the helm chart with the proper values set?
Beta Was this translation helpful? Give feedback.
All reactions