spin egress container for each mcp server

Closes: #124

spin up and connect networks

move logic to internal docker

fixes from rebase

fix squid.conf

fix lint

Author: yrobla

cmd/thv/app/rm.go

@@ -37,7 +37,7 @@ func rmCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 
 	// Delete container.
-	if err := manager.DeleteContainer(ctx, containerName, rmForce); err != nil {
+	if err := manager.DeleteContainer(ctx, containerName, rmForce, true); err != nil {
 		return fmt.Errorf("failed to delete container: %v", err)
 	}
 

cmd/thv/app/run.go

@@ -255,6 +255,11 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("failed to retrieve or pull image: %v", err)
 	}
 
+	// pull the egress image if it is not already pulled
+	if err := pullImage(ctx, config.EgressImage, rt); err != nil {
+		return fmt.Errorf("failed to retrieve or pull egress image: %v", err)
+	}
+
 	// Configure the RunConfig with transport, ports, permissions, etc.
 	if err := configureRunConfig(runConfig, runTransport, runPort, runTargetPort, runEnv); err != nil {
 		return err

cmd/thv/app/stop.go

@@ -7,6 +7,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/stacklok/toolhive/pkg/lifecycle"
+	"github.com/stacklok/toolhive/pkg/logger"
 )
 
 var stopCmd = &cobra.Command{
@@ -47,5 +48,16 @@ func stopCmdFunc(cmd *cobra.Command, args []string) error {
 		fmt.Printf("Container %s stopped successfully\n", containerName)
 	}
 
+	// Stop associated egress container
+	egressContainerName := containerName + "-egress"
+	err = manager.StopContainer(ctx, egressContainerName)
+	if err != nil {
+		if errors.Is(err, lifecycle.ErrContainerNotFound) {
+			logger.Infof("Egress container %s is not running", egressContainerName)
+		} else {
+			return fmt.Errorf("failed to stop egress container %q: %w", egressContainerName, err)
+		}
+	}
+
 	return nil
 }

pkg/api/v1/servers.go

@@ -145,7 +145,7 @@ func (s *ServerRoutes) deleteServer(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	name := chi.URLParam(r, "name")
 	forceDelete := r.URL.Query().Get("force") == "true"
-	err := s.manager.DeleteContainer(ctx, name, forceDelete)
+	err := s.manager.DeleteContainer(ctx, name, forceDelete, true)
 	if err != nil {
 		if errors.Is(err, lifecycle.ErrContainerNotFound) {
 			http.Error(w, "Server not found", http.StatusNotFound)

pkg/container/docker/client.go

@@ -79,8 +79,8 @@ func NewClient(ctx context.Context) (*Client, error) {
 
 		c, err := NewClientWithSocketPath(ctx, socketPath, runtimeType)
 		if err != nil {
-			logger.Debugf("Failed to create client for %s: %v", sp, err)
 			lastErr = err
+			logger.Debugf("Failed to create client for %s: %v", sp, err)
 			continue
 		}
 
@@ -208,12 +208,16 @@ func setupPortBindings(hostConfig *container.HostConfig, portBindings map[string
 // If options is nil, default options will be used.
 func (c *Client) DeployWorkload(
 	ctx context.Context,
-	image, name string,
+	image,
+	name string,
 	command []string,
-	envVars, labels map[string]string,
+	envVars,
+	labels map[string]string,
 	permissionProfile *permissions.Profile,
 	transportType string,
 	options *runtime.DeployWorkloadOptions,
+	isMcpServer bool,
+	isEgress bool,
 ) (string, error) {
 	// Get permission config from profile
 	permissionConfig, err := c.getPermissionConfigFromProfile(permissionProfile, transportType)
@@ -262,8 +266,13 @@ func (c *Client) DeployWorkload(
 		}
 	}
 
+	containerName := name
+	if isEgress {
+		containerName = fmt.Sprintf("%s-egress", name)
+	}
+
 	// Check if container with this name already exists
-	existingID, err := c.findExistingContainer(ctx, name)
+	existingID, err := c.findExistingContainer(ctx, containerName)
 	if err != nil {
 		return "", err
 	}
@@ -282,14 +291,32 @@ func (c *Client) DeployWorkload(
 		// Container was removed and needs to be recreated
 	}
 
+	// create network depending on type
+	var endpointsConfig map[string]*network.EndpointSettings
+	if isMcpServer {
+		networkName := fmt.Sprintf("toolhive-%s-internal", name)
+		endpointsConfig = map[string]*network.EndpointSettings{
+			networkName: {},
+		}
+	} else if isEgress {
+		internalNetworkName := fmt.Sprintf("toolhive-%s-internal", name)
+		endpointsConfig = map[string]*network.EndpointSettings{
+			internalNetworkName: {},
+			"toolhive-external": {},
+		}
+	}
+	networkConfig := &network.NetworkingConfig{
+		EndpointsConfig: endpointsConfig,
+	}
+
 	// Create the container
 	resp, err := c.client.ContainerCreate(
 		ctx,
 		config,
 		hostConfig,
-		&network.NetworkingConfig{},
+		networkConfig,
 		nil,
-		name,
+		containerName,
 	)
 	if err != nil {
 		return "", NewContainerError(err, "", fmt.Sprintf("failed to create container: %v", err))
@@ -844,29 +871,6 @@ func convertRelativePathToAbsolute(source string, mountDecl permissions.MountDec
 	return absPath, true
 }
 
-// needsNetworkAccess determines if the container needs network access
-func (*Client) needsNetworkAccess(profile *permissions.Profile, transportType string) bool {
-	// SSE transport always needs network access
-	if transportType == "sse" || transportType == "inspector" {
-		return true
-	}
-
-	// Check if the profile has network settings that require network access
-	if profile.Network != nil && profile.Network.Outbound != nil {
-		outbound := profile.Network.Outbound
-
-		// Any of these conditions require network access
-		if outbound.InsecureAllowAll ||
-			len(outbound.AllowTransport) > 0 ||
-			len(outbound.AllowHost) > 0 ||
-			len(outbound.AllowPort) > 0 {
-			return true
-		}
-	}
-
-	return false
-}
-
 // getPermissionConfigFromProfile converts a permission profile to a container permission config
 func (c *Client) getPermissionConfigFromProfile(
 	profile *permissions.Profile,
@@ -885,16 +889,16 @@ func (c *Client) getPermissionConfigFromProfile(
 	c.addReadOnlyMounts(config, profile.Read)
 	c.addReadWriteMounts(config, profile.Write)
 
-	// Determine network mode
-	if c.needsNetworkAccess(profile, transportType) {
-		config.NetworkMode = "bridge"
-	}
-
 	// Validate transport type
 	if transportType != "sse" && transportType != "stdio" && transportType != "inspector" {
 		return nil, fmt.Errorf("unsupported transport type: %s", transportType)
 	}
 
+	// Add necessary capabilities for egress containers
+	if profile.Name == permissions.ProfileEgress {
+		config.CapAdd = append(config.CapAdd, "CAP_SETUID", "CAP_SETGID")
+	}
+
 	return config, nil
 }
 
@@ -1240,3 +1244,54 @@ func (c *Client) handleExistingContainer(
 	// Container was removed and needs to be recreated
 	return false, nil
 }
+
+// CreateNetwork creates a network following configuration.
+func (c *Client) CreateNetwork(
+	ctx context.Context,
+	name string,
+	labels map[string]string,
+	internal bool,
+) (string, error) {
+	// Check if the network already exists
+	networks, err := c.client.NetworkList(ctx, network.ListOptions{
+		Filters: filters.NewArgs(filters.Arg("name", name)),
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to list networks: %w", err)
+	}
+	if len(networks) > 0 {
+		// Network already exists, return its ID
+		return networks[0].ID, nil
+	}
+
+	networkCreate := network.CreateOptions{
+		Driver:   "bridge",
+		Internal: internal,
+		Labels:   labels,
+	}
+
+	resp, err := c.client.NetworkCreate(ctx, name, networkCreate)
+	if err != nil {
+		return "", err
+	}
+	return resp.ID, nil
+}
+
+// DeleteNetwork deletes a network by name.
+func (c *Client) DeleteNetwork(ctx context.Context, name string) error {
+	// find the network by name
+	networks, err := c.client.NetworkList(ctx, network.ListOptions{
+		Filters: filters.NewArgs(filters.Arg("name", name)),
+	})
+	if err != nil {
+		return err
+	}
+	if len(networks) == 0 {
+		return fmt.Errorf("network %s not found", name)
+	}
+
+	if err := c.client.NetworkRemove(ctx, networks[0].ID); err != nil {
+		return fmt.Errorf("failed to remove network %s: %w", name, err)
+	}
+	return nil
+}

pkg/container/kubernetes/client.go

@@ -256,7 +256,9 @@ func (c *Client) DeployWorkload(ctx context.Context,
 	containerLabels map[string]string,
 	_ *permissions.Profile, // TODO: Implement permission profile support for Kubernetes
 	transportType string,
-	options *runtime.DeployWorkloadOptions) (string, error) {
+	options *runtime.DeployWorkloadOptions,
+	_ bool,
+	_ bool) (string, error) {
 	namespace := getCurrentNamespace()
 	containerLabels["app"] = containerName
 	containerLabels["toolhive"] = "true"
@@ -567,6 +569,19 @@ func (*Client) StopWorkload(_ context.Context, _ string) error {
 	return nil
 }
 
+// CreateNetwork implements runtime.Runtime.
+func (*Client) CreateNetwork(_ context.Context, _ string, _ map[string]string, _ bool) (string, error) {
+	// just noop
+	logger.Infof("CreateNetwork is not supported in Kubernetes runtime. Skipping network creation.")
+	return "", nil
+}
+
+// DeleteNetwork implements runtime.Runtime.
+func (*Client) DeleteNetwork(_ context.Context, _ string) error {
+	logger.Infof("DeleteNetwork is not supported in Kubernetes runtime. Skipping network deletion.")
+	return nil
+}
+
 // waitForStatefulSetReady waits for a statefulset to be ready using the watch API
 func waitForStatefulSetReady(ctx context.Context, clientset kubernetes.Interface, namespace, name string) error {
 	// Create a field selector to watch only this specific statefulset

pkg/container/kubernetes/client_test.go

@@ -179,6 +179,8 @@ func TestCreateContainerWithPodTemplatePatch(t *testing.T) {
 				nil,
 				"stdio",
 				options,
+				false,
+				false,
 			)
 
 			// Check that there was no error
@@ -664,6 +666,8 @@ func TestCreateContainerWithMCP(t *testing.T) {
 				nil,
 				tc.transportType,
 				tc.options,
+				false,
+				false,
 			)
 
 			// Check that there was no error

pkg/container/runtime/types.go

@@ -81,6 +81,8 @@ type Runtime interface {
 		permissionProfile *permissions.Profile,
 		transportType string,
 		options *DeployWorkloadOptions,
+		isMcpServer bool,
+		isEgress bool,
 	) (string, error)
 
 	// ListWorkloads lists all deployed workloads managed by this runtime.
@@ -131,6 +133,12 @@ type Runtime interface {
 
 	// BuildImage builds a Docker image from a Dockerfile in the specified context directory
 	BuildImage(ctx context.Context, contextDir, imageName string) error
+
+	// CreateNetwork creates a network
+	CreateNetwork(ctx context.Context, networkName string, labels map[string]string, internal bool) (string, error)
+
+	// DeleteNetwork deletes a network
+	DeleteNetwork(ctx context.Context, networkName string) error
 }
 
 // Monitor defines the interface for container monitoring

pkg/labels/labels.go

@@ -28,12 +28,15 @@ const (
 
 	// LabelToolType is the label that indicates the type of tool
 	LabelToolType = "toolhive-tool-type"
+
+	// LabelEnabledValue is the value for the LabelEnabled label
+	LabelEnabledValue = "true"
 )
 
 // AddStandardLabels adds standard labels to a container
 func AddStandardLabels(labels map[string]string, containerName, containerBaseName, transportType string, port int) {
 	// Add standard labels
-	labels[LabelEnabled] = "true"
+	labels[LabelEnabled] = LabelEnabledValue
 	labels[LabelName] = containerName
 	labels[LabelBaseName] = containerBaseName
 	labels[LabelTransport] = transportType
@@ -43,15 +46,21 @@ func AddStandardLabels(labels map[string]string, containerName, containerBaseNam
 	labels[LabelToolType] = "mcp"
 }
 
+// AddNetworkLabels adds network-related labels to a network
+func AddNetworkLabels(labels map[string]string, networkName string) {
+	labels[LabelEnabled] = LabelEnabledValue
+	labels[LabelName] = networkName
+}
+
 // FormatToolHiveFilter formats a filter for ToolHive containers
 func FormatToolHiveFilter() string {
-	return fmt.Sprintf("%s=true", LabelEnabled)
+	return fmt.Sprintf("%s=%s", LabelEnabled, LabelEnabledValue)
 }
 
 // IsToolHiveContainer checks if a container is managed by ToolHive
 func IsToolHiveContainer(labels map[string]string) bool {
 	value, ok := labels[LabelEnabled]
-	return ok && strings.ToLower(value) == "true"
+	return ok && strings.ToLower(value) == LabelEnabledValue
 }
 
 // GetContainerName gets the container name from labels