drd-vpc-agent
by DrDroidLab
Overview
A Python-based VPC agent that acts as a reverse proxy to collect metrics and operational data from various sources within a private network and securely transmit it to the Doctor Droid cloud platform.
Installation
./deploy_docker.sh <DRD_CLOUD_API_TOKEN>Environment Variables
- DRD_CLOUD_API_TOKEN
- DRD_CLOUD_API_HOST
- NATIVE_KUBERNETES_API_MODE
- DJANGO_DEBUG
- CELERY_BROKER_URL
- CELERY_RESULT_BACKEND
- REDIS_URL
- VPC_AGENT_COMMIT_HASH
- CELERY_QUEUE
- CELERY_WORKER_COUNT
- CELERY_WORKER_MAX_TASKS_PER_CHILD
- CELERY_WORKER_PREFETCH_MULTIPLIER
- GUNICORN_WORKER_COUNT
- GUNICORN_WORKER_MAX_REQUEST
- GUNICORN_WORKER_MAX_REQUEST_JITTER
- GUNICORN_WORKER_TIMEOUT
Security Notes
The agent requires significant Kubernetes permissions, including extensive read access across various resources. When the optional Network Mapper is enabled (default behavior in Kubernetes deployments), it deploys a sniffer DaemonSet that runs with `hostNetwork: true` and requests `SYS_PTRACE`, `NET_RAW` capabilities, granting highly privileged access to node network traffic. The auto-update feature, enabled by default in Kubernetes, grants write (`get`, `patch`, `update`) access to `deployments` resources within the agent's namespace, which could be a risk if the update mechanism or cronjob is compromised. The use of `eval` in deployment scripts (`deploy_k8s.sh`) is noted, though appears contained to trusted local scripts. While these permissions are justified for the agent's monitoring and network mapping functionality, they introduce a broad attack surface and require careful security review and trust in the upstream images and update process.
Similar Servers
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
prometheus-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.
jetski
Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.