@@ -120,9 +120,6 @@ spec:
120120 transport : streamable-http
121121 targetPort : 8080
122122 port : 8080
123- permissionProfile :
124- type : builtin
125- name : network
126123 resources :
127124 limits :
128125 cpu : ' 100m'
@@ -222,9 +219,6 @@ spec:
222219 transport : streamable-http
223220 targetPort : 8080
224221 port : 8080
225- permissionProfile :
226- type : builtin
227- name : network
228222 podTemplateSpec :
229223 spec :
230224 containers :
@@ -285,9 +279,6 @@ spec:
285279 image: ghcr.io/github/github-mcp-server
286280 transport: stdio
287281 port: 8080
288- permissionProfile:
289- type: builtin
290- name: network
291282 secrets:
292283 - name: github-token
293284 key: token
@@ -334,9 +325,6 @@ spec:
334325 image: ghcr.io/github/github-mcp-server
335326 transport: stdio
336327 port: 8080
337- permissionProfile:
338- type: builtin
339- name: network
340328 secrets:
341329 - name: github-token
342330 key: token
@@ -398,9 +386,6 @@ spec:
398386 image: docker.io/mcp/filesystem
399387 transport: stdio
400388 port: 8080
401- permissionProfile:
402- type: builtin
403- name: none
404389 podTemplateSpec:
405390 spec:
406391 volumes:
@@ -449,18 +434,6 @@ to learn how to connect to MCP servers using different clients.
449434 ` MCPServer` Custom Resource Definition (CRD)
450435- [Deploy the operator using Helm](./deploy-operator-helm.md) - Install the
451436 ToolHive operator
452- - [Custom permissions](../guides-cli/custom-permissions.mdx) - Configure
453- permission profiles
454-
455- :::info[Important]
456-
457- Outbound network filtering using permission profiles isn't currently implemented
458- in the ToolHive Operator. This is a roadmap feature planned for future releases.
459-
460- Contributions to help implement this feature are welcome! You can contribute by
461- visiting our [GitHub repository](https://github.com/stacklok/toolhive).
462-
463- :: :
464437
465438# # Troubleshooting
466439
@@ -530,7 +503,7 @@ Common causes include:
530503- **Missing secrets**: Ensure required secrets exist and are properly referenced
531504- **Resource constraints**: Check if the pod has sufficient CPU and memory
532505 resources
533- - **Permission issues**: Verify the security context and permission profile are
506+ - **Permission issues**: Verify the security context and RBAC permissions are
534507 correctly configured
535508- **Invalid arguments**: Check if the `args` field contains valid arguments for
536509 the MCP server
@@ -622,33 +595,6 @@ Common causes include:
622595
623596</details>
624597
625- <details>
626- <summary>Permission profile errors</summary>
627-
628- If the MCP server fails due to permission profile issues :
629-
630- ` ` ` bash
631- # Check if ConfigMap exists (for custom profiles)
632- kubectl -n <NAMESPACE> get configmap <CONFIGMAP_NAME>
633-
634- # Verify ConfigMap content
635- kubectl -n <NAMESPACE> describe configmap <CONFIGMAP_NAME>
636-
637- # Check operator logs for permission errors
638- kubectl -n toolhive-system logs -l app.kubernetes.io/name=toolhive-operator | grep -i permission
639- ` ` `
640-
641- Common causes include :
642-
643- - **Invalid profile name**: Ensure built-in profile names are correct (`none`,
644- ` network` )
645- - **ConfigMap not found**: Create the ConfigMap with the custom permission
646- profile
647- - **Invalid JSON**: Verify the permission profile JSON is valid
648- - **Missing key**: Ensure the specified key exists in the ConfigMap
649-
650- </details>
651-
652598<details>
653599<summary>Resource limit issues</summary>
654600
0 commit comments