Network Security

Network egress control and isolation for Loki Mode deployments.

Overview

This guide covers network-level security controls for restricting outbound network access from Loki Mode containers and pods to only the AI API endpoints required for operation.

Environment Variables

The following environment variables control network egress policy enforcement:

Variable	Default	Description
LOKI_NETWORK_EGRESS_POLICY	unrestricted	unrestricted (default), ai-only (restrict to AI APIs), none (block all outbound)
LOKI_ALLOWED_HOSTS	(empty)	Comma-separated list of additional hostnames to allow when egress policy is ai-only
LOKI_BLOCK_METADATA_ENDPOINT	false	Block cloud metadata endpoint (169.254.169.254) from within the application

Note: These variables are reserved for future application-level enforcement. Currently, network security is implemented at the infrastructure level using Docker networks or Kubernetes NetworkPolicy.

Docker Network Isolation

Custom Network with ICC Disabled

Create an isolated Docker network that prevents inter-container communication and restricts egress to known AI API endpoints:

# Create an isolated bridge network with ICC disabled
docker network create \
  --driver bridge \
  --opt com.docker.network.bridge.enable_icc=false \
  --subnet 172.28.0.0/16 \
  loki-isolated

Blocking the Cloud Metadata Endpoint

Cloud providers expose instance metadata at 169.254.169.254. This endpoint can leak credentials (IAM roles, service account tokens). Block it from within the container host:

# Block metadata endpoint for containers on the loki-isolated network
iptables -I DOCKER-USER -d 169.254.169.254 -j DROP

Allowing Only AI API Endpoints

Restrict outbound traffic to only the AI provider API endpoints that Loki Mode requires:

# Allow DNS resolution
iptables -A DOCKER-USER -p udp --dport 53 -j ACCEPT
iptables -A DOCKER-USER -p tcp --dport 53 -j ACCEPT

# Allow HTTPS to AI API endpoints only
# Anthropic (Claude)
iptables -A DOCKER-USER -d api.anthropic.com -p tcp --dport 443 -j ACCEPT
# OpenAI (Codex)
iptables -A DOCKER-USER -d api.openai.com -p tcp --dport 443 -j ACCEPT
# Google (Gemini)
iptables -A DOCKER-USER -d generativelanguage.googleapis.com -p tcp --dport 443 -j ACCEPT

# Drop all other outbound traffic from the isolated network
iptables -A DOCKER-USER -s 172.28.0.0/16 -j DROP

Docker Compose Example

version: "3.8"

services:
  loki:
    image: asklokesh/loki-mode:latest
    networks:
      - loki-isolated
    environment:
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp
    volumes:
      - ./workspace:/workspace

networks:
  loki-isolated:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.enable_icc: "false"

Note: Docker DNS-based iptables rules resolve at rule creation time. If provider IPs change, rules must be refreshed. For production use, consider a forward proxy (e.g., Squid, Envoy) with domain-based allowlisting instead of raw iptables.

Kubernetes NetworkPolicy

Egress-Restricted NetworkPolicy

The following NetworkPolicy restricts pod egress to only the AI API endpoints and DNS:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: loki-egress-policy
  namespace: loki
spec:
  podSelector:
    matchLabels:
      app: loki-mode
  policyTypes:
    - Egress
  egress:
    # Allow DNS resolution
    - to: []
      ports:
        - protocol: UDP
          port: 53
        - protocol: TCP
          port: 53
    # Allow HTTPS to AI API endpoints
    - to: []
      ports:
        - protocol: TCP
          port: 443

Important: Standard Kubernetes NetworkPolicy only supports IP-based rules, not domain names. To enforce domain-level egress control, use one of these approaches:

• Cilium: Supports CiliumNetworkPolicy with FQDN-based egress rules
• Calico Enterprise: Supports DNS-based network policies
• Egress Gateway: Route traffic through a proxy that enforces domain allowlists

Pod Security Context

Run Loki Mode pods with a restrictive security context:

apiVersion: v1
kind: Pod
metadata:
  name: loki-worker
  namespace: loki
  labels:
    app: loki-mode
spec:
  securityContext:
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000
    fsGroup: 1000
    seccompProfile:
      type: RuntimeDefault
  containers:
    - name: loki
      image: asklokesh/loki-mode:latest
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
        capabilities:
          drop:
            - ALL
      volumeMounts:
        - name: workspace
          mountPath: /workspace
        - name: tmp
          mountPath: /tmp
      env:
        - name: ANTHROPIC_API_KEY
          valueFrom:
            secretKeyRef:
              name: loki-secrets
              key: anthropic-api-key
  volumes:
    - name: workspace
      emptyDir: {}
    - name: tmp
      emptyDir:
        medium: Memory
        sizeLimit: 256Mi

TLS/HTTPS for Dashboard (v5.36.0)

Enable encrypted dashboard connections:

# Using environment variables
export LOKI_TLS_ENABLED=true
export LOKI_TLS_CERT=/path/to/cert.pem
export LOKI_TLS_KEY=/path/to/key.pem

loki start ./prd.md

Or via CLI flags:

loki dashboard start --tls-cert /path/to/cert.pem --tls-key /path/to/key.pem

Self-Signed Certificate (Development)

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes \
  -subj "/CN=localhost"

export LOKI_TLS_CERT=cert.pem
export LOKI_TLS_KEY=key.pem

Production TLS

For production deployments, use certificates from a trusted CA:

• Let's Encrypt (free, automated)
• AWS Certificate Manager
• Your organization's internal CA

Best Practices

Security Checklist

• Enable TLS/HTTPS for dashboard in production
• Use network policies to restrict egress to AI API endpoints only
• Block cloud metadata endpoint (169.254.169.254)
• Run containers with read-only root filesystem
• Use non-root user (UID 1000)
• Drop all capabilities
• Enable seccomp profile
• Use separate networks for different security zones
• Monitor network traffic for anomalies

Production Deployment

1. Enable TLS with valid certificates
2. Configure network policies or iptables rules
3. Use a reverse proxy (nginx, Envoy) for additional security headers
4. Enable audit logging to track network-related events
5. Monitor /metrics endpoint for unexpected traffic patterns

Troubleshooting

Connection to AI API Fails

# Check network policy
kubectl describe networkpolicy loki-egress-policy

# Test DNS resolution
kubectl exec -it loki-pod -- nslookup api.anthropic.com

# Check iptables rules
sudo iptables -L DOCKER-USER -n -v

Dashboard HTTPS Not Working

# Verify certificate files exist and are readable
ls -la /path/to/cert.pem /path/to/key.pem

# Check certificate validity
openssl x509 -in cert.pem -text -noout

# Verify dashboard is listening on HTTPS
curl -k https://localhost:57374/health

See Also

• Authentication Guide - OIDC/SSO setup
• Authorization Guide - RBAC configuration
• Audit Logging - Security event tracking
• Enterprise Features - Complete enterprise guide