Skip to content

Deployment Overview

This section explains how to deploy MCP Gateway in various environments - from local development to cloud-native platforms like Kubernetes, IBM Code Engine, AWS, and Azure.


πŸ” Security First

Before deploying to production, review our Security Guide for:

  • Critical security configurations
  • Production hardening checklist
  • Authentication and authorization setup
  • Network security best practices
  • Container security requirements

πŸ—Ί Deployment Options

MCP Gateway supports multiple deployment strategies:

Method Description
Local Run directly on your dev machine using make, uvicorn, or a virtual-env
Container Package and run as a single container image using Podman or Docker
Compose Stack Bring up Gateway + Postgres + Redis (and optional MPC servers) with Podman/Docker Compose
Minikube Launch a local single-node Kubernetes cluster and deploy the Gateway stack
Kubernetes Generic manifests or Helm chart for any K8s-compliant platform
OpenShift OpenShift-specific deployment using Routes, SCCs, and Operator-managed back-ends
IBM Code Engine Serverless container build & run on IBM Cloud
AWS Deploy on ECS Fargate, EKS, or EC2-hosted containers
Azure Run on Azure Container Apps, App Service, or AKS
Security Guide Essential security configurations and best practices for production deployments

πŸ›  Runtime Configuration

MCP Gateway loads configuration from:

  • .env file (in project root or mounted at /app/.env)
  • Environment variables (overrides .env)
  • CLI flags (e.g., via run.sh)

⚠️ Security Note: Never store sensitive credentials directly in environment variables. Use a secrets management system in production. See the Security Guide for details.


πŸ§ͺ Health Checks

All deployments should expose:

GET /health

This returns basic system latency metrics and can be used with cloud provider readiness probes.


πŸ“¦ Container Basics

The default container image:

  • Uses the Red Hat Universal Base image running as a non-root user
  • Exposes port 4444
  • Runs gunicorn with Uvicorn workers
  • Uses .env for all settings

For Kubernetes, you can mount a ConfigMap or Secret as .env.

Important: For production deployments, ensure you follow the container hardening guidelines in our Security Guide.