Deployment OverviewΒΆ
This section explains how to deploy MCP Gateway in various environments - from local development to cloud-native platforms like Kubernetes, IBM Code Engine, AWS, and Azure.
π Security FirstΒΆ
Before deploying to production, review our Security Guide for:
- Critical security configurations
- Production hardening checklist
- Authentication and authorization setup
- Network security best practices
- Container security requirements
πΊ Deployment OptionsΒΆ
MCP Gateway supports multiple deployment strategies:
| Method | Description |
|---|---|
| Local | Run directly on your dev machine using make, uvicorn, or a virtual-env |
| Container | Package and run as a single container image using Podman or Docker |
| Compose Stack | Bring up Gateway + Postgres + Redis (and optional MPC servers) with Podman/Docker Compose |
| Minikube | Launch a local single-node Kubernetes cluster and deploy the Gateway stack |
| Kubernetes | Generic manifests or Helm chart for any K8s-compliant platform |
| OpenShift | OpenShift-specific deployment using Routes, SCCs, and Operator-managed back-ends |
| IBM Code Engine | Serverless container build & run on IBM Cloud |
| AWS | Deploy on ECS Fargate, EKS, or EC2-hosted containers |
| Azure | Run on Azure Container Apps, App Service, or AKS |
| Security Guide | Essential security configurations and best practices for production deployments |
| Performance Architecture | Visual overview of Rust-powered components, caching layers, and scaling architecture |
π Runtime ConfigurationΒΆ
MCP Gateway loads configuration from:
.envfile (in project root or mounted at/app/.env)- Environment variables (overrides
.env) - CLI flags (e.g., via
run.sh)
β οΈ Security Note: Never store sensitive credentials directly in environment variables. Use a secrets management system in production. See the Security Guide for details.
π§ͺ Health ChecksΒΆ
All deployments should expose:
This returns basic system latency metrics and can be used with cloud provider readiness probes.
π¦ Container BasicsΒΆ
The default container image:
- Uses the Red Hat Universal Base image running as a non-root user
- Exposes port
4444 - Runs
gunicornwith Uvicorn workers - Uses
.envfor all settings
For Kubernetes, you can mount a ConfigMap or Secret as
.env.
Important: For production deployments, ensure you follow the container hardening guidelines in our Security Guide.