Configuration

This guide covers configuration options for MCP Gateway components.

MCPGateway Configuration

The MCPGateway resource configures the gateway deployment:

apiVersion: mcp-gateway.ohcs.io/v1alpha1
kind: MCPGateway
metadata:
  name: my-gateway
spec:
  # Domain for the gateway
  domain: mcp.example.com

  # Number of gateway replicas
  replicas: 2

  # TLS configuration
  tls:
    enabled: true
    clusterIssuer: letsencrypt-prod
    # Or use an existing secret
    # secretName: my-tls-secret

  # Ingress class (optional)
  ingressClassName: nginx

  # Resource requirements
  resources:
    limits:
      cpu: "500m"
      memory: "256Mi"
    requests:
      cpu: "100m"
      memory: "128Mi"

  # Node selector (optional)
  nodeSelector:
    kubernetes.io/os: linux

  # Tolerations (optional)
  tolerations:
  - key: "dedicated"
    operator: "Equal"
    value: "mcp"
    effect: "NoSchedule"

Environment Variables

The gateway container supports these environment variables:

Variable	Description	Default
`AUTH_TOKEN`	Bearer token for client authentication	(none)
`CONFIG_NAME`	Kubernetes ConfigMap name (enables K8s mode when set)	(none)

CLI Flags

The gateway binary also accepts these CLI flags:

Flag	Description	Default
`-config`	Path to configuration file (file mode)	`/etc/mcp-gateway/config.json`
`-addr`	HTTP server address	`:8080`
`-log-level`	Log level (debug, info, warn, error)	`info`

Configuration Modes

The gateway supports two configuration modes:

Kubernetes Mode (Default)

When running in a Kubernetes cluster with the operator, the gateway automatically watches for ConfigMap changes. The operator manages the ConfigMap, and the gateway applies configuration updates without requiring a restart.

Set CONFIG_NAME to the ConfigMap name to enable this mode:

env:
- name: CONFIG_NAME
  value: my-gateway-config

File Mode

For local development or standalone deployments, the gateway can read configuration from a JSON file using the -config flag:

./mcp-gateway -config /path/to/config.json

File mode is primarily intended for local development. In production, use Kubernetes mode for zero-downtime configuration updates.

Authentication

To enable authentication, create a Secret with the auth token:

apiVersion: v1
kind: Secret
metadata:
  name: gateway-auth
type: Opaque
stringData:
  AUTH_TOKEN: your-secret-token

Then reference it in your MCPGateway:

spec:
  authSecretRef:
    name: gateway-auth
    key: AUTH_TOKEN

Clients must then include the token in requests:

curl -H "Authorization: Bearer your-secret-token" https://mcp.example.com/