# CloudNativePG MCP Test Server - Production Dockerfile
# Test server using OIDC authentication (accepts Auth0 JWT tokens)
# This is the sidecar container running alongside the main server
FROM python:3.11-slim
# Metadata
LABEL maintainer="CloudNativePG MCP Server"
LABEL description="MCP Test Server for CloudNativePG (OIDC authentication)"
LABEL version="1.0.0"
LABEL component="test-sidecar"
# Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Set working directory
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements first for better layer caching
COPY requirements.txt .
# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY src/cnpg_mcp_test_server.py .
COPY src/cnpg_tools.py .
COPY src/auth_oidc.py .
# Create a non-root user for security
RUN useradd -m -u 1000 mcpuser && \
chown -R mcpuser:mcpuser /app
USER mcpuser
# Expose test server port
EXPOSE 3001
# Health check endpoint
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3001/healthz || exit 1
# Default command - run test server on port 3001
# OIDC configuration should be provided via environment variables or config file:
# OIDC_ISSUER, OIDC_AUDIENCE
CMD ["python", "cnpg_mcp_test_server.py", "--port", "3001"]