# Prerequisite: Create a Secret named "mcpgateway-secrets" with keys:
# DATABASE_URL, REDIS_URL, JWT_SECRET_KEY, BASIC_AUTH_USER, BASIC_AUTH_PASSWORD
# Example:
# kubectl -n mcp-gateway create secret generic mcpgateway-secrets \
# --from-literal=DATABASE_URL='postgresql+psycopg://...' \
# --from-literal=REDIS_URL='redis://...' \
# --from-literal=JWT_SECRET_KEY='...' \
# --from-literal=BASIC_AUTH_USER='admin' \
# --from-literal=BASIC_AUTH_PASSWORD='...'
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: mcpgateway
namespace: mcp-gateway
spec:
template:
metadata:
annotations:
# Enable scale to zero
autoscaling.knative.dev/enable-scale-to-zero: "true"
# Scale down to zero after 30 seconds of no traffic
autoscaling.knative.dev/scale-to-zero-pod-retention-period: "30s"
# Minimum number of instances (0 for scale-to-zero)
autoscaling.knative.dev/min-scale: "0"
# Maximum number of instances
autoscaling.knative.dev/max-scale: "1"
# Target concurrency per pod
autoscaling.knative.dev/target: "100"
# Metric for autoscaling (concurrency or rps)
autoscaling.knative.dev/metric: "concurrency"
# Window for stable mode
autoscaling.knative.dev/window: "60s"
# Autoscaling class
autoscaling.knative.dev/class: "kpa.autoscaling.knative.dev"
# Target utilization percentage
autoscaling.knative.dev/target-utilization-percentage: "70"
spec:
# Timeout for requests (important for scale-to-zero)
timeoutSeconds: 300
# Container concurrency (0 = unlimited, or set a specific value)
containerConcurrency: 100
containers:
- name: gateway
image: ghcr.io/jrmatherly/mcp-context-forge:v1.0.0rc1
ports:
- containerPort: 4444
protocol: TCP
env:
- name: HOST
value: "0.0.0.0"
- name: PORT
value: "4444"
# Database connection (prefer DATABASE_URL over individual vars)
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: mcpgateway-secrets
key: DATABASE_URL
optional: true
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: mcpgateway-secrets
key: REDIS_URL
optional: true
# Auth
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: mcpgateway-secrets
key: JWT_SECRET_KEY
optional: true
- name: BASIC_AUTH_USER
valueFrom:
secretKeyRef:
name: mcpgateway-secrets
key: BASIC_AUTH_USER
optional: true
- name: BASIC_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: mcpgateway-secrets
key: BASIC_AUTH_PASSWORD
optional: true
- name: AUTH_REQUIRED
value: "true"
# Features
- name: PLUGINS_ENABLED
value: "true"
- name: MCPGATEWAY_UI_ENABLED
value: "true"
- name: MCPGATEWAY_ADMIN_API_ENABLED
value: "true"
- name: MCPGATEWAY_A2A_ENABLED
value: "false"
# Logging
- name: LOG_LEVEL
value: "INFO"
- name: STRUCTURED_LOGGING_DATABASE_ENABLED
value: "false"
envFrom:
- configMapRef:
name: mcpgateway-env
optional: true
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
# Readiness probe - critical for Knative to know when pod is ready
readinessProbe:
httpGet:
path: /health
port: 4444
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
# Liveness probe
livenessProbe:
httpGet:
path: /health
port: 4444
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/data
name: data-volume
volumes:
- name: data-volume
emptyDir: {}
