This POC used the everything MCP server as it has Streamable-HTTP capabilities
- K8s cluster
- Kuadrant installed, for more info see Kuadrant docs
export KUADRANT_ZONE_ROOT_DOMAIN=example.com # Root domain associated with the Zone ID above
export QUAY_USERNAME=xxxx # Quay username
export KUADRANT_AWS_ACCESS_KEY_ID=xxxx # AWS Key ID with access to manage the DNS Zone ID below
export KUADRANT_AWS_SECRET_ACCESS_KEY=xxxx # AWS Secret Access Key with access to manage the DNS Zone ID below- Build you MCP Server image.
docker build -t quay.io/${QUAY_USERNAME}/mcp-server-everything https://github.com/modelcontextprotocol/servers.git\#main -f src/everything/Dockerfile
- Push the image to your container registry.
docker push quay.io/${QUAY_USERNAME}/mcp-server-everything- Install the MCP Server in your K8s cluster.
kubectl apply -f mcp-server/mcp-server-everything.yaml- Ensure the MCP everything Server pod is running.
kubectl get pods -n mcp-server- Create the gateway namespace:
kubectl create ns mcp-gateway- Create the secret credentials in the same namespace as the Gateway - these will be used to configure DNS:
kubectl -n mcp-gateway create secret generic aws-credentials \
--type=kuadrant.io/aws \
--from-literal=AWS_ACCESS_KEY_ID=$KUADRANT_AWS_ACCESS_KEY_ID \
--from-literal=AWS_SECRET_ACCESS_KEY=$KUADRANT_AWS_SECRET_ACCESS_KEY- Create the secret credentials in the cert-manager namespace:
kubectl -n cert-manager create secret generic aws-credentials \
--type=kuadrant.io/aws \
--from-literal=AWS_ACCESS_KEY_ID=$KUADRANT_AWS_ACCESS_KEY_ID \
--from-literal=AWS_SECRET_ACCESS_KEY=$KUADRANT_AWS_SECRET_ACCESS_KEY- Create the Kuadrant Gateway:
kubectl apply -f kuadrant/gateway.yaml- Create the Lets encrypt Cluster issuer and TlS Policy:
kubectl apply -f kuadrant/tls.yaml**Note**: The cert can't be self signed. MCP clients dont accept self signed certs yet.
- Create the DNSPolicy:
kubectl apply -f kuadrant/dns.yaml- After a minute, Test that the MCP server is responding
curl -v -X POST "https://api.${KUADRANT_ZONE_ROOT_DOMAIN}/mcp" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"method": "initialize",
"params": {
"protocolVersion": "2024-11-05",
"capabilities": {
"resources": {},
"tools": {},
"prompts": {}
},
"clientInfo": {
"name": "test-curl-client",
"version": "1.0"
}
},
"id": 1
}'- Create the Rate limit policy:
kubectl apply -f kuadrant/rlp.yaml- Create the Auth policy and the API Key secrets:
kubectl apply -f kuadrant/auth.yamlIn this example we are using Vscode Co pilot as our MCP client as it has capabilities to connect using Streamable HTTP
- Add the following to your VSCode setting.json. For more info please see the official VSCode MCP docs
"mcp": {
"servers": {
"my-mcp-server": {
"type": "http",
"url": "https://KUADRANT_ZONE_ROOT_DOMAIN_GOES_HERE/mcp",
"headers": {
"Authorization": "APIKEY IAMALICE"
}
}
}
},
-
The Client should be able to use the server now and you should be able to avail of the MCP server tools. Open co pilot in vscode using
⌃⌘Iand in the drop down click agent. -
In the chat type:
add 500 and 500-
Vscode will ask you about using allowing Co pilot invoke the tool from the MCP server, ensure you allow it.
-
The chat will output the answer and also show you it ran
addfrom the MCP server -
If you leave out the Auth header in the config or ask the chat questions using the tool to many times to quickly, the auth and rate limit policies deployed will deny and limit the requests.