Microsoft MCP Gateway for Claude

Safety notes

Microsoft MCP Gateway can deploy, update, delete, and route MCP server adapters in Kubernetes through its management API.
The dynamic `/mcp` tool router can route tool calls to registered tool servers, so tool definitions and execution endpoints must be reviewed before registration.
Adapter and tool write access is limited to the creator or `mcp.admin`, while read access depends on creator, admin, and configured required roles.
The optional agents and sessions subsystem is documented as preview and single-replica; built-in bash and file tools run in the gateway pod and are not a production sandbox.
Proxying local stdio servers into remotely accessible services can expose local tools and workload identity permissions if access controls are too broad.

Privacy notes

The gateway may process bearer tokens, Entra ID role claims, adapter metadata, registered tool schemas, session IDs, MCP requests, tool arguments, tool results, logs, container image names, environment variables, and Kubernetes deployment status.
Adapter logs and session streams can reveal prompts, tool inputs, tool outputs, upstream MCP responses, and internal service names.
Workload identity, Azure resource access, Foundry settings, and MCP proxy environment variables can expose cloud permissions if logged or shared.
Store tokens, role assignments, registry credentials, deployment payloads, and model provider settings in controlled secrets rather than committed examples.

Prerequisites

Kubernetes cluster access with permission to deploy gateway, adapter, tool router, and sample MCP server workloads.
.NET 8 SDK, Docker Desktop, local registry, and Kubernetes enabled for the documented local deployment flow.
MCP server images built and pushed to the registry used by the gateway deployment.
Bearer authentication, Entra ID app roles, `mcp.admin`, and per-resource `requiredRoles` configured before exposing management APIs.
Deployment storage, Redis or session store settings, logs, and network routing reviewed before production use.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 45 minutes
Difficulty: advanced

Full copyable content

kubectl port-forward -n adapter svc/mcpgateway-service 8000:8000

About this resource

Content

Microsoft MCP Gateway is an open-source reverse proxy and management layer for MCP servers in Kubernetes. It provides a data plane for routing streamable HTTP MCP traffic with session affinity, plus a control plane for deploying, updating, deleting, and inspecting MCP server adapters and registered tool servers.

The gateway can expose direct adapter routes such as /adapters/{name}/mcp and a dynamic /mcp tool router. The README also documents an optional preview agent/session layer that can run LLM-driven sessions on top of registered MCP tools when Azure AI Foundry settings are configured.

Source Review

These sources were reviewed on 2026-06-06. Prefer the live repository, README, Entra app-role guide, MCP proxy sample, OpenAPI contract, session routing source, and license file for current deployment, authorization, adapter management, tool registration, and routing behavior.

Features

Deploy and register MCP server adapters with the /adapters management API.
Route streamable HTTP MCP traffic through /adapters/{name}/mcp.
Preserve MCP session affinity when routing requests to adapter instances.
Register tool definitions and tool servers through the /tools API.
Route dynamic tool calls through the gateway-level /mcp tool router.
Inspect adapter and tool metadata, status, and running logs.
Use bearer authentication and Entra ID app roles for resource access control.
Proxy local stdio MCP servers or remote streamable HTTP MCP servers through the gateway.
Deploy gateway and sample workloads into Kubernetes with local or Azure-oriented manifests.
Optionally evaluate preview agents and sessions backed by registered MCP tools.

Installation

The README documents a local deployment flow that builds sample MCP server images, publishes the gateway and tool-router images, applies Kubernetes manifests, and port-forwards the gateway service:

kubectl apply -f deployment/k8s/local-deployment.yml
kubectl port-forward -n adapter svc/mcpgateway-service 8000:8000

Before applying the manifests, build and push the sample MCP server, gateway, and tool-router images to the registry used by the deployment. The repository also includes Azure deployment assets for cloud setup.

Create adapters through the management API with the image details and any required role values:

{
  "name": "sample-adapter",
  "imageName": "mcp-example",
  "imageVersion": "1.0.0",
  "requiredRoles": [
    "mcp.engineer"
  ]
}

Use Cases

Put a Kubernetes-native reverse proxy in front of multiple MCP server deployments.
Keep MCP session traffic pinned to the correct adapter instance.
Manage MCP adapter lifecycle with REST APIs instead of manually editing workloads.
Expose registered tool servers through one dynamic MCP tool router.
Gate adapter and tool access with Entra ID app roles and bearer tokens.
Bridge local stdio MCP servers into remotely accessible streamable HTTP services.
Proxy internal streamable HTTP MCP servers while centralizing access and logging.
Evaluate agent/session prototypes that call registered MCP tools in a controlled test environment.

Safety and Privacy

Microsoft MCP Gateway is infrastructure for deploying and routing other MCP servers. Limit who can call the management APIs because adapter and tool creation can deploy Kubernetes workloads, expose tool endpoints, and make logs available through gateway APIs. Configure mcp.admin, resource creators, and requiredRoles carefully before sharing the service.

The README labels the agents and sessions subsystem as preview and single-replica. Built-in bash and file tools run inside the gateway pod with regex denylist, timeout, output, and path limits; the docs explicitly say to replace them with a real sandbox before multi-tenant or production use.

Treat bearer tokens, role claims, adapter payloads, tool schemas, Foundry settings, workload identity permissions, MCP proxy environment variables, logs, session streams, prompts, arguments, and tool results as sensitive. Avoid registering untrusted MCP images or commands, and review Kubernetes RBAC, network policy, image provenance, and log retention before production use.

Duplicate Check

No microsoft/mcp-gateway source entry, Microsoft MCP Gateway entry, or matching source URL was found in content/mcp or the broader content directories.

#gateway#kubernetes#orchestration#security#infrastructure

Source citations

Related resources

mcp

Bifrost MCP Gateway

Aggregate MCP tools behind Bifrost's gateway, then expose them through a governed /mcp endpoint with virtual keys, auth, tool filtering, logs, and provider routing.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

mcp

Docker MCP Gateway

Run selected MCP servers in Docker containers, organize them into profiles, connect clients to one gateway, and manage catalogs, secrets, OAuth, tool allowlists, logging, and container limits.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

mcp

MetaMCP Gateway

Host grouped MCP servers behind managed MetaMCP endpoints with namespaces, API keys, OAuth, tool overrides, inspection, and traffic controls.

Review firstSource-backedReview firstAdded 2d ago

Safety ✓ Privacy ✓

mcp

tbxark MCP Proxy Server

Put several stdio, SSE, or Streamable HTTP MCP servers behind one proxy, configure per-server routes, auth tokens, logging, and allow/block tool filters, then serve clients over HTTP.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

Signals

Loading live community signals…