Red Hat SummitChapter 1. Introduction to the MCP gateway
You can centralize and manage the connectivity for your agentic AI applications that access your Model Context Protocol (MCP) servers by using the MCP gateway.
MCP gateway is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
1.1. About the MCP gateway
You can focus on your agentic AI systems without building networking into your application code by using the Model Context Protocol (MCP) gateway. Application teams and platform engineers can operate and collaborate to expose MCP servers with the MCP gateway as secure and protected services just as you do with existing RESTFul based APIs.
For example, you can achieve the following goals by using the MCP gateway to connect your MCP servers:
- Aggregate MCP servers behind a single endpoint.
- Grow your agentic AI applications at scale, keeping connectivity outside of application development.
- Manage access to and the security of AI tools and MCP servers.
The Connectivity Link implementation of the MCP gateway extends the benefits of the Envoy proxy server to your customized AI agent systems.
The Envoy proxy server handles traffic from agentic AI clients to your backend MCP servers at the gateway ingress. Envoy is a conformance-tested implementation of the Kubernetes Gateway API. By using the MCP gateway, you can extend the capabilities of Envoy without the complexity of manual configuration.
1.2. MCP gateway architecture
The architecture of the Model Context Protocol (MCP) gateway builds on top of the routing capabilities of the Envoy proxy with capabilities to handle the MCP.
Design considerations include the following high-level goals:
- The MCP gateway must work with the Gateway API as a routing configuration.
- Envoy controls routing and traffic as the implementation of the Gateway API.
- The MCP gateway focuses on the MCP Protocol.
- Use Istio as the gateway control plane in OpenShift Container Platform with the Gateway API.
-
Connectivity Link is used for other key features, such as
AuthPolicyand rate-limiting custom resources.
1.2.1. MCP gateway architectural components
The MCP gateway architecture consists of three components that manage connectivity: the router, broker, and controller.
- MCP router
The MCP router is an Envoy-focused
ext_proccomponent that is capable of parsing the MCP protocol. Whenext_procparses the MCP Protocol, the router uses the protocol to set headers to force the correct routing of the request to the correct MCP server.The MCP router component is responsible for the following activities:
-
Parsing and validating the
JSON-RPCrequest object, which is the MCP message body -
Setting the key request headers,
:authority,:path,x-mcp-method,x-mcp-servername,x-mcp-toolname, andmcp-session-id -
Watching for
404responses from MCP servers and invalidating the session store - Handling session initialization and storage on behalf of a requesting MCP client during a tools call request
-
Parsing and validating the
- MCP broker
The MCP broker manages the complexity of connecting to multiple AI services simultaneously for you. The broker component aggregates multiple backend MCP servers and presents them as a unified MCP server to clients. This means that your MCP clients or applications do not have to manage a large set of MCP servers and configurations for each server.
The MCP broker component is a backend service that acts as a default MCP server backend for the
/mcpendpoint. For example, the broker does the following activities:-
Handles the handshake,
init. - Discovers tools from connected MCP servers and aggregates them into a unified list. Validates that discovered MCP servers meet minimum protocol version and capabilities before including their tools in the list.
- Listens for updates and can change its state so that the agentic AI always has the latest information.
-
Handles notifications sent through whichever backend MCP server it is connected to, for example,
notifications/tools/list_changed. - Handles notification requests from clients and MCP servers by proxying from the MCP server notification to registered clients.
-
Handles the handshake,
- MCP discovery controller
The MCP discovery controller is a Kubernetes-based controller that watches for changes to custom resources (CRs). The MCP discovery controller uses CRs to configure the MCP gateway and register MCP servers. The CRs are then turned into a configuration that is consumed by the MCP gateway so that it can route and present the tools from the registered MCP server to the client.
The MCP discovery controller component is responsible for the following activities:
-
Watching
MCPServerRegistrationCRs -
Maintaining a configuration from both
HTTPRouteandMCPServerRegistrationCRs -
Updating the MCP broker and MCP router config secret based on discovered
MCPServerRegistrationCRs and theHTTPRoutesthey target -
Reporting the status of
MCPServerRegistrationsCRs
-
Watching
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}