/ Directory / Playground / Microsoft MCP Gateway
← All servers ↗ GitHub
● Official microsoft ⚡ Instant

Microsoft MCP Gateway

by microsoft · microsoft/mcp-gateway

Reverse proxy and lifecycle manager for fleets of MCP servers on Kubernetes.

MCP Gateway is Microsoft's session-aware reverse proxy for MCP servers. It manages the lifecycle of stateful MCP instances on Kubernetes, routes by session/tenant, and centralizes auth — turning ad-hoc MCP servers into a real platform tier.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

microsoft-mcp-gateway.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "microsoft-mcp-gateway": {
      "command": "mcp-gateway",
      "args": [
        "serve"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "microsoft-mcp-gateway": {
      "command": "mcp-gateway",
      "args": [
        "serve"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "microsoft-mcp-gateway": {
      "command": "mcp-gateway",
      "args": [
        "serve"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "microsoft-mcp-gateway": {
      "command": "mcp-gateway",
      "args": [
        "serve"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "microsoft-mcp-gateway",
      "command": "mcp-gateway",
      "args": [
        "serve"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "microsoft-mcp-gateway": {
      "command": {
        "path": "mcp-gateway",
        "args": [
          "serve"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add microsoft-mcp-gateway -- mcp-gateway serve

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use Microsoft MCP Gateway

Stand up an internal MCP catalog with one auth boundary

👤 Platform engineering teams ⏱ ~15 min intermediate

When to use: You have 10+ MCP servers and need centralized auth, quotas, and observability.

Prerequisites
  • Server/skill installed and authenticated — See repo README
Flow
  1. Deploy the gateway
    Generate Helm values for mcp-gateway with our Entra OIDC issuer and three backend MCPs: github, jira, snowflake.✓ Copied
    → values.yaml + helm command
  2. Register
    Register each backend and assign it to the 'engineering' tenant with a 1000 req/hr quota.✓ Copied
    → Three backend ids + quota set

Outcome: One URL, one OIDC, many MCPs — properly governed.

Pitfalls
  • Session affinity is critical for stateful servers. If you switch to a stateless backend, also disable affinity to avoid hotspots. — Session affinity is critical for stateful servers. If you switch to a stateless backend, also disable affinity to avoid hotspots.
Combine with: containers/kubernetes-mcp-server

Combinations

Pair with other MCPs for X10 leverage

microsoft-mcp-gateway + containers/kubernetes-mcp-server

Pair with containers/kubernetes-mcp-server for complementary capabilities

Use this server together with containers/kubernetes-mcp-server to complete a multi-step task.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
list_backends (none) See registered MCP servers 1 API call
register_backend name, image, env Add a new MCP server behind the gateway K8s scheduling
tenant_quota tenant_id Inspect or adjust per-tenant limits 1 API call

Cost & Limits

What this costs to run

API quota
See provider docs for rate limits
Tokens per call
Varies by tool
Monetary
See repo README for pricing details
Tip
Cache tool results and avoid repeated identical calls.

Security

Permissions, secrets, blast radius

Credential storage: Use environment variables; never commit secrets
Data egress: Tool calls go to the provider's API as documented

Troubleshooting

Common errors and fixes

backend unhealthy

Gateway probes GET /healthz. Make sure your MCP server implements it or update healthCheck.path.

Verify: kubectl get pods -n mcp
OIDC validation fails

Issuer URL must match the token's iss claim exactly, including trailing slash. Recheck Entra app config.

Verify: Decode token at jwt.ms

Alternatives

Microsoft MCP Gateway vs others

AlternativeWhen to use it insteadTradeoff
agentic-community/mcp-gateway-registryYou prefer the community OSS optionLess Azure-native

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills