The Platform Service Gateway is responsible for enabling the Gateway API on openMCP backend clusters, allowing webhooks from MCP resources to reach services in the platform or workload clusters.
This platform service uses Envoy Gateway as the Gateway API implementation and cert-manager to provision TLS certificates.
To run the platform-service-gateway locally, you need to first bootstrap an openMCP environment by using openmcp-operator and cluster-provider-kind. A comprehensive guide will follow soon.
For current testing reasons, the platform-service-gateway needs to run in the cluster. To run the latest version of your changes in your local environment, you need to run:
task build:img:buildThis will build the image of the platform-service-gateway locally and puts it into your local Docker registry.
docker images ghcr.io/openmcp-project/images/platform-service-gatewayYou can then apply the PlatformService resource to your openMCP Platform cluster:
apiVersion: openmcp.cloud/v1alpha1
kind: PlatformService
metadata:
name: gateway
spec:
image: ghcr.io/openmcp-project/images/platform-service-gateway:... # latest local docker image buildWhen you already have an openMCP environment set up, you can deploy the platform-service-gateway by applying the following manifest:
apiVersion: openmcp.cloud/v1alpha1
kind: PlatformService
metadata:
name: gateway
spec:
image: ghcr.io/openmcp-project/images/platform-service-gateway:<latest-version> # latest upstream versionA GatewayServiceConfig is an API where you can configure the platform-service-gateway.
The GatewayServiceConfig is stored in the Platform cluster and therefore in the responsibility realm of the platform owner.
apiVersion: gateway.openmcp.cloud/v1alpha1
kind: GatewayServiceConfig
metadata:
name: gateway # needs to match `PlatformService.metadata.name`
spec:
envoyGateway:
images:
proxy: "ghcr.io/openmcp-project/components/github.com/openmcp-project/openmcp/images/envoy-proxy:distroless-v1.36.2"
gateway: "ghcr.io/openmcp-project/components/github.com/openmcp-project/openmcp/images/envoy-gateway:v1.5.4"
rateLimit: "ghcr.io/openmcp-project/components/github.com/openmcp-project/openmcp/images/envoy-ratelimit:99d85510"
chart:
url: "oci://ghcr.io/openmcp-project/components/github.com/openmcp-project/openmcp/charts/envoy-gateway"
tag: "1.5.4"
clusters:
- selector:
matchPurpose:
- platform
- selector:
matchPurpose:
- workload
dns:
baseDomain: dev.openmcp.example.com
More documentation for the platform-service-gateway can be found in the docs folder.
To build the binary locally, you can use the following command:
task buildTo build the image locally, you can use the following command:
task build:img:buildTo run the unit tests locally, you can use the following command:
task testTo generate the CRDs, DeepCopy functions, and other boilerplate code, you can use the following command:
task generateThis project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.
If you find any bug that may be a security problem, please follow our instructions at in our security policy on how to report it. Please do not create GitHub issues for security-related doubts or problems.
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.
Copyright 2025 SAP SE or an SAP affiliate company and platform-service-gateway contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
