Initial commit

Author: mikesir87

.github/workflows/deploy-labspace-compose.yaml

@@ -0,0 +1,32 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Ensure Compose v2.39.3+ is available (includes bug fixes for publishing)
+      # Can remove this action once default runners include it
+      - name: Set up Docker Compose
+        uses: docker/setup-compose-action@v1
+        with:
+          version: v2.39.3
+
+      - name: Log in to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Publish Compose file
+        run: |
+          docker compose -f oci://dockersamples/labspace -f .labspace/compose.override.yaml publish $DOCKERHUB_USERNAME/labspace-mcp-gateway --with-env -y
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}

.gitignore

@@ -0,0 +1,2 @@
+/compose.yaml
+.env

.labspace/01-introduction.md

@@ -0,0 +1,62 @@
+# Introduction
+
+👋 Welcome to the **Docker MCP Gateway** lab! During this lab, you will learn to do the following:
+
+- Learn about the Docker MCP Gateway
+- Learn how to run the MCP Gateway with a simple MCP server
+- Securely inject secrets into MCP servers
+- Filter tools to reduce noise and save tokens
+- Learn how to connect the MCP Gateway to your application using popular agentic frameworks
+
+Throughout this session, you'll also learn how to use the [MCP Inspector](https://github.com/modelcontextprotocol/inspector) to interact with MCP servers and debug/troubleshoot potential issues.
+
+
+
+## 🙋 What is MCP again?
+
+**Model Context Protocol (MCP)** standardizes how AI applications connect to external data sources and tools.  
+
+It provides the ability to package and distribute common tools you might need in AI workflows. Examples might include:
+
+- Retrieve data from GitHub about open issues or pull requests
+- Lookup customer or subscription information from Stripe
+- Create a Notion page with summarized details
+- Send an email using Resent
+- Or more!
+
+By using MCP, it allows you to easily extend or add capabilities to your AI applications.
+
+```mermaid
+flowchart LR
+    AI[AI Client] --> S1[DuckDuckGo MCP Server]
+    S1 --> DuckDuckgo[DuckDuckGo APIs]
+    S1 --> Content[Arbitrary web content]
+    AI --> S2[GitHub MCP Server]
+    S2 --> GitHub[GitHub APIs]
+```
+
+## Why a MCP Gateway?
+
+When running MCP servers, you often want a single connection point for your application to send all MCP requests. This allows you to **audit** and **log** more easily, **configure** more securely, and more.
+
+By using a MCP Gateway, your application also needs only a single MCP connection, making your architecture look similar to the following:
+
+```mermaid
+flowchart LR
+    AI[AI Client] --> GW[MCP Gateway]
+
+    subgraph "MCP Gateway"
+        GW --> S1[DuckDuckGo MCP Server]
+        GW --> S2[GitHub MCP Server]
+    end
+
+    S1 --> DuckDuckgo[DuckDuckGo APIs]
+    S1 --> Content[Arbitrary web content]
+    S2 --> GitHub[GitHub APIs]
+```
+
+The **[Docker MCP Gateway](https://github.com/docker/mcp-gateway)** is an open-source gateway that makes it simple, safe, and secure to run MCP servers inside containers.
+
+Docker additionally provides a **[MCP Catalog](https://hub.docker.com/mcp)**, which is a collection of containerized MCP servers that are easy to get up and going.
+
+With that, let's get started by starting the MCP Gateway with a simple MCP server!

.labspace/02-adding-a-simple-mcp-server.md

@@ -0,0 +1,107 @@
+# Running a simple MCP Server
+
+The **[DuckDuckGo MCP server](https://hub.docker.com/mcp/server/duckduckgo/overview)** is a great MCP server that is very easy to use.
+
+Specifically, it provides two tools:
+
+1. **fetch_content** - fetch and parse content from a webpage URL
+2. **search** - search DuckDuckGo and return formatted results
+
+With these tools, you could create agents that can perform online searches, do basic research, and more!
+
+
+## Starting a MCP Gateway to use DuckDuckGo
+
+1. Create a `compose.yaml` file with the following contents:
+
+    ```yaml save-as=compose.yaml
+    services:
+      gateway:
+        image: docker/mcp-gateway
+        command:
+          - --servers=duckduckgo
+          - --transport=streaming
+        ports:
+          - 8811:8811
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+    ```
+
+    To explain the flags:
+
+    - `--servers=duckduckgo` - configure the MCP Gateway to use the duckduckgo server from the Docker MCP Catalog
+    - `--transport=streaming` - configure the MCP Gateway to use the [Streamable HTTP transport](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#streamable-http)
+    - `/var/run/docker.sock:/var/run/docker.sock` - mount the Docker socket, which is required to actually launch the DuckDuckGo MCP server
+
+
+2. Start the gateway using Docker Compose:
+
+    ```bash terminal-id=compose
+    docker compose up
+    ```
+
+    In the log output, you should see output similar to the following:
+
+    ```plaintext no-copy-button
+    gateway-1  | - Reading configuration...
+    gateway-1  |   - Reading catalog from [https://desktop.docker.com/mcp/catalog/v2/catalog.yaml]
+    gateway-1  | - Configuration read in 198.760708ms
+    gateway-1  | - Those servers are enabled: duckduckgo
+    gateway-1  | - Listing MCP tools...
+    ...
+    ...
+    gateway-1  | - Using images:
+    gateway-1  |   - mcp/duckduckgo@sha256:68eb20db6109f5c312a695fc5ec3386ad15d93ffb765a0b4eb1baf4328dec14f
+    gateway-1  | > Images pulled in 37.201917ms
+    gateway-1  | - Verifying images [mcp/duckduckgo]
+    gateway-1  | > Images verified in 887.355875ms
+    gateway-1  | > Initialized in 1.640829209s
+    gateway-1  | > Start streaming server on port 8811
+    ```
+
+    That's it! The MCP Gateway is up and running!
+
+
+
+## Using the MCP Inspector
+
+The [MCP Inspector](https://github.com/modelcontextprotocol/inspector) is a great tool to directly interact with MCP servers, including the MCP Gateway.
+
+1. Start the MCP Inspector by using the following `npx` command:
+
+    ```bash terminal-id=inspector
+    npx --yes @modelcontextprotocol/inspector
+    ```
+
+2. Once it finishes, open the MCP Inspector running at :tabLink[http://localhost:6274]{href="http://localhost:6274" title="MCP Inspector"}.
+
+3. Configure the MCP Inspector to connect to a MCP server with the following configuration:
+
+    - **Transport Type:** Streamable HTTP (you configured this in the Compose file)
+    - **URL:** http://localhost:8811
+
+    Click **Connect** when you're done!
+
+4. Select the **Tools** tab and then click the **List Tools** button. 
+
+    You should see both the `fetch_content` and `search` tools appear.
+
+5. Select the **search** tool by clicking on it.
+
+    This will open a form to fill out the required parameters.
+
+6. In the _query_ field, type in "Docker MCP Gateway".
+
+7. Click the **Run Tool** button.
+
+    After a brief time, you should see your search results!
+
+While running the `search` tool, the Docker MCP Gateway started a DuckDuckGo container, delegated the running of the tool to it, got the results, stopped the container, and sent the results back to the inspector.
+
+
+
+## Next steps
+
+While this was a simple MCP server, not all are as straight forward. Many require some sort of authentication or configuration.
+
+In the next step, you'll add the GitHub MCP server to explore this.

.labspace/03-adding-a-complex-mcp-server.md

@@ -0,0 +1,83 @@
+# Adding a complex MCP server
+
+The **[GitHub MCP server](https://hub.docker.com/mcp/server/github-official/overview)** is a great MCP server that provides the ability to create issues, add comments, list repositories, and more.
+
+In fact, there are (as of the time of writing this) [93 tools](https://hub.docker.com/mcp/server/github-official/tools) provided through this MCP server.
+
+In order to perform operations though, many of them require a Personal Access Token.
+
+To provide this, you will use [Docker Compose secrets](https://docs.docker.com/compose/how-tos/use-secrets/), which the MCP Gateway will safely and securely inject into the MCP server container.
+
+
+## 🔐 Defining the secret
+
+1. Create a [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). It is up to you whether you use the classic or fine-grained and how many permissions you grant it.
+
+2. Create a `.env` file with the following contents:
+
+    ```dotenv save-as=.env
+    github.personal_access_token=YOUR_TOKEN_HERE
+    ```
+
+    Replace `YOUR_TOKEN_HERE` with your Personal Access Token.
+
+2. Update your `compose.yaml` to define the secret:
+
+    ```yaml
+    secrets:
+      github-credential:
+        file: .env
+    ```
+
+3. Update the `gateway` service in the `compose.yaml` to inject the secret:
+
+    ```yaml
+    services:
+      gateway:
+        ...
+        secrets:
+          - github-credential
+    ```
+
+4. Update the `command` for the `gateway` service to tell the MCP Gateway where to find the secrets:
+
+    ```yaml
+    services:
+      gateway:
+        ...
+        command:
+          - --servers=duckduckgo
+          - --transport=streaming
+          - --servers=github-official
+          - --secrets=/run/secrets/github-credential
+    ```
+
+5. Run `docker compose up` to apply the changes:
+
+    ```bash terminal-id=compose2
+    docker compose up -d
+    ```
+
+
+
+## ✅ Validating with the MCP Inspector
+
+With the MCP Gateway now running with the GitHub Official MCP server, you should be able to see a significant increase in the available tools.
+
+1. Open the MCP Inspector at http://localhost:6274.
+
+2. Since the MCP Gateway had to restart, click the **Connect** button to reconnect.
+
+3. Click on the **Tools** tab and then the **List Tools** button to view all of the available tools.
+
+4. Scroll to find the `get_me` tool, which will provide details about the authenticated user. 
+
+5. Click the `Run Tool` to execute the tool. You should see output about your user account. If it fails, ensure your Personal Access Token is configured correctly.
+
+
+
+## Next steps
+
+You now have two MCP servers configured, but almost 100 tools! Each tool consumes tokens and context when being sent to the LLM. This slows down every request, increases costs, and can even confuse many models.
+
+In the next section, you'll learn how to filter the tools the MCP Gateway exposes.

.labspace/04-filtering-available-tools.md

@@ -0,0 +1,52 @@
+# Filtering Tools
+
+The configuration you have for your MCP Gateway currently exposes almost 100 tools, which is a lot!
+
+Every tool description includes details on when to use the tool, available parameters, and sometimes examples on how to use it.
+
+These descriptions must be processed on every request, making your AI apps slower, more costly, and potentially less accurate (lots of tools can confuse models).
+
+## Updating the MCP Gateway configuration
+
+Fortunately, the MCP Gateway makes it easy to filter the tools it exposes.
+
+1. Identify the names of the tools you want to expose from each MCP server.
+
+    For this lab, you will expose both tools from the DuckDuckGo server and a few tools related to pull requests and issues.
+
+    The list will include `fetch_content`, `search`, `get_pull_request`, `get_pull_request_diff`, and `get_pull_request_files`, `get_issue`, and `get_issue_comments`.
+
+2. Update the `compose.yaml` file to include the list of tools with the `--tools` flag:
+
+
+    ```yaml
+    services:
+      gateway:
+        command:
+          ...
+          - --tools=fetch_content,search,get_pull_request,get_pull_request_diff,get_pull_request_files,get_issue,get_issue_comments
+    ```
+
+
+3. Restart the gateway to apply the tool filtering:
+
+    ```bash terminal-id=compose2
+    docker compose up -d
+    ```
+
+
+
+## Validating the tool filtering
+
+1. Open the MCP Inspector (http://localhost:6274)
+
+2. Reconnect to the server and list the tools
+
+3. Validate you see only seven tools now.
+
+4. Get the details for a pull request by running the `get_pull_request` tool with the following configuration:
+
+    - **Tool:** `get_pull_request`
+    - **owner:** `docker`
+    - **pullNumber:** 99
+    - **repo:** welcome-to-docker