Unauthenticated Deployment

Purpose

This subtopic addresses the requirement to deploy the MCP server on Google Cloud Run so that it is publicly accessible without requiring any authentication. This mode enables open, unrestricted access to the zoo animal query API, simplifying usage for public clients or testing scenarios where security is not a concern. It complements the broader deployment automation goals of the parent topic Cloud Run Deployment Automation by providing a streamlined option for unauthenticated access, distinct from the secure deployment alternative.

Functionality

The unauthenticated deployment workflow automates the process of launching the MCP server container on Cloud Run, explicitly enabling public access by setting the --allow-unauthenticated flag during deployment. This flag configures Cloud Run to permit all incoming requests without token verification or identity enforcement.

Key characteristics of this deployment mode include:

• Predefined Region and Labels: The deployment targets a specific Google Cloud region (europe-west1) for consistency and predictable latency. Additionally, custom labels such as dev-tutorial=codelab-gde-medium-open are applied for resource organization and tracking within the cloud environment.

• Source-based Deployment: The deployment command uses the local source directory (--source=.) to build and deploy the container image on Cloud Run, ensuring that the latest code changes are included.

• Public Access Enablement: By specifying --allow-unauthenticated, the deployed service is accessible over HTTP without any authentication token or identity checks.

This contrasts with the secure deployment subtopic, which involves more complex identity token management and IAM configurations.

Deployment Script Interaction

The main automation entrypoint for this subtopic is the cloudrun.sh shell script. Its simplicity reflects the minimal configuration needed for unauthenticated deployment:

gcloud run deploy zoo-mcp-server \
    --allow-unauthenticated \
    --region=europe-west1 \
    --source=. \
    --labels=dev-tutorial=codelab-gde-medium-open

This command sequence:

1. Invokes the Google Cloud CLI (gcloud run deploy) to deploy the service named zoo-mcp-server.

2. Applies the --allow-unauthenticated flag to enable public access.

3. Specifies the region as europe-west1 to control deployment locality.

4. Uses the current directory as the source context for building the container image.

5. Attaches identifying labels for management within the Google Cloud project.

The automation abstracts away manual Cloud Run console interactions, ensuring repeatable and documented deployment steps.

Integration

The unauthenticated deployment subtopic fits within the broader deployment and operational lifecycle of the MCP server as defined by Cloud Run Deployment Automation. It provides a quick path to expose the MCP server publicly, useful for demo environments, open APIs, or initial testing before enabling security.

It is closely related to the other subtopics:

• Secure Deployment: While unauthenticated deployment allows public access, the secure deployment enforces authentication tokens, providing controlled access for production or sensitive environments.

• Environment Initialization: Before deploying, environment setup with init.sh and set_env.sh ensures necessary project configurations and permissions are in place, supporting both authenticated and unauthenticated deployment modes.

Together, these subtopics enable flexible deployment strategies aligned with operational requirements.

Deployment Workflow Visualization

flowchart TD
Start[Start Deployment] --> Configure[Set Deployment Parameters]
Configure --> DeployCmd[Run gcloud deploy with --allow-unauthenticated]
DeployCmd --> CloudRun[Cloud Run Service Deployed]
CloudRun --> Public[Public HTTP Endpoint Available]

This flowchart highlights the key steps involved in deploying the MCP server publicly without authentication, emphasizing the straightforward process enabled by the automation script.