Add deployment review and assessment

Comprehensive analysis of MCP Registry deployment setup identifying:
- Critical issue with placeholder nginx container vs actual registry
- Security considerations and monitoring gaps
- High availability and reliability improvements needed
- Prioritized recommendations for production readiness

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: domdomegg

DEPLOYMENT_REVIEW.md

@@ -0,0 +1,99 @@
+# Deployment Review & Assessment
+
+Based on analysis of the MCP Registry deployment setup, here are findings and improvement recommendations:
+
+## Current Architecture Strengths
+
+**Pulumi IaC Approach**
+- Well-structured infrastructure as code using Pulumi
+- Multi-provider support (AKS, local) with clean abstraction
+- Good separation of concerns in `pkg/` directory
+
+**Security Fundamentals**
+- Non-root container execution (`appuser` with UID 10001)
+- Secrets properly managed via Kubernetes secrets
+- TLS/SSL certificate management with cert-manager and Let's Encrypt
+
+## Critical Issues & High-Priority Improvements
+
+### 1. **Production Deployment Not Ready** 🚨
+The registry deployment uses `nginx:alpine` placeholder image instead of the actual MCP registry:
+- `deploy/pkg/k8s/registry.go:67` - TODO comments indicate incomplete setup
+- Health probes are commented out
+- Port mapping doesn't match actual application (80 vs 8080)
+
+**Fix:** Build and publish actual registry container image to GHCR, update deployment
+
+### 2. **Database Security Considerations** 🔒
+- MongoDB deployed without authentication
+- No backup/disaster recovery strategy
+- Database credentials hardcoded
+
+*Note: MongoDB is not exposed externally (ClusterIP service), so this is not a critical security risk but should be addressed for production.*
+
+### 3. **Monitoring & Observability Gaps** 📊
+- No Prometheus/Grafana monitoring stack
+- No log aggregation (ELK/Loki)
+- No application metrics/health dashboards
+- No alerting configured
+
+### 4. **High Availability & Reliability** ⚠️
+
+**Database:**
+- Single MongoDB instance (no replication)
+- No persistent volume backup strategy
+- Fixed 10Gi storage without growth planning
+
+**Application:**
+- Only 2 replicas for registry service
+- No pod disruption budgets
+- No horizontal pod autoscaling
+
+## Recommended Improvements
+
+### Immediate (High Priority)
+1. **Complete Registry Deployment**
+   - Build proper container image pipeline
+   - Enable health checks and proper port configuration
+   - Test actual application deployment
+
+2. **Secure MongoDB**
+   - Add authentication credentials
+   - Implement backup strategy
+
+### Medium Priority
+3. **Add Monitoring Stack**
+   ```go
+   // New files needed:
+   // pkg/k8s/monitoring.go - Prometheus, Grafana deployment
+   // pkg/k8s/logging.go - Log aggregation setup
+   ```
+
+4. **Security Hardening (Nice to Have)**
+   - Implement RBAC policies
+   - Add Network Policies
+   - Enable Pod Security Standards
+
+5. **CI/CD Pipeline Enhancement**
+   - Add container image building/publishing
+   - Implement automated deployment to staging/production
+   - Add security scanning (Trivy, Snyk)
+
+### Lower Priority  
+6. **High Availability**
+   - MongoDB replica set deployment
+   - Implement HPA for registry pods
+   - Add pod disruption budgets
+
+7. **Operational Excellence**
+   - Add Kubernetes dashboard
+   - Cost optimization analysis
+
+## Configuration Issues
+- Production config has test credentials: `deploy/Pulumi.prod.yaml:4-5`
+- Missing environment-specific resource sizing
+- Hardcoded domain names (`example.com`)
+
+## Summary
+
+The deployment setup shows good architectural foundations but needs significant work before production readiness. The most critical issue is the placeholder nginx container - priority should be completing the actual registry application deployment before addressing the other improvements. Security measures like RBAC and Network Policies are nice to have but not strictly necessary given that MongoDB is not exposed externally.