Run an MCP server in Google Cloud

If you have built a custom agent or Gemini CLI extension which you want to make publicly available, this page describes how to run the Data Commons MCP server in the cloud, using Google Cloud Run.

Since setting up an MCP server is a simple, one-time setup, there’s no need to use Terraform to manage it. Data Commons provides a prebuilt Docker image in the Artifact Registry, so you only need to set up a new Cloud Run service to point to it.

Prebuilt images

There are several versions of the image available, viewable at https://console.cloud.google.com/artifacts/docker/datcom-ci/us/gcr.io/datacommons-mcp-server. We recommend that you choose a production version with a specific version number, to ensure that changes introduced by the Data Commons team don’t break your application.

Before you start: decide on a hosting model

There are several ways you can host the MCP server in Cloud Run, namely:

  • As a standalone service. In this case, any client simply connects to it over HTTP, including your own MCP agent running as a separate Cloud Run service or locally. You can choose whether to make the internal Cloud Run app URL publicly available, or whether to put a load balancer in front of the service and map a domain name.
  • As a “sidecar” to an MCP client. If you are hosting your own MCP client in Cloud Run as well, this may be a useful option. In this case, the MCP server is not directly addressable; all external connections are managed by the client.

In this page, we provide steps for running the Data Commons MCP server as a standalone container. If you want to go with the sidecar option, please see Deploying multiple containers to a service (sidecars) for additional requirements and setup procedures.

Prerequisites

The following procedures assume that you have set up the following Google Cloud Platform services, using the Terraform scripts:

  • A service account and roles.
  • A Google Cloud Secret Manager secret for storing your Data Commons API key.

Create a Cloud Run Service for the MCP server

The following procedure sets up a bare-bones container service. To set additional options, such as request timeouts, instance replication, etc., please see Configure Cloud Run services for details.

  • Cloud Console
  • gcloud CLI
  1. Go to the https://console.cloud.google.com/run/services page for your project.
  2. Click Deploy container.
  3. In the Container image URL field, click Select.
  4. In the Artifact Registry panel that appears in the right side of the window, that appears, click Change.
  5. In the project search bar, enter datcom-ci and click on the link that appears.
  6. Expand gcr.io/datcom-ci and expand datacommons-mcp-server.
  7. From the list of images, select a production image, e.g. production-v1.1.4.
  8. Under Configure, select the desired region for the service, e.g. us-central1.
  9. Expand Containers, Networking, Security.
  10. Click the Variables & secrets tab.
  11. Under Environment variables, click Add variable and set the following variables:
    • name: DC_TYPE, value: custom
    • name: CUSTOM_DC_URL, value: YOUR_INSTANCE_URL
  12. Under Secrets exposed as environment variables, click Reference a secret.
  13. In the Name field, enter DC_API_KEY, and from the Secret field, select the secret previously created by the Terraform scripts. It is in the form NAMESPACE-datacommons-dc-api-key-FINGERPRINT.
  14. In the Version field, select the desired version, e.g. latest.
  15. Click Done.
  16. Click the Security tab. From the Service account field, select the service account for your namespace and project, previously created by the Terraform scripts.
  17. Click Create. If correctly configured, the service will deploy automatically. It may take several minutes to start up.
  1. If you haven't recently refreshed your Google Cloud credentials, run gcloud auth application-default login and authenticate.
  2. From any local directory, run the following command: 
    gcloud run deploy datacommons-mcp-server --image CONTAINER_IMAGE_URL \
        --service-account SERVICE_ACCOUNT --region REGION \
        --allow-unauthenticated \
        --set-secrets="DC_API_KEY=SECRET_NAME:latest" \
        --set-env-vars="DC_TYPE=custom" --set-env-vars="CUSTOM_DC_URL=INSTANCE_URL"
  • The container image URL is gcr.io/datcom-ci/datacommons-mcp-server:TAG. The tag should be a production image with a version number, e.g. production-v1.1.4.
  • The service account was created when you ran Terraform. It is in the form NAMESPACE-datacommons-sa@PROJECT_ID.iam.gserviceaccount.com.
  • The region is the Cloud region where you want to run the service, e.g. us-central1.
  • The secret name is the one created when you ran the Terraform scripts, in the form NAMESPACE-datacommons-dc-api-key-FINGERPRINT. If you're not sure about the name or fingerprint, go to https://console.cloud.google.com/security/secret-manager for your project and look it up.
To view the startup status, run the following command: 
gcloud run services logs tail datacommons-mcp-server --region REGION

Connect to the server from a remote client

For details, see the following pages:

The HTTP URL parameter is the Cloud Run App URL, if you are exposing the service directly, or a custom domain URL if you are using a load balancer and domain mapping.

Troubleshoot deployment issues

Container fails to start

If you see this error message:

The user-provided container failed to start and listen on the port defined provided by the PORT=8080 environment variable within the allocated timeout...

This is a generic message that could indicate a number of configuration problems. Check all of these:

  • Be sure you have specified the DC_API_KEY environment variable.
  • Be sure you have specified the correct service account.
  • Try increasing the health check timeout.

Page last updated: January 13, 2026 • Send feedback about this page