Can Docker apply or gate infrastructure changes?

No. The Gateway aggregates and secures MCP servers and surfaces the container layer. Gating and applying IaC changes is Spacelift's role, reconciling declared state is Argo CD's, and cluster operations are Kubernetes.

Why include Docker in an IaC setup?

For the container artifacts IaC ultimately deploys and for composition. mcp-find and mcp-add let an agent assemble the servers it needs, while the runtime view helps it reason about the images definitions reference.

Docker for infrastructure as code

Pick 4 of 4 for infrastructure as codeOfficialDocker

Docker is the fourth of four picks for infrastructure as code, included for visibility into the build artifacts that IaC definitions ultimately deploy. Docker's official MCP Gateway runs, secures, and aggregates containerized MCP servers behind one endpoint with on-demand discovery, so an agent can compose the tooling around an IaC workflow.

The rank is honest: IaC is about declaring infrastructure and gating changes before they apply, which the siblings do directly. Docker's relevance is the container and image side that the deployed definitions reference, plus its role as a gateway aggregating the servers an agent reasons with.

How Docker fits

The Gateway tools are discovery and composition rather than plan-and-apply. mcp-find searches the Docker MCP Catalog and mcp-add pulls a server into the session, mcp-config-set sets its options and secrets, mcp-remove removes it, and mcp-exec runs a tool on a session server. code-mode, marked experimental, builds a JavaScript-enabled tool that combines tools across servers. These let an agent assemble the right mix of servers for an IaC task and surface the container layer those definitions package.

The honest comparison: Spacelift is the IaC management platform that gates and applies changes, Argo CD is the GitOps controller that reconciles declared state against a Kubernetes cluster, and Kubernetes drives cluster operations directly. Those three sit at the center of an IaC workflow, which is why they rank ahead. Docker's Gateway contributes the container artifacts and the ability to aggregate other MCP servers, so use it to reason about build images and to compose tooling, not to gate or apply infrastructure changes.

Tools you would use

Tool	What it does
mcp-find	Search for MCP servers in the Docker MCP Catalog by name or description.
mcp-add	Add a discovered MCP server to the current session so its tools become available.
mcp-config-set	Configure settings (such as secrets or options) for an MCP server in the session.
mcp-remove	Remove an MCP server from the current session.
mcp-exec	Execute a tool by name that exists on a server in the current session.
code-mode	Experimental: create a JavaScript-enabled tool that combines tools from multiple MCP servers.

Full Docker setup and config →

FAQ

Can Docker apply or gate infrastructure changes?: No. The Gateway aggregates and secures MCP servers and surfaces the container layer. Gating and applying IaC changes is Spacelift's role, reconciling declared state is Argo CD's, and cluster operations are Kubernetes.
Why include Docker in an IaC setup?: For the container artifacts IaC ultimately deploys and for composition. mcp-find and mcp-add let an agent assemble the servers it needs, while the runtime view helps it reason about the images definitions reference.