diff --git a/Dockerfile.local b/Dockerfile.local
new file mode 100644
index 00000000..27977a7e
--- /dev/null
+++ b/Dockerfile.local
@@ -0,0 +1,34 @@
+FROM debian:bookworm-slim
+
+# Install runtime dependencies
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        libssl3 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user for running Wassette
+RUN useradd -m -u 1000 -s /bin/bash wassette
+
+# Create necessary directories with proper permissions
+RUN mkdir -p /home/wassette/.local/share/wassette/components && \
+    mkdir -p /home/wassette/.config/wassette/secrets && \
+    chown -R wassette:wassette /home/wassette
+
+# Copy the pre-built binary
+COPY target/release/wassette /usr/local/bin/wassette
+
+# Set up environment
+ENV HOME=/home/wassette
+ENV XDG_DATA_HOME=/home/wassette/.local/share
+ENV XDG_CONFIG_HOME=/home/wassette/.config
+
+# Switch to the non-root user
+USER wassette
+WORKDIR /home/wassette
+
+# Expose the default HTTP port
+EXPOSE 9001
+
+# Default command: start Wassette with streamable-http transport
+CMD ["wassette", "serve", "--streamable-http"]
diff --git a/deployment/README.md b/deployment/README.md
new file mode 100644
index 00000000..075e26e7
--- /dev/null
+++ b/deployment/README.md
@@ -0,0 +1,338 @@
+# Deploying Wassette
+
+This directory contains deployment configurations for running Wassette on Kubernetes.
+
+## Overview
+
+Wassette can be deployed to Kubernetes using either raw manifests or Helm charts. Both options provide production-ready configurations with security best practices.
+
+## Deployment Options
+
+### 1. Kubernetes Manifests
+
+Use the raw Kubernetes manifests for simple deployments or when you need full control over the configuration.
+
+📁 **Location**: [`kubernetes/`](kubernetes/)
+
+**Quick Start:**
+```bash
+kubectl apply -f kubernetes/deployment.yaml
+```
+
+**Features:**
+- Simple YAML-based deployment
+- Single file for easy management
+- Namespace isolation
+- Health checks and resource limits
+- Security context configuration
+
+**Use When:**
+- You need a quick deployment
+- You don't need advanced features like autoscaling
+- You prefer direct kubectl management
+- You want to customize the YAML directly
+
+[Learn more →](kubernetes/README.md)
+
+### 2. Helm Chart
+
+Use the Helm chart for production deployments with advanced features and easier upgrades.
+
+📁 **Location**: [`helm/wassette/`](helm/wassette/)
+
+**Quick Start:**
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace
+```
+
+**Features:**
+- Templated configuration with values
+- Easy upgrades and rollbacks
+- Autoscaling support
+- Ingress configuration
+- Network policies
+- Persistent storage options
+- Pod disruption budgets
+
+**Use When:**
+- You need production-ready deployment
+- You want easy configuration management
+- You need advanced features (autoscaling, ingress, etc.)
+- You prefer Helm for package management
+- You need to maintain multiple environments
+
+[Learn more →](helm/wassette/README.md)
+
+## Integration with Kagent
+
+Wassette can be integrated with [kagent](https://github.com/kagent-dev/kagent), a Kubernetes-native framework for building AI agents. Kagent uses the `RemoteMCPServer` custom resource to connect to MCP servers like Wassette.
+
+**Architecture:**
+```
+┌─────────────────┐         ┌──────────────────┐         ┌─────────────────┐
+│  Kagent Agent   │ ◄─────► │  RemoteMCPServer │ ◄─────► │    Wassette     │
+│                 │         │   (Kubernetes    │         │   MCP Server    │
+│                 │         │      CRD)        │         │  (streamable-   │
+│                 │         │                  │         │      http)      │
+└─────────────────┘         └──────────────────┘         └─────────────────┘
+                                                                  │
+                                                                  ▼
+                                                          ┌─────────────────┐
+                                                          │  WebAssembly    │
+                                                          │   Components    │
+                                                          └─────────────────┘
+```
+
+**Quick Integration:**
+```bash
+# 1. Deploy Wassette
+kubectl apply -f kubernetes/deployment.yaml
+
+# 2. Create RemoteMCPServer resource
+kubectl apply -f kubernetes/wassette-remotemcp.yaml
+
+# 3. Verify integration
+kubectl get remotemcpservers -n kagent
+```
+
+[Complete integration guide →](kubernetes/kagent-integration.md)
+
+## Choosing the Right Deployment Method
+
+| Feature | Kubernetes Manifests | Helm Chart |
+|---------|---------------------|------------|
+| **Ease of Setup** | ✅ Very Simple | ⚠️ Requires Helm |
+| **Customization** | ✅ Direct YAML editing | ✅ Values-based config |
+| **Upgrades** | ⚠️ Manual kubectl apply | ✅ helm upgrade |
+| **Rollbacks** | ❌ Manual | ✅ helm rollback |
+| **Autoscaling** | ❌ Not included | ✅ Built-in |
+| **Ingress** | ❌ Not included | ✅ Built-in |
+| **Persistent Storage** | ⚠️ Manual configuration | ✅ Built-in |
+| **Network Policies** | ❌ Not included | ✅ Built-in |
+| **Production Ready** | ⚠️ Basic features | ✅ Full features |
+| **Multi-Environment** | ⚠️ Difficult | ✅ Easy with values |
+
+## Common Configurations
+
+### Minimal Deployment
+
+For testing or development:
+
+```bash
+# Using kubectl
+kubectl apply -f kubernetes/deployment.yaml
+
+# Using Helm
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace
+```
+
+### Production Deployment
+
+For production with high availability:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set replicaCount=3 \
+  --set persistence.enabled=true \
+  --set autoscaling.enabled=true \
+  --set podDisruptionBudget.enabled=true \
+  --set networkPolicy.enabled=true
+```
+
+### With Persistent Storage
+
+To persist components across restarts:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set persistence.enabled=true \
+  --set persistence.size=5Gi
+```
+
+### With Secrets
+
+To provide API keys to components:
+
+```bash
+# Create values file
+cat > values.yaml <<EOF
+secrets:
+  create: true
+  data:
+    OPENWEATHER_API_KEY: "your-api-key"
+    GITHUB_TOKEN: "your-token"
+EOF
+
+# Install with secrets
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --values values.yaml
+```
+
+## Transport Protocols
+
+Wassette supports multiple MCP transport protocols:
+
+### 1. Streamable HTTP (Default)
+
+Recommended for Kubernetes deployments and kagent integration.
+
+```bash
+# Helm
+--set wassette.transport=streamable-http
+
+# The service is accessible at:
+# http://wassette.namespace.svc.cluster.local:9001
+```
+
+### 2. SSE (Server-Sent Events)
+
+Alternative HTTP-based transport.
+
+```bash
+# Helm
+--set wassette.transport=sse
+
+# The service is accessible at:
+# http://wassette.namespace.svc.cluster.local:9001/sse
+```
+
+### 3. Stdio
+
+For command-line integration (not recommended for Kubernetes).
+
+## Accessing Wassette
+
+### From Within the Cluster
+
+Wassette is accessible via the service DNS name:
+
+```
+http://wassette.wassette.svc.cluster.local:9001
+```
+
+Or if in the same namespace:
+
+```
+http://wassette:9001
+```
+
+### From Outside the Cluster
+
+#### Option 1: Port Forwarding (Development)
+
+```bash
+kubectl port-forward -n wassette svc/wassette 9001:9001
+```
+
+Then access at `http://localhost:9001`
+
+#### Option 2: Ingress (Production)
+
+Enable ingress in the Helm chart:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set ingress.enabled=true \
+  --set ingress.className=nginx \
+  --set ingress.hosts[0].host=wassette.example.com
+```
+
+## Monitoring and Observability
+
+### Health Checks
+
+Wassette exposes a health endpoint at `/health`:
+
+```bash
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Logs
+
+View Wassette logs:
+
+```bash
+# Current logs
+kubectl logs -n wassette deployment/wassette
+
+# Follow logs
+kubectl logs -n wassette deployment/wassette -f
+
+# Logs from all replicas
+kubectl logs -n wassette -l app.kubernetes.io/name=wassette --all-containers
+```
+
+### Metrics
+
+Configure the log level:
+
+```bash
+# Helm
+--set wassette.env.RUST_LOG=debug
+
+# Kubectl (edit deployment)
+kubectl set env -n wassette deployment/wassette RUST_LOG=debug
+```
+
+## Security Best Practices
+
+1. **Run as Non-Root**: Both configurations run Wassette as user 1000
+2. **Drop Capabilities**: All unnecessary Linux capabilities are dropped
+3. **Network Policies**: Enable network policies to restrict traffic
+4. **Resource Limits**: Set appropriate CPU and memory limits
+5. **Read-Only Secrets**: Mount secrets as read-only
+6. **Pod Security**: Use pod security standards
+
+## Troubleshooting
+
+### Pod Not Starting
+
+```bash
+kubectl get pods -n wassette
+kubectl describe pod -n wassette -l app.kubernetes.io/name=wassette
+kubectl logs -n wassette deployment/wassette
+```
+
+### Service Not Accessible
+
+```bash
+# Check service endpoints
+kubectl get endpoints -n wassette wassette
+
+# Test from within cluster
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Kagent Integration Issues
+
+See the [kagent integration guide](kubernetes/kagent-integration.md) for detailed troubleshooting.
+
+## Next Steps
+
+- 📖 [Kubernetes Deployment Guide](kubernetes/README.md)
+- 📦 [Helm Chart Documentation](helm/wassette/README.md)
+- 🔗 [Kagent Integration Guide](kubernetes/kagent-integration.md)
+- 🏠 [Wassette Documentation](https://microsoft.github.io/wassette)
+- 🐙 [Wassette GitHub](https://github.com/microsoft/wassette)
+
+## Contributing
+
+Found an issue or want to improve the deployment configurations? Please open an issue or pull request on the [Wassette GitHub repository](https://github.com/microsoft/wassette).
+
+## License
+
+This project is licensed under the MIT License. See [LICENSE](../LICENSE) for details.
diff --git a/deployment/helm/wassette/.helmignore b/deployment/helm/wassette/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/deployment/helm/wassette/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deployment/helm/wassette/Chart.yaml b/deployment/helm/wassette/Chart.yaml
new file mode 100644
index 00000000..4df278ed
--- /dev/null
+++ b/deployment/helm/wassette/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: wassette
+description: A Helm chart for deploying Wassette MCP server on Kubernetes
+type: application
+version: 0.1.0
+appVersion: "0.3.4"
+keywords:
+  - mcp
+  - model-context-protocol
+  - webassembly
+  - wasm
+  - ai
+  - agents
+home: https://microsoft.github.io/wassette
+sources:
+  - https://github.com/microsoft/wassette
+maintainers:
+  - name: Wassette Team
+    url: https://github.com/microsoft/wassette
+icon: https://raw.githubusercontent.com/microsoft/wassette/main/assets/architecture.png
diff --git a/deployment/helm/wassette/README.md b/deployment/helm/wassette/README.md
new file mode 100644
index 00000000..438338c4
--- /dev/null
+++ b/deployment/helm/wassette/README.md
@@ -0,0 +1,363 @@
+# Wassette Helm Chart
+
+This Helm chart deploys Wassette MCP server on a Kubernetes cluster.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.0+
+- (Optional) PersistentVolume provisioner support
+
+## Installation
+
+### Add the Helm Repository (Future)
+
+```bash
+# This will be available once the chart is published
+# helm repo add wassette https://microsoft.github.io/wassette/helm
+# helm repo update
+```
+
+### Install from Local Chart
+
+```bash
+# From the repository root
+helm install wassette deployment/helm/wassette/ --namespace wassette --create-namespace
+```
+
+### Install with Custom Values
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set image.tag=latest \
+  --set resources.requests.memory=256Mi
+```
+
+### Install with Custom Values File
+
+Create a `custom-values.yaml`:
+
+```yaml
+replicaCount: 2
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 1Gi
+  requests:
+    cpu: 200m
+    memory: 256Mi
+
+persistence:
+  enabled: true
+  size: 5Gi
+
+ingress:
+  enabled: true
+  className: nginx
+  hosts:
+    - host: wassette.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+```
+
+Then install:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --values custom-values.yaml
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the Wassette chart and their default values.
+
+### Global Settings
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `replicaCount` | Number of Wassette replicas | `1` |
+| `nameOverride` | Override the resource name | `""` |
+| `fullnameOverride` | Override the full resource name | `""` |
+
+### Image Settings
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `image.repository` | Wassette image repository | `ghcr.io/microsoft/wassette` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.tag` | Image tag (defaults to chart appVersion) | `""` |
+| `imagePullSecrets` | Image pull secrets | `[]` |
+
+### Service Account
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `serviceAccount.create` | Create a service account | `true` |
+| `serviceAccount.annotations` | Service account annotations | `{}` |
+| `serviceAccount.name` | Service account name | `""` |
+
+### Security Context
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `podSecurityContext.runAsNonRoot` | Run as non-root user | `true` |
+| `podSecurityContext.runAsUser` | User ID | `1000` |
+| `podSecurityContext.fsGroup` | File system group | `1000` |
+| `securityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` |
+| `securityContext.readOnlyRootFilesystem` | Read-only root filesystem | `false` |
+
+### Service
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `service.type` | Service type | `ClusterIP` |
+| `service.port` | Service port | `9001` |
+| `service.targetPort` | Container target port | `9001` |
+| `service.annotations` | Service annotations | `{}` |
+
+### Ingress
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `ingress.enabled` | Enable ingress | `false` |
+| `ingress.className` | Ingress class name | `""` |
+| `ingress.annotations` | Ingress annotations | `{}` |
+| `ingress.hosts` | Ingress hosts | `[{host: wassette.example.com, paths: [{path: /, pathType: Prefix}]}]` |
+| `ingress.tls` | Ingress TLS configuration | `[]` |
+
+### Resources
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `resources.limits.cpu` | CPU limit | `500m` |
+| `resources.limits.memory` | Memory limit | `512Mi` |
+| `resources.requests.cpu` | CPU request | `100m` |
+| `resources.requests.memory` | Memory request | `128Mi` |
+
+### Wassette Configuration
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `wassette.transport` | Transport protocol (streamable-http, sse, stdio) | `streamable-http` |
+| `wassette.env.RUST_LOG` | Logging level | `info` |
+| `wassette.envFrom` | Additional env from configmap/secret | `[]` |
+
+### Persistence
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `persistence.enabled` | Enable persistent storage | `false` |
+| `persistence.storageClassName` | Storage class name | `""` |
+| `persistence.accessMode` | Access mode | `ReadWriteOnce` |
+| `persistence.size` | Volume size | `1Gi` |
+| `persistence.existingClaim` | Existing PVC name | `""` |
+
+### Secrets
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `secrets.create` | Create a secret | `false` |
+| `secrets.name` | Secret name | `wassette-secrets` |
+| `secrets.data` | Secret data | `{}` |
+
+### Autoscaling
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `autoscaling.enabled` | Enable HPA | `false` |
+| `autoscaling.minReplicas` | Minimum replicas | `1` |
+| `autoscaling.maxReplicas` | Maximum replicas | `10` |
+| `autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization | `80` |
+
+### Network Policy
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `networkPolicy.enabled` | Enable network policy | `false` |
+| `networkPolicy.ingress` | Ingress rules | `[{from: [{namespaceSelector: {matchLabels: {name: kagent}}}], ports: [{protocol: TCP, port: 9001}]}]` |
+
+## Examples
+
+### Example 1: Basic Deployment
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace
+```
+
+### Example 2: With Persistent Storage
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set persistence.enabled=true \
+  --set persistence.size=5Gi
+```
+
+### Example 3: With Secrets
+
+```bash
+# Create values file
+cat > values.yaml <<EOF
+secrets:
+  create: true
+  data:
+    OPENWEATHER_API_KEY: "your-api-key"
+    GITHUB_TOKEN: "your-github-token"
+EOF
+
+# Install with secrets
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --values values.yaml
+```
+
+### Example 4: With Ingress
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set ingress.enabled=true \
+  --set ingress.className=nginx \
+  --set ingress.hosts[0].host=wassette.example.com \
+  --set ingress.hosts[0].paths[0].path=/ \
+  --set ingress.hosts[0].paths[0].pathType=Prefix
+```
+
+### Example 5: High Availability Setup
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace \
+  --set replicaCount=3 \
+  --set persistence.enabled=true \
+  --set autoscaling.enabled=true \
+  --set autoscaling.minReplicas=2 \
+  --set autoscaling.maxReplicas=5 \
+  --set podDisruptionBudget.enabled=true \
+  --set podDisruptionBudget.minAvailable=1
+```
+
+### Example 6: For Kagent Integration
+
+```bash
+# Install in the same namespace as kagent
+helm install wassette deployment/helm/wassette/ \
+  --namespace kagent \
+  --set networkPolicy.enabled=true
+```
+
+## Upgrading
+
+### Upgrade the Release
+
+```bash
+helm upgrade wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --values custom-values.yaml
+```
+
+### Upgrade with New Image
+
+```bash
+helm upgrade wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --set image.tag=v0.3.5
+```
+
+## Uninstallation
+
+```bash
+helm uninstall wassette --namespace wassette
+```
+
+To also delete the namespace:
+
+```bash
+kubectl delete namespace wassette
+```
+
+## Integration with Kagent
+
+To use Wassette with [kagent](https://github.com/kagent-dev/kagent), create a RemoteMCPServer resource:
+
+```yaml
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+spec:
+  description: "Wassette WebAssembly MCP Server"
+  protocol: STREAMABLE_HTTP
+  url: "http://wassette.wassette.svc.cluster.local:9001"
+  timeout: "30s"
+```
+
+For detailed integration instructions, see the [Kubernetes deployment guide](../../kubernetes/kagent-integration.md).
+
+## Troubleshooting
+
+### Check Pod Status
+
+```bash
+kubectl get pods -n wassette
+kubectl describe pod -n wassette -l app.kubernetes.io/name=wassette
+kubectl logs -n wassette -l app.kubernetes.io/name=wassette
+```
+
+### Test Service Connectivity
+
+```bash
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Verify Helm Release
+
+```bash
+helm list -n wassette
+helm status wassette -n wassette
+helm get values wassette -n wassette
+```
+
+## Development
+
+### Lint the Chart
+
+```bash
+helm lint deployment/helm/wassette/
+```
+
+### Render Templates
+
+```bash
+helm template wassette deployment/helm/wassette/ --debug
+```
+
+### Dry Run
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --dry-run --debug
+```
+
+## Contributing
+
+Contributions are welcome! Please see [CONTRIBUTING.md](../../../CONTRIBUTING.md) for details.
+
+## License
+
+This project is licensed under the MIT License. See [LICENSE](../../../LICENSE) for details.
diff --git a/deployment/helm/wassette/templates/_helpers.tpl b/deployment/helm/wassette/templates/_helpers.tpl
new file mode 100644
index 00000000..8791bcd5
--- /dev/null
+++ b/deployment/helm/wassette/templates/_helpers.tpl
@@ -0,0 +1,90 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "wassette.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "wassette.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "wassette.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "wassette.labels" -}}
+helm.sh/chart: {{ include "wassette.chart" . }}
+{{ include "wassette.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "wassette.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "wassette.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "wassette.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "wassette.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the image tag
+*/}}
+{{- define "wassette.imageTag" -}}
+{{- .Values.image.tag | default .Chart.AppVersion }}
+{{- end }}
+
+{{/*
+Get the command based on transport
+*/}}
+{{- define "wassette.command" -}}
+{{- if eq .Values.wassette.transport "streamable-http" -}}
+- wassette
+- serve
+- --streamable-http
+{{- else if eq .Values.wassette.transport "sse" -}}
+- wassette
+- serve
+- --sse
+{{- else if eq .Values.wassette.transport "stdio" -}}
+- wassette
+- serve
+- --stdio
+{{- else -}}
+- wassette
+- serve
+- --streamable-http
+{{- end -}}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/configmap.yaml b/deployment/helm/wassette/templates/configmap.yaml
new file mode 100644
index 00000000..6a5a384f
--- /dev/null
+++ b/deployment/helm/wassette/templates/configmap.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.configMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.configMap.name | default (printf "%s-config" (include "wassette.fullname" .)) }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+data:
+  {{- range $key, $value := .Values.configMap.data }}
+  {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/deployment.yaml b/deployment/helm/wassette/templates/deployment.yaml
new file mode 100644
index 00000000..0cedb728
--- /dev/null
+++ b/deployment/helm/wassette/templates/deployment.yaml
@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "wassette.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "wassette.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "wassette.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: {{ .Chart.Name }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.image.repository }}:{{ include "wassette.imageTag" . }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command:
+          {{- include "wassette.command" . | nindent 10 }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.service.targetPort }}
+          protocol: TCP
+        env:
+        - name: HOME
+          value: "/home/wassette"
+        - name: XDG_DATA_HOME
+          value: "/home/wassette/.local/share"
+        - name: XDG_CONFIG_HOME
+          value: "/home/wassette/.config"
+        {{- range $key, $value := .Values.wassette.env }}
+        - name: {{ $key }}
+          value: {{ $value | quote }}
+        {{- end }}
+        {{- with .Values.wassette.envFrom }}
+        envFrom:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- if or (eq .Values.wassette.transport "streamable-http") (eq .Values.wassette.transport "sse") }}
+        livenessProbe:
+          {{- toYaml .Values.livenessProbe | nindent 12 }}
+        readinessProbe:
+          {{- toYaml .Values.readinessProbe | nindent 12 }}
+        {{- end }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+        volumeMounts:
+        - name: components
+          mountPath: /home/wassette/.local/share/wassette/components
+          readOnly: false
+        {{- if or .Values.secrets.create .Values.secrets.name }}
+        - name: secrets
+          mountPath: /home/wassette/.config/wassette/secrets
+          readOnly: true
+        {{- end }}
+      volumes:
+      - name: components
+        {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default (include "wassette.fullname" .) }}
+        {{- else }}
+        emptyDir: {}
+        {{- end }}
+      {{- if or .Values.secrets.create .Values.secrets.name }}
+      - name: secrets
+        secret:
+          secretName: {{ .Values.secrets.name | default (printf "%s-secrets" (include "wassette.fullname" .)) }}
+          optional: {{ not .Values.secrets.create }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/deployment/helm/wassette/templates/hpa.yaml b/deployment/helm/wassette/templates/hpa.yaml
new file mode 100644
index 00000000..f06339cb
--- /dev/null
+++ b/deployment/helm/wassette/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "wassette.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/ingress.yaml b/deployment/helm/wassette/templates/ingress.yaml
new file mode 100644
index 00000000..8532be83
--- /dev/null
+++ b/deployment/helm/wassette/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "wassette.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/networkpolicy.yaml b/deployment/helm/wassette/templates/networkpolicy.yaml
new file mode 100644
index 00000000..1a736c3d
--- /dev/null
+++ b/deployment/helm/wassette/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "wassette.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Ingress
+  {{- if .Values.networkPolicy.egress }}
+  - Egress
+  {{- end }}
+  {{- with .Values.networkPolicy.ingress }}
+  ingress:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.networkPolicy.egress }}
+  egress:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/pdb.yaml b/deployment/helm/wassette/templates/pdb.yaml
new file mode 100644
index 00000000..eacc6b6c
--- /dev/null
+++ b/deployment/helm/wassette/templates/pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+  {{- end }}
+  {{- if .Values.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "wassette.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/pvc.yaml b/deployment/helm/wassette/templates/pvc.yaml
new file mode 100644
index 00000000..c611cf79
--- /dev/null
+++ b/deployment/helm/wassette/templates/pvc.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+  {{- with .Values.persistence.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  {{- if .Values.persistence.storageClassName }}
+  storageClassName: {{ .Values.persistence.storageClassName }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/secret.yaml b/deployment/helm/wassette/templates/secret.yaml
new file mode 100644
index 00000000..95e103a7
--- /dev/null
+++ b/deployment/helm/wassette/templates/secret.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.secrets.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secrets.name | default (printf "%s-secrets" (include "wassette.fullname" .)) }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- range $key, $value := .Values.secrets.data }}
+  {{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/templates/service.yaml b/deployment/helm/wassette/templates/service.yaml
new file mode 100644
index 00000000..7dcd7a65
--- /dev/null
+++ b/deployment/helm/wassette/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wassette.fullname" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "wassette.selectorLabels" . | nindent 4 }}
diff --git a/deployment/helm/wassette/templates/serviceaccount.yaml b/deployment/helm/wassette/templates/serviceaccount.yaml
new file mode 100644
index 00000000..96b5557c
--- /dev/null
+++ b/deployment/helm/wassette/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "wassette.serviceAccountName" . }}
+  labels:
+    {{- include "wassette.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/helm/wassette/values.yaml b/deployment/helm/wassette/values.yaml
new file mode 100644
index 00000000..5a48aa97
--- /dev/null
+++ b/deployment/helm/wassette/values.yaml
@@ -0,0 +1,205 @@
+# Default values for wassette Helm chart
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Number of Wassette replicas
+replicaCount: 1
+
+image:
+  # Docker image repository
+  repository: ghcr.io/microsoft/wassette
+  # Pull policy for the image
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion
+  tag: ""
+
+# Image pull secrets for private registries
+imagePullSecrets: []
+
+# Override the default name
+nameOverride: ""
+# Override the full name
+fullnameOverride: ""
+
+# Service account settings
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# Pod annotations
+podAnnotations: {}
+
+# Pod security context
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  fsGroup: 1000
+
+# Container security context
+securityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: false
+  capabilities:
+    drop:
+    - ALL
+
+# Service configuration
+service:
+  # Service type
+  type: ClusterIP
+  # Service port
+  port: 9001
+  # Target port on the container
+  targetPort: 9001
+  # Annotations for the service
+  annotations: {}
+
+# Ingress configuration
+ingress:
+  # Enable ingress
+  enabled: false
+  # Ingress class name
+  className: ""
+  # Ingress annotations
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # cert-manager.io/cluster-issuer: letsencrypt-prod
+  # Ingress hosts
+  hosts:
+    - host: wassette.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  # TLS configuration
+  tls: []
+  #  - secretName: wassette-tls
+  #    hosts:
+  #      - wassette.example.com
+
+# Resource limits and requests
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+# Liveness probe configuration
+livenessProbe:
+  httpGet:
+    path: /health
+    port: http
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 3
+
+# Readiness probe configuration
+readinessProbe:
+  httpGet:
+    path: /health
+    port: http
+  initialDelaySeconds: 10
+  periodSeconds: 5
+  timeoutSeconds: 3
+  failureThreshold: 3
+
+# Autoscaling configuration
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+# Node selector
+nodeSelector: {}
+
+# Tolerations
+tolerations: []
+
+# Affinity rules
+affinity: {}
+
+# Wassette-specific configuration
+wassette:
+  # Transport protocol: streamable-http, sse, or stdio
+  transport: streamable-http
+  
+  # Environment variables
+  env:
+    # Logging level: trace, debug, info, warn, error
+    RUST_LOG: "info"
+  
+  # Additional environment variables from secrets or configmaps
+  envFrom: []
+  # - secretRef:
+  #     name: wassette-secrets
+  # - configMapRef:
+  #     name: wassette-config
+
+# Persistent storage for components
+persistence:
+  # Enable persistent volume for components
+  enabled: false
+  # Storage class name
+  storageClassName: ""
+  # Access mode
+  accessMode: ReadWriteOnce
+  # Size of the volume
+  size: 1Gi
+  # Existing claim name (if you want to use an existing PVC)
+  existingClaim: ""
+  # Annotations for the PVC
+  annotations: {}
+
+# Secrets configuration
+secrets:
+  # Create a secret for API keys and credentials
+  create: false
+  # Secret name
+  name: ""
+  # Secret data (will be base64 encoded)
+  data: {}
+    # OPENWEATHER_API_KEY: "your-api-key"
+
+# ConfigMap for component configuration
+configMap:
+  # Create a configmap for component configuration
+  create: false
+  # ConfigMap name
+  name: wassette-config
+  # ConfigMap data
+  data: {}
+
+# Network policy configuration
+networkPolicy:
+  # Enable network policy
+  enabled: false
+  # Ingress rules
+  ingress:
+    # Allow ingress from specific namespaces
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            name: kagent
+      ports:
+      - protocol: TCP
+        port: 9001
+  # Egress rules
+  egress: []
+
+# Pod Disruption Budget
+podDisruptionBudget:
+  # Enable PDB
+  enabled: false
+  # Minimum available pods
+  minAvailable: 1
+  # Maximum unavailable pods
+  # maxUnavailable: 1
diff --git a/deployment/kubernetes/README.md b/deployment/kubernetes/README.md
new file mode 100644
index 00000000..d775b9d1
--- /dev/null
+++ b/deployment/kubernetes/README.md
@@ -0,0 +1,213 @@
+# Kubernetes Deployment for Wassette
+
+This directory contains Kubernetes manifests for deploying Wassette as an MCP server with streamable-http protocol.
+
+## Quick Start
+
+### Prerequisites
+
+- Kubernetes cluster (1.19+)
+- `kubectl` configured to access your cluster
+- (Optional) Docker registry access for custom images
+
+### Basic Deployment
+
+Deploy Wassette with default settings:
+
+```bash
+kubectl apply -f deployment.yaml
+```
+
+This creates:
+- A `wassette` namespace
+- A Deployment with 1 replica
+- A ClusterIP Service on port 9001
+
+### Verify Deployment
+
+Check the deployment status:
+
+```bash
+kubectl get pods -n wassette
+kubectl get svc -n wassette
+```
+
+View logs:
+
+```bash
+kubectl logs -n wassette deployment/wassette
+```
+
+### Access the Service
+
+From within the cluster:
+```
+http://wassette.wassette.svc.cluster.local:9001
+```
+
+For external access, use port-forwarding:
+```bash
+kubectl port-forward -n wassette svc/wassette 9001:9001
+```
+
+Then connect to `http://localhost:9001`
+
+## Configuration
+
+### Environment Variables
+
+You can customize Wassette behavior by modifying the `env` section in `deployment.yaml`:
+
+```yaml
+env:
+- name: RUST_LOG
+  value: "debug"  # Set log level: trace, debug, info, warn, error
+```
+
+### Secrets
+
+To provide API keys or other secrets to components:
+
+1. Create a secret:
+```bash
+kubectl create secret generic wassette-secrets \
+  -n wassette \
+  --from-literal=OPENWEATHER_API_KEY=your_api_key
+```
+
+2. The secret is automatically mounted at `/home/wassette/.config/wassette/secrets`
+
+### Persistent Component Storage
+
+To persist components across restarts, replace the `emptyDir` volume with a PersistentVolumeClaim:
+
+```yaml
+volumes:
+- name: components
+  persistentVolumeClaim:
+    claimName: wassette-components
+```
+
+Create the PVC:
+```bash
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wassette-components
+  namespace: wassette
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+EOF
+```
+
+## Advanced Configuration
+
+### Ingress
+
+To expose Wassette via Ingress:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wassette
+  namespace: wassette
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - host: wassette.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wassette
+            port:
+              number: 9001
+```
+
+### Resource Limits
+
+Adjust CPU and memory limits in the deployment:
+
+```yaml
+resources:
+  requests:
+    cpu: 200m
+    memory: 256Mi
+  limits:
+    cpu: 1000m
+    memory: 1Gi
+```
+
+### Multiple Replicas
+
+For high availability, increase replicas:
+
+```yaml
+spec:
+  replicas: 3
+```
+
+**Note:** When using multiple replicas, ensure components are loaded consistently across all pods, or use a shared volume for component storage.
+
+## Integration with Kagent
+
+Wassette can be integrated with [kagent](https://github.com/kagent-dev/kagent) as a remote MCP server. See [kagent-integration.md](kagent-integration.md) for details.
+
+## Troubleshooting
+
+### Pod not starting
+
+Check pod events:
+```bash
+kubectl describe pod -n wassette -l app=wassette
+```
+
+### Connection issues
+
+Verify the service endpoints:
+```bash
+kubectl get endpoints -n wassette wassette
+```
+
+Test connectivity from within the cluster:
+```bash
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Permission issues
+
+Ensure the pod is running as the correct user (UID 1000):
+```bash
+kubectl exec -it -n wassette deployment/wassette -- id
+```
+
+## Cleanup
+
+Remove all resources:
+
+```bash
+kubectl delete namespace wassette
+```
+
+Or just the deployment:
+
+```bash
+kubectl delete -f deployment.yaml
+```
+
+## Next Steps
+
+- Configure [Helm deployment](../helm/wassette/README.md) for production
+- Integrate with [kagent](kagent-integration.md)
+- Set up monitoring and observability
+- Configure network policies for security
diff --git a/deployment/kubernetes/deployment.yaml b/deployment/kubernetes/deployment.yaml
new file mode 100644
index 00000000..eeb4afce
--- /dev/null
+++ b/deployment/kubernetes/deployment.yaml
@@ -0,0 +1,110 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wassette
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wassette
+  namespace: wassette
+  labels:
+    app: wassette
+    component: mcp-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wassette
+  template:
+    metadata:
+      labels:
+        app: wassette
+        component: mcp-server
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 1000
+      containers:
+        - name: wassette
+          image: ghcr.io/microsoft/wassette:latest
+          imagePullPolicy: IfNotPresent
+          command: ["wassette", "serve", "--streamable-http"]
+          ports:
+            - containerPort: 9001
+              name: http
+              protocol: TCP
+          env:
+            - name: RUST_LOG
+              value: "info"
+            - name: HOME
+              value: "/home/wassette"
+            - name: XDG_DATA_HOME
+              value: "/home/wassette/.local/share"
+            - name: XDG_CONFIG_HOME
+              value: "/home/wassette/.config"
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 9001
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 9001
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
+          volumeMounts:
+            - name: components
+              mountPath: /home/wassette/.local/share/wassette/components
+              readOnly: false
+            - name: secrets
+              mountPath: /home/wassette/.config/wassette/secrets
+              readOnly: true
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: false
+            capabilities:
+              drop:
+                - ALL
+      volumes:
+        - name: components
+          emptyDir: {}
+        - name: secrets
+          secret:
+            secretName: wassette-secrets
+            optional: true
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wassette
+  namespace: wassette
+  labels:
+    app: wassette
+    component: mcp-server
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9001
+      targetPort: 9001
+      protocol: TCP
+      name: http
+  selector:
+    app: wassette
diff --git a/deployment/kubernetes/kagent-integration.md b/deployment/kubernetes/kagent-integration.md
new file mode 100644
index 00000000..fa087b08
--- /dev/null
+++ b/deployment/kubernetes/kagent-integration.md
@@ -0,0 +1,357 @@
+# Integrating Wassette with Kagent
+
+This guide explains how to integrate Wassette as a remote MCP server with [kagent](https://github.com/kagent-dev/kagent), a Kubernetes-native framework for building AI agents.
+
+## Overview
+
+Kagent supports connecting to remote MCP servers using the `RemoteMCPServer` custom resource. Wassette can be deployed as a remote MCP server that provides WebAssembly-based tools to kagent agents.
+
+## Architecture
+
+```
+┌─────────────────┐         ┌──────────────────┐         ┌─────────────────┐
+│  Kagent Agent   │ ◄─────► │  RemoteMCPServer │ ◄─────► │    Wassette     │
+│                 │         │   (Kubernetes    │         │   MCP Server    │
+│                 │         │      CRD)        │         │  (streamable-   │
+│                 │         │                  │         │      http)      │
+└─────────────────┘         └──────────────────┘         └─────────────────┘
+                                                                  │
+                                                                  ▼
+                                                          ┌─────────────────┐
+                                                          │  WebAssembly    │
+                                                          │   Components    │
+                                                          └─────────────────┘
+```
+
+## Prerequisites
+
+1. **Kagent installed** on your Kubernetes cluster
+   - Follow the [kagent installation guide](https://kagent.dev/docs/kagent/introduction/installation)
+
+2. **Wassette deployed** in the same cluster
+   - Use the Kubernetes deployment or Helm chart from this repository
+
+3. **kubectl configured** to access your cluster
+
+## Deployment Options
+
+### Option 1: Deploy Wassette in the Same Namespace as Kagent
+
+If deploying in the `kagent` namespace:
+
+```bash
+# Deploy Wassette to the kagent namespace
+kubectl apply -f deployment.yaml -n kagent
+```
+
+Modify `deployment.yaml` to remove the namespace creation and use `kagent` namespace instead.
+
+### Option 2: Deploy Wassette in a Separate Namespace
+
+Deploy Wassette in its own namespace and access it via service DNS:
+
+```bash
+# Deploy to wassette namespace
+kubectl apply -f deployment.yaml
+```
+
+The service will be accessible at: `http://wassette.wassette.svc.cluster.local:9001`
+
+## Creating a RemoteMCPServer Resource
+
+Create a `RemoteMCPServer` custom resource to connect kagent to Wassette:
+
+```yaml
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+spec:
+  description: "Wassette MCP server providing WebAssembly-based tools"
+  protocol: STREAMABLE_HTTP
+  url: "http://wassette.wassette.svc.cluster.local:9001"
+  timeout: "30s"
+  terminateOnClose: true
+```
+
+Apply the resource:
+
+```bash
+kubectl apply -f wassette-remotemcp.yaml
+```
+
+### If Wassette is in the Same Namespace
+
+```yaml
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+spec:
+  description: "Wassette MCP server providing WebAssembly-based tools"
+  protocol: STREAMABLE_HTTP
+  url: "http://wassette:9001"
+  timeout: "30s"
+  terminateOnClose: true
+```
+
+## Verifying the Integration
+
+1. Check the RemoteMCPServer status:
+
+```bash
+kubectl get remotemcpservers -n kagent
+kubectl describe remotemcpserver wassette-mcp -n kagent
+```
+
+Expected output:
+```
+Name:         wassette-mcp
+Namespace:    kagent
+Protocol:     STREAMABLE_HTTP
+URL:          http://wassette.wassette.svc.cluster.local:9001
+Accepted:     True
+```
+
+2. Check discovered tools:
+
+```bash
+kubectl get remotemcpserver wassette-mcp -n kagent -o jsonpath='{.status.discoveredTools}' | jq
+```
+
+This should list all tools available from Wassette's loaded components.
+
+## Using Wassette Tools in Kagent Agents
+
+Once the RemoteMCPServer is configured, you can reference Wassette tools in your Agent definitions:
+
+```yaml
+apiVersion: kagent.dev/v1alpha2
+kind: Agent
+metadata:
+  name: my-agent
+  namespace: kagent
+spec:
+  systemPrompt: "You are a helpful assistant with access to web fetching capabilities."
+  modelConfigRef:
+    name: default-model
+  toolServers:
+  - name: wassette-mcp
+    tools:
+    - fetch  # Tool provided by Wassette's fetch-rs component
+```
+
+## Loading Components into Wassette
+
+Wassette can load WebAssembly components from OCI registries. To make tools available to kagent:
+
+1. Use the Wassette MCP interface to load components
+2. Or pre-load components by mounting them as volumes
+
+### Pre-loading Components
+
+Modify the Wassette deployment to include components:
+
+```yaml
+spec:
+  template:
+    spec:
+      containers:
+      - name: wassette
+        volumeMounts:
+        - name: components
+          mountPath: /home/wassette/.local/share/wassette/components
+        - name: fetch-component
+          mountPath: /home/wassette/.local/share/wassette/components/fetch-rs
+          readOnly: true
+      volumes:
+      - name: components
+        emptyDir: {}
+      - name: fetch-component
+        configMap:
+          name: fetch-rs-component
+```
+
+## Example: Deploying Wassette with Fetch Component
+
+1. Build the fetch-rs component:
+
+```bash
+cd examples/fetch-rs
+cargo build --release --target wasm32-wasip2
+```
+
+2. Create a ConfigMap with the component:
+
+```bash
+kubectl create configmap fetch-rs-component \
+  -n wassette \
+  --from-file=fetch_rs.wasm=target/wasm32-wasip2/release/fetch_rs.wasm
+```
+
+3. Update the deployment to mount the component
+
+4. Create the RemoteMCPServer resource
+
+5. Use the tool in a kagent Agent
+
+## Advanced Configuration
+
+### Authentication with Headers
+
+If Wassette requires authentication headers:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wassette-auth
+  namespace: kagent
+type: Opaque
+stringData:
+  api-key: "your-secret-api-key"
+---
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+spec:
+  description: "Wassette MCP server with authentication"
+  protocol: STREAMABLE_HTTP
+  url: "http://wassette.wassette.svc.cluster.local:9001"
+  headersFrom:
+  - name: "Authorization"
+    valueFrom:
+      type: Secret
+      name: wassette-auth
+      key: api-key
+```
+
+### Custom Timeouts
+
+Adjust timeouts for long-running tools:
+
+```yaml
+spec:
+  timeout: "120s"
+  sseReadTimeout: "60s"
+```
+
+## Network Policies
+
+For security, restrict network access to Wassette:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: wassette-access
+  namespace: wassette
+spec:
+  podSelector:
+    matchLabels:
+      app: wassette
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          name: kagent
+    ports:
+    - protocol: TCP
+      port: 9001
+```
+
+## Troubleshooting
+
+### RemoteMCPServer shows Accepted: False
+
+Check the status conditions:
+```bash
+kubectl describe remotemcpserver wassette-mcp -n kagent
+```
+
+Common issues:
+- URL is not accessible from kagent namespace
+- Protocol mismatch (ensure using STREAMABLE_HTTP)
+- Wassette pod is not running
+
+### No tools discovered
+
+Verify Wassette has components loaded:
+```bash
+kubectl logs -n wassette deployment/wassette
+```
+
+Test the endpoint directly:
+```bash
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n kagent -- \
+  curl -X POST http://wassette.wassette.svc.cluster.local:9001 \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc": "2.0", "method": "tools/list", "id": 1}'
+```
+
+### Agent cannot use Wassette tools
+
+Check agent logs:
+```bash
+kubectl logs -n kagent -l kagent.dev/agent=my-agent
+```
+
+Verify the tool name matches the component's exported tool name.
+
+## Complete Example
+
+A complete example combining Wassette deployment, RemoteMCPServer, and Agent:
+
+```bash
+# 1. Deploy Wassette
+kubectl apply -f deployment/kubernetes/deployment.yaml
+
+# 2. Create RemoteMCPServer
+kubectl apply -f - <<EOF
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+spec:
+  description: "Wassette WebAssembly MCP Server"
+  protocol: STREAMABLE_HTTP
+  url: "http://wassette.wassette.svc.cluster.local:9001"
+  timeout: "30s"
+EOF
+
+# 3. Verify connection
+kubectl wait --for=condition=Accepted remotemcpserver/wassette-mcp -n kagent --timeout=60s
+
+# 4. Create an agent that uses Wassette
+kubectl apply -f - <<EOF
+apiVersion: kagent.dev/v1alpha2
+kind: Agent
+metadata:
+  name: wasm-agent
+  namespace: kagent
+spec:
+  systemPrompt: "You have access to WebAssembly-based tools via Wassette."
+  modelConfigRef:
+    name: default-model
+  toolServers:
+  - name: wassette-mcp
+EOF
+```
+
+## Resources
+
+- [Kagent Documentation](https://kagent.dev/docs/kagent)
+- [Wassette Documentation](https://microsoft.github.io/wassette)
+- [MCP Protocol Specification](https://modelcontextprotocol.io/)
+- [Kagent RemoteMCPServer API Reference](https://kagent.dev/docs/kagent/api-reference/remotemcpserver)
+
+## Contributing
+
+Found an issue with this integration? Please report it on the [Wassette GitHub repository](https://github.com/microsoft/wassette/issues).
diff --git a/deployment/kubernetes/wassette-remotemcp.yaml b/deployment/kubernetes/wassette-remotemcp.yaml
new file mode 100644
index 00000000..6aa4254d
--- /dev/null
+++ b/deployment/kubernetes/wassette-remotemcp.yaml
@@ -0,0 +1,43 @@
+---
+# Example RemoteMCPServer resource for integrating Wassette with Kagent
+# This resource tells Kagent how to connect to a Wassette MCP server
+apiVersion: kagent.dev/v1alpha2
+kind: RemoteMCPServer
+metadata:
+  name: wassette-mcp
+  namespace: kagent
+  labels:
+    app: wassette
+    component: mcp-server
+spec:
+  # Human-readable description of this MCP server
+  description: "Wassette MCP server providing secure WebAssembly-based tools"
+
+  # Protocol to use for communication
+  # Wassette supports both SSE and STREAMABLE_HTTP
+  # STREAMABLE_HTTP is recommended for better performance
+  protocol: STREAMABLE_HTTP
+
+  # URL of the Wassette service
+  # Use the full service DNS name if Wassette is in a different namespace
+  # Format: http://<service-name>.<namespace>.svc.cluster.local:<port>
+  url: "http://wassette.wassette.svc.cluster.local:9001"
+
+  # Optional: Timeout for requests to the MCP server
+  timeout: "30s"
+
+  # Optional: Close the MCP server connection when the agent disconnects
+  terminateOnClose: true
+
+  # Optional: Timeout for SSE reads (only relevant if using SSE protocol)
+  # sseReadTimeout: "60s"
+
+  # Optional: Custom headers for authentication or other purposes
+  # headersFrom:
+  # - name: "Authorization"
+  #   value: "Bearer token"
+  # - name: "X-API-Key"
+  #   valueFrom:
+  #     type: Secret
+  #     name: wassette-auth
+  #     key: api-key
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 55025d72..bb8fa0b9 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -10,6 +10,7 @@
 # Deployment
 
 - [Docker](./deployment/docker.md)
+- [Kubernetes](./deployment/kubernetes.md)
 - [Operations](./deployment/operations.md)
 
 # Developer Guide
diff --git a/docs/deployment/kubernetes.md b/docs/deployment/kubernetes.md
new file mode 100644
index 00000000..cd0adb6d
--- /dev/null
+++ b/docs/deployment/kubernetes.md
@@ -0,0 +1,351 @@
+# Kubernetes Deployment
+
+This guide covers deploying Wassette on Kubernetes clusters, including integration with the [kagent](https://github.com/kagent-dev/kagent) framework.
+
+## Overview
+
+Wassette can be deployed to Kubernetes using either:
+- **Raw Kubernetes manifests** - For simple deployments
+- **Helm charts** - For production deployments with advanced features
+
+Both deployment methods are production-ready and include security best practices.
+
+## Quick Start
+
+### Using Kubernetes Manifests
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/microsoft/wassette/main/deployment/kubernetes/deployment.yaml
+```
+
+This creates a namespace, deployment, and service for Wassette.
+
+### Using Helm Chart
+
+```bash
+# From the repository root
+helm install wassette deployment/helm/wassette/ \
+  --namespace wassette \
+  --create-namespace
+```
+
+## Deployment Options
+
+### Kubernetes Manifests
+
+**Location**: [`deployment/kubernetes/`](https://github.com/microsoft/wassette/tree/main/deployment/kubernetes)
+
+Simple YAML-based deployment suitable for:
+- Quick deployments
+- Development and testing
+- When you need full control over YAML
+- Simple production deployments
+
+[View detailed guide →](https://github.com/microsoft/wassette/blob/main/deployment/kubernetes/README.md)
+
+### Helm Chart
+
+**Location**: [`deployment/helm/wassette/`](https://github.com/microsoft/wassette/tree/main/deployment/helm/wassette)
+
+Production-ready Helm chart with:
+- Autoscaling (HPA)
+- Ingress configuration
+- Network policies
+- Persistent storage
+- Pod disruption budgets
+- ConfigMaps and Secrets management
+
+[View detailed guide →](https://github.com/microsoft/wassette/blob/main/deployment/helm/wassette/README.md)
+
+## Integration with Kagent
+
+Wassette integrates seamlessly with [kagent](https://github.com/kagent-dev/kagent), a Kubernetes-native framework for building AI agents. Kagent uses the `RemoteMCPServer` custom resource to connect to MCP servers like Wassette.
+
+### Architecture
+
+```
+┌─────────────────┐         ┌──────────────────┐         ┌─────────────────┐
+│  Kagent Agent   │ ◄─────► │  RemoteMCPServer │ ◄─────► │    Wassette     │
+│                 │         │   (Kubernetes    │         │   MCP Server    │
+│                 │         │      CRD)        │         │  (streamable-   │
+│                 │         │                  │         │      http)      │
+└─────────────────┘         └──────────────────┘         └─────────────────┘
+                                                                  │
+                                                                  ▼
+                                                          ┌─────────────────┐
+                                                          │  WebAssembly    │
+                                                          │   Components    │
+                                                          └─────────────────┘
+```
+
+### Quick Integration
+
+1. **Deploy Wassette**:
+   ```bash
+   kubectl apply -f https://raw.githubusercontent.com/microsoft/wassette/main/deployment/kubernetes/deployment.yaml
+   ```
+
+2. **Create RemoteMCPServer resource**:
+   ```bash
+   kubectl apply -f https://raw.githubusercontent.com/microsoft/wassette/main/deployment/kubernetes/wassette-remotemcp.yaml
+   ```
+
+3. **Verify connection**:
+   ```bash
+   kubectl get remotemcpservers -n kagent
+   kubectl describe remotemcpserver wassette-mcp -n kagent
+   ```
+
+4. **Use in an Agent**:
+   ```yaml
+   apiVersion: kagent.dev/v1alpha2
+   kind: Agent
+   metadata:
+     name: my-agent
+     namespace: kagent
+   spec:
+     systemPrompt: "You have access to WebAssembly-based tools."
+     modelConfigRef:
+       name: default-model
+     toolServers:
+       - name: wassette-mcp
+   ```
+
+[Complete integration guide →](https://github.com/microsoft/wassette/blob/main/deployment/kubernetes/kagent-integration.md)
+
+## Transport Protocols
+
+Wassette supports multiple MCP transport protocols in Kubernetes:
+
+### Streamable HTTP (Recommended)
+
+Default transport for Kubernetes deployments. Best performance and compatibility with kagent.
+
+```bash
+# Service URL
+http://wassette.wassette.svc.cluster.local:9001
+```
+
+### SSE (Server-Sent Events)
+
+Alternative HTTP-based transport:
+
+```bash
+# With Helm
+helm install wassette deployment/helm/wassette/ \
+  --set wassette.transport=sse
+
+# Service URL
+http://wassette.wassette.svc.cluster.local:9001/sse
+```
+
+## Configuration
+
+### Resource Limits
+
+Adjust CPU and memory limits for your workload:
+
+```bash
+# Using Helm
+helm install wassette deployment/helm/wassette/ \
+  --set resources.requests.cpu=200m \
+  --set resources.requests.memory=256Mi \
+  --set resources.limits.cpu=1000m \
+  --set resources.limits.memory=1Gi
+```
+
+### Persistent Storage
+
+Enable persistent storage for components:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --set persistence.enabled=true \
+  --set persistence.size=5Gi
+```
+
+### Secrets
+
+Provide API keys and credentials:
+
+```bash
+# Create a values file
+cat > values.yaml <<EOF
+secrets:
+  create: true
+  data:
+    OPENWEATHER_API_KEY: "your-api-key"
+    GITHUB_TOKEN: "your-token"
+EOF
+
+# Install with secrets
+helm install wassette deployment/helm/wassette/ \
+  --values values.yaml
+```
+
+## High Availability
+
+Deploy Wassette with high availability:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --set replicaCount=3 \
+  --set autoscaling.enabled=true \
+  --set autoscaling.minReplicas=2 \
+  --set autoscaling.maxReplicas=5 \
+  --set podDisruptionBudget.enabled=true
+```
+
+## Network Access
+
+### Internal (Cluster-Only)
+
+Wassette is accessible within the cluster at:
+
+```
+http://wassette.wassette.svc.cluster.local:9001
+```
+
+Or from the same namespace:
+
+```
+http://wassette:9001
+```
+
+### External Access via Port Forwarding
+
+For development:
+
+```bash
+kubectl port-forward -n wassette svc/wassette 9001:9001
+```
+
+Then access at `http://localhost:9001`
+
+### External Access via Ingress
+
+For production:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --set ingress.enabled=true \
+  --set ingress.className=nginx \
+  --set ingress.hosts[0].host=wassette.example.com
+```
+
+## Monitoring
+
+### Health Checks
+
+Check the health endpoint:
+
+```bash
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Logs
+
+View logs:
+
+```bash
+# Current logs
+kubectl logs -n wassette deployment/wassette
+
+# Follow logs
+kubectl logs -n wassette deployment/wassette -f
+
+# All replicas
+kubectl logs -n wassette -l app.kubernetes.io/name=wassette --all-containers
+```
+
+### Metrics
+
+Set log level:
+
+```bash
+# Using Helm
+helm upgrade wassette deployment/helm/wassette/ \
+  --set wassette.env.RUST_LOG=debug
+
+# Using kubectl
+kubectl set env -n wassette deployment/wassette RUST_LOG=debug
+```
+
+## Security
+
+### Security Features
+
+Both deployment methods include:
+- Non-root user (UID 1000)
+- Dropped Linux capabilities
+- Security context configuration
+- Resource limits
+- Health checks
+
+### Network Policies
+
+Enable network policies to restrict traffic:
+
+```bash
+helm install wassette deployment/helm/wassette/ \
+  --set networkPolicy.enabled=true
+```
+
+### Read-Only Secrets
+
+Secrets are always mounted as read-only for security.
+
+## Troubleshooting
+
+### Pod Not Starting
+
+```bash
+kubectl get pods -n wassette
+kubectl describe pod -n wassette -l app.kubernetes.io/name=wassette
+kubectl logs -n wassette deployment/wassette
+```
+
+### Service Not Accessible
+
+```bash
+# Check endpoints
+kubectl get endpoints -n wassette wassette
+
+# Test from within cluster
+kubectl run -it --rm debug --image=curlimages/curl --restart=Never -n wassette -- \
+  curl http://wassette:9001/health
+```
+
+### Kagent Integration Issues
+
+See the [kagent integration troubleshooting guide](https://github.com/microsoft/wassette/blob/main/deployment/kubernetes/kagent-integration.md#troubleshooting).
+
+## Comparison: Manifests vs Helm
+
+| Feature | Kubernetes Manifests | Helm Chart |
+|---------|---------------------|------------|
+| Ease of Setup | ✅ Very Simple | ⚠️ Requires Helm |
+| Customization | ✅ Direct YAML | ✅ Values-based |
+| Upgrades | ⚠️ Manual | ✅ helm upgrade |
+| Rollbacks | ❌ Manual | ✅ helm rollback |
+| Autoscaling | ❌ Not included | ✅ Built-in |
+| Ingress | ❌ Not included | ✅ Built-in |
+| Persistent Storage | ⚠️ Manual | ✅ Built-in |
+| Network Policies | ❌ Not included | ✅ Built-in |
+| Production Ready | ⚠️ Basic | ✅ Full features |
+
+## Next Steps
+
+- 📖 [Kubernetes Deployment Guide](https://github.com/microsoft/wassette/blob/main/deployment/kubernetes/README.md)
+- 📦 [Helm Chart Documentation](https://github.com/microsoft/wassette/blob/main/deployment/helm/wassette/README.md)
+- 🔗 [Kagent Integration Guide](https://github.com/microsoft/wassette/blob/main/deployment/kubernetes/kagent-integration.md)
+- 🐳 [Docker](./docker.md)
+- 🚀 [Operations Guide](./operations.md)
+
+## Resources
+
+- [Kagent Documentation](https://kagent.dev/docs/kagent)
+- [Model Context Protocol](https://modelcontextprotocol.io/)
+- [Kubernetes Documentation](https://kubernetes.io/docs/)
+- [Helm Documentation](https://helm.sh/docs/)