feat: Implement MCP (Model Context Protocol) resource and controller with RBAC roles (#12)

* feat: Implement MCP (Model Context Protocol) resource and controller with RBAC roles

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* feat: Add MCP server configuration with namespace and specifications

Would be cool to just have a side-car container that ensures those STDIO MCP servers can also support SSE or any streamable HTTP.

Some MCPs supports only STDIO. which makes it complex to connect to in a containerized environment. Meaning you would normally have to create a custom bridge (web server) that sends a command to the internal process - not ideal, but it-is what it-is.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Update MCP image reference to use the correct repository

I'm not going to host those servers registry, I think it would be easier to just use the existing ones.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Ensure consistent TLS secret name in MCP ingress configuration

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* feat: Enhance MCP configuration with server, bridge, ingress, and TLS specifications

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* feat: Add Horizontal Pod Autoscaler (HPA) configuration for MCP server

- Introduced HPA configuration under the MCP server spec, allowing for dynamic scaling based on defined metrics.
- Added properties for scaling behavior, including scaleUp and scaleDown policies, stabilization windows, and metrics specifications.
- Updated image and replicas fields to provide defaults and descriptions for better clarity.
- Removed deprecated ingress configuration and replaced it with HPA-specific settings to streamline deployment management.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: WIP - update import statements and logger usage in MCP controller

I think I should stick to standard MCP using node life time support server, and if the user wants they can configure their own container image, this allows more flexibility. Depending on what's configured option is used the package will take precedence over the image.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Start with implementing the official way of running MCP servers, then will switch to custom MCPs

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Remove unused ingress configuration from MCP server YAML

I think ingress doesn't make a lot of sense in the context of MCP, normally those are server you would like to run internally. I don't think there is a use-case to expose it to the outside world.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Remove unnecessary comment in shouldWatchNamespace function

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* test: Add basic tests

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* fix: Remove unnecessary variable declaration in MCP controller test

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* refactor: Simplify fields

Building a generic bridge for all Stdio servers is too complex. I'll just create a registry for MCP servers written in golang so people can pull them.

Will add the essential ones like filesystem context7. Just need to build those containers and push them to registry so it's possible to pull them and run them as a streamable http that supports also https.

I think the default npx -y with the modelcontext protocol lake of production settings.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* feat: Enhance MCP Controller Tests and CRD Definitions

- Refactored MCP controller tests to use DescribeTable for better organization and readability.
- Added additional test cases for various reconciliation scenarios, including handling of HPA and service reconciliation.
- Updated CRD definitions to include additional printer columns for MCP resources, displaying the URL of the MCP server and the resource age.
- Modified the schema to support an array type for the command field in the MCP spec.
- Added a new field in the status to store the URL of the MCP server.

Signed-off-by: Eden Reich <eden.reich@gmail.com>

* chore: Update test coverage badge to reflect current coverage

Signed-off-by: Eden Reich <eden.reich@gmail.com>

---------

Signed-off-by: Eden Reich <eden.reich@gmail.com>

Author: edenreich

PROJECT

@@ -4,26 +4,35 @@
 # More info: https://book.kubebuilder.io/reference/project-config.html
 domain: inference-gateway.com
 layout:
-  - go.kubebuilder.io/v4
+- go.kubebuilder.io/v4
 projectName: operator
 repo: github.com/inference-gateway/operator
 resources:
-  - api:
-      crdVersion: v1
-      namespaced: true
-    controller: true
-    domain: inference-gateway.com
-    group: core
-    kind: Gateway
-    path: github.com/inference-gateway/operator/api/v1alpha1
-    version: v1alpha1
-  - api:
-      crdVersion: v1
-      namespaced: true
-    controller: true
-    domain: inference-gateway.com
-    group: core
-    kind: A2A
-    path: github.com/inference-gateway/operator/api/v1alpha1
-    version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: inference-gateway.com
+  group: core
+  kind: Gateway
+  path: github.com/inference-gateway/operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: inference-gateway.com
+  group: core
+  kind: A2A
+  path: github.com/inference-gateway/operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: inference-gateway.com
+  group: core
+  kind: MCP
+  path: github.com/inference-gateway/operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

README.md

@@ -17,7 +17,7 @@
 [![Container Registry](https://img.shields.io/badge/Container-ghcr.io-blue.svg?style=flat-square&logo=github)](https://github.com/inference-gateway/operator/pkgs/container/operator)
 [![Multi-Arch](https://img.shields.io/badge/Architecture-amd64%20%7C%20arm64-green?style=flat-square)](https://github.com/inference-gateway/operator/releases)
 [![Build Status](https://img.shields.io/badge/Build-Passing-brightgreen.svg?style=flat-square)](https://github.com/inference-gateway/operator)
-[![Tests](https://img.shields.io/badge/Tests-65.1%25%20Coverage-yellow.svg?style=flat-square)](https://github.com/inference-gateway/operator)
+[![Tests](https://img.shields.io/badge/Tests-66%25%20Coverage-yellow.svg?style=flat-square)](https://github.com/inference-gateway/operator)
 [![Lint](https://img.shields.io/badge/Lint-Passing-brightgreen.svg?style=flat-square)](https://golangci-lint.run/)
 
 ---

api/v1alpha1/gateway_types.go

@@ -67,7 +67,7 @@ type GatewaySpec struct {
 
 	// MCP (Model Context Protocol) configuration
 	// +optional
-	MCP *MCPSpec `json:"mcp,omitempty"`
+	MCP *MCPServersSpec `json:"mcp,omitempty"`
 
 	// A2A (Agent-to-Agent) configuration
 	// +optional
@@ -272,8 +272,8 @@ type ProviderSpec struct {
 	Env *[]corev1.EnvVar `json:"env,omitempty"`
 }
 
-// MCPSpec contains Model Context Protocol configuration
-type MCPSpec struct {
+// MCPServersSpec contains Model Context Protocol configuration
+type MCPServersSpec struct {
 	// Enable MCP integration
 	// +optional
 	// +kubebuilder:default=false

api/v1alpha1/mcp_types.go

@@ -0,0 +1,144 @@
+/*
+Copyright (c) 2025 Inference Gateway
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// MCPSpec defines the desired state of MCP.
+type MCPSpec struct {
+	// Replicas is the number of replicas for the MCP server.
+	// +kubebuilder:default=1
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+
+	// Image is the container image to use for the MCP server.
+	// +optional
+	// +kubebuilder:default="node:lts"
+	Image string `json:"image,omitempty"`
+
+	// Server defines the configuration for the MCP server.
+	// +optional
+	Server *MCPServerSpec `json:"server,omitempty"`
+
+	// HPA defines the Horizontal Pod Autoscaler configuration for the MCP server.
+	// +optional
+	HPA *HPASpec `json:"hpa,omitempty"`
+}
+
+type MCPBridgeSpec struct {
+	// Create indicates whether to create a bridge sidecar container.
+	// +kubebuilder:default=true
+	// +optional
+	Create bool `json:"create,omitempty"`
+
+	// Port is the port on which the bridge listens.
+	// +kubebuilder:default=8081
+	// +optional
+	Port int32 `json:"port,omitempty"`
+}
+
+type MCPServerSpec struct {
+	// Port is the port on which the MCP server listens.
+	// +kubebuilder:default=8080
+	// +optional
+	Port int32 `json:"port,omitempty"`
+
+	// Command is the command to run the MCP server.
+	// If not specified, the default command will be used.
+	// +optional
+	Command []string `json:"command,omitempty"`
+
+	// Args are the arguments to pass to the MCP server command.
+	// If not specified, the default arguments will be used.
+	// +optional
+	Args []string `json:"args,omitempty"`
+
+	// Timeout is the timeout for the MCP server.
+	// +kubebuilder:default="30s"
+	// +optional
+	Timeout string `json:"timeout,omitempty"`
+
+	// TLS defines the TLS configuration for the MCP server.
+	// +optional
+	TLS *MCPTLSConfig `json:"tls,omitempty"`
+}
+
+type MCPTLSConfig struct {
+	// +optional
+	// +kubebuilder:default=true
+	// Enabled indicates whether TLS is enabled for the MCP server.
+	Enabled bool `json:"enabled,omitempty"`
+
+	// SecretName is the name of the secret that contains the TLS certificate and key.
+	// +kubebuilder:validation:Required
+	SecretName string `json:"secretName"`
+}
+
+// MCPStatus defines the observed state of MCP.
+type MCPStatus struct {
+	// ObservedGeneration is the most recent generation observed for this resource.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// Conditions represent the latest available observations of the resource's state.
+	// +optional
+	// +kubebuilder:validation:Enum=Pending;Running;Failed;Unknown
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// Ready indicates if the resource is ready.
+	// +optional
+	Ready bool `json:"ready,omitempty"`
+
+	// URL is the URL of the MCP server.
+	// +optional
+	URL string `json:"url,omitempty"`
+}
+
+// +kubebuilder:printcolumn:name="URL",type=string,JSONPath=".status.url",description="URL of the MCP server"
+// +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp",description="Age of the resource"
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// MCP is the Schema for the mcps API.
+type MCP struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   MCPSpec   `json:"spec,omitempty"`
+	Status MCPStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// MCPList contains a list of MCP.
+type MCPList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []MCP `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&MCP{}, &MCPList{})
+}