mcp: relaxes the tight backendRef count limit on MCPRoute (envoyproxy#1284)

**Description**
Previously, MCPRoute corresponded to one generated HTTPRoute where rules
contain one rule per backendref in the original MCPRoute. Since
HTTPRoute has the tight limit on the number of rules that can be defined
in one HTTPRoute, we had to limit the number of backendRefs on MCPRoute.
The limit is 16 rules per route, so it is a bit inconvenient given that
one might want to define more than 20+ tools from multiple backends
though generally it's recommended to have less than 30 tools.
This mitigates such limitation by simply generating HTTPRoute per
backendRef in MCPRoute, so that we will never hit the hard limit by
HTTPRoute when adding more backends.

---------

Signed-off-by: Takeshi Yoneda <[email protected]>
Signed-off-by: Hrushikesh Patil <[email protected]>

Author: mathetake

api/v1alpha1/mcp_route.go

@@ -77,7 +77,7 @@ type MCPRouteSpec struct {
 	//
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=32
+	// +kubebuilder:validation:MaxItems=256
 	// +kubebuilder:validation:XValidation:rule="self.all(i, self.exists_one(j, j.name == i.name))", message="all backendRefs names must be unique"
 	BackendRefs []MCPRouteBackendRef `json:"backendRefs"`
 

examples/mcp/README.md

@@ -237,13 +237,13 @@ Once you have everything running you can start the agent by passing a prompt fil
 into the terminal.
 
 ```shell
-$ uv run --exact -q --env-file <environment file>> agent.py /path/to/prompt.txt
+$ uv run --exact -q --env-file .env agent.py /path/to/prompt.txt
 ```
 
 or
 
 ```shell
-$ uv run --exact -q --env-file <environment file>> agent.py <<EOF
+$ uv run --exact -q --env-file .env agent.py << EOF
 > your prompt here
 EOF
 ```

internal/controller/mcp_route.go

@@ -93,18 +93,85 @@ func (c *MCPRouteController) syncMCPRoute(ctx context.Context, mcpRoute *aigv1a1
 	if err := c.ensureMCPProxyBackend(ctx, mcpRoute); err != nil {
 		return fmt.Errorf("failed to ensure MCP proxy Backend: %w", err)
 	}
-
-	// Check if the HTTPRoute exists.
-	httpRouteName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name
 	c.logger.Info("Syncing MCPRoute", "namespace", mcpRoute.Namespace, "name", mcpRoute.Name)
-	var httpRoute gwapiv1.HTTPRoute
-	err := c.client.Get(ctx, client.ObjectKey{Name: httpRouteName, Namespace: mcpRoute.Namespace}, &httpRoute)
-	existingRoute := err == nil
+
+	// First, we create or update the main HTTPRoute that routes to the MCP proxy.
+	// The main HTTPRoutes will not be "moved" into the MCP Backend listener in the extension server.
+	mainHTTPRouteName := internalapi.MCPMainHTTPRoutePrefix + mcpRoute.Name
+	mainHTTPRoute, existing, err := c.getOrNewHTTPRouteRoute(ctx, mcpRoute, mainHTTPRouteName)
+	if err != nil {
+		return fmt.Errorf("failed to get or create HTTPRoute: %w", err)
+	}
+	if err = c.newMainHTTPRoute(mainHTTPRoute, mcpRoute); err != nil {
+		return fmt.Errorf("failed to construct a new HTTPRoute: %w", err)
+	}
+
+	// Create or Update the main HTTPRoute.
+	if err = c.createOrUpdateHTTPRoute(ctx, mainHTTPRoute, existing); err != nil {
+		return fmt.Errorf("failed to create or update HTTPRoute: %w", err)
+	}
+
+	// Then, build HTTPRoute for each backend in the MCPRoute to avoid the hard limit of 16 Rules per HTTPRoute.
+	// The route here will be moved to the backend listener in the extension server behind the MCP Proxy.
+	//
+	// Each backend will have its own rule that matches the internalapi.MCPBackendHeader set by the MCP proxy.
+	// This allows the MCP proxy to route requests to the correct backend based on the header.
+	for i := range mcpRoute.Spec.BackendRefs {
+		ref := &mcpRoute.Spec.BackendRefs[i]
+		name := mcpPerBackendRefHTTPRouteName(mcpRoute.Name, ref.Name)
+		var httpRoute *gwapiv1.HTTPRoute
+		httpRoute, existing, err = c.getOrNewHTTPRouteRoute(ctx, mcpRoute, name)
+		if err != nil {
+			return fmt.Errorf("failed to get or create HTTPRoute: %w", err)
+		}
+		if err = c.newPerBackendRefHTTPRoute(ctx, httpRoute, mcpRoute, ref); err != nil {
+			return fmt.Errorf("failed to construct a new HTTPRoute for backend %s: %w", ref.Name, err)
+		}
+		if err = c.createOrUpdateHTTPRoute(ctx, httpRoute, existing); err != nil {
+			return fmt.Errorf("failed to create or update HTTPRoute for backend %s: %w", ref.Name, err)
+		}
+	}
+
+	// Reconciles MCPRouteSecurityPolicy and creates/updates its associated envoy gateway resources.
+	if err = c.syncMCPRouteSecurityPolicy(ctx, mcpRoute, mainHTTPRouteName); err != nil {
+		return fmt.Errorf("failed to sync MCP route security policy: %w", err)
+	}
+
+	err = c.syncGateways(ctx, mcpRoute)
+	if err != nil {
+		return fmt.Errorf("failed to sync gw pods: %w", err)
+	}
+	return nil
+}
+
+func mcpPerBackendRefHTTPRouteName(mcpRouteName string, backendName gwapiv1.ObjectName) string {
+	return fmt.Sprintf("%s%s-%s", internalapi.MCPPerBackendRefHTTPRoutePrefix, mcpRouteName, backendName)
+}
+
+func (c *MCPRouteController) createOrUpdateHTTPRoute(ctx context.Context, httpRoute *gwapiv1.HTTPRoute, update bool) error {
+	if update {
+		c.logger.Info("Updating HTTPRoute", "namespace", httpRoute.Namespace, "name", httpRoute.Name)
+		if err := c.client.Update(ctx, httpRoute); err != nil {
+			return fmt.Errorf("failed to update HTTPRoute: %w", err)
+		}
+	} else {
+		c.logger.Info("Creating HTTPRoute", "namespace", httpRoute.Namespace, "name", httpRoute.Name)
+		if err := c.client.Create(ctx, httpRoute); err != nil {
+			return fmt.Errorf("failed to create HTTPRoute: %w", err)
+		}
+	}
+	return nil
+}
+
+func (c *MCPRouteController) getOrNewHTTPRouteRoute(ctx context.Context, mcpRoute *aigv1a1.MCPRoute, routeName string) (*gwapiv1.HTTPRoute, bool, error) {
+	httpRoute := &gwapiv1.HTTPRoute{}
+	err := c.client.Get(ctx, client.ObjectKey{Name: routeName, Namespace: mcpRoute.Namespace}, httpRoute)
+	existing := err == nil
 	if apierrors.IsNotFound(err) {
 		// This means that this MCPRoute is a new one.
-		httpRoute = gwapiv1.HTTPRoute{
+		httpRoute = &gwapiv1.HTTPRoute{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:        httpRouteName,
+				Name:        routeName,
 				Namespace:   mcpRoute.Namespace,
 				Labels:      make(map[string]string),
 				Annotations: make(map[string]string),
@@ -121,44 +188,17 @@ func (c *MCPRouteController) syncMCPRoute(ctx context.Context, mcpRoute *aigv1a1
 		for k, v := range mcpRoute.Annotations {
 			httpRoute.Annotations[k] = v
 		}
-		if err = ctrlutil.SetControllerReference(mcpRoute, &httpRoute, c.client.Scheme()); err != nil {
-			panic(fmt.Errorf("BUG: failed to set controller reference for HTTPRoute: %w", err))
+		if err = ctrlutil.SetControllerReference(mcpRoute, httpRoute, c.client.Scheme()); err != nil {
+			return nil, false, fmt.Errorf("failed to set controller reference for HTTPRoute: %w", err)
 		}
 	} else if err != nil {
-		return fmt.Errorf("failed to get HTTPRoute: %w", err)
-	}
-
-	// Update the HTTPRoute with the new MCPRoute.
-	if err = c.newHTTPRoute(ctx, &httpRoute, mcpRoute); err != nil {
-		return fmt.Errorf("failed to construct a new HTTPRoute: %w", err)
-	}
-
-	if existingRoute {
-		c.logger.Info("Updating HTTPRoute", "namespace", httpRoute.Namespace, "name", httpRoute.Name)
-		if err = c.client.Update(ctx, &httpRoute); err != nil {
-			return fmt.Errorf("failed to update HTTPRoute: %w", err)
-		}
-	} else {
-		c.logger.Info("Creating HTTPRoute", "namespace", httpRoute.Namespace, "name", httpRoute.Name)
-		if err = c.client.Create(ctx, &httpRoute); err != nil {
-			return fmt.Errorf("failed to create HTTPRoute: %w", err)
-		}
+		return nil, false, fmt.Errorf("failed to get HTTPRoute: %w", err)
 	}
-
-	// Reconciles MCPRouteSecurityPolicy and creates/updates its associated envoy gateway resources.
-	if err = c.syncMCPRouteSecurityPolicy(ctx, mcpRoute, httpRouteName); err != nil {
-		return fmt.Errorf("failed to sync MCP route security policy: %w", err)
-	}
-
-	err = c.syncGateways(ctx, mcpRoute)
-	if err != nil {
-		return fmt.Errorf("failed to sync gw pods: %w", err)
-	}
-	return nil
+	return httpRoute, existing, nil
 }
 
-// newHTTPRoute updates the HTTPRoute with the new MCPRoute.
-func (c *MCPRouteController) newHTTPRoute(ctx context.Context, dst *gwapiv1.HTTPRoute, mcpRoute *aigv1a1.MCPRoute) error {
+// newMainHTTPRoute updates the main HTTPRoute with the MCPRoute.
+func (c *MCPRouteController) newMainHTTPRoute(dst *gwapiv1.HTTPRoute, mcpRoute *aigv1a1.MCPRoute) error {
 	// This routes incoming MCP client requests to the MCP proxy in the ext proc.
 	servingPath := ptr.Deref(mcpRoute.Spec.Path, defaultMCPPath)
 	rules := []gwapiv1.HTTPRouteRule{{
@@ -325,24 +365,44 @@ func (c *MCPRouteController) newHTTPRoute(ctx context.Context, dst *gwapiv1.HTTP
 			rules = append(rules, authServerSuffixRule)
 		}
 	}
+	dst.Spec.Rules = rules
 
-	// Build HTTPRouteRules for each backend in the MCPRoute.
-	// Each backend will have its own rule that matches the internalapi.MCPBackendHeader set by the MCP proxy.
-	// This allows the MCP proxy to route requests to the correct backend based on the header.
-	for i := range mcpRoute.Spec.BackendRefs {
-		ref := &mcpRoute.Spec.BackendRefs[i]
-		if ns := ref.Namespace; ns != nil && *ns != gwapiv1.Namespace(mcpRoute.Namespace) {
-			// TODO: do this in a CEL or webhook validation or start supporting cross-namespace references with ReferenceGrant.
-			return fmt.Errorf("cross-namespace backend reference is not supported: backend %s/%s in MCPRoute %s/%s",
-				*ns, ref.Name, mcpRoute.Namespace, mcpRoute.Name)
-		}
-		mcpBackendToHTTPRouteRule, err := c.mcpBackendRefToHTTPRouteRule(ctx, mcpRoute, ref)
-		if err != nil {
-			return fmt.Errorf("failed to convert MCPRouteRule to HTTPRouteRule: %w", err)
-		}
-		rules = append(rules, mcpBackendToHTTPRouteRule)
+	// Initialize labels and annotations maps if they don't exist.
+	if dst.Labels == nil {
+		dst.Labels = make(map[string]string)
 	}
-	dst.Spec.Rules = rules
+	if dst.Annotations == nil {
+		dst.Annotations = make(map[string]string)
+	}
+
+	// Copy labels from MCPRoute to HTTPRoute.
+	for k, v := range mcpRoute.Labels {
+		dst.Labels[k] = v
+	}
+
+	// Copy non-controller annotations from MCPRoute to HTTPRoute.
+	for k, v := range mcpRoute.Annotations {
+		dst.Annotations[k] = v
+	}
+
+	// Mark this HTTPRoute as generated by the MCP Gateway controller with the hash of the backend refs so that
+	// this will invoke an extension server update.
+	dst.Spec.ParentRefs = mcpRoute.Spec.ParentRefs
+	return nil
+}
+
+// newPerBackendRefHTTPRoute creates an HTTPRoute for each backend reference in the MCPRoute.
+func (c *MCPRouteController) newPerBackendRefHTTPRoute(ctx context.Context, dst *gwapiv1.HTTPRoute, mcpRoute *aigv1a1.MCPRoute, ref *aigv1a1.MCPRouteBackendRef) error {
+	if ns := ref.Namespace; ns != nil && *ns != gwapiv1.Namespace(mcpRoute.Namespace) {
+		// TODO: do this in a CEL or webhook validation or start supporting cross-namespace references with ReferenceGrant.
+		return fmt.Errorf("cross-namespace backend reference is not supported: backend %s/%s in MCPRoute %s/%s",
+			*ns, ref.Name, mcpRoute.Namespace, mcpRoute.Name)
+	}
+	mcpBackendToHTTPRouteRule, err := c.mcpBackendRefToHTTPRouteRule(ctx, mcpRoute, ref)
+	if err != nil {
+		return fmt.Errorf("failed to convert MCPRouteRule to HTTPRouteRule: %w", err)
+	}
+	dst.Spec.Rules = []gwapiv1.HTTPRouteRule{mcpBackendToHTTPRouteRule}
 
 	// Initialize labels and annotations maps if they don't exist.
 	if dst.Labels == nil {
@@ -457,7 +517,7 @@ func mcpProxyBackendName(mcpRoute *aigv1a1.MCPRoute) string {
 }
 
 func mcpBackendRefFilterName(mcpRoute *aigv1a1.MCPRoute, backendName gwapiv1.ObjectName) string {
-	return fmt.Sprintf("%s%s-%s", internalapi.MCPBackendFilterPrefix, mcpRoute.Name, backendName)
+	return fmt.Sprintf("%s%s-%s", internalapi.MCPPerBackendHTTPRouteFilterPrefix, mcpRoute.Name, backendName)
 }
 
 // mcpBackendRefToHTTPRouteRule creates an HTTPRouteRule for the given MCPRouteBackendRef.

internal/controller/mcp_route_security_policy.go

@@ -79,7 +79,7 @@ func (c *MCPRouteController) syncMCPRouteSecurityPolicy(ctx context.Context, mcp
 // ensureAccessTokenSecurityPolicy ensures that the SecurityPolicy resource exists with JWT authentication to validate access tokens.
 func (c *MCPRouteController) ensureAccessTokenSecurityPolicy(ctx context.Context, mcpRoute *aigv1a1.MCPRoute, httpRouteName string) error {
 	var securityPolicy egv1a1.SecurityPolicy
-	securityPolicyName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name
+	securityPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name
 	err := c.client.Get(ctx, client.ObjectKey{Name: securityPolicyName, Namespace: mcpRoute.Namespace}, &securityPolicy)
 	existingPolicy := err == nil
 
@@ -497,7 +497,7 @@ func (c *MCPRouteController) buildOAuthAuthServerMetadataJSON(oauth *aigv1a1.MCP
 // cleanupSecurityPolicyResources deletes existing SecurityPolicy-related resources when SecurityPolicy is nil.
 func (c *MCPRouteController) cleanupSecurityPolicyResources(ctx context.Context, mcpRoute *aigv1a1.MCPRoute) error {
 	// Delete SecurityPolicy.
-	securityPolicyName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name
+	securityPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name
 	var securityPolicy egv1a1.SecurityPolicy
 	err := c.client.Get(ctx, client.ObjectKey{Name: securityPolicyName, Namespace: mcpRoute.Namespace}, &securityPolicy)
 	if err == nil {
@@ -637,11 +637,11 @@ func fetchOAuthAuthServerMetadata(authServer string) (*OAuthAuthServerMetadata,
 }
 
 func oauthProtectedResourceMetadataName(mcpRouteName string) string {
-	return fmt.Sprintf("%s%s%s", internalapi.MCPHTTPRoutePrefix, mcpRouteName, oauthProtectedResourceMetadataSuffix)
+	return fmt.Sprintf("%s%s%s", internalapi.MCPGeneratedResourceCommonPrefix, mcpRouteName, oauthProtectedResourceMetadataSuffix)
 }
 
 func oauthAuthServerMetadataFilterName(mcpRouteName string) string {
-	return fmt.Sprintf("%s%s%s", internalapi.MCPHTTPRoutePrefix, mcpRouteName, oauthAuthServerMetadataSuffix)
+	return fmt.Sprintf("%s%s%s", internalapi.MCPGeneratedResourceCommonPrefix, mcpRouteName, oauthAuthServerMetadataSuffix)
 }
 
 // discoverJWKSURI attempts to discover the JWKS URI from the OAuth authorization server metadata.

internal/controller/mcp_route_security_policy_test.go

@@ -203,7 +203,7 @@ func TestMCPRouteController_syncMCPRouteSecurityPolicy(t *testing.T) {
 			}
 			require.NoError(t, err)
 
-			securityPolicyName := internalapi.MCPHTTPRoutePrefix + tt.mcpRoute.Name
+			securityPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + tt.mcpRoute.Name
 			var securityPolicy egv1a1.SecurityPolicy
 			secPolErr := fakeClient.Get(t.Context(), client.ObjectKey{Name: securityPolicyName, Namespace: tt.mcpRoute.Namespace}, &securityPolicy)
 
@@ -223,7 +223,7 @@ func TestMCPRouteController_syncMCPRouteSecurityPolicy(t *testing.T) {
 				require.Error(t, secPolErr, "SecurityPolicy should not exist")
 			}
 
-			backendTrafficPolicyName := internalapi.MCPHTTPRoutePrefix + tt.mcpRoute.Name + oauthProtectedResourceMetadataSuffix
+			backendTrafficPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + tt.mcpRoute.Name + oauthProtectedResourceMetadataSuffix
 			var backendTrafficPolicy egv1a1.BackendTrafficPolicy
 			btpErr := fakeClient.Get(t.Context(), client.ObjectKey{Name: backendTrafficPolicyName, Namespace: tt.mcpRoute.Namespace}, &backendTrafficPolicy)
 
@@ -233,7 +233,7 @@ func TestMCPRouteController_syncMCPRouteSecurityPolicy(t *testing.T) {
 				require.Error(t, btpErr, "BackendTrafficPolicy should not exist")
 			}
 
-			httpRouteFilterName := internalapi.MCPHTTPRoutePrefix + tt.mcpRoute.Name + oauthProtectedResourceMetadataSuffix
+			httpRouteFilterName := internalapi.MCPGeneratedResourceCommonPrefix + tt.mcpRoute.Name + oauthProtectedResourceMetadataSuffix
 			var httpRouteFilter egv1a1.HTTPRouteFilter
 			filterErr := fakeClient.Get(t.Context(), client.ObjectKey{Name: httpRouteFilterName, Namespace: tt.mcpRoute.Namespace}, &httpRouteFilter)
 
@@ -280,10 +280,10 @@ func TestMCPRouteControllerCleanupSecurityPolicyResources(t *testing.T) {
 	err = c.syncMCPRouteSecurityPolicy(t.Context(), mcpRoute, httpRouteName)
 	require.NoError(t, err)
 
-	securityPolicyName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name
-	backendTrafficPolicyName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name + oauthProtectedResourceMetadataSuffix
-	protecedResourceMetadataFilterName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name + oauthProtectedResourceMetadataSuffix
-	authServerMetadataFilterName := internalapi.MCPHTTPRoutePrefix + mcpRoute.Name + oauthAuthServerMetadataSuffix
+	securityPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name
+	backendTrafficPolicyName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name + oauthProtectedResourceMetadataSuffix
+	protecedResourceMetadataFilterName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name + oauthProtectedResourceMetadataSuffix
+	authServerMetadataFilterName := internalapi.MCPGeneratedResourceCommonPrefix + mcpRoute.Name + oauthAuthServerMetadataSuffix
 
 	var securityPolicy egv1a1.SecurityPolicy
 	err = fakeClient.Get(t.Context(), client.ObjectKey{Name: securityPolicyName, Namespace: mcpRoute.Namespace}, &securityPolicy)