Add CRD type changes for horizontal scaling (#4363)

* Add CRD type changes for horizontal scaling

Add SessionStorageConfig struct and scaling fields to MCPServer and
VirtualMCPServer CRDs as the foundation for horizontal scaling support.

- Add SessionStorageConfig struct with Provider, Address, DB, KeyPrefix,
  and PasswordRef fields; CEL rule enforces address is required for redis
- Add Replicas *int32, BackendReplicas *int32, SessionStorage to MCPServerSpec
- Add Replicas *int32, SessionStorage to VirtualMCPServerSpec
- Nil pointer fields allow HPA to manage replicas without operator interference
- Regenerate zz_generated.deepcopy.go and CRD manifests

Closes: #4206

* rebase merge conflicts and fixes from review

---------

Co-authored-by: taskbot <taskbot@users.noreply.github.com>

Author: yrobla

cmd/thv-operator/api/v1alpha1/mcpserver_types.go

@@ -226,6 +226,29 @@ type MCPServerSpec struct {
 	// +kubebuilder:default=ClientIP
 	// +optional
 	SessionAffinity string `json:"sessionAffinity,omitempty"`
+
+	// Replicas is the desired number of proxy runner (thv run) pod replicas.
+	// MCPServer creates two separate Deployments: one for the proxy runner and one
+	// for the MCP server backend. This field controls the proxy runner Deployment.
+	// When nil, the operator does not set Deployment.Spec.Replicas, leaving replica
+	// management to an HPA or other external controller.
+	// +kubebuilder:validation:Minimum=0
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+
+	// BackendReplicas is the desired number of MCP server backend pod replicas.
+	// This controls the backend Deployment (the MCP server container itself),
+	// independent of the proxy runner controlled by Replicas.
+	// When nil, the operator does not set Deployment.Spec.Replicas, leaving replica
+	// management to an HPA or other external controller.
+	// +kubebuilder:validation:Minimum=0
+	// +optional
+	BackendReplicas *int32 `json:"backendReplicas,omitempty"`
+
+	// SessionStorage configures session storage for stateful horizontal scaling.
+	// When nil, no session storage is configured.
+	// +optional
+	SessionStorage *SessionStorageConfig `json:"sessionStorage,omitempty"`
 }
 
 // ResourceOverrides defines overrides for annotations and labels on created resources
@@ -338,6 +361,44 @@ type SecretRef struct {
 	TargetEnvName string `json:"targetEnvName,omitempty"`
 }
 
+// SessionStorageConfig defines session storage configuration for horizontal scaling.
+//
+// This is the CRD/K8s-aware surface: it uses SecretKeyRef for secret resolution.
+// The reconciler resolves PasswordRef to a plain string and builds a
+// session.RedisConfig (pkg/transport/session) for the actual storage backend.
+//
+// TODO: Add a corresponding SessionStorageConfig to pkg/vmcp/config.Config so the
+// vMCP process receives session storage config through the existing config injection
+// path (same as Optimizer and Audit). The CRD type will remain separate because
+// PasswordRef is K8s-specific and gets resolved away before the config-pkg type.
+//
+// +kubebuilder:validation:XValidation:rule="self.provider == 'redis' ? has(self.address) : true",message="address is required"
+type SessionStorageConfig struct {
+	// Provider is the session storage backend type
+	// +kubebuilder:validation:Enum=memory;redis
+	// +kubebuilder:validation:Required
+	Provider string `json:"provider"`
+
+	// Address is the Redis server address (required when provider is redis)
+	// +kubebuilder:validation:MinLength=1
+	// +optional
+	Address string `json:"address,omitempty"`
+
+	// DB is the Redis database number
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default=0
+	// +optional
+	DB int32 `json:"db,omitempty"`
+
+	// KeyPrefix is an optional prefix for all Redis keys used by ToolHive
+	// +optional
+	KeyPrefix string `json:"keyPrefix,omitempty"`
+
+	// PasswordRef is a reference to a Secret key containing the Redis password
+	// +optional
+	PasswordRef *SecretKeyRef `json:"passwordRef,omitempty"`
+}
+
 // Permission profile types
 const (
 	// PermissionProfileTypeBuiltin is the type for built-in permission profiles

cmd/thv-operator/api/v1alpha1/mcpserver_types_test.go

@@ -0,0 +1,121 @@
+// SPDX-FileCopyrightText: Copyright 2025 Stacklok, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSessionStorageConfigJSONRoundtrip(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name     string
+		input    SessionStorageConfig
+		wantJSON string
+	}{
+		{
+			name: "memory provider",
+			input: SessionStorageConfig{
+				Provider: "memory",
+			},
+			wantJSON: `{"provider":"memory"}`,
+		},
+		{
+			name: "redis provider with address",
+			input: SessionStorageConfig{
+				Provider: "redis",
+				Address:  "redis:6379",
+			},
+			wantJSON: `{"provider":"redis","address":"redis:6379"}`,
+		},
+		{
+			name: "redis provider with all fields",
+			input: SessionStorageConfig{
+				Provider:  "redis",
+				Address:   "redis:6379",
+				DB:        1,
+				KeyPrefix: "thv:",
+			},
+			wantJSON: `{"provider":"redis","address":"redis:6379","db":1,"keyPrefix":"thv:"}`,
+		},
+		{
+			name: "db zero is omitted",
+			input: SessionStorageConfig{
+				Provider: "redis",
+				Address:  "redis:6379",
+				DB:       0,
+			},
+			wantJSON: `{"provider":"redis","address":"redis:6379"}`,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			b, err := json.Marshal(tc.input)
+			require.NoError(t, err)
+			assert.JSONEq(t, tc.wantJSON, string(b))
+		})
+	}
+}
+
+func TestMCPServerSpecScalingFieldsJSONRoundtrip(t *testing.T) {
+	t.Parallel()
+
+	replicas := int32(3)
+	backendReplicas := int32(2)
+
+	tests := []struct {
+		name       string
+		spec       MCPServerSpec
+		wantKeys   []string
+		wantAbsent []string
+	}{
+		{
+			name:       "nil replicas are omitted",
+			spec:       MCPServerSpec{Image: "example/mcp:latest"},
+			wantAbsent: []string{`"replicas"`, `"backendReplicas"`, `"sessionStorage"`},
+		},
+		{
+			name: "set replicas are serialized",
+			spec: MCPServerSpec{
+				Image:           "example/mcp:latest",
+				Replicas:        &replicas,
+				BackendReplicas: &backendReplicas,
+			},
+			wantKeys: []string{`"replicas":3`, `"backendReplicas":2`},
+		},
+		{
+			name: "sessionStorage is serialized when set",
+			spec: MCPServerSpec{
+				Image: "example/mcp:latest",
+				SessionStorage: &SessionStorageConfig{
+					Provider: "redis",
+					Address:  "redis:6379",
+				},
+			},
+			wantKeys: []string{`"sessionStorage"`, `"provider":"redis"`},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			b, err := json.Marshal(tc.spec)
+			require.NoError(t, err)
+			out := string(b)
+			for _, key := range tc.wantKeys {
+				assert.Contains(t, out, key)
+			}
+			for _, key := range tc.wantAbsent {
+				assert.NotContains(t, out, key)
+			}
+		})
+	}
+}

cmd/thv-operator/api/v1alpha1/virtualmcpserver_types.go

@@ -82,6 +82,21 @@ type VirtualMCPServerSpec struct {
 	// When nil, IncomingAuth uses an external IDP and behavior is unchanged.
 	// +optional
 	AuthServerConfig *EmbeddedAuthServerConfig `json:"authServerConfig,omitempty"`
+
+	// Replicas is the desired number of vMCP pod replicas.
+	// VirtualMCPServer creates a single Deployment for the vMCP aggregator process,
+	// so there is only one replicas field (unlike MCPServer which has separate
+	// Replicas and BackendReplicas for its two Deployments).
+	// When nil, the operator does not set Deployment.Spec.Replicas, leaving replica
+	// management to an HPA or other external controller.
+	// +kubebuilder:validation:Minimum=0
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+
+	// SessionStorage configures session storage for stateful horizontal scaling.
+	// When nil, no session storage is configured.
+	// +optional
+	SessionStorage *SessionStorageConfig `json:"sessionStorage,omitempty"`
 }
 
 // EmbeddingServerRef references an existing EmbeddingServer resource by name.

cmd/thv-operator/api/v1alpha1/virtualmcpserver_types_test.go

@@ -4,6 +4,7 @@
 package v1alpha1
 
 import (
+	"encoding/json"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -479,3 +480,58 @@ func TestValidateEmbeddingServer(t *testing.T) {
 		})
 	}
 }
+
+func TestVirtualMCPServerSpecScalingFieldsJSONRoundtrip(t *testing.T) {
+	t.Parallel()
+
+	replicas := int32(2)
+
+	tests := []struct {
+		name       string
+		spec       VirtualMCPServerSpec
+		wantKeys   []string
+		wantAbsent []string
+	}{
+		{
+			name: "nil replicas are omitted",
+			spec: VirtualMCPServerSpec{
+				IncomingAuth: &IncomingAuthConfig{Type: "anonymous"},
+			},
+			wantAbsent: []string{`"replicas"`, `"sessionStorage"`},
+		},
+		{
+			name: "set replicas are serialized",
+			spec: VirtualMCPServerSpec{
+				IncomingAuth: &IncomingAuthConfig{Type: "anonymous"},
+				Replicas:     &replicas,
+			},
+			wantKeys: []string{`"replicas":2`},
+		},
+		{
+			name: "sessionStorage is serialized when set",
+			spec: VirtualMCPServerSpec{
+				IncomingAuth: &IncomingAuthConfig{Type: "anonymous"},
+				SessionStorage: &SessionStorageConfig{
+					Provider: "redis",
+					Address:  "redis:6379",
+				},
+			},
+			wantKeys: []string{`"sessionStorage"`, `"provider":"redis"`},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			b, err := json.Marshal(tc.spec)
+			require.NoError(t, err)
+			out := string(b)
+			for _, key := range tc.wantKeys {
+				assert.Contains(t, out, key)
+			}
+			for _, key := range tc.wantAbsent {
+				assert.NotContains(t, out, key)
+			}
+		})
+	}
+}