From 2ad2fb0bb93b82413af6d316707994b03c092369 Mon Sep 17 00:00:00 2001 From: Matthias Hinrichs Date: Fri, 15 May 2026 11:09:35 +0200 Subject: [PATCH] refactor: move PhaseSecret definition and implement dynamic token injection for homeassistant-mcp --- .../templates/federated-gateway-secrets.yaml | 21 --------- .../templates/homeassistant-mcp.yaml | 44 +++++++++++++++++-- 2 files changed, 40 insertions(+), 25 deletions(-) diff --git a/05-mcp-servers/templates/federated-gateway-secrets.yaml b/05-mcp-servers/templates/federated-gateway-secrets.yaml index 52374b6..3e97858 100644 --- a/05-mcp-servers/templates/federated-gateway-secrets.yaml +++ b/05-mcp-servers/templates/federated-gateway-secrets.yaml @@ -20,24 +20,3 @@ spec: phaseAppEnv: production phaseAppEnvPath: / phaseHost: https://phase.hnrx.net - ---- -apiVersion: secrets.phase.dev/v1alpha1 -kind: PhaseSecret -metadata: - name: homeassistant-mcp-secret - namespace: agentgateway-system -spec: - authentication: - serviceToken: - serviceTokenSecretReference: - secretName: phase-service-token - secretNamespace: phase-secrets-operator - managedSecretReferences: - - secretName: homeassistant-mcp-secret - secretNamespace: agentgateway-system - secretType: Opaque - phaseApp: homeassistant-mcp-server - phaseAppEnv: production - phaseAppEnvPath: / - phaseHost: https://phase.hnrx.net \ No newline at end of file diff --git a/05-mcp-servers/templates/homeassistant-mcp.yaml b/05-mcp-servers/templates/homeassistant-mcp.yaml index 855ae37..0fa9e34 100644 --- a/05-mcp-servers/templates/homeassistant-mcp.yaml +++ b/05-mcp-servers/templates/homeassistant-mcp.yaml @@ -14,7 +14,26 @@ spec: policies: tls: sni: ha.hnrx.net - +--- +apiVersion: secrets.phase.dev/v1alpha1 +kind: PhaseSecret +metadata: + name: homeassistant-mcp-secret + namespace: agentgateway-system +spec: + authentication: + serviceToken: + serviceTokenSecretReference: + secretName: phase-service-token + secretNamespace: phase-secrets-operator + managedSecretReferences: + - secretName: homeassistant-mcp-secret + secretNamespace: agentgateway-system + secretType: Opaque + phaseApp: homeassistant-mcp-server + phaseAppEnv: production + phaseAppEnvPath: / + phaseHost: https://phase.hnrx.net --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute @@ -43,9 +62,26 @@ spec: - type: RequestHeaderModifier requestHeaderModifier: set: - - name: Authorization - value: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMThlYjBjMjk0MjU0YzdhODdiNTc5MjcwMThkMjE2NiIsImlhdCI6MTczNDY1MTY2MCwiZXhwIjoyMDUwMDExNjYwfQ.2M6rKWpzScXX28tYVTkzpgZgdCSou8DiyhqXkeJF6HE" matches: - path: type: PathPrefix - value: /mcp-homeassistant \ No newline at end of file + value: /mcp-homeassistant +--- +apiVersion: gateway.kgateway.dev/v1alpha1 +kind: TrafficPolicy +metadata: + name: homeassistant-mcp-transformation + namespace: agentgateway-system +spec: + extractedValues: + homeassistant_token: + values: + secret: + name: homeassistant-mcp-secret + namespace: agentgateway-system + key: AUTHORIZATION_BEARER_TOKEN + headerModifiers: + request: + set: + - name: "Authorization" + value: "{{ homeassistant_token }}" \ No newline at end of file