refactor: move PhaseSecret definition and implement dynamic token injection for homeassistant-mcp

2026-05-15 11:09:35 +02:00
parent 90932e1c91
commit 2ad2fb0bb9
2 changed files with 40 additions and 25 deletions
@@ -20,24 +20,3 @@ spec:
  phaseAppEnv: production
  phaseAppEnvPath: /
  phaseHost: https://phase.hnrx.net
-
---
-apiVersion: secrets.phase.dev/v1alpha1
-kind: PhaseSecret
-metadata:
-  name: homeassistant-mcp-secret
-  namespace: agentgateway-system
-spec:
-  authentication:
-    serviceToken:
-      serviceTokenSecretReference:
-        secretName: phase-service-token
-        secretNamespace: phase-secrets-operator
-  managedSecretReferences:
-    - secretName: homeassistant-mcp-secret
-      secretNamespace: agentgateway-system
-      secretType: Opaque
-  phaseApp: homeassistant-mcp-server
-  phaseAppEnv: production
-  phaseAppEnvPath: /
-  phaseHost: https://phase.hnrx.net
@@ -14,7 +14,26 @@ spec:
        policies:
            tls:
              sni: ha.hnrx.net
-
+---
+apiVersion: secrets.phase.dev/v1alpha1
+kind: PhaseSecret
+metadata:
+  name: homeassistant-mcp-secret
+  namespace: agentgateway-system
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: phase-service-token
+        secretNamespace: phase-secrets-operator
+  managedSecretReferences:
+    - secretName: homeassistant-mcp-secret
+      secretNamespace: agentgateway-system
+      secretType: Opaque
+  phaseApp: homeassistant-mcp-server
+  phaseAppEnv: production
+  phaseAppEnvPath: /
+  phaseHost: https://phase.hnrx.net
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
@@ -43,9 +62,26 @@ spec:
        - type: RequestHeaderModifier
          requestHeaderModifier:
            set: 
-              - name: Authorization
-                value: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMThlYjBjMjk0MjU0YzdhODdiNTc5MjcwMThkMjE2NiIsImlhdCI6MTczNDY1MTY2MCwiZXhwIjoyMDUwMDExNjYwfQ.2M6rKWpzScXX28tYVTkzpgZgdCSou8DiyhqXkeJF6HE"
      matches:
      - path:
          type: PathPrefix
-          value: /mcp-homeassistant
+          value: /mcp-homeassistant
+---
+apiVersion: gateway.kgateway.dev/v1alpha1
+kind: TrafficPolicy
+metadata:
+  name: homeassistant-mcp-transformation
+  namespace: agentgateway-system
+spec:
+  extractedValues:
+    homeassistant_token:
+      values:
+        secret:
+          name: homeassistant-mcp-secret
+          namespace: agentgateway-system
+          key: AUTHORIZATION_BEARER_TOKEN
+  headerModifiers:
+    request:
+      set:
+        - name: "Authorization"
+          value: "{{ homeassistant_token }}"