homelab/fleet-ai-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move PhaseSecret definition and implement dynamic token injection for homeassistant-mcp

Browse Source
This commit is contained in:
Matthias Hinrichs
2026-05-15 11:09:35 +02:00
parent 90932e1c91
commit 2ad2fb0bb9
2 changed files with 40 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
05-mcp-servers/templates/federated-gateway-secrets.yaml
-21
View File
@@ -20,24 +20,3 @@ spec:
phaseAppEnv: production phaseAppEnv: production
phaseAppEnvPath: / phaseAppEnvPath: /
phaseHost: https://phase.hnrx.net phaseHost: https://phase.hnrx.net
---
apiVersion: secrets.phase.dev/v1alpha1
kind: PhaseSecret
metadata:
name: homeassistant-mcp-secret
namespace: agentgateway-system
spec:
authentication:
serviceToken:
serviceTokenSecretReference:
secretName: phase-service-token
secretNamespace: phase-secrets-operator
managedSecretReferences:
- secretName: homeassistant-mcp-secret
secretNamespace: agentgateway-system
secretType: Opaque
phaseApp: homeassistant-mcp-server
phaseAppEnv: production
phaseAppEnvPath: /
phaseHost: https://phase.hnrx.net
05-mcp-servers/templates/homeassistant-mcp.yaml
+39 -3
View File
@@ -14,7 +14,26 @@ spec:
policies: policies:
tls: tls:
sni: ha.hnrx.net sni: ha.hnrx.net
---
apiVersion: secrets.phase.dev/v1alpha1
kind: PhaseSecret
metadata:
name: homeassistant-mcp-secret
namespace: agentgateway-system
spec:
authentication:
serviceToken:
serviceTokenSecretReference:
secretName: phase-service-token
secretNamespace: phase-secrets-operator
managedSecretReferences:
- secretName: homeassistant-mcp-secret
secretNamespace: agentgateway-system
secretType: Opaque
phaseApp: homeassistant-mcp-server
phaseAppEnv: production
phaseAppEnvPath: /
phaseHost: https://phase.hnrx.net
--- ---
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
@@ -43,9 +62,26 @@ spec:
- type: RequestHeaderModifier - type: RequestHeaderModifier
requestHeaderModifier: requestHeaderModifier:
set: set:
- name: Authorization
value: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMThlYjBjMjk0MjU0YzdhODdiNTc5MjcwMThkMjE2NiIsImlhdCI6MTczNDY1MTY2MCwiZXhwIjoyMDUwMDExNjYwfQ.2M6rKWpzScXX28tYVTkzpgZgdCSou8DiyhqXkeJF6HE"
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
value: /mcp-homeassistant value: /mcp-homeassistant
---
apiVersion: gateway.kgateway.dev/v1alpha1
kind: TrafficPolicy
metadata:
name: homeassistant-mcp-transformation
namespace: agentgateway-system
spec:
extractedValues:
homeassistant_token:
values:
secret:
name: homeassistant-mcp-secret
namespace: agentgateway-system
key: AUTHORIZATION_BEARER_TOKEN
headerModifiers:
request:
set:
- name: "Authorization"
value: "{{ homeassistant_token }}"