refactor: move PhaseSecret definition and implement dynamic token injection for homeassistant-mcp

05-mcp-servers/templates/federated-gateway-secrets.yaml

@@ -20,24 +20,3 @@ spec:
   phaseAppEnv: production
   phaseAppEnvPath: /
   phaseHost: https://phase.hnrx.net
-
----
-apiVersion: secrets.phase.dev/v1alpha1
-kind: PhaseSecret
-metadata:
-  name: homeassistant-mcp-secret
-  namespace: agentgateway-system
-spec:
-  authentication:
-    serviceToken:
-      serviceTokenSecretReference:
-        secretName: phase-service-token
-        secretNamespace: phase-secrets-operator
-  managedSecretReferences:
-    - secretName: homeassistant-mcp-secret
-      secretNamespace: agentgateway-system
-      secretType: Opaque
-  phaseApp: homeassistant-mcp-server
-  phaseAppEnv: production
-  phaseAppEnvPath: /
-  phaseHost: https://phase.hnrx.net

05-mcp-servers/templates/homeassistant-mcp.yaml

@@ -14,7 +14,26 @@ spec:
         policies:
             tls:
               sni: ha.hnrx.net
-
+---
+apiVersion: secrets.phase.dev/v1alpha1
+kind: PhaseSecret
+metadata:
+  name: homeassistant-mcp-secret
+  namespace: agentgateway-system
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: phase-service-token
+        secretNamespace: phase-secrets-operator
+  managedSecretReferences:
+    - secretName: homeassistant-mcp-secret
+      secretNamespace: agentgateway-system
+      secretType: Opaque
+  phaseApp: homeassistant-mcp-server
+  phaseAppEnv: production
+  phaseAppEnvPath: /
+  phaseHost: https://phase.hnrx.net
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
@@ -43,9 +62,26 @@ spec:
         - type: RequestHeaderModifier
           requestHeaderModifier:
             set: 
-              - name: Authorization
-                value: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMThlYjBjMjk0MjU0YzdhODdiNTc5MjcwMThkMjE2NiIsImlhdCI6MTczNDY1MTY2MCwiZXhwIjoyMDUwMDExNjYwfQ.2M6rKWpzScXX28tYVTkzpgZgdCSou8DiyhqXkeJF6HE"
       matches:
       - path:
           type: PathPrefix
           value: /mcp-homeassistant
+---
+apiVersion: gateway.kgateway.dev/v1alpha1
+kind: TrafficPolicy
+metadata:
+  name: homeassistant-mcp-transformation
+  namespace: agentgateway-system
+spec:
+  extractedValues:
+    homeassistant_token:
+      values:
+        secret:
+          name: homeassistant-mcp-secret
+          namespace: agentgateway-system
+          key: AUTHORIZATION_BEARER_TOKEN
+  headerModifiers:
+    request:
+      set:
+        - name: "Authorization"
+          value: "{{ homeassistant_token }}"