From 31d4fb1b5891bd96d56815303c73a93443d510d0 Mon Sep 17 00:00:00 2001
From: Matthias Hinrichs <matthias.hinrichs@me.com>
Date: Fri, 15 May 2026 12:18:09 +0200
Subject: [PATCH] feat: add auth secret to HTTPRoute and remove hardcoded
 authorization transformation policy

---
 .../templates/homeassistant-mcp.yaml          | 23 +++++--------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/05-mcp-servers/templates/homeassistant-mcp.yaml b/05-mcp-servers/templates/homeassistant-mcp.yaml
index 4ee1c5e..d9ca202 100644
--- a/05-mcp-servers/templates/homeassistant-mcp.yaml
+++ b/05-mcp-servers/templates/homeassistant-mcp.yaml
@@ -14,6 +14,10 @@ spec:
         policies:
             tls:
               sni: ha.hnrx.net
+            auth:
+              secretRef:
+                name: homeassistant-mcp-secret
+                namespace: agentgateway-system
 ---
 apiVersion: secrets.phase.dev/v1alpha1
 kind: PhaseSecret
@@ -34,6 +38,7 @@ spec:
   phaseAppEnv: production
   phaseAppEnvPath: /
   phaseHost: https://phase.hnrx.net
+
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
@@ -62,20 +67,4 @@ spec:
       matches:
       - path:
           type: PathPrefix
-          value: /mcp-homeassistant
----
-apiVersion: gateway.kgateway.dev/v1alpha1
-kind: TrafficPolicy
-metadata:
-  name: homeassistant-mcp-transformation
-  namespace: agentgateway-system
-spec:
-  targetRefs:
-    - name: homeassistant-mcp
-      group: gateway.networking.k8s.io
-      kind: HTTPRoute
-  transformation:
-    request:
-      set:
-        - name: "Authorization"
-          value: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI2YzE1Njg2NjA3MjA0MjI5OTdlMjVmZTA0NmU5MjljNCIsImlhdCI6MTc3ODgzNzcwNCwiZXhwIjoyMDk0MTk3NzA0fQ.XOQuRv-1nEad_6GV-Nz-B-ZWzvo993E_NGkQ85V5DH4'
+          value: /mcp-homeassistant
\ No newline at end of file