feat: add MCP server templates for Gitea, HomeAssistant, and Outline with federated gateway support

05-mcp-servers/templates/federated-gateway-secrets.yaml

@@ -0,0 +1,44 @@
+apiVersion: secrets.phase.dev/v1alpha1
+kind: PhaseSecret
+metadata:
+  name: outline-mcp-secret
+  namespace: agentgateway-system
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: phase-service-token
+        secretNamespace: phase-secrets-operator
+  managedSecretReferences:
+    - secretName: outline-mcp-bearer-token
+      secretNamespace: agentgateway-system
+      secretType: Opaque
+      processors:
+        OUTLINE_BEARER_TOKEN:
+          asName: Authorization
+  phaseApp: federated_mcp
+  phaseAppEnv: production
+  phaseAppEnvPath: /
+  phaseHost: https://phase.hnrx.net
+
+---
+apiVersion: secrets.phase.dev/v1alpha1
+kind: PhaseSecret
+metadata:
+  name: homeassistant-mcp-secret
+  namespace: agentgateway-system
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: phase-service-token
+        secretNamespace: phase-secrets-operator
+  managedSecretReferences:
+    - secretName: homeassistant-mcp-secret
+      secretNamespace: agentgateway-system
+      secretType: Opaque
+      nameTransformer: 'upper-camel'
+  phaseApp: home_assistant_token
+  phaseAppEnv: production
+  phaseAppEnvPath: /
+  phaseHost: https://phase.hnrx.net

05-mcp-servers/templates/federated-gateway.yaml

@@ -0,0 +1,55 @@
+apiVersion: agentgateway.dev/v1alpha1
+kind: AgentgatewayBackend
+metadata:
+  name: federated-gateway
+  namespace: agentgateway-system
+spec:
+  mcp:
+    targets:
+    - name: gitea
+      selector:
+        services:
+          matchLabels:
+            app: gitea-mcp-server
+    - name: outline-mcp-server
+      static:
+        host: outline.hnrx.net
+        port: 443
+        path: /mcp/
+        policies:
+            tls:
+              sni: outline.hnrx.net
+            auth:
+              secretRef:
+                name: outline-mcp-bearer-token
+    - name: homeassistant-mcp-server
+      static:
+        host: ha.hnrx.net
+        port: 443
+        path: /api/mcp
+        policies:
+            tls:
+              sni: ha.hnrx.net
+            auth:
+              secretRef:
+                name: homeassistant-mcp-secret
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: mcp-federated
+  namespace: agentgateway-system
+spec:
+  parentRefs:
+    - name: agentgateway-proxy
+      namespace: agentgateway-system
+  rules:
+    - backendRefs:
+        - name: federated-gateway
+          namespace: agentgateway-system
+          group: agentgateway.dev
+          kind: AgentgatewayBackend
+      matches:
+      - path:
+          type: PathPrefix
+          value: /mcp

05-mcp-servers/templates/gitea-mcp.yaml

@@ -0,0 +1,97 @@
+apiVersion: secrets.phase.dev/v1alpha1
+kind: PhaseSecret
+metadata:
+  name: gitea-mcp-server-secret
+  namespace: agentgateway-system
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: phase-service-token
+        secretNamespace: phase-secrets-operator
+  managedSecretReferences:
+    - secretName: gitea-mcp-server-secret
+      secretNamespace: agentgateway-system
+      secretType: Opaque
+  phaseApp: gitea-mcp-server
+  phaseAppEnv: production
+  phaseAppEnvPath: /
+  phaseHost: https://phase.hnrx.net
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea-mcp-server
+  namespace: agentgateway-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea-mcp-server
+  template:
+    metadata:
+      labels:
+        app: gitea-mcp-server
+    spec:
+      containers:
+      - name: gitea-mcp-server
+        image: docker.gitea.com/gitea-mcp-server:latest
+        command: ["/app/gitea-mcp"]
+        args: ["-t", "http", "--port", "8080"]
+        envFrom:
+          - secretRef:
+              name: gitea-mcp-server-secret
+        ports:
+          - containerPort: 8080
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-mcp-server
+  namespace: agentgateway-system
+  labels:
+    app: gitea-mcp-server
+spec:
+  selector:
+    app: gitea-mcp-server
+  ports:
+  - port: 8080
+    targetPort: 8080
+    appProtocol: agentgateway.dev/mcp
+
+---
+apiVersion: agentgateway.dev/v1alpha1
+kind: AgentgatewayBackend
+metadata:
+  name: mcp-backend
+  namespace: agentgateway-system
+spec:
+  mcp:
+    targets:
+    - name: gitea-mcp-server
+      selector:
+        services:
+          matchLabels:
+            app: gitea-mcp-server
+---        
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: gitea-mcp
+  namespace: agentgateway-system
+spec:
+  parentRefs:
+    - name: agentgateway-proxy
+      namespace: agentgateway-system
+  rules:
+    - backendRefs:
+        - name: mcp-backend
+          namespace: agentgateway-system
+          group: agentgateway.dev
+          kind: AgentgatewayBackend
+      matches:
+      - path:
+          type: PathPrefix
+          value: /mcp-gitea

05-mcp-servers/templates/homeassistant-mcp.yaml

@@ -0,0 +1,51 @@
+apiVersion: agentgateway.dev/v1alpha1
+kind: AgentgatewayBackend
+metadata:
+  name: homeassistant-mcp-backend
+  namespace: agentgateway-system
+spec:
+  mcp:
+    targets:
+    - name: homeassistant-mcp-server
+      static:
+        host: ha.hnrx.net
+        port: 443
+        path: /api/mcp
+        policies:
+            tls:
+              sni: ha.hnrx.net
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: homeassistant-mcp
+  namespace: agentgateway-system
+spec:
+  parentRefs:
+    - name: agentgateway-proxy
+      namespace: agentgateway-system
+  rules:
+    - backendRefs:
+        - name: homeassistant-mcp-backend
+          namespace: agentgateway-system
+          group: agentgateway.dev
+          kind: AgentgatewayBackend
+      filters:
+        - type: CORS
+          cors:
+            allowHeaders:
+              - "*"               
+            allowMethods:            
+              - "*"              
+            allowOrigins:
+              - "*"
+        - type: RequestHeaderModifier
+          requestHeaderModifier:
+            set: 
+              - name: Authorization
+                value: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMThlYjBjMjk0MjU0YzdhODdiNTc5MjcwMThkMjE2NiIsImlhdCI6MTczNDY1MTY2MCwiZXhwIjoyMDUwMDExNjYwfQ.2M6rKWpzScXX28tYVTkzpgZgdCSou8DiyhqXkeJF6HE"
+      matches:
+      - path:
+          type: PathPrefix
+          value: /mcp-homeassistant

05-mcp-servers/templates/outline-mcp.yaml

@@ -0,0 +1,49 @@
+apiVersion: agentgateway.dev/v1alpha1
+kind: AgentgatewayBackend
+metadata:
+  name: outline-mcp-backend
+  namespace: agentgateway-system
+spec:
+  mcp:
+    targets:
+    - name: outline-mcp-server
+      static:
+        host: outline.hnrx.net
+        port: 443
+        path: /mcp/
+        policies:
+            tls:
+              sni: outline.hnrx.net
+            auth:
+              secretRef:
+                name: outline-mcp-bearer-token
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: outline-mcp
+  namespace: agentgateway-system
+spec:
+  parentRefs:
+    - name: agentgateway-proxy
+      namespace: agentgateway-system
+  rules:
+    - backendRefs:
+        - name: outline-mcp-backend
+          namespace: agentgateway-system
+          group: agentgateway.dev
+          kind: AgentgatewayBackend
+      filters:
+        - type: CORS
+          cors:
+            allowHeaders:
+              - "*"               
+            allowMethods:            
+              - "*"              
+            allowOrigins:
+              - "*"
+      matches:
+      - path:
+          type: PathPrefix
+          value: /mcp-outline