fleet-ai-stack/05-mcp-servers/templates/homeassistant-mcp.yaml

apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayBackend
metadata:
  name: homeassistant-mcp-backend
  namespace: agentgateway-system
spec:
  mcp:
    targets:
    - name: homeassistant-mcp-server
      static:
        host: ha.hnrx.net
        port: 443
        path: /api/mcp
        policies:
            tls:
              sni: ha.hnrx.net
---
apiVersion: secrets.phase.dev/v1alpha1
kind: PhaseSecret
metadata:
  name: homeassistant-mcp-secret
  namespace: agentgateway-system
spec:
  authentication:
    serviceToken:
      serviceTokenSecretReference:
        secretName: phase-service-token
        secretNamespace: phase-secrets-operator
  managedSecretReferences:
    - secretName: homeassistant-mcp-secret
      secretNamespace: agentgateway-system
      secretType: Opaque
  phaseApp: homeassistant-mcp-server
  phaseAppEnv: production
  phaseAppEnvPath: /
  phaseHost: https://phase.hnrx.net
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: homeassistant-mcp
  namespace: agentgateway-system
spec:
  parentRefs:
    - name: agentgateway-proxy
      namespace: agentgateway-system
  rules:
    - backendRefs:
        - name: homeassistant-mcp-backend
          namespace: agentgateway-system
          group: agentgateway.dev
          kind: AgentgatewayBackend
      filters:
        - type: CORS
          cors:
            allowHeaders:
              - "*"               
            allowMethods:            
              - "*"              
            allowOrigins:
              - "*"
        - type: RequestHeaderModifier
          requestHeaderModifier:
            set: 
      matches:
      - path:
          type: PathPrefix
          value: /mcp-homeassistant
---
apiVersion: gateway.kgateway.dev/v1alpha1
kind: TrafficPolicy
metadata:
  name: homeassistant-mcp-transformation
  namespace: agentgateway-system
spec:
  transformation:
    request:
      set:
        - name: "Authorization"
          # Diese Inja-Funktion 'secret' ist in K-Gateway/Envoy implementiert
          value: '{{ "{{ " }} secret("agentgateway-system", "homeassistant-mcp-secret", "AUTHORIZATION_BEARER_TOKEN") {{ " }}" }}'