deploy: add MCP gateway for Agent Zero

apps/telephony/telephony.yaml

@@ -25,17 +25,25 @@ data:
 ---
 # 1Password → K8s Secret sync for Twilio credentials
 # Creates secret "twilio-credentials" with fields: AccountSid, AuthToken, DefaultFromNumber
-apiVersion: onepassword.com/v1
-kind: OnePasswordItem
-metadata:
-  name: twilio-credentials
-  namespace: telephony
-spec:
-  itemPath: "vaults/IAmWorkin/items/Twilio Account"
----
-# Application configuration overlay
-apiVersion: v1
-kind: ConfigMap
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: twilio-credentials
+  namespace: telephony
+spec:
+  itemPath: "vaults/IAmWorkin/items/Twilio Account"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: telephony-mcp-keys
+  namespace: telephony
+spec:
+  itemPath: "vaults/IAmWorkin/items/Twilio IVR MCP Token (Agent Zero)"
+---
+# Application configuration overlay
+apiVersion: v1
+kind: ConfigMap
 metadata:
   name: telephony-config
   namespace: telephony
@@ -180,14 +188,20 @@ spec:
                   name: twilio-credentials
                   key: AuthToken
                   optional: true
-            - name: Telephony__Twilio__DefaultFromNumber
-              valueFrom:
-                secretKeyRef:
-                  name: twilio-credentials
-                  key: DefaultFromNumber
-                  optional: true
-            # Env vars OVERRIDE appsettings.Production.json in ASP.NET Core config.
-            # These were previously applied live-only (kubectl) and drifted from git;
+            - name: Telephony__Twilio__DefaultFromNumber
+              valueFrom:
+                secretKeyRef:
+                  name: twilio-credentials
+                  key: DefaultFromNumber
+                  optional: true
+            - name: FlowerCore__Mcp__ApiKey__Key
+              valueFrom:
+                secretKeyRef:
+                  name: telephony-mcp-keys
+                  key: credential
+                  optional: true
+            # Env vars OVERRIDE appsettings.Production.json in ASP.NET Core config.
+            # These were previously applied live-only (kubectl) and drifted from git;
             # codified here so git is the source of truth. Tts__PiperUrl is the real
             # TTS cutover lever (the configmap "Tts" block is shadowed by this env).
             - name: Tts__PiperUrl
@@ -301,17 +315,25 @@ spec:
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: traefik-system
-    # Allow Selenium Grid for automated UI testing
-    - from:
-        - namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: selenium
-      ports:
-        - port: 5100
-          protocol: TCP
-    # Allow SIP/RTP from external sources (Yealink phones, Twilio SIP trunk)
-    - from:
-        - ipBlock:
+    # Allow Selenium Grid for automated UI testing
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: selenium
+      ports:
+        - port: 5100
+          protocol: TCP
+    # Allow FlowerCore.Mcp.Gateway to reach Telephony /mcp on the destination pod port.
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: fc-gateway
+      ports:
+        - port: 5100
+          protocol: TCP
+    # Allow SIP/RTP from external sources (Yealink phones, Twilio SIP trunk)
+    - from:
+        - ipBlock:
             cidr: 0.0.0.0/0
       ports:
         - port: 5060