feat(agent-zero): wire fc_knowledge phase1 rollout

2026-04-29 22:58:38 -05:00
parent b1ad253dd6
commit da55220218
3 changed files with 111 additions and 15 deletions
--- a/apps/knowledge/knowledge.yaml
+++ b/apps/knowledge/knowledge.yaml
@@ -40,16 +40,16 @@ metadata:
  labels:
    app.kubernetes.io/part-of: bluejay-infra
 ---
-# MCP API key — synced from 1Password so /mcp stays gated without baking
-# secrets into Git. The PASSWORD category maps the concealed field to Secret
-# key `password`, which the Deployment reads into FlowerCore:Mcp:ApiKey:Key.
+# MCP bearer token for the read-only Agent Zero Phase 1 lane. The 1Password
+# item currently stores the raw token in its concealed PASSWORD field, which
+# the operator syncs into the namespaced Secret key `password`.
 apiVersion: onepassword.com/v1
 kind: OnePasswordItem
 metadata:
-  name: knowledge-mcp-api-key
+  name: knowledge-mcp-tokens
  namespace: knowledge
 spec:
-  itemPath: "vaults/IAmWorkin/items/KnowledgeApiKey"
+  itemPath: "vaults/IAmWorkin/items/FlowerCore Knowledge MCP Tokens"
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -102,8 +102,17 @@ spec:
        - name: web
          # Placeholder tag — bump to the image you built + imported to ALL
          # RKE2 nodes via scripts/deploy-knowledge.sh before applying.
-          image: localhost/fc-knowledge-web:v202604272200
+          image: localhost/fc-knowledge-web:v20260429225548
          imagePullPolicy: Never
+          command:
+            - /bin/sh
+            - -c
+          args:
+            - |
+              if [ -n "${KNOWLEDGE_MCP_BEARER_TOKEN:-}" ]; then
+                export FlowerCore__Mcp__ApiKey__Key="Bearer ${KNOWLEDGE_MCP_BEARER_TOKEN}"
+              fi
+              exec dotnet FlowerCore.Knowledge.Web.dll
          ports:
            - containerPort: 8080
              name: http
@@ -135,10 +144,12 @@ spec:
            # workstation GPU when present.
            - name: FlowerCore__Ollama__BaseUrl
              value: "http://10.0.57.17:11434"
-            - name: FlowerCore__Mcp__ApiKey__Key
+            - name: FlowerCore__Mcp__ApiKey__HeaderName
+              value: "Authorization"
+            - name: KNOWLEDGE_MCP_BEARER_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: knowledge-mcp-api-key
+                  name: knowledge-mcp-tokens
                  key: password
          resources:
            requests: