agent-zero: connect fc_dms MCP (product-manager fan-out, first server)
AZ only had fc_chat (chat-session) + fc_knowledge (RAG) — so it had no product capabilities (the 'mysql manager' gap). Wire fc_dms (dynamic message signs, ~13 tools): OnePasswordItem dms-mcp-keys (1P 'FlowerCore DMS MCP Keys' field credential) -> DMS_MCP_API_KEY -> X-Api-Key; builder adds fc_dms; netpol egress fc-dms:80. Proven: dms-web/mcp returns 200 with this key. presentations/messageboard/ segmentdisplay/telephony 1P MCP-key items exist for the same pattern; mysql+signage need 1P items provisioned first (mysql/mcp 401s with no key). Watch context budget.
This commit is contained in:
Andrew Stoltz
@@ -139,6 +139,20 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
itemPath: "vaults/IAmWorkin/items/FlowerCore Knowledge MCP Tokens"
|
itemPath: "vaults/IAmWorkin/items/FlowerCore Knowledge MCP Tokens"
|
||||||
|
|
||||||
|
---
|
||||||
|
# FlowerCore DMS Manager MCP key (product-manager fan-out). Synced from the
|
||||||
|
# 1Password "FlowerCore DMS MCP Keys" item (field `credential`) into Secret
|
||||||
|
# `dms-mcp-keys`; the deployment reads it as DMS_MCP_API_KEY for the fc_dms
|
||||||
|
# MCP server. presentations/messageboard/segmentdisplay/telephony 1P MCP-key
|
||||||
|
# items also exist and follow this same pattern when added.
|
||||||
|
apiVersion: onepassword.com/v1
|
||||||
|
kind: OnePasswordItem
|
||||||
|
metadata:
|
||||||
|
name: dms-mcp-keys
|
||||||
|
namespace: agent-zero
|
||||||
|
spec:
|
||||||
|
itemPath: "vaults/IAmWorkin/items/FlowerCore DMS MCP Keys"
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@@ -276,7 +290,7 @@ spec:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
export A0_SET_mcp_servers="$(
|
export A0_SET_mcp_servers="$(
|
||||||
python3 -c 'import json, os; servers = {}; chat_key = os.getenv("CHAT_MCP_API_KEY"); knowledge_enabled = os.getenv("KNOWLEDGE_MCP_ENABLED", "false").lower() == "true"; token = os.getenv("KNOWLEDGE_MCP_BEARER_TOKEN", "") if knowledge_enabled else ""; chat_key and servers.setdefault("fc_chat", {"type": "streamable-http", "url": "http://chat-web.fc-chat.svc/mcp", "headers": {"X-Api-Key": chat_key}}); token and servers.setdefault("fc_knowledge", {"type": "streamable-http", "url": os.getenv("KNOWLEDGE_MCP_URL", "http://knowledge-web.knowledge.svc/mcp"), "headers": {"Authorization": f"Bearer {token}"}}); print(json.dumps({"mcpServers": servers}, separators=(",", ":")))'
|
python3 -c 'import json, os; servers = {}; chat_key = os.getenv("CHAT_MCP_API_KEY"); knowledge_enabled = os.getenv("KNOWLEDGE_MCP_ENABLED", "false").lower() == "true"; token = os.getenv("KNOWLEDGE_MCP_BEARER_TOKEN", "") if knowledge_enabled else ""; chat_key and servers.setdefault("fc_chat", {"type": "streamable-http", "url": "http://chat-web.fc-chat.svc/mcp", "headers": {"X-Api-Key": chat_key}}); token and servers.setdefault("fc_knowledge", {"type": "streamable-http", "url": os.getenv("KNOWLEDGE_MCP_URL", "http://knowledge-web.knowledge.svc/mcp"), "headers": {"Authorization": f"Bearer {token}"}}); dms_key = os.getenv("DMS_MCP_API_KEY"); dms_key and servers.setdefault("fc_dms", {"type": "streamable-http", "url": os.getenv("DMS_MCP_URL", "http://dms-web.fc-dms.svc/mcp"), "headers": {"X-Api-Key": dms_key}}); print(json.dumps({"mcpServers": servers}, separators=(",", ":")))'
|
||||||
)"
|
)"
|
||||||
# Run the original entrypoint
|
# Run the original entrypoint
|
||||||
exec /exe/initialize.sh $BRANCH
|
exec /exe/initialize.sh $BRANCH
|
||||||
@@ -393,6 +407,20 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: knowledge-mcp-tokens
|
name: knowledge-mcp-tokens
|
||||||
key: password
|
key: password
|
||||||
|
# FlowerCore DMS Manager MCP (dynamic message signs) — first of the
|
||||||
|
# product-manager MCP fan-out. dms-web /mcp requires X-Api-Key; the key
|
||||||
|
# is synced from 1Password "FlowerCore DMS MCP Keys" (field credential)
|
||||||
|
# by the dms-mcp-keys OnePasswordItem CRD above. Same builder+env+netpol
|
||||||
|
# pattern extends to presentations/messageboard/segmentdisplay/telephony
|
||||||
|
# (all have 1P MCP-key items). MySQL + Signage still need 1P MCP items
|
||||||
|
# provisioned before they can join (mysql-web /mcp 401s with no key today).
|
||||||
|
- name: DMS_MCP_URL
|
||||||
|
value: "http://dms-web.fc-dms.svc/mcp"
|
||||||
|
- name: DMS_MCP_API_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: dms-mcp-keys
|
||||||
|
key: credential
|
||||||
# Print.Web — Thermal printer service on edge2.
|
# Print.Web — Thermal printer service on edge2.
|
||||||
# PRINT_WEB_URL: internal HTTP (bypasses Traefik TLS — print_web.py
|
# PRINT_WEB_URL: internal HTTP (bypasses Traefik TLS — print_web.py
|
||||||
# runs in-cluster and can reach edge2 directly on the PROD VLAN).
|
# runs in-cluster and can reach edge2 directly on the PROD VLAN).
|
||||||
@@ -637,6 +665,16 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- port: 5300
|
- port: 5300
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
# FlowerCore DMS Manager MCP (product-manager fan-out) — in-cluster
|
||||||
|
# dms-web on port 80. Every in-cluster MCP target needs an explicit
|
||||||
|
# egress allow (the policy denies private ranges by default).
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: fc-dms
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
protocol: TCP
|
||||||
# Allow internet (for kubectl image pull, etc)
|
# Allow internet (for kubectl image pull, etc)
|
||||||
- to:
|
- to:
|
||||||
- ipBlock:
|
- ipBlock:
|
||||||
|
|||||||
Reference in New Issue
Block a user