Last active
February 10, 2026 20:34
-
-
Save christian-posta/cbd70574c725b7a25e9982102f0ce0a6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: public-oauth-mcp | |
| namespace: enterprise-agentgateway | |
| spec: | |
| parentRefs: | |
| - name: agentgateway | |
| rules: | |
| - matches: | |
| - path: | |
| type: Exact | |
| value: /secure/mcp | |
| - path: | |
| type: Exact | |
| value: /.well-known/oauth-protected-resource/secure/mcp | |
| - path: | |
| type: Exact | |
| value: /.well-known/oauth-authorization-server/secure/mcp | |
| backendRefs: | |
| - name: public-oauth-mcp-backend | |
| group: agentgateway.dev | |
| kind: AgentgatewayBackend | |
| --- | |
| # MCP Backend with multiple targets | |
| apiVersion: agentgateway.dev/v1alpha1 | |
| kind: AgentgatewayBackend | |
| metadata: | |
| name: public-oauth-mcp-backend | |
| namespace: enterprise-agentgateway | |
| spec: | |
| mcp: | |
| targets: | |
| - name: deepwiki | |
| static: | |
| host: mcp.deepwiki.com | |
| port: 443 | |
| path: /mcp | |
| protocol: StreamableHTTP # Explicitly set protocol | |
| policies: | |
| tls: {} # Enable TLS for HTTPS backend (backendTLS equivalent) | |
| - name: microsoft | |
| static: | |
| host: learn.microsoft.com | |
| port: 443 | |
| path: /api/mcp | |
| protocol: StreamableHTTP # Explicitly set protocol | |
| policies: | |
| tls: {} # Enable TLS for HTTPS backend (backendTLS equivalent) | |
| --- | |
| # Backend for Auth0 JWKS endpoint | |
| apiVersion: agentgateway.dev/v1alpha1 | |
| kind: AgentgatewayBackend | |
| metadata: | |
| name: auth0-jwks | |
| namespace: enterprise-agentgateway | |
| spec: | |
| static: | |
| host: ceposta-solo.auth0.com | |
| port: 443 | |
| policies: | |
| tls: {} # Enable TLS for auth0 | |
| --- | |
| # Policy for CORS, header modification, and backend TLS | |
| apiVersion: enterpriseagentgateway.solo.io/v1alpha1 | |
| kind: EnterpriseAgentgatewayPolicy | |
| metadata: | |
| name: public-oauth-mcp-policy | |
| namespace: enterprise-agentgateway | |
| spec: | |
| targetRefs: | |
| - group: gateway.networking.k8s.io | |
| kind: HTTPRoute | |
| name: public-oauth-mcp | |
| backend: | |
| tls: {} # Enables TLS for backend connections | |
| mcp: | |
| authentication: | |
| mode: Optional | |
| issuer: https://ceposta-solo.auth0.com/ | |
| audiences: | |
| - https://ceposta-agw.ngrok.io/mcp | |
| jwks: | |
| backendRef: | |
| name: auth0-jwks | |
| kind: AgentgatewayBackend | |
| group: agentgateway.dev | |
| jwksPath: .well-known/jwks.json # leave off the initial / for now | |
| provider: Auth0 | |
| resourceMetadata: | |
| authorizationServers: | |
| - https://ceposta-agw.ngrok.io/secure/mcp | |
| resource: https://ceposta-agw.ngrok.io/secure/mcp | |
| scopesSupported: | |
| - profile | |
| - openid | |
| - offline_access | |
| bearerMethodsSupported: | |
| - header | |
| - body | |
| - query | |
| resourceDocumentation: https://ceposta-agw.ngrok.io/secure/mcp/docs | |
| resourcePolicyUri: https://ceposta-agw.ngrok.io/secure/mcp/policies | |
| traffic: | |
| cors: | |
| allowOrigins: | |
| - "*" | |
| allowHeaders: | |
| - "*" | |
| allowMethods: | |
| - "*" | |
| allowCredentials: false | |
| headerModifiers: | |
| request: | |
| remove: | |
| - x-forwarded-for | |
| - x-forwarded-host | |
| - x-forwarded-proto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment