feat(argocd-mcp): 啟用 ArgoCD MCP Provider + token 注入流程
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled

- config.py: ARGOCD_URL → https://192.168.0.125:30443(實際 HTTPS NodePort)
- config.py: ARGOCD_MCP_ENABLED=True + SENTRY_MCP_ENABLED=True(預設啟用)
- cd.yaml: 新增 ARGOCD_API_TOKEN Gitea Secret → K8s Secret 注入步驟
- K8s: ARGOCD_API_TOKEN 已手動注入 awoooi-secrets + API pods 已 rollout restart
- ArgoCD: 已開啟 admin account apiKey capability

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-04-11 09:32:28 +08:00
parent f14ca4b117
commit 5d78c5492b
2 changed files with 15 additions and 4 deletions

View File

@@ -230,6 +230,8 @@ jobs:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# ADR-059 2026-04-05: Gitea Webhook Secret (GITEA_ 前綴為保留字,改用 AWOOOI_ 前綴)
GITEA_WEBHOOK_SECRET: ${{ secrets.AWOOOI_GITEA_WEBHOOK_SECRET }}
# MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6)
ARGOCD_API_TOKEN: ${{ secrets.ARGOCD_API_TOKEN }}
run: |
# S1/S2: 統一命名 deploy_key改用 ssh-keyscan比 StrictHostKeyChecking=no 更安全)
mkdir -p ~/.ssh
@@ -301,6 +303,15 @@ jobs:
echo "⚠️ GITEA_WEBHOOK_SECRET 未設定Gitea Webhook 簽章驗證將在 prod 失效"
fi
# MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6)
if [ -n "${ARGOCD_API_TOKEN}" ]; then
sudo kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' -p='[
{"op":"add","path":"/data/ARGOCD_API_TOKEN","value":"'$(echo -n "${ARGOCD_API_TOKEN}" | base64 -w 0)'"}
]' && echo "✅ ARGOCD_API_TOKEN 已注入" || echo "⚠️ ARGOCD_API_TOKEN patch 失敗"
else
echo "⚠️ ARGOCD_API_TOKEN 未設定ArgoCD MCP 將使用空 token"
fi
# 2026-04-06 Claude Code: Sprint 3 T2 — known_hosts Secret (Security Fix A1)
# 替換 StrictHostKeyChecking=no讓 SSH 修復路徑使用已知主機指紋
ssh-keyscan -H 192.168.0.110 > /tmp/known_hosts_repair 2>/dev/null

View File

@@ -542,22 +542,22 @@ class Settings(BaseSettings):
# MCP Phase 3: ArgoCD MCP Server (2026-04-11 Claude Sonnet 4.6)
# ==========================================================================
ARGOCD_URL: str = Field(
default="http://192.168.0.125:32080",
description="ArgoCD API Server URLK3s NodePort",
default="https://192.168.0.125:30443",
description="ArgoCD API Server URLK3s NodePort HTTPS",
)
ARGOCD_API_TOKEN: str = Field(
default="",
description="ArgoCD API Token從 K8s Secret 取得)",
)
ARGOCD_MCP_ENABLED: bool = Field(
default=False,
default=True,
description="啟用 ArgoCD MCP Provider需 ARGOCD_API_TOKEN",
)
# MCP Phase 3: Sentry MCP Server (2026-04-11 Claude Sonnet 4.6)
# ==========================================================================
SENTRY_MCP_ENABLED: bool = Field(
default=False,
default=True,
description="啟用 Sentry MCP Provider需 SENTRY_AUTH_TOKEN",
)