removed additional mcp transport, streamlined MCP Auth resolution

[blublinsky]

Description

Type of change

• [ x] Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change

Related Tickets & Documents

• Related Issue #
  OLS-2275
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign onmete for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[blublinsky]

/retest

[onmete]

Can we rename this to just headers? I understand we use it for auth purposes now, but it can be any other arbitrary headers.

[blublinsky]

We can, but this was original name. To do this, we also need to change operator. So unless you absolutely want this, I would prefer to leave it

[onmete]

Where? I see you changed it in one of the lcore func in operator, but this service accepts only headers in the current head.

[blublinsky]

in the operator internal/controller/appserver/assets.go, line 783

[onmete]

I'm not sure if that is the right reference: https://github.com/openshift/lightspeed-operator/blob/main/internal/controller/appserver/assets.go#L783C7-L783C122
Currently it produces this config:

mcp_servers:
  - name: "openshift"
    transport: "streamable_http"
    streamable_http:
      url: "http://localhost:8080/mcp"
      timeout: 60
      sse_read_timeout: 30
      headers:
        Authorization: "kubernetes"

The authorization_headers is used for lcore config.

[blublinsky]

fixed

[onmete]

The Field should work without the Ellipsis, eg. just

name: str = Field(
    title="MCP name",
    description="MCP server name that must be unique",
)

[blublinsky]

It is required field. Thats Pydantic convention to use Elipsees

[onmete]

It is required for pydantic < 2

[blublinsky]

fixed

[onmete]

Please move up to the rest of the class attributes - before the private attr and property

[blublinsky]

done

[onmete]

Have you tested other (smaller) models? Or we just use the same thing we already have available?

[blublinsky]

both

[onmete]

This doesn't need to be in this PR, right?

[blublinsky]

I am synching operator with service. Its question of 4 PRs vs 2

[onmete]

Is it a feature of mcp servers or ols? Answer implies position in the config.

[blublinsky]

ols - tools filtering is an OLS property

[onmete]

Right, the lines were truncated in a way that it seems like it is under MCPConfig, my bad.

[onmete]

Should it also be case-insensitive for special values "kubernetes" and "client"?

[blublinsky]

Its using constants now

[onmete]

Would both of these work the same?

mcp_servers:
- name: openshift
  url: "http://localhost:8989/mcp"
  headers:
     bla: "kubernetes"

and

mcp_servers:
- name: openshift
  url: "http://localhost:8989/mcp"
  headers:
     bla: "KUBERNETES"

[asamal4]

Probably this should be a comment for operator changes.
is this going to be user facing ? We will probably end up using same embedding model what we package as part of RAG, considering on-prem scenario.

As far service is concerned, It is not aligned with the RAG embedding model property. This is in-consistent

[blublinsky]

This is a completely separate RAG. So technically here we can use a completely different model. In general I do not foresee users ever changing it, but just in case it is there. And of course it is aligned with the operator

[asamal4]

I am specifically talking about on-prem scenario where we can not download the model from huggingface. Model has to be picked from file-system/volume. For RAG use-case we are handling this. So similar processing we need to do for tool rag also. In this case we will provide a path to the embedding model..

[asamal4]

Regarding parameter name inconsistency in Service/API: Agree that this embedding model is for different purpose (and can be a different model), but IMO we should keep same parameter name in both places. For RAG the name is embeddings_model_path and here we are using embed_model. But this is not very critical. It's up to you.

[blublinsky]

fixed

[blublinsky]

/retest

[openshift-ci]

@blublinsky: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ols-cluster	df28668	link	true	/test e2e-ols-cluster

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.