LCORE passes the k8s token as a standard Authorization header

[bparees]

When using LCORE and configuring an mcp server to use "kubernetes" auth, LCORE passes the token using a standard header named "Authorization", so this PR aligns the obs-mcp server w/ that header name

[bparees]

@iNecas if there was another use case you had in mind for "kubernetes-authorization" as the header name, let me know, but this change makes it work with LCORE integration using an LCORE config like:

    mcp_servers:
      - name: "obs"
        provider_id: "model-context-protocol"
        url: http://obs-mcp-server
        authorization_headers:
          Authorization: "kubernetes"

We could always make the header name configurable, but if we don't need it i'd rather just stick with the standard Authorization header name for providing the token when using -auth-mode header

[iNecas]

We just mimicked the approach taken in other mcp servers https://github.com/openshift/cluster-health-analyzer/blob/4ba006224a882dff0fae6b89a8cbbbf1e6c05f51/pkg/mcp/server.go#L15 (uses just kuberentes-authoriazation), and containers/kubernetes-mcp-server@9ffb818#diff-c97ec8241004eb2d4bc81231071540f96e7ebb84c15ed128b44285912bd2138aR29 (uses authorization with fallback to kuberetes-authorization, but it used to be just kuberetnes-authorization frist), ligthspeed service changed it here some time ago. https://github.com/openshift/lightspeed-service/pull/2634/files.

Is this some backward incompatible change between old lightspeed-service and LCORE one?

I'm fine witt the change. I only wonder if we need to consider backward compatibility.

[iNecas]

After asking and looking around it seems like we just would need to change the header. I guess we would need keep the original ones if we wanted to working with some older OLS versions, but that's not the case. Let's get it in.

[bparees]

Is this some backward incompatible change between old lightspeed-service and LCORE one?

i'm not sure what lightspeed used to support vs now, but my understanding is now they expect an Authorization header, based on what i'm seeing in my testing.

cc @blubinsky who would have more knowledge about what header names LCORE expects to use when invoking mcp servers w/ k8s auth tokens.

[iNecas]

Approved, the PR settings requires verified signature. Mind updating @bparees ?

[bparees]

Approved, the PR settings requires verified signature. Mind updating @bparees ?

done

[bparees]

@iNecas it seems like i had a misunderstanding about how the LCORE mcp auth header is configured[1], so in theory i think LCORE could be configured to pass a header named "kubernetes-authorization" along w/ the k8s token. That said, I still think "Authorization" is a more standard header name, so i'd vote for either using that, or making the header name configurable(which seems like overkill).

[1] openshift/lightspeed-service#2705 (comment)

[iNecas]

Agreed