remove mcps listener configuration in favour of adding to installation doc

Patryk-Stefanski · Patryk-Stefanski · commit f224922dba69 · 2026-04-24T00:02:06.000+01:00
Signed-off-by: Patryk Stefanski &lt;pstefans@redhat.com&gt;
diff --git a/modules/proc-configure-mcp-gateway-authentication.adoc b/modules/proc-configure-mcp-gateway-authentication.adoc
@@ -127,9 +127,7 @@ spec:
 +
 [source,terminal,subs="+quotes"]
 ----
-$ oc apply -f - <<EOF
-<AuthPolicy CR from the previous step>
-EOF
+$ oc apply -f _<mcp_jwt_auth_policy.yaml>_
 ----
 
 .Verification
diff --git a/modules/proc-mcp-gateway-authorization.adoc b/modules/proc-mcp-gateway-authorization.adoc
@@ -13,40 +13,13 @@ The following example demonstrates using a Kuadrant `AuthPolicy` custom resource
 
 * You installed {mcpg}.
 * You installed {prodname}.
-* You configured a `Gateway` object with an `mcp` listener.
+* You configured a `Gateway` object with an `mcp` listener and an `mcps` listener. The `mcps` listener is required for internal `tools/call` routing and authorization.
 * You completed authentication procedures, including creating an `AuthPolicy` CR on the `mcp` listener.
 * You configured your identity provider to include `group` and `role` claims in JSON Web Tokens (JWT).
 * The identity provider client IDs match the namespaced `MCPServerRegistration` name in the format `_<namespace>_/_<mcpserverregistration_name>_`.
 
 .Procedure
 
-. Add an `mcps` listener to the `Gateway` object for internal `tools/call` routing by using the following command as an example:
-+
-[source,json,subs="+quotes"]
-----
-$ oc patch gateway _<mcp_gateway>_ -n _<gateway_system>_ --type json -p '[
-  {
-    "op": "add",
-    "path": "/spec/listeners/-",
-    "value": {
-      "name": "mcps",
-      "port": 8080,
-      "protocol": "HTTP",
-      "hostname": "*.mcp-internal.example.com",
-      "allowedRoutes": {
-        "namespaces": {
-          "from": "All"
-        }
-      }
-    }
-  }
-]'
-----
-+
-* Replace `_<mcp_gateway>_` with the name of your MCP gateway.
-* Replace `_<gateway_system>_` with the namespace of your `Gateway` object.
-* Replace `*.mcp-internal.example.com` with a wildcard hostname for your environment.
-
 . Ensure that your identity provider includes the required `group` and `role` claims in the issued JWTs. In the following example, {keycloak} is used:
 +
 .Example issued OAuth token claims:
@@ -135,9 +108,7 @@ spec:
 +
 [source,terminal,subs="+quotes"]
 ----
-$ oc apply -f - <<EOF
-<AuthPolicy CR from the previous step>
-EOF
+$ oc apply -f _<mcp_tool_auth_policy.yaml>_
 ----
 
 .Verification
