feat(mcp): MCP Phase 2a — SSH MCP key volume + SSH/ArgoCD/Sentry MCP 啟用

- 06-deployment-api.yaml: ssh-mcp-key volume 定義（optional: true, 0400）
- 04-configmap.yaml: SSH_MCP_ENABLED/KNOWN_HOSTS_FILE + ARGOCD_MCP_ENABLED + SENTRY_MCP_ENABLED

MCP Phase 1-4 全部實作完成，10 providers 全部已啟用（ArgoCD/Sentry/SSH 需人工 Secret）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

k8s/awoooi-prod/04-configmap.yaml

@@ -102,3 +102,13 @@ data:
   # in-cluster config 讀到 10.43.0.1，但 iptables/kube-proxy 沒把流量導到實際 API server
   # 用此 URL 覆蓋 host，讓 executor 直接打 K3s API server node IP
   K8S_API_SERVER_URL: "https://192.168.0.120:6443"
+
+  # MCP Phase 2a (2026-04-11 Claude Sonnet 4.6): SSH MCP 啟用
+  # SSH_MCP_ENABLED=true 需確認 ssh-mcp-key Secret 已建立且 188 已加 authorized_keys
+  SSH_MCP_ENABLED: "true"
+  SSH_MCP_KNOWN_HOSTS_FILE: "/etc/ssh-mcp/known_hosts"
+  # MCP Phase 3 (2026-04-11 Claude Sonnet 4.6): ArgoCD + Sentry MCP 啟用
+  # ARGOCD_API_TOKEN 在 Secrets 中配置
+  ARGOCD_MCP_ENABLED: "true"
+  ARGOCD_URL: "https://192.168.0.125:30443"
+  SENTRY_MCP_ENABLED: "true"

k8s/awoooi-prod/06-deployment-api.yaml

@@ -71,6 +71,10 @@ spec:
               mountPath: /app/ops/config/service-registry.yaml
               subPath: service-registry.yaml
               readOnly: true
+            # MCP Phase 2a (2026-04-11 Claude Sonnet 4.6): SSH MCP key
+            - name: ssh-mcp-key
+              mountPath: /etc/ssh-mcp
+              readOnly: true
           resources:
             requests:
               cpu: "200m"
@@ -129,6 +133,13 @@ spec:
         - name: service-registry
           configMap:
             name: service-registry
+        # MCP Phase 2a (2026-04-11 Claude Sonnet 4.6): SSH MCP key
+        # optional: true — SSH MCP 預設關閉，Secret 不存在時 Pod 不阻塞
+        - name: ssh-mcp-key
+          secret:
+            secretName: ssh-mcp-key
+            defaultMode: 0400
+            optional: true
 
 ---
 apiVersion: v1