Merge pull request #3937 from lsst-sqre/tickets/DM-47837

DM-47837: Tag every GafaelfawrIngress with a service

applications/alert-stream-broker/charts/alert-database/templates/ingress.yaml

@@ -10,6 +10,7 @@ config:
   scopes:
     all:
       - "read:alertdb"
+  service: "alert-stream-broker"
 template:
   metadata:
     name: {{ template "alertDatabase.fullname" . }}

applications/argo-workflows/templates/ingress.yaml

@@ -4,9 +4,10 @@ metadata:
   name: argo-workflows
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all: {{ .Values.ingress.scopes }}
-  loginRedirect: true
+  service: "argo-workflows"
 template:
   metadata:
     name: argo-workflows

applications/butler/templates/ingress-authenticated.yaml

@@ -16,6 +16,7 @@ config:
     internal:
       service: "butler"
       scopes: []
+  service: "butler"
 
 template:
   metadata:

applications/checkerboard/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:checkerboard"
+  service: "checkerboard"
 template:
   metadata:
     name: {{ template "checkerboard.fullname" . }}

applications/cm-service/templates/ingress.yaml

@@ -10,6 +10,7 @@ config:
   scopes:
     all:
       - "exec:internal-tools"
+  service: "cm-service"
 template:
   metadata:
     name: "cm-service"

applications/consdb/templates/ingress.yaml

@@ -11,6 +11,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "consdb"
 template:
   metadata:
     name: "consdb-pq"

applications/datalinker/templates/ingress-image.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "datalinker"
   # Request a delegated token to use for making calls to Butler server with the
   # end-user's credentials.
   delegate:

applications/datalinker/templates/ingress-tap.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:tap"
+  service: "datalinker"
 template:
   metadata:
     name: {{ include "datalinker.fullname" . }}-tap

applications/exposurelog/templates/ingress.yaml

@@ -11,6 +11,7 @@ config:
   scopes:
     all:
       - "exec:internal-tools"
+  service: "exposurelog"
   {{- else }}
   scopes:
     anonymous: true

applications/fastapi-bootcamp/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "fastapi-bootcamp"
 template:
   metadata:
     name: "fastapi-bootcamp"

applications/ghostwriter/templates/ingress-toplevel.yaml

@@ -11,6 +11,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "ghostwriter"
   delegate:
     notebook: {}
 template:

applications/ghostwriter/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "ghostwriter"
   delegate:
     notebook: {}
 template:

applications/giftless/templates/ingress.yaml

@@ -91,6 +91,7 @@ config:
   scopes:
     all:
       - "write:git-lfs"
+  service: "giftless"
 template:
   metadata:
     name: {{ template "giftless.fullname" . }}-rw

applications/hips/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "hips"
 template:
   metadata:
     name: "hips"

applications/jira-data-proxy/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "jira-data-proxy.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: false # endpoint is for API use only
   scopes:
     all:
       - "exec:notebook"
-  loginRedirect: false # endpoint is for API use only
+  service: "jira-data-proxy"
 template:
   metadata:
     name: "jira-data-proxy"

applications/livetap/README.md

@@ -16,7 +16,8 @@ IVOA TAP service
 | cadc-tap.config.pg.host | string | `"mock-pg:5432"` (the mock pg) | Postgres hostname:port to connect to |
 | cadc-tap.config.pg.username | string | `"rubin"` | Postgres username to use to connect |
 | cadc-tap.config.vaultSecretName | string | `"livetap"` | Vault secret name: the final key in the vault path |
-| cadc-tap.ingress.path | string | `"live"` |  |
+| cadc-tap.ingress.path | string | `"live"` | Ingress path that should be routed to this service |
+| cadc-tap.service | string | `"livetap"` | Name of the service from Gafaelfawr's perspective |
 | global.baseUrl | string | Set by Argo CD | Base URL for the environment |
 | global.host | string | Set by Argo CD | Host name for ingress |
 | global.vaultSecretsPath | string | Set by Argo CD | Base path for Vault secrets |

applications/livetap/values.yaml

@@ -1,6 +1,6 @@
 cadc-tap:
-  # Settings for the ingress rules.
   ingress:
+    # -- Ingress path that should be routed to this service
     path: "live"
 
   config:
@@ -21,6 +21,9 @@ cadc-tap:
     # -- Vault secret name: the final key in the vault path
     vaultSecretName: "livetap"
 
+  # -- Name of the service from Gafaelfawr's perspective
+  service: "livetap"
+
 # The following will be set by parameters injected by Argo CD and should not
 # be set in the individual environment values files.
 global:

applications/mobu/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "mobu.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:admin"
-  loginRedirect: true
+  service: "mobu"
 template:
   metadata:
     name: {{ template "mobu.fullname" . }}

applications/narrativelog/templates/ingress.yaml

@@ -11,6 +11,7 @@ config:
   scopes:
     all:
       - "exec:internal-tools"
+  service: "narrativelog"
   {{- else }}
   scopes:
     anonymous: true

applications/nightreport/templates/ingress.yaml

@@ -11,6 +11,7 @@ config:
   scopes:
     all:
       - "exec:internal-tools"
+  service: "nightreport"
   {{- else }}
   scopes:
     anonymous: true

applications/noteburst/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "noteburst.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:notebook"
-  loginRedirect: true
+  service: "noteburst"
 template:
   metadata:
     name: {{ template "noteburst.fullname" . }}

applications/nublado/templates/controller-ingress-admin.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "exec:admin"
+  service: "nublado-controller"
 template:
   metadata:
     name: "controller-admin"

applications/nublado/templates/controller-ingress-files.yaml

@@ -10,9 +10,10 @@ config:
   scopes:
     all:
       - "write:files"
+  service: "nublado-files"
   delegate:
     internal:
-      service: "nublado"
+      service: "nublado-files"
       scopes: []
 template:
   metadata:

applications/nublado/templates/controller-ingress-hub.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "admin:jupyterlab"
+  service: "nublado-controller"
 template:
   metadata:
     name: "controller-hub"

applications/nublado/templates/controller-ingress-user.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "exec:notebook"
+  service: "nublado-controller"
   delegate:
     notebook: {}
 template:

applications/nublado/templates/proxy-ingress.yaml

@@ -7,10 +7,11 @@ metadata:
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
   authCacheDuration: "5m"
+  loginRedirect: true
   scopes:
     all:
       - "exec:notebook"
-  loginRedirect: true
+  service: "nublado"
   delegate:
     notebook: {}
 template:

applications/nublado/templates/proxy-spawn-ingress.yaml

@@ -7,10 +7,11 @@ metadata:
     {{- include "nublado.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:notebook"
-  loginRedirect: true
+  service: "nublado"
   delegate:
     {{- if .Values.hub.minimumTokenLifetime }}
     minimumLifetime: {{ .Values.hub.minimumTokenLifetime }}

applications/obsenv-management/charts/obsenv-ui/templates/ingress.yaml

@@ -10,9 +10,10 @@ config:
   scopes:
     all:
       - "exec:internal-tools"
+  service: "obsenv-ui"
   delegate:
     internal:
-      service: "obsenv-api"
+      service: "obsenv-ui"
       scopes: []
 template:
   metadata:

applications/ook/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "ook.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:admin"
-  loginRedirect: true
+  service: "ook"
 template:
   metadata:
     name: {{ template "ook.fullname" . }}

applications/plot-navigator/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "plot-navigator.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:portal"
-  loginRedirect: true
+  service: "plot-navigator"
   delegate:
     internal:
       scopes: []

applications/portal/templates/ingress-admin.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "portal.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:admin"
-  loginRedirect: true
+  service: "portal"
 template:
   metadata:
     name: {{ include "portal.fullname" . }}-admin

applications/portal/templates/ingress.yaml

@@ -7,10 +7,11 @@ metadata:
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
   authCacheDuration: "5m"
+  loginRedirect: true
   scopes:
     all:
       - "exec:portal"
-  loginRedirect: true
+  service: "portal"
   delegate:
     internal:
       service: "portal"

applications/ppdb-replication/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "ppdb-replication"
 template:
   metadata:
     name: "ppdb-replication"

applications/production-tools/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "production-tools.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:portal"
-  loginRedirect: true
+  service: "production-tools"
 template:
   metadata:
     name: {{ template "production-tools.fullname" . }}

applications/s3proxy/templates/ingress.yaml

@@ -13,6 +13,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "s3proxy"
 template:
   metadata:
     name: "s3proxy"

applications/schedview-snapshot/templates/ingress.yaml

@@ -6,10 +6,11 @@ metadata:
     {{- include "schedview-snapshot.labels" . | nindent 4 }}
 config:
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: true
   scopes:
     all:
       - "exec:portal"
-  loginRedirect: true
+  service: "schedview-snapshot"
 template:
   metadata:
     name: "schedview-snapshot"

applications/sia/templates/ingress.yaml

@@ -9,6 +9,7 @@ config:
   scopes:
     all:
       - "read:image"
+  service: "sia"
   delegate:
     internal:
       service: "sia"

applications/siav2/templates/ingress.yaml

@@ -7,16 +7,17 @@ metadata:
 config:
   authType: "basic"
   baseUrl: {{ .Values.global.baseUrl | quote }}
+  loginRedirect: false
+  scopes:
+    all:
+      - "read:image"
+  service: "siav2"
   delegate:
     internal:
       scopes:
-      - read:tap
+        - "read:tap"
       service: "siav2"
     useAuthorization: true
-  loginRedirect: false
-  scopes:
-    all:
-    - read:image
 template:
   metadata:
     name: "siav2-authenticated"