Move Vault URL into environment settings

The Phalanx command-line tool will need the Vault URL for each
environment in the environment settings, so move the setting there
from the vault-secrets-operator values files, and inject that value
into the vault-secrets-operator chart using Argo CD.

applications/vault-secrets-operator/README.md

@@ -10,5 +10,5 @@
 |-----|------|---------|-------------|
 | vault-secrets-operator.environmentVars | list | Set `VAULT_TOKEN` and `VAULT_TOKEN_LEASE_DURATION` from secret | Additional environment variables used to configure the operator |
 | vault-secrets-operator.serviceAccount.createSecret | bool | `false` | Disable creation of a secret for the service account. It shouldn't be needed and it conflicts with the secret we create that contains the credentials for talking to Vault. |
-| vault-secrets-operator.vault.address | string | `"https://vault.lsst.codes"` | URL of the underlying Vault implementation |
+| vault-secrets-operator.vault.address | string | Set by Argo CD | URL of the underlying Vault implementation |
 | vault-secrets-operator.vault.reconciliationTime | int | `60` | Sync secrets from vault on this cadence |

applications/vault-secrets-operator/values-ccin2p3.yaml

@@ -1,14 +0,0 @@
-vault-secrets-operator:
-  environmentVars:
-    - name: VAULT_TOKEN
-      valueFrom:
-        secretKeyRef:
-          name: vault-secrets-operator
-          key: VAULT_TOKEN
-    - name: VAULT_TOKEN_LEASE_DURATION
-      valueFrom:
-        secretKeyRef:
-          name: vault-secrets-operator
-          key: VAULT_TOKEN_LEASE_DURATION
-  vault:
-    address: "https://vault.lsst.codes"

applications/vault-secrets-operator/values-usdf-tel-rsp.yaml

@@ -18,5 +18,4 @@ vault-secrets-operator:
           name: vault-secrets-operator
           key: VAULT_TOKEN_MAX_TTL
   vault:
-    address: "https://vault.slac.stanford.edu"
     authMethod: approle

applications/vault-secrets-operator/values-usdfdev.yaml

@@ -18,5 +18,4 @@ vault-secrets-operator:
           name: vault-secrets-operator
           key: VAULT_TOKEN_MAX_TTL
   vault:
-    address: "https://vault.slac.stanford.edu"
     authMethod: approle

applications/vault-secrets-operator/values-usdfprod.yaml

@@ -18,5 +18,4 @@ vault-secrets-operator:
           name: vault-secrets-operator
           key: VAULT_TOKEN_MAX_TTL
   vault:
-    address: "https://vault.slac.stanford.edu"
     authMethod: approle

applications/vault-secrets-operator/values.yaml

@@ -23,6 +23,7 @@ vault-secrets-operator:
 
   vault:
     # -- URL of the underlying Vault implementation
+    # @default -- Set by Argo CD
     address: "https://vault.lsst.codes"
 
     # -- Sync secrets from vault on this cadence

environments/README.md

@@ -54,4 +54,5 @@
 | times-square.enabled | bool | `false` |  |
 | vault-secrets-operator.enabled | bool | `false` |  |
 | vaultPathPrefix | string | None, must be set | Prefix for Vault secrets for this environment |
+| vaultUrl | string | None, must be set | URL of Vault server for this environment |
 | vo-cutouts.enabled | bool | `false` |  |

environments/templates/vault-secrets-operator-application.yaml

@@ -16,6 +16,9 @@ spec:
     repoURL: {{ .Values.repoURL }}
     targetRevision: {{ .Values.targetRevision }}
     helm:
+      parameters:
+        - name: "vault-secrets-operator.vault.address"
+          value: {{ .Values.vaultUrl | quote }}
       valueFiles:
         - "values.yaml"
         - "values-{{ .Values.environment }}.yaml"

environments/values-base.yaml

@@ -1,5 +1,6 @@
 environment: base
 fqdn: base-lsp.lsst.codes
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/base-lsp.lsst.codes
 
 alert-stream-broker:

environments/values-ccin2p3.yaml

@@ -1,5 +1,6 @@
 environment: ccin2p3
 fqdn: data-dev.lsst.eu
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/rsp-cc
 
 alert-stream-broker:

environments/values-idfdev.yaml

@@ -1,5 +1,6 @@
 environment: idfdev
 fqdn: data-dev.lsst.cloud
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/data-dev.lsst.cloud
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-dev-repos.yaml"
 

environments/values-idfint.yaml

@@ -1,5 +1,6 @@
 environment: idfint
 fqdn: data-int.lsst.cloud
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/data-int.lsst.cloud
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-int-repos.yaml"
 

environments/values-idfprod.yaml

@@ -1,5 +1,6 @@
 environment: idfprod
 fqdn: data.lsst.cloud
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/data.lsst.cloud
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-repos.yaml"
 

environments/values-minikube.yaml

@@ -1,5 +1,6 @@
 environment: minikube
 fqdn: minikube.lsst.codes
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/minikube.lsst.codes
 
 alert-stream-broker:

environments/values-roe.yaml

@@ -1,5 +1,6 @@
 environment: roe
 fqdn: rsp.lsst.ac.uk
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/roe
 
 alert-stream-broker:

environments/values-roundtable-dev.yaml

@@ -1,5 +1,6 @@
 environment: roundtable-dev
 fqdn: roundtable-dev.lsst.cloud
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/roundtable-dev.lsst.cloud
 
 alert-stream-broker:

environments/values-roundtable-prod.yaml

@@ -1,5 +1,6 @@
 environment: roundtable-prod
 fqdn: roundtable.lsst.cloud
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/roundtable.lsst.cloud
 
 alert-stream-broker:

environments/values-summit.yaml

@@ -1,5 +1,6 @@
 environment: summit
 fqdn: summit-lsp.lsst.codes
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/summit-lsp.lsst.codes
 
 alert-stream-broker:

environments/values-tucson-teststand.yaml

@@ -1,5 +1,6 @@
 environment: tucson-teststand
 fqdn: tucson-teststand.lsst.codes
+vaultUrl: "https://vault.lsst.codes"
 vaultPathPrefix: secret/k8s_operator/tucson-teststand.lsst.codes
 
 alert-stream-broker:

environments/values-usdf-tel-rsp.yaml

@@ -1,8 +1,7 @@
 environment: usdf-tel-rsp
 fqdn: usdf-tel-rsp.slac.stanford.edu
+vaultUrl: "https://vault.slac.stanford.edu"
 vaultPathPrefix: secret/rubin/usdf-tel-rsp
-# butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-repos.yaml"
-repoURL: https://github.com/lsst-sqre/phalanx.git
 
 alert-stream-broker:
   enabled: false

environments/values-usdfdev.yaml

@@ -1,8 +1,7 @@
 environment: usdfdev
 fqdn: usdf-rsp-dev.slac.stanford.edu
+vaultUrl: "https://vault.slac.stanford.edu"
 vaultPathPrefix: secret/rubin/usdf-rsp-dev
-# butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-repos.yaml"
-repoURL: https://github.com/lsst-sqre/phalanx.git
 
 alert-stream-broker:
   enabled: true

environments/values-usdfprod.yaml

@@ -1,8 +1,7 @@
 environment: usdfprod
 fqdn: usdf-rsp.slac.stanford.edu
+vaultUrl: "https://vault.slac.stanford.edu"
 vaultPathPrefix: secret/rubin/usdf-rsp
-# butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-repos.yaml"
-repoURL: https://github.com/lsst-sqre/phalanx.git
 
 alert-stream-broker:
   enabled: false

environments/values.yaml

@@ -8,6 +8,10 @@ environment: ""
 # @default -- None, must be set
 fqdn: ""
 
+# -- URL of Vault server for this environment
+# @default -- None, must be set
+vaultUrl: ""
+
 # -- Prefix for Vault secrets for this environment
 # @default -- None, must be set
 vaultPathPrefix: ""