Add predictable Frontend token for external readonly authentication

Author: ezr-ondrej

controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go

@@ -220,8 +220,9 @@ func (ff *localFeatureFlagsProvider) EnvProvide() error {
 
 func createDefaultFFSecMap() map[string]string {
 	return map[string]string{
-		"adminAccessToken":  "*:*." + utils.RandHexString(32),
-		"clientAccessToken": "default:development." + utils.RandHexString(32),
+		"adminAccessToken":    "*:*." + utils.RandHexString(32),
+		"clientAccessToken":   "default:development." + utils.RandHexString(32),
+		"frontendAccessToken": "*:development.proxy-123",
 	}
 }
 
@@ -272,7 +273,7 @@ func makeLocalFFEdgeIngress(ff *localFeatureFlagsProvider) error {
 			IngressRuleValue: networking.IngressRuleValue{
 				HTTP: &networking.HTTPIngressRuleValue{
 					Paths: []networking.HTTPIngressPath{{
-						Path:     "/api/client/features",
+						Path:     "/api/frontend",
 						PathType: &prefixPathType,
 						Backend: networking.IngressBackend{
 							Service: &networking.IngressServiceBackend{
@@ -329,6 +330,7 @@ func makeLocalFeatureFlags(_ *crd.ClowdEnvironment, o obj.ClowdObject, objMap pr
 	envVars = provutils.AppendEnvVarsFromSecret(envVars, nn.Name,
 		provutils.NewSecretEnvVar("INIT_CLIENT_API_TOKENS", "clientAccessToken"),
 		provutils.NewSecretEnvVar("INIT_ADMIN_API_TOKENS", "adminAccessToken"),
+		provutils.NewSecretEnvVar("INIT_FRONTEND_API_TOKENS", "frontendAccessToken"),
 	)
 
 	ports := []core.ContainerPort{{