Ingress Hostname and Path collision at Tenant level

[prometherion]

Closes #358.

On CapsuleConfiguration API side, the collision flags have been removed since this is going to be managed at Tenant level, also for the Tenant allowed hostnames.

Now the collision check is taking care also of the path, allowing creating several Ingress but with different path since it's a quite common pattern due to some limitations of specific Ingress Controller.

Last but not least, on v1beta a new IngressOptions struct has been implemented, grouping allowed IngressClass, allowed hostnames, and the new scope feature (backported to v1alpha1 too with the annotation ingress.capsule.clastix.io/hostname-collision-scope accepting one of the enum values Cluster, Tenant, Namespace, Disabled, this latter one the default).

[MaxFedotov]

Hi Dario! Thanks a lot for the great work - this ability to check also for path in collisions is what we are looking for! The only thing I want to mention, so we won't forget it when this will be merged - we had to update https://github.com/clastix/capsule-proxy/tree/master/internal/modules/ingressclass, as tenant spec changed

[prometherion]

Thanks @MaxFedotov, I totally forgot it: should be easy to achieve, BTW.

Going to open an issue on proxy side referencing your comment.

[MaxFedotov]

lgtm!

[bsctl]

@prometherion
noted that when collision is detected, the error message does not return the colliding ingress, "STDIN" is reported instead.

Error from server (hostname web.uno.fastcloud.it is already used across the cluster: please, reach out to the system administrators): error when creating "STDIN": admission webhook "ingress.capsule.clastix.io" denied the request: hostname web.uno.fastcloud.it is already used across the cluster: please, reach out to the system administrators

Also the collision events are not recorded in kubectl describe tnt <tenant>

[prometherion]

We had a bug in the Event recording, fixed with last commit.

[bsctl]

Events are now emitted and collected

Events:
  Type     Reason                    Age                From               Message
  ----     ------                    ----               ----               -------
  Normal   NamespaceCreationWebhook  12m                tenant-webhook     Namespace due-production has been assigned to the desired Tenant
  Normal   due-production            11m (x4 over 12m)  tenant-controller  Ensuring Namespace metadata
  Normal   due-production            11m (x4 over 12m)  tenant-controller  Ensuring Capsule RoleBinding namespace:admin
  Normal   due-production            11m (x4 over 12m)  tenant-controller  Ensuring Capsule RoleBinding namespace-deleter
  Normal   NamespaceCreationWebhook  11m                tenant-webhook     Namespace due-development has been assigned to the desired Tenant
  Normal   due-development           11m (x2 over 11m)  tenant-controller  Ensuring Namespace metadata
  Normal   due-development           11m (x2 over 11m)  tenant-controller  Ensuring Capsule RoleBinding namespace:admin
  Normal   due-development           11m (x2 over 11m)  tenant-controller  Ensuring Capsule RoleBinding namespace-deleter
  Warning  IngressHostnameCollision  10m                tenant-webhook     Ingress due-production/example hostname is colliding

[bsctl]

Unfortunately, still see the Ingress referenced as STDIN in the error message:

Error from server (hostname web.fastcloud.it is already used across the cluster: please, reach out to the system administrators): error when creating "STDIN": admission webhook "ingress.capsule.clastix.io" denied the request: hostname web.fastcloud.it is already used across the cluster: please, reach out to the system administrators

[prometherion]

The STDIN Is the Input for kubectl when posting the payload, it's something unrelated to Capsule.

[bsctl]

@prometherion LGTM, great work!