feat!: fully support project CRD

[krancour]

Fixes #558
Fixes #667

Summary

This PR relieves the API server of responsibility (and permissions) for creating specially labeled namespaces that we count as "projects."

Project creation via API server now entails creation of a Project resource. The controller reconciles new Project resources by creating the corresponding namespace. Project resources are set as the owner of the associated namespace, so Project deletion takes the associated namespace with it. The reverse is also true. Namespaces have a finalizer that, upon deletion, is only cleared by the controller deleting the associated Project resource.

Follow-up PRs will add to this to create things like ServiceAccounts, Roles, and RoleBindings in the project namespaces.

Breakdown

About 2/3 of this is generated code, so please don't be intimidated by the size.

Narrowly scoped commits cover each of the following:

• CRD changes: Add Project status field with phase and message (for communicating reconciliation errors)
• Corresponding protobuf changes: Mirror the CRD changes
• Run codegen
• Corresponding type conversion changes
• Update API server endpoints to operate on Project resources instead of operating directly on namespaces
• Refactor "apply" endpoints on API server: Necessary so the API server is smart enough to pick Projects out of manifests and apply them first, just as would normally happen with a namespace, since a Project is a proxy for a namespace
• Corresponding CLI changes: Align with the protobuf changes
• New webhook: Validate new Project resources by checking the a namespace with the same name doesn't already exist
• Controller changes: Reconcile new Project CRs and deleted Namespace CRs
• Garbage collector changes: Trivial change -- adapts to a renamed constant in the api/v1alpga1 package
• Corresponding chart changes: Set up new webhook + changes to permissions for API server and controller
• UI changes: Trivial -- adapt to Project now being a root resource type
• Run go mod tidy: Refactor of API server "apply" endpoints removed a dependency
• Corresponding devx changes: Enable debug level logging for management controller when running with Tilt

What doesn't change

Anywhere in the code where we validate the existence of a Project, we still do so by validating the existence of the corresponding namespace, since that's usually what we actually care about.

This PR does not address #1389. That will be addressed in a follow-up.

[netlify]

✅ Deploy Preview for docs-kargo-akuity-io ready!

Name	Link
🔨 Latest commit	83e8283
🔍 Latest deploy log	https://app.netlify.com/sites/docs-kargo-akuity-io/deploys/65aeaa8cf1743e00080caba9
😎 Deploy Preview	https://deploy-preview-1388.kargo.akuity.io
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: 125 lines in your changes are missing coverage. Please review.

Comparison is base (f0b8ebd) 46.78% compared to head (ff249a3) 46.45%.

❗ Current head ff249a3 differs from pull request most recent head 83e8283. Consider uploading reports for the commit 83e8283 to get more accurate results

Files	Patch %	Lines
internal/api/common.go	0.00%	23 Missing ⚠️
...nternal/controller/management/projects/projects.go	84.44%	19 Missing and 2 partials ⚠️
internal/api/delete_project_v1alpha1.go	0.00%	18 Missing ⚠️
internal/webhook/project/webhook.go	62.50%	15 Missing ⚠️
internal/api/list_projects_v1alpha1.go	0.00%	7 Missing ⚠️
api/v1alpha1/project_types.go	0.00%	6 Missing ⚠️
internal/api/create_or_update_resource_v1alpha1.go	0.00%	6 Missing ⚠️
internal/api/create_resource_v1alpha1.go	0.00%	6 Missing ⚠️
internal/api/delete_resource_v1alpha1.go	0.00%	6 Missing ⚠️
internal/api/update_resource_v1alpha1.go	0.00%	6 Missing ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1388      +/-   ##
==========================================
- Coverage   46.78%   46.45%   -0.33%     
==========================================
  Files         136      140       +4     
  Lines       11897    12013     +116     
==========================================
+ Hits         5566     5581      +15     
- Misses       6129     6243     +114     
+ Partials      202      189      -13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[krancour]

Changed this symbol just for consistency with the others.

[krancour]

This moved to types.proto where we have the protobuf definitions of anything that's also a CRD.

[krancour]

For the moment, only need to validate creates.

[krancour]

Besides adding a webhook, I reordered these to be alphabetical.

[krancour]

To make this recognize Project as a cluster-scoped resource required jumping through a lot of hoops that were more easily avoided by refactoring this whole parser into the new splitYAML() function that was adapted from GitOps Engine.

[jessesuen]

Now that the Namespace creation is async (it requires a reconciliation by the management controller before the underlying namespace actually gets created), have you noticed if we encounter timing-related failures because of that slight delay introduced by Project -> Namespace creation? (e.g. the Namespace didn't get created in time before the Stage).

[krancour]

It is possible, but so far I've seen it only once out of probably 50+ times I have done this.

I'd been contemplating how to make that more foolproof. I could probably add logic here to wait for project readiness before moving on to non-project resources.

I'm going to open a follow-up issue.

[krancour]

Right here so we don't lose track:

#1415

[jessesuen]

Since you also have logic in the Project controller to fail project initialization if the namespace already exists, does the webhook serve to provide immediate feedback instead of delayed feedback of a pre-existing namespace?

[krancour]

Yes. That's it exactly. Fail synchronously if we can spot the problem sooner.