Support arbitrary related resources

[xrstf]

Summary

This PR implements one of the OG "yeah this will be extended in the future" tickets, allowing for related resources to be of any group, version or resource.

For this, the PublishedResource CRD has been extended to not take kind, but instead take group, version and resource. The old kind field is still supported, but deprecated, and can only handle ConfigMaps and Secrets, as before. If you want to have anything else, configure GVR instead.

(Why resource all of a sudden when everything else inside a PR is Kind-based? Because to figure out if a resource needs to be permission claimed, we would first need to figure out if that resource belongs to the same APIExport, and APIExports only contain resources and so we cannot resolve it before adding it, but to add it we need to resolve it and so Kinds are just not suitable here. I don't like it either, but ... yeah.)

Integration of custom GVRs into the syncer itself was pretty harmless, the more elaborate part was the APIExport controller which now has to figure out if a related resource points to a foreign resource (of another APIExport), so it can configure the permission claims correctly. Doing that while taking into account that PublishedResources are transmitted asynchonously (in the apiresourceschema controller) took a bit more code than expected.

Other than that, the change is relatively straightforward.

What Type of PR Is This?

/kind feature

Related Issue(s)

Fixes #109

Release Notes

* Related resources can now not just be ConfigMaps and Secrets, but any resource
* PublishedResources have a new `spec.synchronization.enabled` flag which can be used to use the agent to merely publish a CRD into kcp, but not actively sync it (for when the resource is meant to be a related resource of another PublishedResource)

[kcp-ci-bot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[kcp-ci-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from xrstf. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[xrstf]

/test all

[xrstf]

/test all

[xrstf]

/test all

[xrstf]

/test all

[xrstf]

/retest

[kcp-ci-bot]

@xrstf: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-api-syncagent-test-e2e-kcp-0.28	b16cd13	link	true	/test pull-api-syncagent-test-e2e-kcp-0.28
pull-api-syncagent-test-e2e-kcp-0.27	b16cd13	link	true	/test pull-api-syncagent-test-e2e-kcp-0.27

Full PR test history

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.