Refactoring the networkProfile configuration

[prometherion]

The current state of the API, nowadays, is the following.

apiVersion: kamaji.clastix.io/v1alpha1
kind: TenantControlPlane
metadata:
  name: test
spec:
  networkProfile:
    address: "127.0.0.1"
    port: 6443
    domain: "clastix.labs"
    serviceCidr: "10.96.0.0/16"
    podCidr: "10.244.0.0/16"
    dnsServiceIPs:
      - "10.96.0.10"

Proposals

1. Default values

All of these fields are mandatory, although I'd say there's a standard for them.

• port: value 6443
• serviceCidr: widely used 10.96.0.0/16
• podCidr: widely used 10.244.0.0/16
• dnsServiceIPs: widely used 10.96.0.10

With that said, I think these could be easily used as default values, leaving the cluster administrator to specify overrides.

2. Making optional spec.networkProfile.domain and renaming it to certSANs

We know that Kamaji could be exposed in several ways, from dynamic Load Balancer to bare IP or Ingress resources.

In the latter case, we already support the required hostname to perform host matching, as well as generate the certificate required for it.

However, it some circumstances we could have a LoadBalancer reachable through a DNS, and suddenly, by a hostname that is not reported in any Kubernetes primitive.

With that said, we could add the new array of strings named certSANs with the following default values:

1. localhost
2. 127.0.0.1
3. 0.0.0.0

With such option, an operator can easily add an arbitrary hostname, without worrying on the IP address or Ingress hostname used to expose the Tenant Control Plane since it's already covered by Kamaji.

[maxgio92]

1. I'm totally with default values. I think we should provide a configuration that by default is as simple as possible, along with flexibility.
2. The same. Also, I'd like to highlight that certSAN can provide a better understanding of the context of that domain name which is, how it will be used.

[bsctl]

lgtm

[prometherion]

Locking discussion since addressed with #59 and #57.

[prometherion]

The networkProfile section has been refactored, closing.