False positive reports of " [POP-403] Deprecated Ingress API group "extensions/v1beta1". Use "networking.k8s.io/v1beta1" instead"

[jsuchome]

Describe the bug
When I run popeye on my Harbor deployment, I'm seeing [POP-403] warnings. However, harbor does indeed use correct API for ingress, since goharbor/harbor-helm#631 . Even when I remove the check for Capabilities and just flatly use apiVersion: networking.k8s.io/v1beta1 in ingress template, popeye complains.

I think the problem is in the way popeye is searching for ingresses. According to the explanation given to this issue kubernetes/kubernetes#94761 , simple search for ingresses is an ambiguous request and it might report them using the old API.

See for example this kubectl commands executed on the same cluster:

> kubectl get ingresses.extensions -n k3s-registry --show-kind=true
NAME                                                     CLASS    HOSTS                  ADDRESS       PORTS     AGE
ingress.extensions/suse-registry-harbor-ingress-notary   <none>   notary.harbor.domain   192.168.1.8   80, 443   35m
ingress.extensions/suse-registry-harbor-ingress          <none>   core.harbor.domain     192.168.1.8   80, 443   35m
> kubectl get ingresses.v1.networking.k8s.io -n k3s-registry --show-kind=true
NAME                                                            CLASS    HOSTS                  ADDRESS       PORTS     AGE
ingress.networking.k8s.io/suse-registry-harbor-ingress-notary   <none>   notary.harbor.domain   192.168.1.8   80, 443   36m
ingress.networking.k8s.io/suse-registry-harbor-ingress          <none>   core.harbor.domain     192.168.1.8   80, 443   36m

I'm not sure how the go libraries used in popeye work and if the way they are invoked is corresponding to the kubectl commands above, but it seems like the problem might indeed be that even when I am using higher API already, kubectl will return positive results even when I ask for a component with older/deprecated API version.

So if I am correct (and ICBW of course), adapting the global search for ingresses would probably not help. What might be necessary is that after each ingress is found, run explicit check for the presence of networking.k8s.io API for such object.

(I would offer a patch myself, but I'm still struggling to understand that golang code...)

To Reproduce

Install helm chart of Harbor registry, see https://github.com/goharbor/harbor-helm

1. helm repo add harbor https://helm.goharbor.io
2. kubectl create namespace registry
3. helm install -n registry my-release harbor/harbor
4. Run popey on the same cluster: ./popeye -n registry

Expected behavior
No [POP-403] reports are given about ingresses.

Versions (please complete the following information):

• OS: OpenSUSE Leap
• Popeye: 0.8.10
• K8s: v1.17.4

Additional context
Similar problem reported for Ingress checks #99

[derailed]

@jsuchome Thank you for this excellent report! This is something that is a tough to crack in k8s land as the api versions are not stored in etcd so with kubectl you get the versions based on what you've requested. Helm does track the original version in the secrets and hence can retrieve the version info. To date, Popeye has been using metadata and self link to track version info but it is indeed not ideal. I'll take a look and see if we can figure out a better option.

[derailed]

@jsuchome Fixed 0.9.1