Prevent duplicate hosts in Ingress rules when using ACME

[linkvt]

The basic idea is that we don't create ingress rules with multiple hosts for external visibility, as we need to be able merge ACME rules into these hosts.
I don't really like that though as it puts the knowledge of exactly 1 host per external rule in two places (rule creation and ACME rule merging).

Another alternative would be that we accept the incorrect rule merging with multiple hosts that we had before:

rules:
  - hosts: a, b
    paths:
      - acme-of-a
      - acme-of-b

This would result in 4 possible routes in the Ingress:

• host a with path acme-of-a - correct
• host b with path acme-of-a - wrong
• host a with path acme-of-b - wrong
• host b with path acme-of-b - correct

This won't be a problem in practice though as the ACME server would not try to do a request to host a with path acme-of-b.
This would be a simple loop over existing rules, check if it contains a matching host and merge it inside there (while still preventing double duplicate rules that we had before #16259 )

Let me know what you think of this approach in general.

/cc @dprotaso

Proposed Changes

Release Note

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.76%. Comparing base (1e52818) to head (b08bcab).
⚠️ Report is 31 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16312      +/-   ##
==========================================
+ Coverage   80.07%   80.76%   +0.68%     
==========================================
  Files         215      216       +1     
  Lines       13361    13901     +540     
==========================================
+ Hits        10699    11227     +528     
- Misses       2304     2305       +1     
- Partials      358      369      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[linkvt]

/retest

[linkvt]

/retest

[dprotaso]

Unfortunately e2e github actions have a build => run test stage and in between those stages it uploads/downloads build artifacts.

After a certain time the build artifacts will be purged from the cache so it requires a full re-run all the tests. I'm not sure how to do that with prow. I'll open an issue in k8s/prow repo

[dprotaso]

For now I'll re-trigger the entire github action build to re-run all jobs

[dprotaso]

weird - i don't see a re-run button in the GitHub UI for some reason. I'm going to close and re-open the PR

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: linkvt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [linkvt]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dprotaso]

This diff seems pretty straightforward - I'd be open to merging this and we stick to having all related rules under a single domain.

[dprotaso]

/lgtm

feel free to drop the [wip]

[linkvt]

Nice, thank you for the review!