Wrong CRD may be referenced by Custom Resource with duplicate Kind

[timothysmith0609]

Bug report

Currently, DeployTask#discover_resources is the following:

    def discover_resources
      @logger.info("Discovering resources:")
      resources = []
      crds_by_kind = cluster_resource_discoverer.crds.group_by(&:kind)
      @template_sets.with_resource_definitions(current_sha: @current_sha, bindings: @bindings) do |r_def|
        crd = crds_by_kind[r_def["kind"]]&.first
        r = KubernetesResource.build(namespace: @namespace, context: @context, logger: @logger, definition: r_def,
          statsd_tags: @namespace_tags, crd: crd, global_names: @task_config.global_kinds)
        resources << r
        @logger.info("  - #{r.id}")
      end

For crds_by_kind, there is an error when the same kind appears in multiple groups. For example, if there are multiple Certificate resources, the crd passed into KubernetesResource::build may not match the underlying resource definition.

E.g.

(byebug) r_def["apiVersion"]
"stable.shopify.io/v1"
(byebug) crd.group
"cert-manager.io"

The solution is to group CRDs by their full GVK and match them with resource definitions that fully match it.

Version(s) affected: Observed in krane 2.4.0, but most likely present in all krane versions.

cc @jerr

[renescheepers]

Currently running into something related to this as well. I have a CRD with Kind Deployment, which is cluster-scoped. Krane is now unable to determine if a deployment has been done. Krane checks the scope only using the kind, making it think that a deployment is cluster-scoped. Kind shouldn't be used as an identifier. #895