Provide a way to override the new HTTP loopback-only validation

Add new deprecated_insecure_accept_external_unencrypted_http_requests
value in values.yaml. Allow it to be a boolean or a string to make it
easier to use (both --data-value and --data-value-yaml will work).

Also:
- Consider "ip6-localhost" and "ip6-loopback" to be loopback addresses
  for the validation
- Remove unused env.SupervisorHTTPAddress var
- Deprecate the `service_http_*` values in values.yaml by renaming them
  and causing a ytt render error when the old names are used

hack/lib/kind-config/single-node.yaml

@@ -10,13 +10,6 @@ nodes:
       containerPort: 31243
       hostPort: 12344
       listenAddress: 127.0.0.1
-    - protocol: TCP
-      # This same port number is hardcoded in the integration test setup
-      # when creating a Service on a kind cluster. It is used to talk to
-      # the supervisor app via HTTP.
-      containerPort: 31234
-      hostPort: 12345
-      listenAddress: 127.0.0.1
     - protocol: TCP
       # This same port number is hardcoded in the integration test setup
       # when creating a Service on a kind cluster. It is used to talk to

hack/prepare-for-integration-tests.sh

@@ -187,7 +187,7 @@ fi
 log_note "Checking for running kind cluster..."
 if ! kind get clusters | grep -q -e '^pinniped$'; then
   log_note "Creating a kind cluster..."
-  # Our kind config exposes node port 31234 as 127.0.0.1:12345, 31243 as 127.0.0.1:12344, and 31235 as 127.0.0.1:12346
+  # Our kind config exposes node port 31243 as 127.0.0.1:12344 and 31235 as 127.0.0.1:12346
   ./hack/kind-up.sh
 else
   if ! kubectl cluster-info | grep -E '(master|control plane)' | grep -q 127.0.0.1; then
@@ -290,8 +290,6 @@ supervisor_app_name="pinniped-supervisor"
 supervisor_namespace="supervisor"
 supervisor_custom_labels="{mySupervisorCustomLabelName: mySupervisorCustomLabelValue}"
 log_level="debug"
-service_http_nodeport_port="80"
-service_http_nodeport_nodeport="31234"
 service_https_nodeport_port="443"
 service_https_nodeport_nodeport="31243"
 service_https_clusterip_port="443"
@@ -311,15 +309,10 @@ else
     --data-value "image_tag=$tag" \
     --data-value "log_level=$log_level" \
     --data-value-yaml "custom_labels=$supervisor_custom_labels" \
-    --data-value-yaml "service_http_nodeport_port=$service_http_nodeport_port" \
-    --data-value-yaml "service_http_nodeport_nodeport=$service_http_nodeport_nodeport" \
     --data-value-yaml "service_https_nodeport_port=$service_https_nodeport_port" \
     --data-value-yaml "service_https_nodeport_nodeport=$service_https_nodeport_nodeport" \
     --data-value-yaml "service_https_clusterip_port=$service_https_clusterip_port" \
     >"$manifest"
-    # example of how to disable the http endpoint
-    # this is left enabled for now because our integration tests still rely on it
-    # --data-value-yaml 'endpoints={"http": {"network": "disabled"}}' \
 
   kapp deploy --yes --app "$supervisor_app_name" --diff-changes --file "$manifest"
   kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
@@ -392,7 +385,6 @@ export PINNIPED_TEST_WEBHOOK_CA_BUNDLE=${webhook_ca_bundle}
 export PINNIPED_TEST_SUPERVISOR_NAMESPACE=${supervisor_namespace}
 export PINNIPED_TEST_SUPERVISOR_APP_NAME=${supervisor_app_name}
 export PINNIPED_TEST_SUPERVISOR_CUSTOM_LABELS='${supervisor_custom_labels}'
-export PINNIPED_TEST_SUPERVISOR_HTTP_ADDRESS="127.0.0.1:12345"
 export PINNIPED_TEST_SUPERVISOR_HTTPS_ADDRESS="localhost:12344"
 export PINNIPED_TEST_PROXY=http://127.0.0.1:12346
 export PINNIPED_TEST_LDAP_HOST=ldap.tools.svc.cluster.local