managed control planes config patch management

[Unix4ever]

Implement the controller that will create high priority config patches for the cluster which is using managed control planes.

We need config patches for the following:

• enable KubeSpan.
• configure endpoints to make control planes reachable by the workers from anywhere (should it be configurable through some Omni instance flags?)

The provider should be able to:

• create the Kubernetes services of the loadbalancer type. The IP will be selected from the pool, but the port should picked from the pool of the available ones. Would prefer to offload the port allocation to the loadbalancer.
• when the service is running the provider should read the allocated IP:PORT from the status and create the config patch for the machine.

[smira]

configure endpoints to make control planes reachable by the workers from anywhere (should it be configurable through some Omni instance flags?).

This should be done by the infrastructure provider via injecting appropriate MachineConfig patch (as the provider knows the endpoints, and it makes sense always to have them).

[Unix4ever]

Implementation of this feature might be more tricky than expected.

Creating services is not required for the regular KubeVirt provider, it feels like a thing more specific to the managed control planes only.

So there are two options

Create a forked version of th KubeVirt provider

Then implement the config patch and service creation flow there.
Huge downside of this approach is that it won't be convenient to swap infra providers used for managed control planes.

Create a separate service to handle configs

The separate service will be very similar to the infra providers, but will handle only config patches creation.
Disadvantage of this approach is that there will be more moving parts.

[rothgar]

Can you help me understand what the service is needed for? Do nodes need to be publicly accessible for KubeSpan?

[smira]

Creating services is not required for the regular KubeVirt provider, it feels like a thing more specific to the managed control planes only.

I don't think it is specific to managed control planes, but rather a feature flag for the KubeVirt provider to establish a "hole" which KubeSpan can use. It should be enabled for managed control planes case, but might be useful outside of it.

So I would rather add it as a feature flag (can even be a machine request property?).

[Unix4ever]

If we agree to bring more complexity to the infra provider, I have no objections against that.

[Unix4ever]

Can you help me understand what the service is needed for? Do nodes need to be publicly accessible for KubeSpan?

The way we plan to set up KubeVirt we need to expose the nodes through the kubernetes services, and we need the additional config to tell the other members about it.