ControlPlaneLoadBalancer subnet filters

[AverageMarcus]

/kind bug
/kind cleanup

What steps did you take and what happened:

Currently it's possible to create and assign subnets to almost all resources handled by CAPA except for the control plane API server load balancer. The subnet to use can be specified on the AWSCluster CR but only by using the subnet IDs rather than being able to use filters like we can for other resources. This means that to use specific subnets for the load balancer they need to be created in advance without the help of CAPA instead of being able to specify them within the NetworkSpec of an AWSCluster CR.

When no subnet IDs are provided CAPA falls back to using the first subnet in each AZ associated with the AWSCluster.

What did you expect to happen:

The ability to have CAPA both create the subnets and associate them with the load balancer.

The ideal approach in my opinion would be to use the same approach as on AWSMachine and AWSMachinePool where its possible to specify subnets ID and/or filters to use to lookup the subnets. This would allow the subnets to be created with CAPA and then use those to associate with the load balancer based on, for example, specific AWS tags added to the subnets.

Anything else you would like to add:

• Related Slack discussion: https://kubernetes.slack.com/archives/CD6U2V71N/p1673600628090409
• Unfortunately an ideal solution would result in a breaking API change as the Subnets property is a string array where it would be best to be a infrav1.AWSResourceReference array to match other resources.

Environment:

• Cluster-api-provider-aws version:
• Kubernetes version: (use kubectl version):
• OS (e.g. from /etc/os-release):

[k8s-ci-robot]

@AverageMarcus: This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[AverageMarcus]

/remove-lifecycle stale

(Sorry, I haven't had time to work on this any more yet)

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[vincepri]

/lifecycle frozen

I can take a look at this one in the coming weeks

[vincepri]

/priority important-longterm