Segregate seed infra and end user shoot lb profiles

[rfranzke]

From https://github.com/gardener/gardener-extensions/issues/275

There is no way to create the seed cluster, which will work within the network1, and customer shoot cluster, which will work within the network2 and don't see the network1.

Faking the network name for the seed cluster doesn't help, because somehow the network ID is resolved:

I0817 10:30:19.793179       1 event.go:258] Event(v1.ObjectReference{Kind:"Service", Namespace:"kube-system", Name:"addons-nginx-ingress-controller", UID:"eca0462b-2da4-46f1-807b-ead2ca9d92be", APIVersion:"v1", ResourceVersion:"267", FieldPath:""}): type: 'Warning' reason: 'SyncLoadBalancerFailed' Error syncing load balancer: failed to ensure load balancer: error creating LB floatingip {Description:Floating IP for Kubernetes external service kube-system/addons-nginx-ingress-controller from cluster shoot--garden--region1-01-dev FloatingNetworkID:b2471289-8ca8-437e-aab1-d8012f741c66 FloatingIP: PortID:ed4c59a5-43fc-4280-ab40-7c92c2783c4e FixedIP: SubnetID:d2eda633-e930-464e-b285-ecb826e02861 TenantID: ProjectID:}: Bad request with: [POST https://network-3.region1/v2.0/floatingips], error message: {"NeutronError": {"message": "Invalid input for operation: Failed to create port on network e1fd2c63-c52f-41d5-84b5-d64fe8b9127d, because fixed_ips included invalid subnet d2eda633-e930-464e-b285-ecb826e02861.", "type": "InvalidInput", "detail": ""}}

/cc @afritzler

[rfranzke]

@kayrus is this still relevant?

[kayrus]

@rfranzke yes. /cc @vlerenc @RaphaelVogel

[vlerenc]

Yes, today it's difficult to use one network for Gardener shoot'ed seeds (that is maybe only available to us) and another one for end users (that is maybe shared with / available for all).

[kayrus]

@vlerenc the workaround I used is the elements order. I put user network first and system network after.