NAT Gateway IPs API for workload clusters

[alex-dabija]

Story

-As an engineer, I want to determine the public IP addresses used by a cluster's NAT gateways using the same API for all CAPI providers with public management clusters (CAPA & CAPZ) to secure management endpoints exposed to workload clusters over the Internet.

Background

Access needs to be restricted to services exposed from a public management cluster over the Internet and called from the workload clusters (e.g. a container registry / cache).

Requirements

• provide a common API to expose which public IP addresses are used by a cluster's NAT gateways;

Priority

It depends on the outcome of the zot deployment modes discussion.

Questions

• Does this also apply to multi-provider management clusters (cloud & on-prem)?

Yes, if the management cluster is public. Currently, there's no such situation, but there might be one in the future.

Links

• Discussion: zot deployment modes.

[alex-dabija]

@yulianedyalkova I've added this issue to Turtles for the spec definition because in the case of multi-provider management clusters we might need to consider also CAPV and maybe CAPVCD. The implementation is probably provider specific and should be done by Phoenix and Rocket.