VPC: Add infrastructure creation proposal

[cjschaef]

Add a new proposal with details and images for creating and deleting VPC resources for the IBMVPCCluster definition.

What this PR does / why we need it:
Adds a new proposal to extend VPC Cluster support to create necessary resources based on design.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes # N/A

Special notes for your reviewer:
We expect to break up our enhancements into the following sets:

1. API updates - likely break down into multiple smaller PR's
2. Implement missing/new creation/reconcile logic for new resources
3. Implement deletion/cleanup of resources as necessary.

/area provider/ibmcloud

1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Release note:

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: cjschaef
Once this PR has been reviewed and has the lgtm label, please assign jichenjc for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @cjschaef. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud ready!

Name	Link
🔨 Latest commit	cd20ff1
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/65f37b768c606f000818512a
😎 Deploy Preview	https://deploy-preview-1657--kubernetes-sigs-cluster-api-ibmcloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mkumatag]

Usually DNS is handled by the openshift itself for other providers like powervs, aws etc.. any more information of the need for adding DNS will be helpful for further discussions

[cjschaef]

Sure, I will remove this then, with that expectation.

[cjschaef]

Removed references.

[mkumatag]

Usually DNS is handled by the openshift itself for other providers like powervs, aws etc.. any more information of the need for adding DNS will be helpful for further discussions

[cjschaef]

Sure, I will remove this then, with that expectation.

[cjschaef]

Removed references.

[mkumatag]

/cc @Karthik-K-N

[Karthik-K-N]

I have added Initial review comments.

It would be great if you can add more documentation on api types, like usage and its dependency on setting of other variables, default values or system/controller set constants.

[Karthik-K-N]

Currently capi does create various resources automatically, like vpc, subnet, loadbalancer so on, May be we can rephrase the sentence or mention the resources which we need to create manually.

[Prajyot-Parab]

+1 the present CAPIBM flow for VPC creates everything on its own.

Note - can you please elaborate here which prerequisites you are referring too?

[cjschaef]

Sure, I can attempt to make things a bit clearer.

[cjschaef]

Updated, hopefully that makes things a bit easier to follow and explains what we are trying to do, expanding the current VPC support. options.

[Karthik-K-N]

This filed is already exist in current spec, so it will be a breaking change to make it slice.

[cjschaef]

Oh, sorry, missed that change before making the change to deprecated fields. Will attempt to redesign.

[cjschaef]

Fixed, added new field, restored and marked this one as deprecated.

[Karthik-K-N]

is resource type necessary here?

[cjschaef]

This is a nice to have, as the ResourceReference (PowerVS was using) I was modeling after has a limited amount of data (Id only, so I was hoping to have a little more data included in such a resource.

[cjschaef]

It looks like my attempt to use something like this was included recently into types.go
3add9b2#diff-c82f4c3e71cee496ae15d0bb197a279d5911a9b5b86282fa3b6f4900673078e2R120-R141

To some extent anyway, I would like to expand that list to include the additional ones listed below.

[Karthik-K-N]

is both crn and id required, doen't crn contains id?

[cjschaef]

CRN is another nice to have, as it includes the account Id, region, etc.

I can try to determine whether including the Id at all is useful (Id was the default required field), to potentially drop it in this definition. I just don't have enough information ATM.

[cjschaef]

Dropped ID

[Karthik-K-N]

We had hard time creating a url with presignedduration, may be an experiment to verify it works and on cofirmation of it we can add this field.

[mkumatag]

I think we tried the TOKEN based authorisation and it works fine, may be you can consider using that to keep it simple with the IAM token instead of access key/secret key for this presignedURL stuff.

[Prajyot-Parab]

+1 we already have pushed code using IAM token same can be adopted here.

[cjschaef]

This was simply suggesting moving the existing CosInstance struct out of ibmpowervscluster_types.go into a "shared" location, so VPC does not redefine the resource and so VPC is not referencing a CosInstance in PowerVS managed files.

If you wish to drop or make this field deprecated, I can do that. If you wish to have a new unique resource for COS, I can implement that in a shared location (that you can choose to migrate to, if you desire).

[Karthik-K-N]

I dont have much idea about the security group section, may be will try to understand better before taking a look,

[Prajyot-Parab]

any specific reason for moving VPC inside NetworkSpec ?
cc @Karthik-K-N

[cjschaef]

VPC is considered a part of the Network definition, which in VPC's case, can be defined in a unique ResourceGroup, along with the VPC's Subnets, SecurityGroups, etc. So those related resources seemed to fit better within a common type.

Using a NetworkSpec seems to follow other platform's design, rather than a 'flat' VPCCluster struct.

[Prajyot-Parab]

I don't see any field indicating zone data in NetworkSpec, how is that being handled once we deprecate this.
cc @Karthik-K-N

[cjschaef]

Zones will be defined within sub-resources. VPC isn't restricted to a single zone, it can deploy (or use) Subnets, VSI's, etc. across multiple zones, of which I expect those resources to specify their Zone.

[Prajyot-Parab]

missing marker details

[cjschaef]

Will add.

[cjschaef]

Added.

[Prajyot-Parab]

@Karthik-K-N this might break few things in PowerVS right, if we take them out of APIs.

IMO, we should focus on only VPC flow and related resources as part of this proposal. Anything related to PowerVS we can deal with later as a separate activity once we are done with VPC flow.

[mkumatag]

@cjschaef as discussed in our last sync up - please start working on the controller part, we can keep this item and not blocking you to implement the controller and merge

[mkumatag]

/easycla
/ok-to-test

[mkumatag]

@cjschaef please update this PR, we are planning to merge soon

[cjschaef]

I will update the PR with the expected arch soon.