CORS-2902: capi/aws: add ext-LB as CAPA secondary LB

Author: r4f4

pkg/asset/manifests/aws/cluster.go

@@ -14,6 +14,7 @@ import (
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
+	"github.com/openshift/installer/pkg/types"
 )
 
 // GenerateClusterAssets generates the manifests for the cluster-api.
@@ -173,6 +174,24 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		},
 	}
 
+	if installConfig.Config.Publish == types.ExternalPublishingStrategy {
+		awsCluster.Spec.SecondaryControlPlaneLoadBalancer = &capa.AWSLoadBalancerSpec{
+			Name:                   ptr.To(clusterID.InfraID + "-ext"),
+			LoadBalancerType:       capa.LoadBalancerTypeNLB,
+			Scheme:                 &capa.ELBSchemeInternetFacing,
+			CrossZoneLoadBalancing: true,
+			IngressRules: []capa.IngressRule{
+				{
+					Description: "Kubernetes API Server traffic for public access",
+					Protocol:    capa.SecurityGroupProtocolTCP,
+					FromPort:    6443,
+					ToPort:      6443,
+					CidrBlocks:  []string{"0.0.0.0/0"},
+				},
+			},
+		}
+	}
+
 	// If the install config has subnets, use them.
 	if len(installConfig.AWS.Subnets) > 0 {
 		privateSubnets, err := installConfig.AWS.PrivateSubnets(context.TODO())