svc/nlb/sg: introduce cloud-config to enable NLB with SGs

Introduce the NLB Security Group Mode configuration
(NLBSecurityGroupMode) to make the controller creates the Security Group
by default when provisioning Service type-LoadBalancer NLB.

This configuration is opt-in and global to the cluster.

Author: mtulio

pkg/providers/v1/config/config.go

@@ -23,6 +23,12 @@ const (
 
 	// ClusterServiceLoadBalancerHealthProbeModeServiceNodePort is the service node port health probe mode for cluster service load balancer.
 	ClusterServiceLoadBalancerHealthProbeModeServiceNodePort = "ServiceNodePort"
+
+	// NLBSecurityGroupModeManaged indicates the controller is managing security groups on service type loadbalancer NLB.
+	NLBSecurityGroupModeManaged = "Managed"
+
+	// NLBSecurityGroupModeUnmanaged indicates the controller is not managing security groups on service type loadbalancer NLB.
+	NLBSecurityGroupModeUnmanaged = "Unmanaged"
 )
 
 // CloudConfig wraps the settings for the AWS cloud provider.
@@ -97,6 +103,10 @@ type CloudConfig struct {
 		//
 		// WARNING: Updating the default behavior and corresponding unit tests would be a much safer option.
 		SupportedTopologyInstanceTypePattern string `json:"supportedTopologyInstanceTypePattern,omitempty" yaml:"supportedTopologyInstanceTypePattern,omitempty"`
+
+		// NLBSecurityGroupMode determines if the controller manage, creates and attaches, the security group when the service type
+		// loadbalancer NLB is created.
+		NLBSecurityGroupMode string `json:"nlbSecurityGroupMode,omitempty" yaml:"nlbSecurityGroupMode,omitempty"`
 	}
 	// [ServiceOverride "1"]
 	//  Service = s3