Misconfigured shoot ACL spec prevents cluster from waking up from hibernation

[mimiteto]

How to categorize this issue?

/area robustness
/kind bug
/platform gcp

What happened:
User created a gcp shoot cluster and then later configured ACL.
The user did not add the required cloud nat config. He was missing:

spec:
  provider:
    type: gcp
    infrastructureConfig:
      apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1
      kind: InfrastructureConfig
      networks:
        cloudNAT:
           natIPNames:
            - name: your-manually-created-static-IP-name1
            - name: your-manually-created-static-IP-name2

but had:

spec:
  extensions:
    - type: acl
      providerConfig:
        rule:
          action: ALLOW
          cidrs:
          - 103.109.144.10/32
          - 103.109.144.11/32
 ...
        type: remote_ip

After a cluster hibernation, the cluster can't wake up, as worker nodes are not reachable.

What you expected to happen:
I expect that we reject such shoot spec with error message stating that the provider config needs cloud NAT configured in this case.
Clusters shouldn't end up being broken because of incomplete shoot spec.

How to reproduce it (as minimally and precisely as possible):

• Have the acl extension enabled on the landscape
• Create a generic gcp shoot cluster.
• Add the ACL config without the cloudNAT spec.
• Ignore the error in the dashboard about broken cluster and hibernate the cluster manually.
• Try waking up the cluster

Anything else we need to know?:

Environment:

• Gardener version (if relevant):
• Extension version: any
• Kubernetes version (use kubectl version): any
• Cloud provider or hardware configuration: GCP
• Others:

[gardener-ci-robot]

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Mark this issue as rotten with /lifecycle rotten
• Close this issue with /close

/lifecycle stale

[gardener-robot]

@gardener-ci-robot Command /add is not available to you but only to a Maintainer, Member, Author.

[gardener-ci-robot]

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 60d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 60d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as active with /lifecycle active
• Mark this issue as frozen with /lifecycle frozen
• Mark this issue as fresh with /remove-lifecycle stale
• Mark this issue as rotten with /lifecycle rotten
• Close this issue with /close

/lifecycle stale