🐛 dns name for an exposed service takes long time to be created

[smira]

Problem

If we should workload proxy service entry before it's ready (fully provisioned), and the user clicks on it, negative DNS response is cached on the user side (for ~3 minutes).

Solution 1: New Naming Scheme

*.proxy-$CELL.omni.siderolabs.io -> DNS entry, TLS cert

p-g3a4ana-demo.proxy-us.omni.siderolabs.io

Solution 1a

Use nginx ingresses (one per workload service).

Solution 1b

Implement a mini-router which will pparse p-<workload>-<user> and forward the request to a matching instance.

Solution 2: Backwards Flow (only show service when it's ready)

Add a backwards flow from the CRD/omni-controller to report when the exposed service entry is ready (both DNS and Ingress are ready), and report it via sidecar to Omni.

If the workload service is not read yet, show it as 'Pending' in the UI.

Decision

Go with solution 1a.