Yeah just trying to get everything to work together in a seamless way, I keep thinking I'm missing something because things just rapidly seem to fall apart the second things scale out or need ongoing maintenance work. Glad to see others having similar struggles, at least I'm not 100% crazy. Having to use external REST API calls for anything that "manages" Kubernetes resources just doesn't make any sense to me, it's like we're going backwards to go forwards.
CAPI now going GA handles provisioning pretty seamlessly (at least for vSphere, but if VMware works, I have faith that the other big 3 cloud providers would be even more mature). Everything is, as you expect, just a CRD. The quick-start was phenomenal and cluster setup time maybe took 30 minutes the first time through. I suppose the dashboard is pretty nice for investigative graphical work, but even something like K8S dashboard can get you most of the way there; or just a standard desktop app like Lens.
Centralized auth is the next piece but dex/keycloak and something like kubelogin would do the trick imo, then we can just roll it out with ArgoCD ApplicationSets across all clusters 🤷♂️