Support accessing managed clusters via OIDC

[stevehipwell]

Has there been any consideration on removing the requirement for each managed cluster to have a ServiceAccount created and the token stored in the management cluster?

I think this could be achieved by running Dex on the management cluster and configuring machine authentication for the Sveltos controller. The managed clusters could then configure Dex as a trusted issuer which would allow Sveltos to access the cluster via a ClusterRole bound to the group(s) provided by Dex.

Since K8s 1.30 Structured Authentication Configuration has allowed multiple JWT issuers which makes this an even more compelling option.

[gianlucam76]

Hi @stevehipwell, thank you. This sounds great proposal.
It should probably come along with current solution so to let user pick what best suit them (some might not want to manage an extra tool). Personally I really this idea.

I definitely think this should be a feature request that should be considered.

@realgaurav what do you think?