Feature request: enable automatic OIDC integration for creaetd kubernetes cluster

[c42-konstantin]

Description

When users create a kubernetes cluster they often want to have a seamless single sign-on (SSO) using the same OIDC provider used by platform (CozyStack) itself. Something like it's done in hyperscalers.
Currently kubernetes clusters require additional configuration to use platform keycloak (or other IDP) provider for authentication.

Proposed solution

Add an (optional) parameter to the 'kind: Kubernetes' spec, that allows user to specify authentication configuration of the kubernetes cluster that is going to be created. So that if cozystack has been configured with OIDC enabled a user can select this parameter as 'platform-oidc' (or something like this), if not - user can specify any another IDP that is compatible with kubernets or don't specify anything.

[kvaps]

Totally makes sense, we'll consider the implementation.

[kvaps]

To implement this we need to add extra options --oicd-* into KamajiControlPlane resource

cozystack/packages/apps/kubernetes/templates/cluster.yaml

Lines 95 to 128 in 1a88883

	apiVersion: controlplane.cluster.x-k8s.io/v1alpha1
	kind: KamajiControlPlane
	metadata:
	name: {{ .Release.Name }}
	namespace: {{ .Release.Namespace }}
	labels:
	cluster.x-k8s.io/role: control-plane
	annotations:
	kamaji.clastix.io/kubeconfig-secret-key: "super-admin.svc"
	spec:
	dataStoreName: "{{ $etcd }}"
	addons:
	coreDNS:
	dnsServiceIPs:
	- 10.95.0.10
	konnectivity: {}
	kubelet:
	cgroupfs: systemd
	preferredAddressTypes:
	- InternalIP
	- ExternalIP
	network:
	serviceType: ClusterIP
	ingress:
	extraAnnotations:
	nginx.ingress.kubernetes.io/ssl-passthrough: "true"
	hostname: {{ .Values.host | default (printf "%s.%s" .Release.Name $host) }}:443
	className: "{{ $ingress }}"
	deployment:
	podAdditionalMetadata:
	labels:
	policy.cozystack.io/allow-to-etcd: "true"
	replicas: 2
	version: 1.30.1