Sketch out design idea "identity unification" between kcp and physical clusters

[smarterclayton]

Needs to cover the features a user might want like:

• From kcp you can create a service account that pods running on physical clusters are associated with
• A kcp service account token of some form can be created? (so that you can easily define identities not bound to the fate of a cluster)
• Services from off cluster could potentially be integrated behind or via proxying of that identity (i.e. service account = global service identity = integrations that allow traffic going off cluster through a mesh can use that identity to authenticate)

And discuss the various efforts in the space like SPIFFE, ory, the cloud identity solutions, how someone could accumulate their own and expose via a mesh/egress proxy, etc.

[ncdc]

How (if at all) does this relate to #206? Partial/total duplicate?

[mjudeikis]

/close
not in scope for now. Will reopen if needed

[kcp-ci-bot]

@mjudeikis: Closing this issue.

In response to this:

/close
not in scope for now. Will reopen if needed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.