Write an ADR about letting customer admins into MCs with clust-admin permissions

[piontec]

We want to simplify our platform and make it more usable for customers. As such, we decided to allow customers' admins to use their MC with full cluster permissions. We need to write down an ADR about it.

[weatherhog]

@piontec is this still needed?

[piontec]

Yes, and it would be great if you could drive it, as it's a product feature. More context: the feature is "customers have full admin access permissions to our clusters, so they can easily use them to run their own central-management tools". There are many aspects and angles this needs to enable that feature in a secure way, like:

• there can be no shared (across installations) gitops or config repos - we did that already
• there can be absolutely no shared secrets present on the MC - this needs a security audit, as we don't really know if that's the case already or not.

So, this IMHO needs an answer to the top level question: do we want to make it a product feature, and if yes, then what's the priority.

Once we know the answer, we need some cross team collaboration, with shield probably driving a security audit for this feature.