🐛 v1.21 Support for RootCACertConfigMap feature

[christopherhein]

What this PR does / why we need it: This PR adds feature gated support for VirtualCluster to work with any Kubernetes version +1.21 and when the RootCACertConfigMap feature is enabled in 1.20 clusters. To implement this rather than fighting the super cluster for the kube-root-ca.crt we will create a prefixed ConfigMap in each namespace tenant-kube-root-ca.crt and then when pods are synced we have an additional mutator that will rewrite the ConfigMap to the proper resource. This allows both super and tenant to work and requires no changes from a tenants workloads.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #293

Signed-off-by: Chris Hein me@chrishein.com

[christopherhein]

This is running into a potential test-infra issue on where it's running. https://github.com/kubernetes/test-infra/issues/27919

[christopherhein]

/retest

[Fei-Guo]

/lgtm /approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: christopherhein, Fei-Guo, m-messiah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[virtualcluster/OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-nested/blob/main/virtualcluster/OWNERS)~~ [Fei-Guo,christopherhein] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[wondywang]

Hi @christopherhein, I have added some comments. That may also need to be considered.