Add the ability to auth to managed clusters without using CSR

[rbakhtaraev]

For some reason we don't have ability for enabling CSR in our clusters. Can you add another way to authenticate managed clusters without using CSR, like sa-token/secret with kubeconfig?

[qiujian16]

/kind feature

[qiujian16]

/assign @qiujian16 /assign @skeeey

[dangorst1066]

Also observed this when using EKS as the ocm hub cluster.

1. EKS does not have the kubernetes.io/kube-apiserver-client signer
2. EKS uses a custom signer beta.eks.amazonaws.com/app-serving that does not support client auth (as auth is ultimately delegated to IAM), so while a CSR can be approved, no certificate will ever be issued that requests client auth usage.

[apphe]

@dgorst Do you have a plan to contribute the implementation? Is it possible to merge codes before Oct 21 which is OCM 0.9 release?

[mikeshng]

Hi @rbakhtaraev we now support standalone control plane which allows the hub cluster to host the OCM control plane with cert client auth enable. Please see free to check it out and see if you are able to solve your use case.

[qiujian16]

we are having an separate issue to implement eks auth support

/close

[openshift-ci[bot]]

@qiujian16: Closing this issue.

In response to [this](https://github.com/open-cluster-management-io/registration/issues/185#issuecomment-2419019321): >we are having an separate issue to implement eks auth support > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.