[Feature] Support for API Server sidecar in Karmada Operator

[RainbowMango]

Background
Encryption of confidential data at rest in Kubernetes is very crucial for ensuring a strong security posture. To enable that, Kubernetes supports a few options for configuring encryption at rest. Given that using a KMS-based encryption provider ensures a very robust security posture as compared to the other options, it's a great choice in an environment where integration with such a system is possible. When using a KMS-based provider, a KMS plugin is required to enable the integration. For instance, this is the plugin to bridge the integration for the AWS KMS offering. Once set up, the API server communicates to the plugin over a UNIX domain socket using gRPC. For that to work, when the API server is deployed as a pod as is the case when provisioned by the Karmada operator, the plugin has to run as a sidecar of the API server container.

Proposal

• Proposal: Add Support for API Server Sidecar Containers in Karmada Operator #6099 (@jabellard)

Author:

• @jabellard

Iteration Tasks

• Feature implementation (@jabellard, Add Support for API Server Sidecar Containers in Karmada Operator #6133)
• Feature documentation
• Test protection

[RainbowMango]

Just created this to track the related tasks for this feature. @jabellard