[EPIC] - Remote Cluster connectivity via StructuredAuthentication

[IvoGoman]

Description

Greenhouse currently uses ServiceAccounts tokens to access the remote cluster. These tokens are regularly rotated. In case the rotation fails for a prolonged amount of time or the token becomes invalid for some other reason, the Greenhouse operator looses access to the remote cluster.
Currently this means that the Cluster administrator of an Organization needs to provide a valid ServiceAccount token again.
WIth Kubernetes 1.30 StructuredAuthentication has become a beta feature and allows for more flexibility to configure authentication.

Objectives

• PoC: StructuredAuthentication with Greenhouse and Gardener clusters
• Implementation of Greenhouse to support StructuredAuthentication against remote clusters
• Documentation on the necessary Configuration on the Kubernetes clusters

Acceptance Criteria

• ServiceAccount tokens issued by Greenhouse can be used to access the remote cluster
• SRC team approves
• Greenhouse can use both mechanisms (Greenhouse issued SA token and remote SA token) to authenticate with remote clusters

Dependencies

• Our internal ControlPlane team supports configuring StructuredAuthentication
• PoC with Clusters is successful and the configuration manageable

Additioinal Notes

No response