Value Statement

Ensure the issue title clearly reflects the value of this spike story.
(Explain the "WHY")

We are seeing several scenarios that use a common pattern to access the apiserver of the managed cluster: the service/controller on the hub cluster needs to access the apiserver of the managed cluster.

Spiffe is an open standard to define workload identity, and how a workload can register and get its identity, while spire is an implementation of spiffe. It does not depend on a certain cloud service, but could integrate with cloud such as aws or gcp.

Definition of Done for Engineering Story Owner (Checklist)

• Provide a prototype of using Spiffe/Spire to implement the hub cluster access the workload on the manged cluster, refer to the doc

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the [Customer
  Portal_doc_issue template](
  https://github.com/stolostron/backlog/issues/new?assignees=&labels=squad%3Adoc&template=doc_issue.md&title=),
  and ensure doc acceptance criteria is met. Link the development issue to
  the doc issue.
• [ ] Provide input to the QE team, and ensure QE acceptance criteria
  (established between story owner and QE focal) are met.

Support Readiness

• [ ] The must-gather script has been updated.