Add cluster-identity

[mjudeikis]

Summary

Re-add cluster-identity as a binding request. This would allow pre-provisioning of right identity namespaces based on cluster identity, rather than user identity (as it is now).

This is a temporary solution until we can sort this out in a more sustainable way. Its bit hacky.

What Type of PR Is This?

/kind regression
/kind bug

Related Issue(s)

Fixes #

Release Notes

Re-add cluster identity 

[ntnn]

So we are creating one namespace per author/"consumer" to store the cluster objects?
I wonder if it wouldn't be safer to make the namespace deterministic instead of using generateName, e.g. kube-clusters-{identity-hash}; that would prevent things like one identity "owning" multiple namespaces.

Edit: I wouldn't change the namespace handling in this PR. We can adjust that later; just came to mind while reading the code.

[ntnn]

Suggested change

	// When doing dry run, we expect the client to fill this field in (or it will be taked from local cluster where context is available).
	// When doing dry run, we expect the client to fill this field in (or it will be taken from local cluster where context is available).

[ntnn]

Author is the user and identity is the cluster identity?

[mjudeikis]

yes.

[mjudeikis]

So we are creating one namespace per author/"consumer" to store the cluster objects? I wonder if it wouldn't be safer to make the namespace deterministic instead of using generateName, e.g. kube-clusters-{identity-hash}; that would prevent things like one identity "owning" multiple namespaces.

Edit: I wouldn't change the namespace handling in this PR. We can adjust that later; just came to mind while reading the code.

I think we can make this with this change too. Its kinda easy and either way - small breaking change.

[mjudeikis]

made the ns static base36 change. same as kcp uses for logical clusters