Integrate kubelogin for Azure AD Authentication to AKS Clusters

[marianheinsen]

What problem are you facing?

We are provisioning Azure AKS Kubernetes Clusters using the Azure Provider by Upbound. After provisioning, we install software inside of the clusters using this Kubernetes Provider as well as the related Helm Provider. When using Local Accounts for authentication with the clusters API servers, this works out of the box. However, we would like to switch to authentication based on Azure AD Service Principals and Managed Identities, as this is the best practice and recommended by Azure. The Kubernetes Go Client which is used by this provider does not support this authentication method by default, so currently we can't use this provider with AKS clusters configured with Azure AD Authentication. As the same problem arises with standard kubectl usage and Terraform providers as well (see e.g. Azure/kubelogin#114), Azure provides the kubelogin client-go credential plugin which can be used to retrieve the user credentials and pass it to the Kubernetes Go Client.

How could Crossplane help solve your problem?

I propose to integrate the official kubelogin Go package into this provider (as well as the Helm Provider), so that it's possible to use it with AKS clusters configured with Azure AD Authentication. I'm open to provide an implementation for this and open a PR. Also, I would be happy to hear the maintainer's thoughts about this. Are you open to such contribution? @turkenh @morningspace

[marianheinsen]

Related issue in Helm Provider repo: crossplane-contrib/provider-helm#180