Use gRPC connection from agent to hub

[qiujian16]

Describe the enhancement
Today we each klusterlet agent will have a hub-kubeconfig with limited permission to connect to the hub-apiserver. To better isolate the agent from directly connecting to the hub-apiserver, it worth investigating whether we could provide a gRPC server on the hub that agent register to.

The gRPC server will provides the same registration process and is backed by exiting APIs, e.g. ManagedCluster, ManifestWork... Only connection mechanism is changed, and since we introduce a registration driver interface, it makes it possible to implement a new registration mechanism.

/kind enhancement

[openshift-ci]

@qiujian16: The label(s) kind/enhancement cannot be applied, because the repository doesn't have them.

In response to this:

Describe the enhancement
Today we each klusterlet agent will have a hub-kubeconfig with limited permission to connect to the hub-apiserver. To better isolate the agent from directly connecting to the hub-apiserver, it worth investigating whether we could provide a gRPC server on the hub that agent register to.

The gRPC server will provides the same registration process and is backed by exiting APIs, e.g. ManagedCluster, ManifestWork... Only connection mechanism is changed, and since we introduce a registration driver interface, it makes it possible to implement a new registration mechanism.

/kind enhancement

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[qiujian16]

cc @skeeey @morvencao