[addons] New addon security for the K2s cluster

[krotz-dieter]

The new security addon shall provide two basic modes of security:

1. basic security

• provide to the outside of cluster secure communication using TLS termination & OAuth2 in the ingress controller
• inside the cluster still the communication is unsecure to checked all 2 addons: gateway-nginx, ingress-nginx, traefik Variants which can be used: default variant (host & virtual machine)

2. enhanced security

• provide an overall secure communication through the usage of sidecar containers which shall hijack the traffic and add the security aspects: TLS and authentication/authorization

Used open source components: Certificate management (with own certificate option): cert manager, ... OAuth2 Identity Provider (with own identity provider): key cloak, ... Service mesh: linkerd, istio, ...

The overall target shall be the idea that security comes in K2s through the infrastructure. By just enabling the security addon the cluster shall provide security through HTTPS and usage of an identity provider using oAuth2: k2s addons enable security (parameters) -> afterwards login needs to be done and communication encrypted

k2s addons disable security -> afterwards no login and pure HTTP