Figure out authentication

Kubernetes supports OIDC (OpenID Connect) or webhook, and that's it. We should make sure we can enable that for end users when the time comes.

Components:

• OIDC service (for authentication and identity): we can use CILogon for this. That's also what Nautilus does. We can test against keycloak (self-hosted, has Docker image) or auth0 (free service)
• Authorization: use Kubernetes RBAC. Needs some code to create the namespaces and assign people to them (part of HSRN Dashboard?)
• Configs: need some code to generate the Kubernetes config (part of HSRN Dashboard?)
• Admission controller: a server Kubernetes calls to validate objects. Necessary to further restrict user workloads, e.g. forbid privileged containers, prevent mounting host system files, etc