docs: Steps to summarize all the options available in CAPA for the credentials to be used when we pivot to management cluster

[Ankitasw]

To summarize all the options we have to go forward with when we pivot to management cluster so that we can document it together:

• To create a dedicated IAM user for the controller which will be long lived credentials. We can create a bootstrap user in CAPA. These credentials are the ones that need to be encoded.
• To use short lived credentials for the kind cluster only and then pivot into the new management cluster using IRSA for CAPA.(applicable for EKS)
• To use short lived credentials for the kind cluster only and then use one of the “multi-tenancy” types for any future workload clusters created from your new management cluster.
• To use the role attached to management cluster instances by zeroing the secret bootstrap cluster used after moving the mgmt cluster to AWS, this can be done by using clusterawsadm or manually setting the secret data to nil. This is already covered in PR docs: Using IAM roles instead of AWS credentials in management cluster #3328
• To use PodIdentity webhooks.(applicable for EKS)

Originally posted by @Ankitasw in #3328 (comment)

[sedefsavas]

Slack thread this issue was originally discussed.

/triage accepted
/important long-term
/kind documentation

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten