feat: Cross-cluster unified query

[chaunceyjiang]

What type of PR is this?
/kind feature

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`karmada-aggregated-apiserver`: Supports cross-cluster unified query.

[chaunceyjiang]

Pods of the member cluster.

Query pods uniformly through the control panel.

[chaunceyjiang]

1. On the control panel, member1,member2 creates a ServiceAccount - tom.
2. On the control panel, member1,member2 creates a RBAC .
3. On the control panel,creates a Secret, and gets a token.
4. Generate a kubeconfig for Tom using token.

apiVersion: v1
kind: Secret
metadata:
    name: token
    namespace: default
    annotations:
        kubernetes.io/service-account.name: tom
type: kubernetes.io/service-account-token

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  # "namespace" omitted since ClusterRoles are not namespaced
  name: cluster-proxy
rules:
  - apiGroups: ["cluster.karmada.io"]
    resources: ["clusters/proxy"]
    verbs: ["*"]
  - apiGroups: [""]
    resources: ["pods", "services"]
    verbs: ["*"]
  - apiGroups: [ "apps" ]
    resources: [ "deployments"]
    verbs: [ "*" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  # "namespace" omitted since ClusterRoleBindings are not namespaced
  name: cluster-proxy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-proxy
subjects:
  - kind: ServiceAccount
    name: tom
    namespace: default
  - kind: Group
    name: system:serviceaccounts
  - kind: Group
    name: system:serviceaccounts:default

apiVersion: v1
clusters:
  - cluster:
      insecure-skip-tls-verify: true
      server:  https://10.70.4.78:5443/apis/cluster.karmada.io/v1alpha1/clusters/*/proxy/
    name: tom
contexts:
  - context:
      cluster: tom
      user: tom
    name: tom
current-context: tom
kind: Config
preferences: {}
users:
  - name: tom
    user:
      token: eyJhbGciOiJSUzI1NiIsImtpZCI6InpXSWREczRGLXo0RUpqTVBrY3RVZXA3anU2Tm92b0F4aU5JQ2FyMkd3YXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InRva2VuIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6InRvbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJkZTg1YzRlLTI5NDMtNDI4Mi04NjljLWE0YTYzYTY0MDAyZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OnRvbSJ9.YbsZdo8vgkuulCOT-gnULnBCJdPRsSmW3ImftnPXNoytt7dpNopKKyhx9gsajGrQah46bM2k66IDQasJ98eNiMMt9D9HX8A0ClJ2CYzCj0mNaUMBB66FR6VNVwZYqsE913wBts8-2im-0A-u7_ErqLUh7ldpk7uCWC4AqGKsdRXxEpdg06UBgkpEAMDvqjC76LI_hhKJd1wkcmBrEzKOywiRSuFRoWp8xnRllERxbuwVB2UuecGUIwTHlZzPKkaD0JRmsJjkUca7NZ4qV0crH192WKePpf8zhOYdvvHzM_aTSG5gBkOWJ0ev2cNyIPM26hZY0EnHttEXYYW3-jXH8g

[RainbowMango]

/assign
I'll look at it ASAP. And really hope this feature can be included in v1.8.

[yizhang-zen]

Thank you @chaunceyjiang.
We confirm list resources via kubectl get and log work.
But We found this shows conflict when labeling deployment, success on pod labeling though. Any workarounds?

➔ kubectl label deploy app-server -n unified-query-test='true'
Error from server (Conflict): the server reported a conflict (get deployments.apps app-server)

[codecov-commenter]

Codecov Report

Attention: 286 lines in your changes are missing coverage. Please review.

Comparison is base (bf1098b) 52.80% compared to head (6ea7910) 52.15%.
Report is 6 commits behind head on master.

Files	Patch %	Lines
pkg/registry/cluster/storage/aggregate.go	0.00%	268 Missing ⚠️
pkg/registry/cluster/storage/storage.go	0.00%	14 Missing ⚠️
pkg/registry/cluster/storage/proxy.go	50.00%	4 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4254      +/-   ##
==========================================
- Coverage   52.80%   52.15%   -0.65%     
==========================================
  Files         240      241       +1     
  Lines       23624    23915     +291     
==========================================
  Hits        12474    12474              
- Misses      10471    10761     +290     
- Partials      679      680       +1     

Flag	Coverage Δ
unittests	52.15% <2.72%> (-0.65%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[chaunceyjiang]

/cc @RainbowMango @yizhang-zen @XiShanYongYe-Chang Ready for review. Please take a look.

[XiShanYongYe-Chang]

Thanks a lot
/assign

[RainbowMango]

/lgtm
/approve

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/aggregated-apiserver/OWNERS [RainbowMango]
• pkg/aggregatedapiserver/OWNERS [RainbowMango]
• pkg/registry/OWNERS [RainbowMango]
• pkg/util/OWNERS [RainbowMango]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[RainbowMango]

@yizhang-zen I think we can tag a new release(v1.8.0-preview2), can you help to verify it on your environment?