Guest cluster deployed as virtual extension of management cluster in a virtualized computing system

What is claimed is: 1. A virtualized computing system, comprising: a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs); an orchestration control plane integrated with the virtualization layer to provide a supervisor cluster, the supervisor cluster including a master server executing in a first VM of the VMs and configured to manage second VMs of the VMs; guest cluster infrastructure software (GCIS) executing in the master server, the GCIS configured to create a set of objects defining a container orchestration cluster executing on the second VMs, and manage lifecycles of the second VMs based on state of the set of objects; and guest software executing in the second VMs to implement the container orchestration cluster as a guest cluster executing in the supervisor cluster, the guest software having components that interface with the GCIS, the guest software including paravirtual software configured to detect a service of the guest cluster and cooperate with the orchestration control plane to deploy a third VM of the VMs executing the service. 2. The virtualized computing system of claim 1 , further comprising: a virtual infrastructure (VI) control plane configured to manage the host cluster and the virtualization layer; wherein the GCIS is configured to cooperate with the VI control plane to manage the lifecycles of the second VMs. 3. The virtualized computing system of claim 2 , wherein VI control plane includes a network manager and a storage manager, wherein the GCIS includes a network plugin configured to cooperate with the network manager and a storage plugin configured to cooperate with the storage manager, and wherein the components of guest software that interface with the GCIS include a container network interface (CNI) and a container storage interface (CSI), the CNI configured to cooperate with the network plugin and the CSI configured to cooperate with the storage plugin. 4. The virtualized computing system of claim 2 , wherein the VI control plane includes a VM management server configured to define a namespace having resource constraints, and wherein the GCIS deploys the second VMs within the namespace and constrained by the resource constraints. 5. The virtualized computing system of claim 4 , wherein the namespace includes policy information and authorization constraints, and wherein the GCIS is configured to propagate the policy information and the authorization constraints from the namespace to a control plane in the guest cluster. 6. The virtualized computing system of claim 1 , wherein the GCIS comprises: an Infrastructure-as-a-Service (IaaS) layer configured to provide a declarative interface to interact with an imperative interface of the VI control plane to manage the lifecycles of the second VMs; a cluster management layer configured to create first objects in the set of objects that represent an abstraction of the container orchestration cluster in response to a specification of the container orchestration cluster; and a cluster lifecycle layer configured to create, in response to the first objects, second objects in the set of objects that represent a physical implementation of the container orchestration cluster, the second objects being part of the declarative interface of the IaaS layer. 7. The virtualized computing system of claim 1 , wherein the components that interface with the GCIS include a bootstrap utility, and wherein the GCIS is configured to provide settings to the guest software through the bootstrap utility. 8. A method of deploying a guest cluster as a virtual extension of a supervisor cluster executing in a host cluster, the host cluster comprises hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs), the method comprising: creating, by guest cluster infrastructure software (GCIS), a set of objects defining a container orchestration cluster executing in the supervisor cluster, the GCIS executing in a master server of an orchestration control plane integrated with the virtualization layer to provide the supervisor cluster, the master server executing in a first VM of the VMs and configured to manage second VMs of the VMs; instructing, by the GCIS based on state of the set of objects, a virtual infrastructure (VI) control plane managing the host cluster to deploy the second VMs of the VMs, the second VMs executing guest software to implement the container orchestration cluster as a guest cluster executing in the supervisor cluster; managing, by the GCIS, lifecycles of second VMs of the VMs based on the state of the set of objects; and deploying, by paravirtual software executing in the second VMs in cooperation with the orchestration control plane, a service of the guest cluster in a third VM of the VMs. 9. The method of claim 8 , wherein the VI control plane includes a VM management server configured to define a namespace having resource constraints, and wherein the GCIS instructs the VI control plane to deploy the second VMs within the namespace and constrained by the resource constraints. 10. The method of claim 9 , wherein the namespace includes policy information and authorization constraints, and the method further comprises: propagating, from the GCIS to a control plane of the guest cluster, the policy information and the authorization constraints of the namespace. 11. The method of claim 8 , wherein the step of creating the set of objects comprises: receiving a specification of the container orchestration cluster at the master server; creating, by a cluster management layer of the GCIS, first objects in the set of objects that represent an abstraction of the container orchestration cluster in response to the specification; and creating, by a cluster lifecycle layer of the GCIS in response to the first objects, second objects in the set of objects that represent a physical implementation of the container orchestration cluster. 12. The method of claim 11 , wherein the step of instructing comprises: invoking, by an Infrastructure-as-a-Service (IaaS) layer of the GCIS in response to the second objects, an imperative interface of a VM management server in the VI control plane to deploy the second VMs. 13. The method of claim 8 , wherein the step of managing comprises: providing settings to the guest software from the GCIS during runtime through a bootstrap utility executing in the guest software. 14. The method of claim 8 , wherein the step of managing comprises: receiving, at a network plugin of the GCIS, requests for network configuration from a container network interface (CNI) executing in the guest software, the network plugin configured provide the requests for network configuration to a network manager of the VI control plane; and receiving, at a storage plugin of the GCIS, requests for storage configuration from a container storage interface (CSI) executing in the guest software, the storage plugin configured to provide the requests for storage configuration to a storage manager of the VI control plane. 15. A non-transitory computer readable medium comprising instructions to be executed in a computing device to cause the computing device to carry out a method of deploying a guest cluster as a virtual extension of a supervisor cluster executing in a host cluster, the host cluster comprises hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (V