Communication between control planes in a virtualized computing system having an autonomous cluster

What is claimed is: 1 . A method of establishing trust between a cross-cluster control plane (xCCP) and a cluster control plane (CCP) of an autonomous cluster of hosts in a virtualized computing system, the method comprising: providing, by the xCCP, trust data of the xCCP to a hypervisor of a host in the autonomous cluster that is executing the CCP; providing, by the hypervisor, the trust data to the CCP through a volume attached to a virtual machine (VM) that executes the CCP; persisting, by the CCP, the trust data in a database; and accessing, by a security token service (STS) of the CCP, the trust data in the database to authenticate access to the CCP by the xCCP. 2 . The method of claim 1 , wherein the trust data includes a signing certificate of the xCCP used to sign security tokens issued to users and services of the xCCP. 3 . The method of claim 2 , wherein the trust data further includes identity source information for accessing at least one identity source having user identity and authorization information. 4 . The method of claim 1 , further comprising: providing, by the xCCP, a claim map to the hypervisor, the claim map mapping groups of the xCCP to groups of the CCP. 5 . The method of claim 1 , further comprising: providing, by the xCCP, a system domain name to the hypervisor, the system domain name being for the CCP. 6 . The method of claim 1 , wherein the hypervisor includes an infravisor configured to cooperate with an agent in the VM, and wherein the step of providing the trust data is performed by the infravisor. 7 . The method of claim 1 , wherein the STS of the CCP accesses the trust data in the database to authenticate application programming interface (API) forwarding from the xCCP to the CCP. 8 . A non-transitory computer readable medium comprising instructions to be executed in a computing device to cause the computing device to carry out a method of establishing trust between a cross-cluster control plane (xCCP) and a cluster control plane (CCP) of an autonomous cluster of hosts in a virtualized computing system, the method comprising: providing, by the xCCP, trust data of the xCCP to a hypervisor of a host in the autonomous cluster that is executing the CCP; providing, by the hypervisor, the trust data to the CCP through a volume attached to a virtual machine (VM) that executes the CCP; persisting, by the CCP, the trust data in a database; and accessing, by a security token service (STS) of the CCP, the trust data in the database to authenticate access to the CCP by the xCCP. 9 . The non-transitory computer readable medium of claim 8 , wherein the trust data includes a signing certificate of the xCCP used to sign security tokens issued to users and services of the xCCP. 10 . The non-transitory computer readable medium of claim 9 , wherein the trust data further includes identity source information for accessing at least one identity source having user identity and authorization information. 11 . The non-transitory computer readable medium of claim 8 , further comprising: providing, by the xCCP, a claim map to the hypervisor, the claim map mapping groups of the xCCP to groups of the CCP. 12 . The non-transitory computer readable medium of claim 8 , further comprising: providing, by the xCCP, a system domain name to the hypervisor, the system domain name being for the CCP. 13 . The non-transitory computer readable medium of claim 8 , wherein the hypervisor includes an infravisor configured to cooperate with an agent in the VM, and wherein the step of providing the trust data is performed by the infravisor. 14 . The non-transitory computer readable medium of claim 8 , wherein the STS of the CCP accesses the trust data in the database to authenticate application programming interface (API) forwarding from the xCCP to the CCP. 15 . A virtualized computing system, comprising: a cross-cluster control plane (xCCP); and a host of an autonomous cluster, the host executing a hypervisor, the hypervisor supporting a virtual machine (VM) executing a cluster control plane (CCP) of the autonomous cluster; wherein the xCCP provides trust data to the hypervisor and the hypervisor provides the trust data to the CCP through a volume attached to the VM; wherein the CCP persists the trust data in a database of the CCP; and wherein a security token service (STS) of the CCP accesses the trust data in the database to authenticate access to the CCP by the xCCP. 16 . The virtualized computing system of claim 15 , wherein the trust data includes a signing certificate of the xCCP used to sign security tokens issued to users and services of the xCCP. 17 . The virtualized computing system of claim 16 , wherein the trust data further includes identity source information for accessing at least one identity source having user identity and authorization information. 18 . The virtualized computing system of claim 15 , wherein the xCCP provides a claim map to the hypervisor, the claim map mapping groups of the xCCP to groups of the CCP. 19 . The virtualized computing system of claim 15 , wherein the hypervisor includes an infravisor configured to cooperate with an agent in the VM, and wherein infravisor provides the trust data to the CCP. 20 . The virtualized computing system of claim 15 , wherein the STS of the CCP accesses the trust data in the database to authenticate application programming interface (API) forwarding from the xCCP to the CCP.