Add upgrade document about v0.10-v1.0.

Signed-off-by: changzhen <changzhen5@huawei.com>

docs/upgrading/README.md

@@ -74,3 +74,4 @@ v1.1.x to v1.2.x and the available patch versions are v1.2.0, v1.2.1 and v1.2.2,
 
 ### [v0.8 to v0.9](./v0.8-v0.9.md)
 ### [v0.9 to v0.10](./v0.9-v0.10.md)
+### [v0.10 to v1.0](./v0.10-v1.0.md)

docs/upgrading/v0.10-v1.0.md

@@ -0,0 +1,75 @@
+# v0.10 to v1.0
+
+Follow the [Regular Upgrading Process](./README.md).
+
+## Upgrading Notable Changes
+
+### APIChanges
+
+Previously, we used CRD to extend the [Cluster API](https://github.com/karmada-io/karmada/blob/v0.10.1/charts/_crds/bases/cluster.karmada.io_clusters.yaml), however, in the version v1.0, we change to use [API Aggregation](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)(AA) to extend the Cluster API.
+
+Based on the above change, perform the following operations during the upgrade:
+
+1. Chang the replicas of `karmada-apiserver` to 0.
+
+2. Operate etcd to delete cluster crd data.
+
+   ```
+   etcdctl --cert="/etc/kubernetes/pki/etcd/karmada.crt" --key="/etc/kubernetes/pki/etcd/karmada.key" --cacert="/etc/kubernetes/pki/etcd/server-ca.crt" del /registry/apiextensions.k8s.io/customresourcedefinitions/clusters.cluster.karmada.io
+   ```
+
+3. To avoid [CA Reusage and Conflicts](https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/#ca-reusage-and-conflicts), create CA signer and sign a certificate to enable the aggregation layer.
+
+   Update `karmada-cert-secret` secret in `karmada-system` namespace:
+
+   ```diff
+   apiVersion: v1
+   kind: Secret
+   metadata:
+     name: karmada-cert-secret
+     namespace: karmada-system
+   type: Opaque
+   data:
+     ...
+   +  front-proxy-ca.crt: |
+   +    {{front_proxy_ca_crt}}
+   +  front-proxy-client.crt: |
+   +    {{front_proxy_client_crt}}
+   +  front-proxy-client.key: |
+   +    {{front_proxy_client_key}}
+   ```
+
+   And update `karmada-apiserver` deployment's container commend:
+
+   ```diff
+   -            - --proxy-client-cert-file=/etc/kubernetes/pki/karmada.crt
+   -            - --proxy-client-key-file=/etc/kubernetes/pki/karmada.key
+   +            - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
+   +            - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
+   -            - --requestheader-client-ca-file=/etc/kubernetes/pki/server-ca.crt
+   +            - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
+   ```
+
+   After the updation, restore the replicas of `karmada-apiserver` instances.
+
+4. Deploy `karmada-aggregated-apiserver`:
+
+   ```
+   make image-karmada-aggregated-apiserver
+   
+   kubectl --kubeconfig /root/.kube/karmada.config --context karmada-host apply -f artifacts/deploy/karmada-aggregated-apiserver.yaml
+   
+   kubectl --kubeconfig /root/.kube/karmada.config --context karmada-apiserver apply -f artifacts/deploy/apiservice.yaml
+   ```
+
+###karmada-agent
+
+Due to [add unfied auth controller](https://github.com/karmada-io/karmada/pull/1104), we need to apply `karmada-agent` ClusterRole:
+
+```
+kubectl apply -f artifacts/agent/clusterrole.yaml
+```
+
+### Other
+
+If you need to use [MCS](https://github.com/karmada-io/karmada/blob/master/docs/multi-cluster-service.md) feature, we need to upgrade the version of member cluster's kube-apiserver to v1.21.x. For details about the upgrade reasons, see [comment](https://github.com/karmada-io/karmada/pull/1107#issuecomment-997159415).