feat: add kubelet http2 support

[LambdaHJ]

Ⅰ. Describe what this PR does

support cce kubernetes cluster kubelet read-only port http2 scheme

Ⅱ. Does this pull request fix one issue?

fixes #150

Ⅲ. Describe how to verify it

Ⅳ. Special notes for reviews

[jasonliu747]

Thanks for your contribution. Please follow the instruction to sign off your commit.

[saintube]

please don't forget to add unit tests :)

[jasonliu747]

@LambdaHJ came up with another soultion. Have you ever tried using token in /var/run/secrets/kubernetes.io/serviceaccount/token as BearerToken to make an HTTPS request?

[jasonliu747]

As discussed earlier, let's use service account as token to access kubelet. And use apiserver as a failover only when kubelet doesn't work. There might be some pre-conditions to be met for token based authn/authz. For more information, please check https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/

Koordlet needs to reach node address and kubelet port. Addresses and ports are configured in kubelet and published as part of Node object. Addresses in .status.addresses and port in .status.daemonEndpoints.kubeletEndpoint.port field (default 10250).

And we can add a command line flag called kubelet-preferred-address-type(default to InternalIP and raise an error if not one of them: [Hostname, InternalIP, ExternalIP, InternalDNS, ExternalDNS]). Instead of 0.0.0.0, koordlet would pick that node address based on the flag.

[codecov]

Codecov Report

Merging #180 (c561879) into main (fc8db7c) will increase coverage by 0.40%.
The diff coverage is 63.77%.

❗ Current head c561879 differs from pull request most recent head 58bafa6. Consider uploading reports for the commit 58bafa6 to get more accurate results

@@            Coverage Diff             @@
##             main     #180      +/-   ##
==========================================
+ Coverage   58.63%   59.03%   +0.40%     
==========================================
  Files         100       99       -1     
  Lines        9222     9295      +73     
==========================================
+ Hits         5407     5487      +80     
+ Misses       3364     3347      -17     
- Partials      451      461      +10     

Flag	Coverage Δ
unittests	59.03% <63.77%> (+0.40%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/koordlet/statesinformer/states_informer.go	37.50% <27.77%> (+1.30%)	⬆️
pkg/koordlet/statesinformer/states_pod.go	73.77% <68.00%> (+32.86%)	⬆️
pkg/koordlet/statesinformer/kubelet_stub.go	66.66% <72.09%> (+31.37%)	⬆️
pkg/koordlet/statesinformer/config.go	100.00% <100.00%> (+41.66%)	⬆️
pkg/util/node.go	54.76% <100.00%> (+25.13%)	⬆️
pkg/runtimeproxy/server/docker/utils.go	17.50% <0.00%> (-12.50%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fc8db7c...58bafa6. Read the comment docs.

[eahydra]

/lgtm

[hormes]

/lgtm
/approve

[koordinator-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hormes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [hormes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jasonliu747]

/lgtm
Very nice PR, thanks for your contribution. @LambdaHJ