sync CNI config in goroutine

[answer1991]

What type of PR is this?

/kind bug

What this PR does / why we need it:

This PR fixes #74388 .
Kubelet run a new goroutine to sync CNI config if the runtime is dockershim, which fix the unexpected NotReady status when Node's iops is full.

Which issue(s) this PR fixes:

Fixes #74388

Special notes for your reviewer:
Before this fix, sync CNI config in the status check is inappropriate.

Does this PR introduce a user-facing change?:

Fix the unexpected NotReady status when Node's iops is full if the runtime is dockershim.

[k8s-ci-robot]

Hi @answer1991. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[answer1991]

@resouer @zhangxiaoyu-zidif

PTAL

[answer1991]

@changyaowei

PTAL

[answer1991]

@dchen1107

PTAL

[zhangxiaoyu-zidif]

/ok-to-test

[zhangxiaoyu-zidif]

/kind bug

[changyaowei]

We encounter the same question, LGTM

[zhangxiaoyu-zidif]

exec hack/update-bazel.sh please, if you modify import.

[answer1991]

@zhangxiaoyu-zidif

cool, already done. Thanks

[answer1991]

/retest

[resouer]

The change looks good from kubelet view, but should be defer to Dan (@dcbw)

/assign @dcbw

[dcbw]

Discussed with @squeed this morning. I think this is an acceptable workaround for now.

In the very near future we'd like to kill the periodic resync entirely and make the plugin choice more declarative, whether through a disk file or the kubelet ConfigMap (since dockershim doesn't have its own config options yet, they still go through Kubelet).

/approve
/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: answer1991, dcbw

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/kubelet/dockershim/network/OWNERS [dcbw]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[answer1991]

@dcbw

Actually, we had already refactor CNI config using ConfigMap in our downstream K8S. But the implement has already broken the CNI specification. So this PR use this workaround to follow the CNI specification.

Please feel free to let me know if you need any help when you start to refactor these codes, me and @changyaowei would like to provide some helps.

[dcbw]

@answer1991 I'm actually rethinking the ConfigMap bits; depending on the runtime you use (dockershim or crio or something else) kubelet may not be involved in the CNI decisions at all. So having any network plugin options in the kubelet config would be useless with a remote runtime like CRIO. Plus, dockershim is supposed to eventually also be a remote runtime and wouldn't use the kubelet options.

Which leads me to believe that perhaps the file-based approach is a better one for now, even if it isn't as "kubernetes-y".