daemon / cni: move to Cell, watch for changes

Refactor the CNI controller to use the Hive / Cell mechanism. This means
simplifying the underlying controller and making it run immediately,
rather than waiting for the Daemon to start. This mirrors the existing
behavior of the postStart hook, which will be going away.

The controller now also watches the CNI configuration directory and
reconciles whenever a file has changed; this is needed because some
chaining modes (e.g. AWS) need to wait until the aws-cni plugin installs
its own CNI configuration file. We then want to install our chained
plugin ASAP.

Previously, we would just loop until the configuration was created, but
that is fragile. Rather, set up an fsnotify and watch for changes that
way. This has the advantage of re-generating the chained configuration should
the underlying network change.

Signed-off-by: Casey Callendrello <cdc@isovalent.com>

Documentation/installation/cni-chaining-portmap.rst

@@ -49,8 +49,7 @@ Deploy Cilium release via Helm:
    You can combine the ``cni.chainingMode=portmap`` option with any of
    the other installation guides.
 
-As Cilium is deployed as a DaemonSet, it will write a new CNI configuration
-``05-cilium.conflist`` and remove the standard ``05-cilium.conf``. The new
+As Cilium is deployed as a DaemonSet, it will write a new CNI configuration. The new
 configuration now enables HostPort. Any new pod scheduled is now able to make
 use of the HostPort functionality.
 

daemon/cmd/cells.go

@@ -4,6 +4,7 @@
 package cmd
 
 import (
+	"github.com/cilium/cilium/daemon/cmd/cni"
 	"github.com/cilium/cilium/pkg/auth"
 	"github.com/cilium/cilium/pkg/bgpv1"
 	"github.com/cilium/cilium/pkg/crypto/certificatemanager"
@@ -51,6 +52,8 @@ var (
 		// Provides Clientset, API for accessing Kubernetes objects.
 		k8sClient.Cell,
 
+		cni.Cell,
+
 		// Provide option.Config via hive so cells can depend on the agent config.
 		cell.Provide(func() *option.DaemonConfig { return option.Config }),
 	)