Use hostprocess for Windows node manager in Helm chart

[CecileRobertMichon]

What type of PR is this?

/kind bug

What this PR does / why we need it:

Currently, external cloud-provider does not work with Windows nodes when using the Helm chart. The Daemonset for cloud-node-manager-windows is not able to reach the metadata endpoint and therefore windows nodes always have the Taint node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule.

This PR changes the cloud-node-manager-windows Daemonset to use hostProcess: true and adds a temporary workaround for not being able to use inClusterConfig() (until k8s 1.26 + containerd v1.7).

All credits go to @mweibel and @marosset for discovering the issue and suggesting a fix.

Which issue(s) this PR fixes:

Fixes kubernetes-sigs/cluster-api-provider-azure#2591

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[netlify]

✅ Deploy Preview for kubernetes-sigs-cloud-provide-azure ready!

Name	Link
🔨 Latest commit	4a33259
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cloud-provide-azure/deploys/63e5a398d9e87c00088556da
😎 Deploy Preview	https://deploy-preview-3283--kubernetes-sigs-cloud-provide-azure.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[CecileRobertMichon]

/kind bugfix

[k8s-ci-robot]

@CecileRobertMichon: The label(s) kind/bugfix cannot be applied, because the repository doesn't have them.

Details

In response to this:

/kind bugfix

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[CecileRobertMichon]

/kind bug

[CecileRobertMichon]

/assign @marosset

[feiskyer]

the Daemonset for cloud-node-manager-windows is not able to reach the metadata endpoint

Could you elaborate why IMDS is not reachable on capz?

[CecileRobertMichon]

Could you elaborate why IMDS is not reachable on capz?

@marosset can weigh in but I believe it's not a capz limitation, it's a calico overlay networking issue: kubernetes-sigs/cluster-api-provider-azure#2132

Azure CSI driver helm charts also had to do this for this reason: kubernetes-sigs/azuredisk-csi-driver#1201

[marosset]

/lgtm

This should unblock deploying the Windows cloud-node-manager!
We can update the deployment to no longer need the powershell / kube-config after containerd 1.7 releases (but the current changes should work on both containerd 1.6 and 1.7)

[marosset]

Could you elaborate why IMDS is not reachable on capz?

@marosset can weigh in but I believe it's not a capz limitation, it's a calico overlay networking issue: kubernetes-sigs/cluster-api-provider-azure#2132

I believe it is a limitation on overlay networking on Windows in general (not specific to calico)

[CecileRobertMichon]

/assign @feiskyer

[feiskyer]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CecileRobertMichon, feiskyer, marosset

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [feiskyer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment