add support for egress control injection

[Kuromesi]

Ⅰ. Describe what this PR does

Add egress-control sidecar injection with automatic health probe rewriting via a new controller-runtime managed Injector, replacing the old inline injection path.

Support strategic merge patch runtime injection, allow us to inject with more flexibility and extensibility.

Ⅱ. Does this pull request fix one issue?

Ⅲ. Describe how to verify it

Ⅳ. Special notes for reviews

[kruise-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zmberg for approval by writing /assign @zmberg in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kruise-bot]

Welcome @Kuromesi! It looks like this is your first PR to openkruise/agents 🎉

[furykerry]

plz use informer cache based controller in controller-runtime, not directly with client-go and shared informer. Actually, is it really necessary to use a controller loop ? consider fetch config directly from informer cache, and cache the parsed config values

[furykerry]

it is bad practice to put heavy operation(lock in onConfigChange) in event handler, which will block watch operations

[furykerry]

plz keep the field and json name as Volumes

[Kuromesi]

Json tag is not changed, only the go struct filed is changed, the go struct field and json tag is not consistent now.

[furykerry]

template patch is too free form, consider using the injection logic similar to csi/agent-runtime

[furykerry]

patchRewriteProbe accepts annotations parameter but never uses it

[furykerry]

lifecycelHandler -> lifecycleHandler

[furykerry]

SidecarInjectConfig mixes public API and internal cache, consider using configmap generation for revision detection

[furykerry]

The heuristic of checking the first character to decide JSON vs YAML is fragile. A YAML file could start with { (flow style). The parseConfigValue function in injector.go always uses yaml.Unmarshal (which also handles JSON), making the JSON-detection logic in parseInjectConfig redundant and inconsistent. Consider unifying both paths to always use json

[codecov]

Codecov Report

❌ Patch coverage is 82.43243% with 52 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.74%. Comparing base (a4e640d) to head (0f7bb78).
⚠️ Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/utils/sidecarutils/sidecar_config_inject.go	42.85%	15 Missing and 5 partials ⚠️
pkg/utils/sidecarutils/injector.go	80.76%	8 Missing and 7 partials ⚠️
.../utils/sidecarutils/egress-control/health_probe.go	95.90%	4 Missing and 3 partials ⚠️
pkg/utils/utils.go	0.00%	5 Missing ⚠️
pkg/controller/sandbox/core/common_control.go	40.00%	2 Missing and 1 partial ⚠️
pkg/controller/sandbox/sandbox_controller.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #397      +/-   ##
==========================================
+ Coverage   76.51%   76.74%   +0.22%     
==========================================
  Files         146      151       +5     
  Lines       10684    11012     +328     
==========================================
+ Hits         8175     8451     +276     
- Misses       2168     2204      +36     
- Partials      341      357      +16     

Flag	Coverage Δ
unittests	76.74% <82.43%> (+0.22%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.