kubeadm: Upload CRISocket information in kubeadm init/join

[luxas]

What this PR does / why we need it:

As a side-effect, kubeadm join will become blocking on the kubelet doing the TLS bootstrap. This partially also fixes problems when users run kubeadm join and it returns successfully without anything happening as the kubelet is actually unhealthy. If that happens now kubeadm join will exit with a non-zero code.

What this PR does is it uploads the CRISocket information to the Node API object as a workaround until we have something like #64460 in place that will solve this problem for real. This way we won't lose the CRISocket information which we would otherwise do.
This can be used for kubeadm upgrade or kubeadm reset in future releases.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:
Depends on #64624

Release note:

[action required] `kubeadm join` is now blocking on the kubelet performing the TLS Bootstrap properly.
Earlier, `kubeadm join` only did the discovery part and exited successfully without checking that the
kubelet actually started properly and performed the TLS bootstrap correctly. Now, as kubeadm runs
some post-join steps (e.g. annotating the Node API object with the CRISocket as in this PR, as a
stop-gap until this is discoverable automatically), `kubeadm join` is now waiting for the kubelet to
perform the TLS Bootstrap, and then uses that credential to perform further actions. This also
improves the UX, as `kubeadm` will exit with a non-zero code if the kubelet isn't in a functional
state, instead of pretending like everything's fine.

@kubernetes/sig-cluster-lifecycle-pr-reviews

[k8s-github-robot]

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@fabriziopandini @luxas @timothysc

Pull Request Labels

• sig/cluster-lifecycle: Pull Request will be escalated to these SIGs if needed.
• priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
• kind/feature: New functionality.

Help

• Additional instructions
• Commands for setting labels

[timothysc]

I've got issues with this, but we're at time.

• tests, not the contract we discussed, comments on details...

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: luxas, timothysc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [luxas,timothysc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[luxas]

tests

I'll add an unit test for this for sure asap

not the contract we discussed

We decided recently in slack that we'd upload this unconditionally, so we can distinguish between losing the crisocket information (because of a bad patch) and just using the default. With this we can do that. If the annotation is not there, we'll ask the user for the information.

comments on details

I think I have commented the code fairly well, if there's something specific you wanted to see, please shout

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[luxas]

just updated the generated bazel code

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 63717, 64646, 64792, 64784, 64800). If you want to cherry-pick this change to another branch, please follow the instructions here.

[php-coder]

@luxas Could you update release notes for this issue and, if it's possible, already generated changelog entry?

[luxas]

@php-coder fixed the release note, thanks for the ping and sorry that I forgot to do it right away.
I will also update the changelog 👍

[luxas]

FWIW #65231