azure-workload-identity feat: allow proxies to be injected using a native sidecar

Reason for Change:

Fixes Issue 773 by using native sidecars so that pods exit cleanly when running as cronjobs, currently azwi sidecar prevents the pod from terminating.

It also addresses an annoyance where the first container in the pod is the proxy, so any kubectl commands target that container, previously I was working around this by adding the default-container annotation.

I've kept the current behaviour as the default because this change requires at least k8s 1.28, adding the annotation azure.workload.identity/use-native-sidecar enables native sidecars. But it seems to work well so at some point in the future you could just make this the default behaviour.

No update to deployment.yaml

No change to Helm chart

Requirements

[X] squashed commits
[X] included documentation
[X] added unit tests and e2e tests (if applicable).

Issue Fixed:

Fixes #733

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

[ ] yes
[X] no

Notes for Reviewers: Tested on v1.30.0-eks-fff26e3

Aug 21 '24 10:08 devjoes

@microsoft-github-policy-service agree

Aug 21 '24 10:08 devjoes

@aramase @enj any update on this PR? I've just rebased it and messaged our MS TAMs to see if they can do anything to get it merged.

Sep 09 '24 09:09 devjoes

Hi, Can we have any news for this PR please :) @aramase @enj

Dec 09 '24 10:12 bench

@bench I think that this repo is dead tbh. I'm going to get on to our account managers and see if they can talk to whoever is in charge of it

Feb 13 '25 18:02 devjoes

/azp run