feat(adapter): replace kubelet HTTP polling with SharedIndexInformer

[huynna12]

What

Replaces the periodic kubelet HTTP polling in internal/adapter/kubernetes.go
with a SharedIndexInformer scoped to the local node, giving instant pod
visibility and eliminating kubelet read-only API dependency.

Why

Fixes #19

How

• SharedInformerFactory filtered via fields.OneTermEqualSelector("spec.nodeName",
  nodeName)
• Two in-memory indexes (uidIndex + cgroupIndex) updated via event handlers for O(1)
  lookups
• cgroupIndex covers pod UID variants (dashes/underscores) + container ID (full + 12-char
  prefix)
• Exponential backoff (1s→2min) on API server failure; stale entries preserved so
  enrichment continues degraded
• buildClientset() tries in-cluster service account first, falls back to KUBECONFIG for
  dev

Testing

• go build ./... passes
• go test ./... passes
• go vet ./... passes
• golangci-lint run ./... passes
• Tested locally with:

• N/A — pure docs/refactor
• sudo ./bin/bpf-verify --read 5s confirms 6/6 programs still load
• ./scripts/verify.sh passes (or specific phase: ./scripts/verify.sh quality)

Checklist

• PR title follows Conventional Commits (feat(scope): subject)
• All commits are DCO-signed (git commit -s)
• No unrelated changes pulled in
• Documentation updated where user-visible behavior changed
• Added/updated tests for new code paths
• If a new doctor rule, paired with a chaos scenario in scripts/verify.sh

[github-actions]

🚀 First PR — welcome aboard!

A few things to expect:

1. CI: every PR runs build + race tests + lint + (eventually) the kernel matrix. If something fails, the log will tell you exactly which gate.
2. DCO: every commit needs Signed-off-by: — git commit -s adds it automatically.
3. Conventional Commits: PR titles like feat(doctor): add new rule or fix(bpf): handle X. We squash-merge by default.
4. Review: a maintainer will review within 72 hours. Suggestions are conversations, not orders — push back if something doesn't fit your context.

If you get stuck, reply here or jump to Discussions. We want this PR to land.

[btwshivam]

@huynna12 lints are failing..

[btwshivam]

ci's red from the go.mod bump to 1.26.0 (ci runs 1.25), and the title scope adapter/k8s isn't allowed (use feat(adapter): or feat(k8s):). fix both and it's close, the informer locking and cache-sync look right.

[btwshivam]

this bumps the go directive to 1.26.0, but ci runs 1.25.x, so go test dies with go.mod requires go >= 1.26.0 (running go 1.25.10) and golangci-lint fails because it's built with go1.25 and can't target 1.26.0. that's both red checks. looks like an accidental bump from go mod tidy on a 1.26 toolchain. set it back to go 1.25.4.

[btwshivam]

this duplicates KERNO_NODE_NAME four lines down, both injected from spec.nodeName. the adapter already falls back to KERNO_NODE_NAME (kubernetes.go:63-66), so NODE_NAME is redundant and it breaks the KERNO_ env convention the rest of the daemonset uses. drop it and rely on KERNO_NODE_NAME.

[btwshivam]

rest eveything looks good.. well done.. fix them.. then we can merge!!

[huynna12]

rest eveything looks good.. well done.. fix them.. then we can merge!!

I fixed it all. Please check it again and let me know if there are things else that I need to change/fix. Thank you.

[btwshivam]

@huynna12 I can still see conflicts.. fix it please

[huynna12]

@btwshivam there is no conflict now