Provide a daemon-set to ease the deployment of nydus-snapshotter

[fidencio]

Folks,

I'm coming here with my Kata Containers and Confidential Containers hats on, in order to propose that nydus-snapshotter provides a payload / daemon-set so we can easily consume it and install it on environments where we cannot ssh into the nodes where we're deploying the nydus-snapshotter.

It can be names something like nydus-snapshotter-for-confidential-containers, and we can make sure we use this, from here, on both Kata Containers and Confidential Containers CI.

The idea would be to start with something that we already have for Confidential Containers, and then @ChengyuZhu6 would be leading this effort to get that piece here, make it generic to nydus-snapshotter, and we'd consume it from the Confidential Containers and Kata Containers side.

While I know that using a daemon-set is not the best way to configure nydus, and people should consider doing this directly as part of their node image, I think this is a good starting point for folks who want to try nydus-snapshotter in an "easy" way.

[fidencio]

/cc @jiangliu @bergwolf

[imeoer]

The helm chart here provides a way to deploy nydus snapshotter as a daemonset pod, is it available to our test?

[fidencio]

The helm chart here provides a way to deploy nydus snapshotter as a daemonset pod, is it available to our test?

Oh, this is super interesting and easy to expand for the Confidential Containers use-case!