fix(artifact-operator): gate sidecar startup on first local reconcile

[c2ndev]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area instance-operator

/area artifact-operator

/area chart

/area pkg

/area api

/area docs

What this PR does / why we need it:

Without a startupProbe, kubelet marks the artifact-operator native sidecar Started the moment it launches, so the Falco main container boots in parallel with the sidecar's first reconcile and races plugin .so / rules / config writes into the shared emptyDir volumes. The result is a startup loop with LOAD_ERR_VALIDATE errors and 1–2 container restarts on every fresh Falco pod.

This PR adds a process-local startup gate and a StartupProbe on the sidecar that points at it. The gate snapshots node-applicable Plugin/Rulesfile/Config CRs at boot and opens only after each one has had a real local reconcile attempt in this process — not after a cluster-wide .status.conditions flip, which can be stale from a previous pod's emptyDir.

Which issue(s) this PR fixes:

Fixes #326

Special notes for your reviewer:

[poiana]

LGTM label has been added.

Details

Git tree hash: c206ef7fcad300e0a9b2e485dc68a55a657b663b

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: c2ndev, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [c2ndev,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment