fix: let Windows Retina use the InClusterConfig (#1118)

# Description

As of [AKS 1.30](https://github.com/Azure/AKS/releases/tag/2024-06-09),
service account tokens refresh every ~1 hour when OIDC is enabled. They
were previously valid for a year.
[This setkubeconfigpath.ps1
script](https://github.com/Azure/azure-container-networking/blob/47b243c42fd16119a96ab6d06eb602ac2ce40e7d/npm/examples/windows/setkubeconfigpath.ps1)
was at some point necessary on Windows to create a valid kubeconfig for
Retina WIndows. It copies the token from the token file to create a
custom kubeconfig from a template at startup and then we pass Retina
Windows that file via --kubeconfig.

The script runs at startup and never re-runs, so the token that exists
at Pod start is the token CNS will try to use forever. Yearly token
lifespans were long enough that no Retina Windows Pod was ever up long
enough to hit token expiration.

This becomes an issue with hourly token lifespans. An hour after Pod
start, the token becomes invalid and Retina Windows can no longer auth
to the API server. For PodSubnet clusters, this permanently prevents
Retina Windows from being able to scale the IPAM pool and provide more
Pod IPs.

Fix for CNS which referenced:
Azure/azure-container-networking#3248

## Related Issue

If this pull request is related to any issue, please mention it here.
Additionally, make sure that the issue is assigned to you before
submitting this pull request.

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes
made.

## Additional Notes

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

Author: rayaisaiah

deploy/hubble/manifests/controller/helm/retina/templates/agent/daemonset.yaml

@@ -196,7 +196,11 @@ spec:
           command:
             - powershell.exe
             - -command
+            {{- if semverCompare ">=1.28" .Capabilities.KubeVersion.GitVersion }}
+            - $env:CONTAINER_SANDBOX_MOUNT_POINT/controller.exe --config ./retina/config.yaml
+            {{- else }}
             - .\setkubeconfigpath.ps1; ./controller.exe --config ./retina/config.yaml --kubeconfig ./kubeconfig
+            {{- end }}
           readinessProbe:
             httpGet:
               path: /metrics

windows/manifests/windows.yaml

@@ -41,8 +41,11 @@ spec:
           command:
             - powershell.exe
             - -command
+            {{- if semverCompare ">=1.28" .Capabilities.KubeVersion.GitVersion }}
+            - $env:CONTAINER_SANDBOX_MOUNT_POINT/controller.exe --config ./retina/config.yaml
+            {{- else }}
             - .\setkubeconfigpath.ps1; ./controller.exe --config ./retina/config.yaml --kubeconfig ./kubeconfig
-            # .\setkubeconfigpath.ps1; Start-Sleep -s 1000
+            {{- end }}
           securityContext:
             privileged: true
           volumeMounts: