Add apisnoop template

[hh]

Base of kubevirt-talos, but add add these missing features from pair:

• tracking audit events looks to be missing audit-policy.yaml and audit-sink.yaml so will need that added to the base template
• would be great to have the "hostname" code-server-0 have some reference to the node/VM else it could be a bit confusing which VM your connected to if someone is working on multiple VMs at the same time.

[hh]

We'll need to update the KubeadmControlPlane.Spec.KubeadmConfigSpec.ClusterConfiguration.APIServer.ControlPlaneComponent.ExtraArgs to include the following args:

• "cloud-provider": "external",
• "audit-policy-file": "/etc/kubernetes/pki/audit-policy.yaml",
• "audit-log-path": "-",
• "audit-webhook-config-file": "/etc/kubernetes/pki/audit-sink.yaml",

See https://github.com/sharingio/pair/blob/fdc243649284060cbd881adbd9867f2327f2394f/apps/cluster-api-manager/instances/kubernetes.go#L775-L782

[hh]

We'll also need to make the audit-*yaml files available via cluterapi+talos. Previously via clusterapi?kubeadm, we used a preKubeadmCommands.sh file.

# APIServer Audit rules, good for use with APISnoop suite for Kubernetes test writing
mkdir -p /etc/kubernetes/pki
cp ./manifests/audit-policy.yaml /etc/kubernetes/pki/audit-policy.yaml
cp ./manifests/audit-sink.yaml /etc/kubernetes/pki/audit-sink.yaml

https://github.com/sharingio/.sharing.io/blob/8775daae35efaf230ec4e8841b17b89938f3536a/cluster-api/preKubeadmCommands.sh#L36-L39

[hh]

Work on this template has been happening in the emacs pair instance and apisnoop branch:
https://github.com/cncf-infra/coder-templates/compare/apisnoop?expand=1

coder template creation and pushing as well as workspace creation are functioning there.

[hh]

• machinefile to get the yaml files onto disk : https://www.talos.dev/v1.3/reference/configuration/#machinefile
• extra-args to pass to apiserver : https://www.talos.dev/v1.3/reference/configuration/#controlplaneconfig