What would you like to be added:

CRI API methods to execute kubelet TCP and HTTP probes/lifecycle hooks

Why is this needed:

Current probes/lifecycle hooks implementation forces the networking model to provide connectivity between the kubelet and the pods, however, this may not be true or easy to achieve in all platforms and all the CRI implementations.

Since the CRI API abstracts the communication between "the kubelet and its pods", and it already implements the exec probes through this API, it may be useful to have an API call to exec the networking TCP and/or HTTP probes.

This request doesn't require current implementations to move to a model based on CRI/API calls, it just opens the possibility to new platforms and other CRIs to start using it, and the project to study if it should start to migrate to this mode.

However, this can present some challenges as per Tim's comment

While this fixes some issues, it introduces new ones - old probes that used the node's localhost will be broken, for example. I don't see how we could do it by default.

References:

• sig-network thread https://groups.google.com/g/kubernetes-sig-network/c/nIo6ffat7TI/m/xIEtpAAeDgAJ
• Pod readiness probe cannot be directed at specific IP family
  Pod readiness probe cannot be directed at specific IP family #101324 (comment)
• Pod probes lead to blind SSRF from the node
  Pod probes lead to blind SSRF from the node #99425 (comment)