Merge pull request #29037 from matthewdupre/calico-policy-deploy

Automatic merge from submit-queue

Add support for kube-up.sh to deploy Calico network policy to GCI masters

Also remove requirement for calicoctl from Debian / salt installed nodes and clean it up a little by deploying calico-node with a manifest rather than calicoctl.  This also makes it more reliable by retrying properly.

How to use:
```
make quick-release
NETWORK_POLICY_PROVIDER=calico cluster/kube-up.sh
```

One place where I was uncertain:
- CPU allocations (on the master particularly, where there's very little spare capacity).  I took some from etcd, but if there's a better way to decide this, I'm happy to change it.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/29037)
<!-- Reviewable:end -->

cluster/gce/gci/configure-helper.sh

@@ -945,6 +945,9 @@ function start-kube-addons {
   if echo "${ADMISSION_CONTROL:-}" | grep -q "LimitRanger"; then
     setup-addon-manifests "admission-controls" "limit-range"
   fi
+  if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then
+    setup-addon-manifests "addons" "calico-policy-controller"
+  fi
 
   # Place addon manager pod manifest.
   cp "${src_dir}/kube-addon-manager.yaml" /etc/kubernetes/manifests