Add flag to disable bootstrap extension and improve error message

[willie-yao]

What type of PR is this?
/kind feature

What this PR does / why we need it:
This PR adds a more descriptive error message for the CAPZ Bootstrapping Extension so that users can better understand what went wrong when the extension fails to install. It also adds a new field DisableVMBootstrapExtension to disable only the bootstrap extension and not every extension like DisableExtensionOperations

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #5482

Special notes for your reviewer:

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

Add flag to disable bootstrap extension and improve error message

[codecov]

Codecov Report

Attention: Patch coverage is 32.50000% with 27 lines in your changes missing coverage. Please review.

Project coverage is 52.87%. Comparing base (bc33778) to head (b0f3689).
Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
azure/scope/machine.go	29.41%	24 Missing ⚠️
api/v1beta1/azuremachine_webhook.go	50.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5509      +/-   ##
==========================================
- Coverage   52.87%   52.87%   -0.01%     
==========================================
  Files         272      272              
  Lines       29473    29481       +8     
==========================================
+ Hits        15583    15587       +4     
- Misses      13083    13086       +3     
- Partials      807      808       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jackfrancis]

we might want to say "kubeadm init or join", as this error could occur on either the first control plane node (init) or any other node that joins the cluster afterwards

[willie-yao]

/retest

[nawazkh]

I am not so sure of the helpfulness of this message.

• Unless the verbosity of kubeadm init/join is increased by --v=<any number greater than 5> users do not have a way to debug the issue.
• Where else do we expect to see this message ? Is it available on the AzureMachine.Status ?

Suggestions:

• Should we be renaming #checking-cloud-init-logs-ubuntu to checking-cloud-init-logs-linux since Linux is more generic ?
• Can we paraphrase the error message from Error joining node to cluster: kubeadm init or join failed...... to Error: kubeadm init or join failed. Refer: https://capz.sigs.k8s.io/self-managed/troubleshooting.html?highlight=kubeadmcontrolplane#checking-cloud-init-logs-ubuntu for more guidance on debugging this.

[willie-yao]

Great suggestions! Gonna work on modifying it now...

Unless the verbosity of kubeadm init/join is increased by --v=<any number greater than 5> users do not have a way to debug the issue.

Is that true? If so, is there a way to change that from CAPZ? I've debugged bootstrap failures previously with these methods.

Where else do we expect to see this message ? Is it available on the AzureMachine.Status ?

I think so but I'm not 100% sure. It should show up in the CAPZ controller logs for sure

[willie-yao]

As per discussion with @jackfrancis, I'll work on potentially changing the script to search the cloud init logs automatically for any kind of error, and displaying that to the user.

[willie-yao]

/assign @nawazkh @mboersma

[mboersma]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 8e183ab5a3cdde10510a60e336ce6d482e8e8f5c

[nawazkh]

/lgtm
/approve <- Removed it for a question 💭

[nawazkh]

Can we have an e2e test that could check for disabled/enabled CAPZ Linux Bootstrap Extension ?
We can pursue that e2e test via another PR if it is too big of an ask, but for our confidence, it be nice to have :)
What are your thoughts @willie-yao ?

[willie-yao]

@nawazkh I'm not sure if adding an E2E test for this would be too much. We'll have to create an entirely new cluster with its own template to check it, and verifying the list of extensions in the unit test should be enough imo. It should be an easy implementation, but I'm just not sure if it's what we should do. wdyt @mboersma @jackfrancis

[nawazkh]

@nawazkh I'm not sure if adding an E2E test for this would be too much. We'll have to create an entirely new cluster with its own template to check it, and verifying the list of extensions in the unit test should be enough imo. It should be an easy implementation, but I'm just not sure if it's what we should do. wdyt @mboersma @jackfrancis

Thank you for sharing the context, I align with your thoughts. Just wanted a source of truth to show that this works.
Since you already tested this in your dev time, I am ok with skipping an e2e test for this scenario.
Besides, having a dedicated e2e would be an overkill.
We could probably tweak an existing e2e for this if need be :)

/lgtm

[nawazkh]

I will wait for @mboersma or @jackfrancis to weigh in since you pinged them. Otherwise, ready to be shipped from my end!

[mboersma]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mboersma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mboersma]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nawazkh]

Approved yesterday and still hasn't merged ? Strange.

[nawazkh]

Raised a question on tide regarding this in https://kubernetes.slack.com/archives/C7J9RP96G/p1745342990569219
I am manually merging this PR for now.