rke2+capd combination can't be used behind a proxy

Today, if we try to use RKE2 with capd behind an HTTP proxy, the proxy settings aren't seen by the RKE2 installation script used by the RKE2 CAPI bootstrap provider.

This is because capd does a rough emulation of cloud-init, but does not actually uses cloud-init.

The following cloud-init runCmd is generated:

runcmd:
  - "echo \"No update\" > /var/lib/grub-init\n"
  - "echo \"fs.inotify.max_user_watches = 524288\" >> /etc/sysctl.conf"
  - "echo \"fs.inotify.max_user_instances = 512\" >> /etc/sysctl.conf"
  - "sysctl --system"
  - "export HTTP_PROXY=http://my.proxy.internal.fr:8080"
  - "export HTTPS_PROXY=http://my.proxy.internal:8080"
  - "export NO_PROXY=100.72.0.0/16,100.73.0.0/16,internal.fr,internal.intraorg,sylva-control-plane,172.18.0.0/16,.cluster.local,.cluster.local.,.svc,.sylva,10.0.0.0/8,100.100.0.0/16,100.96.0.0/16,127.0.0.1,172.16.0.0/12,192.168.0.0/16,localhost"
  - "echo 'alias ctr=\"/var/lib/rancher/rke2/bin/ctr --namespace k8s.io --address /run/k3s/containerd/containerd.sock\"' >> /root/.bashrc"
  - "echo 'alias crictl=\"/var/lib/rancher/rke2/bin/crictl --runtime-endpoint /run/k3s/containerd/containerd.sock\"' >> /root/.bashrc"
  - "echo 'alias kubectl=\"KUBECONFIG=/etc/rancher/rke2/rke2.yaml /var/lib/rancher/rke2/bin/kubectl\"' >> /root/.bashrc"
  - "if [ -d /opt/rke2-artifacts ]; then\n  tar -zxvf /opt/rke2-artifacts/rke2.linux-amd64.tar.gz bin/rke2\n  rke2version=$(./bin/rke2 -v | head -1 | cut -d \" \" -f 3)\n  if [ \"$rke2version\" != \"v1.28.9+rke2r1\" ]; then\n    echo \"WARNING: Ignoring local RKE2 artifacts because local version $rke2version is different than the expected v1.28.9+rke2r1\"\n    mv /opt/rke2-artifacts/rke2.linux-amd64.tar.gz /opt/rke2-artifacts/rke2-wrong-version.linux-amd64.tar.gz\n    rm -rf bin/rke2\n  else\n    echo \"exporting INSTALL_RKE2_ARTIFACT_PATH so that RKE2 installation will be done from binaries in /opt/rke2-artifacts\"\n    export INSTALL_RKE2_ARTIFACT_PATH=/opt/rke2-artifacts\n  fi\nfi\n"
  - "echo \"Preparing RKE2 bootstrap\" > /var/log/my-custom-file.log"
  - 'curl -sfL https://get.rke2.io | INSTALL_RKE2_VERSION=v1.28.9+rke2r1 sh -s - server'
  - 'systemctl enable rke2-server.service'
  - 'systemctl start rke2-server.service'
  - 'mkdir /run/cluster-api' 
  - 'echo success > /run/cluster-api/bootstrap-success.complete'
  - "set -e"

Because capd executes each command individually (instead of doing this as a single shell script like cloud-init does), the export commands for proxy settings aren't effective, in particular not on the curl -sfL https://get.rke2.io command that would need them.

We can't solve this in Sylva.

(the precommands could be merged into a single item by sylva-capi-cluster, same for the post commands, but if we do that the curl -sfL https://get.rke2.io | INSTALL_RKE2_VERSION=v1.28.9+rke2r1 sh -s - server will still remain a standalone item, executed alone by capd, and hence not seeing environment variables tentatively set elsewhere)

Note that we have the same issue for export INSTALL_RKE2_ARTIFACT_PATH, but this one is only an optimization.

Upstream issue in CAPI/CAPD: https://github.com/kubernetes-sigs/cluster-api/issues/3488