Add flag to include api server audit logs in support bundle

[charles-large]

Issue #, if available:
https://github.com/aws/eks-anywhere-internal/issues/3210
Description of changes:
Adds a flag --audit-logs to generate support-bundle command. When specified, will include the latest api server audit log file in the support bundle.

It achieves this by using troubleshoot, with the RunDaemonSet collector. It only runs on control plane nodes, via a node selector. Only the latest log file will be collected, which can be up to 512MB due to audit-log-maxsize: "512" on api server pods. With multiple control plane nodes, the max size of these logs included could be a few GB.

Example run

./bin/eksctl-anywhere generate support-bundle -f ~/vsphere/largchar-colo-mgmt-vsphere.yaml --audit-logs

Example output from my support bundle

[ec2-user@ip-172-31-22-5 eks-anywhere]$ ls -lh support-bundle-2025-04-29T20_31_39/audit-logs/
total 636M
-rw-------. 1 ec2-user ec2-user 282M Apr 29 20:35 largchar-colo-mgmt-vsphere-44jzw.log
-rw-------. 1 ec2-user ec2-user 355M Apr 29 20:35 largchar-colo-mgmt-vsphere-knspr.log

Testing (if applicable):
Tested on Ubuntu, RHEL and Bottlerocket
Documentation added/planned (if applicable):
Flag has been added to public docs

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

Attention: Patch coverage is 89.47368% with 6 lines in your changes missing coverage. Please review.

Project coverage is 69.85%. Comparing base (08b3131) to head (6789e71).
Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/eksctl-anywhere/cmd/supportbundle.go	25.00%	3 Missing ⚠️
pkg/diagnostics/factory.go	50.00%	2 Missing ⚠️
cmd/eksctl-anywhere/cmd/generatebundleconfig.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9701      +/-   ##
==========================================
+ Coverage   69.78%   69.85%   +0.06%     
==========================================
  Files         672      672              
  Lines       49679    49810     +131     
==========================================
+ Hits        34669    34794     +125     
- Misses      13230    13234       +4     
- Partials     1780     1782       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[2ez4szliu]

It might be better to do

if auditLogs {
  b = b.WithAuditLogs()
}

The WithAuditLogs function will be used to add AuditLogCollector, not checking if we need to add it

[rajeshvenkata]

I think in WithAuditLogs we already have this check
if !auditLogs {
return e
}

[2ez4szliu]

yes I'm suggesting moving this if from WithAuditLogs to newDiagnosticBundleFromSpec

[charles-large]

I will move the logic outside the method

[charles-large]

I was basing this flow off other examples like

func (e *EksaDiagnosticBundle) WithManagementCluster(isSelfManaged bool) *EksaDiagnosticBundle {
	if isSelfManaged {
		e.bundle.Spec.Analyzers = append(e.bundle.Spec.Analyzers, e.analyzerFactory.ManagementClusterAnalyzers()...)
		e.bundle.Spec.Collectors = append(e.bundle.Spec.Collectors, e.collectorFactory.ManagementClusterCollectors()...)
	}
	return e
}

[2ez4szliu]

/lgtm

[rajeshvenkata]

/approve

[eks-distro-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rajeshvenkata

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rajeshvenkata]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment