Quoting from a different issue:

Can you please summarize what a user would have to do to rollout a change to a KubeadmConfig with a reguar cluster (not using ClusterClass). Is it as simple as modifying the KubeadmConfig object that is linked in a MachinePool directly?

Change MachinePool.spec.template.spec.bootstrap.configRef.name and the KubeadmConfig.spec changes will be reconciled.
In practice, that means a user's KubeadmConfig.metadata.name should be suffixed with a hash (or increasing number) when making changes, and the reference in the MachinePool object gets changed to this new KubeadmConfig name.
#8858 (comment)

The ClusterClass MachinePool implementation today uses one single BootstrapConfig / KubeadmConfig object for a MachinePool and just continuously patches it in-place to rollout changes.

Based on #8858 this is not enough, it seems to be required to rotate the BootstrapConfig object (create a new one + update the ref in MachinePool).

Someone would need to confirm if my observation is correct.

Furthermore I don't know if there is a documented contract as of today for MachinePools how BootstrapConfigs are supposed to be rolled out. I also don't know if MachinePools behave the same across providers today.

So my tl;dr:

• ClusterClass can probably not rollout BootstrapConfig changes for MachinePools today
• We need a documented contract on how BootstrapConfig rollouts are supposed to work with MachinePools

This issue is currently awaiting triage.

CAPI contributors will take a look as soon as possible, apply one of the triage/* labels and provide further guidance.

I don't have the know how about MachinePools and MachinePool implementations in providers to be 100% sure. I also don't have the time to do the required research, but I just wanted to surface this issue, so folks have a chance to fix it (or determine that everything is actually fine at the moment).

(cc @AndiDog @willie-yao, just fyi)

/priority important-longterm
/kind bug