diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go index a75c701d0cec6..7e876ef671d4f 100644 --- a/pkg/apis/kops/validation/validation.go +++ b/pkg/apis/kops/validation/validation.go @@ -130,10 +130,6 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie allErrs = append(allErrs, validateKubeAPIServer(spec.KubeAPIServer, c, fieldPath.Child("kubeAPIServer"), strict)...) } - if spec.ExternalCloudControllerManager == nil && spec.IsIPv6Only() { - allErrs = append(allErrs, field.Required(fieldPath.Child("cloudControllerManager"), "IPv6 requires external Cloud Controller Manager")) - } - if spec.KubeProxy != nil { allErrs = append(allErrs, validateKubeProxy(spec.KubeProxy, fieldPath.Child("kubeProxy"))...) } diff --git a/pkg/apis/nodeup/config.go b/pkg/apis/nodeup/config.go index 66486cd666a8d..460d762cb81fb 100644 --- a/pkg/apis/nodeup/config.go +++ b/pkg/apis/nodeup/config.go @@ -455,7 +455,7 @@ func buildKubeProxy(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) *k } func UsesInstanceIDForNodeName(cluster *kops.Cluster) bool { - return cluster.Spec.ExternalCloudControllerManager != nil && cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS + return cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS } func filterFileAssets(f []kops.FileAssetSpec, role kops.InstanceGroupRole) []kops.FileAssetSpec { diff --git a/pkg/model/components/awscloudcontrollermanager.go b/pkg/model/components/awscloudcontrollermanager.go index fea087553f0fd..e5d0a37cf9f0c 100644 --- a/pkg/model/components/awscloudcontrollermanager.go +++ b/pkg/model/components/awscloudcontrollermanager.go @@ -45,10 +45,6 @@ func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(o interface{}) er eccm := clusterSpec.ExternalCloudControllerManager - if eccm == nil { - return nil - } - // No significant downside to always doing a leader election. // Also, having multiple control plane nodes requires leader election. eccm.LeaderElection = &kops.LeaderElectionConfiguration{LeaderElect: fi.PtrTo(true)} diff --git a/pkg/model/components/gcpcloudcontrollermanager.go b/pkg/model/components/gcpcloudcontrollermanager.go index df1bffc1c1005..0b89b9928f33b 100644 --- a/pkg/model/components/gcpcloudcontrollermanager.go +++ b/pkg/model/components/gcpcloudcontrollermanager.go @@ -42,10 +42,6 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(options interface ccmConfig := clusterSpec.ExternalCloudControllerManager - if ccmConfig == nil { - return nil - } - // No significant downside to always doing a leader election. // Also, having multiple control plane nodes requires leader election. ccmConfig.LeaderElection = &kops.LeaderElectionConfiguration{LeaderElect: fi.PtrTo(true)} diff --git a/pkg/model/components/kubecontrollermanager.go b/pkg/model/components/kubecontrollermanager.go index 76778e6c0666d..cceb562d7cb9f 100644 --- a/pkg/model/components/kubecontrollermanager.go +++ b/pkg/model/components/kubecontrollermanager.go @@ -77,14 +77,6 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error kcm.ClusterName = b.ClusterName kcm.CloudProvider = "external" - if clusterSpec.ExternalCloudControllerManager == nil { - if kcm.CloudProvider == "aws" || kcm.CloudProvider == "gce" { - kcm.EnableLeaderMigration = fi.PtrTo(true) - } - } else { - kcm.CloudProvider = "external" - } - if kcm.LogLevel == 0 { kcm.LogLevel = 2 } diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index 9ad28c632d321..326fd6513ddd1 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -405,20 +405,12 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { // Protokube needs dns-controller permissions in instance role even if UseServiceAccountExternalPermissions. AddDNSControllerPermissions(b, p) - // If cluster does not use external CCM, the master IAM Role needs CCM permissions - if b.Cluster.Spec.ExternalCloudControllerManager == nil { - AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil) - AddLegacyCCMPermissions(p) - } - if !b.UseServiceAccountExternalPermisssions { esc := b.Cluster.Spec.SnapshotController != nil && fi.ValueOf(b.Cluster.Spec.SnapshotController.Enabled) AddAWSEBSCSIDriverPermissions(p, esc) - if b.Cluster.Spec.ExternalCloudControllerManager != nil { - AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil) - } + AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil) if c := b.Cluster.Spec.CloudProvider.AWS.LoadBalancerController; c != nil && fi.ValueOf(b.Cluster.Spec.CloudProvider.AWS.LoadBalancerController.Enabled) { AddAWSLoadbalancerControllerPermissions(p, c.EnableWAF, c.EnableWAFv2, c.EnableShield) @@ -826,28 +818,6 @@ func addEtcdManagerPermissions(p *Policy) { ) } -func AddLegacyCCMPermissions(p *Policy) { - p.unconditionalAction.Insert( - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:ModifyListener", - "ec2:DescribeVolumes", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - ) -} - func AddCCMPermissions(p *Policy, cloudRoutes bool) { p.unconditionalAction.Insert( "autoscaling:DescribeAutoScalingGroups", diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go index fd48db99a38cc..8cccc9f59bde0 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go @@ -865,7 +865,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) } if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderGCE { - if b.Cluster.Spec.ExternalCloudControllerManager != nil { + { key := "gcp-cloud-controller.addons.k8s.io" useBuiltin := !b.hasExternalAddon(key) @@ -1141,7 +1141,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS { - if b.Cluster.Spec.ExternalCloudControllerManager != nil { + { key := "aws-cloud-controller.addons.k8s.io" { diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index b6618b4cc8675..6c6c6597850b8 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -721,9 +721,7 @@ func (tf *TemplateFunctions) KopsControllerConfig() (string, error) { Region: tf.Region, } - if cluster.Spec.ExternalCloudControllerManager != nil { - config.Server.UseInstanceIDForNodeName = true - } + config.Server.UseInstanceIDForNodeName = true case kops.CloudProviderGCE: c := tf.cloud.(gce.GCECloud)