Cleanup: remove all cloud_provider related tasks & files

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>

inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml

@@ -141,7 +141,7 @@ kube_proxy_nodeport_addresses: >-
 
 # If non-empty, will use this string as identification instead of the actual hostname
 # kube_override_hostname: >-
-#   {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+#   {%- if cloud_provider is defined -%}
 #   {%- else -%}
 #   {{ inventory_hostname }}
 #   {%- endif -%}

roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml

@@ -1,6 +0,0 @@
----
-
-oci_security_list_management: All
-oci_use_instance_principals: false
-oci_cloud_controller_version: 0.7.0
-oci_cloud_controller_pull_source: iad.ocir.io/oracle/cloud-provider-oci

roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml

@@ -1,67 +0,0 @@
----
-
-- name: "OCI Cloud Controller | Credentials Check | oci_private_key"
-  fail:
-    msg: "oci_private_key is missing"
-  when:
-    - not oci_use_instance_principals
-    - oci_private_key is not defined or not oci_private_key
-
-- name: "OCI Cloud Controller | Credentials Check | oci_region_id"
-  fail:
-    msg: "oci_region_id is missing"
-  when:
-    - not oci_use_instance_principals
-    - oci_region_id is not defined or not oci_region_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_tenancy_id"
-  fail:
-    msg: "oci_tenancy_id is missing"
-  when:
-    - not oci_use_instance_principals
-    - oci_tenancy_id is not defined or not oci_tenancy_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_user_id"
-  fail:
-    msg: "oci_user_id is missing"
-  when:
-    - not oci_use_instance_principals
-    - oci_user_id is not defined or not oci_user_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_user_fingerprint"
-  fail:
-    msg: "oci_user_fingerprint is missing"
-  when:
-    - not oci_use_instance_principals
-    - oci_user_fingerprint is not defined or not oci_user_fingerprint
-
-- name: "OCI Cloud Controller | Credentials Check | oci_compartment_id"
-  fail:
-    msg: "oci_compartment_id is missing. This is the compartment in which the cluster resides"
-  when:
-    - oci_compartment_id is not defined or not oci_compartment_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_vnc_id"
-  fail:
-    msg: "oci_vnc_id is missing. This is the Virtual Cloud Network in which the cluster resides"
-  when:
-    - oci_vnc_id is not defined or not oci_vnc_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_subnet1_id"
-  fail:
-    msg: "oci_subnet1_id is missingg. This is the first subnet to which loadbalancers will be added"
-  when:
-    - oci_subnet1_id is not defined or not oci_subnet1_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_subnet2_id"
-  fail:
-    msg: "oci_subnet2_id is missing. Two subnets are required for load balancer high availability"
-  when:
-    - oci_cloud_controller_version is version_compare('0.7.0', '<')
-    - oci_subnet2_id is not defined or not oci_subnet2_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_security_list_management"
-  fail:
-    msg: "oci_security_list_management is missing, or not defined correctly. Valid options are (All, Frontend, None)."
-  when:
-    - oci_security_list_management is not defined or oci_security_list_management not in ["All", "Frontend", "None"]

roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml

@@ -1,35 +0,0 @@
----
-
-- name: OCI Cloud Controller | Check Oracle Cloud credentials
-  import_tasks: credentials-check.yml
-
-- name: "OCI Cloud Controller | Generate Cloud Provider Configuration"
-  template:
-    src: controller-manager-config.yml.j2
-    dest: "{{ kube_config_dir }}/controller-manager-config.yml"
-    mode: "0644"
-  when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Slurp Configuration"
-  slurp:
-    src: "{{ kube_config_dir }}/controller-manager-config.yml"
-  register: controller_manager_config
-
-- name: "OCI Cloud Controller | Encode Configuration"
-  set_fact:
-    controller_manager_config_base64: "{{ controller_manager_config.content }}"
-  when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Generate Manifests"
-  template:
-    src: oci-cloud-provider.yml.j2
-    dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
-    mode: "0644"
-  when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Apply Manifests"
-  kube:
-    kubectl: "{{ bin_dir }}/kubectl"
-    filename: "{{ kube_config_dir }}/oci-cloud-provider.yml"
-    state: latest
-  when: inventory_hostname == groups['kube_control_plane'][0]

roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2

@@ -1,89 +0,0 @@
-{% macro private_key() %}{{ oci_private_key }}{% endmacro %}
-
-{% if oci_use_instance_principals %}
-  # (https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm).
-  # Ensure you have setup the following OCI policies and your kubernetes nodes are running within them
-  # allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name]
-  # allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name]
-  # allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name]
-useInstancePrincipals: true
-{% else %}
-useInstancePrincipals: false
-{% endif %}
-
-auth:
-
-{% if oci_use_instance_principals %}
-  # This key is put here too for backwards compatibility
-  useInstancePrincipals: true
-{% else %}
-  useInstancePrincipals: false
-
-  region: {{ oci_region_id }}
-  tenancy: {{ oci_tenancy_id }}
-  user: {{ oci_user_id }}
-  key: |
-    {{ oci_private_key }}
-
-  {% if oci_private_key_passphrase is defined %}
-  passphrase: {{ oci_private_key_passphrase }}
-  {% endif %}
-
-
-  fingerprint: {{ oci_user_fingerprint }}
-{% endif %}
-
-# compartment configures Compartment within which the cluster resides.
-compartment: {{ oci_compartment_id }}
-
-# vcn configures the Virtual Cloud Network (VCN) within which the cluster resides.
-vcn: {{ oci_vnc_id }}
-
-loadBalancer:
-  # subnet1 configures one of two subnets to which load balancers will be added.
-  # OCI load balancers require two subnets to ensure high availability.
-  subnet1: {{ oci_subnet1_id }}
-{% if oci_subnet2_id is defined %}
-  # subnet2 configures the second of two subnets to which load balancers will be
-  # added. OCI load balancers require two subnets to ensure high availability.
-  subnet2: {{ oci_subnet2_id }}
-{% endif %}
-  # SecurityListManagementMode configures how security lists are managed by the CCM.
-  #   "All" (default): Manage all required security list rules for load balancer services.
-  #   "Frontend":      Manage only security list rules for ingress to the load
-  #                    balancer. Requires that the user has setup a rule that
-  #                    allows inbound traffic to the appropriate ports for kube
-  #                    proxy health port, node port ranges, and health check port ranges.
-  #                    E.g. 10.82.0.0/16 30000-32000.
-  #   "None":          Disables all security list management. Requires that the
-  #                    user has setup a rule that allows inbound traffic to the
-  #                    appropriate ports for kube proxy health port, node port
-  #                    ranges, and health check port ranges. E.g. 10.82.0.0/16 30000-32000.
-  #                    Additionally requires the user to mange rules to allow
-  #                    inbound traffic to load balancers.
-  securityListManagementMode: {{ oci_security_list_management }}
-
-{% if oci_security_lists is defined and oci_security_lists | length > 0 %}
-  # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
-  securityLists:
-{% for subnet_ocid, list_ocid in oci_security_lists.items() %}
-    {{ subnet_ocid }}: {{ list_ocid }}
-{% endfor %}
-{% endif %}
-
-{% if oci_rate_limit is defined and oci_rate_limit | length > 0 %}
-# Optional rate limit controls for accessing OCI API
-rateLimiter:
-{% if oci_rate_limit.rate_limit_qps_read %}
-  rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_qps_write %}
-  rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_bucket_read %}
-  rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_bucket_write %}
-  rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }}
-{% endif %}
-{% endif %}

roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2

@@ -1,69 +0,0 @@
-apiVersion: v1
-data:
-  cloud-provider.yaml: {{ controller_manager_config_base64 }}
-kind: Secret
-metadata:
-  name: oci-cloud-controller-manager
-  namespace: kube-system
-type: Opaque
-
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: oci-cloud-controller-manager
-  namespace: kube-system
-  labels:
-    k8s-app: oci-cloud-controller-manager
-spec:
-  selector:
-    matchLabels:
-      component: oci-cloud-controller-manager
-      tier: control-plane
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        component: oci-cloud-controller-manager
-        tier: control-plane
-    spec:
-{% if oci_cloud_controller_pull_secret is defined %}
-      imagePullSecrets:
-      - name: {{ oci_cloud_controller_pull_secret }}
-{% endif %}
-      serviceAccountName: cloud-controller-manager
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
-      tolerations:
-      - key: node.cloudprovider.kubernetes.io/uninitialized
-        value: "true"
-        effect: NoSchedule
-      - key: node-role.kubernetes.io/control-plane
-        operator: Exists
-        effect: NoSchedule
-      volumes:
-        - name: cfg
-          secret:
-            secretName: oci-cloud-controller-manager
-        - name: kubernetes
-          hostPath:
-            path: /etc/kubernetes
-      containers:
-        - name: oci-cloud-controller-manager
-          image: {{ oci_cloud_controller_pull_source }}:{{ oci_cloud_controller_version }}
-          command: ["/usr/local/bin/oci-cloud-controller-manager"]
-          args:
-            - --cloud-config=/etc/oci/cloud-provider.yaml
-            - --cloud-provider=oci
-            - --leader-elect-resource-lock=configmaps
-            - -v=2
-          volumeMounts:
-            - name: cfg
-              mountPath: /etc/oci
-              readOnly: true
-            - name: kubernetes
-              mountPath: /etc/kubernetes
-              readOnly: true

roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml

@@ -1,124 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: system:cloud-controller-manager
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - '*'
-
-- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
-
-- apiGroups:
-  - ""
-  resources:
-  - services
-  verbs:
-  - list
-  - watch
-  - patch
-
-- apiGroups:
-  - ""
-  resources:
-  - services/status
-  verbs:
-  - update
-
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-  - update
-
-# For leader election
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  verbs:
-  - create
-
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  resourceNames:
-  - "cloud-controller-manager"
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  resourceNames:
-  - "cloud-controller-manager"
-  verbs:
-  - get
-  - update
-
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-
-# For the PVL
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumes
-  verbs:
-  - list
-  - watch
-  - patch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: oci-cloud-controller-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:cloud-controller-manager
-subjects:
-- kind: ServiceAccount
-  name: cloud-controller-manager
-  namespace: kube-system

roles/kubernetes-apps/cluster_roles/tasks/main.yml

@@ -59,13 +59,6 @@
     - inventory_hostname == groups['kube_control_plane'][0]
   tags: node-webhook
 
-- name: Configure Oracle Cloud provider
-  include_tasks: oci.yml
-  tags: oci
-  when:
-    - cloud_provider is defined
-    - cloud_provider == 'oci'
-
 - name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
   copy:
     src: k8s-cluster-critical-pc.yml

roles/kubernetes-apps/cluster_roles/tasks/oci.yml

@@ -1,19 +0,0 @@
----
-- name: Copy OCI RBAC Manifest
-  copy:
-    src: "oci-rbac.yml"
-    dest: "{{ kube_config_dir }}/oci-rbac.yml"
-    mode: "0640"
-  when:
-  - cloud_provider is defined
-  - cloud_provider == 'oci'
-  - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Apply OCI RBAC
-  kube:
-    kubectl: "{{ bin_dir }}/kubectl"
-    filename: "{{ kube_config_dir }}/oci-rbac.yml"
-  when:
-  - cloud_provider is defined
-  - cloud_provider == 'oci'
-  - inventory_hostname == groups['kube_control_plane'][0]

roles/kubernetes-apps/meta/main.yml

@@ -103,14 +103,6 @@ dependencies:
     tags:
       - container_engine_accelerator
 
-  - role: kubernetes-apps/cloud_controller/oci
-    when:
-      - cloud_provider is defined
-      - cloud_provider == "oci"
-      - inventory_hostname == groups['kube_control_plane'][0]
-    tags:
-      - oci
-
   - role: kubernetes-apps/gateway_api
     when:
       - gateway_api_enabled

roles/kubernetes-apps/persistent_volumes/meta/main.yml

@@ -1,12 +1,5 @@
 ---
 dependencies:
-  - role: kubernetes-apps/persistent_volumes/openstack
-    when:
-      - cloud_provider is defined
-      - cloud_provider in [ 'openstack' ]
-    tags:
-      - persistent_volumes_openstack
-
   - role: kubernetes-apps/persistent_volumes/cinder-csi
     when:
       - cinder_csi_enabled

roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml

@@ -1,7 +0,0 @@
----
-persistent_volumes_enabled: false
-storage_classes:
-  - name: standard
-    is_default: true
-    parameters:
-      availability: nova

roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml

@@ -1,20 +0,0 @@
----
-- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template
-  template:
-    src: "openstack-storage-class.yml.j2"
-    dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
-    mode: "0644"
-  register: manifests
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class
-  kube:
-    name: storage-class
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: StorageClass
-    filename: "{{ kube_config_dir }}/openstack-storage-class.yml"
-    state: "latest"
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - manifests.changed

roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2

@@ -1,27 +0,0 @@
-{% for class in storage_classes %}
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: "{{ class.name }}"
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "{{ class.is_default | default(false) | ternary("true","false") }}"
-provisioner: kubernetes.io/cinder
-{% if class.mount_options is defined %}
-mountOptions:
-{% for option in class.mount_options | default([]) %}
-  - "{{ option }}"
-{% endfor %}
-{% endif %}
-parameters:
-{% for key, value in (class.parameters | default({})).items() %}
-  "{{ key }}": "{{ value }}"
-{% endfor %}
-{% if class.reclaim_policy is defined %}
-reclaimPolicy: "{{ class.reclaim_policy }}"
-{% endif %}
-{% if class.volume_binding_mode is defined %}
-volumeBindingMode: "{{ class.volume_binding_mode }}"
-{% endif %}
-allowVolumeExpansion: {{ expand_persistent_volumes }}
-{% endfor %}

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -186,7 +186,7 @@ kube_encryption_resources: [secrets]
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+  {%- if cloud_provider is defined -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -210,10 +210,6 @@ apiServer:
 {% if kube_apiserver_feature_gates or kube_feature_gates %}
     feature-gates: "{{ kube_apiserver_feature_gates | default(kube_feature_gates, true) | join(',') }}"
 {% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
-    cloud-provider: {{ cloud_provider }}
-    cloud-config: {{ kube_config_dir }}/cloud_config
-{% endif %}
 {% if tls_min_version is defined %}
     tls-min-version: {{ tls_min_version }}
 {% endif %}
@@ -230,13 +226,8 @@ apiServer:
 {% if kube_apiserver_tracing %}
     tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml
 {% endif %}
-{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %}
+{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or apiserver_extra_volumes or ssl_ca_dirs | length %}
   extraVolumes:
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
-  - name: cloud-config
-    hostPath: {{ kube_config_dir }}/cloud_config
-    mountPath: {{ kube_config_dir }}/cloud_config
-{% endif %}
 {% if kube_token_auth %}
   - name: token-auth-config
     hostPath: {{ kube_token_dir }}
@@ -326,10 +317,6 @@ controllerManager:
 {% for key in kube_kubeadm_controller_extra_args %}
     {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
 {% endfor %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
-    cloud-provider: {{ cloud_provider }}
-    cloud-config: {{ kube_config_dir }}/cloud_config
-{% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
     configure-cloud-routes: "false"
 {% endif %}
@@ -343,18 +330,8 @@ controllerManager:
     tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %}
 
 {% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] or controller_manager_extra_volumes %}
+{% if controller_manager_extra_volumes %}
   extraVolumes:
-{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
-  - name: openstackcacert
-    hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
-    mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
-{% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
-  - name: cloud-config
-    hostPath: {{ kube_config_dir }}/cloud_config
-    mountPath: {{ kube_config_dir }}/cloud_config
-{% endif %}
 {% for volume in controller_manager_extra_volumes %}
   - name: {{ volume.name }}
     hostPath: {{ volume.hostPath }}

roles/kubernetes/kubeadm/defaults/main.yml

@@ -9,7 +9,7 @@ kubeadm_use_file_discovery: "{{ remove_anonymous_access }}"
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+  {%- if cloud_provider is defined -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}

roles/kubernetes/node/defaults/main.yml

@@ -136,7 +136,7 @@ kubelet_custom_flags: []
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+  {%- if cloud_provider is defined -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}
@@ -153,61 +153,6 @@ kubelet_healthz_bind_address: 127.0.0.1
 # sysctl_file_path to add sysctl conf to
 sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
 
-# For the openstack integration kubelet will need credentials to access
-# openstack apis like nova and cinder. Per default this values will be
-# read from the environment.
-openstack_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
-openstack_username: "{{ lookup('env', 'OS_USERNAME') }}"
-openstack_password: "{{ lookup('env', 'OS_PASSWORD') }}"
-openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
-openstack_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') | default(lookup('env', 'OS_PROJECT_ID') | default(lookup('env', 'OS_PROJECT_NAME'), true), true) }}"
-openstack_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') }}"
-openstack_domain_name: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}"
-openstack_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
-
-# For the vsphere integration, kubelet will need credentials to access
-# vsphere apis
-# Documentation regarding these values can be found
-# https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/vsphere/vsphere.go#L105
-vsphere_vcenter_ip: "{{ lookup('env', 'VSPHERE_VCENTER') }}"
-vsphere_vcenter_port: "{{ lookup('env', 'VSPHERE_VCENTER_PORT') }}"
-vsphere_user: "{{ lookup('env', 'VSPHERE_USER') }}"
-vsphere_password: "{{ lookup('env', 'VSPHERE_PASSWORD') }}"
-vsphere_datacenter: "{{ lookup('env', 'VSPHERE_DATACENTER') }}"
-vsphere_datastore: "{{ lookup('env', 'VSPHERE_DATASTORE') }}"
-vsphere_working_dir: "{{ lookup('env', 'VSPHERE_WORKING_DIR') }}"
-vsphere_insecure: "{{ lookup('env', 'VSPHERE_INSECURE') }}"
-vsphere_resource_pool: "{{ lookup('env', 'VSPHERE_RESOURCE_POOL') }}"
-
-vsphere_scsi_controller_type: pvscsi
-# vsphere_public_network is name of the network the VMs are joined to
-vsphere_public_network: "{{ lookup('env', 'VSPHERE_PUBLIC_NETWORK') | default('') }}"
-
-## When azure is used, you need to also set the following variables.
-## see docs/azure.md for details on how to get these values
-# azure_tenant_id:
-# azure_subscription_id:
-# azure_aad_client_id:
-# azure_aad_client_secret:
-# azure_resource_group:
-# azure_location:
-# azure_subnet_name:
-# azure_security_group_name:
-# azure_vnet_name:
-# azure_route_table_name:
-# supported values are 'standard' or 'vmss'
-# azure_vmtype: standard
-# Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
-azure_loadbalancer_sku: basic
-# excludes control plane nodes from standard load balancer.
-azure_exclude_master_from_standard_lb: true
-# disables the outbound SNAT for public load balancer rules
-azure_disable_outbound_snat: false
-# use instance metadata service where possible
-azure_use_instance_metadata: true
-# use specific Azure API endpoints
-azure_cloud: AzurePublicCloud
-
 ## Support tls min version, Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
 # tls_min_version: ""
 

roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml

@@ -1,82 +0,0 @@
----
-- name: Check azure_tenant_id value
-  fail:
-    msg: "azure_tenant_id is missing"
-  when: azure_tenant_id is not defined or not azure_tenant_id
-
-- name: Check azure_subscription_id value
-  fail:
-    msg: "azure_subscription_id is missing"
-  when: azure_subscription_id is not defined or not azure_subscription_id
-
-- name: Check azure_aad_client_id value
-  fail:
-    msg: "azure_aad_client_id is missing"
-  when: azure_aad_client_id is not defined or not azure_aad_client_id
-
-- name: Check azure_aad_client_secret value
-  fail:
-    msg: "azure_aad_client_secret is missing"
-  when: azure_aad_client_secret is not defined or not azure_aad_client_secret
-
-- name: Check azure_resource_group value
-  fail:
-    msg: "azure_resource_group is missing"
-  when: azure_resource_group is not defined or not azure_resource_group
-
-- name: Check azure_location value
-  fail:
-    msg: "azure_location is missing"
-  when: azure_location is not defined or not azure_location
-
-- name: Check azure_subnet_name value
-  fail:
-    msg: "azure_subnet_name is missing"
-  when: azure_subnet_name is not defined or not azure_subnet_name
-
-- name: Check azure_security_group_name value
-  fail:
-    msg: "azure_security_group_name is missing"
-  when: azure_security_group_name is not defined or not azure_security_group_name
-
-- name: Check azure_vnet_name value
-  fail:
-    msg: "azure_vnet_name is missing"
-  when: azure_vnet_name is not defined or not azure_vnet_name
-
-- name: Check azure_vnet_resource_group value
-  fail:
-    msg: "azure_vnet_resource_group is missing"
-  when: azure_vnet_resource_group is not defined or not azure_vnet_resource_group
-
-- name: Check azure_route_table_name value
-  fail:
-    msg: "azure_route_table_name is missing"
-  when: azure_route_table_name is not defined or not azure_route_table_name
-
-- name: Check azure_loadbalancer_sku value
-  fail:
-    msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
-  when: azure_loadbalancer_sku not in ["basic", "standard"]
-
-- name: "Check azure_exclude_master_from_standard_lb is a bool"
-  assert:
-    that: azure_exclude_master_from_standard_lb | type_debug == 'bool'
-
-- name: "Check azure_disable_outbound_snat is a bool"
-  assert:
-    that: azure_disable_outbound_snat | type_debug == 'bool'
-
-- name: "Check azure_use_instance_metadata is a bool"
-  assert:
-    that: azure_use_instance_metadata | type_debug == 'bool'
-
-- name: Check azure_vmtype value
-  fail:
-    msg: "azure_vmtype is missing. Supported values are 'standard' or 'vmss'"
-  when: azure_vmtype is not defined or not azure_vmtype
-
-- name: Check azure_cloud value
-  fail:
-    msg: "azure_cloud has an invalid value '{{ azure_cloud }}'. Supported values are 'AzureChinaCloud', 'AzureGermanCloud', 'AzurePublicCloud', 'AzureUSGovernmentCloud'."
-  when: azure_cloud not in ["AzureChinaCloud", "AzureGermanCloud", "AzurePublicCloud", "AzureUSGovernmentCloud"]

roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml

@@ -1,34 +0,0 @@
----
-- name: Check openstack_auth_url value
-  fail:
-    msg: "openstack_auth_url is missing"
-  when: openstack_auth_url is not defined or not openstack_auth_url
-
-- name: Check openstack_username value
-  fail:
-    msg: "openstack_username is missing"
-  when: openstack_username is not defined or not openstack_username
-
-- name: Check openstack_password value
-  fail:
-    msg: "openstack_password is missing"
-  when: openstack_password is not defined or not openstack_password
-
-- name: Check openstack_region value
-  fail:
-    msg: "openstack_region is missing"
-  when: openstack_region is not defined or not openstack_region
-
-- name: Check openstack_tenant_id value
-  fail:
-    msg: "one of openstack_tenant_id or openstack_trust_id must be specified"
-  when:
-    - openstack_tenant_id is not defined or not openstack_tenant_id
-    - openstack_trust_id is not defined
-
-- name: Check openstack_trust_id value
-  fail:
-    msg: "one of openstack_tenant_id or openstack_trust_id must be specified"
-  when:
-    - openstack_trust_id is not defined or not openstack_trust_id
-    - openstack_tenant_id is not defined

roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml

@@ -1,22 +0,0 @@
----
-- name: Check vsphere environment variables
-  fail:
-    msg: "{{ item.name }} is missing"
-  when: item.value is not defined or not item.value
-  with_items:
-    - name: vsphere_vcenter_ip
-      value: "{{ vsphere_vcenter_ip }}"
-    - name: vsphere_vcenter_port
-      value: "{{ vsphere_vcenter_port }}"
-    - name: vsphere_user
-      value: "{{ vsphere_user }}"
-    - name: vsphere_password
-      value: "{{ vsphere_password }}"
-    - name: vsphere_datacenter
-      value: "{{ vsphere_datacenter }}"
-    - name: vsphere_datastore
-      value: "{{ vsphere_datastore }}"
-    - name: vsphere_working_dir
-      value: "{{ vsphere_working_dir }}"
-    - name: vsphere_insecure
-      value: "{{ vsphere_insecure }}"

roles/kubernetes/node/tasks/main.yml

@@ -137,53 +137,6 @@
   tags:
     - kube-proxy
 
-- name: Check cloud provider credentials
-  include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
-  when:
-    - cloud_provider is defined
-    - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
-  tags:
-    - cloud-provider
-    - facts
-
-- name: Test if openstack_cacert is a base64 string
-  set_fact:
-    openstack_cacert_is_base64: "{% if openstack_cacert is search('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}= | [A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}"
-  when:
-    - cloud_provider is defined
-    - cloud_provider == 'openstack'
-    - openstack_cacert is defined
-    - openstack_cacert | length > 0
-
-
-- name: Write cacert file
-  copy:
-    src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}"
-    content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
-    dest: "{{ kube_config_dir }}/openstack-cacert.pem"
-    group: "{{ kube_cert_group }}"
-    mode: "0640"
-  when:
-    - cloud_provider is defined
-    - cloud_provider == 'openstack'
-    - openstack_cacert is defined
-    - openstack_cacert | length > 0
-  tags:
-    - cloud-provider
-
-- name: Write cloud-config
-  template:
-    src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2"
-    dest: "{{ kube_config_dir }}/cloud_config"
-    group: "{{ kube_cert_group }}"
-    mode: "0640"
-  when:
-    - cloud_provider is defined
-    - cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ]
-  notify: Node | restart kubelet
-  tags:
-    - cloud-provider
-
 - name: Install kubelet
   import_tasks: kubelet.yml
   tags:

roles/kubernetes/node/templates/cloud-configs/aws-cloud-config.j2

@@ -1,11 +0,0 @@
-[Global]
-zone={{ aws_zone|default("") }}
-vpc={{ aws_vpc|default("") }}
-subnetId={{ aws_subnet_id|default("") }}
-routeTableId={{ aws_route_table_id|default("") }}
-roleArn={{ aws_role_arn|default("") }}
-kubernetesClusterTag={{ aws_kubernetes_cluster_tag|default("") }}
-kubernetesClusterId={{ aws_kubernetes_cluster_id|default("") }}
-disableSecurityGroupIngress={{ "true" if aws_disable_security_group_ingress|default(False) else "false" }}
-disableStrictZoneCheck={{ "true" if aws_disable_strict_zone_check|default(False) else "false" }}
-elbSecurityGroup={{ aws_elb_security_group|default("") }}

roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2

@@ -1,26 +0,0 @@
-{
-  "cloud": "{{ azure_cloud }}",
-  "tenantId": "{{ azure_tenant_id }}",
-  "subscriptionId": "{{ azure_subscription_id }}",
-  "aadClientId": "{{ azure_aad_client_id }}",
-  "aadClientSecret": "{{ azure_aad_client_secret }}",
-  "resourceGroup": "{{ azure_resource_group }}",
-  "location": "{{ azure_location }}",
-  "subnetName": "{{ azure_subnet_name }}",
-  "securityGroupName": "{{ azure_security_group_name }}",
-  "securityGroupResourceGroup": "{{ azure_security_group_resource_group | default(azure_vnet_resource_group) }}",
-  "vnetName": "{{ azure_vnet_name }}",
-  "vnetResourceGroup": "{{ azure_vnet_resource_group }}",
-  "routeTableName": "{{ azure_route_table_name }}",
-  "routeTableResourceGroup": "{{ azure_route_table_resource_group | default(azure_vnet_resource_group) }}",
-  "vmType": "{{ azure_vmtype }}",
-{% if azure_primary_availability_set_name is defined %}
-  "primaryAvailabilitySetName": "{{ azure_primary_availability_set_name }}",
-{%endif%}
-  "useInstanceMetadata": {{azure_use_instance_metadata | lower }},
-{% if azure_loadbalancer_sku == "standard" %}
-  "excludeMasterFromStandardLB": {{ azure_exclude_master_from_standard_lb | lower }},
-  "disableOutboundSNAT": {{ azure_disable_outbound_snat | lower }},
-{% endif%}
-  "loadBalancerSku": "{{ azure_loadbalancer_sku }}"
-}

roles/kubernetes/node/templates/cloud-configs/gce-cloud-config.j2

@@ -1,2 +0,0 @@
-[global]
-node-tags = {{ gce_node_tags }}

roles/kubernetes/node/templates/cloud-configs/openstack-cloud-config.j2

@@ -1,54 +0,0 @@
-[Global]
-auth-url="{{ openstack_auth_url }}"
-username="{{ openstack_username }}"
-password="{{ openstack_password }}"
-region="{{ openstack_region }}"
-{% if openstack_trust_id is defined and openstack_trust_id != "" %}
-trust-id="{{ openstack_trust_id }}"
-{% else %}
-tenant-id="{{ openstack_tenant_id }}"
-{% endif %}
-{% if openstack_tenant_name is defined and openstack_tenant_name != "" %}
-tenant-name="{{ openstack_tenant_name }}"
-{% endif %}
-{% if openstack_domain_name is defined and openstack_domain_name != "" %}
-domain-name="{{ openstack_domain_name }}"
-{% elif openstack_domain_id is defined and openstack_domain_id != "" %}
-domain-id ="{{ openstack_domain_id }}"
-{% endif %}
-{% if openstack_cacert is defined and openstack_cacert != "" %}
-ca-file="{{ kube_config_dir }}/openstack-cacert.pem"
-{% endif %}
-
-[BlockStorage]
-{% if openstack_blockstorage_version is defined %}
-bs-version={{ openstack_blockstorage_version }}
-{% endif %}
-{% if openstack_blockstorage_ignore_volume_az is defined and openstack_blockstorage_ignore_volume_az|bool %}
-ignore-volume-az={{ openstack_blockstorage_ignore_volume_az }}
-{% endif %}
-{% if node_volume_attach_limit is defined and node_volume_attach_limit != "" %}
-node-volume-attach-limit="{{ node_volume_attach_limit }}"
-{% endif %}
-
-{% if openstack_lbaas_enabled and openstack_lbaas_subnet_id is defined %}
-[LoadBalancer]
-subnet-id={{ openstack_lbaas_subnet_id }}
-{% if openstack_lbaas_floating_network_id is defined %}
-floating-network-id={{ openstack_lbaas_floating_network_id }}
-{% endif %}
-{% if openstack_lbaas_use_octavia is defined %}
-use-octavia={{ openstack_lbaas_use_octavia }}
-{% endif %}
-{% if openstack_lbaas_method is defined %}
-lb-method={{ openstack_lbaas_method }}
-{% endif %}
-{% if openstack_lbaas_provider is defined %}
-lb-provider={{ openstack_lbaas_provider }}
-{% endif %}
-
-create-monitor={{ openstack_lbaas_create_monitor }}
-monitor-delay={{ openstack_lbaas_monitor_delay }}
-monitor-timeout={{ openstack_lbaas_monitor_timeout }}
-monitor-max-retries={{ openstack_lbaas_monitor_max_retries }}
-{% endif %}

roles/kubernetes/node/templates/cloud-configs/vsphere-cloud-config.j2

@@ -1,36 +0,0 @@
-[Global]
-user = "{{ vsphere_user }}"
-password = "{{ vsphere_password }}"
-port = {{ vsphere_vcenter_port }}
-insecure-flag = {{ vsphere_insecure }}
-
-datacenters = "{{ vsphere_datacenter }}"
-
-[VirtualCenter "{{ vsphere_vcenter_ip }}"]
-
-
-[Workspace]
-server = "{{ vsphere_vcenter_ip }}"
-datacenter = "{{ vsphere_datacenter }}"
-folder = "{{ vsphere_working_dir }}"
-default-datastore = "{{ vsphere_datastore }}"
-{% if vsphere_resource_pool is defined and vsphere_resource_pool != ""  %}
-resourcepool-path = "{{ vsphere_resource_pool }}"
-{% endif %}
-
-
-[Disk]
-scsicontrollertype = {{ vsphere_scsi_controller_type }}
-
-{% if vsphere_public_network is defined and vsphere_public_network != ""  %}
-[Network]
-public-network = {{ vsphere_public_network }}
-{% endif %}
-
-[Labels]
-{% if vsphere_zone_category is defined and vsphere_zone_category != ""  %}
-zone = {{ vsphere_zone_category }}
-{% endif %}
-{% if vsphere_region_category is defined and vsphere_region_category != ""  %}
-region = {{ vsphere_region_category }}
-{% endif %}

roles/kubernetes/node/templates/kubelet.env.v1beta1.j2

@@ -21,9 +21,7 @@ KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}
 {% if kube_network_plugin is defined and kube_network_plugin == "cloud" %}
 KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
 {% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
+{% if cloud_provider is defined and cloud_provider in ["external"] %}
-KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
-{% elif cloud_provider is defined and cloud_provider in ["external"] %}
 KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }}"
 {% else %}
 KUBELET_CLOUDPROVIDER=""

roles/kubernetes/preinstall/tasks/0020-set_facts.yml

@@ -87,9 +87,6 @@
       {% for d in default_searchdomains | default([]) + searchdomains | default([]) -%}
       {{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
       {%- endfor %}
-    cloud_resolver: "{{ ['169.254.169.254'] if cloud_provider is defined and cloud_provider == 'gce' else
-                        ['169.254.169.253'] if cloud_provider is defined and cloud_provider == 'aws' else
-                        [] }}"
 
 - name: Check if kubelet is configured
   stat:

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -151,13 +151,6 @@
     - dashboard_enabled
     - not ignore_assert_errors
 
-- name: Stop if RBAC is not enabled when OCI cloud controller is enabled
-  assert:
-    that: rbac_enabled
-  when:
-    - cloud_provider is defined and cloud_provider == "oci"
-    - not ignore_assert_errors
-
 - name: Stop if kernel version is too low
   assert:
     that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
@@ -173,8 +166,8 @@
 
 - name: Check cloud_provider value
   assert:
-    that: cloud_provider in ['gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
+    that: cloud_provider in ['external']
-    msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci' or 'external'"
+    msg: "If set the 'cloud_provider' var must be set either to 'external'"
   when:
     - cloud_provider is defined
     - not ignore_assert_errors

roles/kubespray-defaults/defaults/main/main.yml

@@ -254,7 +254,7 @@ kube_apiserver_port: 6443
 
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
-  {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+  {%- if cloud_provider is defined -%}
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}

roles/network_plugin/calico/tasks/check.yml

@@ -24,17 +24,6 @@
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
 
 
-- name: Stop if incompatible network plugin and cloudprovider
-  assert:
-    that:
-      - calico_ipip_mode == 'Never'
-      - calico_vxlan_mode in ['Always', 'CrossSubnet']
-    msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'"
-  when:
-    - cloud_provider is defined and cloud_provider == 'azure'
-  run_once: true
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-
 - name: Stop if supported Calico versions
   assert:
     that: