diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index 5a6f6375a53caa4c5d2109b0f3d242e3e0f51c32..d24a1eb0b89f34f4466f6962774dedd3ae80ee56 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -141,7 +141,7 @@ kube_proxy_nodeport_addresses: >-
# If non-empty, will use this string as identification instead of the actual hostname
# kube_override_hostname: >-
-# {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+# {%- if cloud_provider is defined -%}
# {%- else -%}
# {{ inventory_hostname }}
# {%- endif -%}
diff --git a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml b/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml
deleted file mode 100644
index 9d7ddf01d1a9394bf027cd7d689821b46186a510..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-oci_security_list_management: All
-oci_use_instance_principals: false
-oci_cloud_controller_version: 0.7.0
-oci_cloud_controller_pull_source: iad.ocir.io/oracle/cloud-provider-oci
diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml
deleted file mode 100644
index 9eb87949d058fcff45d8132ba60c4fc8e6e6d9ae..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-
-- name: "OCI Cloud Controller | Credentials Check | oci_private_key"
- fail:
- msg: "oci_private_key is missing"
- when:
- - not oci_use_instance_principals
- - oci_private_key is not defined or not oci_private_key
-
-- name: "OCI Cloud Controller | Credentials Check | oci_region_id"
- fail:
- msg: "oci_region_id is missing"
- when:
- - not oci_use_instance_principals
- - oci_region_id is not defined or not oci_region_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_tenancy_id"
- fail:
- msg: "oci_tenancy_id is missing"
- when:
- - not oci_use_instance_principals
- - oci_tenancy_id is not defined or not oci_tenancy_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_user_id"
- fail:
- msg: "oci_user_id is missing"
- when:
- - not oci_use_instance_principals
- - oci_user_id is not defined or not oci_user_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_user_fingerprint"
- fail:
- msg: "oci_user_fingerprint is missing"
- when:
- - not oci_use_instance_principals
- - oci_user_fingerprint is not defined or not oci_user_fingerprint
-
-- name: "OCI Cloud Controller | Credentials Check | oci_compartment_id"
- fail:
- msg: "oci_compartment_id is missing. This is the compartment in which the cluster resides"
- when:
- - oci_compartment_id is not defined or not oci_compartment_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_vnc_id"
- fail:
- msg: "oci_vnc_id is missing. This is the Virtual Cloud Network in which the cluster resides"
- when:
- - oci_vnc_id is not defined or not oci_vnc_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_subnet1_id"
- fail:
- msg: "oci_subnet1_id is missingg. This is the first subnet to which loadbalancers will be added"
- when:
- - oci_subnet1_id is not defined or not oci_subnet1_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_subnet2_id"
- fail:
- msg: "oci_subnet2_id is missing. Two subnets are required for load balancer high availability"
- when:
- - oci_cloud_controller_version is version_compare('0.7.0', '<')
- - oci_subnet2_id is not defined or not oci_subnet2_id
-
-- name: "OCI Cloud Controller | Credentials Check | oci_security_list_management"
- fail:
- msg: "oci_security_list_management is missing, or not defined correctly. Valid options are (All, Frontend, None)."
- when:
- - oci_security_list_management is not defined or oci_security_list_management not in ["All", "Frontend", "None"]
diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
deleted file mode 100644
index a5913ecc78b99357fcb99eefff9f1b28c3ec7e61..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-
-- name: OCI Cloud Controller | Check Oracle Cloud credentials
- import_tasks: credentials-check.yml
-
-- name: "OCI Cloud Controller | Generate Cloud Provider Configuration"
- template:
- src: controller-manager-config.yml.j2
- dest: "{{ kube_config_dir }}/controller-manager-config.yml"
- mode: "0644"
- when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Slurp Configuration"
- slurp:
- src: "{{ kube_config_dir }}/controller-manager-config.yml"
- register: controller_manager_config
-
-- name: "OCI Cloud Controller | Encode Configuration"
- set_fact:
- controller_manager_config_base64: "{{ controller_manager_config.content }}"
- when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Generate Manifests"
- template:
- src: oci-cloud-provider.yml.j2
- dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
- mode: "0644"
- when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: "OCI Cloud Controller | Apply Manifests"
- kube:
- kubectl: "{{ bin_dir }}/kubectl"
- filename: "{{ kube_config_dir }}/oci-cloud-provider.yml"
- state: latest
- when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2
deleted file mode 100644
index d585de1f014afe78bb4967402c51de14bacfcdfa..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2
+++ /dev/null
@@ -1,89 +0,0 @@
-{% macro private_key() %}{{ oci_private_key }}{% endmacro %}
-
-{% if oci_use_instance_principals %}
- # (https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm).
- # Ensure you have setup the following OCI policies and your kubernetes nodes are running within them
- # allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name]
- # allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name]
- # allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name]
-useInstancePrincipals: true
-{% else %}
-useInstancePrincipals: false
-{% endif %}
-
-auth:
-
-{% if oci_use_instance_principals %}
- # This key is put here too for backwards compatibility
- useInstancePrincipals: true
-{% else %}
- useInstancePrincipals: false
-
- region: {{ oci_region_id }}
- tenancy: {{ oci_tenancy_id }}
- user: {{ oci_user_id }}
- key: |
- {{ oci_private_key }}
-
- {% if oci_private_key_passphrase is defined %}
- passphrase: {{ oci_private_key_passphrase }}
- {% endif %}
-
-
- fingerprint: {{ oci_user_fingerprint }}
-{% endif %}
-
-# compartment configures Compartment within which the cluster resides.
-compartment: {{ oci_compartment_id }}
-
-# vcn configures the Virtual Cloud Network (VCN) within which the cluster resides.
-vcn: {{ oci_vnc_id }}
-
-loadBalancer:
- # subnet1 configures one of two subnets to which load balancers will be added.
- # OCI load balancers require two subnets to ensure high availability.
- subnet1: {{ oci_subnet1_id }}
-{% if oci_subnet2_id is defined %}
- # subnet2 configures the second of two subnets to which load balancers will be
- # added. OCI load balancers require two subnets to ensure high availability.
- subnet2: {{ oci_subnet2_id }}
-{% endif %}
- # SecurityListManagementMode configures how security lists are managed by the CCM.
- # "All" (default): Manage all required security list rules for load balancer services.
- # "Frontend": Manage only security list rules for ingress to the load
- # balancer. Requires that the user has setup a rule that
- # allows inbound traffic to the appropriate ports for kube
- # proxy health port, node port ranges, and health check port ranges.
- # E.g. 10.82.0.0/16 30000-32000.
- # "None": Disables all security list management. Requires that the
- # user has setup a rule that allows inbound traffic to the
- # appropriate ports for kube proxy health port, node port
- # ranges, and health check port ranges. E.g. 10.82.0.0/16 30000-32000.
- # Additionally requires the user to mange rules to allow
- # inbound traffic to load balancers.
- securityListManagementMode: {{ oci_security_list_management }}
-
-{% if oci_security_lists is defined and oci_security_lists | length > 0 %}
- # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
- securityLists:
-{% for subnet_ocid, list_ocid in oci_security_lists.items() %}
- {{ subnet_ocid }}: {{ list_ocid }}
-{% endfor %}
-{% endif %}
-
-{% if oci_rate_limit is defined and oci_rate_limit | length > 0 %}
-# Optional rate limit controls for accessing OCI API
-rateLimiter:
-{% if oci_rate_limit.rate_limit_qps_read %}
- rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_qps_write %}
- rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_bucket_read %}
- rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }}
-{% endif %}
-{% if oci_rate_limit.rate_limit_bucket_write %}
- rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }}
-{% endif %}
-{% endif %}
diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2
deleted file mode 100644
index e1fc11d21a1d53eb13343930d6e981daaa48eacd..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2
+++ /dev/null
@@ -1,69 +0,0 @@
-apiVersion: v1
-data:
- cloud-provider.yaml: {{ controller_manager_config_base64 }}
-kind: Secret
-metadata:
- name: oci-cloud-controller-manager
- namespace: kube-system
-type: Opaque
-
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: oci-cloud-controller-manager
- namespace: kube-system
- labels:
- k8s-app: oci-cloud-controller-manager
-spec:
- selector:
- matchLabels:
- component: oci-cloud-controller-manager
- tier: control-plane
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- component: oci-cloud-controller-manager
- tier: control-plane
- spec:
-{% if oci_cloud_controller_pull_secret is defined %}
- imagePullSecrets:
- - name: {{ oci_cloud_controller_pull_secret }}
-{% endif %}
- serviceAccountName: cloud-controller-manager
- hostNetwork: true
- dnsPolicy: ClusterFirstWithHostNet
- nodeSelector:
- node-role.kubernetes.io/control-plane: ""
- tolerations:
- - key: node.cloudprovider.kubernetes.io/uninitialized
- value: "true"
- effect: NoSchedule
- - key: node-role.kubernetes.io/control-plane
- operator: Exists
- effect: NoSchedule
- volumes:
- - name: cfg
- secret:
- secretName: oci-cloud-controller-manager
- - name: kubernetes
- hostPath:
- path: /etc/kubernetes
- containers:
- - name: oci-cloud-controller-manager
- image: {{ oci_cloud_controller_pull_source }}:{{ oci_cloud_controller_version }}
- command: ["/usr/local/bin/oci-cloud-controller-manager"]
- args:
- - --cloud-config=/etc/oci/cloud-provider.yaml
- - --cloud-provider=oci
- - --leader-elect-resource-lock=configmaps
- - -v=2
- volumeMounts:
- - name: cfg
- mountPath: /etc/oci
- readOnly: true
- - name: kubernetes
- mountPath: /etc/kubernetes
- readOnly: true
diff --git a/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml b/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml
deleted file mode 100644
index 5e3b82bfb2efdb183328f56d1fb13f3679946414..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml
+++ /dev/null
@@ -1,124 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: cloud-controller-manager
- namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: system:cloud-controller-manager
-rules:
-- apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - '*'
-
-- apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
-
-- apiGroups:
- - ""
- resources:
- - services
- verbs:
- - list
- - watch
- - patch
-
-- apiGroups:
- - ""
- resources:
- - services/status
- verbs:
- - update
-
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - update
-
-# For leader election
-- apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - create
-
-- apiGroups:
- - ""
- resources:
- - endpoints
- resourceNames:
- - "cloud-controller-manager"
- verbs:
- - get
- - list
- - watch
- - update
-
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - create
-
-- apiGroups:
- - ""
- resources:
- - configmaps
- resourceNames:
- - "cloud-controller-manager"
- verbs:
- - get
- - update
-
-- apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
-
-# For the PVL
-- apiGroups:
- - ""
- resources:
- - persistentvolumes
- verbs:
- - list
- - watch
- - patch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: oci-cloud-controller-manager
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-controller-manager
-subjects:
-- kind: ServiceAccount
- name: cloud-controller-manager
- namespace: kube-system
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index ef4737eac4f7fe233d4f147b31fbbcde7915e0a9..bbb53a399e90675a7e65742ad1b5fbd145fb4600 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -59,13 +59,6 @@
- inventory_hostname == groups['kube_control_plane'][0]
tags: node-webhook
-- name: Configure Oracle Cloud provider
- include_tasks: oci.yml
- tags: oci
- when:
- - cloud_provider is defined
- - cloud_provider == 'oci'
-
- name: PriorityClass | Copy k8s-cluster-critical-pc.yml file
copy:
src: k8s-cluster-critical-pc.yml
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
deleted file mode 100644
index e5bef6701db5383b4e157a2c294e1310035ca46d..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Copy OCI RBAC Manifest
- copy:
- src: "oci-rbac.yml"
- dest: "{{ kube_config_dir }}/oci-rbac.yml"
- mode: "0640"
- when:
- - cloud_provider is defined
- - cloud_provider == 'oci'
- - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Apply OCI RBAC
- kube:
- kubectl: "{{ bin_dir }}/kubectl"
- filename: "{{ kube_config_dir }}/oci-rbac.yml"
- when:
- - cloud_provider is defined
- - cloud_provider == 'oci'
- - inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml
index 37bd109216cfbbbb6c70e83a9440bd72fb1f3fd8..af69da4157de9aea6ba3c5e473726e74ef5a6012 100644
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@@ -103,14 +103,6 @@ dependencies:
tags:
- container_engine_accelerator
- - role: kubernetes-apps/cloud_controller/oci
- when:
- - cloud_provider is defined
- - cloud_provider == "oci"
- - inventory_hostname == groups['kube_control_plane'][0]
- tags:
- - oci
-
- role: kubernetes-apps/gateway_api
when:
- gateway_api_enabled
diff --git a/roles/kubernetes-apps/persistent_volumes/meta/main.yml b/roles/kubernetes-apps/persistent_volumes/meta/main.yml
index e3066bb62a971e6893bed91582a0f988e8fe0222..8cc9e69f2cdeadc979560a06267281ce6943e30c 100644
--- a/roles/kubernetes-apps/persistent_volumes/meta/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/meta/main.yml
@@ -1,12 +1,5 @@
---
dependencies:
- - role: kubernetes-apps/persistent_volumes/openstack
- when:
- - cloud_provider is defined
- - cloud_provider in [ 'openstack' ]
- tags:
- - persistent_volumes_openstack
-
- role: kubernetes-apps/persistent_volumes/cinder-csi
when:
- cinder_csi_enabled
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml
deleted file mode 100644
index 05a3d944e972198983573d41386a699a65beed79..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-persistent_volumes_enabled: false
-storage_classes:
- - name: standard
- is_default: true
- parameters:
- availability: nova
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
deleted file mode 100644
index 90b3ad7f4b799609006b325261aee788c35c85a3..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template
- template:
- src: "openstack-storage-class.yml.j2"
- dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
- mode: "0644"
- register: manifests
- when:
- - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class
- kube:
- name: storage-class
- kubectl: "{{ bin_dir }}/kubectl"
- resource: StorageClass
- filename: "{{ kube_config_dir }}/openstack-storage-class.yml"
- state: "latest"
- when:
- - inventory_hostname == groups['kube_control_plane'][0]
- - manifests.changed
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2 b/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2
deleted file mode 100644
index 973353c4ce6cf4670096d2f719d7d8c129b9df54..0000000000000000000000000000000000000000
--- a/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-{% for class in storage_classes %}
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
- name: "{{ class.name }}"
- annotations:
- storageclass.kubernetes.io/is-default-class: "{{ class.is_default | default(false) | ternary("true","false") }}"
-provisioner: kubernetes.io/cinder
-{% if class.mount_options is defined %}
-mountOptions:
-{% for option in class.mount_options | default([]) %}
- - "{{ option }}"
-{% endfor %}
-{% endif %}
-parameters:
-{% for key, value in (class.parameters | default({})).items() %}
- "{{ key }}": "{{ value }}"
-{% endfor %}
-{% if class.reclaim_policy is defined %}
-reclaimPolicy: "{{ class.reclaim_policy }}"
-{% endif %}
-{% if class.volume_binding_mode is defined %}
-volumeBindingMode: "{{ class.volume_binding_mode }}"
-{% endif %}
-allowVolumeExpansion: {{ expand_persistent_volumes }}
-{% endfor %}
diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
index 30b71b14971f9ccddd484f28db98a3a89168a901..3b1834d55b35b033abb7b76b2f79222e5cf6c96a 100644
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -186,7 +186,7 @@ kube_encryption_resources: [secrets]
# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
- {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+ {%- if cloud_provider is defined -%}
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
index f8c32c448ee38d19398f609c0167e88208400154..dc5cdcb00c5f0fcf39b005b0f82060a4d1b8b89e 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -210,10 +210,6 @@ apiServer:
{% if kube_apiserver_feature_gates or kube_feature_gates %}
feature-gates: "{{ kube_apiserver_feature_gates | default(kube_feature_gates, true) | join(',') }}"
{% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
- cloud-provider: {{ cloud_provider }}
- cloud-config: {{ kube_config_dir }}/cloud_config
-{% endif %}
{% if tls_min_version is defined %}
tls-min-version: {{ tls_min_version }}
{% endif %}
@@ -230,13 +226,8 @@ apiServer:
{% if kube_apiserver_tracing %}
tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml
{% endif %}
-{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %}
+{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or apiserver_extra_volumes or ssl_ca_dirs | length %}
extraVolumes:
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
- - name: cloud-config
- hostPath: {{ kube_config_dir }}/cloud_config
- mountPath: {{ kube_config_dir }}/cloud_config
-{% endif %}
{% if kube_token_auth %}
- name: token-auth-config
hostPath: {{ kube_token_dir }}
@@ -326,10 +317,6 @@ controllerManager:
{% for key in kube_kubeadm_controller_extra_args %}
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
{% endfor %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
- cloud-provider: {{ cloud_provider }}
- cloud-config: {{ kube_config_dir }}/cloud_config
-{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
configure-cloud-routes: "false"
{% endif %}
@@ -343,18 +330,8 @@ controllerManager:
tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %}
{% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] or controller_manager_extra_volumes %}
+{% if controller_manager_extra_volumes %}
extraVolumes:
-{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
- - name: openstackcacert
- hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
- mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
-{% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
- - name: cloud-config
- hostPath: {{ kube_config_dir }}/cloud_config
- mountPath: {{ kube_config_dir }}/cloud_config
-{% endif %}
{% for volume in controller_manager_extra_volumes %}
- name: {{ volume.name }}
hostPath: {{ volume.hostPath }}
diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml
index 5047de5094a3afbb29132963cc6c966e98fd5383..789b87624cadf092c981e65763b387af9180c97a 100644
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -9,7 +9,7 @@ kubeadm_use_file_discovery: "{{ remove_anonymous_access }}"
# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
- {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+ {%- if cloud_provider is defined -%}
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index d37878840b72b7429295fe3c266dd77af83134be..a18444354d5235f0b023f5a06a054e09e33927f4 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -136,7 +136,7 @@ kubelet_custom_flags: []
# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
- {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+ {%- if cloud_provider is defined -%}
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
@@ -153,61 +153,6 @@ kubelet_healthz_bind_address: 127.0.0.1
# sysctl_file_path to add sysctl conf to
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
-# For the openstack integration kubelet will need credentials to access
-# openstack apis like nova and cinder. Per default this values will be
-# read from the environment.
-openstack_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
-openstack_username: "{{ lookup('env', 'OS_USERNAME') }}"
-openstack_password: "{{ lookup('env', 'OS_PASSWORD') }}"
-openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
-openstack_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') | default(lookup('env', 'OS_PROJECT_ID') | default(lookup('env', 'OS_PROJECT_NAME'), true), true) }}"
-openstack_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') }}"
-openstack_domain_name: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}"
-openstack_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
-
-# For the vsphere integration, kubelet will need credentials to access
-# vsphere apis
-# Documentation regarding these values can be found
-# https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/vsphere/vsphere.go#L105
-vsphere_vcenter_ip: "{{ lookup('env', 'VSPHERE_VCENTER') }}"
-vsphere_vcenter_port: "{{ lookup('env', 'VSPHERE_VCENTER_PORT') }}"
-vsphere_user: "{{ lookup('env', 'VSPHERE_USER') }}"
-vsphere_password: "{{ lookup('env', 'VSPHERE_PASSWORD') }}"
-vsphere_datacenter: "{{ lookup('env', 'VSPHERE_DATACENTER') }}"
-vsphere_datastore: "{{ lookup('env', 'VSPHERE_DATASTORE') }}"
-vsphere_working_dir: "{{ lookup('env', 'VSPHERE_WORKING_DIR') }}"
-vsphere_insecure: "{{ lookup('env', 'VSPHERE_INSECURE') }}"
-vsphere_resource_pool: "{{ lookup('env', 'VSPHERE_RESOURCE_POOL') }}"
-
-vsphere_scsi_controller_type: pvscsi
-# vsphere_public_network is name of the network the VMs are joined to
-vsphere_public_network: "{{ lookup('env', 'VSPHERE_PUBLIC_NETWORK') | default('') }}"
-
-## When azure is used, you need to also set the following variables.
-## see docs/azure.md for details on how to get these values
-# azure_tenant_id:
-# azure_subscription_id:
-# azure_aad_client_id:
-# azure_aad_client_secret:
-# azure_resource_group:
-# azure_location:
-# azure_subnet_name:
-# azure_security_group_name:
-# azure_vnet_name:
-# azure_route_table_name:
-# supported values are 'standard' or 'vmss'
-# azure_vmtype: standard
-# Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
-azure_loadbalancer_sku: basic
-# excludes control plane nodes from standard load balancer.
-azure_exclude_master_from_standard_lb: true
-# disables the outbound SNAT for public load balancer rules
-azure_disable_outbound_snat: false
-# use instance metadata service where possible
-azure_use_instance_metadata: true
-# use specific Azure API endpoints
-azure_cloud: AzurePublicCloud
-
## Support tls min version, Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
# tls_min_version: ""
diff --git a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml
deleted file mode 100644
index c5d6030848c8d5cba9c5bdfe0b118e4a09ce2fec..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-- name: Check azure_tenant_id value
- fail:
- msg: "azure_tenant_id is missing"
- when: azure_tenant_id is not defined or not azure_tenant_id
-
-- name: Check azure_subscription_id value
- fail:
- msg: "azure_subscription_id is missing"
- when: azure_subscription_id is not defined or not azure_subscription_id
-
-- name: Check azure_aad_client_id value
- fail:
- msg: "azure_aad_client_id is missing"
- when: azure_aad_client_id is not defined or not azure_aad_client_id
-
-- name: Check azure_aad_client_secret value
- fail:
- msg: "azure_aad_client_secret is missing"
- when: azure_aad_client_secret is not defined or not azure_aad_client_secret
-
-- name: Check azure_resource_group value
- fail:
- msg: "azure_resource_group is missing"
- when: azure_resource_group is not defined or not azure_resource_group
-
-- name: Check azure_location value
- fail:
- msg: "azure_location is missing"
- when: azure_location is not defined or not azure_location
-
-- name: Check azure_subnet_name value
- fail:
- msg: "azure_subnet_name is missing"
- when: azure_subnet_name is not defined or not azure_subnet_name
-
-- name: Check azure_security_group_name value
- fail:
- msg: "azure_security_group_name is missing"
- when: azure_security_group_name is not defined or not azure_security_group_name
-
-- name: Check azure_vnet_name value
- fail:
- msg: "azure_vnet_name is missing"
- when: azure_vnet_name is not defined or not azure_vnet_name
-
-- name: Check azure_vnet_resource_group value
- fail:
- msg: "azure_vnet_resource_group is missing"
- when: azure_vnet_resource_group is not defined or not azure_vnet_resource_group
-
-- name: Check azure_route_table_name value
- fail:
- msg: "azure_route_table_name is missing"
- when: azure_route_table_name is not defined or not azure_route_table_name
-
-- name: Check azure_loadbalancer_sku value
- fail:
- msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
- when: azure_loadbalancer_sku not in ["basic", "standard"]
-
-- name: "Check azure_exclude_master_from_standard_lb is a bool"
- assert:
- that: azure_exclude_master_from_standard_lb | type_debug == 'bool'
-
-- name: "Check azure_disable_outbound_snat is a bool"
- assert:
- that: azure_disable_outbound_snat | type_debug == 'bool'
-
-- name: "Check azure_use_instance_metadata is a bool"
- assert:
- that: azure_use_instance_metadata | type_debug == 'bool'
-
-- name: Check azure_vmtype value
- fail:
- msg: "azure_vmtype is missing. Supported values are 'standard' or 'vmss'"
- when: azure_vmtype is not defined or not azure_vmtype
-
-- name: Check azure_cloud value
- fail:
- msg: "azure_cloud has an invalid value '{{ azure_cloud }}'. Supported values are 'AzureChinaCloud', 'AzureGermanCloud', 'AzurePublicCloud', 'AzureUSGovernmentCloud'."
- when: azure_cloud not in ["AzureChinaCloud", "AzureGermanCloud", "AzurePublicCloud", "AzureUSGovernmentCloud"]
diff --git a/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml
deleted file mode 100644
index 7354d43af61bee69b93a9a48a05576b65ae912ba..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-- name: Check openstack_auth_url value
- fail:
- msg: "openstack_auth_url is missing"
- when: openstack_auth_url is not defined or not openstack_auth_url
-
-- name: Check openstack_username value
- fail:
- msg: "openstack_username is missing"
- when: openstack_username is not defined or not openstack_username
-
-- name: Check openstack_password value
- fail:
- msg: "openstack_password is missing"
- when: openstack_password is not defined or not openstack_password
-
-- name: Check openstack_region value
- fail:
- msg: "openstack_region is missing"
- when: openstack_region is not defined or not openstack_region
-
-- name: Check openstack_tenant_id value
- fail:
- msg: "one of openstack_tenant_id or openstack_trust_id must be specified"
- when:
- - openstack_tenant_id is not defined or not openstack_tenant_id
- - openstack_trust_id is not defined
-
-- name: Check openstack_trust_id value
- fail:
- msg: "one of openstack_tenant_id or openstack_trust_id must be specified"
- when:
- - openstack_trust_id is not defined or not openstack_trust_id
- - openstack_tenant_id is not defined
diff --git a/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml
deleted file mode 100644
index b18583af0690748139ffc3fefb881ecdb68cfbc5..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: Check vsphere environment variables
- fail:
- msg: "{{ item.name }} is missing"
- when: item.value is not defined or not item.value
- with_items:
- - name: vsphere_vcenter_ip
- value: "{{ vsphere_vcenter_ip }}"
- - name: vsphere_vcenter_port
- value: "{{ vsphere_vcenter_port }}"
- - name: vsphere_user
- value: "{{ vsphere_user }}"
- - name: vsphere_password
- value: "{{ vsphere_password }}"
- - name: vsphere_datacenter
- value: "{{ vsphere_datacenter }}"
- - name: vsphere_datastore
- value: "{{ vsphere_datastore }}"
- - name: vsphere_working_dir
- value: "{{ vsphere_working_dir }}"
- - name: vsphere_insecure
- value: "{{ vsphere_insecure }}"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 572850ba0507d9f144a5459a0bf972783fd57773..4e38a95a515b90051ee5883ac42a6c48ba82599b 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -137,53 +137,6 @@
tags:
- kube-proxy
-- name: Check cloud provider credentials
- include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
- when:
- - cloud_provider is defined
- - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
- tags:
- - cloud-provider
- - facts
-
-- name: Test if openstack_cacert is a base64 string
- set_fact:
- openstack_cacert_is_base64: "{% if openstack_cacert is search('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}= | [A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}"
- when:
- - cloud_provider is defined
- - cloud_provider == 'openstack'
- - openstack_cacert is defined
- - openstack_cacert | length > 0
-
-
-- name: Write cacert file
- copy:
- src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}"
- content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
- dest: "{{ kube_config_dir }}/openstack-cacert.pem"
- group: "{{ kube_cert_group }}"
- mode: "0640"
- when:
- - cloud_provider is defined
- - cloud_provider == 'openstack'
- - openstack_cacert is defined
- - openstack_cacert | length > 0
- tags:
- - cloud-provider
-
-- name: Write cloud-config
- template:
- src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2"
- dest: "{{ kube_config_dir }}/cloud_config"
- group: "{{ kube_cert_group }}"
- mode: "0640"
- when:
- - cloud_provider is defined
- - cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ]
- notify: Node | restart kubelet
- tags:
- - cloud-provider
-
- name: Install kubelet
import_tasks: kubelet.yml
tags:
diff --git a/roles/kubernetes/node/templates/cloud-configs/aws-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/aws-cloud-config.j2
deleted file mode 100644
index f6d0c3de06fa98a9e49e113a6ef42547123f310c..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/templates/cloud-configs/aws-cloud-config.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-[Global]
-zone={{ aws_zone|default("") }}
-vpc={{ aws_vpc|default("") }}
-subnetId={{ aws_subnet_id|default("") }}
-routeTableId={{ aws_route_table_id|default("") }}
-roleArn={{ aws_role_arn|default("") }}
-kubernetesClusterTag={{ aws_kubernetes_cluster_tag|default("") }}
-kubernetesClusterId={{ aws_kubernetes_cluster_id|default("") }}
-disableSecurityGroupIngress={{ "true" if aws_disable_security_group_ingress|default(False) else "false" }}
-disableStrictZoneCheck={{ "true" if aws_disable_strict_zone_check|default(False) else "false" }}
-elbSecurityGroup={{ aws_elb_security_group|default("") }}
diff --git a/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2
deleted file mode 100644
index 2b1c101aa5dad5f0cc54a43d98c2048a86634f23..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/templates/cloud-configs/azure-cloud-config.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-{
- "cloud": "{{ azure_cloud }}",
- "tenantId": "{{ azure_tenant_id }}",
- "subscriptionId": "{{ azure_subscription_id }}",
- "aadClientId": "{{ azure_aad_client_id }}",
- "aadClientSecret": "{{ azure_aad_client_secret }}",
- "resourceGroup": "{{ azure_resource_group }}",
- "location": "{{ azure_location }}",
- "subnetName": "{{ azure_subnet_name }}",
- "securityGroupName": "{{ azure_security_group_name }}",
- "securityGroupResourceGroup": "{{ azure_security_group_resource_group | default(azure_vnet_resource_group) }}",
- "vnetName": "{{ azure_vnet_name }}",
- "vnetResourceGroup": "{{ azure_vnet_resource_group }}",
- "routeTableName": "{{ azure_route_table_name }}",
- "routeTableResourceGroup": "{{ azure_route_table_resource_group | default(azure_vnet_resource_group) }}",
- "vmType": "{{ azure_vmtype }}",
-{% if azure_primary_availability_set_name is defined %}
- "primaryAvailabilitySetName": "{{ azure_primary_availability_set_name }}",
-{%endif%}
- "useInstanceMetadata": {{azure_use_instance_metadata | lower }},
-{% if azure_loadbalancer_sku == "standard" %}
- "excludeMasterFromStandardLB": {{ azure_exclude_master_from_standard_lb | lower }},
- "disableOutboundSNAT": {{ azure_disable_outbound_snat | lower }},
-{% endif%}
- "loadBalancerSku": "{{ azure_loadbalancer_sku }}"
-}
diff --git a/roles/kubernetes/node/templates/cloud-configs/gce-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/gce-cloud-config.j2
deleted file mode 100644
index 399512677951497b9ca56db1c87c3202daa1a06b..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/templates/cloud-configs/gce-cloud-config.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-[global]
-node-tags = {{ gce_node_tags }}
diff --git a/roles/kubernetes/node/templates/cloud-configs/openstack-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/openstack-cloud-config.j2
deleted file mode 100644
index b1f8e0a24ac133da2e3165dcdc9eb0dca025489e..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/templates/cloud-configs/openstack-cloud-config.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-[Global]
-auth-url="{{ openstack_auth_url }}"
-username="{{ openstack_username }}"
-password="{{ openstack_password }}"
-region="{{ openstack_region }}"
-{% if openstack_trust_id is defined and openstack_trust_id != "" %}
-trust-id="{{ openstack_trust_id }}"
-{% else %}
-tenant-id="{{ openstack_tenant_id }}"
-{% endif %}
-{% if openstack_tenant_name is defined and openstack_tenant_name != "" %}
-tenant-name="{{ openstack_tenant_name }}"
-{% endif %}
-{% if openstack_domain_name is defined and openstack_domain_name != "" %}
-domain-name="{{ openstack_domain_name }}"
-{% elif openstack_domain_id is defined and openstack_domain_id != "" %}
-domain-id ="{{ openstack_domain_id }}"
-{% endif %}
-{% if openstack_cacert is defined and openstack_cacert != "" %}
-ca-file="{{ kube_config_dir }}/openstack-cacert.pem"
-{% endif %}
-
-[BlockStorage]
-{% if openstack_blockstorage_version is defined %}
-bs-version={{ openstack_blockstorage_version }}
-{% endif %}
-{% if openstack_blockstorage_ignore_volume_az is defined and openstack_blockstorage_ignore_volume_az|bool %}
-ignore-volume-az={{ openstack_blockstorage_ignore_volume_az }}
-{% endif %}
-{% if node_volume_attach_limit is defined and node_volume_attach_limit != "" %}
-node-volume-attach-limit="{{ node_volume_attach_limit }}"
-{% endif %}
-
-{% if openstack_lbaas_enabled and openstack_lbaas_subnet_id is defined %}
-[LoadBalancer]
-subnet-id={{ openstack_lbaas_subnet_id }}
-{% if openstack_lbaas_floating_network_id is defined %}
-floating-network-id={{ openstack_lbaas_floating_network_id }}
-{% endif %}
-{% if openstack_lbaas_use_octavia is defined %}
-use-octavia={{ openstack_lbaas_use_octavia }}
-{% endif %}
-{% if openstack_lbaas_method is defined %}
-lb-method={{ openstack_lbaas_method }}
-{% endif %}
-{% if openstack_lbaas_provider is defined %}
-lb-provider={{ openstack_lbaas_provider }}
-{% endif %}
-
-create-monitor={{ openstack_lbaas_create_monitor }}
-monitor-delay={{ openstack_lbaas_monitor_delay }}
-monitor-timeout={{ openstack_lbaas_monitor_timeout }}
-monitor-max-retries={{ openstack_lbaas_monitor_max_retries }}
-{% endif %}
diff --git a/roles/kubernetes/node/templates/cloud-configs/vsphere-cloud-config.j2 b/roles/kubernetes/node/templates/cloud-configs/vsphere-cloud-config.j2
deleted file mode 100644
index 2cda7f6d6cdc1a24674f9f6f3e2ca3aa269c41b1..0000000000000000000000000000000000000000
--- a/roles/kubernetes/node/templates/cloud-configs/vsphere-cloud-config.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-[Global]
-user = "{{ vsphere_user }}"
-password = "{{ vsphere_password }}"
-port = {{ vsphere_vcenter_port }}
-insecure-flag = {{ vsphere_insecure }}
-
-datacenters = "{{ vsphere_datacenter }}"
-
-[VirtualCenter "{{ vsphere_vcenter_ip }}"]
-
-
-[Workspace]
-server = "{{ vsphere_vcenter_ip }}"
-datacenter = "{{ vsphere_datacenter }}"
-folder = "{{ vsphere_working_dir }}"
-default-datastore = "{{ vsphere_datastore }}"
-{% if vsphere_resource_pool is defined and vsphere_resource_pool != "" %}
-resourcepool-path = "{{ vsphere_resource_pool }}"
-{% endif %}
-
-
-[Disk]
-scsicontrollertype = {{ vsphere_scsi_controller_type }}
-
-{% if vsphere_public_network is defined and vsphere_public_network != "" %}
-[Network]
-public-network = {{ vsphere_public_network }}
-{% endif %}
-
-[Labels]
-{% if vsphere_zone_category is defined and vsphere_zone_category != "" %}
-zone = {{ vsphere_zone_category }}
-{% endif %}
-{% if vsphere_region_category is defined and vsphere_region_category != "" %}
-region = {{ vsphere_region_category }}
-{% endif %}
diff --git a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
index 576b9c8fd5adf7a9f144b9ede0e735497878cac2..e3b54d7a3e2fbb1b6de5696c41def3798f9ad90a 100644
--- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
+++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
@@ -21,9 +21,7 @@ KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}
{% if kube_network_plugin is defined and kube_network_plugin == "cloud" %}
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
{% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
-KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
-{% elif cloud_provider is defined and cloud_provider in ["external"] %}
+{% if cloud_provider is defined and cloud_provider in ["external"] %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }}"
{% else %}
KUBELET_CLOUDPROVIDER=""
diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
index 263bca400a1e24e04c610064c12553b0748cd474..6109479c1a419bdf7a23ecfaa851311a068e869d 100644
--- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
@@ -87,9 +87,6 @@
{% for d in default_searchdomains | default([]) + searchdomains | default([]) -%}
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
{%- endfor %}
- cloud_resolver: "{{ ['169.254.169.254'] if cloud_provider is defined and cloud_provider == 'gce' else
- ['169.254.169.253'] if cloud_provider is defined and cloud_provider == 'aws' else
- [] }}"
- name: Check if kubelet is configured
stat:
diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
index e06b2241770df4ef67e5ac0cc4a1e9017d6193b2..78d0d9b218f41c64acab1dac82a0d002301fba56 100644
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -151,13 +151,6 @@
- dashboard_enabled
- not ignore_assert_errors
-- name: Stop if RBAC is not enabled when OCI cloud controller is enabled
- assert:
- that: rbac_enabled
- when:
- - cloud_provider is defined and cloud_provider == "oci"
- - not ignore_assert_errors
-
- name: Stop if kernel version is too low
assert:
that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
@@ -173,8 +166,8 @@
- name: Check cloud_provider value
assert:
- that: cloud_provider in ['gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
- msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci' or 'external'"
+ that: cloud_provider in ['external']
+ msg: "If set the 'cloud_provider' var must be set either to 'external'"
when:
- cloud_provider is defined
- not ignore_assert_errors
diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml
index 65d9458b5975aeefbf7e096d525ffca68c5cd619..40551738e2b7febf88a909d3180b70e3020c6260 100644
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -254,7 +254,7 @@ kube_apiserver_port: 6443
# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
- {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
+ {%- if cloud_provider is defined -%}
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml
index 7f73a08c4cb8916f8ae296ad29873914e467d620..aef34bb2cdf98facf44ae2d673c107a089249d49 100644
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -24,17 +24,6 @@
delegate_to: "{{ groups['kube_control_plane'][0] }}"
-- name: Stop if incompatible network plugin and cloudprovider
- assert:
- that:
- - calico_ipip_mode == 'Never'
- - calico_vxlan_mode in ['Always', 'CrossSubnet']
- msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'"
- when:
- - cloud_provider is defined and cloud_provider == 'azure'
- run_once: true
- delegate_to: "{{ groups['kube_control_plane'][0] }}"
-
- name: Stop if supported Calico versions
assert:
that: