Use function to get cloud provider from cluster spec

cmd/kops/create_cluster.go

@@ -669,7 +669,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
 			return err
 		}
 		fullGroup.AddInstanceGroupNodeLabel()
-		if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderGCE {
+		if cluster.Spec.GetCloudProvider() == api.CloudProviderGCE {
 			fullGroup.Spec.NodeLabels["cloud.google.com/metadata-proxy-ready"] = "true"
 		}
 		fullInstanceGroups = append(fullInstanceGroups, fullGroup)

cmd/kops/create_instancegroup.go

@@ -199,7 +199,7 @@ func RunCreateInstanceGroup(ctx context.Context, f *util.Factory, out io.Writer,
 	}
 
 	ig.AddInstanceGroupNodeLabel()
-	if kopsapi.CloudProviderID(cluster.Spec.CloudProvider) == kopsapi.CloudProviderGCE {
+	if cluster.Spec.GetCloudProvider() == kopsapi.CloudProviderGCE {
 		fmt.Println("detected a GCE cluster; labeling nodes to receive metadata-proxy.")
 		ig.Spec.NodeLabels["cloud.google.com/metadata-proxy-ready"] = "true"
 	}

cmd/kops/get_cluster.go

@@ -218,7 +218,7 @@ func clusterOutputTable(clusters []*kopsapi.Cluster, out io.Writer) error {
 		return c.ObjectMeta.Name
 	})
 	t.AddColumn("CLOUD", func(c *kopsapi.Cluster) string {
-		return c.Spec.CloudProvider
+		return string(c.Spec.GetCloudProvider())
 	})
 	t.AddColumn("ZONES", func(c *kopsapi.Cluster) string {
 		zones := sets.NewString()

cmd/kops/toolbox_instance-selector.go

@@ -239,7 +239,7 @@ func RunToolboxInstanceSelector(ctx context.Context, f *util.Factory, out io.Wri
 		return err
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) != kops.CloudProviderAWS {
+	if cluster.Spec.GetCloudProvider() != kops.CloudProviderAWS {
 		return fmt.Errorf("cannot select instance types from non-aws cluster")
 	}
 

cmd/kops/update_cluster.go

@@ -488,11 +488,11 @@ func completeUpdateClusterTarget(f commandutils.Factory, options *UpdateClusterO
 			cloudup.TargetDryRun,
 		}
 		for _, cp := range cloudup.TerraformCloudProviders {
-			if cluster.Spec.CloudProvider == string(cp) {
+			if cluster.Spec.GetCloudProvider() == cp {
 				completions = append(completions, cloudup.TargetTerraform)
 			}
 		}
-		if cluster.Spec.CloudProvider == string(kops.CloudProviderAWS) {
+		if cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 			completions = append(completions, cloudup.TargetCloudformation)
 		}
 		return completions, cobra.ShellCompDirectiveNoFileComp

nodeup/pkg/model/kubelet_test.go

@@ -267,7 +267,7 @@ func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error
 	nodeupModelContext := &NodeupModelContext{
 		Architecture:  "amd64",
 		BootConfig:    &nodeup.BootConfig{},
-		CloudProvider: kops.CloudProviderID(model.Cluster.Spec.CloudProvider),
+		CloudProvider: model.Cluster.Spec.GetCloudProvider(),
 		NodeupConfig: &nodeup.Config{
 			CAs:        map[string]string{},
 			KeypairIDs: map[string]string{},

pkg/acls/gce/storage.go

@@ -35,7 +35,7 @@ var _ acls.ACLStrategy = &gcsAclStrategy{}
 
 // GetACL returns the ACL to use if this is a google cloud storage path
 func (s *gcsAclStrategy) GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) != kops.CloudProviderGCE {
+	if cluster.Spec.GetCloudProvider() != kops.CloudProviderGCE {
 		return nil, nil
 	}
 	gcsPath, ok := p.(*vfs.GSPath)

pkg/apis/kops/cluster.go

@@ -849,6 +849,10 @@ func (c *ClusterSpec) IsKopsControllerIPAM() bool {
 	return c.IsIPv6Only()
 }
 
+func (c *ClusterSpec) GetCloudProvider() CloudProviderID {
+	return CloudProviderID(c.CloudProvider)
+}
+
 // EnvVar represents an environment variable present in a Container.
 type EnvVar struct {
 	// Name of the environment variable. Must be a C_IDENTIFIER.

pkg/apis/kops/model/features.go

@@ -22,7 +22,7 @@ import (
 
 // UseKopsControllerForNodeBootstrap is true if nodeup should use kops-controller for bootstrapping.
 func UseKopsControllerForNodeBootstrap(cluster *kops.Cluster) bool {
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS:
 		return true
 	case kops.CloudProviderGCE:

pkg/apis/kops/validation/instancegroup.go

@@ -218,7 +218,7 @@ func CrossValidateInstanceGroup(g *kops.InstanceGroup, cluster *kops.Cluster, cl
 		allErrs = append(allErrs, ValidateMasterInstanceGroup(g, cluster)...)
 	}
 
-	if g.Spec.Role == kops.InstanceGroupRoleAPIServer && kops.CloudProviderID(cluster.Spec.CloudProvider) != kops.CloudProviderAWS {
+	if g.Spec.Role == kops.InstanceGroupRoleAPIServer && cluster.Spec.GetCloudProvider() != kops.CloudProviderAWS {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "role"), "Apiserver role only supported on AWS"))
 	}
 
@@ -237,7 +237,7 @@ func CrossValidateInstanceGroup(g *kops.InstanceGroup, cluster *kops.Cluster, cl
 		}
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderAWS {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 		if g.Spec.RootVolumeType != nil {
 			allErrs = append(allErrs, IsValidValue(field.NewPath("spec", "rootVolumeType"), g.Spec.RootVolumeType, []string{"standard", "gp3", "gp2", "io1", "io2"})...)
 		}

pkg/apis/kops/validation/legacy.go

@@ -55,7 +55,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 	requiresSubnets := true
 	requiresNetworkCIDR := true
 	requiresSubnetCIDR := true
-	switch kops.CloudProviderID(c.Spec.CloudProvider) {
+	switch c.Spec.GetCloudProvider() {
 	case "":
 		allErrs = append(allErrs, field.Required(fieldSpec.Child("cloudProvider"), ""))
 		requiresSubnets = false
@@ -133,7 +133,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 			if err != nil {
 				allErrs = append(allErrs, field.Invalid(fieldSpec.Child("networkCIDR"), c.Spec.NetworkCIDR, "Cluster had an invalid networkCIDR"))
 			}
-			if kops.CloudProviderID(c.Spec.CloudProvider) == kops.CloudProviderDO {
+			if c.Spec.GetCloudProvider() == kops.CloudProviderDO {
 				// verify if the NetworkCIDR is in a private range as per RFC1918
 				if !networkCIDR.IP.IsPrivate() {
 					allErrs = append(allErrs, field.Invalid(fieldSpec.Child("networkCIDR"), c.Spec.NetworkCIDR, "Cluster had a networkCIDR outside the private IP range"))
@@ -300,7 +300,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 	{
 
 		var k8sCloudProvider string
-		switch kops.CloudProviderID(c.Spec.CloudProvider) {
+		switch c.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			k8sCloudProvider = "aws"
 		case kops.CloudProviderGCE:
@@ -369,7 +369,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 		if !featureflag.VFSVaultSupport.Enabled() {
 			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("secretStore"), "vault VFS is an experimental feature; set `export KOPS_FEATURE_FLAGS=VFSVaultSupport`"))
 		}
-		if kops.CloudProviderID(c.Spec.CloudProvider) != kops.CloudProviderAWS {
+		if c.Spec.GetCloudProvider() != kops.CloudProviderAWS {
 			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("secretStore"), "Vault secret store is only available on AWS"))
 		}
 	}
@@ -377,7 +377,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 		if !featureflag.VFSVaultSupport.Enabled() {
 			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("keyStore"), "vault VFS is an experimental feature; set `export KOPS_FEATURE_FLAGS=VFSVaultSupport`"))
 		}
-		if kops.CloudProviderID(c.Spec.CloudProvider) != kops.CloudProviderAWS {
+		if c.Spec.GetCloudProvider() != kops.CloudProviderAWS {
 			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("keyStore"), "Vault keystore is only available on AWS"))
 		}
 	}
@@ -474,7 +474,7 @@ func DeepValidate(c *kops.Cluster, groups []*kops.InstanceGroup, strict bool, cl
 		errs := CrossValidateInstanceGroup(g, c, cloud, strict)
 
 		// Additional cloud-specific validation rules
-		if kops.CloudProviderID(c.Spec.CloudProvider) != kops.CloudProviderAWS && len(g.Spec.Volumes) > 0 {
+		if c.Spec.GetCloudProvider() != kops.CloudProviderAWS && len(g.Spec.Volumes) > 0 {
 			errs = append(errs, field.Forbidden(field.NewPath("spec", "volumes"), "instancegroup volumes are only available with aws at present"))
 		}
 

pkg/apis/kops/validation/validation.go

@@ -66,7 +66,7 @@ func newValidateCluster(cluster *kops.Cluster) field.ErrorList {
 	allErrs = append(allErrs, validateClusterSpec(&cluster.Spec, cluster, field.NewPath("spec"))...)
 
 	// Additional cloud-specific validation rules
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS:
 		allErrs = append(allErrs, awsValidateCluster(cluster)...)
 	case kops.CloudProviderGCE:
@@ -86,7 +86,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 	// SSHAccess
 	for i, cidr := range spec.SSHAccess {
 		if strings.HasPrefix(cidr, "pl-") {
-			if kops.CloudProviderID(spec.CloudProvider) != kops.CloudProviderAWS {
+			if spec.GetCloudProvider() != kops.CloudProviderAWS {
 				allErrs = append(allErrs, field.Invalid(fieldPath.Child("sshAccess").Index(i), cidr, "Prefix List ID only supported for AWS"))
 			}
 		} else {
@@ -97,7 +97,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 	// KubernetesAPIAccess
 	for i, cidr := range spec.KubernetesAPIAccess {
 		if strings.HasPrefix(cidr, "pl-") {
-			if kops.CloudProviderID(spec.CloudProvider) != kops.CloudProviderAWS {
+			if spec.GetCloudProvider() != kops.CloudProviderAWS {
 				allErrs = append(allErrs, field.Invalid(fieldPath.Child("kubernetesAPIAccess").Index(i), cidr, "Prefix List ID only supported for AWS"))
 			}
 		} else {
@@ -108,7 +108,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 	// NodePortAccess
 	for i, cidr := range spec.NodePortAccess {
 		if strings.HasPrefix(cidr, "pl-") {
-			if kops.CloudProviderID(spec.CloudProvider) != kops.CloudProviderAWS {
+			if spec.GetCloudProvider() != kops.CloudProviderAWS {
 				allErrs = append(allErrs, field.Invalid(fieldPath.Child("nodePortAccess").Index(i), cidr, "Prefix List ID only supported for AWS"))
 			}
 		} else {
@@ -244,7 +244,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		allErrs = append(allErrs, validateRollingUpdate(spec.RollingUpdate, fieldPath.Child("rollingUpdate"), false)...)
 	}
 
-	if spec.API != nil && spec.API.LoadBalancer != nil && spec.CloudProvider == "aws" {
+	if spec.API != nil && spec.API.LoadBalancer != nil && spec.GetCloudProvider() == kops.CloudProviderAWS {
 		value := string(spec.API.LoadBalancer.Class)
 		allErrs = append(allErrs, IsValidValue(fieldPath.Child("class"), &value, kops.SupportedLoadBalancerClasses)...)
 		if spec.API.LoadBalancer.SSLCertificate != "" && spec.API.LoadBalancer.Class != kops.LoadBalancerClassNetwork {
@@ -260,7 +260,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 	}
 
 	if spec.WarmPool != nil {
-		if kops.CloudProviderID(spec.CloudProvider) != kops.CloudProviderAWS {
+		if spec.GetCloudProvider() != kops.CloudProviderAWS {
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "warmPool"), "warm pool only supported on AWS"))
 		} else {
 			allErrs = append(allErrs, validateWarmPool(spec.WarmPool, fieldPath.Child("warmPool"))...)
@@ -455,7 +455,7 @@ func validateSubnets(cluster *kops.ClusterSpec, fieldPath *field.Path) field.Err
 		}
 	}
 
-	if kops.CloudProviderID(cluster.CloudProvider) != kops.CloudProviderAWS {
+	if cluster.GetCloudProvider() != kops.CloudProviderAWS {
 		for i := range subnets {
 			if subnets[i].IPv6CIDR != "" {
 				allErrs = append(allErrs, field.Forbidden(fieldPath.Index(i).Child("ipv6CIDR"), "ipv6CIDR can only be specified for AWS"))
@@ -612,7 +612,7 @@ func validateKubeAPIServer(v *kops.KubeAPIServerConfig, c *kops.Cluster, fldPath
 					allErrs = append(allErrs, IsValidValue(fldPath.Child("authorizationMode"), &mode, []string{"ABAC", "Webhook", "Node", "RBAC", "AlwaysAllow", "AlwaysDeny"})...)
 				}
 			}
-			if kops.CloudProviderID(c.Spec.CloudProvider) == kops.CloudProviderAWS {
+			if c.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 				if !hasNode || !hasRBAC {
 					allErrs = append(allErrs, field.Required(fldPath.Child("authorizationMode"), "As of kubernetes 1.19 on AWS, authorizationMode must include RBAC and Node"))
 				}
@@ -844,7 +844,7 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 		}
 		optionTaken = true
 
-		if c.CloudProvider != "aws" {
+		if c.GetCloudProvider() != kops.CloudProviderAWS {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("amazonvpc"), "amazon-vpc-routed-eni networking is supported only in AWS"))
 		}
 
@@ -1018,7 +1018,7 @@ func validateNetworkingCilium(cluster *kops.Cluster, v *kops.CiliumNetworkingSpe
 		allErrs = append(allErrs, IsValidValue(fldPath.Child("ipam"), &v.IPAM, []string{"hostscope", "kubernetes", "crd", "eni"})...)
 
 		if v.IPAM == kops.CiliumIpamEni {
-			if c.CloudProvider != string(kops.CloudProviderAWS) {
+			if c.GetCloudProvider() != kops.CloudProviderAWS {
 				allErrs = append(allErrs, field.Forbidden(fldPath.Child("ipam"), "Cilum ENI IPAM is supported only in AWS"))
 			}
 			if v.Masquerade != nil && *v.Masquerade {
@@ -1049,7 +1049,7 @@ func validateNetworkingCilium(cluster *kops.Cluster, v *kops.CiliumNetworkingSpe
 func validateNetworkingGCE(c *kops.ClusterSpec, v *kops.GCENetworkingSpec, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 
-	if c.CloudProvider != "gce" {
+	if c.GetCloudProvider() != kops.CloudProviderGCE {
 		allErrs = append(allErrs, field.Forbidden(fldPath, "GCE networking is supported only when on GCP"))
 	}
 
@@ -1510,7 +1510,7 @@ func validateNvidiaConfig(spec *kops.ClusterSpec, nvidia *kops.NvidiaGPUConfig,
 	if !fi.BoolValue(nvidia.Enabled) {
 		return allErrs
 	}
-	if kops.CloudProviderID(spec.CloudProvider) != kops.CloudProviderAWS {
+	if spec.GetCloudProvider() != kops.CloudProviderAWS {
 		allErrs = append(allErrs, field.Forbidden(fldPath, "Nvidia is only supported on AWS"))
 	}
 	if spec.ContainerRuntime != "" && spec.ContainerRuntime != "containerd" {
@@ -1582,7 +1582,7 @@ func validateClusterAutoscaler(cluster *kops.Cluster, spec *kops.ClusterAutoscal
 		allErrs = append(allErrs, field.Forbidden(fldPath.Child("expander"), "Cluster autoscaler price expander is only supported on GCE"))
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderOpenstack {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderOpenstack {
 		allErrs = append(allErrs, field.Forbidden(fldPath, "Cluster autoscaler is not supported on OpenStack"))
 	}
 
@@ -1608,7 +1608,7 @@ func validateExternalDNS(cluster *kops.Cluster, spec *kops.ExternalDNSConfig, fl
 }
 
 func validateNodeTerminationHandler(cluster *kops.Cluster, spec *kops.NodeTerminationHandlerConfig, fldPath *field.Path) (allErrs field.ErrorList) {
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) != kops.CloudProviderAWS {
+	if cluster.Spec.GetCloudProvider() != kops.CloudProviderAWS {
 		allErrs = append(allErrs, field.Forbidden(fldPath, "Node Termination Handler supports only AWS"))
 	}
 	return allErrs

pkg/apis/nodeup/config.go

@@ -153,7 +153,7 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 	}
 
 	bootConfig := BootConfig{
-		CloudProvider:     cluster.Spec.CloudProvider,
+		CloudProvider:     string(cluster.Spec.GetCloudProvider()),
 		InstanceGroupName: instanceGroup.ObjectMeta.Name,
 		InstanceGroupRole: role,
 	}
@@ -216,7 +216,7 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 }
 
 func UsesInstanceIDForNodeName(cluster *kops.Cluster) bool {
-	return cluster.Spec.ExternalCloudControllerManager != nil && cluster.IsKubernetesGTE("1.22") && kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderAWS
+	return cluster.Spec.ExternalCloudControllerManager != nil && cluster.IsKubernetesGTE("1.22") && cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS
 }
 
 func filterFileAssets(f []kops.FileAssetSpec, role kops.InstanceGroupRole) []kops.FileAssetSpec {

pkg/cloudinstances/cloud_instance_group.go

@@ -100,7 +100,7 @@ func (group *CloudInstanceGroup) AdjustNeedUpdate() {
 func GetNodeMap(nodes []v1.Node, cluster *kopsapi.Cluster) map[string]*v1.Node {
 	nodeMap := make(map[string]*v1.Node)
 
-	if kopsapi.CloudProviderID(cluster.Spec.CloudProvider) == kopsapi.CloudProviderAzure {
+	if cluster.Spec.GetCloudProvider() == kopsapi.CloudProviderAzure {
 		for i := range nodes {
 			node := &nodes[i]
 			vmName, err := toAzureVMName(node.Spec.ProviderID)

pkg/instancegroups/instancegroups.go

@@ -440,8 +440,8 @@ func (c *RollingUpdateCluster) drainTerminateAndWait(u *cloudinstances.CloudInst
 }
 
 func (c *RollingUpdateCluster) reconcileInstanceGroup() error {
-	if api.CloudProviderID(c.Cluster.Spec.CloudProvider) != api.CloudProviderOpenstack &&
+	if c.Cluster.Spec.GetCloudProvider() != api.CloudProviderOpenstack &&
-		api.CloudProviderID(c.Cluster.Spec.CloudProvider) != api.CloudProviderDO {
+		c.Cluster.Spec.GetCloudProvider() != api.CloudProviderDO {
 		return nil
 	}
 	rto := fi.RunTasksOptions{}

pkg/instancegroups/settings.go

@@ -48,7 +48,7 @@ func resolveSettings(cluster *kops.Cluster, group *kops.InstanceGroup, numInstan
 
 	if rollingUpdate.MaxSurge == nil {
 		val := intstr.FromInt(0)
-		if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderAWS && !featureflag.Spotinst.Enabled() && group.Spec.Manager != kops.InstanceManagerKarpenter {
+		if cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS && !featureflag.Spotinst.Enabled() && group.Spec.Manager != kops.InstanceManagerKarpenter {
 			val = intstr.FromInt(1)
 		}
 		rollingUpdate.MaxSurge = &val

pkg/model/bootstrapscript.go

@@ -139,7 +139,7 @@ func (b *BootstrapScript) buildEnvironmentVariables(cluster *kops.Cluster) (map[
 		env["S3_SECRET_ACCESS_KEY"] = os.Getenv("S3_SECRET_ACCESS_KEY")
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderOpenstack {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderOpenstack {
 
 		osEnvs := []string{
 			"OS_TENANT_ID", "OS_TENANT_NAME", "OS_PROJECT_ID", "OS_PROJECT_NAME",
@@ -176,14 +176,14 @@ func (b *BootstrapScript) buildEnvironmentVariables(cluster *kops.Cluster) (map[
 		}
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderDO {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderDO {
 		doToken := os.Getenv("DIGITALOCEAN_ACCESS_TOKEN")
 		if doToken != "" {
 			env["DIGITALOCEAN_ACCESS_TOKEN"] = doToken
 		}
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderAWS {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 		region, err := awsup.FindRegion(cluster)
 		if err != nil {
 			return nil, err
@@ -195,7 +195,7 @@ func (b *BootstrapScript) buildEnvironmentVariables(cluster *kops.Cluster) (map[
 		}
 	}
 
-	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderAzure {
+	if cluster.Spec.GetCloudProvider() == kops.CloudProviderAzure {
 		env["AZURE_STORAGE_ACCOUNT"] = os.Getenv("AZURE_STORAGE_ACCOUNT")
 		azureEnv := os.Getenv("AZURE_ENVIRONMENT")
 		if azureEnv != "" {

pkg/model/components/apiserver.go

@@ -97,7 +97,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	}
 	c.Image = image
 
-	switch kops.CloudProviderID(clusterSpec.CloudProvider) {
+	switch clusterSpec.GetCloudProvider() {
 	case kops.CloudProviderAWS:
 		c.CloudProvider = "aws"
 	case kops.CloudProviderGCE:
@@ -109,7 +109,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	case kops.CloudProviderAzure:
 		c.CloudProvider = "azure"
 	default:
-		return fmt.Errorf("unknown cloudprovider %q", clusterSpec.CloudProvider)
+		return fmt.Errorf("unknown cloudprovider %q", clusterSpec.GetCloudProvider())
 	}
 
 	if clusterSpec.ExternalCloudControllerManager != nil {

pkg/model/components/awscloudcontrollermanager.go

@@ -35,7 +35,7 @@ var _ loader.OptionsBuilder = &AWSCloudControllerManagerOptionsBuilder{}
 func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(o interface{}) error {
 	clusterSpec := o.(*kops.ClusterSpec)
 
-	if kops.CloudProviderID(clusterSpec.CloudProvider) != kops.CloudProviderAWS {
+	if clusterSpec.GetCloudProvider() != kops.CloudProviderAWS {
 		return nil
 	}
 

pkg/model/components/awsebscsidriver.go

@@ -31,7 +31,7 @@ var _ loader.OptionsBuilder = &AWSEBSCSIDriverOptionsBuilder{}
 
 func (b *AWSEBSCSIDriverOptionsBuilder) BuildOptions(o interface{}) error {
 	clusterSpec := o.(*kops.ClusterSpec)
-	if kops.CloudProviderID(clusterSpec.CloudProvider) != kops.CloudProviderAWS {
+	if clusterSpec.GetCloudProvider() != kops.CloudProviderAWS {
 		return nil
 	}
 

pkg/model/components/etcdmanager/model.go

@@ -371,7 +371,7 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster kops.EtcdClusterSpec) (*v1.Pod
 	}
 
 	{
-		switch kops.CloudProviderID(b.Cluster.Spec.CloudProvider) {
+		switch b.Cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			config.VolumeProvider = "aws"
 
@@ -427,7 +427,7 @@ func (b *EtcdManagerBuilder) buildPod(etcdCluster kops.EtcdClusterSpec) (*v1.Pod
 			config.VolumeNameTag = openstack.TagNameEtcdClusterPrefix + etcdCluster.Name
 
 		default:
-			return nil, fmt.Errorf("CloudProvider %q not supported with etcd-manager", b.Cluster.Spec.CloudProvider)
+			return nil, fmt.Errorf("CloudProvider %q not supported with etcd-manager", b.Cluster.Spec.GetCloudProvider())
 		}
 	}
 

pkg/model/components/gcpcloudcontrollermanager.go

@@ -32,7 +32,7 @@ var _ loader.OptionsBuilder = (*GCPCloudControllerManagerOptionsBuilder)(nil)
 func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(options interface{}) error {
 	clusterSpec := options.(*kops.ClusterSpec)
 
-	if kops.CloudProviderID(clusterSpec.CloudProvider) != kops.CloudProviderGCE {
+	if clusterSpec.GetCloudProvider() != kops.CloudProviderGCE {
 		return nil
 	}
 

pkg/model/components/gcppdcsidriver.go

@@ -31,7 +31,7 @@ var _ loader.OptionsBuilder = &GCPPDCSIDriverOptionsBuilder{}
 
 func (b *GCPPDCSIDriverOptionsBuilder) BuildOptions(o interface{}) error {
 	clusterSpec := o.(*kops.ClusterSpec)
-	if kops.CloudProviderID(clusterSpec.CloudProvider) != kops.CloudProviderGCE {
+	if clusterSpec.GetCloudProvider() != kops.CloudProviderGCE {
 		return nil
 	}
 

pkg/model/components/kubecontrollermanager.go

@@ -79,7 +79,7 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 	if b.IsKubernetesGTE("1.24") {
 		kcm.CloudProvider = "external"
 	} else {
-		switch kops.CloudProviderID(clusterSpec.CloudProvider) {
+		switch kops.CloudProviderID(clusterSpec.GetCloudProvider()) {
 		case kops.CloudProviderAWS:
 			kcm.CloudProvider = "aws"
 
@@ -97,7 +97,7 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 			kcm.CloudProvider = "azure"
 
 		default:
-			return fmt.Errorf("unknown cloudprovider %q", clusterSpec.CloudProvider)
+			return fmt.Errorf("unknown cloudprovider %q", clusterSpec.GetCloudProvider())
 		}
 	}
 

pkg/model/components/kubedns.go

@@ -74,7 +74,7 @@ func (b *KubeDnsOptionsBuilder) BuildOptions(o interface{}) error {
 		clusterSpec.KubeDNS.MemoryLimit = &defaultMemoryLimit
 	}
 
-	if clusterSpec.IsIPv6Only() && kops.CloudProviderID(clusterSpec.CloudProvider) == kops.CloudProviderAWS {
+	if clusterSpec.IsIPv6Only() && clusterSpec.GetCloudProvider() == kops.CloudProviderAWS {
 		if len(clusterSpec.KubeDNS.UpstreamNameservers) == 0 {
 			clusterSpec.KubeDNS.UpstreamNameservers = []string{"fd00:ec2::253"}
 		}

pkg/model/components/kubelet.go

@@ -122,7 +122,7 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error {
 		clusterSpec.MasterKubelet.HairpinMode = "none"
 	}
 
-	cloudProvider := kops.CloudProviderID(clusterSpec.CloudProvider)
+	cloudProvider := clusterSpec.GetCloudProvider()
 
 	clusterSpec.Kubelet.CgroupRoot = "/"
 

pkg/model/components/openstack.go

@@ -32,7 +32,7 @@ var _ loader.OptionsBuilder = &OpenStackOptionsBulder{}
 func (b *OpenStackOptionsBulder) BuildOptions(o interface{}) error {
 	clusterSpec := o.(*kops.ClusterSpec)
 
-	if kops.CloudProviderID(clusterSpec.CloudProvider) != kops.CloudProviderOpenstack {
+	if clusterSpec.GetCloudProvider() != kops.CloudProviderOpenstack {
 		return nil
 	}
 

pkg/model/context.go

@@ -189,7 +189,7 @@ func (b *KopsModelContext) CloudTagsForInstanceGroup(ig *kops.InstanceGroup) (ma
 func (b *KopsModelContext) CloudTags(name string, shared bool) map[string]string {
 	tags := make(map[string]string)
 
-	switch kops.CloudProviderID(b.Cluster.Spec.CloudProvider) {
+	switch b.Cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS:
 		if shared {
 			// If the resource is shared, we don't try to set the Name - we presume that is managed externally

pkg/model/iam/subject.go

@@ -107,7 +107,7 @@ func BuildNodeRoleSubject(igRole kops.InstanceGroupRole, enableLifecycleHookPerm
 
 // AddServiceAccountRole adds the appropriate mounts / env vars to enable a pod to use a service-account role
 func AddServiceAccountRole(context *IAMModelContext, podSpec *corev1.PodSpec, serviceAccountRole Subject) error {
-	cloudProvider := kops.CloudProviderID(context.Cluster.Spec.CloudProvider)
+	cloudProvider := context.Cluster.Spec.GetCloudProvider()
 
 	switch cloudProvider {
 	case kops.CloudProviderAWS:

pkg/model/master_volumes.go

@@ -93,7 +93,7 @@ func (b *MasterVolumeBuilder) Build(c *fi.ModelBuilderContext) error {
 			}
 			sort.Strings(allMembers)
 
-			switch kops.CloudProviderID(b.Cluster.Spec.CloudProvider) {
+			switch b.Cluster.Spec.GetCloudProvider() {
 			case kops.CloudProviderAWS:
 				err = b.addAWSVolume(c, name, volumeSize, zone, etcd, m, allMembers)
 				if err != nil {
@@ -111,7 +111,7 @@ func (b *MasterVolumeBuilder) Build(c *fi.ModelBuilderContext) error {
 			case kops.CloudProviderAzure:
 				b.addAzureVolume(c, name, volumeSize, zone, etcd, m, allMembers)
 			default:
-				return fmt.Errorf("unknown cloudprovider %q", b.Cluster.Spec.CloudProvider)
+				return fmt.Errorf("unknown cloudprovider %q", b.Cluster.Spec.GetCloudProvider())
 			}
 		}
 	}

upup/pkg/fi/cloudup/apply_cluster.go

@@ -393,7 +393,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 		InstanceGroups:  c.InstanceGroups,
 	}
 
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderGCE:
 		{
 			gceCloud := cloud.(gce.GCECloud)
@@ -452,7 +452,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			}
 		}
 	default:
-		return fmt.Errorf("unknown CloudProvider %q", cluster.Spec.CloudProvider)
+		return fmt.Errorf("unknown CloudProvider %q", cluster.Spec.GetCloudProvider())
 	}
 
 	modelContext.SSHPublicKeys = sshPublicKeys
@@ -529,7 +529,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			&model.ConfigBuilder{KopsModelContext: modelContext, Lifecycle: clusterLifecycle},
 		)
 
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			awsModelContext := &awsmodel.AWSModelContext{
 				KopsModelContext: modelContext,
@@ -633,7 +633,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 			)
 
 		default:
-			return fmt.Errorf("unknown cloudprovider %q", cluster.Spec.CloudProvider)
+			return fmt.Errorf("unknown cloudprovider %q", cluster.Spec.GetCloudProvider())
 		}
 	}
 	c.TaskMap, err = l.BuildTasks(c.LifecycleOverrides)
@@ -646,7 +646,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 
 	switch c.TargetName {
 	case TargetDirect:
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderGCE:
 			target = gce.NewGCEAPITarget(cloud.(gce.GCECloud))
 		case kops.CloudProviderAWS:
@@ -658,7 +658,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 		case kops.CloudProviderAzure:
 			target = azure.NewAzureAPITarget(cloud.(azure.AzureCloud))
 		default:
-			return fmt.Errorf("direct configuration not supported with CloudProvider:%q", cluster.Spec.CloudProvider)
+			return fmt.Errorf("direct configuration not supported with CloudProvider:%q", cluster.Spec.GetCloudProvider())
 		}
 
 	case TargetTerraform:
@@ -1076,7 +1076,7 @@ func ChannelForCluster(c *kops.Cluster) (*kops.Channel, error) {
 // This is only needed currently on ContainerOS i.e. GCE, but we don't have a nice way to detect it yet
 func needsMounterAsset(c *kops.Cluster, instanceGroups []*kops.InstanceGroup) bool {
 	// TODO: Do real detection of ContainerOS (but this has to work with image names, and maybe even forked images)
-	switch kops.CloudProviderID(c.Spec.CloudProvider) {
+	switch c.Spec.GetCloudProvider() {
 	case kops.CloudProviderGCE:
 		return true
 	default:

upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go

@@ -452,8 +452,8 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 	}
 
 	if b.IsKubernetesGTE("1.23") && b.IsKubernetesLT("1.26") &&
-		(kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS ||
+		(b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS ||
-			kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderGCE) {
+			b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderGCE) {
 		// AWS and GCE KCM-to-CCM leader migration
 		key := "leader-migration.rbac.addons.k8s.io"
 
@@ -730,7 +730,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		}
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 		key := "storage-aws.addons.k8s.io"
 
 		{
@@ -746,7 +746,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		}
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderDO {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderDO {
 		key := "digitalocean-cloud-controller.addons.k8s.io"
 
 		{
@@ -762,7 +762,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		}
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderGCE {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderGCE {
 		key := "storage-gce.addons.k8s.io"
 
 		{
@@ -810,7 +810,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 
 	// The metadata-proxy daemonset conceals node metadata endpoints in GCE.
 	// It will land on nodes labeled cloud.google.com/metadata-proxy-ready=true
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderGCE {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderGCE {
 		key := "metadata-proxy.addons.k8s.io"
 
 		{
@@ -825,7 +825,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 			})
 		}
 
-		if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderGCE {
+		if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderGCE {
 			if b.Cluster.Spec.ExternalCloudControllerManager != nil {
 				key := "gcp-cloud-controller.addons.k8s.io"
 				{
@@ -1008,7 +1008,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		}
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderOpenstack {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderOpenstack {
 		{
 			key := "storage-openstack.addons.k8s.io"
 
@@ -1055,7 +1055,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		}
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS {
 
 		if b.Cluster.Spec.ExternalCloudControllerManager != nil {
 			key := "aws-cloud-controller.addons.k8s.io"
@@ -1138,7 +1138,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
 		})
 	}
 
-	if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS && b.Cluster.Spec.KubeAPIServer.ServiceAccountIssuer != nil {
+	if b.Cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS && b.Cluster.Spec.KubeAPIServer.ServiceAccountIssuer != nil {
 		awsModelContext := &awsmodel.AWSModelContext{
 			KopsModelContext: b.KopsModelContext,
 		}

upup/pkg/fi/cloudup/defaults.go

@@ -217,7 +217,7 @@ func assignProxy(cluster *kops.Cluster) (*kops.EgressProxySpec, error) {
 
 		awsNoProxy := "169.254.169.254"
 
-		if cluster.Spec.CloudProvider == "aws" && !strings.Contains(cluster.Spec.EgressProxy.ProxyExcludes, awsNoProxy) {
+		if cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS && !strings.Contains(cluster.Spec.EgressProxy.ProxyExcludes, awsNoProxy) {
 			egressSlice = append(egressSlice, awsNoProxy)
 		}
 

upup/pkg/fi/cloudup/new_cluster.go

@@ -270,7 +270,7 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster
 		cluster.Spec.ServiceAccountIssuerDiscovery = &api.ServiceAccountIssuerDiscoveryConfig{
 			DiscoveryStore: discoveryPath.Join(cluster.Name).Path(),
 		}
-		if cluster.Spec.CloudProvider == string(api.CloudProviderAWS) {
+		if cluster.Spec.GetCloudProvider() == api.CloudProviderAWS {
 			cluster.Spec.ServiceAccountIssuerDiscovery.EnableAWSOIDCProvider = true
 			cluster.Spec.IAM.UseServiceAccountExternalPermissions = fi.Bool(true)
 		}
@@ -350,7 +350,7 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster
 func setupVPC(opt *NewClusterOptions, cluster *api.Cluster) error {
 	cluster.Spec.NetworkID = opt.NetworkID
 
-	switch api.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case api.CloudProviderAWS:
 		if cluster.Spec.NetworkID == "" && len(opt.SubnetIDs) > 0 {
 			cloudTags := map[string]string{}
@@ -474,7 +474,7 @@ func setupZones(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.Stri
 
 	var zoneToSubnetProviderID map[string]string
 
-	switch api.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case api.CloudProviderGCE:
 		// On GCE, subnets are regional - we create one per region, not per zone
 		for _, zoneName := range allZones.List() {
@@ -661,7 +661,7 @@ func getOpenstackZoneToSubnetProviderID(spec *api.ClusterSpec, zones []string, s
 }
 
 func setupMasters(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetMap map[string]*api.ClusterSubnetSpec) ([]*api.InstanceGroup, error) {
-	cloudProvider := api.CloudProviderID(cluster.Spec.CloudProvider)
+	cloudProvider := cluster.Spec.GetCloudProvider()
 
 	var masters []*api.InstanceGroup
 
@@ -815,7 +815,7 @@ func trimCommonPrefix(names []string) []string {
 }
 
 func setupNodes(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetMap map[string]*api.ClusterSubnetSpec) ([]*api.InstanceGroup, error) {
-	cloudProvider := api.CloudProviderID(cluster.Spec.CloudProvider)
+	cloudProvider := cluster.Spec.GetCloudProvider()
 
 	var nodes []*api.InstanceGroup
 
@@ -883,7 +883,7 @@ func setupKarpenterNodes(opt *NewClusterOptions, cluster *api.Cluster, zoneToSub
 }
 
 func setupAPIServers(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubnetMap map[string]*api.ClusterSubnetSpec) ([]*api.InstanceGroup, error) {
-	cloudProvider := api.CloudProviderID(cluster.Spec.CloudProvider)
+	cloudProvider := cluster.Spec.GetCloudProvider()
 
 	var nodes []*api.InstanceGroup
 
@@ -948,7 +948,7 @@ func setupNetworking(opt *NewClusterOptions, cluster *api.Cluster) error {
 	case "weave":
 		cluster.Spec.Networking.Weave = &api.WeaveNetworkingSpec{}
 
-		if cluster.Spec.CloudProvider == "aws" {
+		if cluster.Spec.GetCloudProvider() == api.CloudProviderAWS {
 			// AWS supports "jumbo frames" of 9001 bytes and weave adds up to 87 bytes overhead
 			// sets the default to the largest number that leaves enough overhead and is divisible by 4
 			jumboFrameMTUSize := int32(8912)
@@ -1027,7 +1027,7 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 		var zoneToSubnetProviderID map[string]string
 		var err error
 		if len(opt.Zones) > 0 && len(opt.UtilitySubnetIDs) > 0 {
-			switch api.CloudProviderID(cluster.Spec.CloudProvider) {
+			switch cluster.Spec.GetCloudProvider() {
 			case api.CloudProviderAWS:
 				zoneToSubnetProviderID, err = getAWSZoneToSubnetProviderID(cluster.Spec.NetworkID, opt.Zones[0][:len(opt.Zones[0])-1], opt.UtilitySubnetIDs)
 				if err != nil {
@@ -1065,7 +1065,7 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 		}
 
 		addUtilitySubnets := true
-		switch api.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case api.CloudProviderGCE:
 			// GCE does not need utility subnets
 			addUtilitySubnets = false
@@ -1103,7 +1103,7 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 					PublicName: "bastion." + cluster.Name,
 				}
 			}
-			if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderGCE {
+			if cluster.Spec.GetCloudProvider() == api.CloudProviderGCE {
 				bastionGroup.Spec.Zones = allZones.List()
 			}
 
@@ -1123,7 +1123,7 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 	if opt.IPv6 {
 		cluster.Spec.NonMasqueradeCIDR = "::/0"
 		cluster.Spec.ExternalCloudControllerManager = &api.CloudControllerManagerConfig{}
-		if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderAWS {
+		if cluster.Spec.GetCloudProvider() == api.CloudProviderAWS {
 			for i := range cluster.Spec.Subnets {
 				cluster.Spec.Subnets[i].IPv6CIDR = fmt.Sprintf("/64#%x", i)
 			}
@@ -1147,11 +1147,11 @@ func setupTopology(opt *NewClusterOptions, cluster *api.Cluster, allZones sets.S
 
 func setupAPI(opt *NewClusterOptions, cluster *api.Cluster) error {
 	// Populate the API access, so that it can be discoverable
-	klog.Infof(" Cloud Provider ID = %s", api.CloudProviderID(cluster.Spec.CloudProvider))
+	klog.Infof(" Cloud Provider ID = %s", cluster.Spec.GetCloudProvider())
 	cluster.Spec.API = &api.AccessSpec{}
-	if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderOpenstack {
+	if cluster.Spec.GetCloudProvider() == api.CloudProviderOpenstack {
 		initializeOpenstackAPI(opt, cluster)
-	} else if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderAzure {
+	} else if cluster.Spec.GetCloudProvider() == api.CloudProviderAzure {
 		// Do nothing to disable the use of loadbalancer for the k8s API server.
 		// TODO(kenji): Remove this condition once we support the loadbalancer
 		// in pkg/model/azuremodel/api_loadbalancer.go.
@@ -1192,7 +1192,7 @@ func setupAPI(opt *NewClusterOptions, cluster *api.Cluster) error {
 		cluster.Spec.API.LoadBalancer.SSLCertificate = opt.APISSLCertificate
 	}
 
-	if cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Class == "" && api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderAWS {
+	if cluster.Spec.API.LoadBalancer != nil && cluster.Spec.API.LoadBalancer.Class == "" && cluster.Spec.GetCloudProvider() == api.CloudProviderAWS {
 		switch opt.APILoadBalancerClass {
 		case "", "classic":
 			cluster.Spec.API.LoadBalancer.Class = api.LoadBalancerClassClassic

upup/pkg/fi/cloudup/populate_instancegroup_spec.go

@@ -131,7 +131,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,
 	}
 
 	if ig.Spec.Tenancy != "" && ig.Spec.Tenancy != "default" {
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			if _, ok := awsDedicatedInstanceExceptions[ig.Spec.MachineType]; ok {
 				return nil, fmt.Errorf("invalid dedicated instance type: %s", ig.Spec.MachineType)
@@ -176,7 +176,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,
 	}
 
 	if cluster.Spec.Containerd != nil && cluster.Spec.Containerd.NvidiaGPU != nil && fi.BoolValue(cluster.Spec.Containerd.NvidiaGPU.Enabled) {
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			mt, err := awsup.GetMachineTypeInfo(cloud.(awsup.AWSCloud), ig.Spec.MachineType)
 			if err != nil {
@@ -208,7 +208,7 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,
 
 // defaultMachineType returns the default MachineType for the instance group, based on the cloudprovider
 func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.InstanceGroup) (string, error) {
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS:
 		if ig.Spec.Manager == kops.InstanceManagerKarpenter {
 			return "", nil
@@ -262,7 +262,7 @@ func defaultMachineType(cloud fi.Cloud, cluster *kops.Cluster, ig *kops.Instance
 		}
 	}
 
-	klog.V(2).Infof("Cannot set default MachineType for CloudProvider=%q, Role=%q", cluster.Spec.CloudProvider, ig.Spec.Role)
+	klog.V(2).Infof("Cannot set default MachineType for CloudProvider=%q, Role=%q", cluster.Spec.GetCloudProvider(), ig.Spec.Role)
 	return "", nil
 }
 
@@ -278,18 +278,18 @@ func defaultImage(cluster *kops.Cluster, channel *kops.Channel, architecture arc
 			}
 		}
 		if kubernetesVersion != nil {
-			image := channel.FindImage(kops.CloudProviderID(cluster.Spec.CloudProvider), *kubernetesVersion, architecture)
+			image := channel.FindImage(cluster.Spec.GetCloudProvider(), *kubernetesVersion, architecture)
 			if image != nil {
 				return image.Name
 			}
 		}
 	}
 
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderDO:
 		return defaultDONodeImage
 	}
-	klog.Infof("Cannot set default Image for CloudProvider=%q", cluster.Spec.CloudProvider)
+	klog.Infof("Cannot set default Image for CloudProvider=%q", cluster.Spec.GetCloudProvider())
 	return ""
 }
 

upup/pkg/fi/cloudup/template_functions.go

@@ -211,7 +211,7 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 			if c.IPIPMode != "" {
 				return c.IPIPMode
 			}
-			if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderOpenstack {
+			if cluster.Spec.GetCloudProvider() == kops.CloudProviderOpenstack {
 				return "Always"
 			}
 			return "CrossSubnet"
@@ -399,8 +399,8 @@ func (tf *TemplateFunctions) CloudControllerConfigArgv() ([]string, error) {
 
 	// take the cloud provider value from clusterSpec if unset
 	if cluster.Spec.ExternalCloudControllerManager.CloudProvider == "" {
-		if cluster.Spec.CloudProvider != "" {
+		if cluster.Spec.GetCloudProvider() != "" {
-			argv = append(argv, fmt.Sprintf("--cloud-provider=%s", cluster.Spec.CloudProvider))
+			argv = append(argv, fmt.Sprintf("--cloud-provider=%s", cluster.Spec.GetCloudProvider()))
 		} else {
 			return nil, fmt.Errorf("Cloud Provider is not set")
 		}
@@ -493,7 +493,7 @@ func (tf *TemplateFunctions) DNSControllerArgv() ([]string, error) {
 			argv = append(argv, fmt.Sprintf("--gossip-seed-secondary=127.0.0.1:%d", wellknownports.ProtokubeGossipMemberlist))
 		}
 	} else {
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			if strings.HasPrefix(os.Getenv("AWS_REGION"), "cn-") {
 				argv = append(argv, "--dns=gossip")
@@ -506,7 +506,7 @@ func (tf *TemplateFunctions) DNSControllerArgv() ([]string, error) {
 			argv = append(argv, "--dns=digitalocean")
 
 		default:
-			return nil, fmt.Errorf("unhandled cloudprovider %q", cluster.Spec.CloudProvider)
+			return nil, fmt.Errorf("unhandled cloudprovider %q", cluster.Spec.GetCloudProvider())
 		}
 	}
 
@@ -540,7 +540,7 @@ func (tf *TemplateFunctions) KopsControllerConfig() (string, error) {
 	cluster := tf.Cluster
 
 	config := &kopscontrollerconfig.Options{
-		Cloud:      cluster.Spec.CloudProvider,
+		Cloud:      string(cluster.Spec.GetCloudProvider()),
 		ConfigBase: cluster.Spec.ConfigBase,
 	}
 
@@ -572,7 +572,7 @@ func (tf *TemplateFunctions) KopsControllerConfig() (string, error) {
 			CertNames:             certNames,
 		}
 
-		switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS:
 			nodesRoles := sets.String{}
 			for _, ig := range tf.InstanceGroups {
@@ -618,7 +618,7 @@ func (tf *TemplateFunctions) KopsControllerConfig() (string, error) {
 				MaxTimeSkew: 300,
 			}
 		default:
-			return "", fmt.Errorf("unsupported cloud provider %s", cluster.Spec.CloudProvider)
+			return "", fmt.Errorf("unsupported cloud provider %s", cluster.Spec.GetCloudProvider())
 		}
 	}
 
@@ -661,9 +661,9 @@ func (tf *TemplateFunctions) ExternalDNSArgv() ([]string, error) {
 
 	var argv []string
 
-	cloudProvider := cluster.Spec.CloudProvider
+	cloudProvider := cluster.Spec.GetCloudProvider()
 
-	switch kops.CloudProviderID(cloudProvider) {
+	switch cloudProvider {
 	case kops.CloudProviderAWS:
 		argv = append(argv, "--provider=aws")
 	case kops.CloudProviderGCE:
@@ -671,7 +671,7 @@ func (tf *TemplateFunctions) ExternalDNSArgv() ([]string, error) {
 		argv = append(argv, "--provider=google")
 		argv = append(argv, "--google-project="+project)
 	default:
-		return nil, fmt.Errorf("unhandled cloudprovider %q", cluster.Spec.CloudProvider)
+		return nil, fmt.Errorf("unhandled cloudprovider %q", cluster.Spec.GetCloudProvider())
 	}
 
 	argv = append(argv, "--events")

upup/pkg/fi/cloudup/utils.go

@@ -38,7 +38,7 @@ func BuildCloud(cluster *kops.Cluster) (fi.Cloud, error) {
 	region := ""
 	project := ""
 
-	switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
+	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderGCE:
 		{
 			for _, subnet := range cluster.Spec.Subnets {
@@ -146,7 +146,7 @@ func BuildCloud(cluster *kops.Cluster) (fi.Cloud, error) {
 			cloud = azureCloud
 		}
 	default:
-		return nil, fmt.Errorf("unknown CloudProvider %q", cluster.Spec.CloudProvider)
+		return nil, fmt.Errorf("unknown CloudProvider %q", cluster.Spec.GetCloudProvider())
 	}
 	return cloud, nil
 }

upup/pkg/fi/nodeup/command.go

@@ -184,7 +184,7 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 
 	cloudProvider := api.CloudProviderID(bootConfig.CloudProvider)
 	if cloudProvider == "" {
-		cloudProvider = api.CloudProviderID(c.cluster.Spec.CloudProvider)
+		cloudProvider = c.cluster.Spec.GetCloudProvider()
 	}
 
 	err = evaluateSpec(c, &nodeupConfig, cloudProvider)

upup/pkg/fi/nodeup/nodetasks/prefix.go

@@ -50,8 +50,8 @@ func (p *Prefix) String() string {
 }
 
 func (e *Prefix) Find(c *fi.Context) (*Prefix, error) {
-	if kops.CloudProviderID(c.Cluster.Spec.CloudProvider) != kops.CloudProviderAWS {
+	if c.Cluster.Spec.GetCloudProvider() != kops.CloudProviderAWS {
-		return nil, fmt.Errorf("unsupported cloud provider: %s", c.Cluster.Spec.CloudProvider)
+		return nil, fmt.Errorf("unsupported cloud provider: %s", c.Cluster.Spec.GetCloudProvider())
 	}
 
 	mac, err := getInstanceMetadataFirstValue("mac")