Merge pull request #15872 from johngmyers/aws-ccm-always

Remove dead code for in-tree CCM

cmd/kops-controller/pkg/config/options.go

@@ -62,9 +62,6 @@ type ServerOptions struct {
 	SigningCAs []string `json:"signingCAs"`
 	// CertNames is the list of active certificate names.
 	CertNames []string `json:"certNames"`
-
-	// UseInstanceIDForNodeName uses the instance ID instead of the hostname for the node name.
-	UseInstanceIDForNodeName bool `json:"useInstanceIDForNodeName,omitempty"`
 }
 
 type ServerProviderOptions struct {

cmd/kops-controller/pkg/server/server.go

@@ -157,7 +157,7 @@ func (s *Server) bootstrap(w http.ResponseWriter, r *http.Request) {
 
 	ctx := r.Context()
 
-	id, err := s.verifier.VerifyToken(ctx, r, r.Header.Get("Authorization"), body, s.opt.Server.UseInstanceIDForNodeName)
+	id, err := s.verifier.VerifyToken(ctx, r, r.Header.Get("Authorization"), body)
 	if err != nil {
 		// means that we should exit nodeup gracefully
 		if err == bootstrap.ErrAlreadyExists {

k8s/crds/kops.k8s.io_clusters.yaml

@@ -325,8 +325,8 @@ spec:
                       driver
                     properties:
                       enabled:
-                        description: 'Enabled enables the AWS EBS CSI driver Default:
-                          false'
+                        description: 'Enabled enables the AWS EBS CSI driver. Can
+                          only be set to true. Default: true'
                         type: boolean
                       managed:
                         description: Managed controls if aws-ebs-csi-driver is manged

nodeup/pkg/model/kubelet.go

@@ -726,7 +726,7 @@ func (b *KubeletBuilder) kubeletNames() ([]string, error) {
 		return nil, fmt.Errorf("error describing instances: %v", err)
 	}
 
-	return awsup.GetInstanceCertificateNames(result, b.NodeupConfig.UseInstanceIDForNodeName)
+	return awsup.GetInstanceCertificateNames(result)
 }
 
 func (b *KubeletBuilder) buildCgroupService(name string) *nodetasks.Service {

pkg/apis/kops/componentconfig.go

@@ -883,9 +883,9 @@ type CloudConfiguration struct {
 
 // EBSCSIDriverSpec is the config for the AWS EBS CSI driver
 type EBSCSIDriverSpec struct {
-	// Enabled enables the AWS EBS CSI driver
-	// Default: false
-	Enabled *bool `json:"enabled,omitempty"`
+	// Enabled enables the AWS EBS CSI driver. Can only be set to true.
+	// Default: true
+	Enabled *bool `json:"-"`
 
 	// Managed controls if aws-ebs-csi-driver is manged and deployed by kOps.
 	// The deployment of aws-ebs-csi-driver is skipped if this is set to false.

pkg/apis/kops/v1alpha2/componentconfig.go

@@ -950,8 +950,8 @@ type CloudConfiguration struct {
 
 // EBSCSIDriverSpec is the config for the AWS EBS CSI driver
 type EBSCSIDriverSpec struct {
-	// Enabled enables the AWS EBS CSI driver
-	// Default: false
+	// Enabled enables the AWS EBS CSI driver. Can only be set to true.
+	// Default: true
 	Enabled *bool `json:"enabled,omitempty"`
 
 	// Managed controls if aws-ebs-csi-driver is manged and deployed by kOps.

pkg/apis/kops/v1alpha3/componentconfig.go

@@ -880,9 +880,8 @@ type CloudConfiguration struct {
 
 // EBSCSIDriverSpec is the config for the AWS EBS CSI driver
 type EBSCSIDriverSpec struct {
-	// Enabled enables the AWS EBS CSI driver
-	// Default: false
-	Enabled *bool `json:"enabled,omitempty"`
+	// Enabled enables the AWS EBS CSI driver.
+	Enabled *bool `json:"-"`
 
 	// Managed controls if aws-ebs-csi-driver is manged and deployed by kOps.
 	// The deployment of aws-ebs-csi-driver is skipped if this is set to false.

pkg/apis/kops/validation/aws.go

@@ -54,7 +54,7 @@ func awsValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 		allErrs = append(allErrs, awsValidateLoadBalancerSubnets(lbPath.Child("subnets"), c.Spec)...)
 	}
 
-	allErrs = append(allErrs, awsValidateExternalCloudControllerManager(c)...)
+	allErrs = append(allErrs, awsValidateEBSCSIDriver(c)...)
 
 	if c.Spec.Authentication != nil && c.Spec.Authentication.AWS != nil {
 		allErrs = append(allErrs, awsValidateIAMAuthenticator(field.NewPath("spec", "authentication", "aws"), c.Spec.Authentication.AWS)...)
@@ -63,16 +63,12 @@ func awsValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 	return allErrs
 }
 
-func awsValidateExternalCloudControllerManager(cluster *kops.Cluster) (allErrs field.ErrorList) {
+func awsValidateEBSCSIDriver(cluster *kops.Cluster) (allErrs field.ErrorList) {
 	c := cluster.Spec
 
-	if c.ExternalCloudControllerManager == nil {
-		return allErrs
-	}
-	fldPath := field.NewPath("spec", "externalCloudControllerManager")
-	if !hasAWSEBSCSIDriver(c) {
-		allErrs = append(allErrs, field.Forbidden(fldPath,
-			"AWS external CCM cannot be used without enabling spec.cloudProvider.aws.ebsCSIDriverSpec."))
+	fldPath := field.NewPath("spec", "cloudProvider", "aws", "ebsCSIDriver", "enabled")
+	if c.CloudProvider.AWS.EBSCSIDriver != nil && c.CloudProvider.AWS.EBSCSIDriver.Enabled != nil && !*c.CloudProvider.AWS.EBSCSIDriver.Enabled {
+		allErrs = append(allErrs, field.Forbidden(fldPath, "must not be disabled"))
 	}
 	return allErrs
 }
@@ -397,15 +393,6 @@ func awsValidateIAMAuthenticator(fieldPath *field.Path, spec *kops.AWSAuthentica
 	return allErrs
 }
 
-func hasAWSEBSCSIDriver(c kops.ClusterSpec) bool {
-	// EBSCSIDriverSpec will have a default value, so if this is all false, it will be populated on next pass
-	if c.CloudProvider.AWS.EBSCSIDriver == nil || c.CloudProvider.AWS.EBSCSIDriver.Enabled == nil {
-		return true
-	}
-
-	return *c.CloudProvider.AWS.EBSCSIDriver.Enabled
-}
-
 func awsValidateAdditionalRoutes(fieldPath *field.Path, routes []kops.RouteSpec, networkCIDRs []*net.IPNet) field.ErrorList {
 	allErrs := field.ErrorList{}
 

pkg/apis/kops/validation/aws_test.go

@@ -33,7 +33,7 @@ import (
 	"k8s.io/kops/pkg/apis/kops"
 )
 
-func TestAWSValidateExternalCloudConfig(t *testing.T) {
+func TestAWSValidateEBSCSIDriver(t *testing.T) {
 	grid := []struct {
 		Input          kops.ClusterSpec
 		ExpectedErrors []string
@@ -49,7 +49,7 @@ func TestAWSValidateExternalCloudConfig(t *testing.T) {
 					},
 				},
 			},
-			ExpectedErrors: []string{"Forbidden::spec.externalCloudControllerManager"},
+			ExpectedErrors: []string{"Forbidden::spec.cloudProvider.aws.ebsCSIDriver.enabled"},
 		},
 		{
 			Input: kops.ClusterSpec{
@@ -80,7 +80,7 @@ func TestAWSValidateExternalCloudConfig(t *testing.T) {
 		cluster := &kops.Cluster{
 			Spec: g.Input,
 		}
-		errs := awsValidateExternalCloudControllerManager(cluster)
+		errs := awsValidateEBSCSIDriver(cluster)
 
 		testErrors(t, g.Input, errs, g.ExpectedErrors)
 	}
@@ -585,6 +585,9 @@ func TestLoadBalancerSubnets(t *testing.T) {
 						Type:  kops.LoadBalancerTypeInternal,
 					},
 				},
+				CloudProvider: kops.CloudProviderSpec{
+					AWS: &kops.AWSSpec{},
+				},
 			},
 		}
 		if test.class != nil {
@@ -668,6 +671,9 @@ func TestAWSAuthentication(t *testing.T) {
 						IdentityMappings: test.identityMappings,
 					},
 				},
+				CloudProvider: kops.CloudProviderSpec{
+					AWS: &kops.AWSSpec{},
+				},
 			},
 		}
 		errs := awsValidateCluster(&cluster, true)

pkg/apis/kops/validation/validation.go

@@ -130,10 +130,6 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		allErrs = append(allErrs, validateKubeAPIServer(spec.KubeAPIServer, c, fieldPath.Child("kubeAPIServer"), strict)...)
 	}
 
-	if spec.ExternalCloudControllerManager == nil && spec.IsIPv6Only() {
-		allErrs = append(allErrs, field.Required(fieldPath.Child("cloudControllerManager"), "IPv6 requires external Cloud Controller Manager"))
-	}
-
 	if spec.KubeProxy != nil {
 		allErrs = append(allErrs, validateKubeProxy(spec.KubeProxy, fieldPath.Child("kubeProxy"))...)
 	}

pkg/apis/nodeup/config.go

@@ -116,8 +116,6 @@ type Config struct {
 	ElbSecurityGroup *string `json:"elbSecurityGroup,omitempty"`
 	// NodeIPFamilies controls the IP families reported for each node.
 	NodeIPFamilies []string `json:"nodeIPFamilies,omitempty"`
-	// UseInstanceIDForNodeName uses the instance ID instead of the hostname for the node name.
-	UseInstanceIDForNodeName bool `json:"useInstanceIDForNodeName,omitempty"`
 	// WarmPoolImages are the container images to pre-pull during instance pre-initialization
 	WarmPoolImages []string `json:"warmPoolImages,omitempty"`
 
@@ -336,10 +334,6 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		config.Networking.KubeRouter = &kops.KuberouterNetworkingSpec{}
 	}
 
-	if UsesInstanceIDForNodeName(cluster) {
-		config.UseInstanceIDForNodeName = true
-	}
-
 	if instanceGroup.Spec.Kubelet != nil {
 		config.KubeletConfig = *instanceGroup.Spec.Kubelet
 	}
@@ -454,10 +448,6 @@ func buildKubeProxy(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) *k
 	return config
 }
 
-func UsesInstanceIDForNodeName(cluster *kops.Cluster) bool {
-	return cluster.Spec.ExternalCloudControllerManager != nil && cluster.Spec.GetCloudProvider() == kops.CloudProviderAWS
-}
-
 func filterFileAssets(f []kops.FileAssetSpec, role kops.InstanceGroupRole) []kops.FileAssetSpec {
 	var fileAssets []kops.FileAssetSpec
 	for _, fileAsset := range f {

pkg/bootstrap/authenticate.go

@@ -49,5 +49,5 @@ type VerifyResult struct {
 
 // Verifier verifies authentication credentials for requests.
 type Verifier interface {
-	VerifyToken(ctx context.Context, rawRequest *http.Request, token string, body []byte, useInstanceIDForNodeName bool) (*VerifyResult, error)
+	VerifyToken(ctx context.Context, rawRequest *http.Request, token string, body []byte) (*VerifyResult, error)
 }

pkg/model/components/apiserver.go

@@ -181,7 +181,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 		c.FeatureGates = make(map[string]string)
 	}
 
-	if clusterSpec.CloudProvider.AWS != nil && clusterSpec.CloudProvider.AWS.EBSCSIDriver != nil && fi.ValueOf(clusterSpec.CloudProvider.AWS.EBSCSIDriver.Enabled) {
+	if clusterSpec.CloudProvider.AWS != nil {
 
 		if _, found := c.FeatureGates["InTreePluginAWSUnregister"]; !found {
 			c.FeatureGates["InTreePluginAWSUnregister"] = "true"

pkg/model/components/awscloudcontrollermanager.go

@@ -45,10 +45,6 @@ func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(o interface{}) er
 
 	eccm := clusterSpec.ExternalCloudControllerManager
 
-	if eccm == nil {
-		return nil
-	}
-
 	// No significant downside to always doing a leader election.
 	// Also, having multiple control plane nodes requires leader election.
 	eccm.LeaderElection = &kops.LeaderElectionConfiguration{LeaderElect: fi.PtrTo(true)}

pkg/model/components/awsebscsidriver.go

@@ -42,10 +42,6 @@ func (b *AWSEBSCSIDriverOptionsBuilder) BuildOptions(o interface{}) error {
 	}
 	c := aws.EBSCSIDriver
 
-	if !fi.ValueOf(c.Enabled) {
-		return nil
-	}
-
 	if c.Version == nil {
 		version := "v1.14.1"
 		c.Version = &version

pkg/model/components/gcpcloudcontrollermanager.go

@@ -42,10 +42,6 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(options interface
 
 	ccmConfig := clusterSpec.ExternalCloudControllerManager
 
-	if ccmConfig == nil {
-		return nil
-	}
-
 	// No significant downside to always doing a leader election.
 	// Also, having multiple control plane nodes requires leader election.
 	ccmConfig.LeaderElection = &kops.LeaderElectionConfiguration{LeaderElect: fi.PtrTo(true)}

pkg/model/components/kubecontrollermanager.go

@@ -77,14 +77,6 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 	kcm.ClusterName = b.ClusterName
 	kcm.CloudProvider = "external"
 
-	if clusterSpec.ExternalCloudControllerManager == nil {
-		if kcm.CloudProvider == "aws" || kcm.CloudProvider == "gce" {
-			kcm.EnableLeaderMigration = fi.PtrTo(true)
-		}
-	} else {
-		kcm.CloudProvider = "external"
-	}
-
 	if kcm.LogLevel == 0 {
 		kcm.LogLevel = 2
 	}
@@ -151,7 +143,7 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 		}
 	}
 
-	if clusterSpec.CloudProvider.AWS != nil && clusterSpec.CloudProvider.AWS.EBSCSIDriver != nil && fi.ValueOf(clusterSpec.CloudProvider.AWS.EBSCSIDriver.Enabled) {
+	if clusterSpec.CloudProvider.AWS != nil {
 
 		if kcm.FeatureGates == nil {
 			kcm.FeatureGates = make(map[string]string)

pkg/model/components/kubelet.go

@@ -171,7 +171,7 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error {
 		clusterSpec.Kubelet.FeatureGates = make(map[string]string)
 	}
 
-	if clusterSpec.CloudProvider.AWS != nil && clusterSpec.CloudProvider.AWS.EBSCSIDriver != nil && fi.ValueOf(clusterSpec.CloudProvider.AWS.EBSCSIDriver.Enabled) {
+	if clusterSpec.CloudProvider.AWS != nil {
 		if _, found := clusterSpec.Kubelet.FeatureGates["CSIMigrationAWS"]; !found && b.IsKubernetesLT("1.27") {
 			clusterSpec.Kubelet.FeatureGates["CSIMigrationAWS"] = "true"
 		}

pkg/model/components/kubescheduler.go

@@ -57,7 +57,7 @@ func (b *KubeSchedulerOptionsBuilder) BuildOptions(o interface{}) error {
 		}
 	}
 
-	if clusterSpec.CloudProvider.AWS != nil && clusterSpec.CloudProvider.AWS.EBSCSIDriver != nil && fi.ValueOf(clusterSpec.CloudProvider.AWS.EBSCSIDriver.Enabled) {
+	if clusterSpec.CloudProvider.AWS != nil {
 
 		if config.FeatureGates == nil {
 			config.FeatureGates = make(map[string]string)

pkg/model/iam/iam_builder.go

@@ -405,20 +405,12 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
 	// Protokube needs dns-controller permissions in instance role even if UseServiceAccountExternalPermissions.
 	AddDNSControllerPermissions(b, p)
 
-	// If cluster does not use external CCM, the master IAM Role needs CCM permissions
-	if b.Cluster.Spec.ExternalCloudControllerManager == nil {
-		AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil)
-		AddLegacyCCMPermissions(p)
-	}
-
 	if !b.UseServiceAccountExternalPermisssions {
 		esc := b.Cluster.Spec.SnapshotController != nil &&
 			fi.ValueOf(b.Cluster.Spec.SnapshotController.Enabled)
 		AddAWSEBSCSIDriverPermissions(p, esc)
 
-		if b.Cluster.Spec.ExternalCloudControllerManager != nil {
-			AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil)
-		}
+		AddCCMPermissions(p, b.Cluster.Spec.Networking.Kubenet != nil)
 
 		if c := b.Cluster.Spec.CloudProvider.AWS.LoadBalancerController; c != nil && fi.ValueOf(b.Cluster.Spec.CloudProvider.AWS.LoadBalancerController.Enabled) {
 			AddAWSLoadbalancerControllerPermissions(p, c.EnableWAF, c.EnableWAFv2, c.EnableShield)
@@ -826,28 +818,6 @@ func addEtcdManagerPermissions(p *Policy) {
 	)
 }
 
-func AddLegacyCCMPermissions(p *Policy) {
-	p.unconditionalAction.Insert(
-		"ec2:CreateSecurityGroup",
-		"ec2:CreateTags",
-		"elasticloadbalancing:CreateTargetGroup",
-		"elasticloadbalancing:AddTags",
-		"elasticloadbalancing:RegisterTargets",
-		"elasticloadbalancing:CreateListener",
-		"elasticloadbalancing:DeleteListener",
-		"elasticloadbalancing:ModifyListener",
-		"ec2:DescribeVolumes",
-		"ec2:ModifyInstanceAttribute",
-		"ec2:ModifyVolume",
-		"ec2:AttachVolume",
-		"ec2:AuthorizeSecurityGroupIngress",
-		"ec2:DeleteRoute",
-		"ec2:DeleteSecurityGroup",
-		"ec2:DeleteVolume",
-		"ec2:DetachVolume",
-	)
-}
-
 func AddCCMPermissions(p *Policy, cloudRoutes bool) {
 	p.unconditionalAction.Insert(
 		"autoscaling:DescribeAutoScalingGroups",

pkg/model/iam/iam_builder_test.go

@@ -209,6 +209,7 @@ func TestPolicyGeneration(t *testing.T) {
 							},
 						},
 					},
+					ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{},
 					Networking: kops.NetworkingSpec{
 						Kubenet: &kops.KubenetNetworkingSpec{},
 					},

pkg/model/iam/tests/iam_builder_master_gossip.json

@@ -32,39 +32,6 @@
         "arn:aws-test:s3:::kops-tests"
       ]
     },
-    {
-      "Action": "ec2:CreateTags",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
-          "ec2:CreateAction": [
-            "CreateSecurityGroup"
-          ]
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
-    {
-      "Action": [
-        "ec2:CreateTags",
-        "ec2:DeleteTags"
-      ],
-      "Condition": {
-        "Null": {
-          "aws:RequestTag/KubernetesCluster": "true"
-        },
-        "StringEquals": {
-          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
     {
       "Action": "ec2:CreateTags",
       "Condition": {
@@ -101,6 +68,39 @@
         "arn:aws-test:ec2:*:*:snapshot/*"
       ]
     },
+    {
+      "Action": "ec2:CreateTags",
+      "Condition": {
+        "StringEquals": {
+          "aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
+          "ec2:CreateAction": [
+            "CreateSecurityGroup"
+          ]
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
+    {
+      "Action": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ],
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/KubernetesCluster": "true"
+        },
+        "StringEquals": {
+          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
     {
       "Action": [
         "autoscaling:DescribeAutoScalingGroups",
@@ -108,13 +108,6 @@
         "autoscaling:DescribeLaunchConfigurations",
         "autoscaling:DescribeScalingActivities",
         "autoscaling:DescribeTags",
-        "ec2:AttachVolume",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateTags",
-        "ec2:DeleteRoute",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteVolume",
         "ec2:DescribeAccountAttributes",
         "ec2:DescribeAvailabilityZones",
         "ec2:DescribeInstanceTypes",
@@ -128,21 +121,12 @@
         "ec2:DescribeVolumes",
         "ec2:DescribeVolumesModifications",
         "ec2:DescribeVpcs",
-        "ec2:DetachVolume",
-        "ec2:ModifyInstanceAttribute",
-        "ec2:ModifyVolume",
-        "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:CreateListener",
-        "elasticloadbalancing:CreateTargetGroup",
-        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DescribeListeners",
         "elasticloadbalancing:DescribeLoadBalancerAttributes",
         "elasticloadbalancing:DescribeLoadBalancerPolicies",
         "elasticloadbalancing:DescribeLoadBalancers",
         "elasticloadbalancing:DescribeTargetGroups",
         "elasticloadbalancing:DescribeTargetHealth",
-        "elasticloadbalancing:ModifyListener",
-        "elasticloadbalancing:RegisterTargets",
         "iam:GetServerCertificate",
         "iam:ListServerCertificates",
         "kms:CreateGrant",

pkg/model/iam/tests/iam_builder_master_gossip_ecr.json

@@ -32,39 +32,6 @@
         "arn:aws-test:s3:::kops-tests"
       ]
     },
-    {
-      "Action": "ec2:CreateTags",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
-          "ec2:CreateAction": [
-            "CreateSecurityGroup"
-          ]
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
-    {
-      "Action": [
-        "ec2:CreateTags",
-        "ec2:DeleteTags"
-      ],
-      "Condition": {
-        "Null": {
-          "aws:RequestTag/KubernetesCluster": "true"
-        },
-        "StringEquals": {
-          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
     {
       "Action": "ec2:CreateTags",
       "Condition": {
@@ -101,6 +68,39 @@
         "arn:aws-test:ec2:*:*:snapshot/*"
       ]
     },
+    {
+      "Action": "ec2:CreateTags",
+      "Condition": {
+        "StringEquals": {
+          "aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
+          "ec2:CreateAction": [
+            "CreateSecurityGroup"
+          ]
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
+    {
+      "Action": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ],
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/KubernetesCluster": "true"
+        },
+        "StringEquals": {
+          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
     {
       "Action": [
         "autoscaling:DescribeAutoScalingGroups",
@@ -108,13 +108,6 @@
         "autoscaling:DescribeLaunchConfigurations",
         "autoscaling:DescribeScalingActivities",
         "autoscaling:DescribeTags",
-        "ec2:AttachVolume",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateTags",
-        "ec2:DeleteRoute",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteVolume",
         "ec2:DescribeAccountAttributes",
         "ec2:DescribeAvailabilityZones",
         "ec2:DescribeInstanceTypes",
@@ -128,9 +121,6 @@
         "ec2:DescribeVolumes",
         "ec2:DescribeVolumesModifications",
         "ec2:DescribeVpcs",
-        "ec2:DetachVolume",
-        "ec2:ModifyInstanceAttribute",
-        "ec2:ModifyVolume",
         "ecr:BatchCheckLayerAvailability",
         "ecr:BatchGetImage",
         "ecr:DescribeRepositories",
@@ -138,18 +128,12 @@
         "ecr:GetDownloadUrlForLayer",
         "ecr:GetRepositoryPolicy",
         "ecr:ListImages",
-        "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:CreateListener",
-        "elasticloadbalancing:CreateTargetGroup",
-        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DescribeListeners",
         "elasticloadbalancing:DescribeLoadBalancerAttributes",
         "elasticloadbalancing:DescribeLoadBalancerPolicies",
         "elasticloadbalancing:DescribeLoadBalancers",
         "elasticloadbalancing:DescribeTargetGroups",
         "elasticloadbalancing:DescribeTargetHealth",
-        "elasticloadbalancing:ModifyListener",
-        "elasticloadbalancing:RegisterTargets",
         "iam:GetServerCertificate",
         "iam:ListServerCertificates",
         "kms:CreateGrant",

pkg/model/iam/tests/iam_builder_master_strict.json

@@ -32,39 +32,6 @@
         "arn:aws-test:s3:::kops-tests"
       ]
     },
-    {
-      "Action": "ec2:CreateTags",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
-          "ec2:CreateAction": [
-            "CreateSecurityGroup"
-          ]
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
-    {
-      "Action": [
-        "ec2:CreateTags",
-        "ec2:DeleteTags"
-      ],
-      "Condition": {
-        "Null": {
-          "aws:RequestTag/KubernetesCluster": "true"
-        },
-        "StringEquals": {
-          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
     {
       "Action": "ec2:CreateTags",
       "Condition": {
@@ -101,6 +68,39 @@
         "arn:aws-test:ec2:*:*:snapshot/*"
       ]
     },
+    {
+      "Action": "ec2:CreateTags",
+      "Condition": {
+        "StringEquals": {
+          "aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
+          "ec2:CreateAction": [
+            "CreateSecurityGroup"
+          ]
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
+    {
+      "Action": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ],
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/KubernetesCluster": "true"
+        },
+        "StringEquals": {
+          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
     {
       "Action": [
         "autoscaling:DescribeAutoScalingGroups",
@@ -108,13 +108,6 @@
         "autoscaling:DescribeLaunchConfigurations",
         "autoscaling:DescribeScalingActivities",
         "autoscaling:DescribeTags",
-        "ec2:AttachVolume",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateTags",
-        "ec2:DeleteRoute",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteVolume",
         "ec2:DescribeAccountAttributes",
         "ec2:DescribeAvailabilityZones",
         "ec2:DescribeInstanceTypes",
@@ -128,21 +121,12 @@
         "ec2:DescribeVolumes",
         "ec2:DescribeVolumesModifications",
         "ec2:DescribeVpcs",
-        "ec2:DetachVolume",
-        "ec2:ModifyInstanceAttribute",
-        "ec2:ModifyVolume",
-        "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:CreateListener",
-        "elasticloadbalancing:CreateTargetGroup",
-        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DescribeListeners",
         "elasticloadbalancing:DescribeLoadBalancerAttributes",
         "elasticloadbalancing:DescribeLoadBalancerPolicies",
         "elasticloadbalancing:DescribeLoadBalancers",
         "elasticloadbalancing:DescribeTargetGroups",
         "elasticloadbalancing:DescribeTargetHealth",
-        "elasticloadbalancing:ModifyListener",
-        "elasticloadbalancing:RegisterTargets",
         "iam:GetServerCertificate",
         "iam:ListServerCertificates",
         "kms:CreateGrant",

pkg/model/iam/tests/iam_builder_master_strict_ecr.json

@@ -32,39 +32,6 @@
         "arn:aws-test:s3:::kops-tests"
       ]
     },
-    {
-      "Action": "ec2:CreateTags",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
-          "ec2:CreateAction": [
-            "CreateSecurityGroup"
-          ]
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
-    {
-      "Action": [
-        "ec2:CreateTags",
-        "ec2:DeleteTags"
-      ],
-      "Condition": {
-        "Null": {
-          "aws:RequestTag/KubernetesCluster": "true"
-        },
-        "StringEquals": {
-          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
-        }
-      },
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws-test:ec2:*:*:security-group/*"
-      ]
-    },
     {
       "Action": "ec2:CreateTags",
       "Condition": {
@@ -101,6 +68,39 @@
         "arn:aws-test:ec2:*:*:snapshot/*"
       ]
     },
+    {
+      "Action": "ec2:CreateTags",
+      "Condition": {
+        "StringEquals": {
+          "aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
+          "ec2:CreateAction": [
+            "CreateSecurityGroup"
+          ]
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
+    {
+      "Action": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ],
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/KubernetesCluster": "true"
+        },
+        "StringEquals": {
+          "aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws-test:ec2:*:*:security-group/*"
+      ]
+    },
     {
       "Action": [
         "autoscaling:DescribeAutoScalingGroups",
@@ -108,13 +108,6 @@
         "autoscaling:DescribeLaunchConfigurations",
         "autoscaling:DescribeScalingActivities",
         "autoscaling:DescribeTags",
-        "ec2:AttachVolume",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateTags",
-        "ec2:DeleteRoute",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteVolume",
         "ec2:DescribeAccountAttributes",
         "ec2:DescribeAvailabilityZones",
         "ec2:DescribeInstanceTypes",
@@ -128,9 +121,6 @@
         "ec2:DescribeVolumes",
         "ec2:DescribeVolumesModifications",
         "ec2:DescribeVpcs",
-        "ec2:DetachVolume",
-        "ec2:ModifyInstanceAttribute",
-        "ec2:ModifyVolume",
         "ecr:BatchCheckLayerAvailability",
         "ecr:BatchGetImage",
         "ecr:DescribeRepositories",
@@ -138,18 +128,12 @@
         "ecr:GetDownloadUrlForLayer",
         "ecr:GetRepositoryPolicy",
         "ecr:ListImages",
-        "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:CreateListener",
-        "elasticloadbalancing:CreateTargetGroup",
-        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DescribeListeners",
         "elasticloadbalancing:DescribeLoadBalancerAttributes",
         "elasticloadbalancing:DescribeLoadBalancerPolicies",
         "elasticloadbalancing:DescribeLoadBalancers",
         "elasticloadbalancing:DescribeTargetGroups",
         "elasticloadbalancing:DescribeTargetHealth",
-        "elasticloadbalancing:ModifyListener",
-        "elasticloadbalancing:RegisterTargets",
         "iam:GetServerCertificate",
         "iam:ListServerCertificates",
         "kms:CreateGrant",

tests/integration/update_cluster/additionalobjects/data/aws_launch_template_master-us-test-1a.masters.additionalobjects.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: additionalobjects.example.com
 ConfigBase: memfs://tests/additionalobjects.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: yXYda9GcDSYlt1kJFalFSwuE1mB39HgmC12h+/o/12Y=
+NodeupConfigHash: FxjsWRJZOaGgNNZK0YcqMCEjT8bTvHFVsbnkE83rh+g=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/additionalobjects/data/aws_launch_template_nodes.additionalobjects.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.additionalobjects.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: VS/TGKfkokfEorwCmbEaeep2braPYNFsTUbmNS9zBes=
+NodeupConfigHash: BGTyfaqYUKKo9cqsKbd7zgfnReFScVOOaNSwJU9UX5s=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 6f7a7e25804de455816be53cae554c224bde42d6cb27bcf23d4d2c25c131949f
+    manifestHash: d2434e3849197a93328dce7b508fb95a60f4d31d54bfba7692e214729c3002b2
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"additionalobjects.example.com","cloud":"aws","configBase":"memfs://tests/additionalobjects.example.com","secretStore":"memfs://tests/additionalobjects.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.additionalobjects.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"additionalobjects.example.com","cloud":"aws","configBase":"memfs://tests/additionalobjects.example.com","secretStore":"memfs://tests/additionalobjects.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.additionalobjects.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -330,6 +330,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-nodes_content

@@ -60,6 +60,5 @@ containerdConfig:
   version: 1.7.2
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_apiserver.apiservers.minimal.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: apiserver
 InstanceGroupRole: APIServer
-NodeupConfigHash: E2VPvrBxDk3Z9UrsdNpVds52f3v8jFHOWdbaw6+v6DQ=
+NodeupConfigHash: bS7lFdrLmDdOfwplNoOz/TMaAefxZK0gfc0HLuF1cPI=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: BScxZqbUo+kPOCxzZ5GPz77JvJ/0yG9tsgqsz0W8mL8=
+NodeupConfigHash: 4OK/CagyQRKjTwATwaTYENGuofIuWMsLf6zxCQN5Krw=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_nodes.minimal.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.minimal.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: CqpYXURYhho24iV4Hebss/lvW3p1pxlKR4Wu54jxHTA=
+NodeupConfigHash: 6zXkldZccDbJi573eLEvEOa/mEJX/QotharCFYpwxyI=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: b8f035cbc77d3ab983938ec5ecf553b9398aa2e9710fbe9795c9466f3a24fbfe
+    manifestHash: 2c3f870e4d2dd74d80556e77f058aa3cf97a0f87dd8ab61b8fb3acb80387cdd3
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["apiservers.minimal.example.com","nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["apiservers.minimal.example.com","nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-apiserver_content

@@ -200,6 +200,5 @@ docker:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -328,6 +328,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-nodes_content

@@ -59,6 +59,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: DH7qXmKAJTo2Xbp9uCGNp9+mKNA4nv1jh7dAFh/O3G8=
+NodeupConfigHash: qcmONpsVF20J10Q8aBxO9+mfsTE1CZ9VyWOT+Cf3Qrw=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.minimal.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: dOOpSbmHCAPPu8GpqgOT4+64KZe7hqqmflK0JtQI/sc=
+NodeupConfigHash: q+zd9qOWcsPuVG5sYSiAcphkD0PBPRnWbw9yRz0MRLA=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content

@@ -15,7 +15,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 91e5bf53d5edb03467f0476da871f0725ee798f13d6b27ff28c3e35e6300def4
+    manifestHash: b9e1b55cd690e9f3348b2fdf9360d63428cd83bec5639750215d95136aced5de
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -329,6 +329,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content

@@ -58,6 +58,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: bastionuserdata.example.com
 ConfigBase: memfs://clusters.example.com/bastionuserdata.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: XgjFgLNOPw0Sp/1yEr71AJwYg2KYDoad9Lw1GTou2gw=
+NodeupConfigHash: 4yogwj2V0zMKT1hDS9wU8cfgLrHoDaLkveLx5NQo4OY=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data

@@ -160,7 +160,7 @@ ConfigServer:
   - https://kops-controller.internal.bastionuserdata.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: 3Uk9hT8H6XNzh0eBqtcCw9yNlcfnJrDbBHdJ6ubOi/I=
+NodeupConfigHash: F089AXZWaaI8WCcKz6jGvjkb7oGj3fnKJPUFm+gLy/A=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 2c6a893f45f8ae5041938a9aad0c196a5c9d5c8cc61793757ded5cc0fa6c1d84
+    manifestHash: 15e417dc6171d203bfe4f85ba59531170359b7bc3ad7f9e49270d339855d92cc
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"bastionuserdata.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/bastionuserdata.example.com","secretStore":"memfs://clusters.example.com/bastionuserdata.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.bastionuserdata.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"bastionuserdata.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/bastionuserdata.example.com","secretStore":"memfs://clusters.example.com/bastionuserdata.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.bastionuserdata.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content

@@ -13,7 +13,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content

@@ -55,6 +55,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -328,6 +328,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content

@@ -58,6 +58,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: cas-priority-expander-custom.example.com
 ConfigBase: memfs://clusters.example.com/cas-priority-expander-custom.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: oufaLLxxDuySJIPJRaWWr2m57cbTNTHSoxPdVuLiZ6g=
+NodeupConfigHash: sg3jG9XMm0ZVnn4YoM5bMiJd7XWNUgtmchp1HndIH8s=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes-high-priority
 InstanceGroupRole: Node
-NodeupConfigHash: +kCuCO9g56Z9kuKYCkm6ZpjzPNyh6ihRUZF/Mbig+Ls=
+NodeupConfigHash: ir5b1EyYklfASiXbb3ONWM+54U8dFgxCm071htriZus=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes-low-priority
 InstanceGroupRole: Node
-NodeupConfigHash: +kCuCO9g56Z9kuKYCkm6ZpjzPNyh6ihRUZF/Mbig+Ls=
+NodeupConfigHash: ir5b1EyYklfASiXbb3ONWM+54U8dFgxCm071htriZus=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: +kCuCO9g56Z9kuKYCkm6ZpjzPNyh6ihRUZF/Mbig+Ls=
+NodeupConfigHash: ir5b1EyYklfASiXbb3ONWM+54U8dFgxCm071htriZus=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: a549a5ef97e28380bb876a71c32488f61e2b71016df56fb738ee67675307204a
+    manifestHash: b9244653b0e78a5666b677cc8fc93527c9cbf4119d986a512f71defcc042dbfa
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"cas-priority-expander-custom.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/cas-priority-expander-custom.example.com","secretStore":"memfs://clusters.example.com/cas-priority-expander-custom.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.cas-priority-expander-custom.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"cas-priority-expander-custom.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/cas-priority-expander-custom.example.com","secretStore":"memfs://clusters.example.com/cas-priority-expander-custom.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.cas-priority-expander-custom.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -328,6 +328,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: cas-priority-expander.example.com
 ConfigBase: memfs://clusters.example.com/cas-priority-expander.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: g9wFsNYuCWXK8kBqTWjobSlegtlKIpihuW/C3h94yP0=
+NodeupConfigHash: 7dUsD+nRVKaekOetyglYoC1sxGl9JxX9dn48UP8T5YQ=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander.example.com:3988/
 InstanceGroupName: nodes-high-priority
 InstanceGroupRole: Node
-NodeupConfigHash: rzEJ54C4ZWMzAE65p0uX3PIP5rsd47sez3LVjN/uqIM=
+NodeupConfigHash: J0wlRPXGFKt5wsGntyz7G/Tlz0oyTeRmDf/GVIMTHJM=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander.example.com:3988/
 InstanceGroupName: nodes-low-priority
 InstanceGroupRole: Node
-NodeupConfigHash: rzEJ54C4ZWMzAE65p0uX3PIP5rsd47sez3LVjN/uqIM=
+NodeupConfigHash: J0wlRPXGFKt5wsGntyz7G/Tlz0oyTeRmDf/GVIMTHJM=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: rzEJ54C4ZWMzAE65p0uX3PIP5rsd47sez3LVjN/uqIM=
+NodeupConfigHash: J0wlRPXGFKt5wsGntyz7G/Tlz0oyTeRmDf/GVIMTHJM=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 861d621bfa6bbace525bf3f7159e4a3e2e015528bcdd5c4b7f1e6ea16a9b6792
+    manifestHash: 3c24518364a57c5d601dc195074b4a8d74c4f95b13b399e54160159db10129da
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"cas-priority-expander.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/cas-priority-expander.example.com","secretStore":"memfs://clusters.example.com/cas-priority-expander.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.cas-priority-expander.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"cas-priority-expander.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/cas-priority-expander.example.com","secretStore":"memfs://clusters.example.com/cas-priority-expander.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.cas-priority-expander.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -328,6 +328,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content

@@ -57,6 +57,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data

@@ -137,7 +137,7 @@ ClusterName: complex.example.com
 ConfigBase: memfs://clusters.example.com/complex.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: UupIEUV2WSAOgV0zSE85P7DMvhpVqRYofy/yGz2MSxI=
+NodeupConfigHash: H4IpFWHeDi9zIiRC4hhPtVgEA4sAI7UMC+Ge/n+2d2I=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/complex/data/aws_launch_template_nodes.complex.example.com_user_data

@@ -160,7 +160,7 @@ ConfigServer:
   - https://kops-controller.internal.complex.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: KNBl1wZxSiyCZNc56MdRDt0SF0EERWBG5Id7c8Jlr+I=
+NodeupConfigHash: PaJx989I3MwTS+W8DSHpl8w8J+lM9J+kpdmSfx1PAts=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/complex/data/aws_s3_object_cluster-completed.spec_content

@@ -29,7 +29,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: c04acb1840fca908d0e73ddbaafdb2f86afe6dd48d35ff805a869597a8443257
+    manifestHash: 56c3d3e7f61aabe2e9e131e7915b94f808bcd6f2bd0d72a8681cc00c1a03638c
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"complex.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/complex.example.com","secretStore":"memfs://clusters.example.com/complex.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.complex.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"complex.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/complex.example.com","secretStore":"memfs://clusters.example.com/complex.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.complex.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/complex/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -337,6 +337,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/complex/data/aws_s3_object_nodeupconfig-nodes_content

@@ -61,6 +61,5 @@ docker:
   skipInstall: true
 packages:
 - nfs-common
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data

@@ -131,7 +131,7 @@ function download-release() {
 echo "== nodeup node config starting =="
 ensure-install-dir
 
-echo "H4sIAAAAAAAA/2zOTUsDMRDG8Xs+Re5luypuhYAXI1pZqIsa0N7G7NQuJJmQyfj26UX2tND7/8fz2EAyDoU+pxGL0fDFygbhimUHEY32FHNB5jV+Q8wB156ispQO08cNMBodMR7YtK2f1SJsT+qHxBWSx/tCkueVCP+2EW4qcm3OYRk9UUCjLaVaKAwBEqodjSh5PrIFPhoNq312x9dtd+WeXy7ee3DhbX/7u9r8dOLOOujlbjP0j0nw8lr9AQAA//8BAAD//+4iSt/3AAAA" | base64 -d | gzip -d > conf/kube_env.yaml
+echo "H4sIAAAAAAAA/2zOsU7DMBDG8T1P4R2lEVMrSwzUgGEgqhAEie2wL2lVn8/4bFp4eoQyRer+/+n7TODqd5m/Dx6zVnCSxoQqBXMPhFo5ppRRZIVnoBRw5Zgaw3E8TFsQ1IqQRtFd52a1CLuL+ilKgejQZq5pXiH4t22VtqCU9hqW0QsH1MpwLJnDLkDEpmePNc1HHkH2Wt27je1LnY7vn9uvSZ7Xd6N7WF+d7PltuE3D/neQj59XS35zvGn+AAAA//8BAAD//7mLlAv3AAAA" | base64 -d | gzip -d > conf/kube_env.yaml
 
 download-release
 echo "== nodeup node config done =="

tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data

@@ -131,7 +131,7 @@ function download-release() {
 echo "== nodeup node config starting =="
 ensure-install-dir
 
-echo "H4sIAAAAAAAA/6yUy46qWBiF5z4Fc3MKREUwOYOfqxsLBEE4OEPc3OR+cavph+8U1clJpyudTqcYMFgr+xv8+bKkoh6vVlffsyvutlRI+plUjP2AOzMs8ZaK6rLpcN+/4UdYNgV+i+pyJtVVnCUO7u64284oSgIJd0MWZ1E44H5L/TGjKIr68fGJioZMSlKOLlKRBK4ypVNvICReckmCY5YAQSIkyFAbMFtR5k1H5lk4OQYwmuS0moMuS9lWRImcwBCTh5rDaYKIiemJYLiyPyyC0nteSo85/zKGgFXILo1MI1eI+YKlIUfkIAPxP7LX72yCTEUOgXEMiAqB7Nm2rJBFd/X1IirXxVXzXu++mRoqIbId6Pv6jNJ7ZIKtiKIN8gRxCBAHdBFMFS1fHePe+FvX+/yd5LHRvPRD4ds8t+Du2jKwQraFBG28Vb0nscc8UbKYIPkw33HxyqLJzQLLtdz42Ajoydc7RVEJIwFRAEJTMhQgchLI3pGxwN7RItgyJIr2eVjgNVicrgpRRJrYqgGGCDFPdvb04CCKgaKa2vLl5W70XuhE7vUVvRdkb7Ov0xP8Bfnn5YFRQOSvzDIOWLLx9018YIUWscK6GVlpFYUCZJ52aBIn4ifIUNp9y3XRY1i68+6y5gXLG15MSeho7z4ONy7ZsZIkzZ+7+MmSnz9/e6OY8tfW/F+r7qUTMgcogvLX/nutcg32a6s+im+zylA5dRWerw1mjqfm+byFYuOTs1SRSxyngXYg87jnjtf38dRubMks9ZJW2s0E8f3DKzMCOUOCc4mKRp5zdqYz5lJpm8Y7faNV76hsODjmlgw7rkrRvI98b1jawqX6V6s823usjdMwAsLYGi2hXi8eQ+OyDqfe44zXV0h6VMWnmoK4Ocns2KeRp1pDiOt3QYtHPgxWe13EbZus67xYteWxctP8v1jVT0vWf0zZDyodhqbf0vStbvofUV0NXV0UuHvLqgF3VVi8fTWJ26XA8/QMVf0QVhHWunpsPge0qq+4/3txrAu8pcz6imcfv7H53NNd2KdbSg/DBHI9wzkPuwOWayM7S2ebQXS52rfChh51fuOOakpHP2d/AgAA//8BAAD//wGuSAu+BQAA" | base64 -d | gzip -d > conf/kube_env.yaml
+echo "H4sIAAAAAAAA/6yUzY6ySBiF914Fe/O1CIpg0ou3KEBQEASh6R1igSj/oKVmLn4iPcmXyXQmk0mzYHFO6lm8eXLkvLoe7ba6ZUfSLpmIdiM5v3Y9aa2oIEsmroq6JV33Ru5RUefkLa6KkVyVSZa6pL2RdjliGBlk0vZZksVRT7ol88eIYRjm1+tDiqZbjKzsPF3VZfCUIR16U9fR4SzLsMtSoDqCVDfVGqwGYdFyscjB3jWB1WS30Vz9wGNHQTLdg4nSu3qG/QBBqeUjMD0c9NOw8B+Hwmc/P8w+5BS6OsWWeVao9QTexDHdYqDBK3v+zgbIUJwhNHchVSHEvuNghU7bY2DkcTHPj5r/3ATWyVQpxU5orKtP/XSLLXAUhBzAA8SlQF0wEFiqzj9b1ruIl7YLxBs9J2b9NLZ54IjCVLhpfGhHXAOpvvBn1ZomPvvQ0+kAOffjlZDM7Am92GB7tpfsakl/iNVKUVTKykAVgMiSTQUoTkPs71gbnNUEgYMhVbSvw4KowXR/VKiCJtRRTTARJCJdOcODLUKholoa//TPXrzJDYo7YzZZS9hfrKvTHv6C/PPywCqAxCPLJyFHF8G6Trac1OicNK+vnDyLIwkyX9vWqRuLA6QvnK4R2vje8964PcxFyfb7J1vQSbz27tuLkK44WZbHj1Xy4Oj7+29vFAt/b83/tepWuBG7hTwsPtY/a5Vnct9b9Sp+zCpTFdRZ9HmsCbvb14/HJUJ1QD/lkh6S5BRqWzpOOmF33Fz3zcKRrcIoJkqzGCBBsH1mZogzXXIPcV7jseBkBmvxSlPX/v4HrdroRS3A7mxjWAnlSR93ceD3vCMdyn+1ynf8+9zc91fQCbGvtlTNp/e+9jhXUG9JJhozXb6X+ZeaElrsMXftTrGv2n1Eqo2kJVcxCmdrA5GmSefVOZ81xa70Tuf/YlU3LFn3mrJfzKnv6245mVyquvsVV2XfVnlO2res7ElbRvnbd5O45CVRnIz0suujMiZaW13rrwEtqyPp/l7sqpwsGas6ktHrd62/9nQVdaclUy5MTSV3vmBpu7Ef9p2oar65bD4bPBP9NHAD9Ki87YdhXd5HfwIAAP//AQAA//9Z3yNrvgUAAA==" | base64 -d | gzip -d > conf/kube_env.yaml
 
 download-release
 echo "== nodeup node config done =="

tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 8ebdcd8e80a78a7e37eded1ef2ed76f6bdf74e5ea7aed7ebfff5deba1c2e6b2f
+    manifestHash: 6c8518a98b2f27749b74068eb4beb54832fff897bfc8edc666a766ffc9f2e105
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"compress.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/compress.example.com","secretStore":"memfs://clusters.example.com/compress.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.compress.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"compress.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/compress.example.com","secretStore":"memfs://clusters.example.com/compress.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.compress.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -329,6 +329,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content

@@ -58,6 +58,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: containerd.example.com
 ConfigBase: memfs://clusters.example.com/containerd.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: xF3/mANxyTpiOEhb8FVujna3iXXLprLdghYebxfEzuA=
+NodeupConfigHash: FUUEom6ukiK3eDYB3SkAGWRQrg5+RKpXD0T6n/1X4Jc=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data

@@ -151,7 +151,7 @@ ConfigServer:
   - https://kops-controller.internal.containerd.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: mm4w3TAX9THR0M5e5PKqSEike/KkndvFdMPxzXl27/g=
+NodeupConfigHash: ahH7ZzRD9p5KxDl1kUM6jp9srjL1L1BR9jA9/gI9oX0=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content

@@ -11,7 +11,6 @@ spec:
   channel: stable
   cloudConfig:
     awsEBSCSIDriver:
-      enabled: true
       version: v1.14.1
     manageStorageClasses: true
   cloudControllerManager:

tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content

@@ -6,7 +6,7 @@ spec:
   addons:
   - id: k8s-1.16
     manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
-    manifestHash: 0617b7cc24149098f3057c7e68c6647db2e0623498fcb24d1dfdf8735de0f4a3
+    manifestHash: d496bc22a5f12f0f5abd92ba3773f791f53777416e4979d9fad111c7f208d4d8
     name: kops-controller.addons.k8s.io
     needsRollingUpdate: control-plane
     selector:

tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   config.yaml: |
-    {"clusterName":"containerd.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/containerd.example.com","secretStore":"memfs://clusters.example.com/containerd.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.containerd.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}}
+    {"clusterName":"containerd.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/containerd.example.com","secretStore":"memfs://clusters.example.com/containerd.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.containerd.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -334,6 +334,5 @@ etcdManifests:
 staticManifests:
 - key: kube-apiserver-healthcheck
   path: manifests/static/kube-apiserver-healthcheck.yaml
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content

@@ -63,6 +63,5 @@ containerdConfig:
   version: 1.6.20
 docker:
   skipInstall: true
-useInstanceIDForNodeName: true
 usesLegacyGossip: false
 usesNoneDNS: false

tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data

@@ -128,7 +128,7 @@ ClusterName: containerd.example.com
 ConfigBase: memfs://clusters.example.com/containerd.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: OEPABokf3PouZ4Cm/19BtjvZMkGLqw62NHpgf/iLgEE=
+NodeupConfigHash: 94mjtG+SfGDcu/VczjCRwM5mJHSEDtz+ol3uAl5qYd4=
 
 __EOF_KUBE_ENV