Merge pull request #12475 from johngmyers/trim-cluster

Remove unused fields cluster APIs
2021-10-06 23:33:57 -07:00 · 2021-10-06 23:33:57 -07:00 · a926b17452
parent fcfdbab4b1 ebe05e10a5
commit a926b17452
10 changed files with 23 additions and 316 deletions
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@ -1217,7 +1217,7 @@ spec:
                  permissionsBoundary:
                    type: string
                  serviceAccountExternalPermissions:
-                    description: ServiceAccountExternalPermissions defines the relatinship
+                    description: ServiceAccountExternalPermissions defines the relationship
                      between Kubernetes ServiceAccounts and permissions with external
                      resources.
                    items:
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@ -304,14 +304,13 @@ type Assets struct {

 // IAMSpec adds control over the IAM security policies applied to resources
 type IAMSpec struct {
-	// TODO: remove Legacy in next APIVersion
 	Legacy                 bool    `json:"legacy"`
 	AllowContainerRegistry bool    `json:"allowContainerRegistry,omitempty"`
 	PermissionsBoundary    *string `json:"permissionsBoundary,omitempty"`
 	// UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly.
 	// If this is set to false, ServiceAccounts will assume external permissions from the instances they run on.
 	UseServiceAccountExternalPermissions *bool `json:"useServiceAccountExternalPermissions,omitempty"`
-	// ServiceAccountExternalPermissions defines the relatinship between Kubernetes ServiceAccounts and permissions with external resources.
+	// ServiceAccountExternalPermissions defines the relationship between Kubernetes ServiceAccounts and permissions with external resources.
 	ServiceAccountExternalPermissions []ServiceAccountExternalPermission `json:"serviceAccountExternalPermissions,omitempty"`
 }

@ -561,10 +560,6 @@ type EtcdClusterSpec struct {
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
-	// EnableEtcdTLS is unused.
-	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
-	// EnableTLSAuth is unused.
-	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
 	Version string `json:"version,omitempty"`
 	// LeaderElectionTimeout is the time (in milliseconds) for an etcd leader election timeout
--- a/pkg/apis/kops/v1alpha2/cluster.go
+++ b/pkg/apis/kops/v1alpha2/cluster.go
@ -308,7 +308,7 @@ type IAMSpec struct {
 	// UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly.
 	// If this is set to false, ServiceAccounts will assume external permissions from the instances they run on.
 	UseServiceAccountExternalPermissions *bool `json:"useServiceAccountExternalPermissions,omitempty"`
-	// ServiceAccountExternalPermissions defines the relatinship between Kubernetes ServiceAccounts and permissions with external resources.
+	// ServiceAccountExternalPermissions defines the relationship between Kubernetes ServiceAccounts and permissions with external resources.
 	ServiceAccountExternalPermissions []ServiceAccountExternalPermission `json:"serviceAccountExternalPermissions,omitempty"`
 }

@ -564,8 +564,10 @@ type EtcdClusterSpec struct {
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
 	// EnableEtcdTLS is unused.
+	// +k8s:conversion-gen=false
 	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
 	// EnableTLSAuth is unused.
+	// +k8s:conversion-gen=false
 	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
 	Version string `json:"version,omitempty"`
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@ -3523,8 +3523,8 @@ func autoConvert_v1alpha2_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdCluste
 	} else {
 		out.Members = nil
 	}
-	out.EnableEtcdTLS = in.EnableEtcdTLS
-	out.EnableTLSAuth = in.EnableTLSAuth
+	// INFO: in.EnableEtcdTLS opted out of conversion generation
+	// INFO: in.EnableTLSAuth opted out of conversion generation
 	out.Version = in.Version
 	out.LeaderElectionTimeout = in.LeaderElectionTimeout
 	out.HeartbeatInterval = in.HeartbeatInterval
@ -3571,8 +3571,6 @@ func autoConvert_kops_EtcdClusterSpec_To_v1alpha2_EtcdClusterSpec(in *kops.EtcdC
 	} else {
 		out.Members = nil
 	}
-	out.EnableEtcdTLS = in.EnableEtcdTLS
-	out.EnableTLSAuth = in.EnableTLSAuth
 	out.Version = in.Version
 	out.LeaderElectionTimeout = in.LeaderElectionTimeout
 	out.HeartbeatInterval = in.HeartbeatInterval
--- a/pkg/apis/kops/v1alpha3/cluster.go
+++ b/pkg/apis/kops/v1alpha3/cluster.go
@ -21,6 +21,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/kops/pkg/apis/kops"
 )

 // +genclient
@ -180,9 +181,8 @@ type ClusterSpec struct {
 	// Authentication field controls how the cluster is configured for authentication
 	Authentication *AuthenticationSpec `json:"authentication,omitempty"`
 	// Authorization field controls how the cluster is configured for authorization
-	Authorization *AuthorizationSpec `json:"authorization,omitempty"`
-	// NodeAuthorization defined the custom node authorization configuration
-	NodeAuthorization *NodeAuthorizationSpec `json:"nodeAuthorization,omitempty"`
+	Authorization     *AuthorizationSpec          `json:"authorization,omitempty"`
+	NodeAuthorization *kops.NodeAuthorizationSpec `json:"-"`
 	// CloudLabels defines additional tags or labels on cloud provider resources
 	CloudLabels map[string]string `json:"cloudLabels,omitempty"`
 	// Hooks for custom actions e.g. on first installation
@ -244,32 +244,6 @@ type AWSPermission struct {
 	InlinePolicy string `json:"inlinePolicy,omitempty"`
 }

-// NodeAuthorizationSpec is used to node authorization
-type NodeAuthorizationSpec struct {
-	// NodeAuthorizer defined the configuration for the node authorizer
-	NodeAuthorizer *NodeAuthorizerSpec `json:"nodeAuthorizer,omitempty"`
-}
-
-// NodeAuthorizerSpec defines the configuration for a node authorizer
-type NodeAuthorizerSpec struct {
-	// Authorizer is the authorizer to use
-	Authorizer string `json:"authorizer,omitempty"`
-	// Features is a series of authorizer features to enable or disable
-	Features []string `json:"features,omitempty"`
-	// Image is the location of container
-	Image string `json:"image,omitempty"`
-	// NodeURL is the node authorization service url
-	NodeURL string `json:"nodeURL,omitempty"`
-	// Port is the port the service is running on the master
-	Port int `json:"port,omitempty"`
-	// Interval the time between retires for authorization request
-	Interval *metav1.Duration `json:"interval,omitempty"`
-	// Timeout the max time for authorization request
-	Timeout *metav1.Duration `json:"timeout,omitempty"`
-	// TokenTTL is the max ttl for an issued token
-	TokenTTL *metav1.Duration `json:"tokenTTL,omitempty"`
-}
-
 // AddonSpec defines an addon that we want to install in the cluster
 type AddonSpec struct {
 	// Manifest is a path to the manifest that defines the addon
@ -302,13 +276,13 @@ type Assets struct {

 // IAMSpec adds control over the IAM security policies applied to resources
 type IAMSpec struct {
-	Legacy                 bool    `json:"legacy"`
+	Legacy                 bool    `json:"-"`
 	AllowContainerRegistry bool    `json:"allowContainerRegistry,omitempty"`
 	PermissionsBoundary    *string `json:"permissionsBoundary,omitempty"`
 	// UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly.
 	// If this is set to false, ServiceAccounts will assume external permissions from the instances they run on.
 	UseServiceAccountExternalPermissions *bool `json:"useServiceAccountExternalPermissions,omitempty"`
-	// ServiceAccountExternalPermissions defines the relatinship between Kubernetes ServiceAccounts and permissions with external resources.
+	// ServiceAccountExternalPermissions defines the relationship between Kubernetes ServiceAccounts and permissions with external resources.
 	ServiceAccountExternalPermissions []ServiceAccountExternalPermission `json:"serviceAccountExternalPermissions,omitempty"`
 }

@ -546,33 +520,17 @@ type ExternalDNSConfig struct {
 	Provider ExternalDNSProvider `json:"provider,omitempty"`
 }

-// EtcdProviderType describes etcd cluster provisioning types (Standalone, Manager)
-type EtcdProviderType string
-
-const (
-	EtcdProviderTypeManager EtcdProviderType = "Manager"
-	EtcdProviderTypeLegacy  EtcdProviderType = "Legacy"
-)
-
 // EtcdClusterSpec is the etcd cluster specification
 type EtcdClusterSpec struct {
 	// Name is the name of the etcd cluster (main, events etc)
-	Name string `json:"name,omitempty"`
-	// Provider is the provider used to run etcd: Manager, Legacy.
-	// Defaults to Manager.
-	Provider EtcdProviderType `json:"provider,omitempty"`
+	Name     string `json:"name,omitempty"`
+	Provider string `json:"-"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`
-	// EnableEtcdTLS is unused.
-	EnableEtcdTLS bool `json:"enableEtcdTLS,omitempty"`
-	// EnableTLSAuth is unused.
-	EnableTLSAuth bool `json:"enableTLSAuth,omitempty"`
 	// Version is the version of etcd to run.
-	Version string `json:"version,omitempty"`
-	// LeaderElectionTimeout is the time (in milliseconds) for an etcd leader election timeout
-	LeaderElectionTimeout *metav1.Duration `json:"leaderElectionTimeout,omitempty"`
-	// HeartbeatInterval is the time (in milliseconds) for an etcd heartbeat interval
-	HeartbeatInterval *metav1.Duration `json:"heartbeatInterval,omitempty"`
+	Version               string           `json:"version,omitempty"`
+	LeaderElectionTimeout *metav1.Duration `json:"-"`
+	HeartbeatInterval     *metav1.Duration `json:"-"`
 	// Image is the etcd docker image to use. Setting this will ignore the Version specified.
 	Image string `json:"image,omitempty"`
 	// Backups describes how we do backups of etcd
--- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
@ -834,26 +834,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*NodeAuthorizationSpec)(nil), (*kops.NodeAuthorizationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec(a.(*NodeAuthorizationSpec), b.(*kops.NodeAuthorizationSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.NodeAuthorizationSpec)(nil), (*NodeAuthorizationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec(a.(*kops.NodeAuthorizationSpec), b.(*NodeAuthorizationSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*NodeAuthorizerSpec)(nil), (*kops.NodeAuthorizerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec(a.(*NodeAuthorizerSpec), b.(*kops.NodeAuthorizerSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*kops.NodeAuthorizerSpec)(nil), (*NodeAuthorizerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec(a.(*kops.NodeAuthorizerSpec), b.(*NodeAuthorizerSpec), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*NodeLocalDNSConfig)(nil), (*kops.NodeLocalDNSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha3_NodeLocalDNSConfig_To_kops_NodeLocalDNSConfig(a.(*NodeLocalDNSConfig), b.(*kops.NodeLocalDNSConfig), scope)
 	}); err != nil {
@ -2613,15 +2593,7 @@ func autoConvert_v1alpha3_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 	} else {
 		out.Authorization = nil
 	}
-	if in.NodeAuthorization != nil {
-		in, out := &in.NodeAuthorization, &out.NodeAuthorization
-		*out = new(kops.NodeAuthorizationSpec)
-		if err := Convert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.NodeAuthorization = nil
-	}
+	out.NodeAuthorization = in.NodeAuthorization
 	out.CloudLabels = in.CloudLabels
 	if in.Hooks != nil {
 		in, out := &in.Hooks, &out.Hooks
@ -3026,15 +2998,7 @@ func autoConvert_kops_ClusterSpec_To_v1alpha3_ClusterSpec(in *kops.ClusterSpec,
 	} else {
 		out.Authorization = nil
 	}
-	if in.NodeAuthorization != nil {
-		in, out := &in.NodeAuthorization, &out.NodeAuthorization
-		*out = new(NodeAuthorizationSpec)
-		if err := Convert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.NodeAuthorization = nil
-	}
+	out.NodeAuthorization = in.NodeAuthorization
 	out.CloudLabels = in.CloudLabels
 	if in.Hooks != nil {
 		in, out := &in.Hooks, &out.Hooks
@ -3523,8 +3487,6 @@ func autoConvert_v1alpha3_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdCluste
 	} else {
 		out.Members = nil
 	}
-	out.EnableEtcdTLS = in.EnableEtcdTLS
-	out.EnableTLSAuth = in.EnableTLSAuth
 	out.Version = in.Version
 	out.LeaderElectionTimeout = in.LeaderElectionTimeout
 	out.HeartbeatInterval = in.HeartbeatInterval
@ -3559,7 +3521,7 @@ func Convert_v1alpha3_EtcdClusterSpec_To_kops_EtcdClusterSpec(in *EtcdClusterSpe

 func autoConvert_kops_EtcdClusterSpec_To_v1alpha3_EtcdClusterSpec(in *kops.EtcdClusterSpec, out *EtcdClusterSpec, s conversion.Scope) error {
 	out.Name = in.Name
-	out.Provider = EtcdProviderType(in.Provider)
+	out.Provider = string(in.Provider)
 	if in.Members != nil {
 		in, out := &in.Members, &out.Members
 		*out = make([]EtcdMemberSpec, len(*in))
@ -3571,8 +3533,6 @@ func autoConvert_kops_EtcdClusterSpec_To_v1alpha3_EtcdClusterSpec(in *kops.EtcdC
 	} else {
 		out.Members = nil
 	}
-	out.EnableEtcdTLS = in.EnableEtcdTLS
-	out.EnableTLSAuth = in.EnableTLSAuth
 	out.Version = in.Version
 	out.LeaderElectionTimeout = in.LeaderElectionTimeout
 	out.HeartbeatInterval = in.HeartbeatInterval
@ -5999,76 +5959,6 @@ func Convert_kops_NetworkingSpec_To_v1alpha3_NetworkingSpec(in *kops.NetworkingS
 	return autoConvert_kops_NetworkingSpec_To_v1alpha3_NetworkingSpec(in, out, s)
 }

-func autoConvert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec(in *NodeAuthorizationSpec, out *kops.NodeAuthorizationSpec, s conversion.Scope) error {
-	if in.NodeAuthorizer != nil {
-		in, out := &in.NodeAuthorizer, &out.NodeAuthorizer
-		*out = new(kops.NodeAuthorizerSpec)
-		if err := Convert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.NodeAuthorizer = nil
-	}
-	return nil
-}
-
-// Convert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec is an autogenerated conversion function.
-func Convert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec(in *NodeAuthorizationSpec, out *kops.NodeAuthorizationSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha3_NodeAuthorizationSpec_To_kops_NodeAuthorizationSpec(in, out, s)
-}
-
-func autoConvert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec(in *kops.NodeAuthorizationSpec, out *NodeAuthorizationSpec, s conversion.Scope) error {
-	if in.NodeAuthorizer != nil {
-		in, out := &in.NodeAuthorizer, &out.NodeAuthorizer
-		*out = new(NodeAuthorizerSpec)
-		if err := Convert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec(*in, *out, s); err != nil {
-			return err
-		}
-	} else {
-		out.NodeAuthorizer = nil
-	}
-	return nil
-}
-
-// Convert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec is an autogenerated conversion function.
-func Convert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec(in *kops.NodeAuthorizationSpec, out *NodeAuthorizationSpec, s conversion.Scope) error {
-	return autoConvert_kops_NodeAuthorizationSpec_To_v1alpha3_NodeAuthorizationSpec(in, out, s)
-}
-
-func autoConvert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec(in *NodeAuthorizerSpec, out *kops.NodeAuthorizerSpec, s conversion.Scope) error {
-	out.Authorizer = in.Authorizer
-	out.Features = in.Features
-	out.Image = in.Image
-	out.NodeURL = in.NodeURL
-	out.Port = in.Port
-	out.Interval = in.Interval
-	out.Timeout = in.Timeout
-	out.TokenTTL = in.TokenTTL
-	return nil
-}
-
-// Convert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec is an autogenerated conversion function.
-func Convert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec(in *NodeAuthorizerSpec, out *kops.NodeAuthorizerSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha3_NodeAuthorizerSpec_To_kops_NodeAuthorizerSpec(in, out, s)
-}
-
-func autoConvert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec(in *kops.NodeAuthorizerSpec, out *NodeAuthorizerSpec, s conversion.Scope) error {
-	out.Authorizer = in.Authorizer
-	out.Features = in.Features
-	out.Image = in.Image
-	out.NodeURL = in.NodeURL
-	out.Port = in.Port
-	out.Interval = in.Interval
-	out.Timeout = in.Timeout
-	out.TokenTTL = in.TokenTTL
-	return nil
-}
-
-// Convert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec is an autogenerated conversion function.
-func Convert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec(in *kops.NodeAuthorizerSpec, out *NodeAuthorizerSpec, s conversion.Scope) error {
-	return autoConvert_kops_NodeAuthorizerSpec_To_v1alpha3_NodeAuthorizerSpec(in, out, s)
-}
-
 func autoConvert_v1alpha3_NodeLocalDNSConfig_To_kops_NodeLocalDNSConfig(in *NodeLocalDNSConfig, out *kops.NodeLocalDNSConfig, s conversion.Scope) error {
 	out.Enabled = in.Enabled
 	out.Image = in.Image
--- a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
@ -26,6 +26,7 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	intstr "k8s.io/apimachinery/pkg/util/intstr"
+	kops "k8s.io/kops/pkg/apis/kops"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -1127,7 +1128,7 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 	}
 	if in.NodeAuthorization != nil {
 		in, out := &in.NodeAuthorization, &out.NodeAuthorization
-		*out = new(NodeAuthorizationSpec)
+		*out = new(kops.NodeAuthorizationSpec)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.CloudLabels != nil {
@ -3962,63 +3963,6 @@ func (in *NetworkingSpec) DeepCopy() *NetworkingSpec {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NodeAuthorizationSpec) DeepCopyInto(out *NodeAuthorizationSpec) {
-	*out = *in
-	if in.NodeAuthorizer != nil {
-		in, out := &in.NodeAuthorizer, &out.NodeAuthorizer
-		*out = new(NodeAuthorizerSpec)
-		(*in).DeepCopyInto(*out)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAuthorizationSpec.
-func (in *NodeAuthorizationSpec) DeepCopy() *NodeAuthorizationSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(NodeAuthorizationSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NodeAuthorizerSpec) DeepCopyInto(out *NodeAuthorizerSpec) {
-	*out = *in
-	if in.Features != nil {
-		in, out := &in.Features, &out.Features
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.Interval != nil {
-		in, out := &in.Interval, &out.Interval
-		*out = new(v1.Duration)
-		**out = **in
-	}
-	if in.Timeout != nil {
-		in, out := &in.Timeout, &out.Timeout
-		*out = new(v1.Duration)
-		**out = **in
-	}
-	if in.TokenTTL != nil {
-		in, out := &in.TokenTTL, &out.TokenTTL
-		*out = new(v1.Duration)
-		**out = **in
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAuthorizerSpec.
-func (in *NodeAuthorizerSpec) DeepCopy() *NodeAuthorizerSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(NodeAuthorizerSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *NodeLocalDNSConfig) DeepCopyInto(out *NodeLocalDNSConfig) {
 	*out = *in
--- a/pkg/commands/set_cluster_test.go
+++ b/pkg/commands/set_cluster_test.go
@ -129,48 +129,6 @@ func TestSetClusterFields(t *testing.T) {
 				},
 			},
 		},
-		{
-			Fields: []string{
-				"cluster.spec.etcdClusters[*].enableEtcdTLS=true",
-			},
-			Input: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableEtcdTLS: true},
-						{Name: "two", EnableEtcdTLS: false},
-					},
-				},
-			},
-			Output: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableEtcdTLS: true},
-						{Name: "two", EnableEtcdTLS: true},
-					},
-				},
-			},
-		},
-		{
-			Fields: []string{
-				"cluster.spec.etcdClusters[*].enableTLSAuth=true",
-			},
-			Input: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableTLSAuth: true},
-						{Name: "two", EnableTLSAuth: false},
-					},
-				},
-			},
-			Output: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableTLSAuth: true},
-						{Name: "two", EnableTLSAuth: true},
-					},
-				},
-			},
-		},
 		{
 			Fields: []string{
 				"cluster.spec.etcdClusters[*].version=v3.2.1",
--- a/pkg/commands/unset_cluster_test.go
+++ b/pkg/commands/unset_cluster_test.go
@ -157,43 +157,6 @@ func TestUnsetClusterFields(t *testing.T) {
 				Spec: kops.ClusterSpec{},
 			},
 		},
-		{
-			Fields: []string{
-				"cluster.spec.etcdClusters[*].enableEtcdTLS",
-			},
-			Input: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableEtcdTLS: true},
-						{Name: "two", EnableEtcdTLS: true},
-					},
-				},
-			},
-			Output: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one"},
-						{Name: "two"},
-					},
-				},
-			},
-		},
-		{
-			Fields: []string{
-				"cluster.spec.etcdClusters",
-			},
-			Input: kops.Cluster{
-				Spec: kops.ClusterSpec{
-					EtcdClusters: []kops.EtcdClusterSpec{
-						{Name: "one", EnableTLSAuth: true},
-						{Name: "two", EnableTLSAuth: true},
-					},
-				},
-			},
-			Output: kops.Cluster{
-				Spec: kops.ClusterSpec{},
-			},
-		},
 		{
 			Fields: []string{
 				"cluster.spec.etcdClusters[*].version",
--- a/tests/integration/conversion/minimal/v1alpha3.yaml
+++ b/tests/integration/conversion/minimal/v1alpha3.yaml
@ -28,8 +28,7 @@ spec:
      name: us-test-1a
    memoryRequest: 100Mi
    name: events
-  iam:
-    legacy: false
+  iam: {}
  kubernetesApiAccess:
  - 0.0.0.0/0
  kubernetesVersion: v1.14.0