remove AWS S3 access from nodes if using none dns

[zetaab]

Normal nodes does not need S3 access after using none dns

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [hakman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[zetaab]

/hold

I am running tests for this to ensure that its not needed

[rifelpet]

what happens if a node created from an older kops version is rebooted after this change is applied? will the old nodeup still try (and fail) to fetch files from the state store?

[zetaab]

@rifelpet afaik dns none is quite new thing and it has not been any stable release yet(?). Also it has not required s3 node access since its lifetime, so it should be quite safe move?

[hakman]

/test pull-kops-e2e-aws-dns-none

[zetaab]

/test pull-kops-e2e-cni-calico

[zetaab]

yeah I can confirm that at least new cluster with dns none starts after this.

/hold cancel

[rifelpet]

Do we (or will we) support migrating existing clusters from gossip to none ? If so my concern still stands

[hakman]

Do we (or will we) support migrating existing clusters from gossip to none ? If so my concern still stands

We will support migrating from gossip to none, but it will not be without downtime and full cluster roll.
Also, I doubt that anyone will restart nodes during this process. Probably there should be a note about it.
This seems more like something that was missed during #14501.

[avdhoot]

@zetaab Side effect of this change is issue. The image pull is no longer working. @rifelpet your concern is valid. cc @hakman