Migration of In‑Tree Cloud Providers to External Plugins in Kubernetes

Since Kubernetes v1.7 the project began removing built‑in cloud providers (KEP‑2395) to lower the complexity of maintaining millions of lines of Go code and to achieve true vendor neutrality.

After many releases, all cloud‑provider integration components have been successfully moved from the core repository to external plugins, cutting roughly 1.5 million lines of code and shrinking the core binary by about 40 %.

The migration affected many components that depended on the five original cloud providers (Google Cloud, AWS, Azure, OpenStack, vSphere). To replace them, four new subsystems were built from scratch: Cloud Controller Manager (KEP‑2392), API Server Network Proxy (KEP‑1281), kubelet Credential Provider plugins (KEP‑2133), and storage migration to CSI (KEP‑625).

Cloud Controller Manager replaces the cloud‑specific logic previously embedded in kube‑controller‑manager and kubelet, initializing nodes with metadata labels (region, zone, cloud‑specific IP) and running the service controller that configures load balancers for LoadBalancer services.

API Server Network Proxy was created in 2018 with SIG API Machinery to replace the SSH‑tunnel feature in kube‑apiserver. It is now a GA extension point that provides a generic, secure proxy for traffic from the API server to nodes without cloud‑specific knowledge, and it introduces the Konnectivity project.

kubelet Credential Provider plugins offer a generic extension point for executing external credential provider binaries, enabling kubelet to obtain short‑lived image‑pull tokens from GCR, ECR, ACR, and other registries without hard‑coding cloud‑specific APIs.

Storage migration to CSI moves in‑tree volume plugins to the Container Storage Interface. An API conversion layer translates legacy in‑tree volume API calls to equivalent CSI calls, preserving backward compatibility while redirecting storage operations to CSI drivers.

Looking ahead, SIG Cloud Provider will focus on new integration methods for hybrid clusters, better tooling for external driver developers, and expanding test coverage for external drivers. Users on Kubernetes versions earlier than v1.29 should follow the migration guide; from v1.31, in‑tree cloud providers will be permanently disabled.

Contributors are invited to join the bi‑weekly SIG Cloud Provider meetings.