build: move e2e dependencies into e2e/go.mod

Several packages are only used while running the e2e suite. These
packages are less important to update, as the they can not influence the
final executable that is part of the Ceph-CSI container-image.

By moving these dependencies out of the main Ceph-CSI go.mod, it is
easier to identify if a reported CVE affects Ceph-CSI, or only the
testing (like most of the Kubernetes CVEs).

Signed-off-by: Niels de Vos <ndevos@ibm.com>

vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder.go

@@ -1,102 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package clientbuilder
-
-import (
-	"k8s.io/client-go/discovery"
-	clientset "k8s.io/client-go/kubernetes"
-	restclient "k8s.io/client-go/rest"
-	"k8s.io/klog/v2"
-)
-
-// ControllerClientBuilder allows you to get clients and configs for controllers
-// Please note a copy also exists in staging/src/k8s.io/cloud-provider/cloud.go
-// TODO: Extract this into a separate controller utilities repo (issues/68947)
-type ControllerClientBuilder interface {
-	Config(name string) (*restclient.Config, error)
-	ConfigOrDie(name string) *restclient.Config
-	Client(name string) (clientset.Interface, error)
-	ClientOrDie(name string) clientset.Interface
-	DiscoveryClient(name string) (discovery.DiscoveryInterface, error)
-	DiscoveryClientOrDie(name string) discovery.DiscoveryInterface
-}
-
-// SimpleControllerClientBuilder returns a fixed client with different user agents
-type SimpleControllerClientBuilder struct {
-	// ClientConfig is a skeleton config to clone and use as the basis for each controller client
-	ClientConfig *restclient.Config
-}
-
-// Config returns a client config for a fixed client
-func (b SimpleControllerClientBuilder) Config(name string) (*restclient.Config, error) {
-	clientConfig := *b.ClientConfig
-	return restclient.AddUserAgent(&clientConfig, name), nil
-}
-
-// ConfigOrDie returns a client config if no error from previous config func.
-// If it gets an error getting the client, it will log the error and kill the process it's running in.
-func (b SimpleControllerClientBuilder) ConfigOrDie(name string) *restclient.Config {
-	clientConfig, err := b.Config(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return clientConfig
-}
-
-// Client returns a clientset.Interface built from the ClientBuilder
-func (b SimpleControllerClientBuilder) Client(name string) (clientset.Interface, error) {
-	clientConfig, err := b.Config(name)
-	if err != nil {
-		return nil, err
-	}
-	return clientset.NewForConfig(clientConfig)
-}
-
-// ClientOrDie returns a clientset.interface built from the ClientBuilder with no error.
-// If it gets an error getting the client, it will log the error and kill the process it's running in.
-func (b SimpleControllerClientBuilder) ClientOrDie(name string) clientset.Interface {
-	client, err := b.Client(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return client
-}
-
-// DiscoveryClient returns a discovery.DiscoveryInterface built from the ClientBuilder
-// Discovery is special because it will artificially pump the burst quite high to handle the many discovery requests.
-func (b SimpleControllerClientBuilder) DiscoveryClient(name string) (discovery.DiscoveryInterface, error) {
-	clientConfig, err := b.Config(name)
-	if err != nil {
-		return nil, err
-	}
-	// Discovery makes a lot of requests infrequently.  This allows the burst to succeed and refill to happen
-	// in just a few seconds.
-	clientConfig.Burst = 200
-	clientConfig.QPS = 20
-	return clientset.NewForConfig(clientConfig)
-}
-
-// DiscoveryClientOrDie returns a discovery.DiscoveryInterface built from the ClientBuilder with no error.
-// Discovery is special because it will artificially pump the burst quite high to handle the many discovery requests.
-// If it gets an error getting the client, it will log the error and kill the process it's running in.
-func (b SimpleControllerClientBuilder) DiscoveryClientOrDie(name string) discovery.DiscoveryInterface {
-	client, err := b.DiscoveryClient(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return client
-}

vendor/k8s.io/controller-manager/pkg/clientbuilder/client_builder_dynamic.go

@@ -1,271 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package clientbuilder
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"sync"
-	"time"
-
-	"golang.org/x/oauth2"
-	v1authenticationapi "k8s.io/api/authentication/v1"
-	v1 "k8s.io/api/core/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
-	apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
-	"k8s.io/client-go/discovery"
-	clientset "k8s.io/client-go/kubernetes"
-	v1core "k8s.io/client-go/kubernetes/typed/core/v1"
-	restclient "k8s.io/client-go/rest"
-	"k8s.io/client-go/transport"
-	"k8s.io/klog/v2"
-	"k8s.io/utils/clock"
-	utilpointer "k8s.io/utils/pointer"
-)
-
-var (
-	// defaultExpirationSeconds defines the duration of a TokenRequest in seconds.
-	defaultExpirationSeconds = int64(3600)
-	// defaultLeewayPercent defines the percentage of expiration left before the client trigger a token rotation.
-	// range[0, 100]
-	defaultLeewayPercent = 20
-)
-
-type DynamicControllerClientBuilder struct {
-	// ClientConfig is a skeleton config to clone and use as the basis for each controller client
-	ClientConfig *restclient.Config
-
-	// CoreClient is used to provision service accounts if needed and watch for their associated tokens
-	// to construct a controller client
-	CoreClient v1core.CoreV1Interface
-
-	// Namespace is the namespace used to host the service accounts that will back the
-	// controllers.  It must be highly privileged namespace which normal users cannot inspect.
-	Namespace string
-
-	// roundTripperFuncMap is a cache stores the corresponding roundtripper func for each
-	// service account
-	roundTripperFuncMap map[string]func(http.RoundTripper) http.RoundTripper
-
-	// expirationSeconds defines the token expiration seconds
-	expirationSeconds int64
-
-	// leewayPercent defines the percentage of expiration left before the client trigger a token rotation.
-	leewayPercent int
-
-	mutex sync.Mutex
-
-	clock clock.Clock
-}
-
-// NewDynamicClientBuilder returns client builder which uses TokenRequest feature and refresh service account token periodically
-func NewDynamicClientBuilder(clientConfig *restclient.Config, coreClient v1core.CoreV1Interface, ns string) ControllerClientBuilder {
-	builder := &DynamicControllerClientBuilder{
-		ClientConfig:        clientConfig,
-		CoreClient:          coreClient,
-		Namespace:           ns,
-		roundTripperFuncMap: map[string]func(http.RoundTripper) http.RoundTripper{},
-		expirationSeconds:   defaultExpirationSeconds,
-		leewayPercent:       defaultLeewayPercent,
-		clock:               clock.RealClock{},
-	}
-	return builder
-}
-
-// this function only for test purpose, don't call it
-func NewTestDynamicClientBuilder(clientConfig *restclient.Config, coreClient v1core.CoreV1Interface, ns string, expirationSeconds int64, leewayPercent int) ControllerClientBuilder {
-	builder := &DynamicControllerClientBuilder{
-		ClientConfig:        clientConfig,
-		CoreClient:          coreClient,
-		Namespace:           ns,
-		roundTripperFuncMap: map[string]func(http.RoundTripper) http.RoundTripper{},
-		expirationSeconds:   expirationSeconds,
-		leewayPercent:       leewayPercent,
-		clock:               clock.RealClock{},
-	}
-	return builder
-}
-
-func (t *DynamicControllerClientBuilder) Config(saName string) (*restclient.Config, error) {
-	_, err := getOrCreateServiceAccount(t.CoreClient, t.Namespace, saName)
-	if err != nil {
-		return nil, err
-	}
-
-	configCopy := constructClient(t.Namespace, saName, t.ClientConfig)
-
-	t.mutex.Lock()
-	defer t.mutex.Unlock()
-
-	rt, ok := t.roundTripperFuncMap[saName]
-	if ok {
-		configCopy.Wrap(rt)
-	} else {
-		cachedTokenSource := transport.NewCachedTokenSource(&tokenSourceImpl{
-			namespace:          t.Namespace,
-			serviceAccountName: saName,
-			coreClient:         t.CoreClient,
-			expirationSeconds:  t.expirationSeconds,
-			leewayPercent:      t.leewayPercent,
-		})
-		configCopy.Wrap(transport.ResettableTokenSourceWrapTransport(cachedTokenSource))
-		t.roundTripperFuncMap[saName] = configCopy.WrapTransport
-	}
-
-	return &configCopy, nil
-}
-
-func (t *DynamicControllerClientBuilder) ConfigOrDie(name string) *restclient.Config {
-	clientConfig, err := t.Config(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return clientConfig
-}
-
-func (t *DynamicControllerClientBuilder) Client(name string) (clientset.Interface, error) {
-	clientConfig, err := t.Config(name)
-	if err != nil {
-		return nil, err
-	}
-	return clientset.NewForConfig(clientConfig)
-}
-
-func (t *DynamicControllerClientBuilder) ClientOrDie(name string) clientset.Interface {
-	client, err := t.Client(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return client
-}
-
-func (t *DynamicControllerClientBuilder) DiscoveryClient(name string) (discovery.DiscoveryInterface, error) {
-	clientConfig, err := t.Config(name)
-	if err != nil {
-		return nil, err
-	}
-	// Discovery makes a lot of requests infrequently.  This allows the burst to succeed and refill to happen
-	// in just a few seconds.
-	clientConfig.Burst = 200
-	clientConfig.QPS = 20
-	return clientset.NewForConfig(clientConfig)
-}
-
-func (t *DynamicControllerClientBuilder) DiscoveryClientOrDie(name string) discovery.DiscoveryInterface {
-	client, err := t.DiscoveryClient(name)
-	if err != nil {
-		klog.Fatal(err)
-	}
-	return client
-}
-
-type tokenSourceImpl struct {
-	namespace          string
-	serviceAccountName string
-	coreClient         v1core.CoreV1Interface
-	expirationSeconds  int64
-	leewayPercent      int
-}
-
-func (ts *tokenSourceImpl) Token() (*oauth2.Token, error) {
-	var retTokenRequest *v1authenticationapi.TokenRequest
-
-	backoff := wait.Backoff{
-		Duration: 500 * time.Millisecond,
-		Factor:   2, // double the timeout for every failure
-		Steps:    4,
-	}
-	if err := wait.ExponentialBackoff(backoff, func() (bool, error) {
-		if _, inErr := getOrCreateServiceAccount(ts.coreClient, ts.namespace, ts.serviceAccountName); inErr != nil {
-			klog.Warningf("get or create service account failed: %v", inErr)
-			return false, nil
-		}
-
-		tr, inErr := ts.coreClient.ServiceAccounts(ts.namespace).CreateToken(context.TODO(), ts.serviceAccountName, &v1authenticationapi.TokenRequest{
-			Spec: v1authenticationapi.TokenRequestSpec{
-				ExpirationSeconds: utilpointer.Int64Ptr(ts.expirationSeconds),
-			},
-		}, metav1.CreateOptions{})
-		if inErr != nil {
-			klog.Warningf("get token failed: %v", inErr)
-			return false, nil
-		}
-		retTokenRequest = tr
-		return true, nil
-	}); err != nil {
-		return nil, fmt.Errorf("failed to get token for %s/%s: %v", ts.namespace, ts.serviceAccountName, err)
-	}
-
-	if retTokenRequest.Spec.ExpirationSeconds == nil {
-		return nil, fmt.Errorf("nil pointer of expiration in token request")
-	}
-
-	lifetime := retTokenRequest.Status.ExpirationTimestamp.Time.Sub(time.Now())
-	if lifetime < time.Minute*10 {
-		// possible clock skew issue, pin to minimum token lifetime
-		lifetime = time.Minute * 10
-	}
-
-	leeway := time.Duration(int64(lifetime) * int64(ts.leewayPercent) / 100)
-	expiry := time.Now().Add(lifetime).Add(-1 * leeway)
-
-	return &oauth2.Token{
-		AccessToken: retTokenRequest.Status.Token,
-		TokenType:   "Bearer",
-		Expiry:      expiry,
-	}, nil
-}
-
-func constructClient(saNamespace, saName string, config *restclient.Config) restclient.Config {
-	username := apiserverserviceaccount.MakeUsername(saNamespace, saName)
-	// make a shallow copy
-	// the caller already castrated the config during creation
-	// this allows for potential extensions in the future
-	// for example it preserve HTTP wrappers for custom behavior per request
-	ret := *config
-	restclient.AddUserAgent(&ret, username)
-	return ret
-}
-
-func getOrCreateServiceAccount(coreClient v1core.CoreV1Interface, namespace, name string) (*v1.ServiceAccount, error) {
-	sa, err := coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
-	if err == nil {
-		return sa, nil
-	}
-	if !apierrors.IsNotFound(err) {
-		return nil, err
-	}
-
-	// Create the namespace if we can't verify it exists.
-	// Tolerate errors, since we don't know whether this component has namespace creation permissions.
-	if _, err := coreClient.Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}); apierrors.IsNotFound(err) {
-		if _, err = coreClient.Namespaces().Create(context.TODO(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) {
-			klog.Warningf("create non-exist namespace %s failed:%v", namespace, err)
-		}
-	}
-
-	// Create the service account
-	sa, err = coreClient.ServiceAccounts(namespace).Create(context.TODO(), &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name}}, metav1.CreateOptions{})
-	if apierrors.IsAlreadyExists(err) {
-		// If we're racing to init and someone else already created it, re-fetch
-		return coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
-	}
-	return sa, err
-}

vendor/k8s.io/controller-manager/pkg/features/register/register.go

@@ -1,27 +0,0 @@
-/*
-Copyright 2020 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package register
-
-import (
-	"k8s.io/apimachinery/pkg/util/runtime"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
-	"k8s.io/controller-manager/pkg/features"
-)
-
-func init() {
-	runtime.Must(features.SetupCurrentKubernetesSpecificFeatureGates(utilfeature.DefaultMutableFeatureGate))
-}

vendor/k8s.io/controller-manager/pkg/leadermigration/config/config.go

@@ -1,109 +0,0 @@
-/*
-Copyright 2020 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import (
-	"fmt"
-	"os"
-
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
-	util "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/apimachinery/pkg/util/validation/field"
-	internal "k8s.io/controller-manager/config"
-	v1 "k8s.io/controller-manager/config/v1"
-	"k8s.io/controller-manager/config/v1alpha1"
-	"k8s.io/controller-manager/config/v1beta1"
-)
-
-// ResourceLockLeases is the resourceLock value for 'leases' API
-const ResourceLockLeases = "leases"
-
-// ResourceLockEndpoints is the resourceLock value for 'endpoints' API
-const ResourceLockEndpoints = "endpoints"
-
-var cfgScheme = runtime.NewScheme()
-
-func init() {
-	// internal
-	util.Must(internal.AddToScheme(cfgScheme))
-
-	// v1alpha1
-	util.Must(v1alpha1.AddToScheme(cfgScheme))
-	util.Must(cfgScheme.SetVersionPriority(v1alpha1.SchemeGroupVersion))
-
-	// v1beta1
-	util.Must(v1beta1.AddToScheme(cfgScheme))
-	util.Must(cfgScheme.SetVersionPriority(v1beta1.SchemeGroupVersion))
-
-	// v1
-	util.Must(v1.AddToScheme(cfgScheme))
-	util.Must(cfgScheme.SetVersionPriority(v1.SchemeGroupVersion))
-}
-
-// ReadLeaderMigrationConfiguration reads LeaderMigrationConfiguration from a YAML file at the given path.
-// The parsed LeaderMigrationConfiguration may be invalid.
-// It returns an error if the file did not exist.
-func ReadLeaderMigrationConfiguration(configFilePath string) (*internal.LeaderMigrationConfiguration, error) {
-	data, err := os.ReadFile(configFilePath)
-	if err != nil {
-		return nil, fmt.Errorf("unable to read leader migration configuration from %q: %w", configFilePath, err)
-	}
-	config, gvk, err := serializer.NewCodecFactory(cfgScheme, serializer.EnableStrict).UniversalDecoder().Decode(data, nil, nil)
-	if err != nil {
-		return nil, err
-	}
-	internalConfig, ok := config.(*internal.LeaderMigrationConfiguration)
-	if !ok {
-		return nil, fmt.Errorf("unexpected config type: %v", gvk)
-	}
-	return internalConfig, nil
-}
-
-// ValidateLeaderMigrationConfiguration validates the LeaderMigrationConfiguration against common errors.
-// It checks required names and whether resourceLock is either 'leases' or 'endpoints'.
-// It will return nil if it does not find anything wrong.
-func ValidateLeaderMigrationConfiguration(config *internal.LeaderMigrationConfiguration) (allErrs field.ErrorList) {
-	if config.LeaderName == "" {
-		allErrs = append(allErrs, field.Required(field.NewPath("leaderName"),
-			"leaderName must be set for LeaderMigrationConfiguration"))
-	}
-	if config.ResourceLock != ResourceLockLeases && config.ResourceLock != ResourceLockEndpoints {
-		allErrs = append(allErrs, field.Invalid(field.NewPath("resourceLock"), config.ResourceLock,
-			"resource Lock must be one of 'leases' or 'endpoints'"))
-	}
-	// validate controllerLeaders
-	fldPath := field.NewPath("controllerLeaders")
-	for i, controllerLeader := range config.ControllerLeaders {
-		path := fldPath.Index(i)
-		allErrs = append(allErrs, validateControllerLeaderConfiguration(path, &controllerLeader)...)
-	}
-	return
-}
-
-func validateControllerLeaderConfiguration(path *field.Path, config *internal.ControllerLeaderConfiguration) (allErrs field.ErrorList) {
-	if config == nil {
-		return
-	}
-	if config.Component == "" {
-		allErrs = append(allErrs, field.Required(path.Child("component"), "component must be set"))
-	}
-	if config.Name == "" {
-		allErrs = append(allErrs, field.Required(path.Child("name"), "name must be set"))
-	}
-	return
-}

vendor/k8s.io/controller-manager/pkg/leadermigration/config/default.go

@@ -1,40 +0,0 @@
-/*
-Copyright 2021 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import internal "k8s.io/controller-manager/config"
-
-// DefaultLeaderMigrationConfiguration returns the default LeaderMigrationConfiguration
-// that is valid for this release of Kubernetes.
-func DefaultLeaderMigrationConfiguration() *internal.LeaderMigrationConfiguration {
-	return &internal.LeaderMigrationConfiguration{
-		LeaderName:   "cloud-provider-extraction-migration",
-		ResourceLock: ResourceLockLeases,
-		ControllerLeaders: []internal.ControllerLeaderConfiguration{
-			{
-				Name:      "route-controller",
-				Component: "*",
-			}, {
-				Name:      "service-controller",
-				Component: "*",
-			}, {
-				Name:      "cloud-node-lifecycle-controller",
-				Component: "*",
-			},
-		},
-	}
-}

vendor/k8s.io/controller-manager/pkg/leadermigration/options/options.go

@@ -1,85 +0,0 @@
-/*
-Copyright 2021 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package options
-
-import (
-	"fmt"
-
-	"github.com/spf13/pflag"
-	"k8s.io/controller-manager/config"
-	migrationconfig "k8s.io/controller-manager/pkg/leadermigration/config"
-)
-
-// LeaderMigrationOptions is the set of options for Leader Migration,
-// which is given to the controller manager through flags
-type LeaderMigrationOptions struct {
-	// Enabled indicates whether leader migration is enabled through the --enabled-leader-migration flag.
-	Enabled bool
-
-	// ControllerMigrationConfig is the path to the file of LeaderMigrationConfiguration type.
-	// It can be set with --leader-migration-config flag
-	// If the path is "" (default vaule), the default vaule will be used.
-	ControllerMigrationConfig string
-}
-
-// DefaultLeaderMigrationOptions returns a LeaderMigrationOptions with default values.
-func DefaultLeaderMigrationOptions() *LeaderMigrationOptions {
-	return &LeaderMigrationOptions{
-		Enabled:                   false,
-		ControllerMigrationConfig: "",
-	}
-}
-
-// AddFlags adds all flags related to leader migration to given flag set.
-func (o *LeaderMigrationOptions) AddFlags(fs *pflag.FlagSet) {
-	if o == nil {
-		return
-	}
-	fs.BoolVar(&o.Enabled, "enable-leader-migration", false, "Whether to enable controller leader migration.")
-	fs.StringVar(&o.ControllerMigrationConfig, "leader-migration-config", "",
-		"Path to the config file for controller leader migration, "+
-			"or empty to use the value that reflects default configuration of the controller manager. "+
-			"The config file should be of type LeaderMigrationConfiguration, group controllermanager.config.k8s.io, version v1alpha1.")
-}
-
-// ApplyTo applies the options of leader migration to generic configuration.
-func (o *LeaderMigrationOptions) ApplyTo(cfg *config.GenericControllerManagerConfiguration) error {
-	if o == nil {
-		// an nil LeaderMigrationOptions indicates that default options should be used
-		// in which case leader migration will be disabled
-		cfg.LeaderMigrationEnabled = false
-		return nil
-	}
-	cfg.LeaderMigrationEnabled = o.Enabled
-	if !cfg.LeaderMigrationEnabled {
-		return nil
-	}
-	if o.ControllerMigrationConfig == "" {
-		cfg.LeaderMigration = *migrationconfig.DefaultLeaderMigrationConfiguration()
-		return nil
-	}
-	leaderMigrationConfig, err := migrationconfig.ReadLeaderMigrationConfiguration(o.ControllerMigrationConfig)
-	if err != nil {
-		return err
-	}
-	errs := migrationconfig.ValidateLeaderMigrationConfiguration(leaderMigrationConfig)
-	if len(errs) != 0 {
-		return fmt.Errorf("failed to parse leader migration configuration: %v", errs)
-	}
-	cfg.LeaderMigration = *leaderMigrationConfig
-	return nil
-}