diff --git a/Makefile b/Makefile
index f9e88fc8b..119029bde 100644
--- a/Makefile
+++ b/Makefile
@@ -33,7 +33,7 @@ IMAGE_TAG = \
 		$(shell echo $$(git rev-parse HEAD && if [[ -n $$(git status --porcelain) ]]; then echo '-dirty'; fi)|tr -d ' ')
 IMAGE_NAME ?= $(REGISTRY)/$(REGISTRY_NAMESPACE)/machine-controller:$(IMAGE_TAG)
 
-OS = amzn2 centos ubuntu rhel flatcar rockylinux
+OS = ubuntu flatcar
 USERDATA_BIN = $(patsubst %, machine-controller-userdata-%, $(OS))
 
 BASE64_ENC = \
diff --git a/README.md b/README.md
index 409a6455e..4494d63d3 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@
 ### What Works
 
 - Creation of worker nodes on AWS and Openstack
-- Using Ubuntu, Flatcar, CentOS 7 or Rocky Linux 8 distributions ([not all distributions work on all providers](/docs/operating-system.md))
+- Using Ubuntu and Flatcar distributions ([not all distributions work on all providers](/docs/operating-system.md))
 
 ### Supported Kubernetes Versions
 
diff --git a/cmd/provision/README.md b/cmd/provision/README.md
index 4811de7dc..a6e8016d4 100644
--- a/cmd/provision/README.md
+++ b/cmd/provision/README.md
@@ -5,7 +5,6 @@ This command offers all required functionality to provision an host to join a Ku
 The following operating systems are supported
 
 - Ubuntu 18.04
-- CentOS 7
 - Flatcar
 
 ## Requirements
diff --git a/cmd/userdata/amzn2/main.go b/cmd/userdata/amzn2/main.go
deleted file mode 100644
index 2c317143b..000000000
--- a/cmd/userdata/amzn2/main.go
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-Copyright 2021 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for Amazon Linux 2.
-//
-
-package main
-
-import (
-	"flag"
-	"log"
-
-	"go.uber.org/zap"
-
-	machinecontrollerlog "github.com/kubermatic/machine-controller/pkg/log"
-	"github.com/kubermatic/machine-controller/pkg/userdata/amzn2"
-	userdataplugin "github.com/kubermatic/machine-controller/pkg/userdata/plugin"
-)
-
-func main() {
-	// Parse flags.
-	var debug bool
-	flag.BoolVar(&debug, "debug", false, "Switch for enabling the plugin debugging")
-
-	logFlags := machinecontrollerlog.NewDefaultOptions()
-	logFlags.AddFlags(flag.CommandLine)
-
-	flag.Parse()
-
-	if err := logFlags.Validate(); err != nil {
-		log.Fatalf("Invalid options: %v", err)
-	}
-
-	rawLog := machinecontrollerlog.New(logFlags.Debug, logFlags.Format)
-	log := rawLog.Sugar()
-
-	// Instantiate provider and start plugin.
-	var provider = &amzn2.Provider{}
-	var p = userdataplugin.New(provider, debug)
-
-	if err := p.Run(log); err != nil {
-		log.Fatalw("Failed to run Amazon Linux 2 plugin", zap.Error(err))
-	}
-}
diff --git a/cmd/userdata/centos/main.go b/cmd/userdata/centos/main.go
deleted file mode 100644
index 3369abaac..000000000
--- a/cmd/userdata/centos/main.go
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for CentOS.
-//
-
-package main
-
-import (
-	"flag"
-	"log"
-
-	"go.uber.org/zap"
-
-	machinecontrollerlog "github.com/kubermatic/machine-controller/pkg/log"
-	"github.com/kubermatic/machine-controller/pkg/userdata/centos"
-	userdataplugin "github.com/kubermatic/machine-controller/pkg/userdata/plugin"
-)
-
-func main() {
-	// Parse flags.
-	var debug bool
-	flag.BoolVar(&debug, "debug", false, "Switch for enabling the plugin debugging")
-
-	logFlags := machinecontrollerlog.NewDefaultOptions()
-	logFlags.AddFlags(flag.CommandLine)
-
-	flag.Parse()
-
-	if err := logFlags.Validate(); err != nil {
-		log.Fatalf("Invalid options: %v", err)
-	}
-
-	rawLog := machinecontrollerlog.New(logFlags.Debug, logFlags.Format)
-	log := rawLog.Sugar()
-
-	// Instantiate provider and start plugin.
-	var provider = &centos.Provider{}
-	var p = userdataplugin.New(provider, debug)
-
-	if err := p.Run(log); err != nil {
-		log.Fatalw("Failed to run CentOS plugin", zap.Error(err))
-	}
-}
diff --git a/cmd/userdata/rhel/main.go b/cmd/userdata/rhel/main.go
deleted file mode 100644
index aaae79699..000000000
--- a/cmd/userdata/rhel/main.go
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RHEL.
-//
-
-package main
-
-import (
-	"flag"
-	"log"
-
-	"go.uber.org/zap"
-
-	machinecontrollerlog "github.com/kubermatic/machine-controller/pkg/log"
-	userdataplugin "github.com/kubermatic/machine-controller/pkg/userdata/plugin"
-	"github.com/kubermatic/machine-controller/pkg/userdata/rhel"
-)
-
-func main() {
-	// Parse flags.
-	var debug bool
-	flag.BoolVar(&debug, "debug", false, "Switch for enabling the plugin debugging")
-
-	logFlags := machinecontrollerlog.NewDefaultOptions()
-	logFlags.AddFlags(flag.CommandLine)
-
-	flag.Parse()
-
-	if err := logFlags.Validate(); err != nil {
-		log.Fatalf("Invalid options: %v", err)
-	}
-
-	rawLog := machinecontrollerlog.New(logFlags.Debug, logFlags.Format)
-	log := rawLog.Sugar()
-
-	// Instantiate provider and start plugin.
-	var provider = &rhel.Provider{}
-	var p = userdataplugin.New(provider, debug)
-
-	if err := p.Run(log); err != nil {
-		log.Fatalw("Failed to run RHEL plugin", zap.Error(err))
-	}
-}
diff --git a/cmd/userdata/rockylinux/main.go b/cmd/userdata/rockylinux/main.go
deleted file mode 100644
index 5a81bea0e..000000000
--- a/cmd/userdata/rockylinux/main.go
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-Copyright 2022 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RockyLinux.
-//
-
-package main
-
-import (
-	"flag"
-	"log"
-
-	"go.uber.org/zap"
-
-	machinecontrollerlog "github.com/kubermatic/machine-controller/pkg/log"
-	userdataplugin "github.com/kubermatic/machine-controller/pkg/userdata/plugin"
-	"github.com/kubermatic/machine-controller/pkg/userdata/rockylinux"
-)
-
-func main() {
-	// Parse flags.
-	var debug bool
-	flag.BoolVar(&debug, "debug", false, "Switch for enabling the plugin debugging")
-
-	logFlags := machinecontrollerlog.NewDefaultOptions()
-	logFlags.AddFlags(flag.CommandLine)
-
-	flag.Parse()
-
-	if err := logFlags.Validate(); err != nil {
-		log.Fatalf("Invalid options: %v", err)
-	}
-
-	rawLog := machinecontrollerlog.New(logFlags.Debug, logFlags.Format)
-	log := rawLog.Sugar()
-
-	// Instantiate provider and start plugin.
-	var provider = &rockylinux.Provider{}
-	var p = userdataplugin.New(provider, debug)
-
-	if err := p.Run(log); err != nil {
-		log.Fatalw("Failed to run RockyLinux plugin", zap.Error(err))
-	}
-}
diff --git a/docs/howto-provider.md b/docs/howto-provider.md
index 2b139d536..0ff03f2a7 100644
--- a/docs/howto-provider.md
+++ b/docs/howto-provider.md
@@ -71,7 +71,7 @@ Provider implementations are located in individual packages in `github.com/kuber
 When retrieving the individual configuration from the provider specification a type for unmarshalling is needed. Here first the provider configuration is read and based on it the individual values of the configuration are retrieved. Typically the access data (token, ID/key combination, document with all information) alternatively can be passed via an environment variable. According
 methods of the used `providerconfig.ConfigVarResolver` do support this.
 
-For creation of new machines the support of the possible information has to be checked. The machine controller supports _CentOS_, _Flatcar_ and _Ubuntu_. In case one or more aren't supported by the cloud infrastructure the error `providerconfig.ErrOSNotSupported` has to be returned.
+For creation of new machines the support of the possible information has to be checked. The machine controller supports _Flatcar_ and _Ubuntu_. In case one or more aren't supported by the cloud infrastructure the error `providerconfig.ErrOSNotSupported` has to be returned.
 
 ## Integrate provider into the Machine Controller
 
diff --git a/docs/openstack-images.md b/docs/openstack-images.md
index a1979885c..8a89250e9 100644
--- a/docs/openstack-images.md
+++ b/docs/openstack-images.md
@@ -10,5 +10,5 @@ There is a script to upload all supported image to OpenStack.
 By default all images will be named `machine-controller-${OS_NAME}`.
 The image names can be overwritten using environment variables:
 ```bash
-UBUNTU_IMAGE_NAME="ubuntu" CENTOS_IMAGE_NAME="centos" ./hack/setup-openstack-images.sh
+UBUNTU_IMAGE_NAME="ubuntu" ./hack/setup-openstack-images.sh
 ```
diff --git a/docs/operating-system.md b/docs/operating-system.md
index fd99ac400..023f86469 100644
--- a/docs/operating-system.md
+++ b/docs/operating-system.md
@@ -4,21 +4,17 @@
 
 ### Cloud provider
 
-|   | Ubuntu | CentOS | Flatcar | RHEL | Amazon Linux 2 | Rocky Linux |
-|---|---|---|---|---|---|---|
-| AWS | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Openstack | ✓ | ✓ | ✓ | ✓ | x | ✓ |
+|   | Ubuntu | Flatcar |
+|---|---|---|
+| AWS | ✓ | ✓ |
+| Openstack | ✓ | ✓ |
 
 ## Configuring a operating system
 
 The operating system to use can be set via `machine.spec.providerConfig.operatingSystem`.
 Allowed values:
 
-- `amzn2`
-- `centos`
 - `flatcar`
-- `rhel`
-- `rockylinux`
 - `ubuntu`
 
 OS specific settings can be set via `machine.spec.providerConfig.operatingSystemSpec`.
@@ -30,8 +26,4 @@ Machine controller may work with other OS versions that are not listed in the ta
 
 |   | Versions |
 |---|---|
-| AmazonLinux2 | 2.x |
-| CentOS | 7.4.x, 7.6.x, 7.7.x |
-| RHEL | 8.x |
-| Rocky Linux | 8.5 |
 | Ubuntu | 20.04 LTS, 22.04 LTS |
diff --git a/docs/rhel-custom-image.md b/docs/rhel-custom-image.md
deleted file mode 100644
index 86cbcc9d7..000000000
--- a/docs/rhel-custom-image.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# RedHat Enterprise Linux
-
-Cloud providers which are listed below, support using RHEL as an operating system option:
-
-- AWS
-- Openstack
-
-####  AWS
-First of all the RHEL gold image AMIs have to be enabled from the [RedHat Customer Portal](https://access.redhat.com/public-cloud/aws) (this requires a [cloud-provider subscription](https://access.redhat.com/public-cloud)).
-
-Afterwards, new images will be added to the aws account under EC2-> Images-> AMIs-> Private Images.
-Once the images are available in the aws account, the image id for RHEL (supported versions are mentioned [here](./operating-system.md#supported-os-versions)) should be then added to the `MachineDeployment` spec to the field `ami`.
-
-####  Openstack
-Once RHEL images(e.g: Red Hat Enterprise Linux 8.x KVM Guest Image) is uploaded to openstack, the image name should be used in
-the `MachineDeployment` field `.spec.template.spec.providerSpec.value.cloudProviderSpec.image`.
diff --git a/examples/aws-machinedeployment.yaml b/examples/aws-machinedeployment.yaml
index b82c2b505..ea57e108b 100644
--- a/examples/aws-machinedeployment.yaml
+++ b/examples/aws-machinedeployment.yaml
@@ -71,12 +71,5 @@ spec:
           operatingSystemSpec:
             disableAutoUpdate: true
             distUpgradeOnBoot: false
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            # 'rhsmOfflineToken' if it was provided red hat systems subscriptions will be removed upon machines deletions, and if wasn't
-            # provided the rhsm will be disabled and any created subscription won't be removed automatically
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: 1.28.5
diff --git a/examples/openstack-machinedeployment.yaml b/examples/openstack-machinedeployment.yaml
index ddfa3c030..633bf3e1b 100644
--- a/examples/openstack-machinedeployment.yaml
+++ b/examples/openstack-machinedeployment.yaml
@@ -153,17 +153,10 @@ spec:
             # the list of metadata you would like to attach to the instance
             tags:
               tagKey: tagValue
-          # Can be 'ubuntu' or 'centos'
+          # Can be 'ubuntu'
           operatingSystem: "ubuntu"
           operatingSystemSpec:
             distUpgradeOnBoot: true
             disableAutoUpdate: true
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            # 'rhsmOfflineToken' if it was provided red hat systems subscriptions will be removed upon machines deletions, and if wasn't
-            # provided the rhsm will be disabled and any created subscription won't be removed automatically
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: 1.28.5
diff --git a/examples/operating-system-manager.yaml b/examples/operating-system-manager.yaml
index 66364fda2..addd31559 100644
--- a/examples/operating-system-manager.yaml
+++ b/examples/operating-system-manager.yaml
@@ -217,11 +217,7 @@ spec:
                   description: "OSType represent the operating system name e.g: ubuntu"
                   enum:
                     - flatcar
-                    - rhel
-                    - centos
                     - ubuntu
-                    - amzn2
-                    - rockylinux
                   type: string
                 osVersion:
                   description: OSVersion the version of the operating system
@@ -667,11 +663,7 @@ spec:
                   description: "OSType represent the operating system name e.g: ubuntu"
                   enum:
                     - flatcar
-                    - rhel
-                    - centos
                     - ubuntu
-                    - amzn2
-                    - rockylinux
                   type: string
                 osVersion:
                   description: OSVersion the version of the operating system
diff --git a/hack/build-kubevirt-images.sh b/hack/build-kubevirt-images.sh
index 440a44217..2028e2151 100755
--- a/hack/build-kubevirt-images.sh
+++ b/hack/build-kubevirt-images.sh
@@ -20,7 +20,7 @@ BUILD_NUM=2
 
 cd $(dirname $0)/kubevirt_dockerfiles
 
-for flavor in ubuntu centos; do
+for flavor in ubuntu; do
   docker build \
     -t quay.io/kubermatic/machine-controller-kubevirt:$flavor-$BUILD_NUM \
     -f dockerfile.$flavor .
diff --git a/hack/e2e-setup-openstack-images.sh b/hack/e2e-setup-openstack-images.sh
index d67c3825f..309b9bf04 100755
--- a/hack/e2e-setup-openstack-images.sh
+++ b/hack/e2e-setup-openstack-images.sh
@@ -20,6 +20,5 @@ set -o pipefail
 cd $(dirname $0)/
 
 export UBUNTU_IMAGE_NAME="machine-controller-e2e-ubuntu"
-export CENTOS_IMAGE_NAME="machine-controller-e2e-centos"
 
 ./setup-openstack-images.sh
diff --git a/hack/kubevirt_dockerfiles/dockerfile.centos b/hack/kubevirt_dockerfiles/dockerfile.centos
deleted file mode 100644
index c26389521..000000000
--- a/hack/kubevirt_dockerfiles/dockerfile.centos
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM kubevirt/registry-disk-v1alpha:v0.10.0
-
-RUN curl -L -o /disk/centos7.img https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
diff --git a/hack/setup-openstack-images.sh b/hack/setup-openstack-images.sh
index 52ab771ae..28d51b005 100755
--- a/hack/setup-openstack-images.sh
+++ b/hack/setup-openstack-images.sh
@@ -18,7 +18,6 @@ set -o nounset
 set -o pipefail
 
 UBUNTU_IMAGE_NAME=${UBUNTU_IMAGE_NAME:-"machine-controller-ubuntu"}
-CENTOS_IMAGE_NAME=${CENTOS_IMAGE_NAME:-"machine-controller-centos"}
 
 echo "Downloading Ubuntu 18.04 image from upstream..."
 curl -L -o ubuntu.img http://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img
@@ -30,14 +29,3 @@ openstack image create \
   ${UBUNTU_IMAGE_NAME}
 rm ubuntu.img
 echo "Successfully uploaded ${UBUNTU_IMAGE_NAME} to OpenStack..."
-
-echo "Downloading CentOS 7 image from upstream..."
-curl -L -o centos.qcow2 http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
-echo "Uploading CentOS 7 image to OpenStack..."
-openstack image create \
-  --disk-format qcow2 \
-  --container-format bare \
-  --file centos.qcow2 \
-  ${CENTOS_IMAGE_NAME}
-rm centos.qcow2
-echo "Successfully uploaded ${CENTOS_IMAGE_NAME} to OpenStack..."
diff --git a/image-builder/.gitignore b/image-builder/.gitignore
deleted file mode 100644
index fff5ccae4..000000000
--- a/image-builder/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/downloads
-*.vmdk
diff --git a/image-builder/README.md b/image-builder/README.md
deleted file mode 100644
index 613132bac..000000000
--- a/image-builder/README.md
+++ /dev/null
@@ -1,22 +0,0 @@
- #### Image builder script
-
- The script `build.sh` automatically builds a custom OS image for a VSphere environment. The original image of a selected OS is enriched with Kubernetes binaries, as well as (in the future) other custom files.
-
- Currently supported operating systems:
-  * RedHat CoreOS
-  * CentOS 7
-  * Debian 9
-
-### Usage
-
-`./build.sh --target-os centos7|debian9 [--release K8S-RELEASE]`
-
-Parameters:
- * `--target-os` is mandatory and specifies the Linux distribution image to be built. Possible values:
-   * `centos7`
-   * `debian9`
- * `--release` specifies the Kubernetes release to be added to the image, e.g. `v1.10.2`. If not provided, the script will look up the latest stable release and use that.
-
-### Output
-
-The script will generate a VMDK disk image with the filename `TARGET_OS-output.vmdk`, e.g. `centos7-output.vmdk`.
diff --git a/image-builder/RPM-GPG-KEY-CentOS-7 b/image-builder/RPM-GPG-KEY-CentOS-7
deleted file mode 100644
index 47f6d4d6b..000000000
--- a/image-builder/RPM-GPG-KEY-CentOS-7
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.5 (GNU/Linux)
-
-mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9
-Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn
-4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ
-4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ
-Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj
-WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1
-x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO
-IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY
-438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB
-JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j
-NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB
-tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
-c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC
-CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG
-QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL
-F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw
-4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4
-Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv
-hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO
-aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD
-3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD
-ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137
-YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv
-pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3
-uPNL0eRx4S1G4Jn5
-=OGYX
------END PGP PUBLIC KEY BLOCK-----
diff --git a/image-builder/build.sh b/image-builder/build.sh
deleted file mode 100755
index 40eb535e2..000000000
--- a/image-builder/build.sh
+++ /dev/null
@@ -1,234 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright 2019 The Machine Controller Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -eu
-set -o pipefail
-
-SCRIPT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
-K8S_RELEASE=""
-TARGET_OS=""
-
-usage() {
-  echo -e "usage:"
-  echo -e "\t$0 --target-os centos7|debian9|ubuntu-xenial|ubuntu-bionic [--release K8S-RELEASE]"
-}
-
-while [ $# -gt 0 ]; do
-  case "$1" in
-    --release)
-      K8S_RELEASE="$2"
-      shift
-      ;;
-    --target-os)
-      if [[ -z "$2" ]]; then
-        echo "You must specify target OS. Currently 'centos7' is supported."
-        exit 1
-      fi
-      TARGET_OS="$2"
-      shift
-      ;;
-    *)
-      echo "Unknown parameter \"$1\""
-      usage
-      exit 1
-      ;;
-  esac
-  shift
-done
-
-if [[ -z "$TARGET_OS" ]]; then
-  usage
-  exit 1
-fi
-
-if ! which guestmount &>/dev/null; then
-  echo "guestmount is not available. On Ubuntu, you need to install libguestfs-tools"
-  exit 1
-fi
-
-if ! which qemu-img &>/dev/null; then
-  echo "qemu-img is not available. On Ubuntu, you need to install qemu-utils"
-  exit 1
-fi
-
-if ! which gpg2 &>/dev/null; then
-  echo "gpg2 is not available. On Ubuntu, you need to install gnupg2"
-  exit 1
-fi
-
-# if no K8S version has was specified on the command line, get the latest stable
-if [[ -z "$K8S_RELEASE" ]]; then
-  K8S_RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
-fi
-
-TEMPDIR="$(mktemp -d)"
-TARGETFS="$TEMPDIR/targetfs"
-mkdir -p "$TARGETFS" "$SCRIPT_DIR/downloads"
-# on failure unmount target filesystem (if mounted) and delete the temporary directory
-trap "sudo mountpoint --quiet $TARGETFS && sudo umount --recursive $TARGETFS; rm -rf $TEMPDIR" EXIT SIGINT
-
-get_centos7_image() {
-  CENTOS7_BUILD="1802"
-  echo " * Downloading vanilla CentOS image."
-  wget "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-$CENTOS7_BUILD.qcow2.xz" -P "$TEMPDIR"
-
-  echo " * Verifying GPG signature"
-  wget --quiet "https://cloud.centos.org/centos/7/images/sha256sum.txt.asc" -O "$TEMPDIR/centos7-sha256sum.txt.asc"
-  gpg2 --quiet --import "$SCRIPT_DIR/RPM-GPG-KEY-CentOS-7"
-  gpg2 "$TEMPDIR/centos7-sha256sum.txt.asc"
-
-  echo " * Verifying SHA256 digest"
-  EXPECTED_SHA256="$(grep "CentOS-7-x86_64-GenericCloud-$CENTOS7_BUILD.qcow2.xz$" < "$TEMPDIR/centos7-sha256sum.txt" | cut -f1 -d ' ')"
-  CALCULATED_SHA256="$(sha256sum "$TEMPDIR/CentOS-7-x86_64-GenericCloud-$CENTOS7_BUILD.qcow2.xz" | cut -f1 -d ' ')"
-  if [[ "$CALCULATED_SHA256" != "$EXPECTED_SHA256" ]]; then
-    echo " * SHA256 digest verification failed. '$CALCULATED_SHA256' != '$EXPECTED_SHA256'"
-    exit 1
-  fi
-
-  echo " * Decompressing"
-  unxz --keep "$TEMPDIR/CentOS-7-x86_64-GenericCloud-$CENTOS7_BUILD.qcow2.xz"
-  mv "$TEMPDIR/CentOS-7-x86_64-GenericCloud-$CENTOS7_BUILD.qcow2" "$SCRIPT_DIR/downloads/CentOS-7-x86_64-GenericCloud.qcow2"
-}
-
-get_debian9_image() {
-  DEBIAN_CD_SIGNING_KEY_FINGERPRINT="DF9B9C49EAA9298432589D76DA87E80D6294BE9B"
-
-  echo " * Downloading vanilla Debian image."
-  wget "https://cdimage.debian.org/cdimage/openstack/current-9/debian-9-openstack-amd64.qcow2" -P "$TEMPDIR"
-
-  echo " * Verifying GPG signature"
-  wget --quiet "https://cdimage.debian.org/cdimage/openstack/current-9/SHA512SUMS" -O "$TEMPDIR/Debian-SHA512SUMS"
-  wget --quiet "https://cdimage.debian.org/cdimage/openstack/current-9/SHA512SUMS.sign" -O "$TEMPDIR/Debian-SHA512SUMS.sign"
-  gpg2 --quiet --recv-keys "$DEBIAN_CD_SIGNING_KEY_FINGERPRINT"
-  gpg2 --quiet --verify "$TEMPDIR/Debian-SHA512SUMS.sign"
-
-  echo " * Verifying SHA512 digest"
-  EXPECTED_SHA512="$(grep 'debian-9-openstack-amd64.qcow2$' < "$TEMPDIR/Debian-SHA512SUMS" | cut -f1 -d ' ')"
-  CALCULATED_SHA512="$(sha512sum "$TEMPDIR/debian-9-openstack-amd64.qcow2" | cut -f1 -d ' ')"
-  if [[ "$CALCULATED_SHA512" != "$EXPECTED_SHA512" ]]; then
-    echo " * SHA512 digest verification failed. '$CALCULATED_SHA512' != '$EXPECTED_SHA512'"
-    exit 1
-  fi
-
-  echo " * Finalizing"
-  mv "$TEMPDIR/debian-9-openstack-amd64.qcow2" "$SCRIPT_DIR/downloads/debian-9-openstack-amd64.qcow2"
-}
-
-get_ubuntu_image() {
-  local UBUNTU_CLOUD_IMAGE_SIGNING_KEY_FINGERPRINT="D2EB44626FDDC30B513D5BB71A5D6C4C7DB87C81"
-  local RELEASE="$1"
-  local IMG_NAME
-  if [[ $RELEASE == "xenial" ]]; then
-    IMG_NAME="$RELEASE-server-cloudimg-amd64-disk1.vmdk"
-  else
-    IMG_NAME="$RELEASE-server-cloudimg-amd64.vmdk"
-  fi
-
-  echo " * Downloading vanilla Ubuntu image."
-  wget "https://cloud-images.ubuntu.com/$RELEASE/current/$IMG_NAME" -P "$TEMPDIR"
-
-  echo " * Verifying GPG signature"
-  wget --quiet "https://cloud-images.ubuntu.com/$RELEASE/current/SHA256SUMS" -O "$TEMPDIR/Ubuntu-SHA256SUMS"
-  wget --quiet "https://cloud-images.ubuntu.com/$RELEASE/current/SHA256SUMS.gpg" -O "$TEMPDIR/Ubuntu-SHA256SUMS.gpg"
-  gpg2 --quiet --recv-keys $UBUNTU_CLOUD_IMAGE_SIGNING_KEY_FINGERPRINT
-  gpg2 --quiet --verify "$TEMPDIR/Ubuntu-SHA256SUMS.gpg" "$TEMPDIR/Ubuntu-SHA256SUMS"
-
-  echo " * Verifying SHA256 digest"
-  EXPECTED_SHA256="$(grep "$IMG_NAME\$" < "$TEMPDIR/Ubuntu-SHA256SUMS" | cut -f1 -d ' ')"
-  CALCULATED_SHA256="$(sha256sum "$TEMPDIR/$IMG_NAME" | cut -f1 -d ' ')"
-  if [[ "$CALCULATED_SHA256" != "$EXPECTED_SHA256" ]]; then
-    echo " * SHA256 digest verification failed. '$CALCULATED_SHA256' != '$EXPECTED_SHA256'"
-    exit 1
-  fi
-
-  # This is needed because Ubuntu cloud images come in a Read-Only format
-  # that can only be used for linked-base VMs.
-  echo " * Converting to a read-write enabled image"
-  qemu-img convert -O vmdk "$TEMPDIR/$IMG_NAME" "$TEMPDIR/$IMG_NAME-rw"
-
-  echo " * Finalizing"
-  mv "$TEMPDIR/$IMG_NAME-rw" "$SCRIPT_DIR/downloads/$RELEASE-server-cloudimg-amd64.vmdk"
-}
-
-mount_rootfs() {
-  local IMAGE="$1"
-  local FOLDER="$2"
-  case $TARGET_OS in
-    debian9|centos7|ubuntu-*)
-      echo "  * /"
-      sudo guestmount -a "$IMAGE" -m "/dev/sda1" "$TARGETFS"
-      ;;
-    *)
-      echo "mount_rootfs(): unknown OS \"$TARGET_OS\""
-      usage
-      exit 1
-  esac
-}
-
-case $TARGET_OS in
-  centos7)
-  CLEAN_IMAGE="$SCRIPT_DIR/downloads/CentOS-7-x86_64-GenericCloud.qcow2"
-    if [[ ! -f "$CLEAN_IMAGE" ]]; then
-      get_centos7_image
-    fi
-    ;;
-  debian9)
-    CLEAN_IMAGE="$SCRIPT_DIR/downloads/debian-9-openstack-amd64.qcow2"
-    if [[ ! -f "$CLEAN_IMAGE" ]]; then
-      get_debian9_image
-    fi
-    ;;
-  ubuntu-xenial)
-    CLEAN_IMAGE="$SCRIPT_DIR/downloads/xenial-server-cloudimg-amd64.vmdk"
-    if [[ ! -f "$CLEAN_IMAGE" ]]; then
-      get_ubuntu_image xenial
-    fi
-    ;;
-  ubuntu-bionic)
-    CLEAN_IMAGE="$SCRIPT_DIR/downloads/bionic-server-cloudimg-amd64.vmdk"
-    if [[ ! -f "$CLEAN_IMAGE" ]]; then
-      get_ubuntu_image bionic
-    fi
-    ;;
-  *)
-    usage
-    exit 1
-esac
-
-echo " * Verifying/Downloading kubernetes"
-./download_kubernetes.sh --release "$K8S_RELEASE"
-
-echo " * Mouting the image"
-cp "$CLEAN_IMAGE" "$TEMPDIR/work-in-progress-image"
-mount_rootfs "$TEMPDIR/work-in-progress-image" "$TARGETFS"
-
-echo " * Copying kubernetes binaries"
-sudo mkdir -p "$TARGETFS/opt/bin/"
-sudo cp "$SCRIPT_DIR/downloads/kubeadm-$K8S_RELEASE" "$TARGETFS/opt/bin/kubeadm"
-sudo cp "$SCRIPT_DIR/downloads/kubectl-$K8S_RELEASE" "$TARGETFS/opt/bin/kubectl"
-sudo cp "$SCRIPT_DIR/downloads/kubelet-$K8S_RELEASE" "$TARGETFS/opt/bin/kubelet"
-
-echo " * Finalizing"
-sudo umount --recursive "$TARGETFS"
-EXTENSION="${CLEAN_IMAGE##*.}"
-if [[ "$EXTENSION" == "vmdk" ]]; then
-  cp "$TEMPDIR/work-in-progress-image" "$SCRIPT_DIR/$TARGET_OS-output.vmdk"
-else
-  echo " * Converting to VMDK"
-  qemu-img convert -O vmdk "$TEMPDIR/work-in-progress-image" "$SCRIPT_DIR/$TARGET_OS-output.vmdk"
-fi
-
-echo "$(realpath "$SCRIPT_DIR/$TARGET_OS-output.vmdk") ready."
diff --git a/image-builder/coreos_signing_key.asc b/image-builder/coreos_signing_key.asc
deleted file mode 100644
index 0f008c8a3..000000000
--- a/image-builder/coreos_signing_key.asc
+++ /dev/null
@@ -1,278 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFIqVhQBEADjC7oxg5N9Xqmqqrac70EHITgjEXZfGm7Q50fuQlqDoeNWY+sN
-szpw//dWz8lxvPAqUlTSeR+dl7nwdpG2yJSBY6pXnXFF9sdHoFAUI0uy1Pp6VU9b
-/9uMzZo+BBaIfojwHCa91JcX3FwLly5sPmNAjgiTeYoFmeb7vmV9ZMjoda1B8k4e
-8E0oVPgdDqCguBEP80NuosAONTib3fZ8ERmRw4HIwc9xjFDzyPpvyc25liyPKr57
-UDoDbO/DwhrrKGZP11JZHUn4mIAO7pniZYj/IC47aXEEuZNn95zACGMYqfn8A9+K
-mHIHwr4ifS+k8UmQ2ly+HX+NfKJLTIUBcQY+7w6C5CHrVBImVHzHTYLvKWGH3pmB
-zn8cCTgwW7mJ8bzQezt1MozCB1CYKv/SelvxisIQqyxqYB9q41g9x3hkePDRlh1s
-5ycvN0axEpSgxg10bLJdkhE+CfYkuANAyjQzAksFRa1ZlMQ5I+VVpXEECTVpLyLt
-QQH87vtZS5xFaHUQnArXtZFu1WC0gZvMkNkJofv3GowNfanZb8iNtNFE8r1+GjL7
-a9NhaD8She0z2xQ4eZm8+Mtpz9ap/F7RLa9YgnJth5bDwLlAe30lg+7WIZHilR09
-UBHapoYlLB3B6RF51wWVneIlnTpMIJeP9vOGFBUqZ+W1j3O3uoLij1FUuwARAQAB
-tDZDb3JlT1MgQnVpbGRib3QgKE9mZmljYWwgQnVpbGRzKSA8YnVpbGRib3RAY29y
-ZW9zLmNvbT6JAjkEEwECACMCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUC
-WSN1RgAKCRBQ4IhVk9LctF/0EADf18yxXNfa7yZx2CCvIMSqpmcY12z0eQhMZJDp
-HISexj2ZnVa2hcNDAdeGf9KtqW1dOlwxEccl3TYgl6dXCKy2kd8UPxw0zwiRkB86
-JPXuMuet0T6lxr3gEBJEsMD0DNQqsxQ6OZBLqWAMIlGzlv4plqap7uGkMiVtE+yM
-8atGyFqSpnksVDFwd+Pjgr6cC4H6ZP24XUr8e9JxG6ltpyNwG7AmYB9HhFg3RBrx
-RtxVzAKmDAffXmntQv1f4XY9NLL0tccCD3QoqW0s130lWpCkRmTQFYe/+VtWORYt
-EwGSMF0f9VVd9klC2BcE/L3kgK74I6PzCjmioC0Al2rkrPb/VotrwlMj8OMTQtGB
-i/lvn4tFwDRMPhu+SRU4jYRdZi724fARm0vv13dxZUwMqGHdhT7vfTCoerk6I6Pd
-1g1kG/lU1RMkJqK/nh/aoqDdsdv7ZBuDXKJYJ3p6O2EH5TOXToF4b8lOM1SI7Lm1
-z4vo8Se7jWDR9VgD5fuFfMthliIzMwZXX2gLk9Oc9eRixygAOKdcRnkx/pCFgVim
-WNRSMJAbc8bTyDMdyMEaElXyr9G5x3mZdqrU0J42ZeT0+fl8yvKMvaqvO+Z5PR2R
-nvGijw1l1VcG6SNDYvIJI2hwkKq04+dZmWOuxyn9uK/F/EFq6Bl7hRtilbOgARvi
-UQORR7kCDQRSKlZGARAAuMYYnu48l3AvE8ZpTN6uXSt2RrXnOr9oEah6hw1fn9KY
-KVJi0ZGJHzQOeAHHO/3BKYPFZNoUoNOU6VR/KAn7gon1wkUwk9Tn0AXVIQ7wMFJN
-LvcinoTkLBT5tqcAz5MvAoI9sivAM0Rm2BgeujdHjRS+UQKq/EZtpnodeQKE8+pw
-e3zdf6A9FZY2pnBs0PxKJ0NZ1rZeAW9w+2WdbyrkWxUvjYWMSzTUkWK6533PVi7R
-cdRmWrDMNVR/X1PfqqAIzQkQ8oGcXtRpYjFL30Z/LhKec9Awfm57rkZk2EMduIB/
-Y5VYqnOsmKgUghXjOo6JOcanQZ4sHAyQrB2Yd6UgdAfzqa7AWNIAljSGy6/CfJAo
-VIgl1revG7GCsRD5Dr/+BLyauwZ/YtTH9mGDtg6hy/SozzDAM8+79Y8VMBUtj64G
-QBgg2+0MVZYNsZCN209X+EGpGUmAGEFQLGLHwFoNlwwL1Uj+/5NTAhp2MQA/XRDT
-Vx1nm8MZZXUOu6NTCUXtUmgTQuQEsKCosQzBuT/G+8IaR5jBVZ38/NJgLw+YcRPN
-Vo2S2XSh7liw+Sl1sdjEW1nWQHotDAzd2MFG++KVbxwbcXbDgJOB0+N0c362WQ7b
-zxpJZoaYGhNOVjVjNY8YkcOiDl0DqkCk45obz4hG2T08x0OoXN7Oby0FclbUkVsA
-EQEAAYkERAQYAQIADwUCUipWRgIbAgUJAeEzgAIpCRBQ4IhVk9LctMFdIAQZAQIA
-BgUCUipWRgAKCRClQeyydOfjYdY6D/4+PmhaiyasTHqhiui2DwDVdhwxdikQEl+K
-QQHtk7aqgbUAxgU1D4rbLxzXyhTbmql7D30nl+oZg0Beyl67Xo6X/wHsP44651aT
-bwxVT9nzhOp6OEW5z/qxJaX1B9EBsYtjGO87N854xC6aQEaGZPbNauRpcYEadkpp
-SumBo5ujmRWc4S+H1VjQW4vGSCm9m4X7a7L7/063HJzaSYaHybbu/udWW8ymzuUf
-/UARH4141bGnZOtIa9vIGtFl2oWJ/ViyJew9vwdMqiI6Y86ISQcGV/lL/iThNJBn
-+pots0CqdsoLvEZQGF3ZozWJVCKnnn/kC8NNyd7Wst9C+p7ZzN3BTz+74Te5Vde3
-prQPFG4ClSzwJZ/U15boIMBPtNd7pRYum2padTK9oHp1l5dI/cELluj5JXT58hs5
-RAn4xD5XRNb4ahtnc/wdqtle0Kr5O0qNGQ0+U6ALdy/fIVpSXihfsiy45+nPgGpf
-nRVmjQvIWQelI25+cvqxX1dr827ksUj4h6af/Bm9JvPGKKRhORXPe+OQM6y/ubJO
-pYPEq9fZxdClekjA9IXhojNA8C6QKy2Kan873XDE0H4KY2OMTqQ1/n1A6g3qWCWp
-h/sPdEMCsfnybDPcdPZp3psTQ8uX/vGLz0AAORapVCbpiFHbF3TduuvnKaBWXKjr
-r5tNY/njrU4zEADTzhgbtGW75HSGgN3wtsiieMdfbH/Pf7wcC2FlbaQmevXjWI5t
-yx2m3ejG9gqnjRSyN5DWPq0m5AfKCY+4Glfjf01l7wR25oOvwL9lTtyrFE68t3py
-lUtIdzDz3EG0LalVYpEDyTIygzrriRsdXC+Na1KXdr5EGC0BZeG4QNS6XAsNS0/4
-SgT9ceA5DkgBCln58HRXabc25Tyfm2RiLQ70apWdEuoQTBoiWoMDeDmGLlquA5J2
-rBZh2XNThmpKU7PJ+2g3NQQubDeUjGEa6hvDwZ3vni6VvVqsviCYJLcMHoHgJGtT
-TUoRO5Q6terCpRADMhQ014HYugZVBRdbbVGPo3YetrzU/BuhvvROvb5dhWVi7zBU
-w2hUgQ0g0OpJB2TaJizXA+jIQ/x2HiO4QSUihp4JZJrL5G4P8dv7c7/BOqdj19VX
-V974RAnqDNSpuAsnmObVDO3Oy0eKj1J1eSIp5ZOA9Q3dbHinx13rh5nMVbn3FxIe
-mTYEbUFUbqa0eB3GRFoDz4iBGR4NqwIboP317S27NLDYJ8L6KmXTyNh8/Cm2l7wK
-lkwi3ItBGoAT+j3cOG988+3slgM9vXMaQRRQv9O1aTs1ZAai+Jq7AGjGh4ZkuG0c
-DZ2DuBy22XsUNboxQeHbQTsAPzQfvi+fQByUi6TzxiW0BeiJ6tEeDHDzdLkCDQRU
-DREaARAA+Wuzp1ANTtPGooSq4W4fVUz+mlEpDV4fzK6nHQ35qGVJgXEJVKxXy206
-jNHx3lro7BGcJtIXeRb+Wp1eGUghrG1+V/mKFxE4wulNtFXoTOJ//AOYkPq9FG12
-VGeLZDckAR4zMhDwdcwsJ208hZzBSslJOWAuZTPoWple+xie4B8jZiUcjf10XaWv
-Bnlx4EPohhvtv5VEczZWNvGa/0VDe/FfI4qGknJM3+d0kvXK/7yaFpdGwnY3nE/V
-4xbwx2tggqQRXoFmYbjogGHpTcdXkWbGEz5F7mLNwzZ/voyTiZeukZP5I45CCLgi
-B+g2WTl8cm3gcxrnt/aZAJCAl/eclFeYQ/Xiq8sK1+U2nDEYLWRygoZACULmLPbU
-EVmQBOw/HAufE98sb36MHcFss634h2ijIp9/wvnX9GOELgX4hgqkgM85QaMeaS3d
-2+jlMu8BdsMYxPkTumsEUShcFtAYgtrNrPSayHtV6I9I41ISg8EIr9qEhH1xLGvS
-A+dfUvXqwa0cIBxhI3bXOa25vPHbT+SLtfQlvUvKySIbc6fobw2Wf1ZtM8lgFL3f
-/dHbT6fsvK6Jd/8iVMAZkAYFbJcivjS9/ugXbMznz5Wvg9O7hbQtXUvRjvh8+Azl
-ASYidqSd6neW6o+i2xduUBlrbCfW6R0bPLX+7w9iqMaT0wEQs3MAEQEAAYkERAQY
-AQIADwUCVA0RGgIbAgUJAeEzgAIpCRBQ4IhVk9LctMFdIAQZAQIABgUCVA0RGgAK
-CRClqWY15Wdu/JYcD/95hNCztDFlwzYi2p9vfaMbnWcRqzqavj21muB9vE/ybb9C
-QrcXd84y7oNq2zU7jOSAbT3aGloQDP9+N0YFkQoYGMRsCPiTdnF7/mJCgAnXei6S
-O+H6PIw9qgC4wDV0UhCiNh+CrsICFFbK+O+Jbgj+CEN8XtVhZz3UXbH/YWg/AV/X
-GWL1BT4bFilUdF6b2nJAtORYQFIUKwOtCAlI/ytBo34nM6lrMdMhHv4MoBHP91+Y
-9+t4D/80ytOgH6lq0+fznY8Tty+ODh4WNkfXwXq+0TfZfJiZLvkoXGD+l/I+HE3g
-Xn4MBwahQQZl8gzI9daEGqPF8KYX0xyyKGo+8yJG5/WGlfdGeKmz8rGP/Ugyo6tt
-8DTSSqJv6otAF/AWV1Wu/DCniehtfHYrp2EHZUlpvGRl7Ea9D9tv9BKYm6S4+2yD
-5KkPu4qp3r6glVbePPCLeZ4NLQCEIpKakIERfxk66JqZTb5XI9HKKbnhKunOoGiL
-5SMXVsS67Sxt//Ta/3vSaLC3wnVwN5OeXNaa04Yx7jg/wtMJ9Jz0EYFtVv2NLizE
-eGCI8iPJOyMWOy+twCIk5zmvwsLu5MKmg1tLI2mtCTYzqo8uVIqETlojxIqAhRYt
-meiYKf2fZs5um3+Sjv28v4nw3VfQgibTKc2uBjeqxxOeXGw0ysKnS2VO72SK879+
-EADd3HoF9U80odCgN5T6aljhaNaruqmG4CvBdRyzp3EQ9RP7jPOEhcM00etw572o
-rviK9AqCk+zwvfzEFbt/uC7zOpO0BJ8fnMAZ0Zn/fF8s88zR4zq6BBq9WD4RCmaz
-w2G6IyGXHvVAWi8UxoNjNoJJosLyLauFdPPUeoye5PxEg+fQew3behcCaebjZwUA
-+xZMj7dfwcNXlDa4VkCDHzTfU43znawBo9avB8hNwMeWCZYINmym+LSKyQnz3sir
-TpYcjorxtov1fyml8413tDJoOvkotSX9o3QQgbBPsyQ7nwLTscYc5eklGRH7iytX
-OPI+29EPpfRHX2DAnVyTeVSFPEr79tIsijy02ZBZTiKYlBlJy/Cj2C5cGhVeQ6v4
-jnj1Nt3sjHkZlVfmipSYVfcBoID1/4r2zHl4OFlLCjvkXUhbqhm9xWV8NdmItO3B
-BSlIEksFunykzz1HM6shvzw77sM5+TEtSsxoOxxys+9NItCl8L6yf84A5333pLaU
-Wh5HON1J+jGGbKnUzXKBsDxGSvgDcFlyVloBRQShUkv3FMem+FWqt7aA3/YFCPgy
-Lp7818VhfM70bqIxLi0/BJHp6ltGN5EH+q7Ewz210VABju5IO7bjgCqTFeR3YYUN
-87l8ofdARx3shApXS6TkVcwaTv5eqzdFO9fZeRqHj4L9PrkCDQRV5KHhARAAz9Qk
-17qaFi2iOlRgA4WXhn5zkr9ed1F1HGIJmFB4J8NIVkTZdt2UfRBWw0ykOB8m1sWL
-EfimP2FN5urnfsndtc1wEVrcuc7YAMbfUgxbTc/o+gTydpVCKmGrL10mZeOmioFQ
-uVT9s1qzIII/gDbiSLRVDb75F6/aag7mDsJFGtUqStpNmR0AHyrLOY/jYVLlTr8d
-AfX2Z2aBifpJ/nPaw29FkTBCQvyC84+cReTT3RiUOXQ3EL4zLaYm/VTtLlAnZ4IY
-ADpGijFHw2c4jcBWZ/72Wb6TUk9lg2b6M6THfCwNieJBCwCf6VHyKBebbYZYHiuZ
-B5GILfdm4aSclRACVXT3seTZQh8yeCYLMYyieceeHesOM/4rC5iLujbNsVN+95z0
-SuRMPlpd3mfExFYeeH6SO/EgTL5cCXwP6L2R2vP67gSsP01HBTOAOzEzXQQ4IY1k
-K2zUjbJJBx8HylvcYLlbsRce1uvMmCR/b7QWJEXR/7VXqjCtmYIwroxhGiMpH5Fs
-sh0z62BiBXDLc0iSKVBD3P36Uv++o51aDOg/V928ve/D4ISf28IiNnVIg1/zrUy2
-+LpFSUkU+Szjd77leUSjOTFnpyHQhlsZuG02S4SO1opXO6HblhuEjCEcw2TUDgvX
-b9hsuj+C+d4DFdTdQ/bPZ0sc2351wkiqn4JhMekAEQEAAYkERAQYAQIADwUCVeSh
-4QIbAgUJA8JnAAIpCRBQ4IhVk9LctMFdIAQZAQIABgUCVeSh4QAKCRAH+p7THLX6
-JlrhD/9W+hAjebjCRuNfcAoMFVujrSNgiR7o6aH5Re0qcPITQ4ev4muNEl+L1AMc
-BiAr7Ke7fdEhhSdWiBOutlig3VFRRaX6kOQlS5h+laziJQc84VR9iBnWMsfK3Wad
-MYmRkTR4P/lHsGTvczD8Qhl7kha8BGbm1a4SgWuF3FORxEWkimz8AIpaozf+vD4C
-V2rVSaJ0oHRLJXqQHrhWuBy73NVF4wa/7lxDi7Q3PA8p6Rr5Kr+IVuPVUvxJOVLE
-UfGgpEnMnTbRu322HvUqeLNrNnSCdJKePuoy2Sky0K+/82O877nFysagTeO4tbLr
-+OiVG/6ORiInn1y7uQjwLgrz8ojDjGMNmqnNW8ACYhey4ko3L9xdep0VhxaBwjVW
-BU6fhbogSVkCRhjz8h2sLGdItLzDxp69y0ncf931H0e5DAB7VbURuKh6P8ToQQhW
-UD5zIOCyxFXMQPA63pxd7mQooCpaWK1i80J/fRA5TBIPLqty2NEP3aTePelrBdqi
-Qol/aPQ3ugtrnP/PLLlJ0zxg/YNGgBFRwNHgnu7HxOOrE4gap8prvZCKC/05A71A
-Xwj6u2h9so9jSrE5slrOgfh9v9w9AyuQzNMG/2l1Cli4UpeVqy07Qn27evjEbad6
-HT1vmrPJE3A/D9hzEFPWMM+sPOWH+4L2Qekoy954M5fWCQ2aoL3+EACDFKJIEp/X
-c8n3CRuqxxNwRij6EJ2jYZZURQONwtumFXDD0LKF7UpcZrOiG4i2qojp0WQWarQu
-ITmiyds0jtDg+xhdQUZ3HgjhN/MNT3O0klTXsZ4AYrys9yDhdC030kD/CqKxTOJJ
-Cz8z2of2xXY9/rKpTvZAra+UBEzNKb7F+dQ3kclZF6CGMnNY51KBXi1xRAv9J8Ld
-sdNsTOhoZG/2s4vbVCkgKWF60NRh/jw7JFM9YYre8+qMR1bbaW/uW4Ts9XopaG5+
-auS9mYFDgICdyXqrwzUo4PLbnTqTxni6Ldt525wye+/hex5ssLi+PMhCalcWEAKU
-YYW/CfDyZqwtRDoBAKwStcV5DrcK28YBzheMAEcGI7dExVHYpET+49ERwTvYQtwK
-qZSDBoivrQg5MdJpu8Ncj126DbN2lwQQpIsMmq93jOCvDEPTdTUOs5XzLv8YTYDK
-iyxm3IKPsSvElnoI/wedO4EscldAAQqNKo/6pzI+K4EhifyLT1GOMN7PCaHzW449
-DrSJNd3yL7xkzNtrphw32a9qLJ43sWFrF21EjG1IQgUV4XOz01Q2Hp4H1l1YE11M
-bSL/+TarNTbEfhzv6tS3eNrlU/MQDLsUn76c4hi2tAbKX8FjXVJ/8MWi91Z0pHcL
-zhYZYn2IACvaaUh06HyyAIiDlgWRC7zgMbkCDQRWT38IARAAzWz3KxYiRJ04sltT
-wnndeFYaBMJySA+wN2Y2Re5/sS1C97+ryNfGcj50MQ7mRbSXzqvfvlbvgiLjSL33
-7UwahrXboLcYxbmVzsIG/aXiCogPlJ3ooyd6Krn/p4COtzhVDlReBSkNdwUxusAs
-AVdSDpJVk/JOTil49g7jx3angVqHmI/oPyPIcGhNJlBVofVxJZKVWSsmP8rsWYZ0
-LHNdSngt7uhYb8BO57sSfKpT0YJpP7i5/Au3ZXohBa9KtEJELX/WJe95i38ysq/x
-edRwKg7Zt9aNND7Tiic+3DRONvus3StvN6dHEhM84RNWbk/XDmjjCk92cB6Gm32H
-PDk8rnAfXug/rJFWD/CzGwCvxmPuikXEZesHLCdrgzZhVGQ9BcAh8oxz1QcPQXr7
-TCk8+cikSemQrVmqJPq2rvdVpZIzF91ZCpAfT28e0y/aDxbrfS83Ytk+90dQOR8r
-StGNVnrwT/LeMn1ytV7oK8e2sIj1HFUYENQxy5jVjR3QtcTbVoOYLvZ83/wanc4G
-aZnxZ7cJguuKFdqCR5kq4b7acjeQ8a76hrYI57Z+5JDsL+aOgGfCqCDx2IL/bRiw
-Y1pNDfTCPhSSC054yydG3g6pUGk9Kpfj+oA8XrasvR+dD4d7a2cUZRKXU29817is
-fLNjqZMiJ/7LA11I6DeQgPaRK+kAEQEAAYkCHwQoAQgACQUCVzocNwIdAgAKCRBQ
-4IhVk9LctGVfEADBBSjZq858OE932M9FUyt5fsYQ1p/O6zoHlCyGyyDdXNu2aDGv
-hjUVBd3RbjHW87FiiwggubZ/GidCSUmv/et26MAzqthl5CJgi0yvb5p2KeiJvbTP
-ZEN+WVitAlEsmN5FuUzD2Q7BlBhFunwaN39A27f1r3avqfy6AoFsTIiYHVP85Hsc
-CaDYc2SpZNAJYV4ZcascuLye2UkUm3fSSaYLCjtlVg0mWkcjp7rZFQxqlQqSjVGa
-rozxOYgI+HgKaqYF9+zJsh+26kmyHRdQY+Pznpt+PXjtEQVsdzh5pqr4w4J8CnYT
-JKQQO4T08cfo13pfFzgqBGo4ftXOkLLDS3ZgFHgx00fg70MGYYAgNME7BJog+pO5
-vthwfhQO6pMT08axC8sAWD0wia362VDNG5Kg4TQHFARuAo51e+NvxF8cGi0g1zBE
-fGMCFwlAlQOYcI9bpk1xx+Z8P3Y8dnpRdg8VK2ZRNsf/CggNXrgjQ2cEOrEsda5l
-G/NXbNqdDiygBHc1wgnoidABOHMT483WKMw3GBao3JLFL0njULRguJgTuyI9ie8H
-LH/vfYWXq7t5o5sYM+bxAiJDDX+F/dp+gbomXjDE/wJ/jFOz/7Cp9WoLYttpWFpW
-Pl4UTDvfyPzn9kKT/57OC7OMFZH2a3LxwEfaGTgDOvA5QbxS5txqnkpPcokERAQY
-AQgADwUCVk9/CAIbAgUJAeEzgAIpCRBQ4IhVk9LctMFdIAQZAQgABgUCVk9/CAAK
-CRCGM/sTtYhE8RLLD/0bK5unOEb1RsuzCqL7IWPr+Z6i7smZ0tmrTF58a3St64Dj
-R3WYuv/RnhYyh8xCtBod7ZoIl2S+Azavevx22KWXPQgRtwhlCJFsnDoG9C5Kj0Bq
-Urtyk+9nlGeIMOUPjMJJocEaB9yHZs7J9KFNyqpEY7x2XW6HTDihsBdaOUu814g6
-C4gLiXydwbQMzU2Crefc1w/fWhSxjqiyUlKp571jeauWuUdtbQmwk/Kvq9yreHkE
-WN4MHs2HuBwwBmbj0KDFFDA2u6oUvGlRTfwomTiryXDr1tOgiySucdFVrx+6zPBM
-cqlXqsVDsx8sr+u7PzIsHO9NT+P3wYQpmWhwKCjLX5KN6Xv3d0aAr7OYEacrED1s
-qndIfXjM5EcouLFtw/YESA7Px8iRggFVFDN0GY3hfoPJgHpiJj2KYyuVvNe8dXps
-jOdPpFbhTPI1CoA12woT4vGtfxcI9u/uc7m5rQDJI+FCR9OtUYvtDUqtE/XYjqPX
-zkbgtRy+zwjpTTdxn48OaizVU3JOW+OQwW4q/4Wk6T6nzNTpQDHUmIdxsAAbZjBJ
-wkE4Qkgtl8iUjS0hUX05ixLUwn0ZuGjeLcK9O/rqynPDqd9gdeKo5fTJ91RhJxoB
-SFcrj21tPOa0PhE/2Zza24AVZIX5+AweD9pie8QIkZLMk6yrvRFqs2YrHUrc5emk
-D/4lGsZpfSAKWCdc+iE5pL434yMlp73rhi+40mbCiXMOgavdWPZSDcVe+7fYENx0
-tqUyGZj2qKluOBtxTeovrsFVllF9fxzixBthKddA6IcDQdTb076t/Ez51jX1z/GR
-Pzn8yWkDEvi3L9mfKtfuD4BRzjaVw8TtNzuFuwz2PQDDBtFXqYMklA67cdjvYdff
-O7MeyKlNjKAutXOr/Or70rKkk2wZLYtSeJIDRwUSsPdKncbGLEKvfoBKOcOmjfZK
-jnYpIDDNqAsMrJLIwyo+6NSUtq84Gba6QjPYLvJ9g4P299dIYzFxu/0Zy4q9Qgfj
-JOav3GUQT1fRhqqRS11ffXFqClJKqsKSChcPhNhK5wt6Ab6PVbd9RQhI8ImLQ81P
-Wn708rOr1dQTQfPvJrHBBrEolUw/0y7SxPmQZUkYlXiT6bvsUa2n2f4ZzIgtYtZ5
-JSuoqcut/jmeUQE1TUUyG+9HVMfmhlhjNO0pDiFdSAgjk+DyTd5lUVz3tPGFliID
-q7O/sgDq6xtSlGKvQt/gRoYstrillyxfIVqR10C2t2kCBXKSX3uQmbx3OaX8JtZ2
-uMjmKZb2iovfSf8qLSu49qrsNS9Etqvda0EXqaHeX+K8NjENoQEdXZUnBRJg9VVa
-0HkPiFSFIwF8IPWewm0DocZil66bp/wrHVsJkw7AwE/zJrkCDQRXOi4eARAA+cAK
-fT0IoViuCxqa6uPteVC8/qp8ZiEPri0neCt+khngPpCX9JseOyRJEzwt9+31Xgzs
-CWlfW5BWrLBd3F4caRqucu3ZnE68Qtrw6kcOsJ8LSiok/uu1XnXW1mgpRxlu0i83
-YVM6+BrIXroP22SWVxkDkAXDlgvFmIvrh9TG43uSRjmgriSnJ7EOgDXDrZ5mTlnl
-GHb6EGpHJHoJsfp3JdBAh4oNGBBHf5fZZhBiUIJSGwbLg8oEzOuycNor9mEiJPaA
-yPm22braWRgvX7beOca60eNGIuQSZ8ML3G6rog/pNdbNgLf1hvrfl7NJCJJ0iB7B
-PYw8e5+xPEHNLrJI6NjFCbD0dlHnuq79ePc9bPQALa/6lIICOCAZJYDCf7S2dHqk
-HCOnr8F2A2qwAqP5IlVqdS7sSy7D9wDDYis7jlMw8vVWjqcL6MNxJDk3h/0ns7Ad
-5TNfJnLUnUbYWeH5QYbPsGgqQomhSWBvhCZkILnE7Rpbtjl55/CvTXN1L6jyi9qJ
-eSoWORjwhTlACKDzlsLRTO24sM/KjKDajYrqU3CRVDQGgQL0yU3qDz/mql+awQAM
-US9ckaf/ohBM8SrCandNvE/+as426Mf6/FH6R7kntJppYQZJMwq0XlyueadWs8xr
-CjrXnXFijvrVkaZhlCfJRZPEdI76hGscRp8Sr6kAEQEAAYkERAQYAQgADwUCVzou
-HgIbAgUJAeEzgAIpCRBQ4IhVk9LctMFdIAQZAQgABgUCVzouHgAKCRBI+blqLhYT
-f6o8D/0WqjCOqB4rAv29MGpz5SZbk57TbQrKfjneSDVeCsvgofUBL6z9yA2jEanI
-h76Lo6r5ZnvF8I4pDImiRCjhZ+4vDOKaO5yvrNKruusr+ZA6DDPwjlhnRPqW8Sm1
-YGl1VqAqQEjib4I7dbGb5qpR/PkAj64UDtLtbMfx6Zb9B9ZJvYEiWUbAEQWUohRh
-w6vT/qS07GrKgG35JFiJKrNPSFEh/YOLKq+vLVZwDKX91Tvabs3MuNFIavuMiGao
-qv4/JVRA1Iw3E9zCsXgFhIfQll4XvrrPXiGAllFzaqX29PnvqMngjPRDTh+jHNUj
-Fv8MNvhs1o3jc1pQAJT5JIpPQJJpbnNnrYoCJoBO0kfJ04zEDznHkuVbLRn2pxWs
-CrF2Agwm4GB3YSenEW8AKcmtS4ov0Yaw5csY3fXUDXjBaPR9dweNWT/kaY5V4NUw
-OutecnZ0o0yDc57GGIjFhTcULMdOCE6DbSTfljqcoAoPIydzQ4rlMdmTkiM5k2F/
-jDHCURersqF8Naro7Nx2fKokPrLKUst+pFBBwbeTO9tWEbOnl/ypHeRW9XA31sZ0
-yvvSwUrWnHC+UDpHPzvaAGleAOK7gGyJehVIw9BhgZB1LplkbkGgpS8L/3CAcaQ4
-88MP5NK0peO+ED/ocNhi1tC/cHbLXtDiz/eG/1rIdxkOh3D61WiyD/42Oj2h4BHt
-5qTS12By95po4avzgqaV3PFYi9Rx6tBvzwnD7x2UeGk4wzFdb2V4LWoe6bqMokxb
-UMWJgP5faWDT6/urhBt4GYcBxX0b3l9qBs20hP5JVHGX208gOW5cjfHrTNiHiY4/
-CbQrbAdO24CUYZtYEmDNdHN+KHrlLLjkf0v5yGjVK2XBqs8l6upA7xBGHAF7U/Xk
-LYrvyusqqWdvdGHGHthbLBzjceO+4N+lb6RyHRuF6kgbLdCcaKfCMUs/v1ZXgYGh
-dk7NWFHFDoF8DByHwluoihd10OudGPFg7ydTc6+V3kt9SN1/iQbk2/rHffI1tm28
-MfBvN+K/Da+Y+EAqTbUDHl6O30mSGZjLl1xJxvWoezU98TdPCxy7L9XRFfqZlBJA
-o8cxRIPHpqKIaRy0wn616xCDfUSQ9NBLlDITL4d7tNvDC9hLpehFKMKIEct5WDfa
-QIWQe2o1fjVsU2Is2wXVmdi9A7X3q7yWVA766zQTxQO61TcgyoJM9k2DxncsmwXI
-a8oD6KP4VYtrtsx8r4VXPEjHucCjPe+qgyY65wBPXSl5U21AiUuGGegFQwRD6L7Z
-qT3K5JLDlK/kkaV3l8i0onfJ+5CytOB2T6QPQnJ4YnchK9w3EiyDrgzl0IpotQXx
-OBGHoCtcxUZvkNeOIxAb8QwkWnhgkljMybkCDQRZIy9RARAAx0HKx3EkqAd93ZFZ
-/5iJDUEWB5GpMdlc+gTyh+/P1ys2Ob/gZxI0j9/OYMomV9SkPnaZvwxVfxabBpuM
-3UTp1+Cvgn0ghXNZqptyj6o9pW+JYUA4aD8MgmqUYXSq7nHFG7LbQ3y8N+wAoRJ3
-Obt4ZnyvEqW1PuE4OF9JbjmLUW3mj+OLkcMptbhYDafM9IDqAp0eKORXZ+z3xhJX
-nV+4B82RdJHKwfAmaemjMNTK8yuwBJ38k773JiCNbptHG3IE/TkDcIbBXAY2desS
-3+JbkwWtXK+Xn7XhwAxyuY6Zh0o8oIsIQO+mQc3NivbW6eqfIPH08m+sJs61Of4r
-O1xB9lRHYEYxUCDrOydzJyDq+X4W6CymRIHcDiQ5vZmfbGkmBmlxA4/OGshbbC1g
-aeniecelbgExZ7H6oFuRhIem7lnZV6yJtg293paUhHvHfHtLv4hdriSwkWV5vQLh
-GIjJ9g3XJAJ+lkgbge3CoN2oSqIjS9k1ohwRzfEfYRldckmNHJCYj9T9vkWX4wUN
-YMHOb5Ct2fybGSWSQuPBfKeOjdHhO49C4RM8IvvPaBaVmFWqRdiRrOjZkyb51xX4
-zjoENYlKzXxlk0lg6eQE2m40uzon+PKu32/hI+Nc3ARIzUm/mb7v9P58pLzOXKlI
-W46p6wR4dqJR48hgJlnDup5yDdUAEQEAAYkERAQYAQgADwUCWSMvUQIbAgUJAe5o
-XwIpCRBQ4IhVk9LctMFdIAQZAQgABgUCWSMvUQAKCRDeL4+H70tO2bzzEACTbFvi
-MxRtepG0rYeBaDwJaB9CUH6mlTuFaz0HjmvR42CwrN87DUbr0B5mZcxV9IdEN2+c
-cwTIOhMmvxePqpkfekiw9nGbfOnWgAMOpiJvs9QctZU4JKwI/NwybII2Zum6L5KX
-S6EUq372yWT/jzbn5sCuasud+zugjGaYYrjmnzXy0jafUXkIjsPl1vj/ANlUvhP9
-4Aqpl1Fk+tHGan6OrxyvLp/4BZU3TmfFVD3MJhF8tWgcMVzT91Uhev7D/S1YptY9
-Bh3rjAj/uxcwjyciSbo/WL4rTKco5zB9Wa+1lbWo6dO8UYt6rm6g8/tI4ql8jiAW
-4c1rdQVpvukYqhGZqalwaxYXeNjzqdFmh4A7CQTELgMF2fvcsGFX6Pzm/3Z/jlQn
-9Uwc3I+WMZUNmqLnljTru3uCewczwA720EEbonHEGZb4eWi39KytUekfZTaQM9Kj
-nmiAG0NedWSnAf6IEJRHZle0AZAFvKwrfUpQyK1G2fBI3QLvb33US44zZzM7HP1s
-zGm6Wj2nUJtWOjSiorHgiyNp5rK9ZMtIkaoSDQhg1Z4Kd+HlZOeC5sOTCDH1Porf
-idlJLFsQZSPAjmgWEGB1buYr/Qa6e7RdR8beDKM+ZwFQQge+h8LeXQOYTrhvGdWQ
-G8bFT008cvm27Pz6BDOsh48J1t7jbMuW/pLYEAg8EACpOsWlWEIYoUPOpSELcBCN
-lkeuURirbGGvMWTsVTu+fsz1smacjyXrd5NdQL1VZl65Vfauba4k1OUlRCDE+bdM
-Ze6nGbH+/2/IioUUVKxS/skJlfXq/oZ1+pfel/rbmeYEPURJQG8cQjAlB7tRzX5B
-c+gshgmJ+DNQJ15bEAu1V2TdQKqjA4VtClJThSUpg4HlKIl3WpgaBJpXTeb35j3u
-9+pKxwp1AOaLUiwG3YcnbZrKmqP1/lFR3Iyz6OoL/c0CRAP5cckFbDsJN5FmR9Ns
-+j/e7Ci0+ic/62R8Yqrqzbtoj/ISfTfYPrKEo1FmcptgGVy3ty8jps1KdkJy6RDN
-EtoSQ5C4gFg40WIQ/nUJEegLVwm/y+AKQ/bArLmfH+SPVRV/WVKgjZHoU5FwhP79
-3DzG8wF0Pfq6iYNpCziUYMSI9As+zdXpee0f0xtvji++V3J4PaOWX2/59OnHwR27
-kfS68AO03dY9yhiAw41bKNafIwfAJNVUyiP+JgXc/EYVtZtcSJC+h5v8dxi8W3GR
-3Oa0hgV/GKQwofqV0QN63sW0N/MVH/73HdOl90N+We5L3hWNkWnX+klCmpbBb89a
-JUz0rdDolFlffrdwVM5RvAT0OBNo4ZTDv5p0+4ahoZpXT/kQGXDVdBFvp9GLTH3l
-tNPsShDTwMfzQ7k8ah9PXLkCDQRafkZ/ARAAvgHVVJkPpsamuOc7dGWE1GyGX2CH
-f2djECtRq94uqkY3RMmlxNbpL2gFcxjXJy3ed9KgYsgg1anOiD/VXg8QlGvk4qM6
-0OHMhlc4FZwo/YCJVmPEHToQC/m9jBVharMvThBtjy1D025EJ9dWmfe+e9RI7bSl
-H3m0Z5cbEFRPDgva/dpSOh4QimQ36UJ/nXpREhb93Apev3VcJ9iCDv+5WmcYJLUU
-ijICpfbfQuXDlsBiFDDa2dIzJEl1wugretLCft+yumJ0tMMtOJEhaE2H+XG6EFo2
-X7XOvp7kLrWFp1F0DvmMUVpdYROzKglxYEphccZwya+sbheqUoVTFQ3L6vvRLPre
-jhXQyQPbw9en/i7fErJZv5NIyKaiTEn5KY8b8A7xTK5GULxKRp4mAh0g/SLq4bR4
-b4mWrDVzDX+SW8Y2+nGGUlOKqg6ivgNLTOC8lxtJSoXPPrA2ibpJ2Wab12n37f3t
-WokPepit6DBa0Txl49H788mRplMgeiMXAnoUv0EBhFmPWsW0aBOW2ShPvlHjJHmB
-0jVPMbAtLZXMSIarTgWFuZguNxXwcjDWGLH+1+kG76MqBpoyiJguOGAj36Xqx8Fj
-cACt36h+y7heLmhrbxB6tMUlmJepACi+NVDBnx38ZsqQ8cI7n0q9Lt63eZyth99Q
-onJKpvQSMYp1zH8AEQEAAYkEcgQYAQgAJhYhBAQSfQv6vsiHH/sszlDgiFWT0ty0
-BQJafkZ/AhsCBQkCdISxAkAJEFDgiFWT0ty0wXQgBBkBCAAdFiEETXJBsUqkcpBR
-XWqNf7MqvAY46y8FAlp+Rn8ACgkQf7MqvAY46y/irQ/+N9vsoc2+oEqdA1HhoW+Z
-1x0ddWj1jtrIHzwvQLdQ2c9Mfvib1vQT0Aj2c1fkYF12eYEzbqUuDTGgH8pQIgD5
-epovF6Ue630KP4cZ3QE6XcEoEqJ6uyUrg51VjdH/jP4T2XsLxCKZCwV97ohIo6aV
-hg4M0pHDULe7hSOlEgpdCYDgbNAhXrNbviD6OlKmS0k+NIUIwy/iyOxa2IbmlY1P
-3kIwlPnbFPzPQECHnuemzbfzo1GOJ4j7iLbgQ0zZqQnLlnjPcp+k+wrK+eweCSIJ
-RN9ytimEgDeUpIN76Vnw6yZ/lrVz6zbbovn0jryEs3LT3dUiHBAcbiJKF6HAiULT
-ApVzIRJjkPjJhXG3rwIjME7sf1O+5MU0T3TurNvx/ZJDfhuL9zH5HuzLik5JBs8K
-U1tvLWM1B+Z1AMFvUUPuKV0kPyY0yyr/yU9/ZyDmIz4rDvAw59VJz60x1WXFE/oz
-u9kBmtcp9R6DI96N/9v7KeS4SFOhaqrOLcOxdt1HQQcDiigqmQH08EzYBqttUIJR
-Wmwm2Tt1viMMVPxTqSHAmNOYnPj8o7wfW9YWgpvLEG2w8JHcwS9ccvC26FtUCxyv
-ZUDc7AeZ4zaf+ePV5uzg3sM+9nH4jMhh/T24jhs+WWlI5mbGYWbuLTtKZw6BX8eW
-jORyOcXf4zcflRMrQ3xrIGvfWA//VvWxKMNEcuBebsGOHYECI3f7H8dpdOTiIsYm
-0RC/+7ppdUsbTRcW3rw9YbpV++oyns7anwnhH6BjiXlO4bPVUEYvID6kT6f182bK
-r8r/bEdfy/YKYETLX2Lrui7PID9uJgjEoTETkWIiuWQfpWOQc6rStoCpGkszsy9q
-+stMia1xoE+AZjzGXa10CqV4ytEL9X4MbY6d08FTnuqW2SKcTOgyEFV05T3EVlwx
-LycGMO/Y+HVu3r8TzqMUxnDVXhfPHZ50t4GfdDRCAW5gQbgEbCoYNZOx+qpym2WV
-COaK7XECy+cgZpI5VoDoAVanfBMhZprTU4jmQsI9uf5WI+Jbx5I693EiAFVS/9vg
-Ety6H7P5GclkQtcvYkIy4oK47C3wMus4beF4g6daxs4amWbkcqH1DL7AT/o7uwcc
-B/Fcb6C7Lky0891PxcQBPRLqyydjKMDhxsqTmDGcWOvfTgNh7AeHRl5PNzTmqCWe
-1PLwEBvsPs4z6VC9klPL2y2o9m8SKG0WLjt1T123RmYVp95/aB36AHFu/+Xjy9AT
-ZskQ/mDUv6F4w6N8Vk9R/nJTfpI36vWTcH7xxLNoNRlL2b/7ra6dB8YPsOdLy158
-61Awgh2LQ3x83J/vswmuGi1eaFPCiOOMsjsgdvmDKgWwzGGI+XZjv/NbrgJcrXKB
-2jibQQI=
-=KhYl
------END PGP PUBLIC KEY BLOCK-----
diff --git a/image-builder/download_kubernetes.sh b/image-builder/download_kubernetes.sh
deleted file mode 100755
index 0b5cdd042..000000000
--- a/image-builder/download_kubernetes.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright 2019 The Machine Controller Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -eu
-set -o pipefail
-
-TEMPDIR="$(mktemp -d)"
-trap "rm -rf $TEMPDIR" EXIT SIGINT
-
-SCRIPT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
-mkdir -p "$SCRIPT_DIR/downloads"
-
-K8S_RELEASE=""
-
-while [ $# -gt 0 ]; do
-  case "$1" in
-    --release)
-      K8S_RELEASE="$2"
-      shift
-    ;;
-    *)
-      echo "Unknown parameter \"$1\""
-      exit 1
-    ;;
-  esac
-  shift
-done
-
-if [[ -z "$K8S_RELEASE" ]]; then
-  K8S_RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
-  echo " * Latest stable version is $K8S_RELEASE"
-else
-  echo " * Using version $K8S_RELEASE"
-fi
-
-wget --quiet https://dl.k8s.io/$K8S_RELEASE/bin/linux/amd64/{kubeadm,kubelet,kubectl}.sha1 -P "$TEMPDIR"
-
-for util in kubeadm kubelet kubectl; do
-  echo "   * $util"
-  if [[ -x "$SCRIPT_DIR/downloads/$util-$K8S_RELEASE" ]]; then
-    CALCULATED_SHA1="$(sha1sum "$SCRIPT_DIR/downloads/$util-$K8S_RELEASE" | cut -f1 -d ' ')"
-    EXPECTED_SHA1="$(<"$TEMPDIR/$util.sha1")"
-    if [[ "$CALCULATED_SHA1" != "$EXPECTED_SHA1" ]]; then
-      echo " * SHA1 digest verification failed. $CALCULATED_SHA1 != $EXPECTED_SHA1"
-      echo " * The downloaded $util is either corrupted or out of date. Check your downloads and remove manually to continue."
-      exit 1
-    fi
-  else
-    wget "https://dl.k8s.io/$K8S_RELEASE/bin/linux/amd64/$util" -P "$TEMPDIR"
-
-    CALCULATED_SHA1="$(sha1sum "$TEMPDIR/$util" | cut -f1 -d ' ')"
-    EXPECTED_SHA1="$(<"$TEMPDIR/$util.sha1")"
-    if [[ "$CALCULATED_SHA1" != "$EXPECTED_SHA1" ]]; then
-      echo " * SHA1 digest verification failed. $CALCULATED_SHA1 != $EXPECTED_SHA1. Download failed."
-      exit 1
-    fi
-
-    mv "$TEMPDIR/$util" "$SCRIPT_DIR/downloads/$util-$K8S_RELEASE"
-    chmod +x "$SCRIPT_DIR/downloads/$util-$K8S_RELEASE"
-  fi
-done
diff --git a/pkg/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/openstack.yaml b/pkg/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/openstack.yaml
index 157d535d4..967b127c1 100644
--- a/pkg/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/openstack.yaml
+++ b/pkg/apis/cluster/v1alpha1/conversions/testdata/machinesv1alpha1machine/openstack.yaml
@@ -65,7 +65,7 @@ spec:
       # the list of tags you would like to attach to the instance
       tags:
         tagKey: tagValue
-    # Can be 'ubuntu' or 'centos'
+    # Can be 'ubuntu'
     operatingSystem: "ubuntu"
     operatingSystemSpec:
       distUpgradeOnBoot: true
diff --git a/pkg/cloudprovider/provider/aws/provider.go b/pkg/cloudprovider/provider/aws/provider.go
index 4697c6aec..bc8169ee8 100644
--- a/pkg/cloudprovider/provider/aws/provider.go
+++ b/pkg/cloudprovider/provider/aws/provider.go
@@ -22,7 +22,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"strings"
 	"sync"
 	"time"
 
@@ -100,43 +99,6 @@ var (
 	}
 
 	amiFilters = map[providerconfigtypes.OperatingSystem]map[awstypes.CPUArchitecture]amiFilter{
-		// Source: https://wiki.centos.org/Cloud/AWS
-		providerconfigtypes.OperatingSystemCentOS: {
-			awstypes.CPUArchitectureX86_64: {
-				description: "CentOS Linux 7* x86_64*",
-				// The AWS marketplace ID from CentOS Community Platform Engineering (CPE)
-				owner: "125523088429",
-			},
-			awstypes.CPUArchitectureARM64: {
-				description: "CentOS Linux 7* aarch64*",
-				// The AWS marketplace ID from CentOS Community Platform Engineering (CPE)
-				owner: "125523088429",
-			},
-		},
-		providerconfigtypes.OperatingSystemRockyLinux: {
-			awstypes.CPUArchitectureX86_64: {
-				description: "*Rocky-8-ec2-8*.x86_64",
-				// The AWS marketplace ID from Rocky Linux Community Platform Engineering (CPE)
-				owner: "792107900819",
-			},
-			awstypes.CPUArchitectureARM64: {
-				description: "*Rocky-8-ec2-8*.aarch64",
-				// The AWS marketplace ID from Rocky Linux Community Platform Engineering (CPE)
-				owner: "792107900819",
-			},
-		},
-		providerconfigtypes.OperatingSystemAmazonLinux2: {
-			awstypes.CPUArchitectureX86_64: {
-				description: "Amazon Linux 2 AMI * x86_64 HVM gp2",
-				// The AWS marketplace ID from Amazon
-				owner: "137112412989",
-			},
-			awstypes.CPUArchitectureARM64: {
-				description: "Amazon Linux 2 LTS Arm64 AMI * arm64 HVM gp2",
-				// The AWS marketplace ID from Amazon
-				owner: "137112412989",
-			},
-		},
 		providerconfigtypes.OperatingSystemUbuntu: {
 			awstypes.CPUArchitectureX86_64: {
 				// Be as precise as possible - otherwise we might get a nightly dev build
@@ -151,20 +113,6 @@ var (
 				owner: "099720109477",
 			},
 		},
-		providerconfigtypes.OperatingSystemRHEL: {
-			awstypes.CPUArchitectureX86_64: {
-				// Be as precise as possible - otherwise we might get a nightly dev build
-				description: "Provided by Red Hat, Inc.",
-				// The AWS marketplace ID from RedHat
-				owner: "309956199498",
-			},
-			awstypes.CPUArchitectureARM64: {
-				// Be as precise as possible - otherwise we might get a nightly dev build
-				description: "Provided by Red Hat, Inc.",
-				// The AWS marketplace ID from RedHat
-				owner: "309956199498",
-			},
-		},
 		providerconfigtypes.OperatingSystemFlatcar: {
 			awstypes.CPUArchitectureX86_64: {
 				// Be as precise as possible - otherwise we might get a nightly dev build
@@ -275,13 +223,6 @@ func getDefaultAMIID(ctx context.Context, log *zap.SugaredLogger, client *ec2.Cl
 		return "", fmt.Errorf("could not find Image for '%s' with arch '%s'", os, cpuArchitecture)
 	}
 
-	if os == providerconfigtypes.OperatingSystemRHEL {
-		imagesOut.Images, err = filterSupportedRHELImages(imagesOut.Images)
-		if err != nil {
-			return "", err
-		}
-	}
-
 	image := imagesOut.Images[0]
 	for _, v := range imagesOut.Images {
 		itime, _ := time.Parse(time.RFC3339, *image.CreationDate)
@@ -332,16 +273,8 @@ func getDefaultRootDevicePath(os providerconfigtypes.OperatingSystem) (string, e
 	switch os {
 	case providerconfigtypes.OperatingSystemUbuntu:
 		return rootDevicePathSDA, nil
-	case providerconfigtypes.OperatingSystemCentOS:
-		return rootDevicePathSDA, nil
-	case providerconfigtypes.OperatingSystemRockyLinux:
-		return rootDevicePathSDA, nil
-	case providerconfigtypes.OperatingSystemRHEL:
-		return rootDevicePathSDA, nil
 	case providerconfigtypes.OperatingSystemFlatcar:
 		return rootDevicePathXVDA, nil
-	case providerconfigtypes.OperatingSystemAmazonLinux2:
-		return rootDevicePathXVDA, nil
 	}
 
 	return "", fmt.Errorf("no default root path found for %s operating system", os)
@@ -1212,21 +1145,6 @@ func getInstanceCountForMachine(machine clusterv1alpha1.Machine, reservations []
 	return count
 }
 
-func filterSupportedRHELImages(images []ec2types.Image) ([]ec2types.Image, error) {
-	var filteredImages []ec2types.Image
-	for _, image := range images {
-		if strings.HasPrefix(*image.Name, "RHEL-8") {
-			filteredImages = append(filteredImages, image)
-		}
-	}
-
-	if filteredImages == nil {
-		return nil, errors.New("rhel 8 images are not found")
-	}
-
-	return filteredImages, nil
-}
-
 // waitForInstance waits for AWS instance to be created.
 // If machine-controller tries to get an instance before it's fully-created,
 // but after the instance request has been issued, it could
diff --git a/pkg/containerruntime/containerd.go b/pkg/containerruntime/containerd.go
index 2b5250658..df5c1fc69 100644
--- a/pkg/containerruntime/containerd.go
+++ b/pkg/containerruntime/containerd.go
@@ -70,12 +70,6 @@ func (eng *Containerd) ScriptFor(os types.OperatingSystem) (string, error) {
 	}
 
 	switch os {
-	case types.OperatingSystemAmazonLinux2:
-		err := containerdAmzn2Template.Execute(&buf, args)
-		return buf.String(), err
-	case types.OperatingSystemCentOS, types.OperatingSystemRHEL, types.OperatingSystemRockyLinux:
-		err := containerdYumTemplate.Execute(&buf, args)
-		return buf.String(), err
 	case types.OperatingSystemUbuntu:
 		err := containerdAptTemplate.Execute(&buf, args)
 		return buf.String(), err
@@ -101,55 +95,6 @@ EOF
 
 systemctl daemon-reload
 systemctl restart containerd
-`))
-
-	containerdAmzn2Template = template.Must(template.New("containerd-yum-amzn2").Parse(`
-mkdir -p /etc/systemd/system/containerd.service.d
-
-cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
-cat <<EOF | tee /etc/crictl.yaml
-runtime-endpoint: unix:///run/containerd/containerd.sock
-EOF
-
-yum install -y \
-	containerd-{{ .ContainerdVersion }} \
-	yum-plugin-versionlock
-yum versionlock add containerd
-
-systemctl daemon-reload
-systemctl enable --now containerd
-`))
-
-	containerdYumTemplate = template.Must(template.New("containerd-yum").Parse(`
-yum install -y yum-utils
-yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-{{- /*
-    Due to DNF modules we have to do this on docker-ce repo
-    More info at: https://bugzilla.redhat.com/show_bug.cgi?id=1756473
-*/}}
-yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-cat <<EOF | tee /etc/crictl.yaml
-runtime-endpoint: unix:///run/containerd/containerd.sock
-EOF
-
-mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
-yum install -y containerd.io-{{ .ContainerdVersion }} yum-plugin-versionlock
-yum versionlock add containerd.io
-
-systemctl daemon-reload
-systemctl enable --now containerd
 `))
 
 	containerdAptTemplate = template.Must(template.New("containerd-apt").Parse(`
diff --git a/pkg/controller/machine/controller.go b/pkg/controller/machine/controller.go
index 363d254ee..4cec263a9 100644
--- a/pkg/controller/machine/controller.go
+++ b/pkg/controller/machine/controller.go
@@ -43,15 +43,11 @@ import (
 	"github.com/kubermatic/machine-controller/pkg/cloudprovider/util"
 	"github.com/kubermatic/machine-controller/pkg/containerruntime"
 	controllerutil "github.com/kubermatic/machine-controller/pkg/controller/util"
-	kuberneteshelper "github.com/kubermatic/machine-controller/pkg/kubernetes"
 	"github.com/kubermatic/machine-controller/pkg/node/eviction"
 	"github.com/kubermatic/machine-controller/pkg/providerconfig"
 	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	"github.com/kubermatic/machine-controller/pkg/rhsm"
 	userdatamanager "github.com/kubermatic/machine-controller/pkg/userdata/manager"
 	userdataplugin "github.com/kubermatic/machine-controller/pkg/userdata/plugin"
-	"github.com/kubermatic/machine-controller/pkg/userdata/rhel"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
@@ -122,8 +118,6 @@ type Reconciler struct {
 	bootstrapTokenServiceAccountName *types.NamespacedName
 	skipEvictionAfter                time.Duration
 	nodeSettings                     NodeSettings
-	redhatSubscriptionManager        rhsm.RedHatSubscriptionManager
-	satelliteSubscriptionManager     rhsm.SatelliteSubscriptionManager
 
 	useExternalBootstrap              bool
 	nodePortRange                     string
@@ -208,8 +202,6 @@ func Add(
 		bootstrapTokenServiceAccountName: bootstrapTokenServiceAccountName,
 		skipEvictionAfter:                skipEvictionAfter,
 		nodeSettings:                     nodeSettings,
-		redhatSubscriptionManager:        rhsm.NewRedHatSubscriptionManager(log),
-		satelliteSubscriptionManager:     rhsm.NewSatelliteSubscriptionManager(log),
 
 		useExternalBootstrap:              useExternalBootstrap,
 		nodePortRange:                     nodePortRange,
@@ -710,51 +702,6 @@ func (r *Reconciler) deleteCloudProviderInstance(ctx context.Context, log *zap.S
 		return &reconcile.Result{RequeueAfter: deletionRetryWaitPeriod}, nil
 	}
 
-	machineConfig, err := providerconfigtypes.GetConfig(machine.Spec.ProviderSpec)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get provider config: %w", err)
-	}
-
-	if machineConfig.OperatingSystem == providerconfigtypes.OperatingSystemRHEL {
-		rhelConfig, err := rhel.LoadConfig(machineConfig.OperatingSystemSpec)
-		if err != nil {
-			return nil, fmt.Errorf("failed to get rhel os specs: %w", err)
-		}
-
-		machineName := machine.Name
-		if machineConfig.CloudProvider == providerconfigtypes.CloudProviderAWS {
-			for _, address := range machine.Status.Addresses {
-				if address.Type == corev1.NodeInternalDNS {
-					machineName = address.Address
-				}
-			}
-		}
-
-		if rhelConfig.RHSMOfflineToken != "" {
-			if err := r.redhatSubscriptionManager.UnregisterInstance(ctx, rhelConfig.RHSMOfflineToken, machineName); err != nil {
-				return nil, fmt.Errorf("failed to delete subscription for machine name %s: %w", machine.Name, err)
-			}
-		}
-
-		if rhelConfig.RHELUseSatelliteServer {
-			if kuberneteshelper.HasFinalizer(machine, rhsm.RedhatSubscriptionFinalizer) {
-				err = r.satelliteSubscriptionManager.DeleteSatelliteHost(
-					ctx,
-					machineName,
-					rhelConfig.RHELSubscriptionManagerUser,
-					rhelConfig.RHELSubscriptionManagerPassword,
-					rhelConfig.RHELSatelliteServer)
-				if err != nil {
-					return nil, fmt.Errorf("failed to delete redhat satellite host for machine name %s: %w", machine.Name, err)
-				}
-			}
-		}
-
-		if err := rhsm.RemoveRHELSubscriptionFinalizer(machine, r.updateMachine); err != nil {
-			return nil, fmt.Errorf("failed to remove redhat subscription finalizer: %w", err)
-		}
-	}
-
 	return nil, r.updateMachine(machine, func(m *clusterv1alpha1.Machine) {
 		finalizers := sets.NewString(m.Finalizers...)
 		finalizers.Delete(FinalizerDeleteInstance)
@@ -906,11 +853,7 @@ func (r *Reconciler) ensureInstanceExistsForMachine(
 				message := fmt.Sprintf("%v. Failed to create a machine.", err)
 				return nil, r.updateMachineErrorIfTerminalError(machine, common.CreateMachineError, message, err, "failed to create machine at cloudprovider")
 			}
-			if providerConfig.OperatingSystem == providerconfigtypes.OperatingSystemRHEL {
-				if err := rhsm.AddRHELSubscriptionFinalizer(machine, r.updateMachine); err != nil {
-					return nil, fmt.Errorf("failed to add redhat subscription finalizer: %w", err)
-				}
-			}
+
 			r.recorder.Event(machine, corev1.EventTypeNormal, "Created", "Successfully created instance")
 			log.Info("Created machine at cloud provider")
 			// Reqeue the machine to make sure we notice if creation failed silently
diff --git a/pkg/providerconfig/types.go b/pkg/providerconfig/types.go
index 2fc6563e9..612a3be52 100644
--- a/pkg/providerconfig/types.go
+++ b/pkg/providerconfig/types.go
@@ -25,11 +25,7 @@ import (
 	"time"
 
 	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	"github.com/kubermatic/machine-controller/pkg/userdata/amzn2"
-	"github.com/kubermatic/machine-controller/pkg/userdata/centos"
 	"github.com/kubermatic/machine-controller/pkg/userdata/flatcar"
-	"github.com/kubermatic/machine-controller/pkg/userdata/rhel"
-	"github.com/kubermatic/machine-controller/pkg/userdata/rockylinux"
 	"github.com/kubermatic/machine-controller/pkg/userdata/ubuntu"
 
 	corev1 "k8s.io/api/core/v1"
@@ -222,18 +218,10 @@ func DefaultOperatingSystemSpec(
 	externalBootstrapEnabled bool,
 ) (runtime.RawExtension, error) {
 	switch osys {
-	case providerconfigtypes.OperatingSystemAmazonLinux2:
-		return amzn2.DefaultConfig(operatingSystemSpec), nil
-	case providerconfigtypes.OperatingSystemCentOS:
-		return centos.DefaultConfig(operatingSystemSpec), nil
 	case providerconfigtypes.OperatingSystemFlatcar:
 		return flatcar.DefaultConfigForCloud(operatingSystemSpec, cloudProvider, externalBootstrapEnabled), nil
-	case providerconfigtypes.OperatingSystemRHEL:
-		return rhel.DefaultConfig(operatingSystemSpec), nil
 	case providerconfigtypes.OperatingSystemUbuntu:
 		return ubuntu.DefaultConfig(operatingSystemSpec), nil
-	case providerconfigtypes.OperatingSystemRockyLinux:
-		return rockylinux.DefaultConfig(operatingSystemSpec), nil
 	}
 
 	return operatingSystemSpec, errors.New("unknown OperatingSystem")
diff --git a/pkg/providerconfig/types/types.go b/pkg/providerconfig/types/types.go
index 589db528a..41a1bee4e 100644
--- a/pkg/providerconfig/types/types.go
+++ b/pkg/providerconfig/types/types.go
@@ -37,12 +37,8 @@ import (
 type OperatingSystem string
 
 const (
-	OperatingSystemUbuntu       OperatingSystem = "ubuntu"
-	OperatingSystemCentOS       OperatingSystem = "centos"
-	OperatingSystemAmazonLinux2 OperatingSystem = "amzn2"
-	OperatingSystemRHEL         OperatingSystem = "rhel"
-	OperatingSystemFlatcar      OperatingSystem = "flatcar"
-	OperatingSystemRockyLinux   OperatingSystem = "rockylinux"
+	OperatingSystemUbuntu  OperatingSystem = "ubuntu"
+	OperatingSystemFlatcar OperatingSystem = "flatcar"
 )
 
 type CloudProvider string
@@ -61,11 +57,7 @@ var (
 	// AllOperatingSystems is a slice containing all supported operating system identifiers.
 	AllOperatingSystems = []OperatingSystem{
 		OperatingSystemUbuntu,
-		OperatingSystemCentOS,
-		OperatingSystemAmazonLinux2,
-		OperatingSystemRHEL,
 		OperatingSystemFlatcar,
-		OperatingSystemRockyLinux,
 	}
 
 	// AllCloudProviders is a slice containing all supported cloud providers.
diff --git a/pkg/rhsm/satellite_subscription_manager.go b/pkg/rhsm/satellite_subscription_manager.go
deleted file mode 100644
index 9dab43350..000000000
--- a/pkg/rhsm/satellite_subscription_manager.go
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
-Copyright 2020 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhsm
-
-import (
-	"context"
-	"crypto/tls"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"path"
-	"time"
-
-	"go.uber.org/zap"
-)
-
-// SatelliteSubscriptionManager manages the communications between machine-controller and redhat satellite server.
-type SatelliteSubscriptionManager interface {
-	DeleteSatelliteHost(ctx context.Context, machineName, username, password, serverURL string) error
-}
-
-// DefaultSatelliteSubscriptionManager default manager for redhat satellite server.
-type DefaultSatelliteSubscriptionManager struct {
-	client *http.Client
-	log    *zap.SugaredLogger
-
-	useHTTP bool
-}
-
-// NewSatelliteSubscriptionManager creates a new Redhat satellite manager.
-func NewSatelliteSubscriptionManager(log *zap.SugaredLogger) SatelliteSubscriptionManager {
-	client := &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
-			TLSHandshakeTimeout: defaultTimeout,
-		},
-		Timeout: defaultTimeout,
-	}
-
-	return &DefaultSatelliteSubscriptionManager{
-		client: client,
-		log:    log,
-	}
-}
-
-func (s *DefaultSatelliteSubscriptionManager) DeleteSatelliteHost(ctx context.Context, machineName, username, password, serverURL string) error {
-	if machineName == "" || username == "" || password == "" || serverURL == "" {
-		return errors.New("satellite server url, username or password cannot be empty")
-	}
-
-	var (
-		retries    = 0
-		maxRetries = 15
-	)
-
-	machineLog := s.log.With("machine", machineName)
-
-	for retries < maxRetries {
-		if err := s.executeDeleteRequest(ctx, machineName, username, password, serverURL); err != nil {
-			machineLog.Errorw("Failed to execute satellite subscription deletion", zap.Error(err))
-			retries++
-			time.Sleep(500 * time.Second)
-			continue
-		}
-
-		machineLog.Info("Subscription for machine deleted successfully")
-		return nil
-	}
-
-	return errors.New("failed to delete system profile after max retires number has been reached")
-}
-
-func (s *DefaultSatelliteSubscriptionManager) executeDeleteRequest(ctx context.Context, machineName, username, password, serverURL string) error {
-	var requestURL url.URL
-	requestURL.Scheme = "http"
-	if !s.useHTTP {
-		requestURL.Scheme = "https"
-	}
-	requestURL.Host = serverURL
-	requestURL.Path = path.Join("api", "v2", "hosts", machineName)
-
-	deleteHostRequest, err := http.NewRequest(http.MethodDelete, requestURL.String(), nil)
-	deleteHostRequest = deleteHostRequest.WithContext(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to create a delete host request: %w", err)
-	}
-
-	deleteHostRequest.SetBasicAuth(username, password)
-
-	response, err := s.client.Do(deleteHostRequest)
-	if err != nil {
-		return fmt.Errorf("failed executing delete host request: %w", err)
-	}
-	defer response.Body.Close()
-
-	if !validStatusCode(response.StatusCode) {
-		return fmt.Errorf("error while executing request with status code: %v", response.StatusCode)
-	}
-
-	return nil
-}
-
-func validStatusCode(status int) bool {
-	switch status {
-	case http.StatusOK:
-		return true
-	case http.StatusNotFound:
-		return true
-	}
-
-	return false
-}
diff --git a/pkg/rhsm/satellite_subscription_manager_test.go b/pkg/rhsm/satellite_subscription_manager_test.go
deleted file mode 100644
index debeab623..000000000
--- a/pkg/rhsm/satellite_subscription_manager_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
-Copyright 2020 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhsm
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"testing"
-
-	"go.uber.org/zap"
-)
-
-func TestDefaultRedHatSatelliteManager_DeleteSatelliteHost(t *testing.T) {
-	var (
-		satelliteUsername = "satellite-user"
-		satellitePassword = "satellite-password"
-	)
-	testCases := []struct {
-		name            string
-		satelliteServer string
-		testingServer   *httptest.Server
-	}{
-		{
-			name:            "execute redhat satellite unregister instance",
-			satelliteServer: "satellite-test-server",
-			testingServer:   createSatelliteTestingServer(satelliteUsername, satellitePassword),
-		},
-	}
-
-	for _, tt := range testCases {
-		t.Run(tt.name, func(t *testing.T) {
-			defer func() {
-				tt.testingServer.Close()
-			}()
-
-			manager := NewSatelliteSubscriptionManager(zap.NewNop().Sugar())
-			manager.(*DefaultSatelliteSubscriptionManager).useHTTP = true
-
-			parsedURL, err := url.Parse(tt.testingServer.URL)
-			if err != nil {
-				t.Fatalf("failed to parse testing server url: %v", err)
-			}
-
-			err = manager.DeleteSatelliteHost(context.TODO(), "satellite-vm", satelliteUsername, satellitePassword, parsedURL.Host)
-			if err != nil {
-				t.Fatalf("failed to execute redhat host deletion")
-			}
-		})
-	}
-}
-
-func createSatelliteTestingServer(username, password string) *httptest.Server {
-	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		uname, pass, _ := r.BasicAuth()
-		if uname != username || pass != password {
-			w.WriteHeader(http.StatusUnauthorized)
-			fmt.Fprint(w, "fail")
-		}
-
-		if r.URL.Path != "/api/v2/hosts/satellite-vm" {
-			w.WriteHeader(http.StatusNotFound)
-			fmt.Fprint(w, "failed")
-		}
-
-		w.WriteHeader(http.StatusOK)
-		fmt.Fprint(w, "success")
-	}))
-}
diff --git a/pkg/rhsm/subscription_manager.go b/pkg/rhsm/subscription_manager.go
deleted file mode 100644
index 40873dd3f..000000000
--- a/pkg/rhsm/subscription_manager.go
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhsm
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"time"
-
-	"go.uber.org/zap"
-	"golang.org/x/oauth2"
-)
-
-const defaultTimeout = 10 * time.Second
-
-// RedHatSubscriptionManager is responsible for removing redhat subscriptions.
-type RedHatSubscriptionManager interface {
-	UnregisterInstance(ctx context.Context, offlineToken, machineName string) error
-}
-
-type pagination struct {
-	Offset int `json:"offset"`
-	Limit  int `json:"limit"`
-	Count  int `json:"count"`
-}
-
-type body struct {
-	Name string `json:"name"`
-	UUID string `json:"uuid"`
-}
-
-type systemsResponse struct {
-	Pagination pagination `json:"pagination"`
-	Body       []body     `json:"body"`
-}
-
-type defaultRedHatSubscriptionManager struct {
-	log             *zap.SugaredLogger
-	apiURL          string
-	authURL         string
-	requestsLimiter int
-}
-
-var errUnauthenticatedRequest = errors.New("unauthenticated")
-
-func NewRedHatSubscriptionManager(log *zap.SugaredLogger) RedHatSubscriptionManager {
-	return &defaultRedHatSubscriptionManager{
-		log:             log,
-		apiURL:          "https://api.access.redhat.com/management/v1/systems",
-		authURL:         "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token",
-		requestsLimiter: 100,
-	}
-}
-
-func newOAuthClientWithRefreshToken(ctx context.Context, refreshToken string, tokenURL string) *http.Client {
-	// Use the custom HTTP client when requesting an access token in order to
-	// set a timeout value.
-	// See: https://github.com/golang/oauth2/blob/c85d3e98c914e3a33234ad863dcbff5dbc425bb8/internal/token.go#L232
-	httpClient := &http.Client{Timeout: defaultTimeout}
-	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	conf := &oauth2.Config{
-		ClientID: "rhsm-api",
-		Endpoint: oauth2.Endpoint{
-			TokenURL: tokenURL,
-		},
-	}
-	tok := &oauth2.Token{
-		RefreshToken: refreshToken,
-	}
-	// Set timeout for the client used for API calls as well.
-	c := conf.Client(ctx, tok)
-	c.Timeout = defaultTimeout
-	return c
-}
-
-func (d *defaultRedHatSubscriptionManager) UnregisterInstance(ctx context.Context, offlineToken, machineName string) error {
-	var (
-		retries    = 0
-		maxRetries = 15
-	)
-
-	for retries < maxRetries {
-		machineUUID, err := d.findSystemsProfile(ctx, offlineToken, machineName)
-		if err != nil {
-			return fmt.Errorf("failed to find system profile: %w", err)
-		}
-
-		machineLog := d.log.With("uuid", machineUUID)
-
-		if machineUUID == "" {
-			machineLog.Info("Machine UUID was not found")
-			return nil
-		}
-
-		err = d.deleteSubscription(ctx, machineUUID, offlineToken)
-		if err == nil {
-			machineLog.Info("Subscription for VM has been deleted successfully")
-			return nil
-		}
-
-		machineLog.Errorw("Failed to delete subscription for system:", zap.Error(err))
-		time.Sleep(2 * time.Second)
-		retries++
-	}
-
-	return errors.New("failed to delete system profile after max retires number has been reached")
-}
-
-func (d *defaultRedHatSubscriptionManager) findSystemsProfile(ctx context.Context, offlineToken, name string) (string, error) {
-	var offset int
-	for {
-		systemsInfo, err := d.executeFindSystemsRequest(ctx, offlineToken, offset)
-		if err != nil {
-			return "", fmt.Errorf("failed to retrieve systems: %w", err)
-		}
-
-		for _, system := range systemsInfo.Body {
-			if system.Name == name {
-				return system.UUID, nil
-			}
-		}
-
-		if len(systemsInfo.Body) < d.requestsLimiter {
-			break
-		}
-
-		offset += len(systemsInfo.Body)
-	}
-
-	return "", nil
-}
-
-func (d *defaultRedHatSubscriptionManager) deleteSubscription(ctx context.Context, uuid, offlineToken string) error {
-	client := newOAuthClientWithRefreshToken(ctx, offlineToken, d.authURL)
-	req, err := http.NewRequest("DELETE", fmt.Sprintf("%s/%s", d.apiURL, uuid), nil)
-	if err != nil {
-		return fmt.Errorf("failed to create delete system request: %w", err)
-	}
-
-	res, err := client.Do(req.WithContext(ctx))
-	if err != nil {
-		return fmt.Errorf("failed to delete system profile: %w", err)
-	}
-	defer res.Body.Close()
-
-	data, err := io.ReadAll(res.Body)
-	if err != nil {
-		return fmt.Errorf("failed while reading response: %w", err)
-	}
-
-	if res.StatusCode != http.StatusNoContent {
-		if res.StatusCode == http.StatusUnauthorized {
-			return errUnauthenticatedRequest
-		}
-
-		return fmt.Errorf("error while executing request with status code: %v and message: %s", res.StatusCode, string(data))
-	}
-
-	return nil
-}
-
-func (d *defaultRedHatSubscriptionManager) executeFindSystemsRequest(ctx context.Context, offlineToken string, offset int) (*systemsResponse, error) {
-	client := newOAuthClientWithRefreshToken(ctx, offlineToken, d.authURL)
-	req, err := http.NewRequest("GET", fmt.Sprintf(d.apiURL+"?limit=%v&offset=%v", d.requestsLimiter, offset), nil)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create fetch systems request: %w", err)
-	}
-	res, err := client.Do(req.WithContext(ctx))
-	if err != nil {
-		return nil, fmt.Errorf("failed executing fetch systems request: %w", err)
-	}
-	defer res.Body.Close()
-
-	data, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, fmt.Errorf("failed while reading response: %w", err)
-	}
-
-	if res.StatusCode != http.StatusOK {
-		if res.StatusCode == http.StatusUnauthorized {
-			return nil, errUnauthenticatedRequest
-		}
-		return nil, fmt.Errorf("error while executing request with status code: %v and message: %s", res.StatusCode, string(data))
-	}
-
-	var fetchedSystems = &systemsResponse{}
-	if err := json.Unmarshal(data, fetchedSystems); err != nil {
-		return nil, fmt.Errorf("failed while unmarshalling data: %w", err)
-	}
-
-	return fetchedSystems, nil
-}
diff --git a/pkg/rhsm/subscription_manager_test.go b/pkg/rhsm/subscription_manager_test.go
deleted file mode 100644
index 64736b951..000000000
--- a/pkg/rhsm/subscription_manager_test.go
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhsm
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"go.uber.org/zap"
-)
-
-var (
-	authPath = "/"
-	apiPath  = "/systems"
-)
-
-func TestDefaultRedHatSubscriptionManager_UnregisterInstance(t *testing.T) {
-	testCases := []struct {
-		name           string
-		requestLimiter int
-		offlineToken   string
-		testingServer  *httptest.Server
-		machineName    string
-	}{
-		{
-			name:           "execute redhat system unregister instance",
-			requestLimiter: 2,
-			offlineToken:   "test_token",
-			testingServer:  createTestingServer(false),
-			machineName:    "test-machine",
-		},
-		{
-			name:           "execute redhat system unregister instance for 5 systems",
-			requestLimiter: 2,
-			offlineToken:   "test_token",
-			testingServer:  createTestingServer(true),
-			machineName:    "test-machine-5",
-		},
-	}
-
-	for _, tt := range testCases {
-		t.Run(tt.name, func(t *testing.T) {
-			defer func() {
-				tt.testingServer.Close()
-			}()
-			manager := NewRedHatSubscriptionManager(zap.NewNop().Sugar())
-			manager.(*defaultRedHatSubscriptionManager).apiURL = tt.testingServer.URL + apiPath
-			manager.(*defaultRedHatSubscriptionManager).authURL = tt.testingServer.URL
-			manager.(*defaultRedHatSubscriptionManager).requestsLimiter = tt.requestLimiter
-
-			if err := manager.UnregisterInstance(context.Background(), tt.offlineToken, tt.machineName); err != nil {
-				t.Fatalf("failed executing test: %v", err)
-			}
-		})
-	}
-}
-
-func createTestingServer(pagination bool) *httptest.Server {
-	var (
-		processedRequest = 1
-		result           string
-	)
-
-	const resultPrefix = "{\"pagination\": {\"offset\": 0, \"limit\": 2,\"count\": 5}, \"body\": ["
-
-	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		switch r.URL.Path {
-		case authPath:
-			w.Header().Set("Content-Type", "application/json")
-			fmt.Fprintln(w, "{\"access_token\":\"test-access-token\"}")
-		case apiPath:
-			if pagination {
-				switch processedRequest {
-				case 1:
-					result = resultPrefix +
-						"{\"name\": \"test-machine-1\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f96\"}," +
-						"{\"name\": \"test-machine-2\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f91\"}" +
-						"]}"
-				case 2:
-					result = resultPrefix +
-						"{\"name\": \"test-machine-3\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f98\"}," +
-						"{\"name\": \"test-machine-4\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f95\"}" +
-						"]}"
-				case 3:
-					result = resultPrefix +
-						"{\"name\": \"test-machine-5\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f99\"}" +
-						"]}"
-				}
-				processedRequest++
-				fmt.Fprint(w, result)
-			} else {
-				processedRequest++
-				fmt.Fprintln(w, "{\"pagination\": {\"offset\": 0, \"limit\": 100,\"count\": 1}, \"body\": ["+
-					"{\"name\": \"test-machine\", \"uuid\": \"4a3ee8d7-337d-4cef-a20c-dda011f28f95\"}]}")
-			}
-		case apiPath + "/4a3ee8d7-337d-4cef-a20c-dda011f28f95":
-			w.WriteHeader(http.StatusNoContent)
-			fmt.Fprint(w, "success")
-		case apiPath + "/4a3ee8d7-337d-4cef-a20c-dda011f28f99":
-			w.WriteHeader(http.StatusNoContent)
-			fmt.Fprint(w, "success")
-		}
-	}))
-}
diff --git a/pkg/rhsm/util.go b/pkg/rhsm/util.go
deleted file mode 100644
index 7fbf8f781..000000000
--- a/pkg/rhsm/util.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhsm
-
-import (
-	"github.com/kubermatic/machine-controller/pkg/apis/cluster/v1alpha1"
-	"github.com/kubermatic/machine-controller/pkg/cloudprovider/types"
-	kuberneteshelper "github.com/kubermatic/machine-controller/pkg/kubernetes"
-)
-
-const (
-	RedhatSubscriptionFinalizer = "kubermatic.io/red-hat-subscription"
-)
-
-// AddRHELSubscriptionFinalizer adds finalizer RedhatSubscriptionFinalizer to the machine object on rhel machine creation.
-func AddRHELSubscriptionFinalizer(machine *v1alpha1.Machine, update types.MachineUpdater) error {
-	if !kuberneteshelper.HasFinalizer(machine, RedhatSubscriptionFinalizer) {
-		if err := update(machine, func(m *v1alpha1.Machine) {
-			machine.Finalizers = append(m.Finalizers, RedhatSubscriptionFinalizer)
-		}); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// RemoveRHELSubscriptionFinalizer removes finalizer RedhatSubscriptionFinalizer to the machine object on rhel machine deletion.
-func RemoveRHELSubscriptionFinalizer(machine *v1alpha1.Machine, update types.MachineUpdater) error {
-	if kuberneteshelper.HasFinalizer(machine, RedhatSubscriptionFinalizer) {
-		if err := update(machine, func(m *v1alpha1.Machine) {
-			machine.Finalizers = kuberneteshelper.RemoveFinalizer(machine.Finalizers, RedhatSubscriptionFinalizer)
-		}); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/userdata/amzn2/amzn.go b/pkg/userdata/amzn2/amzn.go
deleted file mode 100644
index b836ce70a..000000000
--- a/pkg/userdata/amzn2/amzn.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-Copyright 2021 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package amzn2
-
-import (
-	"encoding/json"
-
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-// Config contains specific configuration for Amazon Linux 2.
-type Config struct {
-	DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"`
-}
-
-func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension {
-	if operatingSystemSpec.Raw == nil {
-		operatingSystemSpec.Raw, _ = json.Marshal(Config{})
-	}
-
-	return operatingSystemSpec
-}
-
-// LoadConfig retrieves the Amazon Linux 2 configuration from raw data.
-func LoadConfig(r runtime.RawExtension) (*Config, error) {
-	r = DefaultConfig(r)
-	cfg := Config{}
-
-	if err := json.Unmarshal(r.Raw, &cfg); err != nil {
-		return nil, err
-	}
-	return &cfg, nil
-}
-
-// Spec return the configuration as raw data.
-func (cfg *Config) Spec() (*runtime.RawExtension, error) {
-	ext := &runtime.RawExtension{}
-	b, err := json.Marshal(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	ext.Raw = b
-	return ext, nil
-}
diff --git a/pkg/userdata/amzn2/provider.go b/pkg/userdata/amzn2/provider.go
deleted file mode 100644
index 80482c85e..000000000
--- a/pkg/userdata/amzn2/provider.go
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
-Copyright 2021 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for Amazon Linux 2.
-//
-
-package amzn2
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/Masterminds/semver/v3"
-	"go.uber.org/zap"
-
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	userdatahelper "github.com/kubermatic/machine-controller/pkg/userdata/helper"
-)
-
-// Provider is a pkg/userdata/plugin.Provider implementation.
-type Provider struct{}
-
-// UserData renders user-data template to string.
-func (p Provider) UserData(log *zap.SugaredLogger, req plugin.UserDataRequest) (string, error) {
-	tmpl, err := template.New("user-data").Funcs(userdatahelper.TxtFuncMap(log)).Parse(userDataTemplate)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse user-data template: %w", err)
-	}
-
-	kubeletVersion, err := semver.NewVersion(req.MachineSpec.Versions.Kubelet)
-	if err != nil {
-		return "", fmt.Errorf("invalid kubelet version: %w", err)
-	}
-
-	pconfig, err := providerconfigtypes.GetConfig(req.MachineSpec.ProviderSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to get provider config: %w", err)
-	}
-
-	if pconfig.OverwriteCloudConfig != nil {
-		req.CloudConfig = *pconfig.OverwriteCloudConfig
-	}
-
-	if pconfig.Network.IsStaticIPConfig() {
-		return "", errors.New("static IP config is not supported with Amazon Linux 2")
-	}
-
-	amznConfig, err := LoadConfig(pconfig.OperatingSystemSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse OperatingSystemSpec: %w", err)
-	}
-
-	kubeconfigString, err := userdatahelper.StringifyKubeconfig(req.Kubeconfig)
-	if err != nil {
-		return "", err
-	}
-
-	kubernetesCACert, err := userdatahelper.GetCACert(req.Kubeconfig)
-	if err != nil {
-		return "", fmt.Errorf("error extracting cacert: %w", err)
-	}
-
-	crEngine := req.ContainerRuntime.Engine()
-	crScript, err := crEngine.ScriptFor(providerconfigtypes.OperatingSystemAmazonLinux2)
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime install script: %w", err)
-	}
-
-	crConfig, err := crEngine.Config()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime config: %w", err)
-	}
-
-	crAuthConfig, err := crEngine.AuthConfig()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime auth config: %w", err)
-	}
-
-	data := struct {
-		plugin.UserDataRequest
-		ProviderSpec                       *providerconfigtypes.Config
-		OSConfig                           *Config
-		KubeletVersion                     string
-		Kubeconfig                         string
-		KubernetesCACert                   string
-		NodeIPScript                       string
-		ExtraKubeletFlags                  []string
-		ContainerRuntimeScript             string
-		ContainerRuntimeConfigFileName     string
-		ContainerRuntimeConfig             string
-		ContainerRuntimeAuthConfigFileName string
-		ContainerRuntimeAuthConfig         string
-		ContainerRuntimeName               string
-	}{
-		UserDataRequest:                    req,
-		ProviderSpec:                       pconfig,
-		OSConfig:                           amznConfig,
-		KubeletVersion:                     kubeletVersion.String(),
-		Kubeconfig:                         kubeconfigString,
-		KubernetesCACert:                   kubernetesCACert,
-		NodeIPScript:                       userdatahelper.SetupNodeIPEnvScript(pconfig.Network.GetIPFamily()),
-		ExtraKubeletFlags:                  crEngine.KubeletFlags(),
-		ContainerRuntimeScript:             crScript,
-		ContainerRuntimeConfigFileName:     crEngine.ConfigFileName(),
-		ContainerRuntimeConfig:             crConfig,
-		ContainerRuntimeAuthConfigFileName: crEngine.AuthConfigFileName(),
-		ContainerRuntimeAuthConfig:         crAuthConfig,
-		ContainerRuntimeName:               crEngine.String(),
-	}
-
-	buf := strings.Builder{}
-	if err = tmpl.Execute(&buf, data); err != nil {
-		return "", fmt.Errorf("failed to execute user-data template: %w", err)
-	}
-
-	return userdatahelper.CleanupTemplateOutput(buf.String())
-}
-
-// UserData template.
-const userDataTemplate = `#cloud-config
-{{ if ne .CloudProviderName "aws" }}
-hostname: {{ .MachineSpec.Name }}
-{{- /* Never set the hostname on AWS nodes. Kubernetes(kube-proxy) requires the hostname to be the private dns name */}}
-{{ end }}
-
-{{- if .OSConfig.DistUpgradeOnBoot }}
-package_upgrade: true
-package_reboot_if_required: true
-{{- end }}
-
-ssh_pwauth: false
-
-{{- if ne (len .ProviderSpec.SSHPublicKeys) 0 }}
-ssh_authorized_keys:
-{{- range .ProviderSpec.SSHPublicKeys }}
-  - "{{ . }}"
-{{- end }}
-{{- end }}
-
-write_files:
-{{- if .HTTPProxy }}
-- path: "/etc/environment"
-  content: |
-{{ proxyEnvironment .HTTPProxy .NoProxy | indent 4 }}
-{{- end }}
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-{{ journalDConfig | indent 4 }}
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-{{ kernelModulesScript | indent 4 }}
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-{{ kernelSettings | indent 4 }}
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-
-{{- /* As we added some modules and don't want to reboot, restart the service */}}
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-    {{ if ne .CloudProviderName "aws" }}
-{{- /*  The normal way of setting it via cloud-init is broken, see */}}
-{{- /*  https://bugs.launchpad.net/cloud-init/+bug/1662542 */}}
-    hostnamectl set-hostname {{ .MachineSpec.Name }}
-    {{ end }}
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-{{ .ContainerRuntimeScript | indent 4 }}
-
-{{ safeDownloadBinariesScript .KubeletVersion | indent 4 }}
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-{{ kubeletSystemdUnit .ContainerRuntimeName .KubeletVersion .KubeletCloudProviderName .MachineSpec.Name .DNSIPs .ExternalCloudProvider .ProviderSpec.Network.GetIPFamily .PauseImage .MachineSpec.Taints .ExtraKubeletFlags true | indent 4 }}
-
-{{- if ne (len .CloudConfig) 0 }}
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-{{ .CloudConfig | indent 4 }}
-{{- end }}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-{{ .NodeIPScript | indent 4 }}
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-{{ .Kubeconfig | indent 4 }}
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-{{ kubeletConfiguration "cluster.local" .DNSIPs .KubeletFeatureGates .KubeletConfigs | indent 4 }}
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-{{ .KubernetesCACert | indent 4 }}
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: {{ .ContainerRuntimeConfigFileName }}
-  permissions: "0644"
-  content: |
-{{ .ContainerRuntimeConfig | indent 4 }}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-{{ kubeletHealthCheckSystemdUnit | indent 4 }}
-
-{{- with .ProviderSpec.CAPublicKey }}
-
-- path: "/etc/ssh/trusted-user-ca-keys.pem"
-  content: |
-{{ . | indent 4 }}
-
-- path: "/etc/ssh/sshd_config"
-  content: |
-{{ sshConfigAddendum | indent 4 }}
-  append: true
-{{- end }}
-
-runcmd:
-- systemctl enable --now setup.service
-`
diff --git a/pkg/userdata/amzn2/provider_test.go b/pkg/userdata/amzn2/provider_test.go
deleted file mode 100644
index e6aa02940..000000000
--- a/pkg/userdata/amzn2/provider_test.go
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for Amazon Linux 2.
-//
-
-package amzn2
-
-import (
-	"flag"
-	"net"
-	"testing"
-
-	"go.uber.org/zap"
-
-	clusterv1alpha1 "github.com/kubermatic/machine-controller/pkg/apis/cluster/v1alpha1"
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	"github.com/kubermatic/machine-controller/pkg/containerruntime"
-	testhelper "github.com/kubermatic/machine-controller/pkg/test"
-	"github.com/kubermatic/machine-controller/pkg/userdata/convert"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-var (
-	update = flag.Bool("update", false, "update testdata files")
-
-	pemCertificate = `-----BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-kPe6XoSbiLm/kxk32T0=
------END CERTIFICATE-----`
-)
-
-// fakeCloudConfigProvider simulates cloud config provider for test.
-type fakeCloudConfigProvider struct {
-	config string
-	name   string
-	err    error
-}
-
-func (p *fakeCloudConfigProvider) GetCloudConfig(_ clusterv1alpha1.MachineSpec) (config string, name string, err error) {
-	return p.config, p.name, p.err
-}
-
-// userDataTestCase contains the data for a table-driven test.
-type userDataTestCase struct {
-	name                  string
-	spec                  clusterv1alpha1.MachineSpec
-	clusterDNSIPs         []net.IP
-	cloudProviderName     *string
-	externalCloudProvider bool
-	httpProxy             string
-	noProxy               string
-	insecureRegistries    string
-	registryMirrors       string
-	pauseImage            string
-	containerruntime      string
-}
-
-// TestUserDataGeneration runs the data generation for different
-// environments.
-func TestUserDataGeneration(t *testing.T) {
-	t.Parallel()
-
-	tests := []userDataTestCase{
-		{
-			name: "kubelet-v1.29.2-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws-external",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-			externalCloudProvider: true,
-		},
-		{
-			name: "kubelet-v1.28-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.28.5",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.0",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.27-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.27.0",
-				},
-			},
-		},
-	}
-
-	defaultCloudProvider := &fakeCloudConfigProvider{
-		name:   "aws",
-		config: "{aws-config:true}",
-		err:    nil,
-	}
-	kubeconfig := &clientcmdapi.Config{
-		Clusters: map[string]*clientcmdapi.Cluster{
-			"": {
-				Server:                   "https://server:443",
-				CertificateAuthorityData: []byte(pemCertificate),
-			},
-		},
-		AuthInfos: map[string]*clientcmdapi.AuthInfo{
-			"": {
-				Token: "my-token",
-			},
-		},
-	}
-	provider := Provider{}
-
-	kubeletFeatureGates := map[string]bool{
-		"RotateKubeletServerCertificate": true,
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			emptyProviderSpec := clusterv1alpha1.ProviderSpec{
-				Value: &runtime.RawExtension{},
-			}
-			test.spec.ProviderSpec = emptyProviderSpec
-			var cloudProvider *fakeCloudConfigProvider
-			if test.cloudProviderName != nil {
-				cloudProvider = &fakeCloudConfigProvider{
-					name:   *test.cloudProviderName,
-					config: "{config:true}",
-					err:    nil,
-				}
-			} else {
-				cloudProvider = defaultCloudProvider
-			}
-			cloudConfig, cloudProviderName, err := cloudProvider.GetCloudConfig(test.spec)
-			if err != nil {
-				t.Fatalf("failed to get cloud config: %v", err)
-			}
-
-			containerRuntimeOpts := containerruntime.Opts{
-				ContainerRuntime:   test.containerruntime,
-				InsecureRegistries: test.insecureRegistries,
-				RegistryMirrors:    test.registryMirrors,
-			}
-			containerRuntimeConfig, err := containerruntime.BuildConfig(containerRuntimeOpts)
-			if err != nil {
-				t.Fatalf("failed to generate container runtime config: %v", err)
-			}
-
-			req := plugin.UserDataRequest{
-				MachineSpec:              test.spec,
-				Kubeconfig:               kubeconfig,
-				CloudConfig:              cloudConfig,
-				CloudProviderName:        cloudProviderName,
-				KubeletCloudProviderName: cloudProviderName,
-				DNSIPs:                   test.clusterDNSIPs,
-				ExternalCloudProvider:    test.externalCloudProvider,
-				HTTPProxy:                test.httpProxy,
-				NoProxy:                  test.noProxy,
-				PauseImage:               test.pauseImage,
-				KubeletFeatureGates:      kubeletFeatureGates,
-				ContainerRuntime:         containerRuntimeConfig,
-			}
-
-			s, err := provider.UserData(zap.NewNop().Sugar(), req)
-			if err != nil {
-				t.Errorf("error getting userdata: '%v'", err)
-			}
-
-			// Check if we can gzip it.
-			if _, err := convert.GzipString(s); err != nil {
-				t.Fatal(err)
-			}
-			goldenName := test.name + ".yaml"
-			testhelper.CompareOutput(t, goldenName, s, *update)
-		})
-	}
-}
-
-// stringPtr returns pointer to given string.
-func stringPtr(a string) *string {
-	return &a
-}
diff --git a/pkg/userdata/amzn2/testdata/kubelet-v1.27-aws.yaml b/pkg/userdata/amzn2/testdata/kubelet-v1.27-aws.yaml
deleted file mode 100644
index 4441180c2..000000000
--- a/pkg/userdata/amzn2/testdata/kubelet-v1.27-aws.yaml
+++ /dev/null
@@ -1,454 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    yum install -y \
-    	containerd-1.6* \
-    	yum-plugin-versionlock
-    yum versionlock add containerd
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.27.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/amzn2/testdata/kubelet-v1.28-aws.yaml b/pkg/userdata/amzn2/testdata/kubelet-v1.28-aws.yaml
deleted file mode 100644
index ba8347f97..000000000
--- a/pkg/userdata/amzn2/testdata/kubelet-v1.28-aws.yaml
+++ /dev/null
@@ -1,454 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    yum install -y \
-    	containerd-1.6* \
-    	yum-plugin-versionlock
-    yum versionlock add containerd
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.28.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/amzn2/testdata/kubelet-v1.29-aws.yaml b/pkg/userdata/amzn2/testdata/kubelet-v1.29-aws.yaml
deleted file mode 100644
index 651915b94..000000000
--- a/pkg/userdata/amzn2/testdata/kubelet-v1.29-aws.yaml
+++ /dev/null
@@ -1,454 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    yum install -y \
-    	containerd-1.6* \
-    	yum-plugin-versionlock
-    yum versionlock add containerd
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws-external.yaml b/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws-external.yaml
deleted file mode 100644
index 4a158e5f4..000000000
--- a/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws-external.yaml
+++ /dev/null
@@ -1,454 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    yum install -y \
-    	containerd-1.6* \
-    	yum-plugin-versionlock
-    yum versionlock add containerd
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=external \
-      --hostname-override=${KUBELET_HOSTNAME} \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws.yaml b/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws.yaml
deleted file mode 100644
index cd96ceb4c..000000000
--- a/pkg/userdata/amzn2/testdata/kubelet-v1.29.2-aws.yaml
+++ /dev/null
@@ -1,454 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    yum install -y \
-    	containerd-1.6* \
-    	yum-plugin-versionlock
-    yum versionlock add containerd
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/centos/centos.go b/pkg/userdata/centos/centos.go
deleted file mode 100644
index 0350c43b5..000000000
--- a/pkg/userdata/centos/centos.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package centos
-
-import (
-	"encoding/json"
-
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-// Config contains specific configuration for CentOS.
-type Config struct {
-	DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"`
-}
-
-func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension {
-	if operatingSystemSpec.Raw == nil {
-		operatingSystemSpec.Raw, _ = json.Marshal(Config{})
-	}
-
-	return operatingSystemSpec
-}
-
-// LoadConfig retrieves the CentOS configuration from raw data.
-func LoadConfig(r runtime.RawExtension) (*Config, error) {
-	r = DefaultConfig(r)
-	cfg := Config{}
-
-	if err := json.Unmarshal(r.Raw, &cfg); err != nil {
-		return nil, err
-	}
-	return &cfg, nil
-}
-
-// Spec return the configuration as raw data.
-func (cfg *Config) Spec() (*runtime.RawExtension, error) {
-	ext := &runtime.RawExtension{}
-	b, err := json.Marshal(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	ext.Raw = b
-	return ext, nil
-}
diff --git a/pkg/userdata/centos/provider.go b/pkg/userdata/centos/provider.go
deleted file mode 100644
index 8fd73026f..000000000
--- a/pkg/userdata/centos/provider.go
+++ /dev/null
@@ -1,332 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for CentOS.
-//
-
-package centos
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/Masterminds/semver/v3"
-	"go.uber.org/zap"
-
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	userdatahelper "github.com/kubermatic/machine-controller/pkg/userdata/helper"
-)
-
-// Provider is a pkg/userdata/plugin.Provider implementation.
-type Provider struct{}
-
-// UserData renders user-data template to string.
-func (p Provider) UserData(log *zap.SugaredLogger, req plugin.UserDataRequest) (string, error) {
-	tmpl, err := template.New("user-data").Funcs(userdatahelper.TxtFuncMap(log)).Parse(userDataTemplate)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse user-data template: %w", err)
-	}
-
-	kubeletVersion, err := semver.NewVersion(req.MachineSpec.Versions.Kubelet)
-	if err != nil {
-		return "", fmt.Errorf("invalid kubelet version: %w", err)
-	}
-
-	pconfig, err := providerconfigtypes.GetConfig(req.MachineSpec.ProviderSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to get provider config: %w", err)
-	}
-
-	if pconfig.OverwriteCloudConfig != nil {
-		req.CloudConfig = *pconfig.OverwriteCloudConfig
-	}
-
-	if pconfig.Network.IsStaticIPConfig() {
-		return "", errors.New("static IP config is not supported with CentOS")
-	}
-
-	centosConfig, err := LoadConfig(pconfig.OperatingSystemSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse OperatingSystemSpec: %w", err)
-	}
-
-	kubeconfigString, err := userdatahelper.StringifyKubeconfig(req.Kubeconfig)
-	if err != nil {
-		return "", err
-	}
-
-	kubernetesCACert, err := userdatahelper.GetCACert(req.Kubeconfig)
-	if err != nil {
-		return "", fmt.Errorf("error extracting cacert: %w", err)
-	}
-
-	crEngine := req.ContainerRuntime.Engine()
-	crScript, err := crEngine.ScriptFor(providerconfigtypes.OperatingSystemCentOS)
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime install script: %w", err)
-	}
-
-	crConfig, err := crEngine.Config()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime config: %w", err)
-	}
-
-	crAuthConfig, err := crEngine.AuthConfig()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime auth config: %w", err)
-	}
-
-	data := struct {
-		plugin.UserDataRequest
-		ProviderSpec                       *providerconfigtypes.Config
-		OSConfig                           *Config
-		KubeletVersion                     string
-		Kubeconfig                         string
-		KubernetesCACert                   string
-		NodeIPScript                       string
-		ExtraKubeletFlags                  []string
-		ContainerRuntimeScript             string
-		ContainerRuntimeConfigFileName     string
-		ContainerRuntimeConfig             string
-		ContainerRuntimeAuthConfigFileName string
-		ContainerRuntimeAuthConfig         string
-		ContainerRuntimeName               string
-	}{
-		UserDataRequest:                    req,
-		ProviderSpec:                       pconfig,
-		OSConfig:                           centosConfig,
-		KubeletVersion:                     kubeletVersion.String(),
-		Kubeconfig:                         kubeconfigString,
-		KubernetesCACert:                   kubernetesCACert,
-		NodeIPScript:                       userdatahelper.SetupNodeIPEnvScript(pconfig.Network.GetIPFamily()),
-		ExtraKubeletFlags:                  crEngine.KubeletFlags(),
-		ContainerRuntimeScript:             crScript,
-		ContainerRuntimeConfigFileName:     crEngine.ConfigFileName(),
-		ContainerRuntimeConfig:             crConfig,
-		ContainerRuntimeAuthConfigFileName: crEngine.AuthConfigFileName(),
-		ContainerRuntimeAuthConfig:         crAuthConfig,
-		ContainerRuntimeName:               crEngine.String(),
-	}
-
-	buf := strings.Builder{}
-	if err = tmpl.Execute(&buf, data); err != nil {
-		return "", fmt.Errorf("failed to execute user-data template: %w", err)
-	}
-
-	return userdatahelper.CleanupTemplateOutput(buf.String())
-}
-
-// UserData template.
-const userDataTemplate = `#cloud-config
-{{ if ne .CloudProviderName "aws" }}
-hostname: {{ .MachineSpec.Name }}
-{{- /* Never set the hostname on AWS nodes. Kubernetes(kube-proxy) requires the hostname to be the private dns name */}}
-{{ end }}
-
-{{- if .OSConfig.DistUpgradeOnBoot }}
-package_upgrade: true
-package_reboot_if_required: true
-{{- end }}
-
-ssh_pwauth: false
-
-{{- if ne (len .ProviderSpec.SSHPublicKeys) 0 }}
-ssh_authorized_keys:
-{{- range .ProviderSpec.SSHPublicKeys }}
-  - "{{ . }}"
-{{- end }}
-{{- end }}
-
-write_files:
-{{- if .HTTPProxy }}
-- path: "/etc/environment"
-  content: |
-{{ proxyEnvironment .HTTPProxy .NoProxy | indent 4 }}
-{{- end }}
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-{{ journalDConfig | indent 4 }}
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-{{ kernelModulesScript | indent 4 }}
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-{{ kernelSettings | indent 4 }}
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-
-{{- /* As we added some modules and don't want to reboot, restart the service */}}
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    {{ if ne .CloudProviderName "aws" }}
-{{- /*  The normal way of setting it via cloud-init is broken, see */}}
-{{- /*  https://bugs.launchpad.net/cloud-init/+bug/1662542 */}}
-    hostnamectl set-hostname {{ .MachineSpec.Name }}
-    {{ end }}
-
-{{- /* CentOS 8 has reached EOL and all packages were moved to vault.centos.org -- https://www.centos.org/centos-linux-eol/ */}}
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-{{ .ContainerRuntimeScript | indent 4 }}
-
-{{ safeDownloadBinariesScript .KubeletVersion | indent 4 }}
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-{{ kubeletSystemdUnit .ContainerRuntimeName .KubeletVersion .KubeletCloudProviderName .MachineSpec.Name .DNSIPs .ExternalCloudProvider .ProviderSpec.Network.GetIPFamily .PauseImage .MachineSpec.Taints .ExtraKubeletFlags true | indent 4 }}
-
-{{- if ne (len .CloudConfig) 0 }}
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-{{ .CloudConfig | indent 4 }}
-{{- end }}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-{{ .NodeIPScript | indent 4 }}
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-{{ .Kubeconfig | indent 4 }}
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-{{ kubeletConfiguration "cluster.local" .DNSIPs .KubeletFeatureGates .KubeletConfigs | indent 4 }}
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-{{ .KubernetesCACert | indent 4 }}
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: {{ .ContainerRuntimeConfigFileName }}
-  permissions: "0644"
-  content: |
-{{ .ContainerRuntimeConfig | indent 4 }}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-{{ kubeletHealthCheckSystemdUnit | indent 4 }}
-
-{{- with .ProviderSpec.CAPublicKey }}
-
-- path: "/etc/ssh/trusted-user-ca-keys.pem"
-  content: |
-{{ . | indent 4 }}
-
-- path: "/etc/ssh/sshd_config"
-  content: |
-{{ sshConfigAddendum | indent 4 }}
-  append: true
-{{- end }}
-
-runcmd:
-- systemctl enable --now setup.service
-`
diff --git a/pkg/userdata/centos/provider_test.go b/pkg/userdata/centos/provider_test.go
deleted file mode 100644
index b31b99bff..000000000
--- a/pkg/userdata/centos/provider_test.go
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for CentOS.
-//
-
-package centos
-
-import (
-	"flag"
-	"net"
-	"testing"
-
-	"go.uber.org/zap"
-
-	clusterv1alpha1 "github.com/kubermatic/machine-controller/pkg/apis/cluster/v1alpha1"
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	"github.com/kubermatic/machine-controller/pkg/containerruntime"
-	testhelper "github.com/kubermatic/machine-controller/pkg/test"
-	"github.com/kubermatic/machine-controller/pkg/userdata/convert"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-var (
-	update = flag.Bool("update", false, "update testdata files")
-
-	pemCertificate = `-----BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-kPe6XoSbiLm/kxk32T0=
------END CERTIFICATE-----`
-)
-
-// fakeCloudConfigProvider simulates cloud config provider for test.
-type fakeCloudConfigProvider struct {
-	config string
-	name   string
-	err    error
-}
-
-func (p *fakeCloudConfigProvider) GetCloudConfig(_ clusterv1alpha1.MachineSpec) (config string, name string, err error) {
-	return p.config, p.name, p.err
-}
-
-// userDataTestCase contains the data for a table-driven test.
-type userDataTestCase struct {
-	name                  string
-	spec                  clusterv1alpha1.MachineSpec
-	clusterDNSIPs         []net.IP
-	cloudProviderName     *string
-	externalCloudProvider bool
-	httpProxy             string
-	noProxy               string
-	insecureRegistries    string
-	registryMirrors       string
-	pauseImage            string
-	containerruntime      string
-}
-
-// TestUserDataGeneration runs the data generation for different
-// environments.
-func TestUserDataGeneration(t *testing.T) {
-	t.Parallel()
-
-	tests := []userDataTestCase{
-		{
-			name: "kubelet-v1.29.2-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws-external",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-			externalCloudProvider: true,
-		},
-		{
-			name: "kubelet-v1.28-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.28.5",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.5",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.27-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.27.0",
-				},
-			},
-		},
-	}
-
-	defaultCloudProvider := &fakeCloudConfigProvider{
-		name:   "aws",
-		config: "{aws-config:true}",
-		err:    nil,
-	}
-	kubeconfig := &clientcmdapi.Config{
-		Clusters: map[string]*clientcmdapi.Cluster{
-			"": {
-				Server:                   "https://server:443",
-				CertificateAuthorityData: []byte(pemCertificate),
-			},
-		},
-		AuthInfos: map[string]*clientcmdapi.AuthInfo{
-			"": {
-				Token: "my-token",
-			},
-		},
-	}
-	provider := Provider{}
-
-	kubeletFeatureGates := map[string]bool{
-		"RotateKubeletServerCertificate": true,
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			emptyProviderSpec := clusterv1alpha1.ProviderSpec{
-				Value: &runtime.RawExtension{},
-			}
-			test.spec.ProviderSpec = emptyProviderSpec
-			var cloudProvider *fakeCloudConfigProvider
-			if test.cloudProviderName != nil {
-				cloudProvider = &fakeCloudConfigProvider{
-					name:   *test.cloudProviderName,
-					config: "{config:true}",
-					err:    nil,
-				}
-			} else {
-				cloudProvider = defaultCloudProvider
-			}
-			cloudConfig, cloudProviderName, err := cloudProvider.GetCloudConfig(test.spec)
-			if err != nil {
-				t.Fatalf("failed to get cloud config: %v", err)
-			}
-
-			containerRuntimeOpts := containerruntime.Opts{
-				ContainerRuntime:   test.containerruntime,
-				InsecureRegistries: test.insecureRegistries,
-				RegistryMirrors:    test.registryMirrors,
-			}
-			containerRuntimeConfig, err := containerruntime.BuildConfig(containerRuntimeOpts)
-			if err != nil {
-				t.Fatalf("failed to generate container runtime config: %v", err)
-			}
-
-			req := plugin.UserDataRequest{
-				MachineSpec:              test.spec,
-				Kubeconfig:               kubeconfig,
-				CloudConfig:              cloudConfig,
-				CloudProviderName:        cloudProviderName,
-				KubeletCloudProviderName: cloudProviderName,
-				DNSIPs:                   test.clusterDNSIPs,
-				ExternalCloudProvider:    test.externalCloudProvider,
-				HTTPProxy:                test.httpProxy,
-				NoProxy:                  test.noProxy,
-				PauseImage:               test.pauseImage,
-				KubeletFeatureGates:      kubeletFeatureGates,
-				ContainerRuntime:         containerRuntimeConfig,
-			}
-
-			s, err := provider.UserData(zap.NewNop().Sugar(), req)
-			if err != nil {
-				t.Errorf("error getting userdata: '%v'", err)
-			}
-
-			// Check if we can gzip it.
-			if _, err := convert.GzipString(s); err != nil {
-				t.Fatal(err)
-			}
-			goldenName := test.name + ".yaml"
-			testhelper.CompareOutput(t, goldenName, s, *update)
-		})
-	}
-}
-
-// stringPtr returns pointer to given string.
-func stringPtr(a string) *string {
-	return &a
-}
diff --git a/pkg/userdata/centos/testdata/kubelet-v1.27-aws.yaml b/pkg/userdata/centos/testdata/kubelet-v1.27-aws.yaml
deleted file mode 100644
index b58da3338..000000000
--- a/pkg/userdata/centos/testdata/kubelet-v1.27-aws.yaml
+++ /dev/null
@@ -1,461 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.27.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/centos/testdata/kubelet-v1.28-aws.yaml b/pkg/userdata/centos/testdata/kubelet-v1.28-aws.yaml
deleted file mode 100644
index 8d0535df8..000000000
--- a/pkg/userdata/centos/testdata/kubelet-v1.28-aws.yaml
+++ /dev/null
@@ -1,461 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.28.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/centos/testdata/kubelet-v1.29-aws.yaml b/pkg/userdata/centos/testdata/kubelet-v1.29-aws.yaml
deleted file mode 100644
index f89e34c3e..000000000
--- a/pkg/userdata/centos/testdata/kubelet-v1.29-aws.yaml
+++ /dev/null
@@ -1,461 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws-external.yaml b/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws-external.yaml
deleted file mode 100644
index 0be73d1dd..000000000
--- a/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws-external.yaml
+++ /dev/null
@@ -1,461 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=external \
-      --hostname-override=${KUBELET_HOSTNAME} \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws.yaml b/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws.yaml
deleted file mode 100644
index 73531f2ab..000000000
--- a/pkg/userdata/centos/testdata/kubelet-v1.29.2-aws.yaml
+++ /dev/null
@@ -1,461 +0,0 @@
-#cloud-config
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-
-    source /etc/os-release
-    if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
-      sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-      sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-    fi
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/flatcar/provider_test.go b/pkg/userdata/flatcar/provider_test.go
index 188860641..0a1756510 100644
--- a/pkg/userdata/flatcar/provider_test.go
+++ b/pkg/userdata/flatcar/provider_test.go
@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 //
-// UserData plugin for CentOS.
+// UserData plugin for Flatcar.
 //
 
 package flatcar
diff --git a/pkg/userdata/manager/manager.go b/pkg/userdata/manager/manager.go
index e478c14b7..903de3700 100644
--- a/pkg/userdata/manager/manager.go
+++ b/pkg/userdata/manager/manager.go
@@ -44,12 +44,8 @@ var (
 	// supportedOS contains a list of operating systems the machine
 	// controller supports.
 	supportedOS = []providerconfigtypes.OperatingSystem{
-		providerconfigtypes.OperatingSystemAmazonLinux2,
-		providerconfigtypes.OperatingSystemCentOS,
 		providerconfigtypes.OperatingSystemFlatcar,
-		providerconfigtypes.OperatingSystemRHEL,
 		providerconfigtypes.OperatingSystemUbuntu,
-		providerconfigtypes.OperatingSystemRockyLinux,
 	}
 )
 
diff --git a/pkg/userdata/rhel/provider.go b/pkg/userdata/rhel/provider.go
deleted file mode 100644
index 8057adc96..000000000
--- a/pkg/userdata/rhel/provider.go
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RHEL.
-//
-
-package rhel
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/Masterminds/semver/v3"
-	"go.uber.org/zap"
-
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	userdatahelper "github.com/kubermatic/machine-controller/pkg/userdata/helper"
-)
-
-// Provider is a pkg/userdata/plugin.Provider implementation.
-type Provider struct{}
-
-// UserData renders user-data template to string.
-func (p Provider) UserData(log *zap.SugaredLogger, req plugin.UserDataRequest) (string, error) {
-	tmpl, err := template.New("user-data").Funcs(userdatahelper.TxtFuncMap(log)).Parse(userDataTemplate)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse user-data template: %w", err)
-	}
-
-	kubeletVersion, err := semver.NewVersion(req.MachineSpec.Versions.Kubelet)
-	if err != nil {
-		return "", fmt.Errorf("invalid kubelet version: %w", err)
-	}
-
-	pconfig, err := providerconfigtypes.GetConfig(req.MachineSpec.ProviderSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to get provider config: %w", err)
-	}
-
-	if pconfig.OverwriteCloudConfig != nil {
-		req.CloudConfig = *pconfig.OverwriteCloudConfig
-	}
-
-	if pconfig.Network.IsStaticIPConfig() {
-		return "", errors.New("static IP config is not supported with RHEL")
-	}
-
-	rhelConfig, err := LoadConfig(pconfig.OperatingSystemSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse OperatingSystemSpec: %w", err)
-	}
-
-	kubeconfigString, err := userdatahelper.StringifyKubeconfig(req.Kubeconfig)
-	if err != nil {
-		return "", err
-	}
-
-	kubernetesCACert, err := userdatahelper.GetCACert(req.Kubeconfig)
-	if err != nil {
-		return "", fmt.Errorf("error extracting cacert: %w", err)
-	}
-
-	crEngine := req.ContainerRuntime.Engine()
-	crScript, err := crEngine.ScriptFor(providerconfigtypes.OperatingSystemRHEL)
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime install script: %w", err)
-	}
-
-	crConfig, err := crEngine.Config()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime config: %w", err)
-	}
-
-	crAuthConfig, err := crEngine.AuthConfig()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime auth config: %w", err)
-	}
-
-	data := struct {
-		plugin.UserDataRequest
-		ProviderSpec                       *providerconfigtypes.Config
-		OSConfig                           *Config
-		KubeletVersion                     string
-		Kubeconfig                         string
-		KubernetesCACert                   string
-		NodeIPScript                       string
-		ExtraKubeletFlags                  []string
-		ContainerRuntimeScript             string
-		ContainerRuntimeConfigFileName     string
-		ContainerRuntimeConfig             string
-		ContainerRuntimeAuthConfigFileName string
-		ContainerRuntimeAuthConfig         string
-		ContainerRuntimeName               string
-	}{
-		UserDataRequest:                    req,
-		ProviderSpec:                       pconfig,
-		OSConfig:                           rhelConfig,
-		KubeletVersion:                     kubeletVersion.String(),
-		Kubeconfig:                         kubeconfigString,
-		KubernetesCACert:                   kubernetesCACert,
-		NodeIPScript:                       userdatahelper.SetupNodeIPEnvScript(pconfig.Network.GetIPFamily()),
-		ExtraKubeletFlags:                  crEngine.KubeletFlags(),
-		ContainerRuntimeScript:             crScript,
-		ContainerRuntimeConfigFileName:     crEngine.ConfigFileName(),
-		ContainerRuntimeConfig:             crConfig,
-		ContainerRuntimeAuthConfigFileName: crEngine.AuthConfigFileName(),
-		ContainerRuntimeAuthConfig:         crAuthConfig,
-		ContainerRuntimeName:               crEngine.String(),
-	}
-
-	var buf strings.Builder
-	if err = tmpl.Execute(&buf, data); err != nil {
-		return "", fmt.Errorf("failed to execute user-data template: %w", err)
-	}
-
-	return userdatahelper.CleanupTemplateOutput(buf.String())
-}
-
-// UserData template.
-const userDataTemplate = `#cloud-config
-bootcmd:
-- modprobe ip_tables
-{{ if ne .CloudProviderName "aws" }}
-hostname: {{ .MachineSpec.Name }}
-fqdn: {{ .MachineSpec.Name }}
-{{- /* Never set the hostname on AWS nodes. Kubernetes(kube-proxy) requires the hostname to be the private dns name */}}
-{{ end }}
-
-{{- if .OSConfig.DistUpgradeOnBoot }}
-package_upgrade: true
-package_reboot_if_required: true
-{{- end }}
-
-ssh_pwauth: false
-
-{{- if ne (len .ProviderSpec.SSHPublicKeys) 0 }}
-ssh_authorized_keys:
-{{- range .ProviderSpec.SSHPublicKeys }}
-  - "{{ . }}"
-{{- end }}
-{{- end }}
-
-write_files:
-{{- /* SysEleven block start */}}
-- path: "/opt/restart-kubelet.sh"
-  permissions: "0755"
-  content: |
-{{ kubeletRestartOnNotReadyScript | indent 4 }}
-
-- path: "/etc/systemd/system/kubelet-restart.service"
-  permissions: "0644"
-  content: |
-{{ kubeletRestartOnNotReadySystemdUnit | indent 4 }}
-{{- /* SysEleven block end */}}
-
-{{- if .HTTPProxy }}
-- path: "/etc/environment"
-  content: |
-{{ proxyEnvironment .HTTPProxy .NoProxy | indent 4 }}
-{{- end }}
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-{{ journalDConfig | indent 4 }}
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-{{ kernelModulesScript | indent 4 }}
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-{{ kernelSettings | indent 4 }}
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-
-{{- /* As we added some modules and don't want to reboot, restart the service */}}
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-    {{ if ne .CloudProviderName "aws" }}
-{{- /*  The normal way of setting it via cloud-init is broken, see */}}
-{{- /*  https://bugs.launchpad.net/cloud-init/+bug/1662542 */}}
-    hostnamectl set-hostname {{ .MachineSpec.Name }}
-    {{ end }}
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      {{- if or (eq .CloudProviderName "vsphere") (eq .CloudProviderName "vmware-cloud-director") }}
-      open-vm-tools \
-      {{- end }}
-      {{- if eq .CloudProviderName "nutanix" }}
-      iscsi-initiator-utils \
-      {{- end }}
-      ipvsadm
-
-    {{- /* iscsid service is required on Nutanix machines for CSI driver to attach volumes. */}}
-    {{- if eq .CloudProviderName "nutanix" }}
-    systemctl enable --now iscsid
-    {{ end }}
-{{ .ContainerRuntimeScript | indent 4 }}
-{{ safeDownloadBinariesScript .KubeletVersion | indent 4 }}
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    {{ if eq .CloudProviderName "vsphere" }}
-    systemctl enable --now vmtoolsd.service
-    {{ end -}}
-
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    {{- if eq .CloudProviderName "kubevirt" }}
-    systemctl enable --now --no-block restart-kubelet.service
-    {{ end }}
-    systemctl disable setup.service
-    systemctl disable disable-nm-cloud-setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-{{ kubeletSystemdUnit .ContainerRuntimeName .KubeletVersion .KubeletCloudProviderName .MachineSpec.Name .DNSIPs .ExternalCloudProvider .ProviderSpec.Network.GetIPFamily .PauseImage .MachineSpec.Taints .ExtraKubeletFlags true | indent 4 }}
-
-{{- if ne (len .CloudConfig) 0 }}
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-{{ .CloudConfig | indent 4 }}
-{{- end }}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-{{ .NodeIPScript | indent 4 }}
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-{{ .Kubeconfig | indent 4 }}
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-{{ kubeletConfiguration "cluster.local" .DNSIPs .KubeletFeatureGates .KubeletConfigs | indent 4 }}
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-{{ .KubernetesCACert | indent 4 }}
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: {{ .ContainerRuntimeConfigFileName }}
-  permissions: "0644"
-  content: |
-{{ .ContainerRuntimeConfig | indent 4 }}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-{{ kubeletHealthCheckSystemdUnit | indent 4 }}
-
-{{- with .ProviderSpec.CAPublicKey }}
-
-- path: "/etc/ssh/trusted-user-ca-keys.pem"
-  content: |
-{{ . | indent 4 }}
-
-- path: "/etc/ssh/sshd_config"
-  content: |
-{{ sshConfigAddendum | indent 4 }}
-  append: true
-{{- end }}
-
-- path: "/opt/bin/disable-nm-cloud-setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    if systemctl status 'nm-cloud-setup.timer' 2> /dev/null | grep -Fq "Active:"; then
-            systemctl stop nm-cloud-setup.timer
-            systemctl disable nm-cloud-setup.service
-            systemctl disable nm-cloud-setup.timer
-            reboot
-    fi
-
-- path: "/etc/systemd/system/disable-nm-cloud-setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/disable-nm-cloud-setup
-
-{{- if eq .CloudProviderName "kubevirt" }}
-- path: "/opt/bin/restart-kubelet.sh"
-  permissions: "0744"
-  content: |
-    #!/bin/bash
-    # Needed for Kubevirt provider because if the virt-launcher pod is deleted,
-    # the VM and DataVolume states are kept and VM is rebooted. We need to restart the kubelet
-    # with the new config (new IP) and run this at every boot.
-    set -xeuo pipefail
-
-    # This helps us avoid an unnecessary restart for kubelet on the first boot
-    if [ -f /etc/kubelet_needs_restart ]; then
-      # restart kubelet since it's not the first boot
-      systemctl daemon-reload
-      systemctl restart kubelet.service
-    else
-      touch /etc/kubelet_needs_restart
-    fi
-
-- path: "/etc/systemd/system/restart-kubelet.service"
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    Description=Service responsible for restarting kubelet when the machine is rebooted
-
-    [Service]
-    Type=oneshot
-    ExecStart=/opt/bin/restart-kubelet.sh
-
-    [Install]
-    WantedBy=multi-user.target
-{{- end }}
-
-rh_subscription:
-{{- if .OSConfig.RHELUseSatelliteServer }}
-    org: "{{.OSConfig.RHELOrganizationName}}"
-    activation-key: "{{.OSConfig.RHELActivationKey}}"
-    server-hostname: {{ .OSConfig.RHELSatelliteServer }}
-    rhsm-baseurl: https://{{ .OSConfig.RHELSatelliteServer }}/pulp/repos
-{{- else }}
-    username: "{{.OSConfig.RHELSubscriptionManagerUser}}"
-    password: "{{.OSConfig.RHELSubscriptionManagerPassword}}"
-    auto-attach: {{.OSConfig.AttachSubscription}}
-{{- end }}
-
-runcmd:
-- systemctl enable --now setup.service
-- systemctl enable --now disable-nm-cloud-setup.service
-`
diff --git a/pkg/userdata/rhel/provider_test.go b/pkg/userdata/rhel/provider_test.go
deleted file mode 100644
index 2337a1899..000000000
--- a/pkg/userdata/rhel/provider_test.go
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RHEL.
-//
-
-package rhel
-
-import (
-	"flag"
-	"net"
-	"testing"
-
-	"go.uber.org/zap"
-
-	clusterv1alpha1 "github.com/kubermatic/machine-controller/pkg/apis/cluster/v1alpha1"
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	"github.com/kubermatic/machine-controller/pkg/containerruntime"
-	testhelper "github.com/kubermatic/machine-controller/pkg/test"
-	"github.com/kubermatic/machine-controller/pkg/userdata/convert"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-var (
-	update = flag.Bool("update", false, "update testdata files")
-
-	pemCertificate = `-----BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-kPe6XoSbiLm/kxk32T0=
------END CERTIFICATE-----`
-)
-
-// fakeCloudConfigProvider simulates cloud config provider for test.
-type fakeCloudConfigProvider struct {
-	config string
-	name   string
-	err    error
-}
-
-func (p *fakeCloudConfigProvider) GetCloudConfig(_ clusterv1alpha1.MachineSpec) (config string, name string, err error) {
-	return p.config, p.name, p.err
-}
-
-// userDataTestCase contains the data for a table-driven test.
-type userDataTestCase struct {
-	name                  string
-	spec                  clusterv1alpha1.MachineSpec
-	clusterDNSIPs         []net.IP
-	cloudProviderName     *string
-	externalCloudProvider bool
-	httpProxy             string
-	noProxy               string
-	insecureRegistries    string
-	registryMirrors       string
-	pauseImage            string
-	containerruntime      string
-}
-
-// TestUserDataGeneration runs the data generation for different
-// environments.
-func TestUserDataGeneration(t *testing.T) {
-	t.Parallel()
-
-	tests := []userDataTestCase{
-		{
-			name: "kubelet-v1.28-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.28.5",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.0",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws-external",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-			externalCloudProvider: true,
-		},
-	}
-
-	defaultCloudProvider := &fakeCloudConfigProvider{
-		name:   "aws",
-		config: "{aws-config:true}",
-		err:    nil,
-	}
-	kubeconfig := &clientcmdapi.Config{
-		Clusters: map[string]*clientcmdapi.Cluster{
-			"": {
-				Server:                   "https://server:443",
-				CertificateAuthorityData: []byte(pemCertificate),
-			},
-		},
-		AuthInfos: map[string]*clientcmdapi.AuthInfo{
-			"": {
-				Token: "my-token",
-			},
-		},
-	}
-	provider := Provider{}
-
-	kubeletFeatureGates := map[string]bool{
-		"RotateKubeletServerCertificate": true,
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			emptyProviderSpec := clusterv1alpha1.ProviderSpec{
-				Value: &runtime.RawExtension{},
-			}
-			test.spec.ProviderSpec = emptyProviderSpec
-			var cloudProvider *fakeCloudConfigProvider
-			if test.cloudProviderName != nil {
-				cloudProvider = &fakeCloudConfigProvider{
-					name:   *test.cloudProviderName,
-					config: "{config:true}",
-					err:    nil,
-				}
-			} else {
-				cloudProvider = defaultCloudProvider
-			}
-			cloudConfig, cloudProviderName, err := cloudProvider.GetCloudConfig(test.spec)
-			if err != nil {
-				t.Fatalf("failed to get cloud config: %v", err)
-			}
-
-			containerRuntimeOpts := containerruntime.Opts{
-				ContainerRuntime:   test.containerruntime,
-				InsecureRegistries: test.insecureRegistries,
-				RegistryMirrors:    test.registryMirrors,
-			}
-			containerRuntimeConfig, err := containerruntime.BuildConfig(containerRuntimeOpts)
-			if err != nil {
-				t.Fatalf("failed to generate container runtime config: %v", err)
-			}
-
-			req := plugin.UserDataRequest{
-				MachineSpec:              test.spec,
-				Kubeconfig:               kubeconfig,
-				CloudConfig:              cloudConfig,
-				CloudProviderName:        cloudProviderName,
-				KubeletCloudProviderName: cloudProviderName,
-				DNSIPs:                   test.clusterDNSIPs,
-				ExternalCloudProvider:    test.externalCloudProvider,
-				HTTPProxy:                test.httpProxy,
-				NoProxy:                  test.noProxy,
-				PauseImage:               test.pauseImage,
-				KubeletFeatureGates:      kubeletFeatureGates,
-				ContainerRuntime:         containerRuntimeConfig,
-			}
-			s, err := provider.UserData(zap.NewNop().Sugar(), req)
-			if err != nil {
-				t.Errorf("error getting userdata: '%v'", err)
-			}
-
-			// Check if we can gzip it.
-			if _, err := convert.GzipString(s); err != nil {
-				t.Fatal(err)
-			}
-			goldenName := test.name + ".yaml"
-			testhelper.CompareOutput(t, goldenName, s, *update)
-		})
-	}
-}
-
-// stringPtr returns pointer to given string.
-func stringPtr(a string) *string {
-	return &a
-}
diff --git a/pkg/userdata/rhel/rhel.go b/pkg/userdata/rhel/rhel.go
deleted file mode 100644
index be6431a58..000000000
--- a/pkg/userdata/rhel/rhel.go
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
-Copyright 2019 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rhel
-
-import (
-	"encoding/json"
-
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-// Config contains specific configuration for RHEL.
-type Config struct {
-	DistUpgradeOnBoot               bool   `json:"distUpgradeOnBoot"`
-	RHELSubscriptionManagerUser     string `json:"rhelSubscriptionManagerUser,omitempty"`
-	RHELSubscriptionManagerPassword string `json:"rhelSubscriptionManagerPassword,omitempty"`
-	RHSMOfflineToken                string `json:"rhsmOfflineToken,omitempty"`
-	AttachSubscription              bool   `json:"attachSubscription"`
-	RHELUseSatelliteServer          bool   `json:"rhelUseSatelliteServer"`
-	RHELSatelliteServer             string `json:"rhelSatelliteServer"`
-	RHELOrganizationName            string `json:"rhelOrganizationName"`
-	RHELActivationKey               string `json:"rhelActivationKey"`
-}
-
-func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension {
-	if operatingSystemSpec.Raw == nil {
-		operatingSystemSpec.Raw, _ = json.Marshal(Config{})
-	}
-
-	return operatingSystemSpec
-}
-
-// LoadConfig retrieves the RHEL configuration from raw data.
-func LoadConfig(r runtime.RawExtension) (*Config, error) {
-	r = DefaultConfig(r)
-	cfg := Config{}
-
-	if err := json.Unmarshal(r.Raw, &cfg); err != nil {
-		return nil, err
-	}
-
-	return &cfg, nil
-}
-
-// Spec return the configuration as raw data.
-func (cfg *Config) Spec() (*runtime.RawExtension, error) {
-	ext := &runtime.RawExtension{}
-	b, err := json.Marshal(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	ext.Raw = b
-	return ext, nil
-}
diff --git a/pkg/userdata/rhel/testdata/kubelet-v1.28-aws.yaml b/pkg/userdata/rhel/testdata/kubelet-v1.28-aws.yaml
deleted file mode 100644
index c3cc9851c..000000000
--- a/pkg/userdata/rhel/testdata/kubelet-v1.28-aws.yaml
+++ /dev/null
@@ -1,532 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-- path: "/opt/restart-kubelet.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-
-    while true; do
-    	output=$(journalctl -u kubelet -n 1 | grep "use of closed network connection")
-    	if [[ $? != 0 ]]; then
-    	  echo "Error not found in logs"
-    	elif [[ $output ]]; then
-    	  echo "Restart kubelet"
-    	  systemctl restart kubelet
-    	fi
-
-    	# Runs every 10 minutes
-    	sleep 600
-    done
-
-- path: "/etc/systemd/system/kubelet-restart.service"
-  permissions: "0644"
-  content: |
-    [Unit]
-    Description=Restarts kubelet on use of closed network connection error
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/kubelet-restart.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.28.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-    systemctl disable disable-nm-cloud-setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-- path: "/opt/bin/disable-nm-cloud-setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    if systemctl status 'nm-cloud-setup.timer' 2> /dev/null | grep -Fq "Active:"; then
-            systemctl stop nm-cloud-setup.timer
-            systemctl disable nm-cloud-setup.service
-            systemctl disable nm-cloud-setup.timer
-            reboot
-    fi
-
-- path: "/etc/systemd/system/disable-nm-cloud-setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/disable-nm-cloud-setup
-
-rh_subscription:
-    username: ""
-    password: ""
-    auto-attach: false
-
-runcmd:
-- systemctl enable --now setup.service
-- systemctl enable --now disable-nm-cloud-setup.service
diff --git a/pkg/userdata/rhel/testdata/kubelet-v1.29-aws.yaml b/pkg/userdata/rhel/testdata/kubelet-v1.29-aws.yaml
deleted file mode 100644
index b2b01ef42..000000000
--- a/pkg/userdata/rhel/testdata/kubelet-v1.29-aws.yaml
+++ /dev/null
@@ -1,532 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-- path: "/opt/restart-kubelet.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-
-    while true; do
-    	output=$(journalctl -u kubelet -n 1 | grep "use of closed network connection")
-    	if [[ $? != 0 ]]; then
-    	  echo "Error not found in logs"
-    	elif [[ $output ]]; then
-    	  echo "Restart kubelet"
-    	  systemctl restart kubelet
-    	fi
-
-    	# Runs every 10 minutes
-    	sleep 600
-    done
-
-- path: "/etc/systemd/system/kubelet-restart.service"
-  permissions: "0644"
-  content: |
-    [Unit]
-    Description=Restarts kubelet on use of closed network connection error
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/kubelet-restart.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-    systemctl disable disable-nm-cloud-setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-- path: "/opt/bin/disable-nm-cloud-setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    if systemctl status 'nm-cloud-setup.timer' 2> /dev/null | grep -Fq "Active:"; then
-            systemctl stop nm-cloud-setup.timer
-            systemctl disable nm-cloud-setup.service
-            systemctl disable nm-cloud-setup.timer
-            reboot
-    fi
-
-- path: "/etc/systemd/system/disable-nm-cloud-setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/disable-nm-cloud-setup
-
-rh_subscription:
-    username: ""
-    password: ""
-    auto-attach: false
-
-runcmd:
-- systemctl enable --now setup.service
-- systemctl enable --now disable-nm-cloud-setup.service
diff --git a/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws-external.yaml b/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws-external.yaml
deleted file mode 100644
index 5f992d1e1..000000000
--- a/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws-external.yaml
+++ /dev/null
@@ -1,532 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-- path: "/opt/restart-kubelet.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-
-    while true; do
-    	output=$(journalctl -u kubelet -n 1 | grep "use of closed network connection")
-    	if [[ $? != 0 ]]; then
-    	  echo "Error not found in logs"
-    	elif [[ $output ]]; then
-    	  echo "Restart kubelet"
-    	  systemctl restart kubelet
-    	fi
-
-    	# Runs every 10 minutes
-    	sleep 600
-    done
-
-- path: "/etc/systemd/system/kubelet-restart.service"
-  permissions: "0644"
-  content: |
-    [Unit]
-    Description=Restarts kubelet on use of closed network connection error
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/kubelet-restart.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-    systemctl disable disable-nm-cloud-setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=external \
-      --hostname-override=${KUBELET_HOSTNAME} \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-- path: "/opt/bin/disable-nm-cloud-setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    if systemctl status 'nm-cloud-setup.timer' 2> /dev/null | grep -Fq "Active:"; then
-            systemctl stop nm-cloud-setup.timer
-            systemctl disable nm-cloud-setup.service
-            systemctl disable nm-cloud-setup.timer
-            reboot
-    fi
-
-- path: "/etc/systemd/system/disable-nm-cloud-setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/disable-nm-cloud-setup
-
-rh_subscription:
-    username: ""
-    password: ""
-    auto-attach: false
-
-runcmd:
-- systemctl enable --now setup.service
-- systemctl enable --now disable-nm-cloud-setup.service
diff --git a/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws.yaml b/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws.yaml
deleted file mode 100644
index d57d39d41..000000000
--- a/pkg/userdata/rhel/testdata/kubelet-v1.29.2-aws.yaml
+++ /dev/null
@@ -1,532 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-- path: "/opt/restart-kubelet.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-
-    while true; do
-    	output=$(journalctl -u kubelet -n 1 | grep "use of closed network connection")
-    	if [[ $? != 0 ]]; then
-    	  echo "Error not found in logs"
-    	elif [[ $output ]]; then
-    	  echo "Restart kubelet"
-    	  systemctl restart kubelet
-    	fi
-
-    	# Runs every 10 minutes
-    	sleep 600
-    done
-
-- path: "/etc/systemd/system/kubelet-restart.service"
-  permissions: "0644"
-  content: |
-    [Unit]
-    Description=Restarts kubelet on use of closed network connection error
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/kubelet-restart.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-    systemctl disable disable-nm-cloud-setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-- path: "/opt/bin/disable-nm-cloud-setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    if systemctl status 'nm-cloud-setup.timer' 2> /dev/null | grep -Fq "Active:"; then
-            systemctl stop nm-cloud-setup.timer
-            systemctl disable nm-cloud-setup.service
-            systemctl disable nm-cloud-setup.timer
-            reboot
-    fi
-
-- path: "/etc/systemd/system/disable-nm-cloud-setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/disable-nm-cloud-setup
-
-rh_subscription:
-    username: ""
-    password: ""
-    auto-attach: false
-
-runcmd:
-- systemctl enable --now setup.service
-- systemctl enable --now disable-nm-cloud-setup.service
diff --git a/pkg/userdata/rockylinux/provider.go b/pkg/userdata/rockylinux/provider.go
deleted file mode 100644
index 06f2633de..000000000
--- a/pkg/userdata/rockylinux/provider.go
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
-Copyright 2022 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RockyLinux.
-//
-
-package rockylinux
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/Masterminds/semver/v3"
-	"go.uber.org/zap"
-
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	providerconfigtypes "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
-	userdatahelper "github.com/kubermatic/machine-controller/pkg/userdata/helper"
-)
-
-// Provider is a pkg/userdata/plugin.Provider implementation.
-type Provider struct{}
-
-// UserData renders user-data template to string.
-func (p Provider) UserData(log *zap.SugaredLogger, req plugin.UserDataRequest) (string, error) {
-	tmpl, err := template.New("user-data").Funcs(userdatahelper.TxtFuncMap(log)).Parse(userDataTemplate)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse user-data template: %w", err)
-	}
-
-	kubeletVersion, err := semver.NewVersion(req.MachineSpec.Versions.Kubelet)
-	if err != nil {
-		return "", fmt.Errorf("invalid kubelet version: %w", err)
-	}
-
-	pconfig, err := providerconfigtypes.GetConfig(req.MachineSpec.ProviderSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to get provider config: %w", err)
-	}
-
-	if pconfig.OverwriteCloudConfig != nil {
-		req.CloudConfig = *pconfig.OverwriteCloudConfig
-	}
-
-	if pconfig.Network.IsStaticIPConfig() {
-		return "", errors.New("static IP config is not supported with RockyLinux")
-	}
-
-	rockyLinuxConfig, err := LoadConfig(pconfig.OperatingSystemSpec)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse OperatingSystemSpec: %w", err)
-	}
-
-	kubeconfigString, err := userdatahelper.StringifyKubeconfig(req.Kubeconfig)
-	if err != nil {
-		return "", err
-	}
-
-	kubernetesCACert, err := userdatahelper.GetCACert(req.Kubeconfig)
-	if err != nil {
-		return "", fmt.Errorf("error extracting cacert: %w", err)
-	}
-
-	crEngine := req.ContainerRuntime.Engine()
-	crScript, err := crEngine.ScriptFor(providerconfigtypes.OperatingSystemRockyLinux)
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime install script: %w", err)
-	}
-
-	crConfig, err := crEngine.Config()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime config: %w", err)
-	}
-
-	crAuthConfig, err := crEngine.AuthConfig()
-	if err != nil {
-		return "", fmt.Errorf("failed to generate container runtime auth config: %w", err)
-	}
-
-	data := struct {
-		plugin.UserDataRequest
-		ProviderSpec                       *providerconfigtypes.Config
-		OSConfig                           *Config
-		KubeletVersion                     string
-		Kubeconfig                         string
-		KubernetesCACert                   string
-		NodeIPScript                       string
-		ExtraKubeletFlags                  []string
-		ContainerRuntimeScript             string
-		ContainerRuntimeConfigFileName     string
-		ContainerRuntimeConfig             string
-		ContainerRuntimeAuthConfigFileName string
-		ContainerRuntimeAuthConfig         string
-		ContainerRuntimeName               string
-	}{
-		UserDataRequest:                    req,
-		ProviderSpec:                       pconfig,
-		OSConfig:                           rockyLinuxConfig,
-		KubeletVersion:                     kubeletVersion.String(),
-		Kubeconfig:                         kubeconfigString,
-		KubernetesCACert:                   kubernetesCACert,
-		NodeIPScript:                       userdatahelper.SetupNodeIPEnvScript(pconfig.Network.GetIPFamily()),
-		ExtraKubeletFlags:                  crEngine.KubeletFlags(),
-		ContainerRuntimeScript:             crScript,
-		ContainerRuntimeConfigFileName:     crEngine.ConfigFileName(),
-		ContainerRuntimeConfig:             crConfig,
-		ContainerRuntimeAuthConfigFileName: crEngine.AuthConfigFileName(),
-		ContainerRuntimeAuthConfig:         crAuthConfig,
-		ContainerRuntimeName:               crEngine.String(),
-	}
-
-	buf := strings.Builder{}
-	if err = tmpl.Execute(&buf, data); err != nil {
-		return "", fmt.Errorf("failed to execute user-data template: %w", err)
-	}
-
-	return userdatahelper.CleanupTemplateOutput(buf.String())
-}
-
-// UserData template.
-const userDataTemplate = `#cloud-config
-bootcmd:
-- modprobe ip_tables
-{{ if ne .CloudProviderName "aws" }}
-hostname: {{ .MachineSpec.Name }}
-{{- /* Never set the hostname on AWS nodes. Kubernetes(kube-proxy) requires the hostname to be the private dns name */}}
-{{ end }}
-
-{{- if .OSConfig.DistUpgradeOnBoot }}
-package_upgrade: true
-package_reboot_if_required: true
-{{- end }}
-
-ssh_pwauth: false
-
-{{- if ne (len .ProviderSpec.SSHPublicKeys) 0 }}
-ssh_authorized_keys:
-{{- range .ProviderSpec.SSHPublicKeys }}
-  - "{{ . }}"
-{{- end }}
-{{- end }}
-
-write_files:
-{{- if .HTTPProxy }}
-- path: "/etc/environment"
-  content: |
-{{ proxyEnvironment .HTTPProxy .NoProxy | indent 4 }}
-{{- end }}
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-{{ journalDConfig | indent 4 }}
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-{{ kernelModulesScript | indent 4 }}
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-{{ kernelSettings | indent 4 }}
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-
-{{- /* As we added some modules and don't want to reboot, restart the service */}}
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    {{ if ne .CloudProviderName "aws" }}
-{{- /*  The normal way of setting it via cloud-init is broken, see */}}
-{{- /*  https://bugs.launchpad.net/cloud-init/+bug/1662542 */}}
-    hostnamectl set-hostname {{ .MachineSpec.Name }}
-    {{ end -}}
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      {{- if or (eq .CloudProviderName "vsphere") (eq .CloudProviderName "vmware-cloud-director") }}
-      open-vm-tools \
-      {{- end }}
-      {{- if eq .CloudProviderName "nutanix" }}
-      iscsi-initiator-utils \
-      {{- end }}
-      ipvsadm
-
-    {{- /* iscsid service is required on Nutanix machines for CSI driver to attach volumes. */}}
-    {{- if eq .CloudProviderName "nutanix" }}
-    systemctl enable --now iscsid
-    {{ end }}
-{{ .ContainerRuntimeScript | indent 4 }}
-{{ safeDownloadBinariesScript .KubeletVersion | indent 4 }}
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    {{ if eq .CloudProviderName "vsphere" }}
-    systemctl enable --now vmtoolsd.service
-    {{ end -}}
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-{{ kubeletSystemdUnit .ContainerRuntimeName .KubeletVersion .KubeletCloudProviderName .MachineSpec.Name .DNSIPs .ExternalCloudProvider .ProviderSpec.Network.GetIPFamily .PauseImage .MachineSpec.Taints .ExtraKubeletFlags true | indent 4 }}
-
-{{- if ne (len .CloudConfig) 0 }}
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-{{ .CloudConfig | indent 4 }}
-{{- end }}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-{{ .NodeIPScript | indent 4 }}
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-{{ .Kubeconfig | indent 4 }}
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-{{ kubeletConfiguration "cluster.local" .DNSIPs .KubeletFeatureGates .KubeletConfigs | indent 4 }}
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-{{ .KubernetesCACert | indent 4 }}
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: {{ .ContainerRuntimeConfigFileName }}
-  permissions: "0644"
-  content: |
-{{ .ContainerRuntimeConfig | indent 4 }}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-{{ kubeletHealthCheckSystemdUnit | indent 4 }}
-
-{{- with .ProviderSpec.CAPublicKey }}
-
-- path: "/etc/ssh/trusted-user-ca-keys.pem"
-  content: |
-{{ . | indent 4 }}
-
-- path: "/etc/ssh/sshd_config"
-  content: |
-{{ sshConfigAddendum | indent 4 }}
-  append: true
-{{- end }}
-
-runcmd:
-- systemctl enable --now setup.service
-`
diff --git a/pkg/userdata/rockylinux/provider_test.go b/pkg/userdata/rockylinux/provider_test.go
deleted file mode 100644
index 259b9ca1b..000000000
--- a/pkg/userdata/rockylinux/provider_test.go
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
-Copyright 2022 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-//
-// UserData plugin for RockyLinux.
-//
-
-package rockylinux
-
-import (
-	"flag"
-	"net"
-	"testing"
-
-	"go.uber.org/zap"
-
-	clusterv1alpha1 "github.com/kubermatic/machine-controller/pkg/apis/cluster/v1alpha1"
-	"github.com/kubermatic/machine-controller/pkg/apis/plugin"
-	"github.com/kubermatic/machine-controller/pkg/containerruntime"
-	testhelper "github.com/kubermatic/machine-controller/pkg/test"
-	"github.com/kubermatic/machine-controller/pkg/userdata/convert"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-var (
-	update = flag.Bool("update", false, "update testdata files")
-
-	pemCertificate = `-----BEGIN CERTIFICATE-----
-MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-kPe6XoSbiLm/kxk32T0=
------END CERTIFICATE-----`
-)
-
-// fakeCloudConfigProvider simulates cloud config provider for test.
-type fakeCloudConfigProvider struct {
-	config string
-	name   string
-	err    error
-}
-
-func (p *fakeCloudConfigProvider) GetCloudConfig(_ clusterv1alpha1.MachineSpec) (config string, name string, err error) {
-	return p.config, p.name, p.err
-}
-
-// userDataTestCase contains the data for a table-driven test.
-type userDataTestCase struct {
-	name                  string
-	spec                  clusterv1alpha1.MachineSpec
-	clusterDNSIPs         []net.IP
-	cloudProviderName     *string
-	externalCloudProvider bool
-	httpProxy             string
-	noProxy               string
-	insecureRegistries    string
-	registryMirrors       string
-	pauseImage            string
-	containerruntime      string
-}
-
-// TestUserDataGeneration runs the data generation for different
-// environments.
-func TestUserDataGeneration(t *testing.T) {
-	t.Parallel()
-
-	tests := []userDataTestCase{
-		{
-			name: "kubelet-v1.28-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.28.5",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-		},
-		{
-			name: "kubelet-v1.29.2-aws-external",
-			spec: clusterv1alpha1.MachineSpec{
-				ObjectMeta: metav1.ObjectMeta{Name: "node1"},
-				Versions: clusterv1alpha1.MachineVersionInfo{
-					Kubelet: "1.29.2",
-				},
-			},
-			externalCloudProvider: true,
-		},
-	}
-
-	defaultCloudProvider := &fakeCloudConfigProvider{
-		name:   "aws",
-		config: "{aws-config:true}",
-		err:    nil,
-	}
-	kubeconfig := &clientcmdapi.Config{
-		Clusters: map[string]*clientcmdapi.Cluster{
-			"": {
-				Server:                   "https://server:443",
-				CertificateAuthorityData: []byte(pemCertificate),
-			},
-		},
-		AuthInfos: map[string]*clientcmdapi.AuthInfo{
-			"": {
-				Token: "my-token",
-			},
-		},
-	}
-	provider := Provider{}
-
-	kubeletFeatureGates := map[string]bool{
-		"RotateKubeletServerCertificate": true,
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			emptyProviderSpec := clusterv1alpha1.ProviderSpec{
-				Value: &runtime.RawExtension{},
-			}
-			test.spec.ProviderSpec = emptyProviderSpec
-			var cloudProvider *fakeCloudConfigProvider
-			if test.cloudProviderName != nil {
-				cloudProvider = &fakeCloudConfigProvider{
-					name:   *test.cloudProviderName,
-					config: "{config:true}",
-					err:    nil,
-				}
-			} else {
-				cloudProvider = defaultCloudProvider
-			}
-			cloudConfig, cloudProviderName, err := cloudProvider.GetCloudConfig(test.spec)
-			if err != nil {
-				t.Fatalf("failed to get cloud config: %v", err)
-			}
-
-			containerRuntimeOpts := containerruntime.Opts{
-				ContainerRuntime:   test.containerruntime,
-				InsecureRegistries: test.insecureRegistries,
-				RegistryMirrors:    test.registryMirrors,
-			}
-			containerRuntimeConfig, err := containerruntime.BuildConfig(containerRuntimeOpts)
-			if err != nil {
-				t.Fatalf("failed to generate container runtime config: %v", err)
-			}
-
-			req := plugin.UserDataRequest{
-				MachineSpec:              test.spec,
-				Kubeconfig:               kubeconfig,
-				CloudConfig:              cloudConfig,
-				CloudProviderName:        cloudProviderName,
-				KubeletCloudProviderName: cloudProviderName,
-				DNSIPs:                   test.clusterDNSIPs,
-				ExternalCloudProvider:    test.externalCloudProvider,
-				HTTPProxy:                test.httpProxy,
-				NoProxy:                  test.noProxy,
-				PauseImage:               test.pauseImage,
-				KubeletFeatureGates:      kubeletFeatureGates,
-				ContainerRuntime:         containerRuntimeConfig,
-			}
-
-			s, err := provider.UserData(zap.NewNop().Sugar(), req)
-			if err != nil {
-				t.Errorf("error getting userdata: '%v'", err)
-			}
-
-			// Check if we can gzip it.
-			if _, err := convert.GzipString(s); err != nil {
-				t.Fatal(err)
-			}
-			goldenName := test.name + ".yaml"
-			testhelper.CompareOutput(t, goldenName, s, *update)
-		})
-	}
-}
-
-// stringPtr returns pointer to given string.
-func stringPtr(a string) *string {
-	return &a
-}
diff --git a/pkg/userdata/rockylinux/rockylinux.go b/pkg/userdata/rockylinux/rockylinux.go
deleted file mode 100644
index f27b2c884..000000000
--- a/pkg/userdata/rockylinux/rockylinux.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-Copyright 2022 The Machine Controller Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rockylinux
-
-import (
-	"encoding/json"
-
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-// Config contains specific configuration for RockyLinux.
-type Config struct {
-	DistUpgradeOnBoot bool `json:"distUpgradeOnBoot"`
-}
-
-func DefaultConfig(operatingSystemSpec runtime.RawExtension) runtime.RawExtension {
-	if operatingSystemSpec.Raw == nil {
-		operatingSystemSpec.Raw, _ = json.Marshal(Config{})
-	}
-
-	return operatingSystemSpec
-}
-
-// LoadConfig retrieves the RockyLinux configuration from raw data.
-func LoadConfig(r runtime.RawExtension) (*Config, error) {
-	r = DefaultConfig(r)
-	cfg := Config{}
-
-	if err := json.Unmarshal(r.Raw, &cfg); err != nil {
-		return nil, err
-	}
-	return &cfg, nil
-}
-
-// Spec return the configuration as raw data.
-func (cfg *Config) Spec() (*runtime.RawExtension, error) {
-	ext := &runtime.RawExtension{}
-	b, err := json.Marshal(cfg)
-	if err != nil {
-		return nil, err
-	}
-
-	ext.Raw = b
-	return ext, nil
-}
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.22-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.22-aws.yaml
deleted file mode 100644
index 519923421..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.22-aws.yaml
+++ /dev/null
@@ -1,439 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    mkdir -p /etc/systemd/system/containerd.service.d /etc/systemd/system/docker.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf /etc/systemd/system/docker.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y \
-        docker-ce-cli-20.10* \
-        containerd.io-1.4* \
-        docker-ce-20.10* \
-        yum-plugin-versionlock
-    yum versionlock add docker-ce* containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now docker
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/dynamic-config-dir /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v0.8.7}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///')
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.22.7}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=docker.service
-    Requires=docker.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime=docker \
-      --container-runtime-endpoint=unix:///var/run/dockershim.sock \
-      --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \
-      --feature-gates=DynamicKubeletConfig=true \
-      --network-plugin=cni \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/docker/daemon.json
-  permissions: "0644"
-  content: |
-    {"exec-opts":["native.cgroupdriver=systemd"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-file":"5","max-size":"100m"}}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl start setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.23-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.23-aws.yaml
deleted file mode 100644
index 361473bf0..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.23-aws.yaml
+++ /dev/null
@@ -1,437 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    mkdir -p /etc/systemd/system/containerd.service.d /etc/systemd/system/docker.service.d
-
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf /etc/systemd/system/docker.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y \
-        docker-ce-cli-20.10* \
-        containerd.io-1.4* \
-        docker-ce-20.10* \
-        yum-plugin-versionlock
-    yum versionlock add docker-ce* containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now docker
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/dynamic-config-dir /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v0.8.7}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///')
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.23.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=docker.service
-    Requires=docker.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime=docker \
-      --container-runtime-endpoint=unix:///var/run/dockershim.sock \
-      --network-plugin=cni \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/docker/daemon.json
-  permissions: "0644"
-  content: |
-    {"exec-opts":["native.cgroupdriver=systemd"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-file":"5","max-size":"100m"}}
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl start setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.25-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.25-aws.yaml
deleted file mode 100644
index 999b540d8..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.25-aws.yaml
+++ /dev/null
@@ -1,465 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.25.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.28-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.28-aws.yaml
deleted file mode 100644
index 837fd1b23..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.28-aws.yaml
+++ /dev/null
@@ -1,467 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.28.5}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.29-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.29-aws.yaml
deleted file mode 100644
index 696a7c258..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.29-aws.yaml
+++ /dev/null
@@ -1,467 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.0}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws-external.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws-external.yaml
deleted file mode 100644
index 11d4239a6..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws-external.yaml
+++ /dev/null
@@ -1,467 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=external \
-      --hostname-override=${KUBELET_HOSTNAME} \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws.yaml b/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws.yaml
deleted file mode 100644
index c09cd290d..000000000
--- a/pkg/userdata/rockylinux/testdata/kubelet-v1.29.2-aws.yaml
+++ /dev/null
@@ -1,467 +0,0 @@
-#cloud-config
-bootcmd:
-- modprobe ip_tables
-
-
-ssh_pwauth: false
-
-write_files:
-
-- path: "/etc/systemd/journald.conf.d/max_disk_use.conf"
-  content: |
-    [Journal]
-    SystemMaxUse=5G
-
-
-- path: "/opt/load-kernel-modules.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    set -euo pipefail
-
-    modprobe ip_vs
-    modprobe ip_vs_rr
-    modprobe ip_vs_wrr
-    modprobe ip_vs_sh
-
-    if modinfo nf_conntrack_ipv4 &> /dev/null; then
-      modprobe nf_conntrack_ipv4
-    else
-      modprobe nf_conntrack
-    fi
-
-
-- path: "/etc/sysctl.d/k8s.conf"
-  content: |
-    net.bridge.bridge-nf-call-ip6tables = 1
-    net.bridge.bridge-nf-call-iptables = 1
-    kernel.panic_on_oops = 1
-    kernel.panic = 10
-    net.ipv4.ip_forward = 1
-    vm.overcommit_memory = 1
-    fs.inotify.max_user_watches = 1048576
-    fs.inotify.max_user_instances = 8192
-
-
-- path: /etc/selinux/config
-  content: |
-    # This file controls the state of SELinux on the system.
-    # SELINUX= can take one of these three values:
-    #     enforcing - SELinux security policy is enforced.
-    #     permissive - SELinux prints warnings instead of enforcing.
-    #     disabled - No SELinux policy is loaded.
-    SELINUX=permissive
-    # SELINUXTYPE= can take one of three two values:
-    #     targeted - Targeted processes are protected,
-    #     minimum - Modification of targeted policy. Only selected processes are protected.
-    #     mls - Multi Level Security protection.
-    SELINUXTYPE=targeted
-
-- path: "/opt/bin/setup"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-
-    setenforce 0 || true
-    systemctl restart systemd-modules-load.service
-    sysctl --system
-
-    yum install -y \
-      device-mapper-persistent-data \
-      lvm2 \
-      ebtables \
-      ethtool \
-      nfs-utils \
-      bash-completion \
-      sudo \
-      socat \
-      wget \
-      curl \
-      tar \
-      ipvsadm
-
-    yum install -y yum-utils
-    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-    yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true
-
-    cat <<EOF | tee /etc/crictl.yaml
-    runtime-endpoint: unix:///run/containerd/containerd.sock
-    EOF
-
-    mkdir -p /etc/systemd/system/containerd.service.d
-    cat <<EOF | tee /etc/systemd/system/containerd.service.d/environment.conf
-    [Service]
-    Restart=always
-    EnvironmentFile=-/etc/environment
-    EOF
-
-    yum install -y containerd.io-1.6* yum-plugin-versionlock
-    yum versionlock add containerd.io
-
-    systemctl daemon-reload
-    systemctl enable --now containerd
-
-    opt_bin=/opt/bin
-    usr_local_bin=/usr/local/bin
-    cni_bin_dir=/opt/cni/bin
-    mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir"
-    arch=${HOST_ARCH-}
-    if [ -z "$arch" ]
-    then
-    case $(uname -m) in
-    x86_64)
-        arch="amd64"
-        ;;
-    aarch64)
-        arch="arm64"
-        ;;
-    *)
-        echo "unsupported CPU architecture, exiting"
-        exit 1
-        ;;
-    esac
-    fi
-    CNI_VERSION="${CNI_VERSION:-v1.2.0}"
-    cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION"
-    cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz"
-    curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename"
-    cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256")
-    cd "$cni_bin_dir"
-    sha256sum -c <<<"$cni_sum"
-    tar xvf "$cni_filename"
-    rm -f "$cni_filename"
-    cd -
-    CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.27.0}"
-    cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}"
-    cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz"
-    curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename"
-    cri_tools_sum_value=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256")
-    cri_tools_sum="$cri_tools_sum_value $cri_tools_filename"
-    cd "$opt_bin"
-    sha256sum -c <<<"$cri_tools_sum"
-    tar xvf "$cri_tools_filename"
-    rm -f "$cri_tools_filename"
-    ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped"
-    cd -
-    KUBE_VERSION="${KUBE_VERSION:-v1.29.2}"
-    kube_dir="$opt_bin/kubernetes-$KUBE_VERSION"
-    kube_base_url="https://dl.k8s.io/$KUBE_VERSION/bin/linux/$arch"
-    kube_sum_file="$kube_dir/sha256"
-    mkdir -p "$kube_dir"
-    : >"$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin"
-        chmod +x "$kube_dir/$bin"
-        sum=$(curl -Lf "$kube_base_url/$bin.sha256")
-        echo "$sum  $kube_dir/$bin" >>"$kube_sum_file"
-    done
-    sha256sum -c "$kube_sum_file"
-
-    for bin in kubelet kubeadm kubectl; do
-        ln -sf "$kube_dir/$bin" "$opt_bin"/$bin
-    done
-
-    if [[ ! -x /opt/bin/health-monitor.sh ]]; then
-        curl -Lfo /opt/bin/health-monitor.sh https://raw.githubusercontent.com/kubermatic/machine-controller/7967a0af2b75f29ad2ab227eeaa26ea7b0f2fbde/pkg/userdata/scripts/health-monitor.sh
-        chmod +x /opt/bin/health-monitor.sh
-    fi
-
-    DEFAULT_IFC_NAME=$(ip -o route get 1  | grep -oP "dev \K\S+")
-    IFC_CFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME
-    # Enable IPv6 and DHCPv6 on the default interface
-    grep IPV6INIT $IFC_CFG_FILE && sed -i '/IPV6INIT*/c IPV6INIT=yes' $IFC_CFG_FILE || echo "IPV6INIT=yes" >> $IFC_CFG_FILE
-    grep DHCPV6C $IFC_CFG_FILE && sed -i '/DHCPV6C*/c DHCPV6C=yes' $IFC_CFG_FILE || echo "DHCPV6C=yes" >> $IFC_CFG_FILE
-    grep IPV6_AUTOCONF $IFC_CFG_FILE && sed -i '/IPV6_AUTOCONF*/c IPV6_AUTOCONF=yes' $IFC_CFG_FILE || echo "IPV6_AUTOCONF=yes" >> $IFC_CFG_FILE
-
-    # Restart NetworkManager to apply for IPv6 configs
-    systemctl restart NetworkManager
-    # Let NetworkManager apply the DHCPv6 configs
-    sleep 3
-
-    # set kubelet nodeip environment variable
-    mkdir -p /etc/systemd/system/kubelet.service.d/
-    /opt/bin/setup_net_env.sh
-
-    systemctl disable --now firewalld || true
-    systemctl enable --now kubelet
-    systemctl enable --now --no-block kubelet-healthcheck.service
-    systemctl disable setup.service
-
-- path: "/opt/bin/supervise.sh"
-  permissions: "0755"
-  content: |
-    #!/bin/bash
-    set -xeuo pipefail
-    while ! "$@"; do
-      sleep 1
-    done
-
-- path: "/opt/disable-swap.sh"
-  permissions: "0755"
-  content: |
-    # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud
-    # providers swap gets enabled on reboot or after the setup script has finished executing.
-    sed -i.orig '/.*swap.*/d' /etc/fstab
-    swapoff -a
-
-- path: "/etc/systemd/system/kubelet.service"
-  content: |
-    [Unit]
-    After=containerd.service
-    Requires=containerd.service
-
-    Description=kubelet: The Kubernetes Node Agent
-    Documentation=https://kubernetes.io/docs/home/
-
-    [Service]
-    User=root
-    Restart=always
-    StartLimitInterval=0
-    RestartSec=10
-    CPUAccounting=true
-    MemoryAccounting=true
-
-    Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/"
-    EnvironmentFile=-/etc/environment
-
-    ExecStartPre=/bin/bash /opt/load-kernel-modules.sh
-
-    ExecStartPre=/bin/bash /opt/disable-swap.sh
-
-    ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh
-    ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \
-      --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-      --kubeconfig=/var/lib/kubelet/kubeconfig \
-      --config=/etc/kubernetes/kubelet.conf \
-      --cert-dir=/etc/kubernetes/pki \
-      --cloud-provider=aws \
-      --cloud-config=/etc/kubernetes/cloud-config \
-      --exit-on-lock-contention \
-      --lock-file=/tmp/kubelet.lock \
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
-      --node-ip ${KUBELET_NODE_IP}
-
-    [Install]
-    WantedBy=multi-user.target
-- path: "/etc/kubernetes/cloud-config"
-  permissions: "0600"
-  content: |
-    {aws-config:true}
-
-- path: "/opt/bin/setup_net_env.sh"
-  permissions: "0755"
-  content: |
-    #!/usr/bin/env bash
-    echodate() {
-      echo "[$(date -Is)]" "$@"
-    }
-
-    # get the default interface IP address
-    DEFAULT_IFC_IP=$(ip -o  route get 1 | grep -oP "src \K\S+")
-
-    # get the full hostname
-    FULL_HOSTNAME=$(hostname -f)
-
-    if [ -z "${DEFAULT_IFC_IP}" ]
-    then
-    	echodate "Failed to get IP address for the default route interface"
-    	exit 1
-    fi
-
-    # write the nodeip_env file
-    # we need the line below because flatcar has the same string "coreos" in that file
-    if grep -q coreos /etc/os-release
-    then
-      echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf
-    elif [ ! -d /etc/systemd/system/kubelet.service.d ]
-    then
-    	echodate "Can't find kubelet service extras directory"
-    	exit 1
-    else
-      echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf
-    fi
-
-
-- path: "/etc/kubernetes/bootstrap-kubelet.conf"
-  permissions: "0600"
-  content: |
-    apiVersion: v1
-    clusters:
-    - cluster:
-        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJRwpBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzCkRRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAKTmpBMVdqQjdNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2CmMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdDVmQWpwNGZUY2VrV1VUZnpzcDBreWloMU9ZYnNHTDBLWDFlUmJTUwpSOE9kMCs5UTYySHlueStHRndNVGI0QS9LVThtc3NvSHZjY2VTQUFid2ZieEZLLytzNTFUb2JxVW5PUlpyT29UClpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWsKSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTL1BsUGJVajJxN1lub1ZMcG9zVUJNbGdVYi9DeWtYMwptT29MYjR5SkpReUEvaVNUNlp4aUlFajM2RDR5V1o1bGc3WUpsK1VpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXCmNhaVc4TFdaU1VROTNqUStXVkNIOGhUN0RRTzFkbXN2VW1YbHEvSmVBbHdRL1FJREFRQUJvNEhnTUlIZE1CMEcKQTFVZERnUVdCQlJjQVJPdGhTNFA0VTd2VGZqQnlDNTY5UjdFNkRDQnJRWURWUjBqQklHbE1JR2lnQlJjQVJPdApoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRi9wSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CCk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJRd0VnWURWUVFLRXd0Q2NtRmtabWwwZW1sdVl6RVMKTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdgpiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoClU5ZjlzTkgwLzZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWsvWGtEalFtKzNsempUMGlHUjRJeEUvQW8KZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIvTG5EVWpzNVlqOWJyUDBOV3pYZllVNApVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0ramU2dm9ECjU4U05WRVVzenR6UXlYbUpFaENwd1ZJMEE2UUNqelhqK3F2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24Kc0g5QkJIMzgvU3pVbUFONFFIU1B5MWdqcW0wME9BRThOYVlEa2gvYnpFNGQ3bUxHR01XcC9XRTNLUFN1ODJIRgprUGU2WG9TYmlMbS9reGszMlQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
-        server: https://server:443
-      name: ""
-    contexts: null
-    current-context: ""
-    kind: Config
-    preferences: {}
-    users:
-    - name: ""
-      user:
-        token: my-token
-
-
-- path: "/etc/kubernetes/kubelet.conf"
-  content: |
-    apiVersion: kubelet.config.k8s.io/v1beta1
-    authentication:
-      anonymous:
-        enabled: false
-      webhook:
-        cacheTTL: 0s
-        enabled: true
-      x509:
-        clientCAFile: /etc/kubernetes/pki/ca.crt
-    authorization:
-      mode: Webhook
-      webhook:
-        cacheAuthorizedTTL: 0s
-        cacheUnauthorizedTTL: 0s
-    cgroupDriver: systemd
-    clusterDomain: cluster.local
-    containerLogMaxSize: 100Mi
-    containerRuntimeEndpoint: ""
-    cpuManagerReconcilePeriod: 0s
-    evictionHard:
-      imagefs.available: 15%
-      memory.available: 100Mi
-      nodefs.available: 10%
-      nodefs.inodesFree: 5%
-    evictionPressureTransitionPeriod: 0s
-    featureGates:
-      RotateKubeletServerCertificate: true
-    fileCheckFrequency: 0s
-    httpCheckFrequency: 0s
-    imageMaximumGCAge: 0s
-    imageMinimumGCAge: 0s
-    kind: KubeletConfiguration
-    kubeReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 300Mi
-    logging:
-      flushFrequency: 0
-      options:
-        json:
-          infoBufferSize: "0"
-      verbosity: 0
-    memorySwap: {}
-    nodeStatusReportFrequency: 0s
-    nodeStatusUpdateFrequency: 0s
-    protectKernelDefaults: true
-    rotateCertificates: true
-    runtimeRequestTimeout: 0s
-    serverTLSBootstrap: true
-    shutdownGracePeriod: 0s
-    shutdownGracePeriodCriticalPods: 0s
-    staticPodPath: /etc/kubernetes/manifests
-    streamingConnectionIdleTimeout: 0s
-    syncFrequency: 0s
-    systemReserved:
-      cpu: 200m
-      ephemeral-storage: 1Gi
-      memory: 500Mi
-    tlsCipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-    volumePluginDir: /var/lib/kubelet/volumeplugins
-    volumeStatsAggPeriod: 0s
-
-
-- path: "/etc/kubernetes/pki/ca.crt"
-  content: |
-    -----BEGIN CERTIFICATE-----
-    MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
-    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG
-    A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
-    DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0
-    NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
-    cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv
-    c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B
-    AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS
-    R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT
-    ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk
-    JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3
-    mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW
-    caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G
-    A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt
-    hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
-    MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES
-    MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv
-    bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h
-    U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao
-    eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4
-    UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD
-    58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n
-    sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF
-    kPe6XoSbiLm/kxk32T0=
-    -----END CERTIFICATE-----
-
-- path: "/etc/systemd/system/setup.service"
-  permissions: "0644"
-  content: |
-    [Install]
-    WantedBy=multi-user.target
-
-    [Unit]
-    Requires=network-online.target
-    After=network-online.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=true
-    EnvironmentFile=-/etc/environment
-    ExecStart=/opt/bin/supervise.sh /opt/bin/setup
-
-- path: "/etc/profile.d/opt-bin-path.sh"
-  permissions: "0644"
-  content: |
-    export PATH="/opt/bin:$PATH"
-
-- path: /etc/containerd/config.toml
-  permissions: "0644"
-  content: |
-    version = 2
-
-    [metrics]
-    address = "127.0.0.1:1338"
-
-    [plugins]
-    [plugins."io.containerd.grpc.v1.cri"]
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-    runtime_type = "io.containerd.runc.v2"
-    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true
-    [plugins."io.containerd.grpc.v1.cri".registry]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-    endpoint = ["https://registry-1.docker.io"]
-
-
-- path: /etc/systemd/system/kubelet-healthcheck.service
-  permissions: "0644"
-  content: |
-    [Unit]
-    Requires=kubelet.service
-    After=kubelet.service
-
-    [Service]
-    ExecStart=/opt/bin/health-monitor.sh kubelet
-
-    [Install]
-    WantedBy=multi-user.target
-
-
-runcmd:
-- systemctl enable --now setup.service
diff --git a/test/e2e/provisioning/all_e2e_test.go b/test/e2e/provisioning/all_e2e_test.go
index 7c62754c3..598f5fb38 100644
--- a/test/e2e/provisioning/all_e2e_test.go
+++ b/test/e2e/provisioning/all_e2e_test.go
@@ -278,7 +278,7 @@ func TestKubevirtProvisioningE2E(t *testing.T) {
 		t.Fatal("Unable to run kubevirt tests, KUBEVIRT_E2E_TESTS_KUBECONFIG must be set")
 	}
 
-	selector := OsSelector("ubuntu", "centos", "flatcar", "rockylinux")
+	selector := OsSelector("ubuntu", "flatcar")
 
 	params := []string{
 		fmt.Sprintf("<< KUBECONFIG_BASE64 >>=%s", safeBase64Encoding(kubevirtKubeconfig)),
@@ -324,7 +324,7 @@ func TestOpenstackProvisioningE2E(t *testing.T) {
 	}
 
 	// In-tree cloud provider is not supported from Kubernetes v1.26.
-	selector := And(Not(OsSelector("amzn2")), Not(VersionSelector("1.27.11", "1.28.7", "1.29.2")))
+	selector := And(Not(VersionSelector("1.27.11", "1.28.7", "1.29.2")))
 	runScenarios(t, selector, params, OSManifest, fmt.Sprintf("os-%s", *testRunIdentifier))
 }
 
@@ -378,7 +378,7 @@ func TestDigitalOceanProvisioningE2E(t *testing.T) {
 		t.Fatal("Unable to run the test suite, DO_E2E_TESTS_TOKEN environment variable cannot be empty")
 	}
 
-	selector := OsSelector("ubuntu", "centos", "rockylinux")
+	selector := OsSelector("ubuntu")
 
 	// act
 	params := []string{fmt.Sprintf("<< DIGITALOCEAN_TOKEN >>=%s", doToken)}
@@ -511,29 +511,6 @@ func TestAWSFlatcarCoreOSCloudInit8ProvisioningE2E(t *testing.T) {
 	runScenarios(t, selector, params, AWSManifest, fmt.Sprintf("aws-%s", *testRunIdentifier))
 }
 
-func TestAWSCentOS8ProvisioningE2E(t *testing.T) {
-	t.Parallel()
-
-	// test data
-	awsKeyID := os.Getenv("AWS_E2E_TESTS_KEY_ID")
-	awsSecret := os.Getenv("AWS_E2E_TESTS_SECRET")
-	if len(awsKeyID) == 0 || len(awsSecret) == 0 {
-		t.Fatal("Unable to run the test suite, AWS_E2E_TESTS_KEY_ID or AWS_E2E_TESTS_SECRET environment variables cannot be empty")
-	}
-
-	amiID := "ami-032025b3afcbb6b34" // official "CentOS 8.2.2004 x86_64"
-
-	params := []string{
-		fmt.Sprintf("<< AWS_ACCESS_KEY_ID >>=%s", awsKeyID),
-		fmt.Sprintf("<< AWS_SECRET_ACCESS_KEY >>=%s", awsSecret),
-		fmt.Sprintf("<< AMI >>=%s", amiID),
-	}
-
-	// We would like to test CentOS8 image only in this test as the other images are tested in TestAWSProvisioningE2E
-	selector := OsSelector("centos")
-	runScenarios(t, selector, params, AWSManifest, fmt.Sprintf("aws-%s", *testRunIdentifier))
-}
-
 // TestAWSEbsEncryptionEnabledProvisioningE2E - a test suite that exercises AWS provider with ebs encryption enabled
 // by requesting nodes with different combination of container runtime type, container runtime version and the OS flavour.
 func TestAWSEbsEncryptionEnabledProvisioningE2E(t *testing.T) {
diff --git a/test/e2e/provisioning/helper.go b/test/e2e/provisioning/helper.go
index c6315829d..67f4d2ace 100644
--- a/test/e2e/provisioning/helper.go
+++ b/test/e2e/provisioning/helper.go
@@ -40,19 +40,12 @@ var (
 
 	operatingSystems = []providerconfigtypes.OperatingSystem{
 		providerconfigtypes.OperatingSystemUbuntu,
-		providerconfigtypes.OperatingSystemCentOS,
-		providerconfigtypes.OperatingSystemAmazonLinux2,
-		providerconfigtypes.OperatingSystemRHEL,
 		providerconfigtypes.OperatingSystemFlatcar,
-		providerconfigtypes.OperatingSystemRockyLinux,
 	}
 
 	openStackImages = map[string]string{
-		string(providerconfigtypes.OperatingSystemUbuntu):     "kubermatic-ubuntu",
-		string(providerconfigtypes.OperatingSystemCentOS):     "machine-controller-e2e-centos",
-		string(providerconfigtypes.OperatingSystemRHEL):       "machine-controller-e2e-rhel-8-5",
-		string(providerconfigtypes.OperatingSystemFlatcar):    "kubermatic-e2e-flatcar",
-		string(providerconfigtypes.OperatingSystemRockyLinux): "machine-controller-e2e-rockylinux",
+		string(providerconfigtypes.OperatingSystemUbuntu):  "kubermatic-ubuntu",
+		string(providerconfigtypes.OperatingSystemFlatcar): "kubermatic-e2e-flatcar",
 	}
 )
 
@@ -193,32 +186,11 @@ func testScenario(t *testing.T, testCase scenario, cloudProvider string, testPar
 	scenarioParams = append(scenarioParams, fmt.Sprintf("<< CONTAINER_RUNTIME >>=%s", testCase.containerRuntime))
 	scenarioParams = append(scenarioParams, fmt.Sprintf("<< KUBERNETES_VERSION >>=%s", testCase.kubernetesVersion))
 	scenarioParams = append(scenarioParams, fmt.Sprintf("<< YOUR_PUBLIC_KEY >>=%s", os.Getenv("E2E_SSH_PUBKEY")))
-
-	if testCase.osName == string(providerconfigtypes.OperatingSystemRHEL) {
-		rhelSubscriptionManagerUser := os.Getenv("RHEL_SUBSCRIPTION_MANAGER_USER")
-		rhelSubscriptionManagerPassword := os.Getenv("RHEL_SUBSCRIPTION_MANAGER_PASSWORD")
-		rhsmOfflineToken := os.Getenv("REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN")
-
-		if rhelSubscriptionManagerUser == "" || rhelSubscriptionManagerPassword == "" || rhsmOfflineToken == "" {
-			t.Fatal("Unable to run e2e tests, RHEL_SUBSCRIPTION_MANAGER_USER, RHEL_SUBSCRIPTION_MANAGER_PASSWORD, and " +
-				"REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN must be set when rhel is used as an os")
-		}
-
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< RHEL_SUBSCRIPTION_MANAGER_USER >>=%s", rhelSubscriptionManagerUser))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>=%s", rhelSubscriptionManagerPassword))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>=%s", rhsmOfflineToken))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< DISK_SIZE >>=%v", 50))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< OS_DISK_SIZE >>=%v", 0))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< DATA_DISK_SIZE >>=%v", 0))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< CUSTOM-IMAGE >>=%v", "rhel-8-1-custom"))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< MAX_PRICE >>=%s", "0.08"))
-	} else {
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< OS_DISK_SIZE >>=%v", 30))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< DATA_DISK_SIZE >>=%v", 30))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< DISK_SIZE >>=%v", 25))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< CUSTOM-IMAGE >>=%v", ""))
-		scenarioParams = append(scenarioParams, fmt.Sprintf("<< MAX_PRICE >>=%s", "0.023"))
-	}
+	scenarioParams = append(scenarioParams, fmt.Sprintf("<< OS_DISK_SIZE >>=%v", 30))
+	scenarioParams = append(scenarioParams, fmt.Sprintf("<< DATA_DISK_SIZE >>=%v", 30))
+	scenarioParams = append(scenarioParams, fmt.Sprintf("<< DISK_SIZE >>=%v", 25))
+	scenarioParams = append(scenarioParams, fmt.Sprintf("<< CUSTOM-IMAGE >>=%v", ""))
+	scenarioParams = append(scenarioParams, fmt.Sprintf("<< MAX_PRICE >>=%s", "0.023"))
 
 	// only used by assume role scenario, otherwise empty (disabled)
 	scenarioParams = append(scenarioParams, fmt.Sprintf("<< AWS_ASSUME_ROLE_ARN >>=%s", os.Getenv("AWS_ASSUME_ROLE_ARN")))
diff --git a/test/e2e/provisioning/testdata/machinedeployment-aws-arm-machines.yaml b/test/e2e/provisioning/testdata/machinedeployment-aws-arm-machines.yaml
index 9c489ed27..6cbd38669 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-aws-arm-machines.yaml
+++ b/test/e2e/provisioning/testdata/machinedeployment-aws-arm-machines.yaml
@@ -50,10 +50,5 @@ spec:
             disableAutoUpdate: true
             # 'provisioningUtility` is only used for flatcar os, can be set to ignition or cloud-init. Defaults to ignition.
             provisioningUtility: << PROVISIONING_UTILITY >>
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"
diff --git a/test/e2e/provisioning/testdata/machinedeployment-aws-spot-instances.yaml b/test/e2e/provisioning/testdata/machinedeployment-aws-spot-instances.yaml
index bce0b19c5..84eeaeca6 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-aws-spot-instances.yaml
+++ b/test/e2e/provisioning/testdata/machinedeployment-aws-spot-instances.yaml
@@ -54,10 +54,5 @@ spec:
             disableAutoUpdate: true
             # 'provisioningUtility` is only used for flatcar os, can be set to ignition or cloud-init. Defaults to ignition.
             provisioningUtility: << PROVISIONING_UTILITY >>
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"
diff --git a/test/e2e/provisioning/testdata/machinedeployment-aws.yaml b/test/e2e/provisioning/testdata/machinedeployment-aws.yaml
index 6f7a7c2df..65c43ce49 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-aws.yaml
+++ b/test/e2e/provisioning/testdata/machinedeployment-aws.yaml
@@ -52,10 +52,5 @@ spec:
             disableAutoUpdate: true
             # 'provisioningUtility` is only used for flatcar os, can be set to ignition or cloud-init. Defaults to ignition.
             provisioningUtility: << PROVISIONING_UTILITY >>
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"
diff --git a/test/e2e/provisioning/testdata/machinedeployment-openstack-project-auth.yaml b/test/e2e/provisioning/testdata/machinedeployment-openstack-project-auth.yaml
index 9d8b2c81f..d4dc3d192 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-openstack-project-auth.yaml
+++ b/test/e2e/provisioning/testdata/machinedeployment-openstack-project-auth.yaml
@@ -42,10 +42,5 @@ spec:
           operatingSystemSpec:
             distUpgradeOnBoot: false
             disableAutoUpdate: true
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"
diff --git a/test/e2e/provisioning/testdata/machinedeployment-openstack-upgrade.yml b/test/e2e/provisioning/testdata/machinedeployment-openstack-upgrade.yml
index f25d1ce40..df30d0315 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-openstack-upgrade.yml
+++ b/test/e2e/provisioning/testdata/machinedeployment-openstack-upgrade.yml
@@ -43,10 +43,5 @@ spec:
           operatingSystemSpec:
             distUpgradeOnBoot: true
             disableAutoUpdate: true
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"
diff --git a/test/e2e/provisioning/testdata/machinedeployment-openstack.yaml b/test/e2e/provisioning/testdata/machinedeployment-openstack.yaml
index 672188137..149e5e8ef 100644
--- a/test/e2e/provisioning/testdata/machinedeployment-openstack.yaml
+++ b/test/e2e/provisioning/testdata/machinedeployment-openstack.yaml
@@ -42,10 +42,5 @@ spec:
           operatingSystemSpec:
             distUpgradeOnBoot: false
             disableAutoUpdate: true
-            # 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
-            rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
-            # 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
-            rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
-            rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
       versions:
         kubelet: "<< KUBERNETES_VERSION >>"