diff --git a/data/data/config.tf b/data/data/config.tf
index a70992438f3..42678979f60 100644
--- a/data/data/config.tf
+++ b/data/data/config.tf
@@ -2,123 +2,6 @@ terraform {
   required_version = ">= 0.10.7"
 }
 
-provider "archive" {
-  version = "1.0.0"
-}
-
-provider "external" {
-  version = "1.0.0"
-}
-
-provider "ignition" {
-  version = "1.0.0"
-}
-
-provider "local" {
-  version = "1.0.0"
-}
-
-provider "null" {
-  version = "1.0.0"
-}
-
-provider "random" {
-  version = "1.0.0"
-}
-
-provider "template" {
-  version = "1.0.0"
-}
-
-provider "tls" {
-  version = "1.0.1"
-}
-
-variable "tectonic_config_version" {
-  description = <<EOF
-(internal) This declares the version of the global configuration variables.
-It has no impact on generated assets but declares the version contract of the configuration.
-EOF
-
-  default = "1.0"
-}
-
-variable "tectonic_image_re" {
-  description = <<EOF
-(internal) Regular expression used to extract repo and tag components
-EOF
-
-  type    = "string"
-  default = "/^([^/]+/[^/]+):(.*)$/"
-}
-
-variable "tectonic_container_images" {
-  description = "(internal) Container images to use"
-  type        = "map"
-
-  default = {
-    addon_resizer                        = "gcr.io/google_containers/addon-resizer:2.1"
-    bootkube                             = "quay.io/coreos/bootkube:v0.10.0"
-    machine_config_operator              = "docker.io/openshift/origin-machine-config-operator:v4.0.0"
-    etcd_cert_signer                     = "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6"
-    etcd                                 = "quay.io/coreos/etcd:v3.2.14"
-    hyperkube                            = "openshift/origin-node:latest"
-    kube_core_renderer                   = "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    kube_core_operator                   = "quay.io/coreos/kube-core-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    tectonic_channel_operator            = "quay.io/coreos/tectonic-channel-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    kube_addon_operator                  = "quay.io/coreos/kube-addon-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    tectonic_alm_operator                = "quay.io/coreos/tectonic-alm-operator:v0.3.1"
-    tectonic_ingress_controller_operator = "quay.io/coreos/tectonic-ingress-controller-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    tectonic_utility_operator            = "quay.io/coreos/tectonic-utility-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-    tectonic_network_operator            = "quay.io/coreos/tectonic-network-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
-  }
-}
-
-variable "tectonic_container_base_images" {
-  description = "(internal) Base images of the components to use"
-  type        = "map"
-
-  default = {
-    tectonic_monitoring_auth = "quay.io/coreos/tectonic-monitoring-auth"
-    config_reload            = "quay.io/coreos/configmap-reload"
-    addon_resizer            = "quay.io/coreos/addon-resizer"
-    kube_state_metrics       = "quay.io/coreos/kube-state-metrics"
-    grafana                  = "quay.io/coreos/monitoring-grafana"
-    grafana_watcher          = "quay.io/coreos/grafana-watcher"
-    prometheus_operator      = "quay.io/coreos/prometheus-operator"
-    prometheus_config_reload = "quay.io/coreos/prometheus-config-reloader"
-    prometheus               = "quay.io/prometheus/prometheus"
-    alertmanager             = "quay.io/prometheus/alertmanager"
-    node_exporter            = "quay.io/prometheus/node-exporter"
-    kube_rbac_proxy          = "quay.io/coreos/kube-rbac-proxy"
-  }
-}
-
-variable "tectonic_versions" {
-  description = "(internal) Versions of the components to use"
-  type        = "map"
-
-  default = {
-    tectonic = "1.8.4-tectonic.2"
-    alm      = "0.4.0"
-  }
-}
-
-variable "tectonic_service_cidr" {
-  type = "string"
-
-  description = <<EOF
-(optional) This declares the IP range to assign Kubernetes service cluster IPs in CIDR notation.
-The maximum size of this IP range is /12
-EOF
-}
-
-variable "tectonic_cluster_cidr" {
-  type = "string"
-
-  description = "(optional) This declares the IP range to assign Kubernetes pod IPs in CIDR notation."
-}
-
 variable "tectonic_master_count" {
   type    = "string"
   default = "1"
@@ -139,16 +22,6 @@ This applies only to cloud platforms.
 EOF
 }
 
-variable "tectonic_etcd_count" {
-  type    = "string"
-  default = "0"
-
-  description = <<EOF
-The number of etcd nodes to be created.
-If set to zero, the count of etcd nodes will be determined automatically.
-EOF
-}
-
 variable "tectonic_base_domain" {
   type = "string"
 
@@ -174,126 +47,6 @@ Note: This field MUST be set manually prior to creating the cluster.
 EOF
 }
 
-variable "tectonic_pull_secret" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-The pull secret in JSON format.
-This is known to be a "Docker pull secret" as produced by the docker login [1] command.
-A sample JSON content is shown in [2].
-You can download the pull secret from your Account overview page at [3].
-
-[1] https://docs.docker.com/engine/reference/commandline/login/
-
-[2] https://coreos.com/os/docs/latest/registry-authentication.html#manual-registry-auth-setup
-
-[3] https://account.coreos.com/overview
-EOF
-}
-
-variable "tectonic_update_server" {
-  type        = "string"
-  default     = "https://tectonic.update.core-os.net"
-  description = "(internal) The URL of the Tectonic Omaha update server"
-}
-
-variable "tectonic_update_channel" {
-  type        = "string"
-  default     = "tectonic-1.9-production"
-  description = "(internal) The Tectonic Omaha update channel"
-}
-
-variable "tectonic_update_app_id" {
-  type        = "string"
-  default     = "6bc7b986-4654-4a0f-94b3-84ce6feb1db4"
-  description = "(internal) The Tectonic Omaha update App ID"
-}
-
-variable "tectonic_admin_email" {
-  type = "string"
-
-  description = <<EOF
-(internal) The e-mail address used to:
-1. login as the admin user to the Tectonic Console.
-2. generate DNS zones for some providers.
-
-Note: This field MUST be in all lower-case e-mail address format and set manually prior to creating the cluster.
-EOF
-}
-
-variable "tectonic_admin_password" {
-  type = "string"
-
-  description = <<EOF
-(internal) The admin user password to login to the Tectonic Console.
-
-Note: This field MUST be set manually prior to creating the cluster. Backslashes and double quotes must
-also be escaped.
-EOF
-}
-
-variable "tectonic_admin_ssh_key" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) The admin user's SSH public key to login to the nodes.
-EOF
-}
-
-variable "tectonic_ca_cert" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) The content of the PEM-encoded CA certificate, used to generate all cluster certificates.
-If left blank, a CA certificate will be automatically generated.
-EOF
-}
-
-variable "tectonic_ca_key" {
-  type    = "string"
-  default = ""
-
-  description = <<EOF
-(optional) The content of the PEM-encoded CA key, used to generate Tectonic all cluster certificates.
-This field is mandatory if `tectonic_ca_cert` is set.
-EOF
-}
-
-variable "tectonic_ca_key_alg" {
-  type    = "string"
-  default = "RSA"
-
-  description = <<EOF
-(optional) The algorithm used to generate tectonic_ca_key.
-The default value is currently recommended.
-This field is mandatory if `tectonic_ca_cert` is set.
-EOF
-}
-
-variable "tectonic_networking" {
-  description = <<EOF
-(optional) Configures the network to be used in Tectonic. One of the following values can be used:
-
-- "flannel": enables overlay networking only. This is implemented by flannel using VXLAN.
-
-- "canal": enables overlay networking including network policy. Overlay is implemented by flannel using VXLAN. Network policy is implemented by Calico.
-
-- "calico-ipip": [ALPHA] enables BGP based networking. Routing and network policy is implemented by Calico. Note this has been tested on bare metal installations only.
-
-- "none": disables the installation of any Pod level networking layer provided by Tectonic. By setting this value, users are expected to deploy their own solution to enable network connectivity for Pods and Services.
-EOF
-}
-
-variable "tectonic_kubelet_debug_config" {
-  type    = "string"
-  default = ""
-
-  description = "(internal) debug flags for the kubelet (used in CI only)"
-}
-
 variable "ignition_masters" {
   type    = "list"
   default = []
@@ -321,14 +74,6 @@ variable "ignition_bootstrap" {
 EOF
 }
 
-variable "tectonic_platform" {
-  type = "string"
-
-  description = <<EOF
-(internal) The internal Terraform platform type, e.g. aws or libvirt
-EOF
-}
-
 // This variable is generated by tectonic internally. Do not modify
 variable "tectonic_cluster_id" {
   type        = "string"
diff --git a/data/data/modules/aws/master/variables.tf b/data/data/modules/aws/master/variables.tf
index 32e0715a99f..958192da9f7 100644
--- a/data/data/modules/aws/master/variables.tf
+++ b/data/data/modules/aws/master/variables.tf
@@ -11,11 +11,6 @@ variable "cluster_name" {
   type = "string"
 }
 
-variable "container_images" {
-  description = "Container images to use"
-  type        = "map"
-}
-
 variable "ec2_type" {
   type = "string"
 }
diff --git a/data/data/modules/bootkube/assets.tf b/data/data/modules/bootkube/assets.tf
deleted file mode 100644
index c09a0e12efc..00000000000
--- a/data/data/modules/bootkube/assets.tf
+++ /dev/null
@@ -1,85 +0,0 @@
-# kubeconfig (/auth/kubeconfig)
-data "template_file" "kubeconfig" {
-  template = "${file("${path.module}/resources/kubeconfig")}"
-
-  vars {
-    root_ca_cert = "${base64encode(var.root_ca_cert_pem)}"
-    admin_cert   = "${base64encode(var.admin_cert_pem)}"
-    admin_key    = "${base64encode(var.admin_key_pem)}"
-    server       = "${var.kube_apiserver_url}"
-    cluster_name = "${var.cluster_name}"
-  }
-}
-
-data "ignition_file" "kubeconfig" {
-  filesystem = "root"
-  path       = "/opt/tectonic/auth/kubeconfig"
-  mode       = "0600"
-
-  content {
-    content = "${data.template_file.kubeconfig.rendered}"
-  }
-}
-
-# kubeconfig-kubelet 
-data "template_file" "kubeconfig-kubelet" {
-  template = "${file("${path.module}/resources/kubeconfig-kubelet")}"
-
-  vars {
-    root_ca_cert = "${base64encode(var.root_ca_cert_pem)}"
-    client_cert  = "${base64encode(var.kubelet_cert_pem)}"
-    client_key   = "${base64encode(var.kubelet_key_pem)}"
-    server       = "${var.kube_apiserver_url}"
-    cluster_name = "${var.cluster_name}"
-  }
-}
-
-data "ignition_file" "kubeconfig-kubelet" {
-  filesystem = "root"
-  path       = "/opt/tectonic/auth/kubeconfig-kubelet"
-  mode       = "0600"
-
-  content {
-    content = "${data.template_file.kubeconfig-kubelet.rendered}"
-  }
-}
-
-# bootkube.sh 
-data "template_file" "bootkube_sh" {
-  template = "${file("${path.module}/resources/bootkube.sh")}"
-
-  vars {
-    bootkube_image                = "${var.container_images["bootkube"]}"
-    kube_core_renderer_image      = "${var.container_images["kube_core_renderer"]}"
-    machine_config_operator_image = "${var.container_images["machine_config_operator"]}"
-    etcd_cert_signer_image        = "${var.container_images["etcd_cert_signer"]}"
-    etcdctl_image                 = "${var.container_images["etcd"]}"
-    etcd_cluster                  = "${join(",", data.template_file.initial_cluster.*.rendered)}"
-  }
-}
-
-data "ignition_file" "bootkube_sh" {
-  filesystem = "root"
-  path       = "/opt/tectonic/bootkube.sh"
-  mode       = "0755"
-
-  content {
-    content = "${data.template_file.bootkube_sh.rendered}"
-  }
-}
-
-# bootkube.service (available as output variable)
-data "template_file" "bootkube_service" {
-  template = "${file("${path.module}/resources/bootkube.service")}"
-}
-
-data "ignition_systemd_unit" "bootkube_service" {
-  name    = "bootkube.service"
-  enabled = false
-  content = "${data.template_file.bootkube_service.rendered}"
-}
-
-data "template_file" "initial_cluster" {
-  count    = "${length(var.etcd_endpoints)}"
-  template = "https://${var.etcd_endpoints[count.index]}:2379"
-}
diff --git a/data/data/modules/bootkube/manifests.tf b/data/data/modules/bootkube/manifests.tf
deleted file mode 100644
index 9c80d1addc9..00000000000
--- a/data/data/modules/bootkube/manifests.tf
+++ /dev/null
@@ -1,94 +0,0 @@
-variable "manifest_names" {
-  default = [
-    "01-tectonic-namespace.yaml",
-    "02-ingress-namespace.yaml",
-    "03-openshift-web-console-namespace.yaml",
-    "04-openshift-machine-config-operator.yaml",        # https://github.com/openshift/machine-config-operator/tree/master/install/00_namespace.yaml
-    "05-openshift-cluster-api-namespace.yaml",
-    "app-version-kind.yaml",
-    "app-version-tectonic-network.yaml",
-    "kube-apiserver-secret.yaml",
-    "kube-cloud-config.yaml",
-    "kube-controller-manager-secret.yaml",
-    "machine-config-operator-00-config-crd.yaml",       # https://github.com/openshift/machine-config-operator/tree/master/install/01_mcoconfig.crd.yaml
-    "machine-config-operator-01-images-configmap.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/02_images.configmap.yaml
-    "machine-config-operator-02-rbac.yaml",             # https://github.com/openshift/machine-config-operator/tree/master/install/03_rbac.yaml
-    "machine-config-operator-03-deployment.yaml",       # https://github.com/openshift/machine-config-operator/tree/master/install/04_deployment.yaml
-    "machine-config-server-tls-secret.yaml",
-    "openshift-apiserver-secret.yaml",
-    "cluster-apiserver-certs.yaml",
-    "pull.json",
-    "tectonic-network-operator.yaml",
-    "operatorstatus-crd.yaml",
-    "app-version-mao.yaml",
-    "machine-api-operator.yaml",
-    "ign-config.yaml",
-  ]
-}
-
-# Self-hosted manifests (resources/generated/manifests/)
-data "template_file" "manifest_file_list" {
-  count    = "${length(var.manifest_names)}"
-  template = "${file("${path.module}/resources/manifests/${var.manifest_names[count.index]}")}"
-
-  vars {
-    tectonic_network_operator_image = "${var.container_images["tectonic_network_operator"]}"
-    machine_config_operator_image   = "${var.container_images["machine_config_operator"]}"
-
-    cloud_provider_config = "${var.cloud_provider_config}"
-
-    root_ca_cert             = "${base64encode(var.root_ca_cert_pem)}"
-    aggregator_ca_cert       = "${base64encode(var.aggregator_ca_cert_pem)}"
-    aggregator_ca_key        = "${base64encode(var.aggregator_ca_key_pem)}"
-    kube_ca_cert             = "${base64encode(var.kube_ca_cert_pem)}"
-    kube_ca_key              = "${base64encode(var.kube_ca_key_pem)}"
-    service_serving_ca_cert  = "${base64encode(var.service_serving_ca_cert_pem)}"
-    service_serving_ca_key   = "${base64encode(var.service_serving_ca_key_pem)}"
-    apiserver_key            = "${base64encode(var.apiserver_key_pem)}"
-    apiserver_cert           = "${base64encode(var.apiserver_cert_pem)}"
-    openshift_apiserver_key  = "${base64encode(var.openshift_apiserver_key_pem)}"
-    openshift_apiserver_cert = "${base64encode(var.openshift_apiserver_cert_pem)}"
-    apiserver_proxy_key      = "${base64encode(var.apiserver_proxy_key_pem)}"
-    apiserver_proxy_cert     = "${base64encode(var.apiserver_proxy_cert_pem)}"
-    clusterapi_ca_cert       = "${base64encode(var.clusterapi_ca_cert_pem)}"
-    clusterapi_ca_key        = "${base64encode(var.clusterapi_ca_key_pem)}"
-    oidc_ca_cert             = "${base64encode(var.oidc_ca_cert)}"
-    pull_secret              = "${base64encode(var.pull_secret)}"
-    serviceaccount_pub       = "${base64encode(var.service_account_public_key_pem)}"
-    serviceaccount_key       = "${base64encode(var.service_account_private_key_pem)}"
-    kube_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"
-
-    openshift_loopback_kubeconfig = "${base64encode(data.template_file.kubeconfig.rendered)}"
-
-    etcd_ca_cert     = "${base64encode(var.etcd_ca_cert_pem)}"
-    etcd_client_cert = "${base64encode(var.etcd_client_cert_pem)}"
-    etcd_client_key  = "${base64encode(var.etcd_client_key_pem)}"
-
-    mcs_tls_cert = "${base64encode(var.mcs_cert_pem)}"
-    mcs_tls_key  = "${base64encode(var.mcs_key_pem)}"
-
-    worker_ign_config = "${base64encode(var.worker_ign_config)}"
-  }
-}
-
-# Ignition entry for every bootkube manifest
-# Drops them in /opt/tectonic/manifests/<path>
-data "ignition_file" "manifest_file_list" {
-  count      = "${length(var.manifest_names)}"
-  filesystem = "root"
-  mode       = "0644"
-
-  path = "/opt/tectonic/manifests/${var.manifest_names[count.index]}"
-
-  content {
-    content = "${data.template_file.manifest_file_list.*.rendered[count.index]}"
-  }
-}
-
-# Log the generated manifest files to disk for debugging and user visibility
-# Dest: ./generated/manifests/<path>
-resource "local_file" "manifest_files" {
-  count    = "${length(var.manifest_names)}"
-  filename = "./generated/manifests/${var.manifest_names[count.index]}"
-  content  = "${data.template_file.manifest_file_list.*.rendered[count.index]}"
-}
diff --git a/data/data/modules/bootkube/outputs.tf b/data/data/modules/bootkube/outputs.tf
deleted file mode 100644
index 90f9412960b..00000000000
--- a/data/data/modules/bootkube/outputs.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-output "kubeconfig-kubelet" {
-  value = "${data.template_file.kubeconfig-kubelet.rendered}"
-}
-
-output "systemd_service_id" {
-  value = "${data.ignition_systemd_unit.bootkube_service.id}"
-}
-
-output "kube_dns_service_ip" {
-  value = "${cidrhost(var.service_cidr, 10)}"
-}
-
-output "kubeconfig_rendered" {
-  value = "${data.template_file.kubeconfig.rendered}"
-}
-
-output "kubeconfig-kubelet_rendered" {
-  value = "${data.template_file.kubeconfig-kubelet.rendered}"
-}
-
-output "ignition_file_id_list" {
-  value = ["${flatten(list(
-    list(
-      data.ignition_file.bootkube_sh.id,
-      data.ignition_file.kubeconfig.id,
-      data.ignition_file.kubeconfig-kubelet.id,
-    ),
-    data.ignition_file.manifest_file_list.*.id,
-  ))}"]
-}
diff --git a/data/data/modules/bootkube/resources/bootkube.service b/data/data/modules/bootkube/resources/bootkube.service
deleted file mode 100644
index 9f9231ba8ae..00000000000
--- a/data/data/modules/bootkube/resources/bootkube.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Bootstrap a Kubernetes cluster
-Wants=kubelet.service
-After=kubelet.service
-
-[Service]
-WorkingDirectory=/opt/tectonic
-
-ExecStart=/opt/tectonic/bootkube.sh
-
-Restart=on-failure
-RestartSec=5s
diff --git a/data/data/modules/bootkube/resources/bootkube.sh b/data/data/modules/bootkube/resources/bootkube.sh
deleted file mode 100644
index a8bfa0567f2..00000000000
--- a/data/data/modules/bootkube/resources/bootkube.sh
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-mkdir --parents /etc/kubernetes/manifests/
-
-if [ ! -d kco-bootstrap ]
-then
-	echo "Rendering Kubernetes core manifests..."
-
-	# shellcheck disable=SC2154
-	podman run \
-		--volume "$PWD:/assets:z" \
-		--volume /etc/kubernetes:/etc/kubernetes:z \
-		"${kube_core_renderer_image}" \
-		--config=/assets/kco-config.yaml \
-		--output=/assets/kco-bootstrap
-
-	cp --recursive kco-bootstrap/bootstrap-configs /etc/kubernetes/bootstrap-configs
-	cp --recursive kco-bootstrap/bootstrap-manifests .
-	cp --recursive kco-bootstrap/manifests .
-fi
-
-if [ ! -d "mco-bootstrap" ]
-then
-	echo "Rendering MCO manifests..."
-
-	# shellcheck disable=SC2154
-	podman run \
-		--user 0 \
-		--volume "$PWD:/assets:z" \
-		"${machine_config_operator_image}" \
-		bootstrap \
-			--etcd-ca=/assets/tls/etcd-client-ca.crt \
-			--root-ca=/assets/tls/root-ca.crt \
-			--config-file=/assets/manifests/cluster-config.yaml \
-			--dest-dir=/assets/mco-bootstrap \
-			--images-json-configmap=/assets/manifests/machine-config-operator-01-images-configmap.yaml
-
-	# Bootstrap MachineConfigController uses /etc/mcc/bootstrap/manifests/ dir to
-	# 1. read the controller config rendered by MachineConfigOperator
-	# 2. read the default MachineConfigPools rendered by MachineConfigOperator
-	# 3. read any additional MachineConfigs that are needed for the default MachineConfigPools.
-	mkdir --parents /etc/mcc/bootstrap/
-	cp --recursive mco-bootstrap/manifests /etc/mcc/bootstrap/manifests
-	cp mco-bootstrap/machineconfigoperator-bootstrap-pod.yaml /etc/kubernetes/manifests/
-
-	# /etc/ssl/mcs/tls.{crt, key} are locations for MachineConfigServer's tls assets.
-	mkdir --parents /etc/ssl/mcs/
-	cp tls/machine-config-server.crt /etc/ssl/mcs/tls.crt
-	cp tls/machine-config-server.key /etc/ssl/mcs/tls.key
-fi
-
-# We originally wanted to run the etcd cert signer as
-# a static pod, but kubelet could't remove static pod
-# when API server is not up, so we have to run this as
-# podman container.
-# See https://github.com/kubernetes/kubernetes/issues/43292
-
-echo "Starting etcd certificate signer..."
-
-trap "podman rm --force etcd-signer" ERR
-
-# shellcheck disable=SC2154
-podman run \
-	--name etcd-signer \
-	--detach \
-	--tmpfs /tmp \
-	--volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
-	--network host \
-	"${etcd_cert_signer_image}" \
-	serve \
-	--cacrt=/opt/tectonic/tls/etcd-client-ca.crt \
-	--cakey=/opt/tectonic/tls/etcd-client-ca.key \
-	--servcrt=/opt/tectonic/tls/apiserver.crt \
-	--servkey=/opt/tectonic/tls/apiserver.key \
-	--address=0.0.0.0:6443 \
-	--csrdir=/tmp \
-	--peercertdur=26280h \
-	--servercertdur=26280h
-
-echo "Waiting for etcd cluster..."
-
-# Wait for the etcd cluster to come up.
-set +e
-# shellcheck disable=SC2154,SC2086
-until podman run \
-		--rm \
-		--network host \
-		--name etcdctl \
-		--env ETCDCTL_API=3 \
-		--volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
-		"${etcdctl_image}" \
-		/usr/local/bin/etcdctl \
-		--dial-timeout=10m \
-		--cacert=/opt/tectonic/tls/etcd-client-ca.crt \
-		--cert=/opt/tectonic/tls/etcd-client.crt \
-		--key=/opt/tectonic/tls/etcd-client.key \
-		--endpoints=${etcd_cluster} \
-		endpoint health
-do
-	echo "etcdctl failed. Retrying in 5 seconds..."
-	sleep 5
-done
-set -e
-
-echo "etcd cluster up. Killing etcd certificate signer..."
-
-podman rm --force etcd-signer
-rm --force /etc/kubernetes/manifests/machineconfigoperator-bootstrap-pod.yaml
-
-echo "Starting bootkube..."
-
-# shellcheck disable=SC2154
-podman run \
-	--rm \
-	--volume "$PWD:/assets:z" \
-	--volume /etc/kubernetes:/etc/kubernetes:z \
-	--network=host \
-	--entrypoint=/bootkube \
-	"${bootkube_image}" \
-	start --asset-dir=/assets
diff --git a/data/data/modules/bootkube/resources/kubeconfig b/data/data/modules/bootkube/resources/kubeconfig
deleted file mode 100644
index c7f674750ac..00000000000
--- a/data/data/modules/bootkube/resources/kubeconfig
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
-- name: ${cluster_name}
-  cluster:
-    server: ${server}
-    certificate-authority-data: ${root_ca_cert}
-users:
-- name: admin
-  user:
-    client-certificate-data: ${admin_cert}
-    client-key-data: ${admin_key}
-contexts:
-- context:
-    cluster: ${cluster_name}
-    user: admin
diff --git a/data/data/modules/bootkube/resources/kubeconfig-kubelet b/data/data/modules/bootkube/resources/kubeconfig-kubelet
deleted file mode 100644
index 321029fd640..00000000000
--- a/data/data/modules/bootkube/resources/kubeconfig-kubelet
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
-- name: ${cluster_name}
-  cluster:
-    server: ${server}
-    certificate-authority-data: ${root_ca_cert}
-users:
-- name: kubelet
-  user:
-    client-certificate-data: ${client_cert}
-    client-key-data: ${client_key}
-contexts:
-- context:
-    cluster: ${cluster_name}
-    user: kubelet
diff --git a/data/data/modules/bootkube/resources/manifests/01-tectonic-namespace.yaml b/data/data/modules/bootkube/resources/manifests/01-tectonic-namespace.yaml
deleted file mode 100644
index 34ae8d95f3f..00000000000
--- a/data/data/modules/bootkube/resources/manifests/01-tectonic-namespace.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tectonic-system # Create the namespace first.
-  labels: # network policy can only select by labels
-    name: tectonic-system
-    openshift.io/run-level: "1"
diff --git a/data/data/modules/bootkube/resources/manifests/02-ingress-namespace.yaml b/data/data/modules/bootkube/resources/manifests/02-ingress-namespace.yaml
deleted file mode 100644
index b02ff7d5c2c..00000000000
--- a/data/data/modules/bootkube/resources/manifests/02-ingress-namespace.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  # This is the namespace used to hold the tectonic ingress controllers
-  name: openshift-ingress
-  # Give the namespace a label, so we can select for it in networkpolicy
-  labels:
-    kubernetes.io/ingress.class: tectonic
-    name: openshift-ingress
-    openshift.io/run-level: "1"
diff --git a/data/data/modules/bootkube/resources/manifests/03-openshift-web-console-namespace.yaml b/data/data/modules/bootkube/resources/manifests/03-openshift-web-console-namespace.yaml
deleted file mode 100644
index cbea3467240..00000000000
--- a/data/data/modules/bootkube/resources/manifests/03-openshift-web-console-namespace.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  # This is the namespace used to hold the openshift console.
-  # They require openshift console run in this namespace.
-  name: openshift-web-console
-  labels:
-    name: openshift-web-console
diff --git a/data/data/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml b/data/data/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml
deleted file mode 100644
index 83c8515e59a..00000000000
--- a/data/data/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: openshift-machine-config-operator
-  labels:
-    name: openshift-machine-config-operator
-    openshift.io/run-level: "1"
diff --git a/data/data/modules/bootkube/resources/manifests/05-openshift-cluster-api-namespace.yaml b/data/data/modules/bootkube/resources/manifests/05-openshift-cluster-api-namespace.yaml
deleted file mode 100644
index 7dabda5f37a..00000000000
--- a/data/data/modules/bootkube/resources/manifests/05-openshift-cluster-api-namespace.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  # This is the namespace used to hold cluster-api components.
-  name: openshift-cluster-api
-  labels:
-    name: openshift-cluster-api
-    openshift.io/run-level: "1"
diff --git a/data/data/modules/bootkube/resources/manifests/app-version-kind.yaml b/data/data/modules/bootkube/resources/manifests/app-version-kind.yaml
deleted file mode 100644
index ebcd04e9ebe..00000000000
--- a/data/data/modules/bootkube/resources/manifests/app-version-kind.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: "apiextensions.k8s.io/v1beta1"
-kind: "CustomResourceDefinition"
-metadata:
-  name: "appversions.tco.coreos.com"
-spec:
-  group: "tco.coreos.com"
-  version: "v1"
-  names:
-    plural: "appversions"
-    kind: "AppVersion"
diff --git a/data/data/modules/bootkube/resources/manifests/app-version-mao.yaml b/data/data/modules/bootkube/resources/manifests/app-version-mao.yaml
deleted file mode 100644
index 050b991cc58..00000000000
--- a/data/data/modules/bootkube/resources/manifests/app-version-mao.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: machine-api
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion:
-  paused: false
-status:
-  currentVersion:
-  paused: false
-upgradereq:  1
-upgradecomp: 0
diff --git a/data/data/modules/bootkube/resources/manifests/app-version-tectonic-network.yaml b/data/data/modules/bootkube/resources/manifests/app-version-tectonic-network.yaml
deleted file mode 100644
index 08a54f655ba..00000000000
--- a/data/data/modules/bootkube/resources/manifests/app-version-tectonic-network.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: tectonic-network
-  namespace: kube-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion:
-  paused: false
-status:
-  currentVersion:
-  paused: false
-upgradereq:  1
-upgradecomp: 0
diff --git a/data/data/modules/bootkube/resources/manifests/cluster-apiserver-certs.yaml b/data/data/modules/bootkube/resources/manifests/cluster-apiserver-certs.yaml
deleted file mode 100644
index 3dc79fd3413..00000000000
--- a/data/data/modules/bootkube/resources/manifests/cluster-apiserver-certs.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/tls
-metadata:
-  name: cluster-apiserver-certs
-  namespace: openshift-cluster-api
-  labels:
-    api: clusterapi
-    apiserver: "true"
-data:
-  tls.crt: ${clusterapi_ca_cert}
-  tls.key: ${clusterapi_ca_key}
diff --git a/data/data/modules/bootkube/resources/manifests/ign-config.yaml b/data/data/modules/bootkube/resources/manifests/ign-config.yaml
deleted file mode 100644
index 1e914fbadee..00000000000
--- a/data/data/modules/bootkube/resources/manifests/ign-config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: ignition-worker
-  namespace: openshift-cluster-api
-type: Opaque
-data:
-  userData: ${worker_ign_config}
diff --git a/data/data/modules/bootkube/resources/manifests/kube-apiserver-secret.yaml b/data/data/modules/bootkube/resources/manifests/kube-apiserver-secret.yaml
deleted file mode 100644
index 9e13eb8736f..00000000000
--- a/data/data/modules/bootkube/resources/manifests/kube-apiserver-secret.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kube-apiserver
-  namespace: kube-system
-type: Opaque
-data:
-  aggregator-ca.crt: ${aggregator_ca_cert}
-  aggregator-ca.key: ${aggregator_ca_key}
-  apiserver.key: ${apiserver_key}
-  apiserver.crt: ${apiserver_cert}
-  apiserver-proxy.key: ${apiserver_proxy_key}
-  apiserver-proxy.crt: ${apiserver_proxy_cert}
-  service-account.pub: ${serviceaccount_pub}
-  service-account.key: ${serviceaccount_key}
-  root-ca.crt: ${root_ca_cert}
-  kube-ca.crt: ${kube_ca_cert}
-  etcd-client-ca.crt: ${etcd_ca_cert}
-  etcd-client.crt: ${etcd_client_cert}
-  etcd-client.key: ${etcd_client_key}
-  oidc-ca.crt: ${oidc_ca_cert}
-  service-serving-ca.crt: ${service_serving_ca_cert}
-  service-serving-ca.key: ${service_serving_ca_key}
-  kubeconfig: ${openshift_loopback_kubeconfig}
diff --git a/data/data/modules/bootkube/resources/manifests/kube-cloud-config.yaml b/data/data/modules/bootkube/resources/manifests/kube-cloud-config.yaml
deleted file mode 100644
index 02d0846a9ab..00000000000
--- a/data/data/modules/bootkube/resources/manifests/kube-cloud-config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kube-cloud-cfg
-  namespace: kube-system
-type: Opaque
-data:
-  config: ${base64encode(cloud_provider_config)}
diff --git a/data/data/modules/bootkube/resources/manifests/kube-controller-manager-secret.yaml b/data/data/modules/bootkube/resources/manifests/kube-controller-manager-secret.yaml
deleted file mode 100644
index 7a3c83dc970..00000000000
--- a/data/data/modules/bootkube/resources/manifests/kube-controller-manager-secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kube-controller-manager
-  namespace: kube-system
-type: Opaque
-data:
-  service-account.key: ${serviceaccount_key}
-  root-ca.crt: ${root_ca_cert}
-  kube-ca.crt: ${kube_ca_cert}
-  kube-ca.key: ${kube_ca_key}
diff --git a/data/data/modules/bootkube/resources/manifests/machine-api-operator.yaml b/data/data/modules/bootkube/resources/manifests/machine-api-operator.yaml
deleted file mode 100644
index 125b870bc3d..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-api-operator.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: machine-api-operator
-  namespace: kube-system
-  labels:
-    k8s-app: machine-api-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: machine-api-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: machine-api-operator
-        tectonic-app-version-name: machine-api
-    spec:
-      containers:
-      - name: machine-api-operator
-        image: quay.io/coreos/machine-api-operator:b6a04c2
-        command:
-        - "/machine-api-operator"
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/mao-config
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: mao-config
-            path: config
-
diff --git a/data/data/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml b/data/data/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml
deleted file mode 100644
index 99ec6196194..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  # name must match the spec fields below, and be in the form: <plural>.<group>
-  name: mcoconfigs.machineconfiguration.openshift.io
-spec:
-  # group name to use for REST API: /apis/<group>/<version>
-  group: machineconfiguration.openshift.io
-  # list of versions supported by this CustomResourceDefinition
-  versions:
-    - name: v1
-      # Each version can be enabled/disabled by Served flag.
-      served: true
-      # One and only one version must be marked as the storage version.
-      storage: true
-  # either Namespaced or Cluster
-  scope: Namespaced
-  names:
-    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
-    plural: mcoconfigs
-    # singular name to be used as an alias on the CLI and for display
-    singular: mcoconfig
-    # kind is normally the CamelCased singular type. Your resource manifests use this.
-    kind: MCOConfig
diff --git a/data/data/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml b/data/data/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml
deleted file mode 100644
index 79bed0f86d2..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: machine-config-operator-images
-  namespace: openshift-machine-config-operator
-data:
-  images.json: '{"machineConfigController": "docker.io/openshift/origin-machine-config-controller:v4.0.0", "machineConfigDaemon": "docker.io/openshift/origin-machine-config-daemon:v4.0.0", "machineConfigServer": "docker.io/openshift/origin-machine-config-server:v4.0.0"}'
diff --git a/data/data/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml b/data/data/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml
deleted file mode 100644
index cd69091915e..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: default-account-openshift-machine-config-operator
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: openshift-machine-config-operator
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
diff --git a/data/data/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml b/data/data/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml
deleted file mode 100644
index 10343fe9155..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: machine-config-operator
-  namespace: openshift-machine-config-operator
-  labels:
-    k8s-app: machine-config-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: machine-config-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: machine-config-operator
-    spec:
-      containers:
-      - name: machine-config-operator
-        image: ${machine_config_operator_image}
-        args:
-        - "start"
-        - "--images-json=/etc/mco/images/images.json"
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: root-ca
-          mountPath: /etc/ssl/kubernetes/ca.crt
-        - name: etcd-ca
-          mountPath: /etc/ssl/etcd/ca.crt
-        - name: images
-          mountPath: /etc/mco/images
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: images
-        configMap:
-          name: machine-config-operator-images
-      - name: etcd-ca
-        hostPath:
-          path: /etc/ssl/etcd/ca.crt
-      - name: root-ca
-        hostPath:
-          path: /etc/kubernetes/ca.crt
diff --git a/data/data/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml b/data/data/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml
deleted file mode 100644
index 5856850b5d1..00000000000
--- a/data/data/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: machine-config-server-tls
-  namespace: openshift-machine-config-operator
-type: Opaque
-data:
-  tls.crt: ${mcs_tls_cert}
-  tls.key: ${mcs_tls_key}
diff --git a/data/data/modules/bootkube/resources/manifests/openshift-apiserver-secret.yaml b/data/data/modules/bootkube/resources/manifests/openshift-apiserver-secret.yaml
deleted file mode 100644
index a45f61587c7..00000000000
--- a/data/data/modules/bootkube/resources/manifests/openshift-apiserver-secret.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: openshift-apiserver
-  namespace: kube-system
-type: Opaque
-data:
-  aggregator-ca.crt: ${aggregator_ca_cert}
-  aggregator-ca.key: ${aggregator_ca_key}
-  apiserver.key: ${apiserver_key}
-  apiserver.crt: ${apiserver_cert}
-  openshift-apiserver.key: ${openshift_apiserver_key}
-  openshift-apiserver.crt: ${openshift_apiserver_cert}
-  apiserver-proxy.key: ${apiserver_proxy_key}
-  apiserver-proxy.crt: ${apiserver_proxy_cert}
-  service-account.pub: ${serviceaccount_pub}
-  service-account.key: ${serviceaccount_key}
-  root-ca.crt: ${root_ca_cert}
-  kube-ca.crt: ${kube_ca_cert}
-  etcd-client-ca.crt: ${etcd_ca_cert}
-  etcd-client.crt: ${etcd_client_cert}
-  etcd-client.key: ${etcd_client_key}
-  oidc-ca.crt: ${oidc_ca_cert}
-  service-serving-ca.crt: ${service_serving_ca_cert}
-  service-serving-ca.key: ${service_serving_ca_key}
-  kubeconfig: ${openshift_loopback_kubeconfig}
diff --git a/data/data/modules/bootkube/resources/manifests/operatorstatus-crd.yaml b/data/data/modules/bootkube/resources/manifests/operatorstatus-crd.yaml
deleted file mode 100644
index c560f5c3b6f..00000000000
--- a/data/data/modules/bootkube/resources/manifests/operatorstatus-crd.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  # name must match the spec fields below, and be in the form: <plural>.<group>
-  name: operatorstatuses.clusterversion.openshift.io
-spec:
-  # group name to use for REST API: /apis/<group>/<version>
-  group: clusterversion.openshift.io
-  # list of versions supported by this CustomResourceDefinition
-  versions:
-    - name: v1
-      # Each version can be enabled/disabled by Served flag.
-      served: true
-      # One and only one version must be marked as the storage version.
-      storage: true
-  # either Namespaced or Cluster
-  scope: Namespaced
-  names:
-    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
-    plural: operatorstatuses
-    # singular name to be used as an alias on the CLI and for display
-    singular: operatorstatus
-    # kind is normally the CamelCased singular type. Your resource manifests use this.
-    kind: OperatorStatus
diff --git a/data/data/modules/bootkube/resources/manifests/pull.json b/data/data/modules/bootkube/resources/manifests/pull.json
deleted file mode 100644
index a442286df29..00000000000
--- a/data/data/modules/bootkube/resources/manifests/pull.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "apiVersion": "v1",
-  "kind": "Secret",
-  "type": "kubernetes.io/dockerconfigjson",
-  "metadata": {
-    "namespace": "kube-system",
-    "name": "coreos-pull-secret"
-  },
-  "data": {
-    ".dockerconfigjson": "${pull_secret}"
-  }
-}
diff --git a/data/data/modules/bootkube/resources/manifests/tectonic-network-operator.yaml b/data/data/modules/bootkube/resources/manifests/tectonic-network-operator.yaml
deleted file mode 100644
index c05c7023a23..00000000000
--- a/data/data/modules/bootkube/resources/manifests/tectonic-network-operator.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: apps/v1beta2
-kind: DaemonSet
-metadata:
-  name: tectonic-network-operator
-  namespace: kube-system
-  labels:
-    k8s-app: tectonic-network-operator
-    managed-by-channel-operator: "true"
-spec:
-  selector:
-    matchLabels:
-      k8s-app: tectonic-network-operator
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        k8s-app: tectonic-network-operator
-        tectonic-app-version-name: tectonic-network
-    spec:
-      containers:
-      - name: tectonic-network-operator
-        image: ${tectonic_network_operator_image}
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/cluster-config
-      hostNetwork: true
-      restartPolicy: Always
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: network-config
-            path: network-config
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
diff --git a/data/data/modules/bootkube/variables.tf b/data/data/modules/bootkube/variables.tf
deleted file mode 100644
index 0935eda3443..00000000000
--- a/data/data/modules/bootkube/variables.tf
+++ /dev/null
@@ -1,168 +0,0 @@
-variable "apiserver_cert_pem" {
-  type        = "string"
-  description = "The API server certificate in PEM format."
-}
-
-variable "apiserver_key_pem" {
-  type        = "string"
-  description = "The API server key in PEM format."
-}
-
-variable "openshift_apiserver_cert_pem" {
-  type        = "string"
-  description = "The Openshift API server certificate in PEM format."
-}
-
-variable "openshift_apiserver_key_pem" {
-  type        = "string"
-  description = "The Openshift API server key in PEM format."
-}
-
-variable "apiserver_proxy_cert_pem" {
-  type        = "string"
-  description = "The API server proxy certificate in PEM format."
-}
-
-variable "apiserver_proxy_key_pem" {
-  type        = "string"
-  description = "The API server proxy key in PEM format."
-}
-
-variable "cloud_provider_config" {
-  description = "Content of cloud provider config"
-  type        = "string"
-  default     = ""
-}
-
-variable "cluster_name" {
-  type = "string"
-}
-
-variable "container_images" {
-  description = "Container images to use"
-  type        = "map"
-}
-
-variable "etcd_ca_cert_pem" {
-  type        = "string"
-  description = "The etcd CA certificate in PEM format."
-}
-
-variable "etcd_client_cert_pem" {
-  type        = "string"
-  description = "The etcd client certificate in PEM format."
-}
-
-variable "etcd_client_key_pem" {
-  type        = "string"
-  description = "The etcd client key in PEM format."
-}
-
-variable "etcd_endpoints" {
-  description = "List of etcd endpoints to connect with (hostnames/IPs only)"
-  type        = "list"
-}
-
-variable "kube_apiserver_url" {
-  description = "URL used to reach kube-apiserver"
-  type        = "string"
-}
-
-variable "root_ca_cert_pem" {
-  type        = "string"
-  description = "The Root CA in PEM format."
-}
-
-variable "aggregator_ca_cert_pem" {
-  type        = "string"
-  description = "The Aggregated API Server CA in PEM format."
-}
-
-variable "aggregator_ca_key_pem" {
-  type        = "string"
-  description = "The Aggregated API Server CA key in PEM format."
-}
-
-variable "kube_ca_cert_pem" {
-  type        = "string"
-  description = "The Kubernetes CA in PEM format."
-}
-
-variable "kube_ca_key_pem" {
-  type        = "string"
-  description = "The Kubernetes CA key in PEM format."
-}
-
-variable "service_serving_ca_cert_pem" {
-  type        = "string"
-  description = "The Service Serving CA in PEM format."
-}
-
-variable "service_serving_ca_key_pem" {
-  type        = "string"
-  description = "The Service Serving CA key in PEM format."
-}
-
-variable "admin_cert_pem" {
-  type        = "string"
-  description = "The admin certificate in PEM format."
-}
-
-variable "admin_key_pem" {
-  type        = "string"
-  description = "The admin key in PEM format."
-}
-
-variable "kubelet_cert_pem" {
-  type        = "string"
-  description = "The kubelet certificate in PEM format."
-}
-
-variable "kubelet_key_pem" {
-  type        = "string"
-  description = "The kubelet key in PEM format."
-}
-
-variable "mcs_cert_pem" {
-  type = "string"
-}
-
-variable "mcs_key_pem" {
-  type = "string"
-}
-
-variable "service_account_public_key_pem" {
-  type = "string"
-}
-
-variable "service_account_private_key_pem" {
-  type = "string"
-}
-
-variable "oidc_ca_cert" {
-  type = "string"
-}
-
-variable "clusterapi_ca_cert_pem" {
-  type = "string"
-}
-
-variable "clusterapi_ca_key_pem" {
-  type = "string"
-}
-
-variable "service_cidr" {
-  description = "A CIDR notation IP range from which to assign service cluster IPs"
-  type        = "string"
-}
-
-variable "pull_secret" {
-  type        = "string"
-  description = "Your pull secret.  Obtain this from your Tectonic Account: https://account.coreos.com."
-}
-
-variable "worker_ign_config" {
-  description = "Worker ignition config"
-  type        = "string"
-  default     = ""
-}
diff --git a/data/data/modules/ignition/assets.tf b/data/data/modules/ignition/assets.tf
deleted file mode 100644
index 264ca460c2f..00000000000
--- a/data/data/modules/ignition/assets.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-data "template_file" "kubelet" {
-  template = "${file("${path.module}/resources/services/kubelet.service")}"
-
-  vars {
-    cloud_provider        = "${var.cloud_provider}"
-    cloud_provider_config = "${var.cloud_provider_config != "" ? "--cloud-config=/etc/kubernetes/cloud/config" : ""}"
-    cluster_dns_ip        = "${var.kube_dns_service_ip}"
-    debug_config          = "${var.kubelet_debug_config}"
-    node_label            = "${var.kubelet_node_label}"
-    node_taints_param     = "${var.kubelet_node_taints != "" ? "--register-with-taints=${var.kubelet_node_taints}" : ""}"
-  }
-}
-
-data "ignition_systemd_unit" "kubelet" {
-  name    = "kubelet.service"
-  enabled = true
-  content = "${data.template_file.kubelet.rendered}"
-}
-
-data "ignition_file" "sysconfig_crio_network" {
-  filesystem = "root"
-  mode       = "0644"
-  path       = "/etc/sysconfig/crio-network"
-
-  content {
-    content = "${file("${path.module}/resources/files/crio-network")}"
-  }
-}
diff --git a/data/data/modules/ignition/ca_certs.tf b/data/data/modules/ignition/ca_certs.tf
deleted file mode 100644
index c2bc1ceb304..00000000000
--- a/data/data/modules/ignition/ca_certs.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-data "ignition_file" "root_ca_cert_pem" {
-  filesystem = "root"
-  path       = "/etc/ssl/certs/root_ca.pem"
-  mode       = 0400
-  uid        = 0
-  gid        = 0
-
-  content {
-    content = "${var.root_ca_cert_pem}"
-  }
-}
-
-data "ignition_file" "etcd_ca_cert_pem" {
-  filesystem = "root"
-  path       = "/etc/ssl/certs/etcd_ca.pem"
-  mode       = 0444
-  uid        = 0
-  gid        = 0
-
-  content {
-    content = "${var.etcd_ca_cert_pem}"
-  }
-}
-
-data "ignition_file" "ingress_ca_cert_pem" {
-  filesystem = "root"
-  path       = "/etc/ssl/certs/ingress_ca.pem"
-  mode       = 0444
-  uid        = 0
-  gid        = 0
-
-  content {
-    content = "${var.ingress_ca_cert_pem}"
-  }
-}
diff --git a/data/data/modules/ignition/etcd.tf b/data/data/modules/ignition/etcd.tf
deleted file mode 100644
index 2cb58295347..00000000000
--- a/data/data/modules/ignition/etcd.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-data "ignition_file" "etcd_ca" {
-  count = "${var.etcd_count > 0 ? 1 : 0}"
-
-  path       = "/etc/ssl/etcd/ca.crt"
-  mode       = 0644
-  uid        = 232
-  gid        = 232
-  filesystem = "root"
-
-  content {
-    content = "${var.etcd_ca_cert_pem}"
-  }
-}
-
-data "ignition_file" "root_ca" {
-  count = "${var.etcd_count > 0 ? 1 : 0}"
-
-  path       = "/etc/ssl/etcd/root-ca.crt"
-  mode       = 0644
-  uid        = 232
-  gid        = 232
-  filesystem = "root"
-
-  content {
-    content = "${var.root_ca_cert_pem}"
-  }
-}
diff --git a/data/data/modules/ignition/outputs.tf b/data/data/modules/ignition/outputs.tf
deleted file mode 100644
index da29d92006b..00000000000
--- a/data/data/modules/ignition/outputs.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-output "ca_cert_pem_list" {
-  value = [
-    "${var.root_ca_cert_pem}",
-    "${var.ingress_ca_cert_pem}",
-    "${var.etcd_ca_cert_pem}",
-  ]
-}
-
-output "etcd_crt_id_list" {
-  value = ["${flatten(list(
-    data.ignition_file.root_ca.*.id,
-    data.ignition_file.etcd_ca.*.id,
-  ))}"]
-}
-
-output "ignition_file_id_list" {
-  value = [
-    "${data.ignition_file.root_ca_cert_pem.id}",
-    "${data.ignition_file.ingress_ca_cert_pem.id}",
-    "${data.ignition_file.etcd_ca_cert_pem.id}",
-    "${data.ignition_file.sysconfig_crio_network.id}",
-  ]
-}
-
-output "ignition_systemd_id_list" {
-  value = [
-    "${data.ignition_systemd_unit.kubelet.id}",
-  ]
-}
diff --git a/data/data/modules/ignition/resources/files/crio-network b/data/data/modules/ignition/resources/files/crio-network
deleted file mode 100644
index 0c73f5d6946..00000000000
--- a/data/data/modules/ignition/resources/files/crio-network
+++ /dev/null
@@ -1 +0,0 @@
-CRIO_NETWORK_OPTIONS="--cni-config-dir=/etc/kubernetes/cni/net.d --cni-plugin-dir=/var/lib/cni/bin"
diff --git a/data/data/modules/ignition/resources/services/kubelet.service b/data/data/modules/ignition/resources/services/kubelet.service
deleted file mode 100644
index feeaf383267..00000000000
--- a/data/data/modules/ignition/resources/services/kubelet.service
+++ /dev/null
@@ -1,40 +0,0 @@
-[Unit]
-Description=Kubernetes Kubelet
-Wants=rpc-statd.service
-
-[Service]
-ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests
-ExecStartPre=/usr/bin/bash -c "gawk '/certificate-authority-data/ {print $2}' /etc/kubernetes/kubeconfig | base64 --decode > /etc/kubernetes/ca.crt"
-Environment=KUBELET_RUNTIME_REQUEST_TIMEOUT=10m
-EnvironmentFile=-/etc/kubernetes/kubelet-env
-
-ExecStart=/usr/bin/hyperkube \
-  kubelet \
-    --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
-    --kubeconfig=/var/lib/kubelet/kubeconfig \
-    --rotate-certificates \
-    --container-runtime=remote \
-    --container-runtime-endpoint=/var/run/crio/crio.sock \
-    --runtime-request-timeout=$${KUBELET_RUNTIME_REQUEST_TIMEOUT} \
-    --lock-file=/var/run/lock/kubelet.lock \
-    --exit-on-lock-contention \
-    --pod-manifest-path=/etc/kubernetes/manifests \
-    --allow-privileged \
-    --node-labels=${node_label} \
-    --minimum-container-ttl-duration=6m0s \
-    --cluster-dns=${cluster_dns_ip} \
-    --cluster-domain=cluster.local \
-    --client-ca-file=/etc/kubernetes/ca.crt \
-    --cloud-provider=${cloud_provider} \
-    --anonymous-auth=false \
-    --cgroup-driver=systemd \
-    --serialize-image-pulls=false \
-    ${cloud_provider_config} \
-    ${debug_config} \
-    ${node_taints_param} \
-
-Restart=always
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
diff --git a/data/data/modules/ignition/variables.tf b/data/data/modules/ignition/variables.tf
deleted file mode 100644
index 9c697fc4e3c..00000000000
--- a/data/data/modules/ignition/variables.tf
+++ /dev/null
@@ -1,71 +0,0 @@
-variable "container_images" {
-  description = "Container images to use"
-  type        = "map"
-}
-
-variable "image_re" {
-  description = <<EOF
-(internal) Regular expression used to extract repo and tag components from image strings
-EOF
-
-  type = "string"
-}
-
-variable "kubelet_debug_config" {
-  type        = "string"
-  default     = ""
-  description = "internal debug flags for the kubelet (used in CI only)"
-}
-
-variable "kube_dns_service_ip" {
-  type        = "string"
-  description = "Service IP used to reach kube-dns"
-}
-
-variable "kubelet_node_label" {
-  type        = "string"
-  description = "Label that Kubelet will apply on the node"
-}
-
-variable "kubelet_node_taints" {
-  type        = "string"
-  description = "(optional) Taints that Kubelet will apply on the node"
-  default     = ""
-}
-
-variable "cloud_provider" {
-  type        = "string"
-  description = "(optional) The cloud provider to be used for the kubelet."
-  default     = ""
-}
-
-variable "cloud_provider_config" {
-  type        = "string"
-  description = "(optional) The cloud provider config to be used for the kubelet."
-  default     = ""
-}
-
-variable "etcd_count" {
-  type    = "string"
-  default = 0
-}
-
-variable "metadata_provider" {
-  type    = "string"
-  default = ""
-}
-
-variable "root_ca_cert_pem" {
-  type        = "string"
-  description = "The public root CA certificate in PEM format."
-}
-
-variable "ingress_ca_cert_pem" {
-  type        = "string"
-  description = "The ingress kube CA certificate in PEM format."
-}
-
-variable "etcd_ca_cert_pem" {
-  type        = "string"
-  description = "The etcd kube CA certificate in PEM format."
-}
diff --git a/data/data/modules/tectonic/assets.tf b/data/data/modules/tectonic/assets.tf
deleted file mode 100644
index 8571bd4d6cb..00000000000
--- a/data/data/modules/tectonic/assets.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-# Unique Cluster ID (uuid)
-resource "random_id" "cluster_id" {
-  byte_length = 16
-}
-
-resource "random_string" "ingress_status_password" {
-  length  = 6
-  special = false
-  upper   = false
-}
-
-data "ignition_file" "tectonic_sh" {
-  filesystem = "root"
-  mode       = "0755"
-  path       = "/opt/tectonic/tectonic.sh"
-
-  content {
-    content = "${file("${path.module}/resources/tectonic.sh")}"
-  }
-}
-
-data "ignition_systemd_unit" "tectonic_service" {
-  name    = "tectonic.service"
-  enabled = true
-  content = "${file("${path.module}/resources/tectonic.service")}"
-}
diff --git a/data/data/modules/tectonic/crypto.tf b/data/data/modules/tectonic/crypto.tf
deleted file mode 100644
index 5fbb0db00c9..00000000000
--- a/data/data/modules/tectonic/crypto.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Cryptographically-secure ramdon strings used by various components.
-
-resource "random_id" "admin_user_id" {
-  byte_length = 16
-}
-
-resource "random_id" "kubectl_secret" {
-  byte_length = 16
-}
-
-resource "random_id" "console_secret" {
-  byte_length = 16
-}
-
-resource "random_id" "tectonic_monitoring_auth_cookie_secret" {
-  byte_length = 16
-}
diff --git a/data/data/modules/tectonic/manifests.tf b/data/data/modules/tectonic/manifests.tf
deleted file mode 100644
index 6a9a27f0394..00000000000
--- a/data/data/modules/tectonic/manifests.tf
+++ /dev/null
@@ -1,98 +0,0 @@
-#List of all tectonic manifests
-# To update this list, issue this command from the repo root:
-# find modules/tectonic/resources/manifests -type f -printf '    "%P",\n' | sort
-variable "manifest_names" {
-  default = [
-    "ingress/cluster-config.yaml",
-    "ingress/pull.json",
-    "ingress/README.md",
-    "ingress/svc-account.yaml",
-    "rbac/binding-admin.yaml",
-    "rbac/binding-discovery.yaml",
-    "rbac/role-admin.yaml",
-    "rbac/role-user.yaml",
-    "secrets/ca-cert.yaml",
-    "secrets/ingress-tls.yaml",
-    "secrets/pull.json",
-    "security/priviledged-scc-tectonic.yaml",
-    "updater/app-version-kind.yaml",
-    "updater/app_versions/app-version-kube-core.yaml",
-    "updater/app_versions/app-version-kube-addon.yaml",
-    "updater/app_versions/app-version-tectonic-alm.yaml",
-    "updater/app_versions/app-version-tectonic-cluster.yaml",
-    "updater/app_versions/app-version-tectonic-ingress.yaml",
-    "updater/app_versions/app-version-tectonic-utility.yaml",
-    "updater/migration-status-kind.yaml",
-    "updater/operators/kube-core-operator.yaml",
-    "updater/operators/kube-addon-operator.yaml",
-    "updater/operators/tectonic-alm-operator.yaml",
-    "updater/operators/tectonic-channel-operator.yaml",
-    "updater/operators/tectonic-ingress-controller-operator.yaml",
-    "updater/operators/tectonic-utility-operator.yaml",
-    "updater/tectonic-channel-operator-config.yaml",
-    "updater/tectonic-channel-operator-kind.yaml",
-  ]
-}
-
-# Kubernetes Manifests, rendered
-data "template_file" "manifest_file_list" {
-  count    = "${length(var.manifest_names)}"
-  template = "${file("${path.module}/resources/manifests/${var.manifest_names[count.index]}")}"
-
-  vars {
-    addon_resizer_image                        = "${var.container_images["addon_resizer"]}"
-    kube_core_operator_image                   = "${var.container_images["kube_core_operator"]}"
-    kube_addon_operator_image                  = "${var.container_images["kube_addon_operator"]}"
-    tectonic_channel_operator_image            = "${var.container_images["tectonic_channel_operator"]}"
-    tectonic_alm_operator_image                = "${var.container_images["tectonic_alm_operator"]}"
-    tectonic_ingress_controller_operator_image = "${var.container_images["tectonic_ingress_controller_operator"]}"
-    tectonic_utility_operator_image            = "${var.container_images["tectonic_utility_operator"]}"
-
-    config_reload_base_image      = "${var.container_base_images["config_reload"]}"
-    addon_resizer_base_image      = "${var.container_base_images["addon_resizer"]}"
-    kube_state_metrics_base_image = "${var.container_base_images["kube_state_metrics"]}"
-    kube_rbac_proxy_base_image    = "${var.container_base_images["kube_rbac_proxy"]}"
-
-    tectonic_version              = "${var.versions["tectonic"]}"
-    tectonic_alm_operator_version = "${var.versions["alm"]}"
-
-    pull_secret = "${base64encode(var.pull_secret)}"
-
-    update_server  = "${var.update_server}"
-    update_channel = "${var.update_channel}"
-    update_app_id  = "${var.update_app_id}"
-
-    base_address = "${var.base_address}"
-
-    ingress_kind            = "${var.ingress_kind}"
-    ingress_status_password = "${random_string.ingress_status_password.result}"
-    ingress_ca_cert         = "${base64encode(var.ingress_ca_cert_pem)}"
-    ingress_tls_cert        = "${base64encode(var.ingress_cert_pem)}"
-    ingress_tls_key         = "${base64encode(var.ingress_key_pem)}"
-    ingress_tls_bundle      = "${base64encode(var.ingress_bundle_pem)}"
-
-    platform = "${var.platform}"
-  }
-}
-
-# Ignition entry for every tectonic manifest
-# Drops them in /opt/tectonic/tectonic/<path>
-data "ignition_file" "tectonic_manifest_list" {
-  count      = "${length(var.manifest_names)}"
-  filesystem = "root"
-  mode       = "0644"
-
-  path = "/opt/tectonic/tectonic/${var.manifest_names[count.index]}"
-
-  content {
-    content = "${data.template_file.manifest_file_list.*.rendered[count.index]}"
-  }
-}
-
-# Log the generated manifest files to disk for debugging and user visibility
-# Dest: ./generated/tectonic/<path>
-resource "local_file" "manifest_files" {
-  count    = "${length(var.manifest_names)}"
-  filename = "./generated/tectonic/${var.manifest_names[count.index]}"
-  content  = "${data.template_file.manifest_file_list.*.rendered[count.index]}"
-}
diff --git a/data/data/modules/tectonic/output.tf b/data/data/modules/tectonic/output.tf
deleted file mode 100644
index 2c0438f89cb..00000000000
--- a/data/data/modules/tectonic/output.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-output "systemd_service_id" {
-  value = "${data.ignition_systemd_unit.tectonic_service.id}"
-}
-
-output "ignition_file_id_list" {
-  value = ["${concat(
-    list(data.ignition_file.tectonic_sh.id),
-    data.ignition_file.tectonic_manifest_list.*.id,
-  )}"]
-}
-
-output "cluster_id" {
-  value = "${format(
-    "%s-%s-%s-%s-%s",
-    substr(random_id.cluster_id.hex, 0, 8),
-    substr(random_id.cluster_id.hex, 8, 4),
-    substr(random_id.cluster_id.hex, 12, 4),
-    substr(random_id.cluster_id.hex, 16, 4),
-    substr(random_id.cluster_id.hex, 20, 12)
-  )}"
-}
diff --git a/data/data/modules/tectonic/resources/manifests/ingress/README.md b/data/data/modules/tectonic/resources/manifests/ingress/README.md
deleted file mode 100644
index 60ef4987e9b..00000000000
--- a/data/data/modules/tectonic/resources/manifests/ingress/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-tectonic-ingress-controller-operator is a special case, since it is in its own
-namespace and reads its own config.
diff --git a/data/data/modules/tectonic/resources/manifests/ingress/cluster-config.yaml b/data/data/modules/tectonic/resources/manifests/ingress/cluster-config.yaml
deleted file mode 100644
index 13192da85bf..00000000000
--- a/data/data/modules/tectonic/resources/manifests/ingress/cluster-config.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-config-v1
-  namespace: openshift-ingress
-data:
-  ingress-config: |
-    apiVersion: v1
-    kind: TectonicIngressOperatorConfig
-    type: ${ingress_kind}
-    statsPassword: ${ingress_status_password}
-    statsUsername: admin
diff --git a/data/data/modules/tectonic/resources/manifests/ingress/pull.json b/data/data/modules/tectonic/resources/manifests/ingress/pull.json
deleted file mode 100644
index 410066261f5..00000000000
--- a/data/data/modules/tectonic/resources/manifests/ingress/pull.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "apiVersion": "v1",
-  "kind": "Secret",
-  "type": "kubernetes.io/dockerconfigjson",
-  "metadata": {
-    "namespace": "openshift-ingress",
-    "name": "coreos-pull-secret"
-  },
-  "data": {
-    ".dockerconfigjson": "${pull_secret}"
-  }
-}
diff --git a/data/data/modules/tectonic/resources/manifests/ingress/svc-account.yaml b/data/data/modules/tectonic/resources/manifests/ingress/svc-account.yaml
deleted file mode 100644
index bfebbd07690..00000000000
--- a/data/data/modules/tectonic/resources/manifests/ingress/svc-account.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: tectonic-ingress-controller-operator
-  namespace: openshift-ingress
diff --git a/data/data/modules/tectonic/resources/manifests/rbac/binding-admin.yaml b/data/data/modules/tectonic/resources/manifests/rbac/binding-admin.yaml
deleted file mode 100644
index c0f3294fc04..00000000000
--- a/data/data/modules/tectonic/resources/manifests/rbac/binding-admin.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: admin-user
-subjects:
-  - kind: ServiceAccount
-    namespace: tectonic-system
-    name: default
-  - kind: ServiceAccount
-    namespace: openshift-ingress
-    name: tectonic-ingress-controller-operator
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
diff --git a/data/data/modules/tectonic/resources/manifests/rbac/binding-discovery.yaml b/data/data/modules/tectonic/resources/manifests/rbac/binding-discovery.yaml
deleted file mode 100644
index 79154a8aff8..00000000000
--- a/data/data/modules/tectonic/resources/manifests/rbac/binding-discovery.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: discovery
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:discovery
-subjects:
-- kind: Group
-  name: 'system:unauthenticated'
-- kind: Group
-  name: 'system:authenticated'
diff --git a/data/data/modules/tectonic/resources/manifests/rbac/role-admin.yaml b/data/data/modules/tectonic/resources/manifests/rbac/role-admin.yaml
deleted file mode 100644
index 11968feba20..00000000000
--- a/data/data/modules/tectonic/resources/manifests/rbac/role-admin.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: admin
-rules:
-  - apiGroups: ["*"]
-    resources: ["*"]
-    verbs: ["*"]
-  - nonResourceURLs: ["*"]
-    verbs: ["*"]
diff --git a/data/data/modules/tectonic/resources/manifests/rbac/role-user.yaml b/data/data/modules/tectonic/resources/manifests/rbac/role-user.yaml
deleted file mode 100644
index a2ade705b53..00000000000
--- a/data/data/modules/tectonic/resources/manifests/rbac/role-user.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: user
-rules:
-  - apiGroups: [""]
-    resources: [
-        "bindings", "configmaps", "events", "pods", "replicationcontrollers",
-        "secrets", "services", "serviceaccounts",
-        "pods/attach",
-        "pods/binding",
-        "pods/exec",
-        "pods/log",
-        "pods/portforward",
-        "pods/proxy",
-        "pods/status",
-        "replicationcontrollers/scale",
-        "replicationcontrollers/status",
-        "services/proxy",
-        "services/status"
-    ]
-    verbs: ["*"]
-    nonResourceURLs: []
-
-  - apiGroups: [""]
-    resources: [
-        "componentstatuses", "endpoints", "limitranges", "nodes", "nodes/proxy", "nodes/status",
-        "namespaces", "namespaces/status", "namespaces/finalize",
-        "persistentvolumeclaims", "persistentvolumeclaims/status", "persistentvolumes", "resourcequotas",
-        "resourcequotas/status"
-    ]
-    verbs: ["get", "list", "watch", "proxy", "redirect"]
-    nonResourceURLs: []
-
-  - apiGroups: ["apps", "batch", "autoscaling", "policy"]
-    resources: ["*"]
-    verbs: ["*"]
-    nonResourceURLs: []
-
-  - apiGroups: ["extensions"]
-    resources: [
-        "daemonsets", "deployments", "horizontalpodautoscalers", "ingresses",
-        "jobs", "replicasets", "replicationcontrollers",
-
-        "daemonsets/status",
-        "deployments/rollback",
-        "deployments/scale",
-        "deployments/status",
-        "horizontalpodautoscalers/status",
-        "ingresses/status",
-        "jobs/status",
-        "replicasets/scale",
-        "replicasets/status",
-        "replicationcontrollers/scale"
-    ]
-    verbs: ["*"]
-    nonResourceURLs: []
-
-  - apiGroups: ["extensions"]
-    resources: ["networkpolicies", "thirdpartyresources"]
-    verbs: ["get", "list", "watch", "proxy", "redirect"]
-    nonResourceURLs: []
-
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["*"]
-    verbs: ["get", "list", "watch", "proxy", "redirect"]
-    nonResourceURLs: []
diff --git a/data/data/modules/tectonic/resources/manifests/secrets/ca-cert.yaml b/data/data/modules/tectonic/resources/manifests/secrets/ca-cert.yaml
deleted file mode 100644
index 88f71093b85..00000000000
--- a/data/data/modules/tectonic/resources/manifests/secrets/ca-cert.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: tectonic-ca-cert-secret
-  namespace: tectonic-system
-type: Opaque
-data:
-  ca-cert: ${ingress_ca_cert}
diff --git a/data/data/modules/tectonic/resources/manifests/secrets/ingress-tls.yaml b/data/data/modules/tectonic/resources/manifests/secrets/ingress-tls.yaml
deleted file mode 100644
index 7898800cc04..00000000000
--- a/data/data/modules/tectonic/resources/manifests/secrets/ingress-tls.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: tectonic-ingress-tls
-  namespace: openshift-ingress
-type: Opaque
-data:
-  tls.crt: ${ingress_tls_cert}
-  tls.key: ${ingress_tls_key}
-  bundle.crt: ${ingress_tls_bundle}
\ No newline at end of file
diff --git a/data/data/modules/tectonic/resources/manifests/secrets/pull.json b/data/data/modules/tectonic/resources/manifests/secrets/pull.json
deleted file mode 100644
index 0e8d1bacf74..00000000000
--- a/data/data/modules/tectonic/resources/manifests/secrets/pull.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "apiVersion": "v1",
-  "kind": "Secret",
-  "type": "kubernetes.io/dockerconfigjson",
-  "metadata": {
-    "namespace": "tectonic-system",
-    "name": "coreos-pull-secret"
-  },
-  "data": {
-    ".dockerconfigjson": "${pull_secret}"
-  }
-}
diff --git a/data/data/modules/tectonic/resources/manifests/security/priviledged-scc-tectonic.yaml b/data/data/modules/tectonic/resources/manifests/security/priviledged-scc-tectonic.yaml
deleted file mode 100644
index 89975bfddc5..00000000000
--- a/data/data/modules/tectonic/resources/manifests/security/priviledged-scc-tectonic.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  annotations:
-    kubernetes.io/description: "privileged-tectonic temporarily for running tectonic assets."
-  name: privileged-tectonic
-allowHostDirVolumePlugin: true
-allowHostIPC: true
-allowHostNetwork: true
-allowHostPID: true
-allowHostPorts: true
-allowPrivilegedContainer: true
-allowedCapabilities:
-- "*"
-fsGroup:
-  type: RunAsAny
-groups:
-- system:serviceaccounts:tectonic-system
-- system:serviceaccounts:openshift-ingress
-readOnlyRootFilesystem: false
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: RunAsAny
-seccompProfiles:
-- "*"
-supplementalGroups:
-  type: RunAsAny
-users: []
-volumes:
-- "*"
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app-version-kind.yaml b/data/data/modules/tectonic/resources/manifests/updater/app-version-kind.yaml
deleted file mode 100644
index ebcd04e9ebe..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app-version-kind.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: "apiextensions.k8s.io/v1beta1"
-kind: "CustomResourceDefinition"
-metadata:
-  name: "appversions.tco.coreos.com"
-spec:
-  group: "tco.coreos.com"
-  version: "v1"
-  names:
-    plural: "appversions"
-    kind: "AppVersion"
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-addon.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-addon.yaml
deleted file mode 100644
index ac36ad9c142..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-addon.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: kube-addon
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion:
-  paused: false
-status:
-  currentVersion:
-  paused: false
-upgradereq: 1
-upgradecomp: 0
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-core.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-core.yaml
deleted file mode 100644
index 0f6042ddb0a..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-kube-core.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: kube-core
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  paused: false
-status:
-  paused: false
-upgradereq: 0
-upgradecomp: 0
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-alm.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-alm.yaml
deleted file mode 100644
index 1327041ebe9..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-alm.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: tectonic-alm-operator
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-  annotations:
-    tectonic-operators.coreos.com/upgrade-behaviour: "CreateOrUpgrade"
-spec:
-  desiredVersion: ${tectonic_alm_operator_version}
-  paused: false
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml
deleted file mode 100644
index 82cefbd5b3a..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: tectonic-cluster
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion: ${tectonic_version}
-  paused: false
-status:
-  currentVersion: ${tectonic_version}
-  paused: false
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-ingress.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-ingress.yaml
deleted file mode 100644
index bb97f74a806..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-ingress.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: tectonic-ingress
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion:
-  paused: false
-status:
-  paused: false
-upgradereq: 1
-upgradecomp: 0
diff --git a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-utility.yaml b/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-utility.yaml
deleted file mode 100644
index 47839385507..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-utility.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: AppVersion
-metadata:
-  name: tectonic-utility
-  namespace: tectonic-system
-  labels:
-    managed-by-channel-operator: "true"
-spec:
-  desiredVersion:
-  paused: false
-status:
-  paused: false
-upgradereq: 1
-upgradecomp: 0
diff --git a/data/data/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml b/data/data/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml
deleted file mode 100644
index 546baa04e91..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: "apiextensions.k8s.io/v1beta1"
-kind: "CustomResourceDefinition"
-metadata:
-  name: "migrationstatuses.kvo.coreos.com"
-spec:
-  group: "kvo.coreos.com"
-  version: "v1"
-  names:
-    plural: "migrationstatuses"
-    kind: "MigrationStatus"
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/kube-addon-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/kube-addon-operator.yaml
deleted file mode 100644
index 7ff12e0d257..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/kube-addon-operator.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: kube-addon-operator
-  namespace: tectonic-system
-  labels:
-    k8s-app: kube-addon-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: kube-addon-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-addon-operator
-        tectonic-app-version-name: kube-addon
-    spec:
-      containers:
-      - name: kube-addon-operator
-        image: ${kube_addon_operator_image}
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/cluster-config
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: addon-config
-            path: addon-config
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/kube-core-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/kube-core-operator.yaml
deleted file mode 100644
index 5edef2fe376..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/kube-core-operator.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: kube-core-operator
-  namespace: kube-system
-  labels:
-    k8s-app: kube-core-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: kube-core-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-core-operator
-        tectonic-app-version-name: kube-core
-    spec:
-      containers:
-      - name: kube-core-operator
-        image: ${kube_core_operator_image}
-        imagePullPolicy: Always
-        args:
-        - --config=/etc/cluster-config/kco-config.yaml
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/cluster-config
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: kco-config
-            path: kco-config.yaml
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-alm-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-alm-operator.yaml
deleted file mode 100644
index df2cf2ca017..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-alm-operator.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: tectonic-alm-operator
-  namespace: tectonic-system
-  labels:
-    k8s-app: tectonic-alm-operator
-    managed-by-channel-operator: "true"
-  annotations:
-    tectonic-operators.coreos.com/upgrade-behaviour: 'CreateOrUpgrade'
-spec:
-  replicas: 1
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-  selector:
-    matchLabels:
-      k8s-app: tectonic-alm-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: tectonic-alm-operator
-    spec:
-      containers:
-      - name: tectonic-alm-operator
-        image: ${tectonic_alm_operator_image}
-        args:
-        - --manifest-dir=/manifests
-        - --operator-name=tectonic-alm-operator
-        - --appversion-name=tectonic-alm-operator
-        - --v=2
-      imagePullSecrets:
-        - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-channel-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-channel-operator.yaml
deleted file mode 100644
index b031b30a4fd..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-channel-operator.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: tectonic-channel-operator
-  namespace: tectonic-system
-  labels:
-    k8s-app: tectonic-channel-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: tectonic-channel-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: tectonic-channel-operator
-        tectonic-app-version-name: tectonic-cluster
-    spec:
-      containers:
-      - name: tectonic-channel-operator
-        image: ${tectonic_channel_operator_image}
-        env:
-          - name: CLUSTER_ID
-            valueFrom:
-              configMapKeyRef:
-                name: tectonic-config
-                key: clusterID
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: certs
-          mountPath: /etc/ssl/certs
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: certs
-        hostPath:
-          path: /etc/ssl/certs
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-ingress-controller-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-ingress-controller-operator.yaml
deleted file mode 100644
index 4a7a4e59087..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-ingress-controller-operator.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: tectonic-ingress-controller-operator
-  namespace: openshift-ingress
-  labels:
-    k8s-app: tectonic-ingress-controller-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: tectonic-ingress-controller-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: tectonic-ingress-controller-operator
-        tectonic-app-version-name: tectonic-ingress
-    spec:
-      containers:
-      - name: tectonic-ingress-controller-operator
-        image: ${tectonic_ingress_controller_operator_image}
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/cluster-config
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      serviceAccount: tectonic-ingress-controller-operator
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: ingress-config
-            path: ingress-config
diff --git a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-utility-operator.yaml b/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-utility-operator.yaml
deleted file mode 100644
index eb4fc403c7d..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/operators/tectonic-utility-operator.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: tectonic-utility-operator
-  namespace: tectonic-system
-  labels:
-    k8s-app: tectonic-utility-operator
-    managed-by-channel-operator: "true"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: tectonic-utility-operator
-  template:
-    metadata:
-      labels:
-        k8s-app: tectonic-utility-operator
-        tectonic-app-version-name: tectonic-utility
-    spec:
-      containers:
-      - name: tectonic-utility-operator
-        image: ${tectonic_utility_operator_image}
-        resources:
-          limits:
-            cpu: 20m
-            memory: 50Mi
-          requests:
-            cpu: 20m
-            memory: 50Mi
-        volumeMounts:
-        - name: cluster-config
-          mountPath: /etc/cluster-config
-      imagePullSecrets:
-      - name: coreos-pull-secret
-      nodeSelector:
-        node-role.kubernetes.io/master: ""
-      restartPolicy: Always
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      tolerations:
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-        effect: "NoSchedule"
-      volumes:
-      - name: cluster-config
-        configMap:
-          name: cluster-config-v1
-          items:
-          - key: utility-config
-            path: utility-config
diff --git a/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-config.yaml b/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-config.yaml
deleted file mode 100644
index 5fab4614c94..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-config.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: tco.coreos.com/v1
-kind: ChannelOperatorConfig
-metadata:
-  name: default
-  namespace: tectonic-system
-server: ${update_server}
-channel: ${update_channel}
-appID: ${update_app_id}
-automaticUpdate: false
-triggerUpdate: false
-triggerUpdateCheck: false
-updateCheckInterval: 2700
diff --git a/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml b/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml
deleted file mode 100644
index a92fa942810..00000000000
--- a/data/data/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: "apiextensions.k8s.io/v1beta1"
-kind: "CustomResourceDefinition"
-metadata:
-  name: "channeloperatorconfigs.tco.coreos.com"
-spec:
-  group: "tco.coreos.com"
-  version: "v1"
-  names:
-    plural: "channeloperatorconfigs"
-    kind: "ChannelOperatorConfig"
diff --git a/data/data/modules/tectonic/resources/tectonic.service b/data/data/modules/tectonic/resources/tectonic.service
deleted file mode 100644
index 85fe18e3335..00000000000
--- a/data/data/modules/tectonic/resources/tectonic.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Bootstrap a Tectonic cluster
-Wants=bootkube.service
-After=bootkube.service
-
-[Service]
-WorkingDirectory=/opt/tectonic/tectonic
-
-ExecStart=/opt/tectonic/tectonic.sh /opt/tectonic/auth/kubeconfig
-
-Restart=on-failure
-RestartSec=5s
-
-[Install]
-WantedBy=multi-user.target
diff --git a/data/data/modules/tectonic/resources/tectonic.sh b/data/data/modules/tectonic/resources/tectonic.sh
deleted file mode 100755
index db6dc3ec7f1..00000000000
--- a/data/data/modules/tectonic/resources/tectonic.sh
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-KUBECONFIG="$1"
-
-kubectl() {
-	echo "Executing kubectl $*" >&2
-	while true
-	do
-		set +e
-		out=$(oc --config="$KUBECONFIG" "$@" 2>&1)
-		status=$?
-		set -e
-
-		if grep --quiet "AlreadyExists" <<< "$out"
-		then
-			echo "$out, skipping" >&2
-			return
-		fi
-
-		echo "$out"
-		if [ "$status" -eq 0 ]
-		then
-			return
-		fi
-
-		echo "kubectl $* failed. Retrying in 5 seconds..." >&2
-		sleep 5
-	done
-}
-
-wait_for_pods() {
-	echo "Waiting for pods in namespace $1..."
-	while true
-	do
-		out=$(kubectl --namespace "$1" get pods --output custom-columns=STATUS:.status.phase,NAME:.metadata.name --no-headers=true)
-		echo "$out"
-
-		# make sure kubectl returns at least one status
-		if [ "$(wc --lines <<< "$out")" -eq 0 ]
-		then
-			echo "No pods were found. Waiting for 5 seconds..."
-			sleep 5
-			continue
-		fi
-
-		if ! grep --invert-match '^Running' <<< "$out"
-		then
-			return
-		fi
-
-		echo "Not all pods available yet. Waiting for 5 seconds..."
-		sleep 5
-	done
-	set -e
-}
-
-# Wait for Kubernetes pods
-wait_for_pods kube-system
-
-echo "Creating initial roles..."
-kubectl delete --filename rbac/role-admin.yaml
-
-kubectl create --filename ingress/svc-account.yaml
-kubectl create --filename rbac/role-admin.yaml
-kubectl create --filename rbac/role-user.yaml
-kubectl create --filename rbac/binding-admin.yaml
-kubectl create --filename rbac/binding-discovery.yaml
-
-echo "Creating cluster config for Tectonic..."
-kubectl create --filename cluster-config.yaml
-kubectl create --filename ingress/cluster-config.yaml
-
-echo "Creating Tectonic secrets..."
-kubectl create --filename secrets/pull.json
-kubectl create --filename secrets/ingress-tls.yaml
-kubectl create --filename secrets/ca-cert.yaml
-kubectl create --filename ingress/pull.json
-
-echo "Creating operators..."
-kubectl create --filename security/priviledged-scc-tectonic.yaml
-kubectl create --filename updater/tectonic-channel-operator-kind.yaml
-kubectl create --filename updater/app-version-kind.yaml
-kubectl create --filename updater/migration-status-kind.yaml
-
-kubectl --namespace=tectonic-system get customresourcedefinition channeloperatorconfigs.tco.coreos.com
-kubectl create --filename updater/tectonic-channel-operator-config.yaml
-
-kubectl create --filename updater/operators/kube-core-operator.yaml
-kubectl create --filename updater/operators/tectonic-channel-operator.yaml
-kubectl create --filename updater/operators/kube-addon-operator.yaml
-kubectl create --filename updater/operators/tectonic-alm-operator.yaml
-kubectl create --filename updater/operators/tectonic-utility-operator.yaml
-kubectl create --filename updater/operators/tectonic-ingress-controller-operator.yaml
-
-kubectl --namespace=tectonic-system get customresourcedefinition appversions.tco.coreos.com
-kubectl create --filename updater/app_versions/app-version-tectonic-cluster.yaml
-kubectl create --filename updater/app_versions/app-version-kube-core.yaml
-kubectl create --filename updater/app_versions/app-version-kube-addon.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-alm.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-utility.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-ingress.yaml
-
-# Wait for Tectonic pods
-wait_for_pods tectonic-system
-
-echo "Tectonic installation is done"
diff --git a/data/data/modules/tectonic/variables.tf b/data/data/modules/tectonic/variables.tf
deleted file mode 100644
index afd4e76561e..00000000000
--- a/data/data/modules/tectonic/variables.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-variable "container_images" {
-  description = "Container images to use. Leave blank for defaults."
-  type        = "map"
-}
-
-variable "container_base_images" {
-  description = "Container base images to use. Leave blank for defaults."
-  type        = "map"
-}
-
-variable "versions" {
-  description = "Versions of the components to use. Leave blank for defaults."
-  type        = "map"
-}
-
-variable "platform" {
-  description = "Platform on which Tectonic is being installed. Example: aws or libvirt."
-  type        = "string"
-}
-
-variable "ingress_kind" {
-  description = "Type of Ingress mapping to use. Example: HostPort or NodePort."
-  type        = "string"
-}
-
-variable "pull_secret" {
-  type        = "string"
-  description = "Your pull secret. Obtain this from your Tectonic Account: https://account.coreos.com."
-}
-
-variable "base_address" {
-  description = "Base address used to access the Tectonic Console, without protocol nor trailing forward slash (may contain a port). Example: console.example.com:30000."
-  type        = "string"
-}
-
-variable "update_server" {
-  description = "Server contacted to request Tectonic software updates. Leave blank for defaults."
-  type        = "string"
-}
-
-variable "update_channel" {
-  description = "Release channel used to request Tectonic software updates. Leave blank for defaults. Example: Tectonic-1.5"
-  type        = "string"
-}
-
-variable "update_app_id" {
-  description = "Application identifier used to request Tectonic software updates. Leave blank for defaults."
-  type        = "string"
-}
-
-variable "ingress_ca_cert_pem" {
-  type = "string"
-}
-
-variable "ingress_cert_pem" {
-  type = "string"
-}
-
-variable "ingress_key_pem" {
-  type = "string"
-}
-
-variable "ingress_bundle_pem" {
-  type = "string"
-}
diff --git a/data/data/steps/infra/aws/main.tf b/data/data/steps/infra/aws/main.tf
index fc5b8dce50e..76c716e565c 100644
--- a/data/data/steps/infra/aws/main.tf
+++ b/data/data/steps/infra/aws/main.tf
@@ -44,7 +44,6 @@ module "masters" {
   base_domain         = "${var.tectonic_base_domain}"
   cluster_id          = "${var.tectonic_cluster_id}"
   cluster_name        = "${var.tectonic_cluster_name}"
-  container_images    = "${var.tectonic_container_images}"
   ec2_type            = "${var.tectonic_aws_master_ec2_type}"
   extra_tags          = "${var.tectonic_aws_extra_tags}"
   instance_count      = "${var.tectonic_master_count}"