All credentials request manifests today have a `self-managed-high-availability` profile which makes CVO apply them to cluster. The credentials requests for new platforms are not handled by CCO inside the cluster as these platforms operate in manual-only mode. We need to ensure these stale credentials requests are removed from existing cluster and are not applied for new clusters. The following cloud providers operate in manual-only mode

• IBM cloud
• Alibaba cloud
• Nutanix

Policy:

• If you have a mint-mode option, you need to be in-cluster: set profiles, no delete annotation.
• If you have no mint-mode or other in-cluster action, stay out of the cluster. Set spec on your CredentialsRequest for ccoctl . Aim to not set a profile. If you're already in-cluster, set delete for a minor so the CVO removes you, and then drop both delete and the profile.
• if you don't need the CredentialsRequest at all anymore, keep the profiles, add delete, and drop the spec for a minor (so ccoctl ignores you), and then drop the manifest entirely.

More details in slack thread here: https://coreos.slack.com/archives/CE3ETN3J8/p1640195638159200