diff --git a/build/debian-base/Dockerfile b/build/debian-base/Dockerfile
deleted file mode 100644
index 749f3bf7c13..00000000000
--- a/build/debian-base/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM scratch
-
-ADD rootfs.tar /
-
-CMD ["/bin/sh"]
diff --git a/build/debian-base/Dockerfile.build b/build/debian-base/Dockerfile.build
deleted file mode 100644
index 22bd98201b4..00000000000
--- a/build/debian-base/Dockerfile.build
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM BASEIMAGE
-
-# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so
-# e.g. CROSS_BUILD_COPY turns into COPY
-# If we're building normally, for amd64, CROSS_BUILD lines are removed
-CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-# Smaller package install size.
-COPY excludes /etc/dpkg/dpkg.cfg.d/excludes
-
-# Convenience script for building on this base image.
-COPY clean-install /usr/local/bin/clean-install
-
-# Update system packages.
-RUN apt-get update \
-    && apt-get dist-upgrade -y
-
-# Hold required packages to avoid breaking the installation of packages
-RUN apt-mark hold apt gnupg adduser passwd libsemanage1 libcap2
-
-# Remove unnecessary packages.
-# This list was generated manually by listing the installed packages (`apt list --installed`),
-# then running `apt-cache rdepends --installed --no-recommends` to find the "root" packages.
-# The root packages were evaluated based on whether they were needed in the container image.
-# Several utilities (e.g. ping) were kept for usefulness, but may be removed in later versions.
-RUN echo "Yes, do as I say!" | apt-get purge \
-    bash \
-    e2fsprogs \
-    libcap2-bin \
-    libmount1 \
-    libsmartcols1 \
-    libblkid1 \
-    libss2 \
-    ncurses-base \
-    ncurses-bin \
-    tzdata
-
-# No-op stubs replace some unnecessary binaries that may be depended on in the install process (in
-# particular we don't run an init process).
-WORKDIR /usr/local/bin
-RUN touch noop && \
-    chmod 555 noop && \
-    ln -s noop runlevel && \
-    ln -s noop invoke-rc.d && \
-    ln -s noop update-rc.d
-WORKDIR /
-
-# Cleanup cached and unnecessary files.
-RUN apt-get autoremove -y && \
-    apt-get clean -y && \
-    tar -czf /usr/share/copyrights.tar.gz /usr/share/common-licenses /usr/share/doc/*/copyright && \
-    rm -rf \
-        /usr/share/doc \
-        /usr/share/man \
-        /usr/share/info \
-        /usr/share/locale \
-        /var/lib/apt/lists/* \
-        /var/log/* \
-        /var/cache/debconf/* \
-        /usr/share/common-licenses* \
-        /usr/share/bash-completion \
-        ~/.bashrc \
-        ~/.profile \
-        /etc/systemd \
-        /lib/lsb \
-        /lib/udev \
-        /usr/lib/x86_64-linux-gnu/gconv/IBM* \
-        /usr/lib/x86_64-linux-gnu/gconv/EBC* && \
-    mkdir -p /usr/share/man/man1 /usr/share/man/man2 \
-        /usr/share/man/man3 /usr/share/man/man4 \
-        /usr/share/man/man5 /usr/share/man/man6 \
-        /usr/share/man/man7 /usr/share/man/man8
diff --git a/build/debian-base/Makefile b/build/debian-base/Makefile
deleted file mode 100755
index f080d5a5a18..00000000000
--- a/build/debian-base/Makefile
+++ /dev/null
@@ -1,105 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-all: all-build
-
-REGISTRY ?= gcr.io/k8s-staging-build-image
-IMAGE ?= $(REGISTRY)/debian-base
-BUILD_IMAGE ?= debian-build
-
-TAG ?= v2.1.1
-
-TAR_FILE ?= rootfs.tar
-ARCH?=amd64
-ALL_ARCH = amd64 arm arm64 ppc64le s390x
-
-TEMP_DIR:=$(shell mktemp -d)
-QEMUVERSION=v4.2.0-6
-
-SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
-
-# This option is for running docker manifest command
-export DOCKER_CLI_EXPERIMENTAL := enabled
-
-ifeq ($(ARCH),amd64)
-	BASEIMAGE?=debian:buster-slim
-endif
-ifeq ($(ARCH),arm)
-	BASEIMAGE?=arm32v7/debian:buster-slim
-	QEMUARCH=arm
-endif
-ifeq ($(ARCH),arm64)
-	BASEIMAGE?=arm64v8/debian:buster-slim
-	QEMUARCH=aarch64
-endif
-ifeq ($(ARCH),ppc64le)
-	BASEIMAGE?=ppc64le/debian:buster-slim
-	QEMUARCH=ppc64le
-endif
-ifeq ($(ARCH),s390x)
-	BASEIMAGE?=s390x/debian:buster-slim
-	QEMUARCH=s390x
-endif
-
-sub-build-%:
-	$(MAKE) ARCH=$* build
-
-all-build: $(addprefix sub-build-,$(ALL_ARCH))
-
-sub-push-image-%:
-	$(MAKE) ARCH=$* push
-
-all-push-images: $(addprefix sub-push-image-,$(ALL_ARCH))
-
-all-push: all-push-images push-manifest
-
-push-manifest:
-	docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g")
-	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done
-	docker manifest push --purge ${IMAGE}:${TAG}
-
-build: clean
-	cp ./* $(TEMP_DIR)
-	cat Dockerfile.build \
-		| sed "s|BASEIMAGE|$(BASEIMAGE)|g" \
-		| sed "s|ARCH|$(QEMUARCH)|g" \
-		> $(TEMP_DIR)/Dockerfile.build
-
-ifeq ($(ARCH),amd64)
-	# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
-	sed "/CROSS_BUILD_/d" $(TEMP_DIR)/Dockerfile.build > $(TEMP_DIR)/Dockerfile.build.tmp
-else
-	# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
-	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	$(SUDO) ../../third_party/multiarch/qemu-user-static/register/register.sh --reset
-	curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
-	# Ensure we don't get surprised by umask settings
-	chmod 0755 $(TEMP_DIR)/qemu-$(QEMUARCH)-static
-	sed "s/CROSS_BUILD_//g" $(TEMP_DIR)/Dockerfile.build > $(TEMP_DIR)/Dockerfile.build.tmp
-endif
-	mv $(TEMP_DIR)/Dockerfile.build.tmp $(TEMP_DIR)/Dockerfile.build
-
-	docker build --pull -t $(BUILD_IMAGE) -f $(TEMP_DIR)/Dockerfile.build $(TEMP_DIR)
-	docker create --name $(BUILD_IMAGE) $(BUILD_IMAGE)
-	docker export $(BUILD_IMAGE) > $(TEMP_DIR)/$(TAR_FILE)
-	docker build -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
-	rm -rf $(TEMP_DIR)
-
-push: build
-	docker push $(IMAGE)-$(ARCH):$(TAG)
-
-clean:
-	docker rmi -f $(IMAGE)-$(ARCH):$(TAG) || true
-	docker rmi -f $(BUILD_IMAGE)   || true
-	docker rm  -f $(BUILD_IMAGE)   || true
diff --git a/build/debian-base/OWNERS b/build/debian-base/OWNERS
deleted file mode 100644
index 9f31a67a8c5..00000000000
--- a/build/debian-base/OWNERS
+++ /dev/null
@@ -1,12 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - build-image-reviewers
-  - BenTheElder
-  - mkumatag
-  - tallclair
-approvers:
-  - build-image-approvers
-  - BenTheElder
-  - mkumatag
-  - tallclair
diff --git a/build/debian-base/README.md b/build/debian-base/README.md
deleted file mode 100644
index e864938570c..00000000000
--- a/build/debian-base/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Kubernetes Debian Base
-
-The Kubernetes debian-base image provides a common base for Kubernetes system images that require
-external dependencies (such as `iptables`, `sh`, or anything that is more than a static go-binary).
-
-This image differs from the standard debian image by removing a lot of packages and files that are
-generally not necessary in containers. The end result is an image that is just over 40 MB, down from
-123 MB.
-
-The image also provides a convenience script `/usr/local/bin/clean-install` that encapsulates the
-process of updating apt repositories, installing the packages, and then cleaning up unnecessary
-caches & logs.
diff --git a/build/debian-base/clean-install b/build/debian-base/clean-install
deleted file mode 100755
index 74b7d21ca03..00000000000
--- a/build/debian-base/clean-install
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# A script encapsulating a common Dockerimage pattern for installing packages
-# and then cleaning up the unnecessary install artifacts.
-# e.g. clean-install iptables ebtables conntrack
-
-set -o errexit
-
-if [ $# = 0 ]; then
-  echo >&2 "No packages specified"
-  exit 1
-fi
-
-apt-get update
-apt-get install -y --no-install-recommends $@
-apt-get clean -y
-rm -rf \
-   /var/cache/debconf/* \
-   /var/lib/apt/lists/* \
-   /var/log/* \
-   /tmp/* \
-   /var/tmp/*
diff --git a/build/debian-base/cloudbuild.yaml b/build/debian-base/cloudbuild.yaml
deleted file mode 100644
index 2d8320a869b..00000000000
--- a/build/debian-base/cloudbuild.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-# See https://cloud.google.com/cloud-build/docs/build-config
-timeout: 1200s
-options:
-  substitution_option: ALLOW_LOOSE
-  machineType: 'N1_HIGHCPU_8'
-steps:
-  - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20200422-b25d964'
-    entrypoint: make
-    dir: ./build/debian-base
-    env:
-      - DOCKER_CLI_EXPERIMENTAL=enabled
-      - REGISTRY=gcr.io/$PROJECT_ID
-      - IMAGE=gcr.io/$PROJECT_ID/debian-base
-      - BUILD_IMAGE=debian-build
-    args:
-      - all-push
diff --git a/build/debian-base/excludes b/build/debian-base/excludes
deleted file mode 100644
index 406948ebe99..00000000000
--- a/build/debian-base/excludes
+++ /dev/null
@@ -1,10 +0,0 @@
-path-exclude /usr/share/doc/*
-path-include /usr/share/doc/*/copyright
-path-exclude /usr/share/groff/*
-path-exclude /usr/share/i18n/locales/*
-path-include /usr/share/i18n/locales/en_US*
-path-exclude /usr/share/info/*
-path-exclude /usr/share/locale/*
-path-include /usr/share/locale/en_US*
-path-include /usr/share/locale/locale.alias
-path-exclude /usr/share/man/*
diff --git a/build/debian-iptables/Dockerfile b/build/debian-iptables/Dockerfile
deleted file mode 100644
index 3d8435fe680..00000000000
--- a/build/debian-iptables/Dockerfile
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright 2016 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM BASEIMAGE
-
-# Install latest iptables package from buster-backports
-RUN echo deb http://deb.debian.org/debian buster-backports main >> /etc/apt/sources.list; \
-    apt-get update; \
-    apt-get -t buster-backports -y --no-install-recommends install iptables
-
-# Install other dependencies and then clean up apt caches
-RUN clean-install \
-    conntrack \
-    ebtables \
-    ipset \
-    kmod \
-    netbase
-
-# Install iptables wrapper scripts to detect the correct iptables mode
-# the first time any of them is run
-COPY iptables-wrapper /usr/sbin/iptables-wrapper
-
-RUN update-alternatives \
-	--install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \
-	--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \
-	--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper
-RUN update-alternatives \
-	--install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \
-	--slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \
-	--slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper
diff --git a/build/debian-iptables/Makefile b/build/debian-iptables/Makefile
deleted file mode 100644
index 917b1c81015..00000000000
--- a/build/debian-iptables/Makefile
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 2016 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-.PHONY:	build push all all-build all-push-images all-push push-manifest
-
-REGISTRY?="gcr.io/k8s-staging-build-image"
-IMAGE=$(REGISTRY)/debian-iptables
-TAG?=v12.1.0
-ARCH?=amd64
-ALL_ARCH = amd64 arm arm64 ppc64le s390x
-TEMP_DIR:=$(shell mktemp -d)
-
-BASE_REGISTRY?=k8s.gcr.io/build-image
-BASEIMAGE?=$(BASE_REGISTRY)/debian-base-$(ARCH):v2.1.0
-
-# This option is for running docker manifest command
-export DOCKER_CLI_EXPERIMENTAL := enabled
-
-SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
-
-build:
-	cp ./* $(TEMP_DIR)
-	cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile
-
-ifneq ($(ARCH),amd64)
-	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	$(SUDO) ../../third_party/multiarch/qemu-user-static/register/register.sh --reset
-endif
-
-	docker build --pull -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
-
-push: build
-	docker push $(IMAGE)-$(ARCH):$(TAG)
-
-sub-build-%:
-	$(MAKE) ARCH=$* build
-
-all-build: $(addprefix sub-build-,$(ALL_ARCH))
-
-sub-push-image-%:
-	$(MAKE) ARCH=$* push
-
-all-push-images: $(addprefix sub-push-image-,$(ALL_ARCH))
-
-all-push: all-push-images push-manifest
-
-push-manifest:
-	docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g")
-	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done
-	docker manifest push --purge ${IMAGE}:${TAG}
-
-all: all-push
diff --git a/build/debian-iptables/OWNERS b/build/debian-iptables/OWNERS
deleted file mode 100644
index 477c0d59b0e..00000000000
--- a/build/debian-iptables/OWNERS
+++ /dev/null
@@ -1,20 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - build-image-reviewers
-  - BenTheElder
-  - bowei
-  - freehan
-  - jingax10
-  - mkumatag
-  - mrhohn
-  - tallclair
-approvers:
-  - build-image-approvers
-  - BenTheElder
-  - bowei
-  - freehan
-  - jingax10
-  - mkumatag
-  - mrhohn
-  - tallclair
diff --git a/build/debian-iptables/README.md b/build/debian-iptables/README.md
deleted file mode 100644
index 6900a857ed2..00000000000
--- a/build/debian-iptables/README.md
+++ /dev/null
@@ -1,24 +0,0 @@
-### debian-iptables
-
-Serves as the base image for `k8s.gcr.io/kube-proxy-${ARCH}` and multiarch (not `amd64`) `k8s.gcr.io/flannel-${ARCH}` images.
-
-This image is compiled for multiple architectures.
-
-#### How to release
-
-If you're editing the Dockerfile or some other thing, please bump the `TAG` in the Makefile.
-
-```console
-Build and  push images for all the architectures
-$ make all-push
-# ---> staging-k8s.gcr.io/debian-iptables-amd64:TAG
-# ---> staging-k8s.gcr.io/debian-iptables-arm:TAG
-# ---> staging-k8s.gcr.io/debian-iptables-arm64:TAG
-# ---> staging-k8s.gcr.io/debian-iptables-ppc64le:TAG
-# ---> staging-k8s.gcr.io/debian-iptables-s390x:TAG
-```
-
-If you don't want to push the images, run `make build ARCH={target_arch}` or `make all-build` instead
-
-
-[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/debian-iptables/README.md?pixel)]()
diff --git a/build/debian-iptables/cloudbuild.yaml b/build/debian-iptables/cloudbuild.yaml
deleted file mode 100644
index 014cd9db1e7..00000000000
--- a/build/debian-iptables/cloudbuild.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# See https://cloud.google.com/cloud-build/docs/build-config
-timeout: 1200s
-options:
-  substitution_option: ALLOW_LOOSE
-  machineType: 'N1_HIGHCPU_8'
-steps:
-  - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20200422-b25d964'
-    entrypoint: make
-    dir: ./build/debian-iptables
-    env:
-      - DOCKER_CLI_EXPERIMENTAL=enabled
-      - REGISTRY=gcr.io/$PROJECT_ID
-      - IMAGE=gcr.io/$PROJECT_ID/debian-iptables
-    args:
-      - all-push
diff --git a/build/debian-iptables/iptables-wrapper b/build/debian-iptables/iptables-wrapper
deleted file mode 100755
index c114ef0eb4b..00000000000
--- a/build/debian-iptables/iptables-wrapper
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-
-# Copyright 2019 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -e
-
-# Detect whether the base system is using iptables-legacy or
-# iptables-nft. This assumes that some non-containerized process (eg
-# kubelet) has already created some iptables rules.
-
-# Bugs in iptables-nft 1.8.3 may cause it to get stuck in a loop in
-# some circumstances, so we have to run the nft check in a timeout. To
-# avoid hitting that timeout, we only bother to even check nft if
-# legacy iptables was empty / mostly empty.
-
-num_legacy_lines=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep '^-' | wc -l)
-if [ "${num_legacy_lines}" -ge 10 ]; then
-    mode=legacy
-else
-    num_nft_lines=$( (timeout 5 sh -c "iptables-nft-save; ip6tables-nft-save" || true) 2>/dev/null | grep '^-' | wc -l)
-    if [ "${num_legacy_lines}" -ge "${num_nft_lines}" ]; then
-	mode=legacy
-    else
-	mode=nft
-    fi
-fi
-
-update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
-update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null
-
-# Now re-exec the original command with the newly-selected alternative
-exec "$0" "$@"
diff --git a/build/dependencies.yaml b/build/dependencies.yaml
index 063f5af418e..4b2b67e2c8e 100644
--- a/build/dependencies.yaml
+++ b/build/dependencies.yaml
@@ -103,12 +103,6 @@ dependencies:
       match: k8s\.gcr\.io\/build-image\/kube-cross:v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)
 
   # Base images
-  - name: "k8s.gcr.io/debian-base"
-    version: 2.1.1
-    refPaths:
-    - path: build/debian-base/Makefile
-      match: TAG \?=
-
   - name: "k8s.gcr.io/debian-base: dependents"
     version: 2.1.0
     refPaths:
@@ -116,8 +110,6 @@ dependencies:
       match: debian_base_version=
     - path: build/workspace.bzl
       match: tag =
-    - path: build/debian-iptables/Makefile
-      match: BASEIMAGE\?\=\$\(BASE_REGISTRY\)\/debian-base-\$\(ARCH\)
     - path: cluster/images/etcd/Makefile
       match: BASEIMAGE\?\=k8s\.gcr\.io\/build-image\/debian-base:v\d+\.\d+\.\d+
     - path: cluster/images/etcd/Makefile
@@ -129,12 +121,6 @@ dependencies:
     - path: cluster/images/etcd/Makefile
       match: BASEIMAGE\?\=k8s\.gcr\.io\/build-image\/debian-base-s390x:v\d+\.\d+\.\d+
 
-  - name: "k8s.gcr.io/debian-iptables"
-    version: 12.1.0
-    refPaths:
-    - path: build/debian-iptables/Makefile
-      match: TAG\?=
-
   - name: "k8s.gcr.io/debian-iptables: dependents"
     version: 12.1.0
     refPaths: