diff --git a/README.md b/README.md
index 7cd8bb7..bf9d153 100644
--- a/README.md
+++ b/README.md
@@ -84,14 +84,14 @@ Change logs are auto-generated with commitizen.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.73.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.84.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_cloudwatch_observability_irsa_role"></a> [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
-| <a name="module_cluster"></a> [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.26.0 |
+| <a name="module_cluster"></a> [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.31.1 |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_efs_csi_irsa_role"></a> [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_vpc_cni_irsa_role"></a> [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
diff --git a/main.tf b/main.tf
index ecfed95..6fb7632 100644
--- a/main.tf
+++ b/main.tf
@@ -45,7 +45,7 @@ locals {
 }
 
 module "cluster" {
-  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.26.0"
+  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.31.1"
 
   cluster_name                             = var.cluster_name
   cluster_version                          = var.cluster_version
@@ -79,6 +79,17 @@ module "cluster" {
     }
     coredns = {
       most_recent = true
+      configuration_values = jsonencode({
+        tolerations = [
+          # Allow CoreDNS to run on the same nodes as the Karpenter controller
+          # for use during cluster creation when Karpenter nodes do not yet exist
+          {
+            key    = "karpenter.sh/controller"
+            value  = "true"
+            effect = "NoSchedule"
+          }
+        ]
+      })
     }
     eks-pod-identity-agent = {
       most_recent = true
@@ -104,7 +115,7 @@ module "cluster" {
   node_security_group_additional_rules = local.node_security_group_additional_rules
 
   eks_managed_node_groups = {
-    node_group = {
+    karpenter = {
       name          = local.ng_name
       capacity_type = "ON_DEMAND"
 
@@ -132,6 +143,15 @@ module "cluster" {
       labels = {
         intent = "control-apps"
       }
+      taints = {
+        # The pods that do not tolerate this taint should run on nodes
+        # created by Karpenter
+        karpenter = {
+          key    = "karpenter.sh/controller"
+          value  = "true"
+          effect = "NO_SCHEDULE"
+        }
+      }
     }
   }
   tags = local.tags