update image to AL2023

main.tf

@@ -72,7 +72,7 @@ locals {
 }
 
 module "cluster" {
-  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.8.5"
+  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.20.0"
   #version = "19.16.0"
 
   cluster_name                             = var.cluster_name
@@ -99,6 +99,9 @@ module "cluster" {
     kube-proxy = {
       most_recent = true
     }
+    eks-pod-identity-agent = {
+      most_recent = true
+    }
     vpc-cni = {
       most_recent              = true
       service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn
@@ -114,10 +117,10 @@ module "cluster" {
   }
 
   eks_managed_node_group_defaults = {
-    ami_type = "AL2_x86_64"
+    ami_type = "AL2023_x86_64_STANDARD"
   }
 
-  node_security_group_enable_recommended_rules = false
+  node_security_group_enable_recommended_rules = true
 
   node_security_group_additional_rules = local.node_security_group_additional_rules
 
@@ -141,14 +144,23 @@ module "cluster" {
           ebs = {
             volume_size           = var.eks_instance_disk_size
             volume_type           = "gp3"
-            iops                  = 3000
-            throughput            = 125
+            # iops                  = 3000
+            # throughput            = 125
             encrypted             = true
             delete_on_termination = true
             kms_key_id            = data.aws_kms_key.ebs_key.arn
           }
         }
       }
+      taints = {
+        # This Taint aims to keep just EKS Addons and Karpenter running on this MNG
+        # The pods that do not tolerate this taint should run on nodes created by Karpenter
+        addons = {
+          key    = "CriticalAddonsOnly"
+          value  = "true"
+          effect = "NO_SCHEDULE"
+        },
+      }
     }
   }