cluster subnet_tag removal

README.md

@@ -85,18 +85,18 @@ Change logs are auto-generated with commitizen.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.61.0 |
-| <a name="provider_aws.route53_main_east"></a> [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.61.0 |
-| <a name="provider_aws.route53_main_west"></a> [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.61.0 |
-| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 5.61.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.64.0 |
+| <a name="provider_aws.route53_main_east"></a> [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.64.0 |
+| <a name="provider_aws.route53_main_west"></a> [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.64.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 5.64.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | 3.2.2 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_cloudwatch_observability_irsa_role"></a> [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
-| <a name="module_cluster"></a> [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.20.0 |
+| <a name="module_cluster"></a> [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.24.0 |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_efs_csi_irsa_role"></a> [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
 | <a name="module_vpc_cni_irsa_role"></a> [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
@@ -106,7 +106,6 @@ Change logs are auto-generated with commitizen.
 | Name | Type |
 |------|------|
 | [aws_ec2_tag.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
-| [aws_ec2_tag.lb_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
 | [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
@@ -125,7 +124,6 @@ Change logs are auto-generated with commitizen.
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
 | [aws_subnets.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
-| [aws_subnets.lb_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
 | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 | [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
@@ -145,7 +143,6 @@ Change logs are auto-generated with commitizen.
 | <a name="input_eks_ng_max_size"></a> [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size | `number` | `15` | no |
 | <a name="input_eks_ng_min_size"></a> [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size | `number` | `4` | no |
 | <a name="input_enable_cluster_creator_admin_permissions"></a> [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no |
-| <a name="input_lb_subnets_name"></a> [lb\_subnets\_name](#input\_lb\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-private-lb-*"` | no |
 | <a name="input_os_username"></a> [os\_username](#input\_os\_username) | OS username from environment variable, ideally as $USER | `string` | `null` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS config profile | `string` | `""` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS config region | `string` | `""` | no |

dns_zones.tf

@@ -15,19 +15,8 @@ data "aws_subnets" "container_subnets" {
     values = [data.aws_vpc.eks_vpc.id]
   }
 }
-data "aws_subnets" "lb_subnets" {
-  filter {
-    name   = "tag:Name"
-    values = [local.lb_subnets_name]
-  }
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.eks_vpc.id]
-  }
-}
 locals {
   container_subnets_name     = var.subnets_name
-  lb_subnets_name            = var.lb_subnets_name
   cluster_domain_name        = format("%v.%v", var.cluster_name, var.vpc_domain_name)
   cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
   zone_ids                   = compact(var.zone_ids)
@@ -163,13 +152,6 @@ resource "aws_ec2_tag" "container_subnets" {
   value       = "shared"
 }
 
-resource "aws_ec2_tag" "lb_subnets" {
-  for_each    = toset(data.aws_subnets.lb_subnets.ids)
-  resource_id = each.value
-  key         = "kubernetes.io/role/internal-nlb"
-  value       = "1"
-}
-
 #### This is the correct way, it's commented because
 #### the module is throwing an error on the for_each
 #### in the module.

main.tf

@@ -92,7 +92,7 @@ locals {
 }
 
 module "cluster" {
-  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.20.0"
+  source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.24.0"
 
   cluster_name                             = var.cluster_name
   cluster_version                          = var.cluster_version
@@ -112,15 +112,9 @@ module "cluster" {
   subnet_ids = local.subnets
 
   cluster_addons = {
-    coredns = {
-      most_recent = true
-    }
-    kube-proxy = {
-      most_recent = true
-    }
-    vpc-cni = {
+    amazon-cloudwatch-observability = {
       most_recent              = true
-      service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn
+      service_account_role_arn = module.cloudwatch_observability_irsa_role.iam_role_arn
     }
     aws-ebs-csi-driver = {
       most_recent              = true
@@ -130,13 +124,22 @@ module "cluster" {
       most_recent              = true
       service_account_role_arn = module.efs_csi_irsa_role.iam_role_arn
     }
-    amazon-cloudwatch-observability = {
-      most_recent              = true
-      service_account_role_arn = module.cloudwatch_observability_irsa_role.iam_role_arn
+    coredns = {
+      most_recent = true
+    }
+    eks-pod-identity-agent = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
     }
     snapshot-controller = {
       most_recent = true
     }
+    vpc-cni = {
+      most_recent              = true
+      service_account_role_arn = module.vpc_cni_irsa_role.iam_role_arn
+    }
   }
 
   eks_managed_node_group_defaults = {

variables.tf

@@ -32,12 +32,6 @@ variable "subnets_name" {
   default     = "*-container-*"
 }
 
-variable "lb_subnets_name" {
-  description = "Define the name of the subnets to be used by this cluster"
-  type        = string
-  default     = "*-private-lb-*"
-}
-
 variable "vpc_domain_name" {
   description = "The DNS domain name of the vpc the cluster is in."
   type        = string