diff --git a/main.tf b/main.tf
index 46df6ca..8a73964 100644
--- a/main.tf
+++ b/main.tf
@@ -55,11 +55,11 @@ resource "kubernetes_namespace" "ns" {
   }
 }
 
-data "kubernetes_service" "apiserver" {
-  metadata {
-    name = "kubernetes"
-  }
-}
+# data "kubernetes_service" "apiserver" {
+#   metadata {
+#     name = "kubernetes"
+#   }
+# }
 
 resource "helm_release" "base" {
   depends_on = [module.images]
@@ -110,7 +110,8 @@ resource "helm_release" "istiod" {
   }
   set {
     name  = "globalproxy.excludeIPRanges"
-    value = "${data.kubernetes_service.apiserver.spec[0].cluster_ip}/32"
+    value = "${var.kubernetes_service_apiserver}/32"
+    # value = "${data.kubernetes_service.apiserver.spec[0].cluster_ip}/32"
   }
 }
 
diff --git a/variables.tf b/variables.tf
index d980faf..79cf6d2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -62,3 +62,9 @@ variable "enable_egress_gateway" {
   type        = bool
   default     = true
 }
+
+variable "kubernetes_service_apiserver" {
+  description = "Use to exclude internal API service traffic from the service mesh; it should not change but could be necessary to lookup"
+  type        = string
+  default     = "172.20.0.1"
+}
\ No newline at end of file