move karpenter into layer2-k8s instead of using a separate module

terraform/layer1-aws/aws-eks.tf

@@ -78,7 +78,6 @@ module "eks" {
 
       }
     }
-    # iam_role_additional_policies = var.eks_workers_additional_policies
     metadata_options = {
       http_endpoint               = "enabled"
       http_tokens                 = "required"

terraform/layer1-aws/aws-vpc.tf

@@ -28,11 +28,12 @@ module "vpc" {
   database_subnets = local.database_subnets
   intra_subnets    = local.intra_subnets
 
-  single_nat_gateway   = var.single_nat_gateway
-  enable_nat_gateway   = true
-  enable_vpn_gateway   = false
-  enable_dns_hostnames = true
-  enable_dns_support   = true
+  single_nat_gateway      = var.single_nat_gateway
+  enable_nat_gateway      = true
+  enable_vpn_gateway      = false
+  enable_dns_hostnames    = true
+  enable_dns_support      = true
+  map_public_ip_on_launch = true
 
   create_database_subnet_group = false
 
@@ -47,6 +48,7 @@ module "vpc" {
   private_subnet_tags = {
     Name                              = "${local.name}-private"
     destination                       = "private"
+    "karpenter.sh/discovery"          = "private"
     "kubernetes.io/role/internal-elb" = "1"
   }
 
@@ -58,6 +60,7 @@ module "vpc" {
   public_subnet_tags = {
     Name                     = "${local.name}-public"
     destination              = "public"
+    "karpenter.sh/discovery" = "public"
     "kubernetes.io/role/elb" = "1"
   }
 

terraform/layer1-aws/outputs.tf

@@ -109,10 +109,6 @@ output "ssl_certificate_arn" {
   value       = local.ssl_certificate_arn
 }
 
-output "node_group_default_iam_instance_profile_id" {
-  value = module.eks.self_managed_node_groups["default"].iam_instance_profile_id
-}
-
 output "node_group_default_iam_role_arn" {
   value = module.eks.self_managed_node_groups["default"].iam_role_arn
 }

terraform/layer1-aws/variables.tf

@@ -117,14 +117,6 @@ variable "eks_cluster_version" {
   description = "Version of the EKS K8S cluster"
 }
 
-# variable "eks_workers_additional_policies" {
-#   type = map(string)
-#   default = {
-#     additional = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-#   }
-#   description = "Additional IAM policy attached to EKS worker nodes"
-# }
-
 variable "node_group_default" {
   type = object({
     instance_type              = string