From 0ce4dea19763819fd9900538217b6e4dd9b3b347 Mon Sep 17 00:00:00 2001
From: Max Glotov <max@maddevs.io>
Date: Fri, 5 Jan 2024 16:10:39 +0600
Subject: [PATCH] move karpenter into layer2-k8s instead of using a separate
 module

---
 terraform/layer1-aws/aws-eks.tf               |   1 -
 terraform/layer1-aws/aws-vpc.tf               |  13 +-
 terraform/layer1-aws/outputs.tf               |   4 -
 terraform/layer1-aws/variables.tf             |   8 -
 .../layer2-k8s/eks-cluster-autoscaler.tf      | 188 ------------
 terraform/layer2-k8s/eks-karpenter.tf         | 268 ++++++++++++++++++
 terraform/layer2-k8s/helm-releases.yaml       |  16 +-
 terraform/layer2-k8s/variables.tf             |  10 +
 terraform/modules/karpenter/main.tf           |  79 ------
 terraform/modules/karpenter/variables.tf      |  33 ---
 .../us-east-1/aws-base/.terraform.lock.hcl    |  37 ---
 terragrunt/demo/us-east-1/eks-providers.tf    |  35 ---
 .../demo/us-east-1/k8s-addons/terragrunt.hcl  |  30 +-
 .../us-east-1/karpenter/.terraform.lock.hcl   |  82 ------
 .../demo/us-east-1/karpenter/terragrunt.hcl   | 167 -----------
 terragrunt/terragrunt.hcl                     |  27 --
 16 files changed, 314 insertions(+), 684 deletions(-)
 delete mode 100644 terraform/layer2-k8s/eks-cluster-autoscaler.tf
 create mode 100644 terraform/layer2-k8s/eks-karpenter.tf
 delete mode 100644 terraform/modules/karpenter/main.tf
 delete mode 100644 terraform/modules/karpenter/variables.tf
 delete mode 100644 terragrunt/demo/us-east-1/eks-providers.tf
 delete mode 100644 terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl
 delete mode 100644 terragrunt/demo/us-east-1/karpenter/terragrunt.hcl

diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf
index b3e9e650..df5b5995 100644
--- a/terraform/layer1-aws/aws-eks.tf
+++ b/terraform/layer1-aws/aws-eks.tf
@@ -78,7 +78,6 @@ module "eks" {
 
       }
     }
-    # iam_role_additional_policies = var.eks_workers_additional_policies
     metadata_options = {
       http_endpoint               = "enabled"
       http_tokens                 = "required"
diff --git a/terraform/layer1-aws/aws-vpc.tf b/terraform/layer1-aws/aws-vpc.tf
index 37dea51d..5663c53e 100644
--- a/terraform/layer1-aws/aws-vpc.tf
+++ b/terraform/layer1-aws/aws-vpc.tf
@@ -28,11 +28,12 @@ module "vpc" {
   database_subnets = local.database_subnets
   intra_subnets    = local.intra_subnets
 
-  single_nat_gateway   = var.single_nat_gateway
-  enable_nat_gateway   = true
-  enable_vpn_gateway   = false
-  enable_dns_hostnames = true
-  enable_dns_support   = true
+  single_nat_gateway      = var.single_nat_gateway
+  enable_nat_gateway      = true
+  enable_vpn_gateway      = false
+  enable_dns_hostnames    = true
+  enable_dns_support      = true
+  map_public_ip_on_launch = true
 
   create_database_subnet_group = false
 
@@ -47,6 +48,7 @@ module "vpc" {
   private_subnet_tags = {
     Name                              = "${local.name}-private"
     destination                       = "private"
+    "karpenter.sh/discovery"          = "private"
     "kubernetes.io/role/internal-elb" = "1"
   }
 
@@ -58,6 +60,7 @@ module "vpc" {
   public_subnet_tags = {
     Name                     = "${local.name}-public"
     destination              = "public"
+    "karpenter.sh/discovery" = "public"
     "kubernetes.io/role/elb" = "1"
   }
 
diff --git a/terraform/layer1-aws/outputs.tf b/terraform/layer1-aws/outputs.tf
index 10a1ebc6..d2069e4b 100644
--- a/terraform/layer1-aws/outputs.tf
+++ b/terraform/layer1-aws/outputs.tf
@@ -109,10 +109,6 @@ output "ssl_certificate_arn" {
   value       = local.ssl_certificate_arn
 }
 
-output "node_group_default_iam_instance_profile_id" {
-  value = module.eks.self_managed_node_groups["default"].iam_instance_profile_id
-}
-
 output "node_group_default_iam_role_arn" {
   value = module.eks.self_managed_node_groups["default"].iam_role_arn
 }
diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf
index 2b32f86f..6e57e779 100644
--- a/terraform/layer1-aws/variables.tf
+++ b/terraform/layer1-aws/variables.tf
@@ -117,14 +117,6 @@ variable "eks_cluster_version" {
   description = "Version of the EKS K8S cluster"
 }
 
-# variable "eks_workers_additional_policies" {
-#   type = map(string)
-#   default = {
-#     additional = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-#   }
-#   description = "Additional IAM policy attached to EKS worker nodes"
-# }
-
 variable "node_group_default" {
   type = object({
     instance_type              = string
diff --git a/terraform/layer2-k8s/eks-cluster-autoscaler.tf b/terraform/layer2-k8s/eks-cluster-autoscaler.tf
deleted file mode 100644
index e80730b1..00000000
--- a/terraform/layer2-k8s/eks-cluster-autoscaler.tf
+++ /dev/null
@@ -1,188 +0,0 @@
-locals {
-  cluster_autoscaler = {
-    name          = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].id
-    enabled       = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].enabled
-    chart         = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].chart
-    repository    = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].repository
-    chart_version = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].chart_version
-    namespace     = local.helm_releases[index(local.helm_releases.*.id, "cluster-autoscaler")].namespace
-  }
-  cluster_autoscaler_values = <<VALUES
-image:
-  tag: ${var.cluster_autoscaler_version}
-awsRegion: ${local.region}
-rbac:
-  create: true
-  serviceAccount:
-    annotations:
-      eks.amazonaws.com/role-arn: ${local.cluster_autoscaler.enabled ? module.aws_iam_autoscaler[0].role_arn : ""}
-autoDiscovery:
-  clusterName: ${local.eks_cluster_id}
-extraArgs:
-  skip-nodes-with-local-storage: false
-  scale-down-utilization-threshold: 0.7
-  expander: priority
-expanderPriorities: |
-  10:
-    - ${local.eks_cluster_id}-ondemand.*
-  50:
-    - ${local.eks_cluster_id}-spot.*
-
-serviceMonitor:
-  enabled: true
-  interval: 10s
-  namespace: monitoring
-  path: /metrics
-
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: eks.amazonaws.com/capacityType
-          operator: In
-          values:
-            - ON_DEMAND
-resources:
-  limits:
-    cpu: 100m
-    memory: 1024Mi
-  requests:
-    cpu: 100m
-    memory: 320Mi
-VALUES
-}
-
-module "cluster_autoscaler_namespace" {
-  count = local.cluster_autoscaler.enabled ? 1 : 0
-
-  source = "../modules/eks-kubernetes-namespace"
-  name   = local.cluster_autoscaler.namespace
-  network_policies = [
-    {
-      name         = "default-deny"
-      policy_types = ["Ingress", "Egress"]
-      pod_selector = {}
-    },
-    {
-      name         = "allow-this-namespace"
-      policy_types = ["Ingress"]
-      pod_selector = {}
-      ingress = {
-        from = [
-          {
-            namespace_selector = {
-              match_labels = {
-                name = local.cluster_autoscaler.namespace
-              }
-            }
-          }
-        ]
-      }
-    },
-    {
-      name         = "allow-monitoring"
-      policy_types = ["Ingress"]
-      pod_selector = {
-        match_expressions = {
-          key      = "app.kubernetes.io/name"
-          operator = "In"
-          values   = ["aws-cluster-autoscaler"]
-        }
-      }
-      ingress = {
-        ports = [
-          {
-            port     = "8085"
-            protocol = "TCP"
-          }
-        ]
-        from = [
-          {
-            namespace_selector = {
-              match_labels = {
-                name = "monitoring"
-              }
-            }
-          }
-        ]
-      }
-    },
-    {
-      name         = "allow-egress"
-      policy_types = ["Egress"]
-      pod_selector = {}
-      egress = {
-        to = [
-          {
-            ip_block = {
-              cidr = "0.0.0.0/0"
-              except = [
-                "169.254.169.254/32"
-              ]
-            }
-          }
-        ]
-      }
-    }
-  ]
-}
-
-module "aws_iam_autoscaler" {
-  count = local.cluster_autoscaler.enabled ? 1 : 0
-
-  source            = "../modules/aws-iam-eks-trusted"
-  name              = "${local.name}-autoscaler"
-  region            = local.region
-  oidc_provider_arn = local.eks_oidc_provider_arn
-  policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Sid" : "clusterAutoscalerAll",
-        "Effect" : "Allow",
-        "Action" : [
-          "ec2:DescribeLaunchTemplateVersions",
-          "autoscaling:DescribeTags",
-          "autoscaling:DescribeLaunchConfigurations",
-          "autoscaling:DescribeAutoScalingInstances",
-          "autoscaling:DescribeAutoScalingGroups",
-          "ec2:DescribeInstanceTypes",
-        ],
-        "Resource" : "*"
-      },
-      {
-        "Sid" : "clusterAutoscalerOwn",
-        "Effect" : "Allow",
-        "Action" : [
-          "autoscaling:TerminateInstanceInAutoScalingGroup",
-          "autoscaling:SetDesiredCapacity",
-        ],
-        "Resource" : "*",
-        "Condition" : {
-          "StringEquals" : {
-            "autoscaling:ResourceTag/kubernetes.io/cluster/${local.eks_cluster_id}" : ["owned"],
-            "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled" : ["true"]
-          }
-        }
-      }
-    ]
-  })
-}
-
-resource "helm_release" "cluster_autoscaler" {
-  count = local.cluster_autoscaler.enabled ? 1 : 0
-
-  name        = local.cluster_autoscaler.name
-  chart       = local.cluster_autoscaler.chart
-  repository  = local.cluster_autoscaler.repository
-  version     = local.cluster_autoscaler.chart_version
-  namespace   = module.cluster_autoscaler_namespace[count.index].name
-  max_history = var.helm_release_history_size
-
-  values = [
-    local.cluster_autoscaler_values
-  ]
-
-  depends_on = [kubectl_manifest.kube_prometheus_stack_operator_crds]
-}
diff --git a/terraform/layer2-k8s/eks-karpenter.tf b/terraform/layer2-k8s/eks-karpenter.tf
new file mode 100644
index 00000000..9a397fc7
--- /dev/null
+++ b/terraform/layer2-k8s/eks-karpenter.tf
@@ -0,0 +1,268 @@
+locals {
+  karpenter = {
+    name          = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].id
+    enabled       = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].enabled
+    chart         = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart
+    repository    = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].repository
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart_version
+    namespace     = local.helm_releases[index(local.helm_releases.*.id, "karpenter")].namespace
+  }
+
+  karpenter_values = <<VALUES
+settings:
+  clusterName: ${local.eks_cluster_id}
+  clusterEndpoint: ${local.eks_cluster_endpoint}
+  interruptionQueue: ${module.karpenter[0].queue_name}
+
+serviceAccount:
+  annotations:
+    eks.amazonaws.com/role-arn: ${module.karpenter[0].irsa_arn}
+
+controller:
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      memory: 512Mi
+
+VALUES
+}
+
+data "aws_ecrpublic_authorization_token" "token" {}
+
+module "karpenter" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "19.21.0"
+
+  cluster_name = local.eks_cluster_id
+
+  policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+
+  irsa_oidc_provider_arn          = local.eks_oidc_provider_arn
+  irsa_namespace_service_accounts = ["karpenter:karpenter"]
+
+  create_iam_role                            = false
+  enable_karpenter_instance_profile_creation = true
+  iam_role_arn                               = var.node_group_default_iam_role_arn
+}
+
+module "karpenter_namespace" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  source = "../modules/eks-kubernetes-namespace"
+  name   = local.karpenter.namespace
+}
+
+resource "kubectl_manifest" "karpenter_ec2nodeclass_private" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  yaml_body = <<EOF
+apiVersion: karpenter.k8s.aws/v1beta1
+kind: EC2NodeClass
+metadata:
+  name: private
+  namespace: karpenter
+spec:
+  amiFamily: AL2 # Amazon Linux 2
+  role: ${var.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "private"
+        Name: "${local.name}-private"
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: ${local.name}
+  tags:
+    karpenter.sh/discovery: ${local.name}
+EOF
+
+  depends_on = [helm_release.karpenter]
+}
+
+resource "kubectl_manifest" "karpenter_ec2nodeclass_public" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  yaml_body = <<EOF
+apiVersion: karpenter.k8s.aws/v1beta1
+kind: EC2NodeClass
+metadata:
+  name: public
+  namespace: karpenter
+spec:
+  amiFamily: AL2 # Amazon Linux 2
+  role: ${var.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "public"
+        Name: "${local.name}-public"
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: ${local.eks_cluster_id}
+  tags:
+    karpenter.sh/discovery: ${local.eks_cluster_id}
+EOF
+
+  depends_on = [helm_release.karpenter]
+}
+
+resource "kubectl_manifest" "karpenter_nodepool_default" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  yaml_body = <<EOF
+apiVersion: karpenter.sh/v1beta1
+kind: NodePool
+metadata:
+  name: default
+  namespace: karpenter
+spec:
+  template:
+    metadata:
+      labels:
+        nodegroup: default
+
+    spec:
+      # References the Cloud Provider's NodeClass resource, see your cloud provider specific documentation
+      nodeClassRef:
+        name: private
+
+      requirements:
+        - key: "karpenter.k8s.aws/instance-category"
+          operator: In
+          values: ["t", "m", "c"]
+        - key: "karpenter.k8s.aws/instance-cpu"
+          operator: In
+          values: ["2", "4", "8"]
+        - key: "karpenter.k8s.aws/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "karpenter.k8s.aws/instance-generation"
+          operator: Gt
+          values: ["3"]
+        - key: "kubernetes.io/arch"
+          operator: In
+          values: ["amd64"]
+        - key: "karpenter.sh/capacity-type"
+          operator: In
+          values: ["spot", "on-demand"]
+
+      # Karpenter provides the ability to specify a few additional Kubelet args.
+      # These are all optional and provide support for additional customization and use cases.
+      kubelet:
+        systemReserved:
+          cpu: 100m
+          memory: 100Mi
+          ephemeral-storage: 1Gi
+        kubeReserved:
+          cpu: 200m
+          memory: 100Mi
+          ephemeral-storage: 3Gi
+        evictionMaxPodGracePeriod: 60
+        imageGCHighThresholdPercent: 85
+        imageGCLowThresholdPercent: 80
+        cpuCFSQuota: true
+
+  disruption:
+    consolidationPolicy: WhenUnderutilized
+    expireAfter: 720h
+
+  limits:
+    cpu: "1000"
+    memory: 1000Gi
+
+EOF
+
+  depends_on = [helm_release.karpenter]
+}
+
+resource "kubectl_manifest" "karpenter_nodepool_ci" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  yaml_body = <<EOF
+apiVersion: karpenter.sh/v1beta1
+kind: NodePool
+metadata:
+  name: ci
+  namespace: karpenter
+spec:
+  template:
+    metadata:
+      labels:
+        nodegroup: ci
+
+    spec:
+      nodeClassRef:
+        name: public
+
+      taints:
+        - key: nodegroup
+          value: ci
+          effect: NoSchedule
+
+      requirements:
+        - key: "karpenter.k8s.aws/instance-category"
+          operator: In
+          values: ["t", "m", "c"]
+        - key: "karpenter.k8s.aws/instance-cpu"
+          operator: In
+          values: ["4", "8"]
+        - key: "karpenter.k8s.aws/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "karpenter.k8s.aws/instance-generation"
+          operator: Gt
+          values: ["3"]
+        - key: "kubernetes.io/arch"
+          operator: In
+          values: ["amd64"]
+        - key: "karpenter.sh/capacity-type"
+          operator: In
+          values: ["spot"]
+
+      kubelet:
+        systemReserved:
+          cpu: 100m
+          memory: 100Mi
+          ephemeral-storage: 1Gi
+        kubeReserved:
+          cpu: 200m
+          memory: 100Mi
+          ephemeral-storage: 3Gi
+        evictionMaxPodGracePeriod: 60
+        imageGCHighThresholdPercent: 85
+        imageGCLowThresholdPercent: 80
+        cpuCFSQuota: true
+
+  disruption:
+    consolidationPolicy: WhenUnderutilized
+    expireAfter: 720h
+
+  limits:
+    cpu: "1000"
+    memory: 1000Gi
+
+EOF
+
+  depends_on = [helm_release.karpenter]
+}
+
+resource "helm_release" "karpenter" {
+  count = local.karpenter.enabled ? 1 : 0
+
+  name                = local.karpenter.name
+  chart               = local.karpenter.chart
+  repository          = local.karpenter.repository
+  version             = local.karpenter.chart_version
+  namespace           = module.karpenter_namespace[count.index].name
+  max_history         = 3
+  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+  repository_password = data.aws_ecrpublic_authorization_token.token.password
+
+  values = [
+    local.karpenter_values
+  ]
+}
diff --git a/terraform/layer2-k8s/helm-releases.yaml b/terraform/layer2-k8s/helm-releases.yaml
index d494af75..c4ed8aa6 100644
--- a/terraform/layer2-k8s/helm-releases.yaml
+++ b/terraform/layer2-k8s/helm-releases.yaml
@@ -36,7 +36,7 @@ releases:
     chart_version: 1.9.0
     namespace: external-dns
   - id: external-secrets
-    enabled: true
+    enabled: false
     chart: external-secrets
     repository: https://charts.external-secrets.io
     chart_version: 0.8.1
@@ -48,7 +48,7 @@ releases:
     chart_version: 0.51.1
     namespace: gitlab-runner
   - id: ingress-nginx
-    enabled: true
+    enabled: false
     chart: ingress-nginx
     repository: https://kubernetes.github.io/ingress-nginx
     chart_version: 4.6.0
@@ -59,6 +59,12 @@ releases:
     repository: https://istio-release.storage.googleapis.com/charts
     chart_version: 1.17.2
     namespace: istio-system
+  - id: karpenter
+    enabled: true
+    chart: karpenter
+    repository: oci://public.ecr.aws/karpenter
+    chart_version: v0.33.0
+    namespace: karpenter
   - id: keda
     enabled: false
     chart: keda
@@ -72,19 +78,19 @@ releases:
     chart_version: 1.66.0
     namespace: kiali
   - id: kube-prometheus-stack
-    enabled: true
+    enabled: false
     chart: kube-prometheus-stack
     repository: https://prometheus-community.github.io/helm-charts
     chart_version: 45.11.0
     namespace: monitoring
   - id: loki-stack
-    enabled: true
+    enabled: false
     chart: loki-stack
     repository: https://grafana.github.io/helm-charts
     chart_version: 2.9.10
     namespace: loki
   - id: reloader
-    enabled: true
+    enabled: false
     chart: reloader
     repository: https://stakater.github.io/stakater-charts
     chart_version: 1.0.22
diff --git a/terraform/layer2-k8s/variables.tf b/terraform/layer2-k8s/variables.tf
index a58ec2cc..81f0ddb8 100644
--- a/terraform/layer2-k8s/variables.tf
+++ b/terraform/layer2-k8s/variables.tf
@@ -112,3 +112,13 @@ variable "helm_charts_path" {
   description = "where to find the helm charts"
   default     = "../../helm-charts/"
 }
+
+variable "node_group_default_iam_role_arn" {
+  description = "The IAM Role ARN of a default nodegroup"
+  default     = ""
+}
+
+variable "node_group_default_iam_role_name" {
+  description = "The IAM Role name of a default nodegroup"
+  default     = ""
+}
diff --git a/terraform/modules/karpenter/main.tf b/terraform/modules/karpenter/main.tf
deleted file mode 100644
index 8bf868be..00000000
--- a/terraform/modules/karpenter/main.tf
+++ /dev/null
@@ -1,79 +0,0 @@
-locals {
-  karpenter = {
-    name          = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].id
-    enabled       = true                             #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].enabled
-    chart         = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart
-    repository    = "oci://public.ecr.aws/karpenter" #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].repository
-    chart_version = "v0.33.0"                        #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].chart_version
-    namespace     = "karpenter"                      #local.helm_releases[index(local.helm_releases.*.id, "karpenter")].namespace
-  }
-
-  karpenter_values = <<VALUES
-settings:
-  clusterName: ${var.eks_cluster_id}
-  clusterEndpoint: ${var.eks_cluster_endpoint}
-  interruptionQueue: ${module.karpenter.queue_name}
-
-serviceAccount:
-  annotations:
-    eks.amazonaws.com/role-arn: ${module.karpenter.irsa_arn}
-
-controller:
-  resources:
-    requests:
-      cpu: 200m
-      memory: 512Mi
-    limits:
-      memory: 512Mi
-
-VALUES
-}
-
-module "karpenter" {
-  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "19.21.0"
-
-  cluster_name = var.eks_cluster_id
-
-  policies = {
-    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-  }
-
-  irsa_oidc_provider_arn          = var.eks_oidc_provider_arn
-  irsa_namespace_service_accounts = ["karpenter:karpenter"]
-
-  create_iam_role                            = false
-  enable_karpenter_instance_profile_creation = true
-  iam_role_arn                               = var.node_group_default_iam_role_arn
-}
-
-module "namespace" {
-  source = "../eks-kubernetes-namespace"
-  name   = var.k8s_namespace
-}
-
-resource "kubectl_manifest" "this" {
-  for_each = var.kubectl_manifests
-
-  yaml_body = each.value
-
-  depends_on = [helm_release.this]
-}
-
-resource "helm_release" "this" {
-  name                = local.karpenter.name
-  chart               = local.karpenter.chart
-  repository          = local.karpenter.repository
-  version             = local.karpenter.chart_version
-  namespace           = module.namespace.name
-  max_history         = 3
-  repository_username = data.aws_ecrpublic_authorization_token.token.user_name
-  repository_password = data.aws_ecrpublic_authorization_token.token.password
-
-  values = [
-    local.karpenter_values,
-    var.extra_helm_values
-  ]
-}
-
-data "aws_ecrpublic_authorization_token" "token" {}
diff --git a/terraform/modules/karpenter/variables.tf b/terraform/modules/karpenter/variables.tf
deleted file mode 100644
index 1ef22e8d..00000000
--- a/terraform/modules/karpenter/variables.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-variable "eks_cluster_id" {
-  default = ""
-}
-
-variable "eks_cluster_endpoint" {
-  default = ""
-}
-
-variable "eks_oidc_provider_arn" {
-  default = ""
-}
-
-variable "node_group_default_iam_role_arn" {
-  default = ""
-}
-
-variable "k8s_namespace" {
-  description = "k8s namespace name"
-  type        = string
-  default     = "karpenter"
-}
-
-variable "kubectl_manifests" {
-  description = "Extra kubernetes manifests to apply"
-  type        = map(string)
-  default     = {}
-}
-
-variable "extra_helm_values" {
-  description = "Extra helm values to merge with the default values"
-  type        = any
-  default     = ""
-}
diff --git a/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl b/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
index c7519dcf..197d7fbe 100644
--- a/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
+++ b/terragrunt/demo/us-east-1/aws-base/.terraform.lock.hcl
@@ -1,23 +1,6 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/gavinbunney/kubectl" {
-  version     = "1.14.0"
-  constraints = "1.14.0"
-  hashes = [
-    "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=",
-    "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
-    "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
-    "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
-    "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4",
-    "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5",
-    "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5",
-    "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf",
-    "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93",
-    "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "5.1.0"
   constraints = ">= 2.49.0, >= 3.0.0, >= 3.34.0, >= 3.35.0, >= 3.72.0, >= 4.0.0, >= 4.7.0, >= 4.35.0, >= 4.40.0, >= 4.47.0, 5.1.0"
@@ -61,26 +44,6 @@ provider "registry.terraform.io/hashicorp/cloudinit" {
   ]
 }
 
-provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.12.1"
-  constraints = "2.12.1"
-  hashes = [
-    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
-    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
-    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
-    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
-    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
-    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
-    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
-    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
-    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
-    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
-    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
-    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/kubernetes" {
   version     = "2.19.0"
   constraints = ">= 2.10.0, 2.19.0"
diff --git a/terragrunt/demo/us-east-1/eks-providers.tf b/terragrunt/demo/us-east-1/eks-providers.tf
deleted file mode 100644
index c7a9e708..00000000
--- a/terragrunt/demo/us-east-1/eks-providers.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-provider "kubectl" {
-  host                   = data.aws_eks_cluster.main.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
-  token                  = data.aws_eks_cluster_auth.main.token
-}
-
-provider "kubernetes" {
-  host                   = data.aws_eks_cluster.main.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
-  token                  = data.aws_eks_cluster_auth.main.token
-}
-
-provider "helm" {
-  kubernetes {
-    host                   = data.aws_eks_cluster.main.endpoint
-    cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority.0.data)
-    token                  = data.aws_eks_cluster_auth.main.token
-  }
-  experiments {
-    manifest = false
-  }
-}
-
-
-data "aws_eks_cluster" "main" {
-  name = var.eks_cluster_id
-}
-
-data "aws_eks_cluster_auth" "main" {
-  name = var.eks_cluster_id
-}
-
-provider "aws" {
-  region = "us-east-1"
-}
diff --git a/terragrunt/demo/us-east-1/k8s-addons/terragrunt.hcl b/terragrunt/demo/us-east-1/k8s-addons/terragrunt.hcl
index 5130156a..30c8afe5 100644
--- a/terragrunt/demo/us-east-1/k8s-addons/terragrunt.hcl
+++ b/terragrunt/demo/us-east-1/k8s-addons/terragrunt.hcl
@@ -24,21 +24,25 @@ dependency "aws-base" {
   mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
 
   mock_outputs = {
-    route53_zone_id       = "Z058363314IT7VAKRA777"
-    vpc_id                = "vpc-0f5b1b5f788888888"
-    vpc_cidr              = "10.0.0.0/16"
-    eks_cluster_id        = "maddevs-demo-use1"
-    eks_oidc_provider_arn = "arn:aws:iam::730808884724:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
-    ssl_certificate_arn   = "arn:aws:acm:us-east-1:730808884724:certificate/fa029132-86ab-7777-8888-8e1fd5c56c29"
+    route53_zone_id                  = "Z058363314IT7VAKRA777"
+    vpc_id                           = "vpc-0f5b1b5f788888888"
+    vpc_cidr                         = "10.0.0.0/16"
+    eks_cluster_id                   = "maddevs-demo-use1"
+    eks_oidc_provider_arn            = "arn:aws:iam::730808884724:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
+    ssl_certificate_arn              = "arn:aws:acm:us-east-1:730808884724:certificate/fa029132-86ab-7777-8888-8e1fd5c56c29"
+    node_group_default_iam_role_arn  = "arn:aws:iam::731118884724:role/maddevs-demo-use1-default-202312sdfdsfs52134060000000a"
+    node_group_default_iam_role_name = "test"
   }
 }
 
 inputs = {
-  zone_id               = dependency.aws-base.outputs.route53_zone_id
-  vpc_id                = dependency.aws-base.outputs.vpc_id
-  vpc_cidr              = dependency.aws-base.outputs.vpc_cidr
-  eks_cluster_id        = dependency.aws-base.outputs.eks_cluster_id
-  eks_oidc_provider_arn = dependency.aws-base.outputs.eks_oidc_provider_arn
-  ssl_certificate_arn   = dependency.aws-base.outputs.ssl_certificate_arn
-  helm_charts_path      = "${get_terragrunt_dir()}/../../../../helm-charts"
+  zone_id                          = dependency.aws-base.outputs.route53_zone_id
+  vpc_id                           = dependency.aws-base.outputs.vpc_id
+  vpc_cidr                         = dependency.aws-base.outputs.vpc_cidr
+  eks_cluster_id                   = dependency.aws-base.outputs.eks_cluster_id
+  eks_oidc_provider_arn            = dependency.aws-base.outputs.eks_oidc_provider_arn
+  ssl_certificate_arn              = dependency.aws-base.outputs.ssl_certificate_arn
+  node_group_default_iam_role_arn  = dependency.aws-base.outputs.node_group_default_iam_role_arn
+  node_group_default_iam_role_name = dependency.aws-base.outputs.node_group_default_iam_role_name
+  helm_charts_path                 = "${get_terragrunt_dir()}/../../../../helm-charts"
 }
diff --git a/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl b/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl
deleted file mode 100644
index 1c2f7da8..00000000
--- a/terragrunt/demo/us-east-1/karpenter/.terraform.lock.hcl
+++ /dev/null
@@ -1,82 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/gavinbunney/kubectl" {
-  version     = "1.14.0"
-  constraints = "1.14.0"
-  hashes = [
-    "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=",
-    "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858",
-    "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030",
-    "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5",
-    "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4",
-    "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5",
-    "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5",
-    "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf",
-    "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93",
-    "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/aws" {
-  version     = "5.1.0"
-  constraints = ">= 4.47.0, 5.1.0"
-  hashes = [
-    "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
-    "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
-    "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
-    "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
-    "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
-    "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
-    "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
-    "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
-    "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
-    "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
-    "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
-    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
-    "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
-    "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
-    "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/helm" {
-  version     = "2.12.1"
-  constraints = "2.12.1"
-  hashes = [
-    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
-    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
-    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
-    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
-    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
-    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
-    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
-    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
-    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
-    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
-    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
-    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
-  version     = "2.19.0"
-  constraints = "2.19.0"
-  hashes = [
-    "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
-    "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
-    "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
-    "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
-    "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
-    "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
-    "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
-    "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
-    "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
-    "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
-    "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
-    "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
-    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-  ]
-}
diff --git a/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl b/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl
deleted file mode 100644
index 953a2462..00000000
--- a/terragrunt/demo/us-east-1/karpenter/terragrunt.hcl
+++ /dev/null
@@ -1,167 +0,0 @@
-include "root" {
-  path           = find_in_parent_folders()
-  expose         = true
-  merge_strategy = "deep"
-}
-
-include "env" {
-  path           = find_in_parent_folders("env.hcl")
-  expose         = true
-  merge_strategy = "deep"
-}
-
-terraform {
-  source = "${get_terragrunt_dir()}/../../../../terraform//modules/karpenter"
-}
-
-dependencies {
-  paths = ["../aws-base"]
-}
-
-dependency "aws-base" {
-  config_path = "../aws-base"
-
-  mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
-
-  mock_outputs = {
-    eks_cluster_id                   = "maddevs-demo-use1"
-    eks_oidc_provider_arn            = "arn:aws:iam::731118884724:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
-    eks_cluster_endpoint             = "https://D55EEBDFE5510B81EEE2381B88888888.gr7.us-east-1.eks.amazonaws.com"
-    node_group_default_iam_role_arn  = "arn:aws:iam::731118884724:role/maddevs-demo-use1-default-202312210752134060000000a"
-    node_group_default_iam_role_name = "test"
-  }
-}
-
-inputs = {
-  eks_cluster_id                  = dependency.aws-base.outputs.eks_cluster_id
-  eks_oidc_provider_arn           = dependency.aws-base.outputs.eks_oidc_provider_arn
-  eks_cluster_endpoint            = dependency.aws-base.outputs.eks_cluster_endpoint
-  node_group_default_iam_role_arn = dependency.aws-base.outputs.node_group_default_iam_role_arn
-  kubectl_manifests = {
-    default_ec2class = <<EOF
-apiVersion: karpenter.k8s.aws/v1beta1
-kind: EC2NodeClass
-metadata:
-  name: default
-  namespace: karpenter
-spec:
-  amiFamily: AL2 # Amazon Linux 2
-  role: ${dependency.aws-base.outputs.node_group_default_iam_role_name} # replace with your cluster name NODE ROLE ID from the aws-base
-  subnetSelectorTerms:
-    - tags:
-        destination: "private" # replace with your cluster name
-        Name: "${dependency.aws-base.outputs.eks_cluster_id}-private"
-  securityGroupSelectorTerms:
-    - tags:
-        karpenter.sh/discovery: ${dependency.aws-base.outputs.eks_cluster_id} # replace with your cluster name
-  tags:
-    karpenter.sh/discovery: ${dependency.aws-base.outputs.eks_cluster_id}
-EOF
-
-    default_nodepool = <<EOF
-apiVersion: karpenter.sh/v1beta1
-kind: NodePool
-metadata:
-  name: default
-  namespace: karpenter
-spec:
-  # Template section that describes how to template out NodeClaim resources that Karpenter will provision
-  # Karpenter will consider this template to be the minimum requirements needed to provision a Node using this NodePool
-  # It will overlay this NodePool with Pods that need to schedule to further constrain the NodeClaims
-  # Karpenter will provision to launch new Nodes for the cluster
-  template:
-    metadata:
-      # Labels are arbitrary key-values that are applied to all nodes
-      labels:
-        type: default
-
-      # # Annotations are arbitrary key-values that are applied to all nodes
-      # annotations:
-      #   example.com/owner: "my-team"
-    spec:
-      # References the Cloud Provider's NodeClass resource, see your cloud provider specific documentation
-      nodeClassRef:
-        name: default
-
-      # Provisioned nodes will have these taints
-      # Taints may prevent pods from scheduling if they are not tolerated by the pod.
-      # taints:
-      #   - key: example.com/special-taint
-      #     effect: NoSchedule
-
-      # Provisioned nodes will have these taints, but pods do not need to tolerate these taints to be provisioned by this
-      # NodePool. These taints are expected to be temporary and some other entity (e.g. a DaemonSet) is responsible for
-      # removing the taint after it has finished initializing the node.
-      # startupTaints:
-      #   - key: example.com/another-taint
-      #     effect: NoSchedule
-
-      # Requirements that constrain the parameters of provisioned nodes.
-      # These requirements are combined with pod.spec.topologySpreadConstraints, pod.spec.affinity.nodeAffinity, pod.spec.affinity.podAffinity, and pod.spec.nodeSelector rules.
-      # Operators { In, NotIn, Exists, DoesNotExist, Gt, and Lt } are supported.
-      # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators
-      requirements:
-        - key: "karpenter.k8s.aws/instance-category"
-          operator: In
-          values: ["t", "m", "c"]
-        - key: "karpenter.k8s.aws/instance-cpu"
-          operator: In
-          values: ["2", "4", "8"]
-        - key: "karpenter.k8s.aws/instance-hypervisor"
-          operator: In
-          values: ["nitro"]
-        - key: "karpenter.k8s.aws/instance-generation"
-          operator: Gt
-          values: ["3"]
-        - key: "kubernetes.io/arch"
-          operator: In
-          values: ["amd64"]
-        - key: "karpenter.sh/capacity-type"
-          operator: In
-          values: ["spot", "on-demand"]
-
-      # Karpenter provides the ability to specify a few additional Kubelet args.
-      # These are all optional and provide support for additional customization and use cases.
-      kubelet:
-        systemReserved:
-          cpu: 100m
-          memory: 100Mi
-          ephemeral-storage: 1Gi
-        kubeReserved:
-          cpu: 200m
-          memory: 100Mi
-          ephemeral-storage: 3Gi
-        evictionMaxPodGracePeriod: 60
-        imageGCHighThresholdPercent: 85
-        imageGCLowThresholdPercent: 80
-        cpuCFSQuota: true
-
-  # Disruption section which describes the ways in which Karpenter can disrupt and replace Nodes
-  # Configuration in this section constrains how aggressive Karpenter can be with performing operations
-  # like rolling Nodes due to them hitting their maximum lifetime (expiry) or scaling down nodes to reduce cluster cost
-  disruption:
-    # Describes which types of Nodes Karpenter should consider for consolidation
-    # If using 'WhenUnderutilized', Karpenter will consider all nodes for consolidation and attempt to remove or replace Nodes when it discovers that the Node is underutilized and could be changed to reduce cost
-    # If using `WhenEmpty`, Karpenter will only consider nodes for consolidation that contain no workload pods
-    consolidationPolicy: WhenUnderutilized
-
-    # The amount of time a Node can live on the cluster before being removed
-    # Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes
-    # You can choose to disable expiration entirely by setting the string value 'Never' here
-    expireAfter: 720h
-
-  # Resource limits constrain the total size of the cluster.
-  # Limits prevent Karpenter from creating new instances once the limit is exceeded.
-  limits:
-    cpu: "1000"
-    memory: 1000Gi
-
-EOF
-  }
-}
-
-generate "provider-local" {
-  path      = "provider-local.tf"
-  if_exists = "overwrite"
-  contents  = file("../eks-providers.tf")
-}
diff --git a/terragrunt/terragrunt.hcl b/terragrunt/terragrunt.hcl
index 19c5c3d5..4c3ed764 100644
--- a/terragrunt/terragrunt.hcl
+++ b/terragrunt/terragrunt.hcl
@@ -24,30 +24,3 @@ remote_state {
     skip_credentials_validation = true
   }
 }
-
-generate "provider" {
-  path      = "provider_override.tf"
-  if_exists = "overwrite"
-  contents  = <<EOF
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "5.1.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.19.0"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = "2.12.1"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = "1.14.0"
-    }
-  }
-}
-EOF
-}
\ No newline at end of file