From 1b44530ddc1b667e962ecb76bab3fde270839ffe Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Tue, 14 Mar 2023 13:19:08 -0700
Subject: [PATCH 01/31] refactor: Update examples to use new addons module repo

---
 examples/agones-game-controller/main.tf       |  86 ++++++---
 examples/amp-amg-opensearch/main.tf           |   4 +-
 examples/appmesh-mtls/main.tf                 | 175 +++++++++++++++++-
 examples/argocd/main.tf                       |  16 +-
 .../modules/eks_cluster/main.tf               |   4 +-
 examples/external-secrets/main.tf             |   4 +-
 examples/fargate-serverless/main.tf           | 110 ++++++++++-
 examples/karpenter/main.tf                    |   4 +-
 examples/stateful/main.tf                     |   4 +-
 examples/tls-with-aws-pca-issuer/main.tf      |  29 ++-
 examples/wireguard-with-cilium/main.tf        |  46 +++--
 11 files changed, 410 insertions(+), 72 deletions(-)

diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 045a8f7199..168903432b 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -5,23 +5,35 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
-  }
-}
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
+  }
 }
 
 data "aws_availability_zones" "available" {}
 
+data "aws_security_group" "eks_worker_group" {
+  id = module.eks.cluster_security_group_id
+}
+
 locals {
   name   = basename(path.cwd)
   region = "us-west-2"
@@ -31,6 +43,8 @@ locals {
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
+  gameserver_minport = 7000
+  gameserver_maxport = 8000
   tags = {
     Blueprint  = local.name
     GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
@@ -78,7 +92,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
@@ -89,28 +105,35 @@ module "eks_blueprints_kubernetes_addons" {
   enable_metrics_server     = true
   enable_cluster_autoscaler = true
 
-  # NOTE: Agones requires a Node group in Public Subnets and enable Public IP
-  enable_agones = true
-  # Do not be fooled, this is required by the Agones addon
-  eks_worker_security_group_id = module.eks.cluster_security_group_id
-  agones_helm_config = {
-    name       = "agones"
-    chart      = "agones"
-    repository = "https://agones.dev/chart/stable"
-    version    = "1.21.0"
-    namespace  = "agones-system"
-
-    values = [templatefile("${path.module}/helm_values/agones-values.yaml", {
-      expose_udp            = true
-      gameserver_namespaces = "{${join(",", ["default", "xbox-gameservers", "xbox-gameservers"])}}"
-      gameserver_minport    = 7000
-      gameserver_maxport    = 8000
-    })]
-  }
-
   tags = local.tags
 }
 
+################################################################################
+# Agones Helm Chart
+################################################################################
+
+# NOTE: Agones requires a Node group in Public Subnets and enable Public IP
+resource "helm_release" "agones" {
+  name             = "agones"
+  chart            = "agones"
+  version          = "1.21.0"
+  repository       = "https://agones.dev/chart/stable"
+  description      = "Agones helm chart"
+  namespace        = "agones-system"
+  create_namespace = true
+
+  values = [templatefile("${path.module}/helm_values/agones-values.yaml", {
+    expose_udp            = true
+    gameserver_namespaces = "{${join(",", ["default", "xbox-gameservers", "xbox-gameservers"])}}"
+    gameserver_minport    = 7000
+    gameserver_maxport    = 8000
+  })]
+
+  depends_on = [
+    module.eks_blueprints_kubernetes_addons
+  ]
+}
+
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -148,3 +171,14 @@ module "vpc" {
 
   tags = local.tags
 }
+
+resource "aws_security_group_rule" "agones_sg_ingress_rule" {
+  description       = "Allow UDP ingress from internet"
+  type              = "ingress"
+  from_port         = local.gameserver_minport
+  to_port           = local.gameserver_maxport
+  protocol          = "udp"
+  cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-ingress-sgr
+  ipv6_cidr_blocks  = ["::/0"]      #tfsec:ignore:aws-vpc-no-public-ingress-sgr
+  security_group_id = data.aws_security_group.eks_worker_group.id
+}
diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf
index fc7a151d7f..12def1f3f9 100644
--- a/examples/amp-amg-opensearch/main.tf
+++ b/examples/amp-amg-opensearch/main.tf
@@ -83,7 +83,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 739fcc24d1..f35e3a8b54 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -30,6 +30,128 @@ data "aws_eks_cluster_auth" "this" {
 
 data "aws_availability_zones" "available" {}
 
+data "aws_partition" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid       = "AllowAppMesh"
+    effect    = "Allow"
+    resources = ["arn:${data.aws_partition.current.partition}:appmesh:${local.region}:${data.aws_caller_identity.current.account_id}:mesh/*"]
+
+    actions = [
+      "appmesh:ListVirtualRouters",
+      "appmesh:ListVirtualServices",
+      "appmesh:ListRoutes",
+      "appmesh:ListGatewayRoutes",
+      "appmesh:ListMeshes",
+      "appmesh:ListVirtualNodes",
+      "appmesh:ListVirtualGateways",
+      "appmesh:DescribeMesh",
+      "appmesh:DescribeVirtualRouter",
+      "appmesh:DescribeRoute",
+      "appmesh:DescribeVirtualNode",
+      "appmesh:DescribeVirtualGateway",
+      "appmesh:DescribeGatewayRoute",
+      "appmesh:DescribeVirtualService",
+      "appmesh:CreateMesh",
+      "appmesh:CreateVirtualRouter",
+      "appmesh:CreateVirtualGateway",
+      "appmesh:CreateVirtualService",
+      "appmesh:CreateGatewayRoute",
+      "appmesh:CreateRoute",
+      "appmesh:CreateVirtualNode",
+      "appmesh:UpdateMesh",
+      "appmesh:UpdateRoute",
+      "appmesh:UpdateVirtualGateway",
+      "appmesh:UpdateVirtualRouter",
+      "appmesh:UpdateGatewayRoute",
+      "appmesh:UpdateVirtualService",
+      "appmesh:UpdateVirtualNode",
+      "appmesh:DeleteMesh",
+      "appmesh:DeleteRoute",
+      "appmesh:DeleteVirtualRouter",
+      "appmesh:DeleteGatewayRoute",
+      "appmesh:DeleteVirtualService",
+      "appmesh:DeleteVirtualNode",
+      "appmesh:DeleteVirtualGateway"
+    ]
+  }
+
+  statement {
+    sid       = "CreateServiceLinkedRole"
+    effect    = "Allow"
+    resources = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/appmesh.${data.aws_partition.current.dns_suffix}/AWSServiceRoleForAppMesh"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["appmesh.${data.aws_partition.current.dns_suffix}"]
+    }
+  }
+
+  statement {
+    sid       = "AllowACMAccess"
+    effect    = "Allow"
+    resources = ["arn:${data.aws_partition.current.partition}:acm:${local.region}:${data.aws_caller_identity.current.account_id}:certificate/*"]
+    actions = [
+      "acm:ListCertificates",
+      "acm:DescribeCertificate",
+    ]
+  }
+
+  statement {
+    sid       = "AllowACMPCAAccess"
+    effect    = "Allow"
+    resources = ["arn:${data.aws_partition.current.partition}:acm-pca:${local.region}:${data.aws_caller_identity.current.account_id}:certificate-authority/*"]
+    actions = [
+      "acm-pca:DescribeCertificateAuthority",
+      "acm-pca:ListCertificateAuthorities"
+    ]
+  }
+
+  statement {
+    sid    = "AllowServiceDiscovery"
+    effect = "Allow"
+    resources = [
+      "arn:${data.aws_partition.current.partition}:servicediscovery:${local.region}:${data.aws_caller_identity.current.account_id}:namespace/*",
+      "arn:${data.aws_partition.current.partition}:servicediscovery:${local.region}:${data.aws_caller_identity.current.account_id}:service/*"
+    ]
+    actions = [
+      "servicediscovery:CreateService",
+      "servicediscovery:DeleteService",
+      "servicediscovery:GetService",
+      "servicediscovery:GetInstance",
+      "servicediscovery:RegisterInstance",
+      "servicediscovery:DeregisterInstance",
+      "servicediscovery:ListInstances",
+      "servicediscovery:ListNamespaces",
+      "servicediscovery:ListServices",
+      "servicediscovery:GetInstancesHealthStatus",
+      "servicediscovery:UpdateInstanceCustomHealthStatus",
+      "servicediscovery:GetOperation"
+    ]
+  }
+
+  statement {
+    sid    = "AllowRoute53"
+    effect = "Allow"
+    resources = [
+    "arn:${data.aws_partition.current.partition}:route53:::*"]
+    actions = [
+      "route53:ChangeResourceRecordSets",
+      "route53:GetHealthCheck",
+      "route53:CreateHealthCheck",
+      "route53:UpdateHealthCheck",
+      "route53:DeleteHealthCheck"
+    ]
+  }
+}
+
+
 locals {
   name   = basename(path.cwd)
   region = "us-west-2"
@@ -85,7 +207,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
@@ -93,13 +217,54 @@ module "eks_blueprints_kubernetes_addons" {
   eks_cluster_version  = module.eks.cluster_version
 
   aws_privateca_acmca_arn     = aws_acmpca_certificate_authority.this.arn
-  enable_appmesh_controller   = true
   enable_cert_manager         = true
   enable_aws_privateca_issuer = true
 
   tags = local.tags
 }
 
+################################################################################
+# AppMesh Addons
+################################################################################
+
+module "appmesh_addon" {
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addon"
+
+  chart            = "appmesh-controller"
+  chart_version    = "1.7.0"
+  repository       = "https://aws.github.io/eks-charts"
+  description      = "AWS App Mesh Helm Chart"
+  namespace        = "appmesh-system"
+  create_namespace = true
+
+  set = [
+    {
+      name  = "serviceAccount.name"
+      value = "appmesh-controller"
+    }
+  ]
+
+  set_irsa_name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+
+  # IAM role for service account (IRSA)
+  create_role = true
+  role_name   = "appmesh-controller"
+  role_policy_arns = {
+    appmesh = aws_iam_policy.this.arn
+  }
+
+  oidc_providers = {
+    this = {
+      provider_arn    = module.eks.oidc_provider_arn
+      service_account = "appmesh-controller"
+    }
+  }
+
+  tags = local.tags
+}
+
 #---------------------------------------------------------------
 # Certificate Resources
 #---------------------------------------------------------------
@@ -230,3 +395,9 @@ module "vpc" {
 
   tags = local.tags
 }
+
+resource "aws_iam_policy" "this" {
+  name        = "${module.eks.cluster_name}-appmesh"
+  description = "IAM Policy for App Mesh"
+  policy      = data.aws_iam_policy_document.this.json
+}
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 30d924a935..f78a8e7632 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -80,7 +80,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
@@ -98,15 +100,6 @@ module "eks_blueprints_kubernetes_addons" {
     ]
   }
 
-  keda_helm_config = {
-    values = [
-      {
-        name  = "serviceAccount.create"
-        value = "false"
-      }
-    ]
-  }
-
   argocd_manage_add_ons = true # Indicates that ArgoCD is responsible for managing/deploying add-ons
   argocd_applications = {
     addons = {
@@ -129,12 +122,9 @@ module "eks_blueprints_kubernetes_addons" {
   enable_cert_manager                   = true
   enable_cluster_autoscaler             = true
   enable_karpenter                      = true
-  enable_keda                           = true
   enable_metrics_server                 = true
   enable_prometheus                     = true
-  enable_traefik                        = true
   enable_vpa                            = true
-  enable_yunikorn                       = true
   enable_argo_rollouts                  = true
 
   tags = local.tags
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index cc183fa03d..d197aeeeb5 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -363,7 +363,9 @@ module "eks_blueprints" {
 #certificate_arn = aws_acm_certificate_validation.example.certificate_arn
 
 module "kubernetes_addons" {
-  source             = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.18.1/modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source             = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
   eks_cluster_id     = module.eks_blueprints.eks_cluster_id
   eks_cluster_domain = local.eks_cluster_domain
 
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index e0e8aa74a1..782e6d6e01 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -91,7 +91,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index 874d4be04a..b9a9d67de8 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -107,7 +107,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
@@ -117,9 +119,6 @@ module "eks_blueprints_kubernetes_addons" {
   # Wait on the `kube-system` profile before provisioning addons
   data_plane_wait_arn = join(",", [for prof in module.eks.fargate_profiles : prof.fargate_profile_arn])
 
-  # Sample application
-  enable_app_2048 = true
-
   # Enable Fargate logging
   enable_fargate_fluentbit = true
   fargate_fluentbit_addon_config = {
@@ -180,3 +179,106 @@ module "vpc" {
 
   tags = local.tags
 }
+
+################################################################################
+# Sample App
+################################################################################
+
+resource "kubernetes_namespace_v1" "this" {
+  metadata {
+    name = local.name
+  }
+}
+
+resource "kubernetes_deployment_v1" "this" {
+  metadata {
+    name      = local.name
+    namespace = kubernetes_namespace_v1.this.metadata[0].name
+  }
+
+  spec {
+    replicas = 3
+
+    selector {
+      match_labels = {
+        "app.kubernetes.io/name" = local.name
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          "app.kubernetes.io/name" = local.name
+        }
+      }
+
+      spec {
+        container {
+          image = "public.ecr.aws/l6m2t8p7/docker-2048:latest"
+          # image_pull_policy = "Always"
+          name = local.name
+
+          port {
+            container_port = 80
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service_v1" "this" {
+  metadata {
+    name      = local.name
+    namespace = kubernetes_namespace_v1.this.metadata[0].name
+  }
+
+  spec {
+    selector = {
+      "app.kubernetes.io/name" = local.name
+    }
+
+
+    port {
+      port        = 80
+      target_port = 80
+      protocol    = "TCP"
+    }
+
+    type = "NodePort"
+  }
+}
+
+resource "kubernetes_ingress_v1" "this" {
+  metadata {
+    name      = local.name
+    namespace = kubernetes_namespace_v1.this.metadata[0].name
+
+    annotations = {
+      "alb.ingress.kubernetes.io/scheme"      = "internet-facing"
+      "alb.ingress.kubernetes.io/target-type" = "ip"
+    }
+  }
+
+  spec {
+    ingress_class_name = "alb"
+
+    rule {
+      http {
+        path {
+          path      = "/"
+          path_type = "Prefix"
+
+          backend {
+            service {
+              name = local.name
+              port {
+                number = 80
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 2811a9868e..a533949e03 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -154,7 +154,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index b4b1491fea..45b01eeaa7 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -190,7 +190,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index 1a14f75b12..0c18390265 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -85,7 +85,9 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   eks_cluster_id       = module.eks.cluster_name
   eks_cluster_endpoint = module.eks.cluster_endpoint
@@ -93,14 +95,31 @@ module "eks_blueprints_kubernetes_addons" {
   eks_cluster_version  = module.eks.cluster_version
 
   # Add-ons
-  enable_cert_manager            = true
-  enable_cert_manager_csi_driver = true
-  enable_aws_privateca_issuer    = true
-  aws_privateca_acmca_arn        = aws_acmpca_certificate_authority.this.arn
+  enable_cert_manager         = true
+  enable_aws_privateca_issuer = true
+  aws_privateca_acmca_arn     = aws_acmpca_certificate_authority.this.arn
 
   tags = local.tags
 }
 
+################################################################################
+# Cert Manager CSI Helm Chart
+################################################################################
+
+resource "helm_release" "cert_manager_csi" {
+  name             = "cert-manager-csi-driver"
+  chart            = "cert-manager-csi-driver"
+  version          = "v0.4.2"
+  repository       = "https://charts.jetstack.io"
+  description      = "Cert Manager CSI Driver Add-on"
+  namespace        = "cert-manager"
+  create_namespace = false
+
+  depends_on = [
+    module.eks_blueprints_kubernetes_addons
+  ]
+}
+
 #-------------------------------
 # Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).
 # An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it.
diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf
index 73f752d589..dc1585c991 100644
--- a/examples/wireguard-with-cilium/main.tf
+++ b/examples/wireguard-with-cilium/main.tf
@@ -86,27 +86,39 @@ module "eks" {
 }
 
 ################################################################################
-# Kubernetes Addons
+# Cilium Helm Chart for e2e encryption with Wireguard
 ################################################################################
 
-module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
-
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
-
-  # Wait on the `kube-system` profile before provisioning addons
-  data_plane_wait_arn = join(",", [for group in module.eks.eks_managed_node_groups : group.node_group_arn])
-
-  # Add-ons
-  enable_cilium           = true
-  cilium_enable_wireguard = true
+resource "helm_release" "cilium" {
+  name             = "cilium"
+  chart            = "cilium"
+  version          = "1.12.3"
+  repository       = "https://helm.cilium.io/"
+  description      = "Cilium Add-on"
+  namespace        = "kube-system"
+  create_namespace = false
+
+  values = [
+    <<-EOT
+      cni:
+        chainingMode: aws-cni
+      enableIPv4Masquerade: false
+      tunnel: disabled
+      endpointRoutes:
+        enabled: true
+      l7Proxy: false
+      encryption:
+        enabled: true
+        type: wireguard
+    EOT
+  ]
 
-  tags = local.tags
+  depends_on = [
+    module.eks
+  ]
 }
 
+
 #---------------------------------------------------------------
 # Sample App for Testing
 #---------------------------------------------------------------
@@ -147,7 +159,7 @@ resource "kubectl_manifest" "server" {
   })
 
   depends_on = [
-    module.eks_blueprints_kubernetes_addons
+    helm_release.cilium
   ]
 }
 

From 41bc6dd59fe994cf42cebe2786d68ff2220618fe Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Tue, 14 Mar 2023 13:26:31 -0700
Subject: [PATCH 02/31] update providers to use aws cli

---
 examples/amp-amg-opensearch/main.tf        | 16 +++++++++++--
 examples/appmesh-mtls/main.tf              | 26 ++++++++++++++++++----
 examples/argocd/main.tf                    | 16 +++++++++++--
 examples/external-secrets/main.tf          | 26 ++++++++++++++++++----
 examples/fargate-serverless/main.tf        | 16 +++++++++++--
 examples/ipv4-prefix-delegation/main.tf    | 16 +++++++++++--
 examples/ipv6-eks-cluster/main.tf          | 16 +++++++++++--
 examples/karpenter/main.tf                 | 26 ++++++++++++++++++----
 examples/stateful/main.tf                  | 16 +++++++++++--
 examples/tls-with-aws-pca-issuer/main.tf   | 26 ++++++++++++++++++----
 examples/vpc-cni-custom-networking/main.tf | 26 ++++++++++++++++++----
 examples/wireguard-with-cilium/main.tf     | 26 ++++++++++++++++++----
 12 files changed, 216 insertions(+), 36 deletions(-)

diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf
index 12def1f3f9..b632f29bf2 100644
--- a/examples/amp-amg-opensearch/main.tf
+++ b/examples/amp-amg-opensearch/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index f35e3a8b54..47f5c6c335 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -5,23 +5,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index f78a8e7632..53cd90bd85 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 782e6d6e01..79cf90fc4c 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -5,23 +5,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index b9a9d67de8..cfe4871e5e 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf
index 418f394d4c..ce97dfe09e 100644
--- a/examples/ipv4-prefix-delegation/main.tf
+++ b/examples/ipv4-prefix-delegation/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/ipv6-eks-cluster/main.tf b/examples/ipv6-eks-cluster/main.tf
index 2c66c81ed9..5599cbedc2 100644
--- a/examples/ipv6-eks-cluster/main.tf
+++ b/examples/ipv6-eks-cluster/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index a533949e03..478198a7a7 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -11,23 +11,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 45b01eeaa7..4c58d1f7c7 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -5,14 +5,26 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index 0c18390265..b6c7ae7ad6 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -5,23 +5,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {
diff --git a/examples/vpc-cni-custom-networking/main.tf b/examples/vpc-cni-custom-networking/main.tf
index 43ac65b121..1220e87ad0 100644
--- a/examples/vpc-cni-custom-networking/main.tf
+++ b/examples/vpc-cni-custom-networking/main.tf
@@ -5,23 +5,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {
diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf
index dc1585c991..d84d1e35fc 100644
--- a/examples/wireguard-with-cilium/main.tf
+++ b/examples/wireguard-with-cilium/main.tf
@@ -5,23 +5,41 @@ provider "aws" {
 provider "kubernetes" {
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
     cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
   }
 }
 
 provider "kubectl" {
-  apply_retry_count      = 10
+  apply_retry_count      = 5
   host                   = module.eks.cluster_endpoint
   cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
   load_config_file       = false
-  token                  = data.aws_eks_cluster_auth.this.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
 }
 
 data "aws_eks_cluster_auth" "this" {

From f68e76fcb2379d2b4ec6ed8b01cbe993bdb6f18e Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Tue, 14 Mar 2023 15:14:37 -0700
Subject: [PATCH 03/31] new line

---
 examples/agones-game-controller/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 168903432b..5909706efc 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -45,6 +45,7 @@ locals {
 
   gameserver_minport = 7000
   gameserver_maxport = 8000
+
   tags = {
     Blueprint  = local.name
     GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"

From afd61b3a20b72d40b5dc46e6246e261773721143 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 15:54:15 -0700
Subject: [PATCH 04/31] updates for latest changes

---
 examples/agones-game-controller/main.tf       |  48 +++-
 examples/amp-amg-opensearch/main.tf           |  79 ++++--
 examples/appmesh-mtls/main.tf                 |  59 ++--
 examples/argocd/main.tf                       |  75 ++++--
 .../modules/eks_cluster/main.tf               |  85 +++---
 examples/external-secrets/main.tf             | 251 +++++++++++-------
 examples/fargate-serverless/main.tf           | 100 ++++---
 examples/fully-private-cluster/main.tf        |   4 +-
 examples/ipv4-prefix-delegation/main.tf       |   8 +-
 examples/ipv6-eks-cluster/main.tf             |   8 +-
 examples/karpenter/main.tf                    | 140 ++++++----
 examples/stateful/main.tf                     |  79 ++++--
 examples/tls-with-aws-pca-issuer/main.tf      |  52 ++--
 examples/vpc-cni-custom-networking/main.tf    |   6 +-
 examples/wireguard-with-cilium/main.tf        |   8 +-
 15 files changed, 644 insertions(+), 358 deletions(-)

diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 5909706efc..8a2fa48d5a 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -38,7 +38,7 @@ locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.24"
+  cluster_version = "1.25"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -59,19 +59,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -97,10 +90,20 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  #EKS Add-Ons
+  eks_addons = {
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
   # Add-ons
   enable_metrics_server     = true
@@ -183,3 +186,22 @@ resource "aws_security_group_rule" "agones_sg_ingress_rule" {
   ipv6_cidr_blocks  = ["::/0"]      #tfsec:ignore:aws-vpc-no-public-ingress-sgr
   security_group_id = data.aws_security_group.eks_worker_group.id
 }
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf
index b632f29bf2..b7bbdced37 100644
--- a/examples/amp-amg-opensearch/main.tf
+++ b/examples/amp-amg-opensearch/main.tf
@@ -27,23 +27,18 @@ provider "helm" {
     }
   }
 }
-
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
-data "aws_availability_zones" "available" {}
-
 provider "grafana" {
   url  = var.grafana_endpoint
   auth = var.grafana_api_key
 }
 
+data "aws_availability_zones" "available" {}
+
 locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.24"
+  cluster_version = "1.25"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -61,19 +56,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -99,10 +87,23 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  # EKS Add-ons
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
   # Add-ons
   enable_metrics_server     = true
@@ -125,7 +126,6 @@ module "eks_blueprints_kubernetes_addons" {
     })]
   }
 
-  enable_amazon_eks_aws_ebs_csi_driver = true
   enable_prometheus                    = true
   enable_amazon_prometheus             = true
   amazon_prometheus_workspace_endpoint = module.managed_prometheus.workspace_prometheus_endpoint
@@ -302,3 +302,40 @@ module "vpc" {
 
   tags = local.tags
 }
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
+
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 47f5c6c335..6fc0d943e7 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -42,10 +42,6 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 data "aws_partition" "current" {}
@@ -191,19 +187,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = "1.24"
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -229,10 +218,21 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  eks_addons = {
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
+
+
 
   aws_privateca_acmca_arn     = aws_acmpca_certificate_authority.this.arn
   enable_cert_manager         = true
@@ -248,7 +248,7 @@ module "eks_blueprints_kubernetes_addons" {
 module "appmesh_addon" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addon"
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons//modules/eks-blueprints-addon"
 
   chart            = "appmesh-controller"
   chart_version    = "1.7.0"
@@ -267,8 +267,8 @@ module "appmesh_addon" {
   set_irsa_name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
 
   # IAM role for service account (IRSA)
-  create_role = true
-  role_name   = "appmesh-controller"
+  create_role      = true
+  role_name_prefix = "${module.eks.cluster_name}-appmesh-controller-"
   role_policy_arns = {
     appmesh = aws_iam_policy.this.arn
   }
@@ -415,7 +415,26 @@ module "vpc" {
 }
 
 resource "aws_iam_policy" "this" {
-  name        = "${module.eks.cluster_name}-appmesh"
+  name_prefix = "${module.eks.cluster_name}-appmesh-"
   description = "IAM Policy for App Mesh"
   policy      = data.aws_iam_policy_document.this.json
 }
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_nam_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 53cd90bd85..7fd160a85a 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -30,17 +30,13 @@ provider "helm" {
 
 provider "bcrypt" {}
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.24"
+  cluster_version = "1.25"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -58,19 +54,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -96,10 +85,22 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
   enable_argocd = true
   # This example shows how to set default ArgoCD Admin Password using SecretsManager with Helm Chart set_sensitive values.
@@ -127,8 +128,7 @@ module "eks_blueprints_kubernetes_addons" {
   }
 
   # Add-ons
-  enable_amazon_eks_aws_ebs_csi_driver = true
-  enable_aws_for_fluentbit             = true
+  enable_aws_for_fluentbit = true
   # Let fluentbit create the cw log group
   aws_for_fluentbit_create_cw_log_group = false
   enable_cert_manager                   = true
@@ -206,3 +206,40 @@ module "vpc" {
 
   tags = local.tags
 }
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
+
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index d197aeeeb5..2d31b99a28 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -365,9 +365,13 @@ module "eks_blueprints" {
 module "kubernetes_addons" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source             = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
-  eks_cluster_id     = module.eks_blueprints.eks_cluster_id
-  eks_cluster_domain = local.eks_cluster_domain
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
 
   #---------------------------------------------------------------
   # ARGO CD ADD-ON
@@ -399,36 +403,17 @@ module "kubernetes_addons" {
   }
 
   #---------------------------------------------------------------
-  # EKS Managed AddOns
-  # https://aws-ia.github.io/terraform-aws-eks-blueprints/add-ons/
+  # EKS AddOns
   #---------------------------------------------------------------
-
-  enable_amazon_eks_coredns = true
-  amazon_eks_coredns_config = {
-    most_recent        = true
-    kubernetes_version = local.cluster_version
-    resolve_conflicts  = "OVERWRITE"
-  }
-
-  enable_amazon_eks_aws_ebs_csi_driver = true
-  amazon_eks_aws_ebs_csi_driver_config = {
-    most_recent        = true
-    kubernetes_version = local.cluster_version
-    resolve_conflicts  = "OVERWRITE"
-  }
-
-  enable_amazon_eks_kube_proxy = true
-  amazon_eks_kube_proxy_config = {
-    most_recent        = true
-    kubernetes_version = local.cluster_version
-    resolve_conflicts  = "OVERWRITE"
-  }
-
-  enable_amazon_eks_vpc_cni = true
-  amazon_eks_vpc_cni_config = {
-    most_recent        = true
-    kubernetes_version = local.cluster_version
-    resolve_conflicts  = "OVERWRITE"
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
   }
 
   #---------------------------------------------------------------
@@ -457,5 +442,41 @@ module "kubernetes_addons" {
   }
 
   enable_kubecost = true
+}
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
 
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
 }
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 79cf90fc4c..494bddc540 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -42,11 +42,8 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
+
 data "aws_caller_identity" "current" {}
 
 locals {
@@ -75,19 +72,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -113,11 +103,25 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  # EKS Add-ons
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
+  # Add-ons
   enable_external_secrets = true
 
   tags = local.tags
@@ -163,53 +167,11 @@ module "vpc" {
   tags = local.tags
 }
 
-#---------------------------------------------------------------
-# External Secrets Operator - Secret
-#---------------------------------------------------------------
-
 resource "aws_kms_key" "secrets" {
   enable_key_rotation = true
 }
 
-module "cluster_secretstore_role" {
-  source                      = "../../modules/irsa"
-  kubernetes_namespace        = local.namespace
-  create_kubernetes_namespace = false
-  kubernetes_service_account  = local.cluster_secretstore_sa
-  irsa_iam_policies           = [aws_iam_policy.cluster_secretstore.arn]
-  eks_cluster_id              = module.eks.cluster_name
-  eks_oidc_provider_arn       = module.eks.oidc_provider_arn
 
-  depends_on = [module.eks_blueprints_kubernetes_addons]
-}
-
-resource "aws_iam_policy" "cluster_secretstore" {
-  name_prefix = local.cluster_secretstore_sa
-  policy      = <<POLICY
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetResourcePolicy",
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:DescribeSecret",
-        "secretsmanager:ListSecretVersionIds"
-      ],
-      "Resource": "${aws_secretsmanager_secret.secret.arn}"
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "kms:Decrypt"
-      ],
-      "Resource": "${aws_kms_key.secrets.arn}"
-    }
-  ]
-}
-POLICY
-}
 
 resource "kubectl_manifest" "cluster_secretstore" {
   yaml_body  = <<YAML
@@ -267,42 +229,6 @@ YAML
 # External Secrets Operator - Parameter Store
 #---------------------------------------------------------------
 
-module "secretstore_role" {
-  source                      = "../../modules/irsa"
-  kubernetes_namespace        = local.namespace
-  create_kubernetes_namespace = false
-  kubernetes_service_account  = local.secretstore_sa
-  irsa_iam_policies           = [aws_iam_policy.secretstore.arn]
-  eks_cluster_id              = module.eks.cluster_name
-  eks_oidc_provider_arn       = module.eks.oidc_provider_arn
-  depends_on                  = [module.eks_blueprints_kubernetes_addons]
-}
-
-resource "aws_iam_policy" "secretstore" {
-  name_prefix = local.secretstore_sa
-  policy      = <<POLICY
-{
-	"Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ssm:GetParameter*"
-      ],
-      "Resource": "arn:aws:ssm:${local.region}:${data.aws_caller_identity.current.account_id}:parameter/${local.name}/*"
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "kms:Decrypt"
-      ],
-      "Resource": "${aws_kms_key.secrets.arn}"
-    }
-  ]
-}
-POLICY
-}
-
 resource "kubectl_manifest" "secretstore" {
   yaml_body  = <<YAML
 apiVersion: external-secrets.io/v1beta1
@@ -352,3 +278,138 @@ spec:
 YAML
   depends_on = [kubectl_manifest.secretstore]
 }
+
+#---------------------------------------------------------------
+# IRSA
+#---------------------------------------------------------------
+
+module "cluster_secretstore_role" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-secrets-manager-"
+
+  role_policy_arns = {
+    policy = aws_iam_policy.cluster_secretstore.arn
+  }
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["${local.namespace}:${local.cluster_secretstore_sa}"]
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "aws_iam_policy" "cluster_secretstore" {
+  name_prefix = local.cluster_secretstore_sa
+  policy      = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "secretsmanager:GetResourcePolicy",
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:ListSecretVersionIds"
+      ],
+      "Resource": "${aws_secretsmanager_secret.secret.arn}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:Decrypt"
+      ],
+      "Resource": "${aws_kms_key.secrets.arn}"
+    }
+  ]
+}
+POLICY
+}
+
+module "secretstore_role" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-parameter-store"
+
+  role_policy_arns = {
+    policy = aws_iam_policy.secretstore.arn
+  }
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["${local.namespace}:${local.cluster_secretstore_sa}"]
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "aws_iam_policy" "secretstore" {
+  name_prefix = local.secretstore_sa
+  policy      = <<POLICY
+{
+	"Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ssm:GetParameter*"
+      ],
+      "Resource": "arn:aws:ssm:${local.region}:${data.aws_caller_identity.current.account_id}:parameter/${local.name}/*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:Decrypt"
+      ],
+      "Resource": "${aws_kms_key.secrets.arn}"
+    }
+  ]
+}
+POLICY
+}
+
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
+
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index cfe4871e5e..38d73478c8 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -28,10 +28,6 @@ provider "helm" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -54,42 +50,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
-  cluster_addons = {
-    coredns = {
-      configuration_values = jsonencode({
-        computeType = "Fargate"
-        # Ensure that the we fully utilize the minimum amount of resources that are supplied by
-        # Fargate https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-configuration.html
-        # Fargate adds 256 MB to each pod's memory reservation for the required Kubernetes
-        # components (kubelet, kube-proxy, and containerd). Fargate rounds up to the following
-        # compute configuration that most closely matches the sum of vCPU and memory requests in
-        # order to ensure pods always have the resources that they need to run.
-        resources = {
-          limits = {
-            cpu = "0.25"
-            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
-            # request/limit to ensure we can fit within that task
-            memory = "256M"
-          }
-          requests = {
-            cpu = "0.25"
-            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
-            # request/limit to ensure we can fit within that task
-            memory = "256M"
-          }
-        }
-      })
-    }
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -123,13 +89,44 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
 
-  # Wait on the `kube-system` profile before provisioning addons
-  data_plane_wait_arn = join(",", [for prof in module.eks.fargate_profiles : prof.fargate_profile_arn])
+  # EKS Add-ons
+  eks_addons = {
+    coredns = {
+      configuration_values = jsonencode({
+        computeType = "Fargate"
+        # Ensure that the we fully utilize the minimum amount of resources that are supplied by
+        # Fargate https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-configuration.html
+        # Fargate adds 256 MB to each pod's memory reservation for the required Kubernetes
+        # components (kubelet, kube-proxy, and containerd). Fargate rounds up to the following
+        # compute configuration that most closely matches the sum of vCPU and memory requests in
+        # order to ensure pods always have the resources that they need to run.
+        resources = {
+          limits = {
+            cpu = "0.25"
+            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
+            # request/limit to ensure we can fit within that task
+            memory = "256M"
+          }
+          requests = {
+            cpu = "0.25"
+            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
+            # request/limit to ensure we can fit within that task
+            memory = "256M"
+          }
+        }
+      })
+    }
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
   # Enable Fargate logging
   enable_fargate_fluentbit = true
@@ -294,3 +291,22 @@ resource "kubernetes_ingress_v1" "this" {
     }
   }
 }
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/fully-private-cluster/main.tf b/examples/fully-private-cluster/main.tf
index 7ff034f7eb..e2fa9fe69e 100644
--- a/examples/fully-private-cluster/main.tf
+++ b/examples/fully-private-cluster/main.tf
@@ -24,10 +24,10 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name    = local.name
-  cluster_version = "1.24"
+  cluster_version = "1.25"
 
   # EKS Addons
   cluster_addons = {
diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf
index ce97dfe09e..d04be883bb 100644
--- a/examples/ipv4-prefix-delegation/main.tf
+++ b/examples/ipv4-prefix-delegation/main.tf
@@ -28,17 +28,13 @@ provider "helm" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.24"
+  cluster_version = "1.25"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -56,7 +52,7 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = local.cluster_version
diff --git a/examples/ipv6-eks-cluster/main.tf b/examples/ipv6-eks-cluster/main.tf
index 5599cbedc2..6ccad52788 100644
--- a/examples/ipv6-eks-cluster/main.tf
+++ b/examples/ipv6-eks-cluster/main.tf
@@ -28,10 +28,6 @@ provider "helm" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -54,10 +50,10 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
   # IPV6
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 478198a7a7..627425e033 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -48,10 +48,6 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_ecrpublic_authorization_token" "token" {
   provider = aws.virginia
 }
@@ -78,53 +74,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
-  cluster_addons = {
-    aws-ebs-csi-driver = {}
-    coredns = {
-      configuration_values = jsonencode({
-        computeType = "Fargate"
-        # Ensure that the we fully utilize the minimum amount of resources that are supplied by
-        # Fargate https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-configuration.html
-        # Fargate adds 256 MB to each pod's memory reservation for the required Kubernetes
-        # components (kubelet, kube-proxy, and containerd). Fargate rounds up to the following
-        # compute configuration that most closely matches the sum of vCPU and memory requests in
-        # order to ensure pods always have the resources that they need to run.
-        resources = {
-          limits = {
-            cpu = "0.25"
-            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
-            # request/limit to ensure we can fit within that task
-            memory = "256M"
-          }
-          requests = {
-            cpu = "0.25"
-            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
-            # request/limit to ensure we can fit within that task
-            memory = "256M"
-          }
-        }
-      })
-    }
-    kube-proxy = {}
-    vpc-cni = {
-      most_recent    = true
-      before_compute = true
-      configuration_values = jsonencode({
-        env = {
-          # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
-          ENABLE_PREFIX_DELEGATION = "true"
-          WARM_PREFIX_TARGET       = "1"
-        }
-      })
-    }
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -176,13 +131,55 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
 
-  # Wait on the `kube-system` profile before provisioning addons
-  data_plane_wait_arn = join(",", [for prof in module.eks.fargate_profiles : prof.fargate_profile_arn])
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {
+      configuration_values = jsonencode({
+        computeType = "Fargate"
+        # Ensure that the we fully utilize the minimum amount of resources that are supplied by
+        # Fargate https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-configuration.html
+        # Fargate adds 256 MB to each pod's memory reservation for the required Kubernetes
+        # components (kubelet, kube-proxy, and containerd). Fargate rounds up to the following
+        # compute configuration that most closely matches the sum of vCPU and memory requests in
+        # order to ensure pods always have the resources that they need to run.
+        resources = {
+          limits = {
+            cpu = "0.25"
+            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
+            # request/limit to ensure we can fit within that task
+            memory = "256M"
+          }
+          requests = {
+            cpu = "0.25"
+            # We are targetting the smallest Task size of 512Mb, so we subtract 256Mb from the
+            # request/limit to ensure we can fit within that task
+            memory = "256M"
+          }
+        }
+      })
+    }
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+      most_recent              = true
+      before_compute           = true
+      configuration_values = jsonencode({
+        env = {
+          # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
+          ENABLE_PREFIX_DELEGATION = "true"
+          WARM_PREFIX_TARGET       = "1"
+        }
+      })
+    }
+    kube-proxy = {}
+  }
 
   enable_karpenter = true
   karpenter_helm_config = {
@@ -347,3 +344,40 @@ module "vpc" {
 
   tags = local.tags
 }
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name = "ebs-csi-driver"
+
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name = "vpc-cni"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 4c58d1f7c7..473916402d 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -28,11 +28,8 @@ provider "helm" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_caller_identity" "current" {}
+
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -58,19 +55,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -206,19 +196,29 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
+
 
-  # Wait on the node group(s) before provisioning addons
-  data_plane_wait_arn = join(",", [for group in module.eks.eks_managed_node_groups : group.node_group_arn])
 
   enable_velero           = true
   velero_backup_s3_bucket = module.velero_backup_s3_bucket.s3_bucket_id
 
-  enable_amazon_eks_aws_ebs_csi_driver = true
-  enable_aws_efs_csi_driver            = true
+  enable_aws_efs_csi_driver = true
 
   tags = local.tags
 }
@@ -415,3 +415,40 @@ module "ebs_kms_key" {
 
   tags = local.tags
 }
+
+module "ebs_csi_driver_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name = "ebs-csi-driver"
+
+  attach_ebs_csi_policy = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+    }
+  }
+
+  tags = local.tags
+}
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name = "vpc-cni"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index b6c7ae7ad6..a88e1ead51 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -42,10 +42,6 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -69,19 +65,12 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
-  # EKS Addons
-  cluster_addons = {
-    coredns    = {}
-    kube-proxy = {}
-    vpc-cni    = {}
-  }
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -107,10 +96,20 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
+  cluster_name            = module.eks.cluster_name
+  cluster_endpoint        = module.eks.cluster_endpoint
+  cluster_version         = module.eks.cluster_version
+  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn       = module.eks.oidc_provider_arn
+
+  # EKS Add-on
+  eks_addons = {
+    coredns = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+    kube-proxy = {}
+  }
 
   # Add-ons
   enable_cert_manager         = true
@@ -283,3 +282,22 @@ module "vpc" {
 
   tags = local.tags
 }
+
+module "vpc_cni_irsa" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version = "~> 5.14"
+
+  role_name = "vpc-cni"
+
+  attach_vpc_cni_policy = true
+  vpc_cni_enable_ipv4   = true
+
+  oidc_providers = {
+    main = {
+      provider_arn               = module.eks.oidc_provider_arn
+      namespace_service_accounts = ["kube-system:aws-node"]
+    }
+  }
+
+  tags = local.tags
+}
diff --git a/examples/vpc-cni-custom-networking/main.tf b/examples/vpc-cni-custom-networking/main.tf
index 1220e87ad0..c577bf3497 100644
--- a/examples/vpc-cni-custom-networking/main.tf
+++ b/examples/vpc-cni-custom-networking/main.tf
@@ -42,10 +42,6 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -71,7 +67,7 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
   cluster_version                = local.cluster_version
diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf
index d84d1e35fc..3f7a12879a 100644
--- a/examples/wireguard-with-cilium/main.tf
+++ b/examples/wireguard-with-cilium/main.tf
@@ -42,10 +42,6 @@ provider "kubectl" {
   }
 }
 
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -69,10 +65,10 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.9"
+  version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.24"
+  cluster_version                = "1.25"
   cluster_endpoint_public_access = true
 
   # EKS Addons

From 2e2cabc43ded4e66bbe2a12c950eed47c57b98fa Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 16:00:05 -0700
Subject: [PATCH 05/31] add prefix for role_names

---
 examples/appmesh-mtls/main.tf            | 2 +-
 examples/karpenter/main.tf               | 4 ++--
 examples/stateful/main.tf                | 4 ++--
 examples/tls-with-aws-pca-issuer/main.tf | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 6fc0d943e7..12c71b93af 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -424,7 +424,7 @@ module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_nam_prefix = "${module.eks.cluster_name}-vpc-cni-"
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
 
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 627425e033..30e54f79b1 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -349,7 +349,7 @@ module "ebs_csi_driver_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_name = "ebs-csi-driver"
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
 
   attach_ebs_csi_policy = true
 
@@ -367,7 +367,7 @@ module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_name = "vpc-cni"
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
 
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 473916402d..a1a35b25ad 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -420,7 +420,7 @@ module "ebs_csi_driver_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_name = "ebs-csi-driver"
+  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
 
   attach_ebs_csi_policy = true
 
@@ -438,7 +438,7 @@ module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_name = "vpc-cni"
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
 
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index a88e1ead51..d0eb08f652 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -287,7 +287,7 @@ module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
 
-  role_name = "vpc-cni"
+  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
 
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true

From 54f5aa7c97c64e9d6649d9fbfc5e89d12de514b8 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 16:04:46 -0700
Subject: [PATCH 06/31] remove kubecost from example

---
 examples/blue-green-upgrade/modules/eks_cluster/main.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index 2d31b99a28..22253403ba 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -440,8 +440,6 @@ module "kubernetes_addons" {
     policy       = "sync"
     logLevel     = "debug"
   }
-
-  enable_kubecost = true
 }
 
 module "ebs_csi_driver_irsa" {

From 51cbca6d50032f1cf0a8ac37da7db0320cad5669 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 16:07:33 -0700
Subject: [PATCH 07/31] fix error

---
 examples/appmesh-mtls/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 12c71b93af..8d3f652ced 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -267,8 +267,8 @@ module "appmesh_addon" {
   set_irsa_name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
 
   # IAM role for service account (IRSA)
-  create_role      = true
-  role_name_prefix = "${module.eks.cluster_name}-appmesh-controller-"
+  create_role = true
+  role_name   = "${module.eks.cluster_name}-appmesh-controller-"
   role_policy_arns = {
     appmesh = aws_iam_policy.this.arn
   }

From ea410e00f1d2303abf7e233c0418d49cacd4c1e0 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 18:40:37 -0700
Subject: [PATCH 08/31] add prefix for role_names

---
 examples/blue-green-upgrade/eks-blue/main.tf  |   2 +-
 .../modules/eks_cluster/main.tf               | 112 +++++++++++-------
 2 files changed, 67 insertions(+), 47 deletions(-)

diff --git a/examples/blue-green-upgrade/eks-blue/main.tf b/examples/blue-green-upgrade/eks-blue/main.tf
index da54d5daf4..069900ab08 100644
--- a/examples/blue-green-upgrade/eks-blue/main.tf
+++ b/examples/blue-green-upgrade/eks-blue/main.tf
@@ -32,7 +32,7 @@ module "eks_cluster" {
   source = "../modules/eks_cluster"
 
   suffix_stack_name = "blue"
-  cluster_version   = "1.23"
+  cluster_version   = "1.25"
 
   argocd_route53_weight      = "100"
   route53_weight             = "100"
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index 22253403ba..40787a14c8 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -198,29 +198,18 @@ data "aws_secretsmanager_secret_version" "admin_password_version" {
   secret_id = data.aws_secretsmanager_secret.argocd.id
 }
 
-module "eks_blueprints" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.18.1"
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 19.10"
 
-  cluster_name = local.name
+  cluster_name                   = local.name
+  cluster_version                = "1.25"
+  cluster_endpoint_public_access = true
 
-  # EKS Cluster VPC and Subnet mandatory config
-  vpc_id             = data.aws_vpc.vpc.id
-  private_subnet_ids = data.aws_subnets.private.ids
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
 
-  # EKS CONTROL PLANE VARIABLES
-  cluster_version = local.cluster_version
-
-  # List of map_roles
-  map_roles = [
-    {
-      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.eks_admin_role_name}" # The ARN of the IAM role
-      username = "ops-role"                                                                                    # The user name within Kubernetes to map to the IAM role
-      groups   = ["system:masters"]                                                                            # A list of groups within Kubernetes to which the role is mapped; Checkout K8s Role and Rolebindings
-    }
-  ]
-
-  # EKS MANAGED NODE GROUPS
-  managed_node_groups = {
+  eks_managed_node_groups = {
     mg_5 = {
       node_group_name = local.node_group_name
       instance_types  = ["m5.xlarge"]
@@ -229,20 +218,49 @@ module "eks_blueprints" {
     }
   }
 
-  platform_teams = {
-    admin = {
-      users = [
-        data.aws_caller_identity.current.arn,
-        "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:user/${var.iam_platform_user}",
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.eks_admin_role_name}"
-      ]
+  manage_aws_auth_configmap = true
+  aws_auth_roles = [
+    {
+      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.eks_admin_role_name}" # The ARN of the IAM role
+      username = "ops-role"                                                                                    # The user name within Kubernetes to map to the IAM role
+      groups   = ["system:masters"]                                                                            # A list of groups within Kubernetes to which the role is mapped; Checkout K8s Role and Rolebindings
     }
-  }
+  ]
+
+  tags = local.tags
+}
+
+module "admin_team" {
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams"
+
+  name = "admin"
+
+  # Enables elevated, admin privileges for this team
+  enable_admin = true
+
+  users = [
+    data.aws_caller_identity.current.arn,
+    "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:user/${var.iam_platform_user}",
+    "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.eks_admin_role_name}"
+  ]
+
+  cluster_arn = module.eks.cluster_arn
+
+  tags = local.tags
+}
+
 
-  application_teams = {
+module "application_teams" {
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams"
 
+  name              = "application_teams"
+  users             = [data.aws_caller_identity.current.arn]
+  cluster_arn       = module.eks.cluster_arn
+  oidc_provider_arn = module.eks.oidc_provider_arn
+
+  namespaces = {
     team-burnham = {
-      "labels" = {
+      labels = {
         "elbv2.k8s.aws/pod-readiness-gate-inject" = "enabled",
         "appName"                                 = "burnham-team-app",
         "projectName"                             = "project-burnham",
@@ -252,7 +270,8 @@ module "eks_blueprints" {
         "billingCode"                             = "example",
         "branch"                                  = "example"
       }
-      "quota" = {
+
+      resource_quotas = {
         "requests.cpu"    = "10000m",
         "requests.memory" = "20Gi",
         "limits.cpu"      = "20000m",
@@ -261,13 +280,13 @@ module "eks_blueprints" {
         "secrets"         = "10",
         "services"        = "10"
       }
+
       ## Manifests Example: we can specify a directory with kubernetes manifests that can be automatically applied in the team-riker namespace.
       manifests_dir = "../kubernetes/team-burnham/"
-      users         = [data.aws_caller_identity.current.arn]
     }
 
     team-riker = {
-      "labels" = {
+      labels = {
         "elbv2.k8s.aws/pod-readiness-gate-inject" = "enabled",
         "appName"                                 = "riker-team-app",
         "projectName"                             = "project-riker",
@@ -277,7 +296,7 @@ module "eks_blueprints" {
         "billingCode"                             = "example",
         "branch"                                  = "example"
       }
-      "quota" = {
+      resource_quotas = {
         "requests.cpu"    = "10000m",
         "requests.memory" = "20Gi",
         "limits.cpu"      = "20000m",
@@ -286,21 +305,20 @@ module "eks_blueprints" {
         "secrets"         = "10",
         "services"        = "10"
       }
+
       ## Manifests Example: we can specify a directory with kubernetes manifests that can be automatically applied in the team-riker namespace.
       manifests_dir = "../kubernetes/team-riker/"
-      users         = [data.aws_caller_identity.current.arn]
     }
 
-
     ecsdemo-frontend = {
-      "labels" = {
+      labels = {
         "elbv2.k8s.aws/pod-readiness-gate-inject" = "enabled",
         "appName"                                 = "ecsdemo-frontend-app",
         "projectName"                             = "ecsdemo-frontend",
         "environment"                             = "dev",
       }
       #don't use quotas here cause ecsdemo app does not have request/limits
-      "quota" = {
+      resource_quotas = {
         "requests.cpu"    = "100",
         "requests.memory" = "20Gi",
         "limits.cpu"      = "200",
@@ -311,17 +329,18 @@ module "eks_blueprints" {
       }
       ## Manifests Example: we can specify a directory with kubernetes manifests that can be automatically applied in the team-riker namespace.
       manifests_dir = "../kubernetes/ecsdemo-frontend/"
-      users         = [data.aws_caller_identity.current.arn]
     }
+
     ecsdemo-nodejs = {
-      "labels" = {
+      labels = {
         "elbv2.k8s.aws/pod-readiness-gate-inject" = "enabled",
         "appName"                                 = "ecsdemo-nodejs-app",
         "projectName"                             = "ecsdemo-nodejs",
         "environment"                             = "dev",
       }
+
       #don't use quotas here cause ecsdemo app does not have request/limits
-      "quota" = {
+      resource_quotas = {
         "requests.cpu"    = "10000m",
         "requests.memory" = "20Gi",
         "limits.cpu"      = "20000m",
@@ -330,19 +349,20 @@ module "eks_blueprints" {
         "secrets"         = "10",
         "services"        = "10"
       }
+
       ## Manifests Example: we can specify a directory with kubernetes manifests that can be automatically applied in the team-riker namespace.
       manifests_dir = "../kubernetes/ecsdemo-nodejs"
-      users         = [data.aws_caller_identity.current.arn]
     }
     ecsdemo-crystal = {
-      "labels" = {
+      labels = {
         "elbv2.k8s.aws/pod-readiness-gate-inject" = "enabled",
         "appName"                                 = "ecsdemo-crystal-app",
         "projectName"                             = "ecsdemo-crystal",
         "environment"                             = "dev",
       }
+
       #don't use quotas here cause ecsdemo app does not have request/limits
-      "quota" = {
+      resource_quotas = {
         "requests.cpu"    = "10000m",
         "requests.memory" = "20Gi",
         "limits.cpu"      = "20000m",
@@ -351,9 +371,9 @@ module "eks_blueprints" {
         "secrets"         = "10",
         "services"        = "10"
       }
+
       ## Manifests Example: we can specify a directory with kubernetes manifests that can be automatically applied in the team-riker namespace.
       manifests_dir = "../kubernetes/ecsdemo-crystal"
-      users         = [data.aws_caller_identity.current.arn]
     }
   }
 
@@ -367,7 +387,7 @@ module "kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
+  cluster_name            = module.eks_blueprints.eks_cluster_id
   cluster_endpoint        = module.eks.cluster_endpoint
   cluster_version         = module.eks.cluster_version
   cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url

From 11434a3e85de1142ae419f4a387389b839d1298c Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Fri, 17 Mar 2023 18:45:40 -0700
Subject: [PATCH 09/31] fix precommit errors

---
 .../blue-green-upgrade/modules/eks_cluster/main.tf  | 13 +++++--------
 .../modules/eks_cluster/variables.tf                |  2 +-
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index 40787a14c8..b93ea3918e 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -170,13 +170,6 @@ data "aws_partition" "current" {}
 # Find the user currently in use by AWS
 data "aws_caller_identity" "current" {}
 
-data "aws_vpc" "vpc" {
-  filter {
-    name   = "tag:${var.vpc_tag_key}"
-    values = [local.tag_val_vpc]
-  }
-}
-
 data "aws_subnets" "private" {
   filter {
     name   = "tag:${var.vpc_tag_key}"
@@ -203,7 +196,7 @@ module "eks" {
   version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = var.cluster_version
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -231,6 +224,8 @@ module "eks" {
 }
 
 module "admin_team" {
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams"
 
   name = "admin"
@@ -251,6 +246,8 @@ module "admin_team" {
 
 
 module "application_teams" {
+  # Users should pin the version to the latest available release
+  # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-teams"
 
   name              = "application_teams"
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/variables.tf b/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
index fde9dcd037..0836f8559e 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
@@ -13,7 +13,7 @@ variable "suffix_stack_name" {
 variable "cluster_version" {
   description = "The Version of Kubernetes to deploy"
   type        = string
-  default     = "1.23"
+  default     = "1.25"
 }
 
 variable "hosted_zone_name" {

From 7cba485c9208271fe8a3046ac0748539caa41126 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Mon, 20 Mar 2023 10:39:59 -0700
Subject: [PATCH 10/31] updates to blue-green example

---
 examples/blue-green-upgrade/eks-blue/outputs.tf   |  5 -----
 examples/blue-green-upgrade/eks-blue/variables.tf |  2 +-
 .../modules/eks_cluster/main.tf                   | 15 +++++++++++----
 .../modules/eks_cluster/outputs.tf                | 11 +++--------
 4 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/examples/blue-green-upgrade/eks-blue/outputs.tf b/examples/blue-green-upgrade/eks-blue/outputs.tf
index 62df761b32..c0de1186c4 100644
--- a/examples/blue-green-upgrade/eks-blue/outputs.tf
+++ b/examples/blue-green-upgrade/eks-blue/outputs.tf
@@ -2,8 +2,3 @@ output "eks_cluster_id" {
   description = "The name of the EKS cluster."
   value       = module.eks_cluster.eks_cluster_id
 }
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = module.eks_cluster.configure_kubectl
-}
diff --git a/examples/blue-green-upgrade/eks-blue/variables.tf b/examples/blue-green-upgrade/eks-blue/variables.tf
index a36064016c..50bf788115 100644
--- a/examples/blue-green-upgrade/eks-blue/variables.tf
+++ b/examples/blue-green-upgrade/eks-blue/variables.tf
@@ -13,7 +13,7 @@ variable "core_stack_name" {
 variable "hosted_zone_name" {
   type        = string
   description = "Route53 domain for the cluster."
-  default     = ""
+  default     = "kuapoorv.people.aws.dev"
 }
 
 variable "eks_admin_role_name" {
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index b93ea3918e..4fb88bf85a 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -170,6 +170,13 @@ data "aws_partition" "current" {}
 # Find the user currently in use by AWS
 data "aws_caller_identity" "current" {}
 
+data "aws_vpc" "vpc" {
+  filter {
+    name   = "tag:${var.vpc_tag_key}"
+    values = [local.tag_val_vpc]
+  }
+}
+
 data "aws_subnets" "private" {
   filter {
     name   = "tag:${var.vpc_tag_key}"
@@ -196,11 +203,11 @@ module "eks" {
   version = "~> 19.10"
 
   cluster_name                   = local.name
-  cluster_version                = var.cluster_version
+  cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
-  vpc_id     = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnets
+  vpc_id     = data.aws_vpc.vpc.id
+  subnet_ids = data.aws_subnets.private.ids
 
   eks_managed_node_groups = {
     mg_5 = {
@@ -384,7 +391,7 @@ module "kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks_blueprints.eks_cluster_id
+  cluster_name            = module.eks.cluster_name
   cluster_endpoint        = module.eks.cluster_endpoint
   cluster_version         = module.eks.cluster_version
   cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/outputs.tf b/examples/blue-green-upgrade/modules/eks_cluster/outputs.tf
index 04291c8456..24c4a5a6c7 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/outputs.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/outputs.tf
@@ -1,19 +1,14 @@
 output "eks_cluster_id" {
   description = "The name of the EKS cluster."
-  value       = module.eks_blueprints.eks_cluster_id
-}
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = module.eks_blueprints.configure_kubectl
+  value       = module.eks.cluster_name
 }
 
 output "eks_cluster_endpoint" {
   description = "The endpoint of the EKS cluster."
-  value       = module.eks_blueprints.eks_cluster_endpoint
+  value       = module.eks.cluster_endpoint
 }
 
 output "eks_cluster_certificate_authority_data" {
   description = "eks_cluster_certificate_authority_data"
-  value       = module.eks_blueprints.eks_cluster_certificate_authority_data
+  value       = module.eks.cluster_certificate_authority_data
 }

From 706a1789b30195e75ce62896a552310c78dd402a Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Mon, 20 Mar 2023 11:06:01 -0700
Subject: [PATCH 11/31] remove route53 hosted zone

---
 examples/blue-green-upgrade/eks-blue/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/blue-green-upgrade/eks-blue/variables.tf b/examples/blue-green-upgrade/eks-blue/variables.tf
index 50bf788115..a36064016c 100644
--- a/examples/blue-green-upgrade/eks-blue/variables.tf
+++ b/examples/blue-green-upgrade/eks-blue/variables.tf
@@ -13,7 +13,7 @@ variable "core_stack_name" {
 variable "hosted_zone_name" {
   type        = string
   description = "Route53 domain for the cluster."
-  default     = "kuapoorv.people.aws.dev"
+  default     = ""
 }
 
 variable "eks_admin_role_name" {

From 27225f3905c8e47838905745a932219455fec0a5 Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Mon, 20 Mar 2023 12:01:56 -0700
Subject: [PATCH 12/31] fix pre-commit errors

---
 examples/blue-green-upgrade/eks-green/outputs.tf        | 5 -----
 examples/blue-green-upgrade/modules/eks_cluster/main.tf | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/examples/blue-green-upgrade/eks-green/outputs.tf b/examples/blue-green-upgrade/eks-green/outputs.tf
index 62df761b32..c0de1186c4 100644
--- a/examples/blue-green-upgrade/eks-green/outputs.tf
+++ b/examples/blue-green-upgrade/eks-green/outputs.tf
@@ -2,8 +2,3 @@ output "eks_cluster_id" {
   description = "The name of the EKS cluster."
   value       = module.eks_cluster.eks_cluster_id
 }
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = module.eks_cluster.configure_kubectl
-}
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index 4fb88bf85a..6ae24ffe02 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -198,6 +198,7 @@ data "aws_secretsmanager_secret_version" "admin_password_version" {
   secret_id = data.aws_secretsmanager_secret.argocd.id
 }
 
+#tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
   version = "~> 19.10"

From cb60dfc9ca0c68592b734198b338c0aee613957c Mon Sep 17 00:00:00 2001
From: Rodrigo Bersa <rodrigo.bersa@gmail.com>
Date: Wed, 22 Mar 2023 21:54:04 -0400
Subject: [PATCH 13/31] Fixing `oidc_provider` argunment on `examples`
 directory.

---
 examples/agones-game-controller/main.tf                | 10 +++++-----
 examples/amp-amg-opensearch/main.tf                    | 10 +++++-----
 examples/appmesh-mtls/main.tf                          | 10 +++++-----
 examples/argocd/main.tf                                | 10 +++++-----
 examples/blue-green-upgrade/README.md                  |  8 +++++---
 .../blue-green-upgrade/modules/eks_cluster/main.tf     |  4 ++--
 examples/external-secrets/main.tf                      | 10 +++++-----
 examples/fargate-serverless/main.tf                    | 10 +++++-----
 examples/karpenter/main.tf                             | 10 +++++-----
 examples/stateful/main.tf                              | 10 +++++-----
 examples/tls-with-aws-pca-issuer/main.tf               | 10 +++++-----
 11 files changed, 52 insertions(+), 50 deletions(-)

diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 8a2fa48d5a..aaf4eff368 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -90,11 +90,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   #EKS Add-Ons
   eks_addons = {
diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf
index b7bbdced37..8f7f330cac 100644
--- a/examples/amp-amg-opensearch/main.tf
+++ b/examples/amp-amg-opensearch/main.tf
@@ -87,11 +87,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   # EKS Add-ons
   eks_addons = {
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 8d3f652ced..2b3b034850 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -218,11 +218,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
     coredns = {}
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 7fd160a85a..0381220b06 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -85,11 +85,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
     aws-ebs-csi-driver = {
diff --git a/examples/blue-green-upgrade/README.md b/examples/blue-green-upgrade/README.md
index 3a46c62ae0..77761164fd 100644
--- a/examples/blue-green-upgrade/README.md
+++ b/examples/blue-green-upgrade/README.md
@@ -77,13 +77,15 @@ Our objective here is to show you how Application teams and Platform teams can c
 
 ```bash
 git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
-cd examples/upgrade/blue-green-route53
+cd examples/blue-green-upgrade/
 ```
 
-2. Copy the `terraform.tfvars.example` to `terraform.tfvars` and change region, hosted_zone_name, eks_admin_role_name according to your needs.
+2. Copy the `terraform.tfvars.example` to `terraform.tfvars` on each `core-infra`, `eks-blue` and `eks-green` folders, and change region, hosted_zone_name, eks_admin_role_name according to your needs.
 
 ```shell
-cp terraform.tfvars.example terraform.tfvars
+cp terraform.tfvars.example core-infra/terraform.tfvars
+cp terraform.tfvars.example eks-blue/terraform.tfvars
+cp terraform.tfvars.example eks-green/terraform.tfvars
 ```
 
 - You will need to provide the `hosted_zone_name` for example `my-example.com`. Terraform will create a new hosted zone for the project with name: `${core_stack_name}.${hosted_zone_name}` so in our example `eks-blueprint.my-example.com`.
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index 6ae24ffe02..f367f84c19 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -395,7 +395,7 @@ module "kubernetes_addons" {
   cluster_name            = module.eks.cluster_name
   cluster_endpoint        = module.eks.cluster_endpoint
   cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
+  oidc_provider = module.eks.cluster_oidc_issuer_url
   oidc_provider_arn       = module.eks.oidc_provider_arn
 
   #---------------------------------------------------------------
@@ -454,7 +454,7 @@ module "kubernetes_addons" {
   }
   enable_karpenter              = true
   enable_aws_for_fluentbit      = true
-  enable_aws_cloudwatch_metrics = true
+  #enable_aws_cloudwatch_metrics = true
 
   #to view the result : terraform state show 'module.kubernetes_addons.module.external_dns[0].module.helm_addon.helm_release.addon[0]'
   enable_external_dns = true
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 494bddc540..0dab27612a 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -103,11 +103,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   # EKS Add-ons
   eks_addons = {
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index 38d73478c8..7b03542341 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -89,11 +89,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   # EKS Add-ons
   eks_addons = {
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 30e54f79b1..28113110ac 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -131,11 +131,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
     aws-ebs-csi-driver = {
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index a1a35b25ad..d72c74299c 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -196,11 +196,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
     aws-ebs-csi-driver = {
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index d0eb08f652..5df80fe87f 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -96,11 +96,11 @@ module "eks_blueprints_kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   # EKS Add-on
   eks_addons = {

From cc733696370adee08eb0fd6604add4330fbc182b Mon Sep 17 00:00:00 2001
From: Apoorva Kulkarni <kuapoorv@amazon.com>
Date: Thu, 23 Mar 2023 05:55:39 -0700
Subject: [PATCH 14/31] fix pre-commit errors

---
 .../blue-green-upgrade/modules/eks_cluster/main.tf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index f367f84c19..08f7d33b52 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -392,11 +392,11 @@ module "kubernetes_addons" {
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
-  cluster_name            = module.eks.cluster_name
-  cluster_endpoint        = module.eks.cluster_endpoint
-  cluster_version         = module.eks.cluster_version
-  oidc_provider = module.eks.cluster_oidc_issuer_url
-  oidc_provider_arn       = module.eks.oidc_provider_arn
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider     = module.eks.cluster_oidc_issuer_url
+  oidc_provider_arn = module.eks.oidc_provider_arn
 
   #---------------------------------------------------------------
   # ARGO CD ADD-ON
@@ -452,8 +452,8 @@ module "kubernetes_addons" {
   aws_load_balancer_controller_helm_config = {
     service_account = "aws-lb-sa"
   }
-  enable_karpenter              = true
-  enable_aws_for_fluentbit      = true
+  enable_karpenter         = true
+  enable_aws_for_fluentbit = true
   #enable_aws_cloudwatch_metrics = true
 
   #to view the result : terraform state show 'module.kubernetes_addons.module.external_dns[0].module.helm_addon.helm_release.addon[0]'

From 07ec0d6e8e77614d6825dba6251ed8bb80bae2b3 Mon Sep 17 00:00:00 2001
From: Rodrigo Bersa <rodrigo.bersa@gmail.com>
Date: Fri, 24 Mar 2023 20:10:06 -0400
Subject: [PATCH 15/31] Adjusting `enable_efs_csi_driver` parameter on
 `examples/stateful`.

---
 examples/stateful/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index d72c74299c..6c77dcfdf9 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -194,7 +194,8 @@ module "eks" {
 module "eks_blueprints_kubernetes_addons" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  #source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons?ref=2023-03-24-addons-refinement"
+  source = "../../../../terraform-aws-eks-blueprints-addons"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
@@ -218,7 +219,7 @@ module "eks_blueprints_kubernetes_addons" {
   enable_velero           = true
   velero_backup_s3_bucket = module.velero_backup_s3_bucket.s3_bucket_id
 
-  enable_aws_efs_csi_driver = true
+  enable_efs_csi_driver = true
 
   tags = local.tags
 }

From c9d5bfbe042a47f2d09cd6512aaf7c8b3e6fadcb Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Wed, 3 May 2023 14:24:07 -0400
Subject: [PATCH 16/31] chore: Validate `karpenter` addon using the updated
 `karpenter` example (#1574)

---
 docs/add-ons/karpenter.md             |   54 -
 examples/do-not-use/README.md         |    5 +
 examples/do-not-use/docs/karpenter.md |   99 +
 examples/do-not-use/main.tf           | 3038 +++++++++++++++++++++++++
 examples/do-not-use/outputs.tf        |  141 ++
 examples/do-not-use/variables.tf      |  525 +++++
 examples/do-not-use/versions.tf       |   18 +
 examples/karpenter/README.md          |   64 +-
 examples/karpenter/main.tf            |   86 +-
 examples/karpenter/versions.tf        |    2 +-
 10 files changed, 3849 insertions(+), 183 deletions(-)
 delete mode 100644 docs/add-ons/karpenter.md
 create mode 100644 examples/do-not-use/README.md
 create mode 100644 examples/do-not-use/docs/karpenter.md
 create mode 100644 examples/do-not-use/main.tf
 create mode 100644 examples/do-not-use/outputs.tf
 create mode 100644 examples/do-not-use/variables.tf
 create mode 100644 examples/do-not-use/versions.tf

diff --git a/docs/add-ons/karpenter.md b/docs/add-ons/karpenter.md
deleted file mode 100644
index 4ec6777e1d..0000000000
--- a/docs/add-ons/karpenter.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Karpenter
-
-Karpenter is an open-source node provisioning project built for Kubernetes. Karpenter automatically launches just the right compute resources to handle your cluster's applications. It is designed to let you take full advantage of the cloud with fast and simple compute provisioning for Kubernetes clusters.
-
-For complete project documentation, please visit the [Karpenter documentation](https://karpenter.sh/docs/getting-started/).
-
-## Usage
-
-Karpenter can be deployed by enabling the add-on via the following. Check out the full [example](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/karpenter/locals.tf) to deploy the EKS Cluster with Karpenter.
-
-```hcl
-enable_karpenter = true
-```
-
-You can optionally customize the Helm chart that deploys `Karpenter` via the following configuration.
-
-```hcl
-  enable_karpenter = true
-  # Queue optional for native handling of instance termination events
-  karpenter_sqs_queue_arn = "arn:aws:sqs:us-west-2:444455556666:queue1"
-  # Optional to add name prefix for Karpenter's event bridge rules
-  karpenter_event_rule_name_prefix = "Karpenter"
-  # Optional  karpenter_helm_config
-  karpenter_helm_config = {
-    name                       = "karpenter"
-    chart                      = "karpenter"
-    repository                 = "https://charts.karpenter.sh"
-    version                    = "0.19.3"
-    namespace                  = "karpenter"
-    values = [templatefile("${path.module}/values.yaml", {
-         eks_cluster_id       = var.eks_cluster_id,
-         eks_cluster_endpoint = var.eks_cluster_endpoint,
-         service_account      = var.service_account,
-         operating_system     = "linux"
-    })]
-  }
-
-  karpenter_irsa_policies = [] # Optional to add additional policies to IRSA
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-Refer to [locals.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/karpenter/locals.tf) for latest config. GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
-
-```hcl
-  argocd_gitops_config = {
-    enable                    = true
-    serviceAccountName        = local.service_account
-    controllerClusterName     = var.eks_cluster_id
-    controllerClusterEndpoint = local.eks_cluster_endpoint
-    awsDefaultInstanceProfile = var.node_iam_instance_profile
-  }
-```
diff --git a/examples/do-not-use/README.md b/examples/do-not-use/README.md
new file mode 100644
index 0000000000..18d28c3ec3
--- /dev/null
+++ b/examples/do-not-use/README.md
@@ -0,0 +1,5 @@
+# DO NOT USE
+
+This is a local copy of https://github.com/aws-ia/terraform-aws-eks-blueprints-addons to speed up testing and validation of both the examples provided here and the addons defined in the addons repository.
+
+Once all addons and examples have been validated, we will sync the changes from here back up to https://github.com/aws-ia/terraform-aws-eks-blueprints-addons
diff --git a/examples/do-not-use/docs/karpenter.md b/examples/do-not-use/docs/karpenter.md
new file mode 100644
index 0000000000..61fb291bb1
--- /dev/null
+++ b/examples/do-not-use/docs/karpenter.md
@@ -0,0 +1,99 @@
+# Karpenter
+
+## Prerequisites
+
+If deploying a node template that uses `spot`, please ensure you have the Spot service linked role available in your account. You can run the following command to ensure this role is available:
+
+```sh
+aws iam create-service-linked-role --aws-service-name spot.amazonaws.com || true
+```
+
+## Validate
+
+The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
+
+1. Run `update-kubeconfig` command:
+
+```sh
+aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+```
+
+2. Test by listing all the pods running currently
+
+```sh
+kubectl get pods -n karpenter
+
+# Output should look similar to below
+NAME                         READY   STATUS    RESTARTS   AGE
+karpenter-6f97df4f77-5nqsk   1/1     Running   0          3m28s
+karpenter-6f97df4f77-n7fkf   1/1     Running   0          3m28s
+```
+
+3. View the current nodes - this example utilizes EKS Fargate for hosting the Karpenter controller so only Fargate nodes are present currently:
+
+```sh
+kubectl get nodes
+
+# Output should look similar to below
+NAME                                                STATUS   ROLES    AGE     VERSION
+fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   2m56s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   2m57s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   2m34s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   2m33s   v1.26.3-eks-f4dc2c0
+```
+
+4. Create a sample `pause` deployment to demonstrate scaling:
+
+```sh
+kubectl apply -f - <<EOF
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: inflate
+spec:
+    replicas: 0
+    selector:
+    matchLabels:
+        app: inflate
+    template:
+    metadata:
+        labels:
+        app: inflate
+    spec:
+        terminationGracePeriodSeconds: 0
+        containers:
+        - name: inflate
+            image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
+            resources:
+            requests:
+                cpu: 1
+EOF
+```
+
+5. Scale up the sample `pause` deployment to see Karpenter respond by provisioning nodes to support the workload:
+
+```sh
+kubectl scale deployment inflate --replicas 5
+# To view logs
+# kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller
+```
+
+6. Re-check the nodes, you will now see a new EC2 node provisioned to support the scaled workload:
+
+```sh
+kubectl get nodes
+
+# Output should look similar to below
+NAME                                                STATUS   ROLES    AGE     VERSION
+fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   5m15s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   5m16s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   4m53s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   4m52s   v1.26.3-eks-f4dc2c0
+ip-10-0-1-184.us-west-2.compute.internal            Ready    <none>   26s     v1.26.2-eks-a59e1f0 # <= new EC2 node launched
+```
+
+7. Remove the sample `pause` deployment:
+
+```sh
+kubectl delete deployment inflate
+```
diff --git a/examples/do-not-use/main.tf b/examples/do-not-use/main.tf
new file mode 100644
index 0000000000..2691af9f78
--- /dev/null
+++ b/examples/do-not-use/main.tf
@@ -0,0 +1,3038 @@
+data "aws_partition" "current" {}
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
+# This resource is used to provide a means of mapping an implicit dependency
+# between the cluster and the addons.
+resource "time_sleep" "this" {
+  create_duration = var.create_delay_duration
+
+  triggers = {
+    cluster_endpoint  = var.cluster_endpoint
+    cluster_name      = var.cluster_name
+    custom            = join(",", var.create_delay_dependencies)
+    oidc_provider_arn = var.oidc_provider_arn
+  }
+}
+
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+  dns_suffix = data.aws_partition.current.dns_suffix
+  partition  = data.aws_partition.current.partition
+  region     = data.aws_region.current.name
+
+  # Threads the sleep resource into the module to make the dependency
+  cluster_endpoint  = time_sleep.this.triggers["cluster_endpoint"]
+  cluster_name      = time_sleep.this.triggers["cluster_name"]
+  oidc_provider_arn = time_sleep.this.triggers["oidc_provider_arn"]
+
+  iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy"
+
+  # Used by Karpenter & AWS Node Termination Handler
+  ec2_events = {
+    health_event = {
+      name        = "HealthEvent"
+      description = "AWS health event"
+      event_pattern = {
+        source      = ["aws.health"]
+        detail-type = ["AWS Health Event"]
+      }
+    }
+    spot_interupt = {
+      name        = "SpotInterrupt"
+      description = "EC2 spot instance interruption warning"
+      event_pattern = {
+        source      = ["aws.ec2"]
+        detail-type = ["EC2 Spot Instance Interruption Warning"]
+      }
+    }
+    instance_rebalance = {
+      name        = "InstanceRebalance"
+      description = "EC2 instance rebalance recommendation"
+      event_pattern = {
+        source      = ["aws.ec2"]
+        detail-type = ["EC2 Instance Rebalance Recommendation"]
+      }
+    }
+    instance_state_change = {
+      name        = "InstanceStateChange"
+      description = "EC2 instance state-change notification"
+      event_pattern = {
+        source      = ["aws.ec2"]
+        detail-type = ["EC2 Instance State-change Notification"]
+      }
+    }
+  }
+}
+
+################################################################################
+# Argo Rollouts
+################################################################################
+
+module "argo_rollouts" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_argo_rollouts
+
+  # https://github.com/argoproj/argo-helm/tree/main/charts/argo-rollouts
+  name             = try(var.argo_rollouts.name, "argo-rollouts")
+  description      = try(var.argo_rollouts.description, "A Helm chart for Argo Rollouts")
+  namespace        = try(var.argo_rollouts.namespace, "argo-rollouts")
+  create_namespace = try(var.argo_rollouts.create_namespace, true)
+  chart            = "argo-rollouts"
+  chart_version    = try(var.argo_rollouts.chart_version, "2.22.3")
+  repository       = try(var.argo_rollouts.repository, "https://argoproj.github.io/argo-helm")
+  values           = try(var.argo_rollouts.values, [])
+
+  timeout                    = try(var.argo_rollouts.timeout, null)
+  repository_key_file        = try(var.argo_rollouts.repository_key_file, null)
+  repository_cert_file       = try(var.argo_rollouts.repository_cert_file, null)
+  repository_ca_file         = try(var.argo_rollouts.repository_ca_file, null)
+  repository_username        = try(var.argo_rollouts.repository_username, null)
+  repository_password        = try(var.argo_rollouts.repository_password, null)
+  devel                      = try(var.argo_rollouts.devel, null)
+  verify                     = try(var.argo_rollouts.verify, null)
+  keyring                    = try(var.argo_rollouts.keyring, null)
+  disable_webhooks           = try(var.argo_rollouts.disable_webhooks, null)
+  reuse_values               = try(var.argo_rollouts.reuse_values, null)
+  reset_values               = try(var.argo_rollouts.reset_values, null)
+  force_update               = try(var.argo_rollouts.force_update, null)
+  recreate_pods              = try(var.argo_rollouts.recreate_pods, null)
+  cleanup_on_fail            = try(var.argo_rollouts.cleanup_on_fail, null)
+  max_history                = try(var.argo_rollouts.max_history, null)
+  atomic                     = try(var.argo_rollouts.atomic, null)
+  skip_crds                  = try(var.argo_rollouts.skip_crds, null)
+  render_subchart_notes      = try(var.argo_rollouts.render_subchart_notes, null)
+  disable_openapi_validation = try(var.argo_rollouts.disable_openapi_validation, null)
+  wait                       = try(var.argo_rollouts.wait, null)
+  wait_for_jobs              = try(var.argo_rollouts.wait_for_jobs, null)
+  dependency_update          = try(var.argo_rollouts.dependency_update, null)
+  replace                    = try(var.argo_rollouts.replace, null)
+  lint                       = try(var.argo_rollouts.lint, null)
+
+  postrender    = try(var.argo_rollouts.postrender, [])
+  set           = try(var.argo_rollouts.set, [])
+  set_sensitive = try(var.argo_rollouts.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Argo Workflows
+################################################################################
+
+module "argo_workflows" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_argo_workflows
+
+  # https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
+  name             = try(var.argo_workflows.name, "argo-workflows")
+  description      = try(var.argo_workflows.description, "A Helm chart for Argo Workflows")
+  namespace        = try(var.argo_workflows.namespace, "argo-workflows")
+  create_namespace = try(var.argo_workflows.create_namespace, true)
+  chart            = "argo-workflows"
+  chart_version    = try(var.argo_workflows.chart_version, "2.22.13")
+  repository       = try(var.argo_workflows.repository, "https://argoproj.github.io/argo-helm")
+  values           = try(var.argo_workflows.values, [])
+
+  timeout                    = try(var.argo_workflows.timeout, null)
+  repository_key_file        = try(var.argo_workflows.repository_key_file, null)
+  repository_cert_file       = try(var.argo_workflows.repository_cert_file, null)
+  repository_ca_file         = try(var.argo_workflows.repository_ca_file, null)
+  repository_username        = try(var.argo_workflows.repository_username, null)
+  repository_password        = try(var.argo_workflows.repository_password, null)
+  devel                      = try(var.argo_workflows.devel, null)
+  verify                     = try(var.argo_workflows.verify, null)
+  keyring                    = try(var.argo_workflows.keyring, null)
+  disable_webhooks           = try(var.argo_workflows.disable_webhooks, null)
+  reuse_values               = try(var.argo_workflows.reuse_values, null)
+  reset_values               = try(var.argo_workflows.reset_values, null)
+  force_update               = try(var.argo_workflows.force_update, null)
+  recreate_pods              = try(var.argo_workflows.recreate_pods, null)
+  cleanup_on_fail            = try(var.argo_workflows.cleanup_on_fail, null)
+  max_history                = try(var.argo_workflows.max_history, null)
+  atomic                     = try(var.argo_workflows.atomic, null)
+  skip_crds                  = try(var.argo_workflows.skip_crds, null)
+  render_subchart_notes      = try(var.argo_workflows.render_subchart_notes, null)
+  disable_openapi_validation = try(var.argo_workflows.disable_openapi_validation, null)
+  wait                       = try(var.argo_workflows.wait, null)
+  wait_for_jobs              = try(var.argo_workflows.wait_for_jobs, null)
+  dependency_update          = try(var.argo_workflows.dependency_update, null)
+  replace                    = try(var.argo_workflows.replace, null)
+  lint                       = try(var.argo_workflows.lint, null)
+
+  postrender    = try(var.argo_workflows.postrender, [])
+  set           = try(var.argo_workflows.set, [])
+  set_sensitive = try(var.argo_workflows.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# ArgoCD
+################################################################################
+
+module "argocd" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_argocd
+
+  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
+  # (there is no offical helm chart for argocd)
+  name             = try(var.argocd.name, "argo-cd")
+  description      = try(var.argocd.description, "A Helm chart to install the ArgoCD")
+  namespace        = try(var.argocd.namespace, "argocd")
+  create_namespace = try(var.argocd.create_namespace, true)
+  chart            = "argo-cd"
+  chart_version    = try(var.argocd.chart_version, "5.29.1")
+  repository       = try(var.argocd.repository, "https://argoproj.github.io/argo-helm")
+  values           = try(var.argocd.values, [])
+
+  timeout                    = try(var.argocd.timeout, null)
+  repository_key_file        = try(var.argocd.repository_key_file, null)
+  repository_cert_file       = try(var.argocd.repository_cert_file, null)
+  repository_ca_file         = try(var.argocd.repository_ca_file, null)
+  repository_username        = try(var.argocd.repository_username, null)
+  repository_password        = try(var.argocd.repository_password, null)
+  devel                      = try(var.argocd.devel, null)
+  verify                     = try(var.argocd.verify, null)
+  keyring                    = try(var.argocd.keyring, null)
+  disable_webhooks           = try(var.argocd.disable_webhooks, null)
+  reuse_values               = try(var.argocd.reuse_values, null)
+  reset_values               = try(var.argocd.reset_values, null)
+  force_update               = try(var.argocd.force_update, null)
+  recreate_pods              = try(var.argocd.recreate_pods, null)
+  cleanup_on_fail            = try(var.argocd.cleanup_on_fail, null)
+  max_history                = try(var.argocd.max_history, null)
+  atomic                     = try(var.argocd.atomic, null)
+  skip_crds                  = try(var.argocd.skip_crds, null)
+  render_subchart_notes      = try(var.argocd.render_subchart_notes, null)
+  disable_openapi_validation = try(var.argocd.disable_openapi_validation, null)
+  wait                       = try(var.argocd.wait, null)
+  wait_for_jobs              = try(var.argocd.wait_for_jobs, null)
+  dependency_update          = try(var.argocd.dependency_update, null)
+  replace                    = try(var.argocd.replace, null)
+  lint                       = try(var.argocd.lint, null)
+
+  postrender    = try(var.argocd.postrender, [])
+  set           = try(var.argocd.set, [])
+  set_sensitive = try(var.argocd.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS Cloudwatch Metrics
+################################################################################
+
+locals {
+  aws_cloudwatch_metrics_service_account = try(var.aws_cloudwatch_metrics.service_account_name, "aws-cloudwatch-metrics")
+}
+
+module "aws_cloudwatch_metrics" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_cloudwatch_metrics
+
+  # https://github.com/aws/eks-charts/tree/master/stable/aws-cloudwatch-metrics
+  name             = try(var.aws_cloudwatch_metrics.name, "aws-cloudwatch-metrics")
+  description      = try(var.aws_cloudwatch_metrics.description, "A Helm chart to deploy aws-cloudwatch-metrics project")
+  namespace        = try(var.aws_cloudwatch_metrics.namespace, "amazon-cloudwatch")
+  create_namespace = try(var.aws_cloudwatch_metrics.create_namespace, true)
+  chart            = "aws-cloudwatch-metrics"
+  chart_version    = try(var.aws_cloudwatch_metrics.chart_version, "0.0.8")
+  repository       = try(var.aws_cloudwatch_metrics.repository, "https://aws.github.io/eks-charts")
+  values           = try(var.aws_cloudwatch_metrics.values, [])
+
+  timeout                    = try(var.aws_cloudwatch_metrics.timeout, null)
+  repository_key_file        = try(var.aws_cloudwatch_metrics.repository_key_file, null)
+  repository_cert_file       = try(var.aws_cloudwatch_metrics.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_cloudwatch_metrics.repository_ca_file, null)
+  repository_username        = try(var.aws_cloudwatch_metrics.repository_username, null)
+  repository_password        = try(var.aws_cloudwatch_metrics.repository_password, null)
+  devel                      = try(var.aws_cloudwatch_metrics.devel, null)
+  verify                     = try(var.aws_cloudwatch_metrics.verify, null)
+  keyring                    = try(var.aws_cloudwatch_metrics.keyring, null)
+  disable_webhooks           = try(var.aws_cloudwatch_metrics.disable_webhooks, null)
+  reuse_values               = try(var.aws_cloudwatch_metrics.reuse_values, null)
+  reset_values               = try(var.aws_cloudwatch_metrics.reset_values, null)
+  force_update               = try(var.aws_cloudwatch_metrics.force_update, null)
+  recreate_pods              = try(var.aws_cloudwatch_metrics.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_cloudwatch_metrics.cleanup_on_fail, null)
+  max_history                = try(var.aws_cloudwatch_metrics.max_history, null)
+  atomic                     = try(var.aws_cloudwatch_metrics.atomic, null)
+  skip_crds                  = try(var.aws_cloudwatch_metrics.skip_crds, null)
+  render_subchart_notes      = try(var.aws_cloudwatch_metrics.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_cloudwatch_metrics.disable_openapi_validation, null)
+  wait                       = try(var.aws_cloudwatch_metrics.wait, null)
+  wait_for_jobs              = try(var.aws_cloudwatch_metrics.wait_for_jobs, null)
+  dependency_update          = try(var.aws_cloudwatch_metrics.dependency_update, null)
+  replace                    = try(var.aws_cloudwatch_metrics.replace, null)
+  lint                       = try(var.aws_cloudwatch_metrics.lint, null)
+
+  postrender = try(var.aws_cloudwatch_metrics.postrender, [])
+  set = concat(
+    [
+      {
+        name  = "clusterName"
+        value = local.cluster_name
+      },
+      {
+        name  = "serviceAccount.name"
+        value = local.aws_cloudwatch_metrics_service_account
+      }
+    ],
+    try(var.aws_cloudwatch_metrics.set, [])
+  )
+  set_sensitive = try(var.aws_cloudwatch_metrics.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.aws_cloudwatch_metrics.create_role, true)
+  role_name                     = try(var.aws_cloudwatch_metrics.role_name, "aws-cloudwatch-metrics")
+  role_name_use_prefix          = try(var.aws_cloudwatch_metrics.role_name_use_prefix, true)
+  role_path                     = try(var.aws_cloudwatch_metrics.role_path, "/")
+  role_permissions_boundary_arn = try(var.aws_cloudwatch_metrics.role_permissions_boundary_arn, null)
+  role_description              = try(var.aws_cloudwatch_metrics.role_description, "IRSA for aws-cloudwatch-metrics project")
+  role_policies = lookup(var.aws_cloudwatch_metrics, "role_policies",
+    { CloudWatchAgentServerPolicy = "arn:${local.partition}:iam::aws:policy/CloudWatchAgentServerPolicy" }
+  )
+  create_policy = try(var.aws_cloudwatch_metrics.create_policy, false)
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_cloudwatch_metrics_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS EFS CSI DRIVER
+################################################################################
+
+locals {
+  aws_efs_csi_driver_controller_service_account = try(var.aws_efs_csi_driver.controller_service_account_name, "efs-csi-controller-sa")
+  aws_efs_csi_driver_node_service_account       = try(var.aws_efs_csi_driver.node_service_account_name, "efs-csi-node-sa")
+  efs_arns = lookup(var.aws_efs_csi_driver, "efs_arns",
+    ["arn:${local.partition}:elasticfilesystem:${local.region}:${local.account_id}:file-system/*"],
+  )
+  efs_access_point_arns = lookup(var.aws_efs_csi_driver, "efs_access_point_arns",
+    ["arn:${local.partition}:elasticfilesystem:${local.region}:${local.account_id}:access-point/*"]
+  )
+}
+
+data "aws_iam_policy_document" "aws_efs_csi_driver" {
+  count = var.enable_aws_efs_csi_driver ? 1 : 0
+
+  statement {
+    sid       = "AllowDescribeAvailabilityZones"
+    actions   = ["ec2:DescribeAvailabilityZones"]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AllowDescribeFileSystems"
+    actions = [
+      "elasticfilesystem:DescribeAccessPoints",
+      "elasticfilesystem:DescribeFileSystems",
+      "elasticfilesystem:DescribeMountTargets"
+    ]
+    resources = flatten([
+      local.efs_arns,
+      local.efs_access_point_arns,
+    ])
+  }
+
+  statement {
+    sid       = "AllowCreateAccessPoint"
+    actions   = ["elasticfilesystem:CreateAccessPoint"]
+    resources = local.efs_arns
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:RequestTag/efs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    sid       = "AllowDeleteAccessPoint"
+    actions   = ["elasticfilesystem:DeleteAccessPoint"]
+    resources = local.efs_access_point_arns
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:ResourceTag/efs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    sid = "ClientReadWrite"
+    actions = [
+      "elasticfilesystem:ClientRootAccess",
+      "elasticfilesystem:ClientWrite",
+      "elasticfilesystem:ClientMount",
+    ]
+    resources = local.efs_arns
+
+    condition {
+      test     = "Bool"
+      variable = "elasticfilesystem:AccessedViaMountTarget"
+      values   = ["true"]
+    }
+  }
+}
+
+module "aws_efs_csi_driver" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_efs_csi_driver
+
+  # https://github.com/kubernetes-sigs/aws-efs-csi-driver/tree/master/charts/aws-efs-csi-driver
+  name             = try(var.aws_efs_csi_driver.name, "aws-efs-csi-driver")
+  description      = try(var.aws_efs_csi_driver.description, "A Helm chart to deploy aws-efs-csi-driver")
+  namespace        = try(var.aws_efs_csi_driver.namespace, "kube-system")
+  create_namespace = try(var.aws_efs_csi_driver.create_namespace, false)
+  chart            = "aws-efs-csi-driver"
+  chart_version    = try(var.aws_efs_csi_driver.chart_version, "2.4.1")
+  repository       = try(var.aws_efs_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-efs-csi-driver/")
+  values           = try(var.aws_efs_csi_driver.values, [])
+
+  timeout                    = try(var.aws_efs_csi_driver.timeout, null)
+  repository_key_file        = try(var.aws_efs_csi_driver.repository_key_file, null)
+  repository_cert_file       = try(var.aws_efs_csi_driver.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_efs_csi_driver.repository_ca_file, null)
+  repository_username        = try(var.aws_efs_csi_driver.repository_username, null)
+  repository_password        = try(var.aws_efs_csi_driver.repository_password, null)
+  devel                      = try(var.aws_efs_csi_driver.devel, null)
+  verify                     = try(var.aws_efs_csi_driver.verify, null)
+  keyring                    = try(var.aws_efs_csi_driver.keyring, null)
+  disable_webhooks           = try(var.aws_efs_csi_driver.disable_webhooks, null)
+  reuse_values               = try(var.aws_efs_csi_driver.reuse_values, null)
+  reset_values               = try(var.aws_efs_csi_driver.reset_values, null)
+  force_update               = try(var.aws_efs_csi_driver.force_update, null)
+  recreate_pods              = try(var.aws_efs_csi_driver.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_efs_csi_driver.cleanup_on_fail, null)
+  max_history                = try(var.aws_efs_csi_driver.max_history, null)
+  atomic                     = try(var.aws_efs_csi_driver.atomic, null)
+  skip_crds                  = try(var.aws_efs_csi_driver.skip_crds, null)
+  render_subchart_notes      = try(var.aws_efs_csi_driver.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_efs_csi_driver.disable_openapi_validation, null)
+  wait                       = try(var.aws_efs_csi_driver.wait, null)
+  wait_for_jobs              = try(var.aws_efs_csi_driver.wait_for_jobs, null)
+  dependency_update          = try(var.aws_efs_csi_driver.dependency_update, null)
+  replace                    = try(var.aws_efs_csi_driver.replace, null)
+  lint                       = try(var.aws_efs_csi_driver.lint, null)
+
+  postrender = try(var.aws_efs_csi_driver.postrender, [])
+  set = concat([
+    {
+      name  = "controller.serviceAccount.name"
+      value = local.aws_efs_csi_driver_controller_service_account
+    },
+    {
+      name  = "node.serviceAccount.name"
+      value = local.aws_efs_csi_driver_node_service_account
+    }],
+    try(var.aws_efs_csi_driver.set, [])
+  )
+  set_sensitive = try(var.aws_efs_csi_driver.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names = [
+    "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
+    "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+  ]
+  create_role                   = try(var.aws_efs_csi_driver.create_role, true)
+  role_name                     = try(var.aws_efs_csi_driver.role_name, "aws-efs-csi-driver")
+  role_name_use_prefix          = try(var.aws_efs_csi_driver.role_name_use_prefix, true)
+  role_path                     = try(var.aws_efs_csi_driver.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_efs_csi_driver, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_efs_csi_driver.role_description, "IRSA for aws-efs-csi-driver project")
+  role_policies                 = lookup(var.aws_efs_csi_driver, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_efs_csi_driver[*].json,
+    lookup(var.aws_efs_csi_driver, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_efs_csi_driver, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_efs_csi_driver, "policy_statements", [])
+  policy_name               = try(var.aws_efs_csi_driver.policy_name, null)
+  policy_name_use_prefix    = try(var.aws_efs_csi_driver.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_efs_csi_driver.policy_path, null)
+  policy_description        = try(var.aws_efs_csi_driver.policy_description, "IAM Policy for AWS EFS CSI Driver")
+
+  oidc_providers = {
+    controller = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_efs_csi_driver_controller_service_account
+    }
+    node = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_efs_csi_driver_node_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS for Fluent-bit
+################################################################################
+
+locals {
+  aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
+}
+
+resource "aws_cloudwatch_log_group" "aws_for_fluentbit" {
+  count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
+
+  name              = try(var.aws_for_fluentbit_cw_log_group.name, null)
+  name_prefix       = try(var.aws_for_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/aws-fluentbit-logs")
+  retention_in_days = try(var.aws_for_fluentbit_cw_log_group.retention, 90)
+  kms_key_id        = try(var.aws_for_fluentbit_cw_log_group.kms_key_arn, null)
+  skip_destroy      = try(var.aws_for_fluentbit_cw_log_group.skip_destroy, false)
+  tags              = merge(var.tags, try(var.aws_for_fluentbit_cw_log_group.tags, {}))
+}
+
+data "aws_iam_policy_document" "aws_for_fluentbit" {
+  count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
+
+  statement {
+    sid    = "PutLogEvents"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*",
+    ]
+
+    actions = [
+      "logs:PutLogEvents"
+    ]
+  }
+
+  statement {
+    sid    = "CreateCWLogs"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}",
+    ]
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:DescribeLogGroups",
+      "logs:DescribeLogStreams",
+      "logs:PutRetentionPolicy",
+    ]
+  }
+}
+
+module "aws_for_fluentbit" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_for_fluentbit
+
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
+  name             = try(var.aws_for_fluentbit.name, "aws-for-fluent-bit")
+  description      = try(var.aws_for_fluentbit.description, "A Helm chart to install the Fluent-bit Driver")
+  namespace        = try(var.aws_for_fluentbit.namespace, "kube-system")
+  create_namespace = try(var.aws_for_fluentbit.create_namespace, false)
+  chart            = "aws-for-fluent-bit"
+  chart_version    = try(var.aws_for_fluentbit.chart_version, "0.1.24")
+  repository       = try(var.aws_for_fluentbit.repository, "https://aws.github.io/eks-charts")
+  values           = try(var.aws_for_fluentbit.values, [])
+
+  timeout                    = try(var.aws_for_fluentbit.timeout, null)
+  repository_key_file        = try(var.aws_for_fluentbit.repository_key_file, null)
+  repository_cert_file       = try(var.aws_for_fluentbit.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_for_fluentbit.repository_ca_file, null)
+  repository_username        = try(var.aws_for_fluentbit.repository_username, null)
+  repository_password        = try(var.aws_for_fluentbit.repository_password, null)
+  devel                      = try(var.aws_for_fluentbit.devel, null)
+  verify                     = try(var.aws_for_fluentbit.verify, null)
+  keyring                    = try(var.aws_for_fluentbit.keyring, null)
+  disable_webhooks           = try(var.aws_for_fluentbit.disable_webhooks, null)
+  reuse_values               = try(var.aws_for_fluentbit.reuse_values, null)
+  reset_values               = try(var.aws_for_fluentbit.reset_values, null)
+  force_update               = try(var.aws_for_fluentbit.force_update, null)
+  recreate_pods              = try(var.aws_for_fluentbit.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_for_fluentbit.cleanup_on_fail, null)
+  max_history                = try(var.aws_for_fluentbit.max_history, null)
+  atomic                     = try(var.aws_for_fluentbit.atomic, null)
+  skip_crds                  = try(var.aws_for_fluentbit.skip_crds, null)
+  render_subchart_notes      = try(var.aws_for_fluentbit.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_for_fluentbit.disable_openapi_validation, null)
+  wait                       = try(var.aws_for_fluentbit.wait, null)
+  wait_for_jobs              = try(var.aws_for_fluentbit.wait_for_jobs, null)
+  dependency_update          = try(var.aws_for_fluentbit.dependency_update, null)
+  replace                    = try(var.aws_for_fluentbit.replace, null)
+  lint                       = try(var.aws_for_fluentbit.lint, null)
+
+  postrender = try(var.aws_for_fluentbit.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.aws_for_fluentbit_service_account
+    }],
+    try(var.aws_for_fluentbit.set, [])
+  )
+  set_sensitive = try(var.aws_for_fluentbit.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names = [
+    "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
+  ]
+  create_role                   = try(var.aws_for_fluentbit.create_role, true)
+  role_name                     = try(var.aws_for_fluentbit.role_name, "aws-for-fluent-bit")
+  role_name_use_prefix          = try(var.aws_for_fluentbit.role_name_use_prefix, true)
+  role_path                     = try(var.aws_for_fluentbit.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_for_fluentbit, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_for_fluentbit.role_description, "IRSA for aws-for-fluent-bit")
+  role_policies                 = lookup(var.aws_for_fluentbit, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_for_fluentbit[*].json,
+    lookup(var.aws_for_fluentbit, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_for_fluentbit, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_for_fluentbit, "policy_statements", [])
+  policy_name               = try(var.aws_for_fluentbit.policy_name, "aws-for-fluent-bit")
+  policy_name_use_prefix    = try(var.aws_for_fluentbit.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_for_fluentbit.policy_path, null)
+  policy_description        = try(var.aws_for_fluentbit.policy_description, "IAM Policy for AWS Fluentbit")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_for_fluentbit_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS FSX CSI DRIVER
+################################################################################
+
+locals {
+  aws_fsx_csi_driver_controller_service_account = try(var.aws_fsx_csi_driver.controller_service_account_name, "aws-fsx-csi-controller-sa")
+  aws_fsx_csi_driver_node_service_account       = try(var.aws_fsx_csi_driver.node_service_account_name, "aws-fsx-csi-node-sa")
+}
+
+data "aws_iam_policy_document" "aws_fsx_csi_driver" {
+  statement {
+    sid       = "AllowCreateServiceLinkedRoles"
+    resources = ["arn:${local.partition}:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.${local.dns_suffix}/*"]
+
+    actions = [
+      "iam:CreateServiceLinkedRole",
+      "iam:AttachRolePolicy",
+      "iam:PutRolePolicy",
+    ]
+  }
+
+  statement {
+    sid       = "AllowCreateServiceLinkedRole"
+    resources = ["arn:${local.partition}:iam::${local.account_id}:role/*"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["fsx.${local.dns_suffix}"]
+    }
+  }
+
+  statement {
+    sid       = "AllowListBuckets"
+    resources = ["arn:${local.partition}:s3:::*"]
+    actions = [
+      "s3:ListBucket"
+    ]
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:file-system/*"]
+    actions = [
+      "fsx:CreateFileSystem",
+      "fsx:DeleteFileSystem",
+      "fsx:UpdateFileSystem",
+    ]
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:*"]
+    actions = [
+      "fsx:DescribeFileSystems",
+      "fsx:TagResource"
+    ]
+  }
+}
+
+module "aws_fsx_csi_driver" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_fsx_csi_driver
+
+  # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/tree/master/charts/aws-fsx-csi-driver
+  name             = try(var.aws_fsx_csi_driver.name, "aws-fsx-csi-driver")
+  description      = try(var.aws_fsx_csi_driver.description, "A Helm chart for AWS FSx for Lustre CSI Driver")
+  namespace        = try(var.aws_fsx_csi_driver.namespace, "kube-system")
+  create_namespace = try(var.aws_fsx_csi_driver.create_namespace, false)
+  chart            = "aws-fsx-csi-driver"
+  chart_version    = try(var.aws_fsx_csi_driver.chart_version, "1.5.1")
+  repository       = try(var.aws_fsx_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/")
+  values           = try(var.aws_fsx_csi_driver.values, [])
+
+  timeout                    = try(var.aws_fsx_csi_driver.timeout, null)
+  repository_key_file        = try(var.aws_fsx_csi_driver.repository_key_file, null)
+  repository_cert_file       = try(var.aws_fsx_csi_driver.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_fsx_csi_driver.repository_ca_file, null)
+  repository_username        = try(var.aws_fsx_csi_driver.repository_username, null)
+  repository_password        = try(var.aws_fsx_csi_driver.repository_password, null)
+  devel                      = try(var.aws_fsx_csi_driver.devel, null)
+  verify                     = try(var.aws_fsx_csi_driver.verify, null)
+  keyring                    = try(var.aws_fsx_csi_driver.keyring, null)
+  disable_webhooks           = try(var.aws_fsx_csi_driver.disable_webhooks, null)
+  reuse_values               = try(var.aws_fsx_csi_driver.reuse_values, null)
+  reset_values               = try(var.aws_fsx_csi_driver.reset_values, null)
+  force_update               = try(var.aws_fsx_csi_driver.force_update, null)
+  recreate_pods              = try(var.aws_fsx_csi_driver.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_fsx_csi_driver.cleanup_on_fail, null)
+  max_history                = try(var.aws_fsx_csi_driver.max_history, null)
+  atomic                     = try(var.aws_fsx_csi_driver.atomic, null)
+  skip_crds                  = try(var.aws_fsx_csi_driver.skip_crds, null)
+  render_subchart_notes      = try(var.aws_fsx_csi_driver.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_fsx_csi_driver.disable_openapi_validation, null)
+  wait                       = try(var.aws_fsx_csi_driver.wait, null)
+  wait_for_jobs              = try(var.aws_fsx_csi_driver.wait_for_jobs, null)
+  dependency_update          = try(var.aws_fsx_csi_driver.dependency_update, null)
+  replace                    = try(var.aws_fsx_csi_driver.replace, null)
+  lint                       = try(var.aws_fsx_csi_driver.lint, null)
+
+  postrender = try(var.aws_fsx_csi_driver.postrender, [])
+  set = concat([
+    {
+      name  = "controller.serviceAccount.name"
+      value = local.aws_fsx_csi_driver_controller_service_account
+    },
+    {
+      name  = "node.serviceAccount.name"
+      value = local.aws_fsx_csi_driver_node_service_account
+    }],
+    try(var.aws_fsx_csi_driver.set, [])
+  )
+  set_sensitive = try(var.aws_fsx_csi_driver.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names = [
+    "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
+    "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+  ]
+  create_role                   = try(var.aws_fsx_csi_driver.create_role, true)
+  role_name                     = try(var.aws_fsx_csi_driver.role_name, "aws-fsx-csi-driver")
+  role_name_use_prefix          = try(var.aws_fsx_csi_driver.role_name_use_prefix, true)
+  role_path                     = try(var.aws_fsx_csi_driver.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_fsx_csi_driver, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_fsx_csi_driver.role_description, "IRSA for aws-fsx-csi-driver")
+  role_policies                 = lookup(var.aws_fsx_csi_driver, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_fsx_csi_driver[*].json,
+    lookup(var.aws_fsx_csi_driver, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_fsx_csi_driver, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_fsx_csi_driver, "policy_statements", [])
+  policy_name               = try(var.aws_fsx_csi_driver.policy_name, "aws-fsx-csi-driver")
+  policy_name_use_prefix    = try(var.aws_fsx_csi_driver.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_fsx_csi_driver.policy_path, null)
+  policy_description        = try(var.aws_fsx_csi_driver.policy_description, "IAM Policy for AWS FSX CSI Driver")
+
+  oidc_providers = {
+    controller = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_fsx_csi_driver_controller_service_account
+    }
+    node = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_fsx_csi_driver_node_service_account
+    }
+  }
+}
+
+################################################################################
+# AWS Load Balancer Controller
+################################################################################
+
+locals {
+  aws_load_balancer_controller_service_account = try(var.aws_load_balancer_controller.service_account_name, "aws-load-balancer-controller-sa")
+}
+
+data "aws_iam_policy_document" "aws_load_balancer_controller" {
+  statement {
+    resources = ["*"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "iam:AWSServiceName"
+      values   = ["elasticloadbalancing.${local.dns_suffix}"]
+    }
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeAddresses",
+      "ec2:DescribeAvailabilityZones",
+      "ec2:DescribeCoipPools",
+      "ec2:DescribeInstances",
+      "ec2:DescribeInternetGateways",
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeTags",
+      "ec2:DescribeVpcPeeringConnections",
+      "ec2:DescribeVpcs",
+      "ec2:GetCoipPoolUsage",
+      "elasticloadbalancing:DescribeListenerCertificates",
+      "elasticloadbalancing:DescribeListeners",
+      "elasticloadbalancing:DescribeLoadBalancerAttributes",
+      "elasticloadbalancing:DescribeLoadBalancers",
+      "elasticloadbalancing:DescribeRules",
+      "elasticloadbalancing:DescribeSSLPolicies",
+      "elasticloadbalancing:DescribeTags",
+      "elasticloadbalancing:DescribeTargetGroupAttributes",
+      "elasticloadbalancing:DescribeTargetGroups",
+      "elasticloadbalancing:DescribeTargetHealth",
+    ]
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "acm:DescribeCertificate",
+      "acm:ListCertificates",
+      "cognito-idp:DescribeUserPoolClient",
+      "iam:GetServerCertificate",
+      "iam:ListServerCertificates",
+      "shield:CreateProtection",
+      "shield:DeleteProtection",
+      "shield:DescribeProtection",
+      "shield:GetSubscriptionState",
+      "waf-regional:AssociateWebACL",
+      "waf-regional:DisassociateWebACL",
+      "waf-regional:GetWebACL",
+      "waf-regional:GetWebACLForResource",
+      "wafv2:AssociateWebACL",
+      "wafv2:DisassociateWebACL",
+      "wafv2:GetWebACL",
+      "wafv2:GetWebACLForResource",
+    ]
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:RevokeSecurityGroupIngress",
+    ]
+  }
+
+  statement {
+    resources = ["*"]
+    actions   = ["ec2:CreateSecurityGroup"]
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
+    actions   = ["ec2:CreateTags"]
+
+    condition {
+      test     = "Null"
+      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+
+    condition {
+      test     = "StringEquals"
+      variable = "ec2:CreateAction"
+      values   = ["CreateSecurityGroup"]
+    }
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
+    actions = [
+      "ec2:CreateTags",
+      "ec2:DeleteTags",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+    ]
+    actions = [
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:RemoveTags",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
+    actions = [
+      "ec2:CreateTags",
+      "ec2:DeleteTags",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+
+    condition {
+      test     = "Null"
+      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:DeleteSecurityGroup",
+      "ec2:RevokeSecurityGroupIngress",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "elasticloadbalancing:CreateLoadBalancer",
+      "elasticloadbalancing:CreateTargetGroup",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "elasticloadbalancing:CreateListener",
+      "elasticloadbalancing:CreateRule",
+      "elasticloadbalancing:DeleteListener",
+      "elasticloadbalancing:DeleteRule",
+    ]
+  }
+
+  statement {
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+    ]
+    actions = [
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:RemoveTags",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+      values   = ["true"]
+    }
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:*:*:listener/net/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:listener/app/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:*:*:listener-rule/app/*/*/*",
+    ]
+    actions = [
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:RemoveTags",
+    ]
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "elasticloadbalancing:DeleteLoadBalancer",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:ModifyLoadBalancerAttributes",
+      "elasticloadbalancing:ModifyTargetGroup",
+      "elasticloadbalancing:ModifyTargetGroupAttributes",
+      "elasticloadbalancing:SetIpAddressType",
+      "elasticloadbalancing:SetSecurityGroups",
+      "elasticloadbalancing:SetSubnets",
+    ]
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
+  statement {
+    resources = ["arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*"]
+    actions = [
+      "elasticloadbalancing:DeregisterTargets",
+      "elasticloadbalancing:RegisterTargets",
+    ]
+  }
+
+  statement {
+    resources = ["*"]
+    actions = [
+      "elasticloadbalancing:AddListenerCertificates",
+      "elasticloadbalancing:ModifyListener",
+      "elasticloadbalancing:ModifyRule",
+      "elasticloadbalancing:RemoveListenerCertificates",
+      "elasticloadbalancing:SetWebAcl",
+    ]
+  }
+}
+
+module "aws_load_balancer_controller" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_load_balancer_controller
+
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
+  name        = try(var.aws_load_balancer_controller.name, "aws-load-balancer-controller")
+  description = try(var.aws_load_balancer_controller.description, "A Helm chart to deploy aws-load-balancer-controller for ingress resources")
+  namespace   = try(var.aws_load_balancer_controller.namespace, "kube-system")
+  # namespace creation is false here as kube-system already exists by default
+  create_namespace = try(var.aws_load_balancer_controller.create_namespace, false)
+  chart            = "aws-load-balancer-controller"
+  chart_version    = try(var.aws_load_balancer_controller.chart_version, "1.4.8")
+  repository       = try(var.aws_load_balancer_controller.repository, "https://aws.github.io/eks-charts")
+  values           = try(var.aws_load_balancer_controller.values, [])
+
+  timeout                    = try(var.aws_load_balancer_controller.timeout, null)
+  repository_key_file        = try(var.aws_load_balancer_controller.repository_key_file, null)
+  repository_cert_file       = try(var.aws_load_balancer_controller.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_load_balancer_controller.repository_ca_file, null)
+  repository_username        = try(var.aws_load_balancer_controller.repository_username, null)
+  repository_password        = try(var.aws_load_balancer_controller.repository_password, null)
+  devel                      = try(var.aws_load_balancer_controller.devel, null)
+  verify                     = try(var.aws_load_balancer_controller.verify, null)
+  keyring                    = try(var.aws_load_balancer_controller.keyring, null)
+  disable_webhooks           = try(var.aws_load_balancer_controller.disable_webhooks, null)
+  reuse_values               = try(var.aws_load_balancer_controller.reuse_values, null)
+  reset_values               = try(var.aws_load_balancer_controller.reset_values, null)
+  force_update               = try(var.aws_load_balancer_controller.force_update, null)
+  recreate_pods              = try(var.aws_load_balancer_controller.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_load_balancer_controller.cleanup_on_fail, null)
+  max_history                = try(var.aws_load_balancer_controller.max_history, null)
+  atomic                     = try(var.aws_load_balancer_controller.atomic, null)
+  skip_crds                  = try(var.aws_load_balancer_controller.skip_crds, null)
+  render_subchart_notes      = try(var.aws_load_balancer_controller.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_load_balancer_controller.disable_openapi_validation, null)
+  wait                       = try(var.aws_load_balancer_controller.wait, null)
+  wait_for_jobs              = try(var.aws_load_balancer_controller.wait_for_jobs, null)
+  dependency_update          = try(var.aws_load_balancer_controller.dependency_update, null)
+  replace                    = try(var.aws_load_balancer_controller.replace, null)
+  lint                       = try(var.aws_load_balancer_controller.lint, null)
+
+  postrender = try(var.aws_load_balancer_controller.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.aws_load_balancer_controller_service_account
+      }, {
+      name  = "clusterName"
+      value = local.cluster_name
+    }],
+    try(var.aws_load_balancer_controller.set, [])
+  )
+  set_sensitive = try(var.aws_load_balancer_controller.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  create_role                   = try(var.aws_load_balancer_controller.create_role, true)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  role_name                     = try(var.aws_load_balancer_controller.role_name, "alb-controller")
+  role_name_use_prefix          = try(var.aws_load_balancer_controller.role_name_use_prefix, true)
+  role_path                     = try(var.aws_load_balancer_controller.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_load_balancer_controller, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_load_balancer_controller.role_description, "IRSA for aws-load-balancer-controller project")
+  role_policies                 = lookup(var.aws_load_balancer_controller, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_load_balancer_controller[*].json,
+    lookup(var.aws_load_balancer_controller, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_load_balancer_controller, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_load_balancer_controller, "policy_statements", [])
+  policy_name               = try(var.aws_load_balancer_controller.policy_name, null)
+  policy_name_use_prefix    = try(var.aws_load_balancer_controller.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_load_balancer_controller.policy_path, null)
+  policy_description        = try(var.aws_load_balancer_controller.policy_description, "IAM Policy for AWS Load Balancer Controller")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_load_balancer_controller_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS Node Termination Handler
+################################################################################
+
+locals {
+  aws_node_termination_handler_service_account = try(var.aws_node_termination_handler.service_account_name, "aws-node-termination-handler-sa")
+  aws_node_termination_handler_events = merge(
+    {
+      autoscaling_terminate = {
+        name        = "ASGTerminiate"
+        description = "Auto scaling instance terminate event"
+        event_pattern = {
+          source      = ["aws.autoscaling"]
+          detail-type = ["EC2 Instance-terminate Lifecycle Action"]
+        }
+      }
+    },
+    local.ec2_events
+  )
+}
+
+module "aws_node_termination_handler_sqs" {
+  source  = "terraform-aws-modules/sqs/aws"
+  version = "4.0.1"
+
+  create = var.enable_aws_node_termination_handler
+
+  name = try(var.aws_node_termination_handler_sqs.queue_name, "aws-nth-${var.cluster_name}")
+
+  message_retention_seconds         = try(var.aws_node_termination_handler_sqs.message_retention_seconds, 300)
+  sqs_managed_sse_enabled           = try(var.aws_node_termination_handler_sqs.sse_enabled, true)
+  kms_master_key_id                 = try(var.aws_node_termination_handler_sqs.kms_master_key_id, null)
+  kms_data_key_reuse_period_seconds = try(var.aws_node_termination_handler_sqs.kms_data_key_reuse_period_seconds, null)
+
+  create_queue_policy = true
+  queue_policy_statements = {
+    account = {
+      sid     = "SendEventsToQueue"
+      actions = ["sqs:SendMessage"]
+      principals = [
+        {
+          type = "Service"
+          identifiers = [
+            "events.${local.dns_suffix}",
+            "sqs.${local.dns_suffix}",
+          ]
+        }
+      ]
+    }
+  }
+
+  tags = merge(var.tags, try(var.aws_node_termination_handler_sqs.tags, {}))
+}
+
+resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" {
+  for_each = { for k, v in var.aws_node_termination_handler_asg_arns : k => v if var.enable_aws_node_termination_handler }
+
+  name                   = "aws_node_termination_handler"
+  autoscaling_group_name = replace(each.value, "/^.*:autoScalingGroupName//", "")
+  default_result         = "CONTINUE"
+  heartbeat_timeout      = 300
+  lifecycle_transition   = "autoscaling:EC2_INSTANCE_TERMINATING"
+}
+
+resource "aws_autoscaling_group_tag" "aws_node_termination_handler" {
+  for_each = { for k, v in var.aws_node_termination_handler_asg_arns : k => v if var.enable_aws_node_termination_handler }
+
+  autoscaling_group_name = replace(each.value, "/^.*:autoScalingGroupName//", "")
+
+  tag {
+    key                 = "aws-node-termination-handler/managed"
+    value               = "true"
+    propagate_at_launch = true
+  }
+}
+
+resource "aws_cloudwatch_event_rule" "aws_node_termination_handler" {
+  for_each = { for k, v in local.aws_node_termination_handler_events : k => v if var.enable_aws_node_termination_handler }
+
+  name_prefix   = "NTH-${each.value.name}-"
+  description   = each.value.description
+  event_pattern = jsonencode(each.value.event_pattern)
+
+  tags = merge(
+    { "ClusterName" : var.cluster_name },
+    var.tags,
+  )
+}
+
+resource "aws_cloudwatch_event_target" "aws_node_termination_handler" {
+  for_each = { for k, v in local.aws_node_termination_handler_events : k => v if var.enable_aws_node_termination_handler }
+
+  rule      = aws_cloudwatch_event_rule.aws_node_termination_handler[each.key].name
+  target_id = "AWSNodeTerminationHandlerQueueTarget"
+  arn       = module.aws_node_termination_handler_sqs.queue_arn
+}
+
+data "aws_iam_policy_document" "aws_node_termination_handler" {
+  count = var.enable_aws_node_termination_handler ? 1 : 0
+
+  statement {
+    actions = [
+      "autoscaling:DescribeAutoScalingInstances",
+      "autoscaling:DescribeTags",
+      "ec2:DescribeInstances",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    actions   = ["autoscaling:CompleteLifecycleAction"]
+    resources = var.aws_node_termination_handler_asg_arns
+  }
+
+  statement {
+    actions = [
+      "sqs:DeleteMessage",
+      "sqs:ReceiveMessage",
+    ]
+    resources = [module.aws_node_termination_handler_sqs.queue_arn]
+  }
+}
+
+module "aws_node_termination_handler" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_node_termination_handler
+
+  # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml
+  name             = try(var.aws_node_termination_handler.name, "aws-node-termination-handler")
+  description      = try(var.aws_node_termination_handler.description, "A Helm chart to deploy AWS Node Termination Handler")
+  namespace        = try(var.aws_node_termination_handler.namespace, "aws-node-termination-handler")
+  create_namespace = try(var.aws_node_termination_handler.create_namespace, true)
+  chart            = "aws-node-termination-handler"
+  chart_version    = try(var.aws_node_termination_handler.chart_version, "0.21.0")
+  repository       = try(var.aws_node_termination_handler.repository, "https://aws.github.io/eks-charts")
+  values           = try(var.aws_node_termination_handler.values, [])
+
+  timeout                    = try(var.aws_node_termination_handler.timeout, null)
+  repository_key_file        = try(var.aws_node_termination_handler.repository_key_file, null)
+  repository_cert_file       = try(var.aws_node_termination_handler.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_node_termination_handler.repository_ca_file, null)
+  repository_username        = try(var.aws_node_termination_handler.repository_username, null)
+  repository_password        = try(var.aws_node_termination_handler.repository_password, null)
+  devel                      = try(var.aws_node_termination_handler.devel, null)
+  verify                     = try(var.aws_node_termination_handler.verify, null)
+  keyring                    = try(var.aws_node_termination_handler.keyring, null)
+  disable_webhooks           = try(var.aws_node_termination_handler.disable_webhooks, null)
+  reuse_values               = try(var.aws_node_termination_handler.reuse_values, null)
+  reset_values               = try(var.aws_node_termination_handler.reset_values, null)
+  force_update               = try(var.aws_node_termination_handler.force_update, null)
+  recreate_pods              = try(var.aws_node_termination_handler.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_node_termination_handler.cleanup_on_fail, null)
+  max_history                = try(var.aws_node_termination_handler.max_history, null)
+  atomic                     = try(var.aws_node_termination_handler.atomic, null)
+  skip_crds                  = try(var.aws_node_termination_handler.skip_crds, null)
+  render_subchart_notes      = try(var.aws_node_termination_handler.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_node_termination_handler.disable_openapi_validation, null)
+  wait                       = try(var.aws_node_termination_handler.wait, null)
+  wait_for_jobs              = try(var.aws_node_termination_handler.wait_for_jobs, null)
+  dependency_update          = try(var.aws_node_termination_handler.dependency_update, null)
+  replace                    = try(var.aws_node_termination_handler.replace, null)
+  lint                       = try(var.aws_node_termination_handler.lint, null)
+
+  postrender = try(var.aws_node_termination_handler.postrender, [])
+  set = concat(
+    [
+      {
+        name  = "serviceAccount.name"
+        value = local.aws_node_termination_handler_service_account
+      },
+      {
+        name  = "awsRegion"
+        value = local.region
+      },
+      { name  = "queueURL"
+        value = module.aws_node_termination_handler_sqs.queue_url
+      },
+      {
+        name  = "enableSqsTerminationDraining"
+        value = true
+      }
+    ],
+    try(var.aws_node_termination_handler.set, [])
+  )
+  set_sensitive = try(var.aws_node_termination_handler.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.aws_node_termination_handler.create_role, true)
+  role_name                     = try(var.aws_node_termination_handler.role_name, "aws-node-termination-handler")
+  role_name_use_prefix          = try(var.aws_node_termination_handler.role_name_use_prefix, true)
+  role_path                     = try(var.aws_node_termination_handler.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_node_termination_handler, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_node_termination_handler.role_description, "IRSA for AWS Node Termination Handler project")
+  role_policies                 = lookup(var.aws_node_termination_handler, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_node_termination_handler[*].json,
+    lookup(var.aws_node_termination_handler, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_node_termination_handler, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_node_termination_handler, "policy_statements", [])
+  policy_name               = try(var.aws_node_termination_handler.policy_name, null)
+  policy_name_use_prefix    = try(var.aws_node_termination_handler.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_node_termination_handler.policy_path, null)
+  policy_description        = try(var.aws_node_termination_handler.policy_description, "IAM Policy for AWS Node Termination Handler")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_node_termination_handler_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# AWS Private CA Issuer
+################################################################################
+
+locals {
+  aws_privateca_issuer_service_account = try(var.aws_privateca_issuer.service_account_name, "aws-privateca-issuer-sa")
+}
+
+data "aws_iam_policy_document" "aws_privateca_issuer" {
+  count = var.enable_aws_privateca_issuer ? 1 : 0
+
+  statement {
+    actions = [
+      "acm-pca:DescribeCertificateAuthority",
+      "acm-pca:GetCertificate",
+      "acm-pca:IssueCertificate",
+    ]
+    resources = [
+      try(var.aws_privateca_issuer.acmca_arn,
+      "arn:${local.partition}:acm-pca:${local.region}:${local.account_id}:certificate-authority/*")
+    ]
+  }
+}
+
+module "aws_privateca_issuer" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_aws_privateca_issuer
+
+  # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
+  name             = try(var.aws_privateca_issuer.name, "aws-privateca-issuer")
+  description      = try(var.aws_privateca_issuer.description, "A Helm chart to install the AWS Private CA Issuer")
+  namespace        = try(var.aws_privateca_issuer.namespace, "kube-system")
+  create_namespace = try(var.aws_privateca_issuer.create_namespace, false)
+  chart            = "aws-privateca-issuer"
+  chart_version    = try(var.aws_privateca_issuer.chart_version, "v1.2.5")
+  repository       = try(var.aws_privateca_issuer.repository, "https://cert-manager.github.io/aws-privateca-issuer")
+  values           = try(var.aws_privateca_issuer.values, [])
+
+  timeout                    = try(var.aws_privateca_issuer.timeout, null)
+  repository_key_file        = try(var.aws_privateca_issuer.repository_key_file, null)
+  repository_cert_file       = try(var.aws_privateca_issuer.repository_cert_file, null)
+  repository_ca_file         = try(var.aws_privateca_issuer.repository_ca_file, null)
+  repository_username        = try(var.aws_privateca_issuer.repository_username, null)
+  repository_password        = try(var.aws_privateca_issuer.repository_password, null)
+  devel                      = try(var.aws_privateca_issuer.devel, null)
+  verify                     = try(var.aws_privateca_issuer.verify, null)
+  keyring                    = try(var.aws_privateca_issuer.keyring, null)
+  disable_webhooks           = try(var.aws_privateca_issuer.disable_webhooks, null)
+  reuse_values               = try(var.aws_privateca_issuer.reuse_values, null)
+  reset_values               = try(var.aws_privateca_issuer.reset_values, null)
+  force_update               = try(var.aws_privateca_issuer.force_update, null)
+  recreate_pods              = try(var.aws_privateca_issuer.recreate_pods, null)
+  cleanup_on_fail            = try(var.aws_privateca_issuer.cleanup_on_fail, null)
+  max_history                = try(var.aws_privateca_issuer.max_history, null)
+  atomic                     = try(var.aws_privateca_issuer.atomic, null)
+  skip_crds                  = try(var.aws_privateca_issuer.skip_crds, null)
+  render_subchart_notes      = try(var.aws_privateca_issuer.render_subchart_notes, null)
+  disable_openapi_validation = try(var.aws_privateca_issuer.disable_openapi_validation, null)
+  wait                       = try(var.aws_privateca_issuer.wait, null)
+  wait_for_jobs              = try(var.aws_privateca_issuer.wait_for_jobs, null)
+  dependency_update          = try(var.aws_privateca_issuer.dependency_update, null)
+  replace                    = try(var.aws_privateca_issuer.replace, null)
+  lint                       = try(var.aws_privateca_issuer.lint, null)
+
+  postrender = try(var.aws_privateca_issuer.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.aws_privateca_issuer_service_account
+    }],
+    try(var.aws_privateca_issuer.set, [])
+  )
+  set_sensitive = try(var.aws_privateca_issuer.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.aws_privateca_issuer.create_role, true)
+  role_name                     = try(var.aws_privateca_issuer.role_name, "aws-privateca-issuer")
+  role_name_use_prefix          = try(var.aws_privateca_issuer.role_name_use_prefix, true)
+  role_path                     = try(var.aws_privateca_issuer.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.aws_privateca_issuer, "role_permissions_boundary_arn", null)
+  role_description              = try(var.aws_privateca_issuer.role_description, "IRSA for AWS Private CA Issuer")
+  role_policies                 = lookup(var.aws_privateca_issuer, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.aws_privateca_issuer[*].json,
+    lookup(var.aws_privateca_issuer, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.aws_privateca_issuer, "override_policy_documents", [])
+  policy_statements         = lookup(var.aws_privateca_issuer, "policy_statements", [])
+  policy_name               = try(var.aws_privateca_issuer.policy_name, "aws-privateca-issuer")
+  policy_name_use_prefix    = try(var.aws_privateca_issuer.policy_name_use_prefix, true)
+  policy_path               = try(var.aws_privateca_issuer.policy_path, null)
+  policy_description        = try(var.aws_privateca_issuer.policy_description, "IAM Policy for AWS Private CA Issuer")
+
+  oidc_providers = {
+    controller = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.aws_privateca_issuer_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Cert Manager
+################################################################################
+
+locals {
+  cert_manager_service_account = try(var.cert_manager.service_account_name, "cert-manager")
+  create_cert_manager_irsa     = var.enable_cert_manager && length(var.cert_manager_route53_hosted_zone_arns) > 0
+}
+
+data "aws_iam_policy_document" "cert_manager" {
+  count = local.create_cert_manager_irsa ? 1 : 0
+
+  statement {
+    actions   = ["route53:GetChange", ]
+    resources = ["arn:${local.partition}:route53:::change/*"]
+  }
+
+  statement {
+    actions = [
+      "route53:ChangeResourceRecordSets",
+      "route53:ListResourceRecordSets",
+    ]
+    resources = var.cert_manager_route53_hosted_zone_arns
+  }
+
+  statement {
+    actions   = ["route53:ListHostedZonesByName"]
+    resources = ["*"]
+  }
+}
+
+module "cert_manager" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_cert_manager
+
+  # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/Chart.template.yaml
+  name             = try(var.cert_manager.name, "cert-manager")
+  description      = try(var.cert_manager.description, "A Helm chart to deploy cert-manager")
+  namespace        = try(var.cert_manager.namespace, "cert-manager")
+  create_namespace = try(var.cert_manager.create_namespace, true)
+  chart            = "cert-manager"
+  chart_version    = try(var.cert_manager.chart_version, "v1.11.1")
+  repository       = try(var.cert_manager.repository, "https://charts.jetstack.io")
+  values           = try(var.cert_manager.values, [])
+
+  timeout                    = try(var.cert_manager.timeout, null)
+  repository_key_file        = try(var.cert_manager.repository_key_file, null)
+  repository_cert_file       = try(var.cert_manager.repository_cert_file, null)
+  repository_ca_file         = try(var.cert_manager.repository_ca_file, null)
+  repository_username        = try(var.cert_manager.repository_username, null)
+  repository_password        = try(var.cert_manager.repository_password, null)
+  devel                      = try(var.cert_manager.devel, null)
+  verify                     = try(var.cert_manager.verify, null)
+  keyring                    = try(var.cert_manager.keyring, null)
+  disable_webhooks           = try(var.cert_manager.disable_webhooks, null)
+  reuse_values               = try(var.cert_manager.reuse_values, null)
+  reset_values               = try(var.cert_manager.reset_values, null)
+  force_update               = try(var.cert_manager.force_update, null)
+  recreate_pods              = try(var.cert_manager.recreate_pods, null)
+  cleanup_on_fail            = try(var.cert_manager.cleanup_on_fail, null)
+  max_history                = try(var.cert_manager.max_history, null)
+  atomic                     = try(var.cert_manager.atomic, null)
+  skip_crds                  = try(var.cert_manager.skip_crds, null)
+  render_subchart_notes      = try(var.cert_manager.render_subchart_notes, null)
+  disable_openapi_validation = try(var.cert_manager.disable_openapi_validation, null)
+  wait                       = try(var.cert_manager.wait, null)
+  wait_for_jobs              = try(var.cert_manager.wait_for_jobs, null)
+  dependency_update          = try(var.cert_manager.dependency_update, null)
+  replace                    = try(var.cert_manager.replace, null)
+  lint                       = try(var.cert_manager.lint, null)
+
+  postrender = try(var.cert_manager.postrender, [])
+  set = concat([
+    {
+      name  = "installCRDs"
+      value = true
+    }
+    ],
+    try(var.cert_manager.set, [])
+  )
+  set_sensitive = try(var.cert_manager.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = local.create_cert_manager_irsa && try(var.cert_manager.create_role, true)
+  role_name                     = try(var.cert_manager.role_name, "cert-manager")
+  role_name_use_prefix          = try(var.cert_manager.role_name_use_prefix, true)
+  role_path                     = try(var.cert_manager.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.cert_manager, "role_permissions_boundary_arn", null)
+  role_description              = try(var.cert_manager.role_description, "IRSA for cert-manger project")
+  role_policies                 = lookup(var.cert_manager, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.cert_manager[*].json,
+    lookup(var.cert_manager, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.cert_manager, "override_policy_documents", [])
+  policy_statements         = lookup(var.cert_manager, "policy_statements", [])
+  policy_name               = try(var.cert_manager.policy_name, null)
+  policy_name_use_prefix    = try(var.cert_manager.policy_name_use_prefix, true)
+  policy_path               = try(var.cert_manager.policy_path, null)
+  policy_description        = try(var.cert_manager.policy_description, "IAM Policy for cert-manager")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.cert_manager_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Cluster Autoscaler
+################################################################################
+
+locals {
+  cluster_autoscaler_service_account = try(var.cluster_autoscaler.service_account_name, "cluster-autoscaler-sa")
+
+  # Lookup map to pull latest cluster-autoscaler patch version given the cluster version
+  cluster_autoscaler_image_tag = {
+    "1.20" = "v1.20.3"
+    "1.21" = "v1.21.3"
+    "1.22" = "v1.22.3"
+    "1.23" = "v1.23.1"
+    "1.24" = "v1.24.1"
+    "1.25" = "v1.25.1"
+    "1.26" = "v1.26.2"
+  }
+}
+
+data "aws_iam_policy_document" "cluster_autoscaler" {
+  count = var.enable_cluster_autoscaler ? 1 : 0
+
+  statement {
+    actions = [
+      "autoscaling:DescribeAutoScalingGroups",
+      "autoscaling:DescribeAutoScalingInstances",
+      "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:DescribeScalingActivities",
+      "autoscaling:DescribeTags",
+      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeInstanceTypes",
+      "eks:DescribeNodegroup",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements"
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "autoscaling:SetDesiredCapacity",
+      "autoscaling:TerminateInstanceInAutoScalingGroup",
+      "autoscaling:UpdateAutoScalingGroup",
+    ]
+
+    resources = ["*"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
+      values   = ["owned"]
+    }
+  }
+}
+
+module "cluster_autoscaler" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_cluster_autoscaler
+
+  # https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/Chart.yaml
+  name             = try(var.cluster_autoscaler.name, "cluster-autoscaler")
+  description      = try(var.cluster_autoscaler.description, "A Helm chart to deploy cluster-autoscaler")
+  namespace        = try(var.cluster_autoscaler.namespace, "kube-system")
+  create_namespace = try(var.cluster_autoscaler.create_namespace, false)
+  chart            = "cluster-autoscaler"
+  chart_version    = try(var.cluster_autoscaler.chart_version, "9.28.0")
+  repository       = try(var.cluster_autoscaler.repository, "https://kubernetes.github.io/autoscaler")
+  values           = try(var.cluster_autoscaler.values, [])
+
+  timeout                    = try(var.cluster_autoscaler.timeout, null)
+  repository_key_file        = try(var.cluster_autoscaler.repository_key_file, null)
+  repository_cert_file       = try(var.cluster_autoscaler.repository_cert_file, null)
+  repository_ca_file         = try(var.cluster_autoscaler.repository_ca_file, null)
+  repository_username        = try(var.cluster_autoscaler.repository_username, null)
+  repository_password        = try(var.cluster_autoscaler.repository_password, null)
+  devel                      = try(var.cluster_autoscaler.devel, null)
+  verify                     = try(var.cluster_autoscaler.verify, null)
+  keyring                    = try(var.cluster_autoscaler.keyring, null)
+  disable_webhooks           = try(var.cluster_autoscaler.disable_webhooks, null)
+  reuse_values               = try(var.cluster_autoscaler.reuse_values, null)
+  reset_values               = try(var.cluster_autoscaler.reset_values, null)
+  force_update               = try(var.cluster_autoscaler.force_update, null)
+  recreate_pods              = try(var.cluster_autoscaler.recreate_pods, null)
+  cleanup_on_fail            = try(var.cluster_autoscaler.cleanup_on_fail, null)
+  max_history                = try(var.cluster_autoscaler.max_history, null)
+  atomic                     = try(var.cluster_autoscaler.atomic, null)
+  skip_crds                  = try(var.cluster_autoscaler.skip_crds, null)
+  render_subchart_notes      = try(var.cluster_autoscaler.render_subchart_notes, null)
+  disable_openapi_validation = try(var.cluster_autoscaler.disable_openapi_validation, null)
+  wait                       = try(var.cluster_autoscaler.wait, null)
+  wait_for_jobs              = try(var.cluster_autoscaler.wait_for_jobs, null)
+  dependency_update          = try(var.cluster_autoscaler.dependency_update, null)
+  replace                    = try(var.cluster_autoscaler.replace, null)
+  lint                       = try(var.cluster_autoscaler.lint, null)
+
+  postrender = try(var.cluster_autoscaler.postrender, [])
+  set = concat(
+    [
+      {
+        name  = "awsRegion"
+        value = local.region
+      },
+      {
+        name  = "autoDiscovery.clusterName"
+        value = local.cluster_name
+      },
+      {
+        name  = "image.tag"
+        value = try(local.cluster_autoscaler_image_tag[var.cluster_version], "v${var.cluster_version}.0")
+      },
+      {
+        name  = "rbac.serviceAccount.name"
+        value = local.cluster_autoscaler_service_account
+      }
+    ],
+    try(var.cluster_autoscaler.set, [])
+  )
+  set_sensitive = try(var.cluster_autoscaler.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.cluster_autoscaler.create_role, true)
+  role_name                     = try(var.cluster_autoscaler.role_name, "cluster-autoscaler")
+  role_name_use_prefix          = try(var.cluster_autoscaler.role_name_use_prefix, true)
+  role_path                     = try(var.cluster_autoscaler.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.cluster_autoscaler, "role_permissions_boundary_arn", null)
+  role_description              = try(var.cluster_autoscaler.role_description, "IRSA for cluster-autoscaler operator")
+  role_policies                 = lookup(var.cluster_autoscaler, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.cluster_autoscaler[*].json,
+    lookup(var.cluster_autoscaler, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.cluster_autoscaler, "override_policy_documents", [])
+  policy_statements         = lookup(var.cluster_autoscaler, "policy_statements", [])
+  policy_name               = try(var.cluster_autoscaler.policy_name, null)
+  policy_name_use_prefix    = try(var.cluster_autoscaler.policy_name_use_prefix, true)
+  policy_path               = try(var.cluster_autoscaler.policy_path, null)
+  policy_description        = try(var.cluster_autoscaler.policy_description, "IAM Policy for cluster-autoscaler operator")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.cluster_autoscaler_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Cluster Proportional Autoscaler
+################################################################################
+
+module "cluster_proportional_autoscaler" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_cluster_proportional_autoscaler
+
+  # https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/blob/master/charts/cluster-proportional-autoscaler/Chart.yaml
+  name             = try(var.cluster_proportional_autoscaler.name, "cluster-proportional-autoscaler")
+  description      = try(var.cluster_proportional_autoscaler.description, "A Helm chart to install the Cluster Proportional Autoscaler")
+  namespace        = try(var.cluster_proportional_autoscaler.namespace, "kube-system")
+  create_namespace = try(var.cluster_proportional_autoscaler.create_namespace, false)
+  chart            = "cluster-proportional-autoscaler"
+  chart_version    = try(var.cluster_proportional_autoscaler.chart_version, "1.1.0")
+  repository       = try(var.cluster_proportional_autoscaler.repository, "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler")
+  values           = try(var.cluster_proportional_autoscaler.values, [])
+
+  timeout                    = try(var.cluster_proportional_autoscaler.timeout, null)
+  repository_key_file        = try(var.cluster_proportional_autoscaler.repository_key_file, null)
+  repository_cert_file       = try(var.cluster_proportional_autoscaler.repository_cert_file, null)
+  repository_ca_file         = try(var.cluster_proportional_autoscaler.repository_ca_file, null)
+  repository_username        = try(var.cluster_proportional_autoscaler.repository_username, null)
+  repository_password        = try(var.cluster_proportional_autoscaler.repository_password, null)
+  devel                      = try(var.cluster_proportional_autoscaler.devel, null)
+  verify                     = try(var.cluster_proportional_autoscaler.verify, null)
+  keyring                    = try(var.cluster_proportional_autoscaler.keyring, null)
+  disable_webhooks           = try(var.cluster_proportional_autoscaler.disable_webhooks, null)
+  reuse_values               = try(var.cluster_proportional_autoscaler.reuse_values, null)
+  reset_values               = try(var.cluster_proportional_autoscaler.reset_values, null)
+  force_update               = try(var.cluster_proportional_autoscaler.force_update, null)
+  recreate_pods              = try(var.cluster_proportional_autoscaler.recreate_pods, null)
+  cleanup_on_fail            = try(var.cluster_proportional_autoscaler.cleanup_on_fail, null)
+  max_history                = try(var.cluster_proportional_autoscaler.max_history, null)
+  atomic                     = try(var.cluster_proportional_autoscaler.atomic, null)
+  skip_crds                  = try(var.cluster_proportional_autoscaler.skip_crds, null)
+  render_subchart_notes      = try(var.cluster_proportional_autoscaler.render_subchart_notes, null)
+  disable_openapi_validation = try(var.cluster_proportional_autoscaler.disable_openapi_validation, null)
+  wait                       = try(var.cluster_proportional_autoscaler.wait, null)
+  wait_for_jobs              = try(var.cluster_proportional_autoscaler.wait_for_jobs, null)
+  dependency_update          = try(var.cluster_proportional_autoscaler.dependency_update, null)
+  replace                    = try(var.cluster_proportional_autoscaler.replace, null)
+  lint                       = try(var.cluster_proportional_autoscaler.lint, null)
+
+  postrender    = try(var.cluster_proportional_autoscaler.postrender, [])
+  set           = try(var.cluster_proportional_autoscaler.set, [])
+  set_sensitive = try(var.cluster_proportional_autoscaler.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# EKS Addons
+################################################################################
+
+data "aws_eks_addon_version" "this" {
+  for_each = var.eks_addons
+
+  addon_name         = try(each.value.name, each.key)
+  kubernetes_version = var.cluster_version
+  most_recent        = try(each.value.most_recent, true)
+}
+
+resource "aws_eks_addon" "this" {
+  for_each = var.eks_addons
+
+  cluster_name = local.cluster_name
+  addon_name   = try(each.value.name, each.key)
+
+  addon_version            = try(each.value.addon_version, data.aws_eks_addon_version.this[each.key].version)
+  configuration_values     = try(each.value.configuration_values, null)
+  preserve                 = try(each.value.preserve, null)
+  resolve_conflicts        = try(each.value.resolve_conflicts, "OVERWRITE")
+  service_account_role_arn = try(each.value.service_account_role_arn, null)
+
+  timeouts {
+    create = try(each.value.timeouts.create, var.eks_addons_timeouts.create, null)
+    update = try(each.value.timeouts.update, var.eks_addons_timeouts.update, null)
+    delete = try(each.value.timeouts.delete, var.eks_addons_timeouts.delete, null)
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# External DNS
+################################################################################
+
+locals {
+  external_dns_service_account = try(var.external_dns.service_account_name, "external-dns-sa")
+}
+
+# https://github.com/external-secrets/kubernetes-external-secrets#add-a-secret
+data "aws_iam_policy_document" "external_dns" {
+  count = var.enable_external_dns && length(var.external_dns_route53_zone_arns) > 0 ? 1 : 0
+
+  statement {
+    actions   = ["route53:ChangeResourceRecordSets"]
+    resources = var.external_dns_route53_zone_arns
+  }
+
+  statement {
+    actions = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets",
+    ]
+    resources = ["*"]
+  }
+}
+
+module "external_dns" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_external_dns
+
+  # https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns/Chart.yaml
+  name             = try(var.external_dns.name, "external-dns")
+  description      = try(var.external_dns.description, "A Helm chart to deploy external-dns")
+  namespace        = try(var.external_dns.namespace, "external-dns")
+  create_namespace = try(var.external_dns.create_namespace, true)
+  chart            = "external-dns"
+  chart_version    = try(var.external_dns.chart_version, "1.12.2")
+  repository       = try(var.external_dns.repository, "https://kubernetes-sigs.github.io/external-dns/")
+  values           = try(var.external_dns.values, ["provider: aws"])
+
+  timeout                    = try(var.external_dns.timeout, null)
+  repository_key_file        = try(var.external_dns.repository_key_file, null)
+  repository_cert_file       = try(var.external_dns.repository_cert_file, null)
+  repository_ca_file         = try(var.external_dns.repository_ca_file, null)
+  repository_username        = try(var.external_dns.repository_username, null)
+  repository_password        = try(var.external_dns.repository_password, null)
+  devel                      = try(var.external_dns.devel, null)
+  verify                     = try(var.external_dns.verify, null)
+  keyring                    = try(var.external_dns.keyring, null)
+  disable_webhooks           = try(var.external_dns.disable_webhooks, null)
+  reuse_values               = try(var.external_dns.reuse_values, null)
+  reset_values               = try(var.external_dns.reset_values, null)
+  force_update               = try(var.external_dns.force_update, null)
+  recreate_pods              = try(var.external_dns.recreate_pods, null)
+  cleanup_on_fail            = try(var.external_dns.cleanup_on_fail, null)
+  max_history                = try(var.external_dns.max_history, null)
+  atomic                     = try(var.external_dns.atomic, null)
+  skip_crds                  = try(var.external_dns.skip_crds, null)
+  render_subchart_notes      = try(var.external_dns.render_subchart_notes, null)
+  disable_openapi_validation = try(var.external_dns.disable_openapi_validation, null)
+  wait                       = try(var.external_dns.wait, null)
+  wait_for_jobs              = try(var.external_dns.wait_for_jobs, null)
+  dependency_update          = try(var.external_dns.dependency_update, null)
+  replace                    = try(var.external_dns.replace, null)
+  lint                       = try(var.external_dns.lint, null)
+
+  postrender = try(var.external_dns.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.external_dns_service_account
+    }],
+    try(var.external_dns.set, [])
+  )
+  set_sensitive = try(var.external_dns.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.external_dns.create_role, true) && length(var.external_dns_route53_zone_arns) > 0
+  role_name                     = try(var.external_dns.role_name, "external-dns")
+  role_name_use_prefix          = try(var.external_dns.role_name_use_prefix, true)
+  role_path                     = try(var.external_dns.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.external_dns, "role_permissions_boundary_arn", null)
+  role_description              = try(var.external_dns.role_description, "IRSA for external-dns operator")
+  role_policies                 = lookup(var.external_dns, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.external_dns[*].json,
+    lookup(var.external_dns, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.external_dns, "override_policy_documents", [])
+  policy_statements         = lookup(var.external_dns, "policy_statements", [])
+  policy_name               = try(var.external_dns.policy_name, null)
+  policy_name_use_prefix    = try(var.external_dns.policy_name_use_prefix, true)
+  policy_path               = try(var.external_dns.policy_path, null)
+  policy_description        = try(var.external_dns.policy_description, "IAM Policy for external-dns operator")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.external_dns_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# External Secrets
+################################################################################
+
+locals {
+  external_secrets_service_account = try(var.external_secrets.service_account_name, "external-secrets-sa")
+}
+
+# https://github.com/external-secrets/kubernetes-external-secrets#add-a-secret
+data "aws_iam_policy_document" "external_secrets" {
+  count = var.enable_external_secrets ? 1 : 0
+
+  dynamic "statement" {
+    for_each = length(var.external_secrets_ssm_parameter_arns) > 0 ? [1] : []
+
+    content {
+      actions   = ["ssm:DescribeParameters"]
+      resources = ["*"]
+    }
+  }
+
+  dynamic "statement" {
+    for_each = length(var.external_secrets_ssm_parameter_arns) > 0 ? [1] : []
+
+    content {
+      actions = [
+        "ssm:GetParameter",
+        "ssm:GetParameters",
+      ]
+      resources = var.external_secrets_ssm_parameter_arns
+    }
+  }
+
+  dynamic "statement" {
+    for_each = length(var.external_secrets_secrets_manager_arns) > 0 ? [1] : []
+
+    content {
+      actions   = ["secretsmanager:ListSecrets"]
+      resources = ["*"]
+    }
+  }
+
+  dynamic "statement" {
+    for_each = length(var.external_secrets_secrets_manager_arns) > 0 ? [1] : []
+
+    content {
+      actions = [
+        "secretsmanager:GetResourcePolicy",
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:ListSecretVersionIds",
+      ]
+      resources = var.external_secrets_secrets_manager_arns
+    }
+  }
+
+  dynamic "statement" {
+    for_each = length(var.external_secrets_kms_key_arns) > 0 ? [1] : []
+
+    content {
+      actions   = ["kms:Decrypt"]
+      resources = var.external_secrets_kms_key_arns
+    }
+  }
+}
+
+module "external_secrets" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_external_secrets
+
+  # https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/Chart.yaml
+  name             = try(var.external_secrets.name, "external-secrets")
+  description      = try(var.external_secrets.description, "A Helm chart to deploy external-secrets")
+  namespace        = try(var.external_secrets.namespace, "external-secrets")
+  create_namespace = try(var.external_secrets.create_namespace, true)
+  chart            = "external-secrets"
+  chart_version    = try(var.external_secrets.chart_version, "0.8.1")
+  repository       = try(var.external_secrets.repository, "https://charts.external-secrets.io")
+  values           = try(var.external_secrets.values, [])
+
+  timeout                    = try(var.external_secrets.timeout, null)
+  repository_key_file        = try(var.external_secrets.repository_key_file, null)
+  repository_cert_file       = try(var.external_secrets.repository_cert_file, null)
+  repository_ca_file         = try(var.external_secrets.repository_ca_file, null)
+  repository_username        = try(var.external_secrets.repository_username, null)
+  repository_password        = try(var.external_secrets.repository_password, null)
+  devel                      = try(var.external_secrets.devel, null)
+  verify                     = try(var.external_secrets.verify, null)
+  keyring                    = try(var.external_secrets.keyring, null)
+  disable_webhooks           = try(var.external_secrets.disable_webhooks, null)
+  reuse_values               = try(var.external_secrets.reuse_values, null)
+  reset_values               = try(var.external_secrets.reset_values, null)
+  force_update               = try(var.external_secrets.force_update, null)
+  recreate_pods              = try(var.external_secrets.recreate_pods, null)
+  cleanup_on_fail            = try(var.external_secrets.cleanup_on_fail, null)
+  max_history                = try(var.external_secrets.max_history, null)
+  atomic                     = try(var.external_secrets.atomic, null)
+  skip_crds                  = try(var.external_secrets.skip_crds, null)
+  render_subchart_notes      = try(var.external_secrets.render_subchart_notes, null)
+  disable_openapi_validation = try(var.external_secrets.disable_openapi_validation, null)
+  wait                       = try(var.external_secrets.wait, null)
+  wait_for_jobs              = try(var.external_secrets.wait_for_jobs, null)
+  dependency_update          = try(var.external_secrets.dependency_update, null)
+  replace                    = try(var.external_secrets.replace, null)
+  lint                       = try(var.external_secrets.lint, null)
+
+  postrender = try(var.external_secrets.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.external_secrets_service_account
+    }],
+    try(var.external_secrets.set, [])
+  )
+  set_sensitive = try(var.external_secrets.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.external_secrets.create_role, true)
+  role_name                     = try(var.external_secrets.role_name, "external-secrets")
+  role_name_use_prefix          = try(var.external_secrets.role_name_use_prefix, true)
+  role_path                     = try(var.external_secrets.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.external_secrets, "role_permissions_boundary_arn", null)
+  role_description              = try(var.external_secrets.role_description, "IRSA for external-secrets operator")
+  role_policies                 = lookup(var.external_secrets, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.external_secrets[*].json,
+    lookup(var.external_secrets, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.external_secrets, "override_policy_documents", [])
+  policy_statements         = lookup(var.external_secrets, "policy_statements", [])
+  policy_name               = try(var.external_secrets.policy_name, null)
+  policy_name_use_prefix    = try(var.external_secrets.policy_name_use_prefix, true)
+  policy_path               = try(var.external_secrets.policy_path, null)
+  policy_description        = try(var.external_secrets.policy_description, "IAM Policy for external-secrets operator")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.external_secrets_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Fargate Fluentbit
+################################################################################
+
+resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
+  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
+
+  name              = try(var.fargate_fluentbit_cw_log_group.name, null)
+  name_prefix       = try(var.fargate_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/fargate-fluentbit-logs")
+  retention_in_days = try(var.fargate_fluentbit_cw_log_group.retention, 90)
+  kms_key_id        = try(var.fargate_fluentbit_cw_log_group.kms_key_arn, null)
+  skip_destroy      = try(var.fargate_fluentbit_cw_log_group.skip_destroy, false)
+  tags              = merge(var.tags, try(var.fargate_fluentbit_cw_log_group.tags, {}))
+}
+
+# Help on Fargate Logging with Fluentbit and CloudWatch
+# https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
+resource "kubernetes_namespace_v1" "aws_observability" {
+  count = var.enable_fargate_fluentbit ? 1 : 0
+
+  metadata {
+    name = "aws-observability"
+
+    labels = {
+      aws-observability = "enabled"
+    }
+  }
+}
+
+# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
+resource "kubernetes_config_map_v1" "aws_logging" {
+  count = var.enable_fargate_fluentbit ? 1 : 0
+
+  metadata {
+    name      = "aws-logging"
+    namespace = kubernetes_namespace_v1.aws_observability[0].id
+  }
+
+  data = {
+    "parsers.conf" = try(
+      var.fargate_fluentbit.parsers_conf,
+      <<-EOT
+        [PARSER]
+          Name regex
+          Format regex
+          Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+          Time_Key time
+          Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+          Time_Keep On
+          Decode_Field_As json message
+      EOT
+    )
+    "filters.conf" = try(
+      var.fargate_fluentbit.filters_conf,
+      <<-EOT
+        [FILTER]
+          Name parser
+          Match *
+          Key_Name log
+          Parser regex
+          Preserve_Key True
+          Reserve_Data True
+      EOT
+    )
+    "output.conf" = try(
+      var.fargate_fluentbit.output_conf,
+      <<-EOT
+        [OUTPUT]
+          Name cloudwatch_logs
+          Match *
+          region ${local.region}
+          log_group_name ${try(var.fargate_fluentbit.cwlog_group, aws_cloudwatch_log_group.fargate_fluentbit[0].name)}
+          log_stream_prefix ${try(var.fargate_fluentbit.cwlog_stream_prefix, "fargate-logs-")}
+          auto_create_group true
+      EOT
+    )
+    "flb_log_cw" = try(var.fargate_fluentbit.flb_log_cw, false)
+  }
+}
+
+################################################################################
+# Gatekeeper
+################################################################################
+
+module "gatekeeper" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_gatekeeper
+
+  # https://github.com/open-policy-agent/gatekeeper/blob/master/charts/gatekeeper/Chart.yaml
+  name             = try(var.gatekeeper.name, "gatekeeper")
+  description      = try(var.gatekeeper.description, "A Helm chart to install Gatekeeper")
+  namespace        = try(var.gatekeeper.namespace, "gatekeeper-system")
+  create_namespace = try(var.gatekeeper.create_namespace, true)
+  chart            = "gatekeeper"
+  chart_version    = try(var.gatekeeper.chart_version, "3.12.0")
+  repository       = try(var.gatekeeper.repository, "https://open-policy-agent.github.io/gatekeeper/charts")
+  values           = try(var.gatekeeper.values, [])
+
+  timeout                    = try(var.gatekeeper.timeout, null)
+  repository_key_file        = try(var.gatekeeper.repository_key_file, null)
+  repository_cert_file       = try(var.gatekeeper.repository_cert_file, null)
+  repository_ca_file         = try(var.gatekeeper.repository_ca_file, null)
+  repository_username        = try(var.gatekeeper.repository_username, null)
+  repository_password        = try(var.gatekeeper.repository_password, null)
+  devel                      = try(var.gatekeeper.devel, null)
+  verify                     = try(var.gatekeeper.verify, null)
+  keyring                    = try(var.gatekeeper.keyring, null)
+  disable_webhooks           = try(var.gatekeeper.disable_webhooks, null)
+  reuse_values               = try(var.gatekeeper.reuse_values, null)
+  reset_values               = try(var.gatekeeper.reset_values, null)
+  force_update               = try(var.gatekeeper.force_update, null)
+  recreate_pods              = try(var.gatekeeper.recreate_pods, null)
+  cleanup_on_fail            = try(var.gatekeeper.cleanup_on_fail, null)
+  max_history                = try(var.gatekeeper.max_history, null)
+  atomic                     = try(var.gatekeeper.atomic, null)
+  skip_crds                  = try(var.gatekeeper.skip_crds, null)
+  render_subchart_notes      = try(var.gatekeeper.render_subchart_notes, null)
+  disable_openapi_validation = try(var.gatekeeper.disable_openapi_validation, null)
+  wait                       = try(var.gatekeeper.wait, null)
+  wait_for_jobs              = try(var.gatekeeper.wait_for_jobs, null)
+  dependency_update          = try(var.gatekeeper.dependency_update, null)
+  replace                    = try(var.gatekeeper.replace, null)
+  lint                       = try(var.gatekeeper.lint, null)
+
+  postrender    = try(var.gatekeeper.postrender, [])
+  set           = try(var.gatekeeper.set, [])
+  set_sensitive = try(var.gatekeeper.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Ingress Nginx
+################################################################################
+
+module "ingress_nginx" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_ingress_nginx
+
+  # https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml
+  name             = try(var.ingress_nginx.name, "ingress-nginx")
+  description      = try(var.ingress_nginx.description, "A Helm chart to install the Ingress Nginx")
+  namespace        = try(var.ingress_nginx.namespace, "ingress-nginx")
+  create_namespace = try(var.ingress_nginx.create_namespace, true)
+  chart            = "ingress-nginx"
+  chart_version    = try(var.ingress_nginx.chart_version, "4.6.0")
+  repository       = try(var.ingress_nginx.repository, "https://kubernetes.github.io/ingress-nginx")
+  values           = try(var.ingress_nginx.values, [])
+
+  timeout                    = try(var.ingress_nginx.timeout, null)
+  repository_key_file        = try(var.ingress_nginx.repository_key_file, null)
+  repository_cert_file       = try(var.ingress_nginx.repository_cert_file, null)
+  repository_ca_file         = try(var.ingress_nginx.repository_ca_file, null)
+  repository_username        = try(var.ingress_nginx.repository_username, null)
+  repository_password        = try(var.ingress_nginx.repository_password, null)
+  devel                      = try(var.ingress_nginx.devel, null)
+  verify                     = try(var.ingress_nginx.verify, null)
+  keyring                    = try(var.ingress_nginx.keyring, null)
+  disable_webhooks           = try(var.ingress_nginx.disable_webhooks, null)
+  reuse_values               = try(var.ingress_nginx.reuse_values, null)
+  reset_values               = try(var.ingress_nginx.reset_values, null)
+  force_update               = try(var.ingress_nginx.force_update, null)
+  recreate_pods              = try(var.ingress_nginx.recreate_pods, null)
+  cleanup_on_fail            = try(var.ingress_nginx.cleanup_on_fail, null)
+  max_history                = try(var.ingress_nginx.max_history, null)
+  atomic                     = try(var.ingress_nginx.atomic, null)
+  skip_crds                  = try(var.ingress_nginx.skip_crds, null)
+  render_subchart_notes      = try(var.ingress_nginx.render_subchart_notes, null)
+  disable_openapi_validation = try(var.ingress_nginx.disable_openapi_validation, null)
+  wait                       = try(var.ingress_nginx.wait, null)
+  wait_for_jobs              = try(var.ingress_nginx.wait_for_jobs, null)
+  dependency_update          = try(var.ingress_nginx.dependency_update, null)
+  replace                    = try(var.ingress_nginx.replace, null)
+  lint                       = try(var.ingress_nginx.lint, null)
+
+  postrender    = try(var.ingress_nginx.postrender, [])
+  set           = try(var.ingress_nginx.set, [])
+  set_sensitive = try(var.ingress_nginx.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Karpenter
+################################################################################
+
+locals {
+  karpenter_service_account_name    = try(var.karpenter.service_account_name, "karpenter")
+  karpenter_enable_spot_termination = var.enable_karpenter && var.karpenter_enable_spot_termination
+
+  create_karpenter_node_iam_role = var.enable_karpenter && try(var.karpenter_node.create_iam_role, true)
+  karpenter_node_iam_role_arn    = try(aws_iam_role.karpenter[0].arn, var.karpenter_node.iam_role_arn, "")
+  karpenter_node_iam_role_name   = try(var.karpenter_node.iam_role_name, "karpenter-${var.cluster_name}")
+}
+
+data "aws_iam_policy_document" "karpenter" {
+  count = var.enable_karpenter ? 1 : 0
+
+  statement {
+    actions = [
+      "ec2:DescribeAvailabilityZones",
+      "ec2:DescribeImages",
+      "ec2:DescribeInstances",
+      "ec2:DescribeInstanceTypeOfferings",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeLaunchTemplates",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSpotPriceHistory",
+      "ec2:DescribeSubnets",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "ec2:CreateFleet",
+      "ec2:CreateLaunchTemplate",
+      "ec2:CreateTags",
+      "ec2:DeleteLaunchTemplate",
+      "ec2:RunInstances"
+    ]
+    resources = [
+      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:*",
+      "arn:${local.partition}:ec2:${local.region}::image/*"
+    ]
+  }
+
+  statement {
+    actions   = ["iam:PassRole"]
+    resources = [local.karpenter_node_iam_role_arn]
+  }
+
+  statement {
+    actions   = ["pricing:GetProducts"]
+    resources = ["*"]
+  }
+
+  statement {
+    actions   = ["ssm:GetParameter"]
+    resources = ["arn:${local.partition}:ssm:${local.region}::parameter/*"]
+  }
+
+  statement {
+    actions   = ["eks:DescribeCluster"]
+    resources = ["arn:${local.partition}:eks:*:${local.account_id}:cluster/${var.cluster_name}"]
+  }
+
+  statement {
+    actions   = ["ec2:TerminateInstances"]
+    resources = ["arn:${local.partition}:ec2:${local.region}:${local.account_id}:instance/*"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/Name"
+      values   = ["*karpenter*"]
+    }
+  }
+
+  dynamic "statement" {
+    for_each = var.karpenter_enable_spot_termination ? [1] : []
+
+    content {
+      actions = [
+        "sqs:DeleteMessage",
+        "sqs:GetQueueAttributes",
+        "sqs:GetQueueUrl",
+        "sqs:ReceiveMessage",
+      ]
+      resources = [module.karpenter_sqs.queue_arn]
+    }
+  }
+}
+
+module "karpenter_sqs" {
+  source  = "terraform-aws-modules/sqs/aws"
+  version = "4.0.1"
+
+  create = local.karpenter_enable_spot_termination
+
+  name = try(var.karpenter_sqs.queue_name, "karpenter-${var.cluster_name}")
+
+  message_retention_seconds         = try(var.karpenter_sqs.message_retention_seconds, 300)
+  sqs_managed_sse_enabled           = try(var.karpenter_sqs.sse_enabled, true)
+  kms_master_key_id                 = try(var.karpenter_sqs.kms_master_key_id, null)
+  kms_data_key_reuse_period_seconds = try(var.karpenter_sqs.kms_data_key_reuse_period_seconds, null)
+
+  create_queue_policy = true
+  queue_policy_statements = {
+    account = {
+      sid     = "SendEventsToQueue"
+      actions = ["sqs:SendMessage"]
+      principals = [
+        {
+          type = "Service"
+          identifiers = [
+            "events.${local.dns_suffix}",
+            "sqs.${local.dns_suffix}",
+          ]
+        }
+      ]
+    }
+  }
+
+  tags = merge(var.tags, try(var.karpenter_sqs.tags, {}))
+}
+
+resource "aws_cloudwatch_event_rule" "karpenter" {
+  for_each = { for k, v in local.ec2_events : k => v if local.karpenter_enable_spot_termination }
+
+  name_prefix   = "Karpenter-${each.value.name}-"
+  description   = each.value.description
+  event_pattern = jsonencode(each.value.event_pattern)
+
+  tags = merge(
+    { "ClusterName" : var.cluster_name },
+    var.tags,
+  )
+}
+
+resource "aws_cloudwatch_event_target" "karpenter" {
+  for_each = { for k, v in local.ec2_events : k => v if local.karpenter_enable_spot_termination }
+
+  rule      = aws_cloudwatch_event_rule.karpenter[each.key].name
+  target_id = "KarpenterQueueTarget"
+  arn       = module.karpenter_sqs.queue_arn
+}
+
+data "aws_iam_policy_document" "karpenter_assume_role" {
+  count = local.create_karpenter_node_iam_role ? 1 : 0
+
+  statement {
+    sid     = "KarpenterNodeAssumeRole"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.${local.dns_suffix}"]
+    }
+  }
+}
+
+resource "aws_iam_role" "karpenter" {
+  count = local.create_karpenter_node_iam_role ? 1 : 0
+
+  name        = try(var.karpenter_node.iam_role_use_name_prefix, true) ? null : local.karpenter_node_iam_role_name
+  name_prefix = try(var.karpenter_node.iam_role_use_name_prefix, true) ? "${local.karpenter_node_iam_role_name}-" : null
+  path        = try(var.karpenter_node.iam_role_path, null)
+  description = try(var.karpenter_node.iam_role_description, "Karpenter EC2 node IAM role")
+
+  assume_role_policy    = try(data.aws_iam_policy_document.karpenter_assume_role[0].json, "")
+  max_session_duration  = try(var.karpenter_node.iam_role_max_session_duration, null)
+  permissions_boundary  = try(var.karpenter_node.iam_role_permissions_boundary, null)
+  force_detach_policies = true
+
+  tags = merge(var.tags, try(var.karpenter_node.iam_role_tags, {}))
+}
+
+resource "aws_iam_role_policy_attachment" "karpenter" {
+  for_each = { for k, v in {
+    AmazonEKSWorkerNodePolicy          = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy",
+    AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly",
+    AmazonEKS_CNI_Policy               = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
+  } : k => v if local.create_karpenter_node_iam_role }
+
+  policy_arn = each.value
+  role       = aws_iam_role.karpenter[0].name
+}
+
+resource "aws_iam_role_policy_attachment" "additional" {
+  for_each = { for k, v in try(var.karpenter_node.iam_role_additional_policies, {}) : k => v if local.create_karpenter_node_iam_role }
+
+  policy_arn = each.value
+  role       = aws_iam_role.karpenter[0].name
+}
+
+resource "aws_iam_instance_profile" "karpenter" {
+  count = var.enable_karpenter && try(var.karpenter_node.create_instance_profile, true) ? 1 : 0
+
+  name        = try(var.karpenter_node.iam_role_use_name_prefix, true) ? null : local.karpenter_node_iam_role_name
+  name_prefix = try(var.karpenter_node.iam_role_use_name_prefix, true) ? "${local.karpenter_node_iam_role_name}-" : null
+  path        = try(var.karpenter_node.iam_role_path, null)
+  role        = try(aws_iam_role.karpenter[0].name, var.karpenter_node.iam_role_name, "")
+
+  tags = merge(var.tags, try(var.karpenter_node.instance_profile_tags, {}))
+}
+
+module "karpenter" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_karpenter
+
+  # https://github.com/aws/karpenter/blob/main/charts/karpenter/Chart.yaml
+  name             = try(var.karpenter.name, "karpenter")
+  description      = try(var.karpenter.description, "A Helm chart to deploy Karpenter")
+  namespace        = try(var.karpenter.namespace, "karpenter")
+  create_namespace = try(var.karpenter.create_namespace, true)
+  chart            = "karpenter"
+  chart_version    = try(var.karpenter.chart_version, "v0.27.2")
+  repository       = try(var.karpenter.repository, "oci://public.ecr.aws/karpenter")
+  values           = try(var.karpenter.values, [])
+
+  timeout                    = try(var.karpenter.timeout, null)
+  repository_key_file        = try(var.karpenter.repository_key_file, null)
+  repository_cert_file       = try(var.karpenter.repository_cert_file, null)
+  repository_ca_file         = try(var.karpenter.repository_ca_file, null)
+  repository_username        = try(var.karpenter.repository_username, null)
+  repository_password        = try(var.karpenter.repository_password, null)
+  devel                      = try(var.karpenter.devel, null)
+  verify                     = try(var.karpenter.verify, null)
+  keyring                    = try(var.karpenter.keyring, null)
+  disable_webhooks           = try(var.karpenter.disable_webhooks, null)
+  reuse_values               = try(var.karpenter.reuse_values, null)
+  reset_values               = try(var.karpenter.reset_values, null)
+  force_update               = try(var.karpenter.force_update, null)
+  recreate_pods              = try(var.karpenter.recreate_pods, null)
+  cleanup_on_fail            = try(var.karpenter.cleanup_on_fail, null)
+  max_history                = try(var.karpenter.max_history, null)
+  atomic                     = try(var.karpenter.atomic, null)
+  skip_crds                  = try(var.karpenter.skip_crds, null)
+  render_subchart_notes      = try(var.karpenter.render_subchart_notes, null)
+  disable_openapi_validation = try(var.karpenter.disable_openapi_validation, null)
+  wait                       = try(var.karpenter.wait, null)
+  wait_for_jobs              = try(var.karpenter.wait_for_jobs, null)
+  dependency_update          = try(var.karpenter.dependency_update, null)
+  replace                    = try(var.karpenter.replace, null)
+  lint                       = try(var.karpenter.lint, null)
+
+  postrender = try(var.karpenter.postrender, [])
+  set = concat(
+    [
+      {
+        name  = "settings.aws.clusterName"
+        value = local.cluster_name
+      },
+      {
+        name  = "settings.aws.clusterEndpoint"
+        value = local.cluster_endpoint
+      },
+      {
+        name  = "settings.aws.defaultInstanceProfile"
+        value = try(aws_iam_instance_profile.karpenter[0].name, var.karpenter_node.instance_profile_name, "")
+      },
+      {
+        name  = "settings.aws.interruptionQueueName"
+        value = module.karpenter_sqs.queue_name
+      },
+      {
+        name  = "serviceAccount.name"
+        value = local.karpenter_service_account_name
+      },
+    ],
+    try(var.karpenter.set, [])
+  )
+  set_sensitive = try(var.karpenter.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.karpenter.create_role, true)
+  role_name                     = try(var.karpenter.role_name, "karpenter")
+  role_name_use_prefix          = try(var.karpenter.role_name_use_prefix, true)
+  role_path                     = try(var.karpenter.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.karpenter, "role_permissions_boundary_arn", null)
+  role_description              = try(var.karpenter.role_description, "IRSA for Karpenter")
+  role_policies                 = lookup(var.karpenter, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.karpenter[*].json,
+    lookup(var.karpenter, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.karpenter, "override_policy_documents", [])
+  policy_statements         = lookup(var.karpenter, "policy_statements", [])
+  policy_name               = try(var.karpenter.policy_name, null)
+  policy_name_use_prefix    = try(var.karpenter.policy_name_use_prefix, true)
+  policy_path               = try(var.karpenter.policy_path, null)
+  policy_description        = try(var.karpenter.policy_description, "IAM Policy for karpenter")
+
+  oidc_providers = {
+    this = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.karpenter_service_account_name
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Kube Prometheus stack
+################################################################################
+
+# During destroy CRDs created by this chart are not removed by default and
+# should be manually cleaned up:
+# kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
+# kubectl delete crd alertmanagers.monitoring.coreos.com
+# kubectl delete crd podmonitors.monitoring.coreos.com
+# kubectl delete crd probes.monitoring.coreos.com
+# kubectl delete crd prometheuses.monitoring.coreos.com
+# kubectl delete crd prometheusrules.monitoring.coreos.com
+# kubectl delete crd servicemonitors.monitoring.coreos.com
+# kubectl delete crd thanosrulers.monitoring.coreos.com
+
+module "kube_prometheus_stack" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_kube_prometheus_stack
+
+  # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml
+  name             = try(var.kube_prometheus_stack.name, "kube-prometheus-stack")
+  description      = try(var.kube_prometheus_stack.description, "A Helm chart to install the Kube Prometheus Stack")
+  namespace        = try(var.kube_prometheus_stack.namespace, "kube-prometheus-stack")
+  create_namespace = try(var.kube_prometheus_stack.create_namespace, true)
+  chart            = "kube-prometheus-stack"
+  chart_version    = try(var.kube_prometheus_stack.chart_version, "45.10.1")
+  repository       = try(var.kube_prometheus_stack.repository, "https://prometheus-community.github.io/helm-charts")
+  values           = try(var.kube_prometheus_stack.values, [])
+
+  timeout                    = try(var.kube_prometheus_stack.timeout, null)
+  repository_key_file        = try(var.kube_prometheus_stack.repository_key_file, null)
+  repository_cert_file       = try(var.kube_prometheus_stack.repository_cert_file, null)
+  repository_ca_file         = try(var.kube_prometheus_stack.repository_ca_file, null)
+  repository_username        = try(var.kube_prometheus_stack.repository_username, null)
+  repository_password        = try(var.kube_prometheus_stack.repository_password, null)
+  devel                      = try(var.kube_prometheus_stack.devel, null)
+  verify                     = try(var.kube_prometheus_stack.verify, null)
+  keyring                    = try(var.kube_prometheus_stack.keyring, null)
+  disable_webhooks           = try(var.kube_prometheus_stack.disable_webhooks, null)
+  reuse_values               = try(var.kube_prometheus_stack.reuse_values, null)
+  reset_values               = try(var.kube_prometheus_stack.reset_values, null)
+  force_update               = try(var.kube_prometheus_stack.force_update, null)
+  recreate_pods              = try(var.kube_prometheus_stack.recreate_pods, null)
+  cleanup_on_fail            = try(var.kube_prometheus_stack.cleanup_on_fail, null)
+  max_history                = try(var.kube_prometheus_stack.max_history, null)
+  atomic                     = try(var.kube_prometheus_stack.atomic, null)
+  skip_crds                  = try(var.kube_prometheus_stack.skip_crds, null)
+  render_subchart_notes      = try(var.kube_prometheus_stack.render_subchart_notes, null)
+  disable_openapi_validation = try(var.kube_prometheus_stack.disable_openapi_validation, null)
+  wait                       = try(var.kube_prometheus_stack.wait, null)
+  wait_for_jobs              = try(var.kube_prometheus_stack.wait_for_jobs, null)
+  dependency_update          = try(var.kube_prometheus_stack.dependency_update, null)
+  replace                    = try(var.kube_prometheus_stack.replace, null)
+  lint                       = try(var.kube_prometheus_stack.lint, null)
+
+  postrender    = try(var.kube_prometheus_stack.postrender, [])
+  set           = try(var.kube_prometheus_stack.set, [])
+  set_sensitive = try(var.kube_prometheus_stack.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Metrics Server
+################################################################################
+
+module "metrics_server" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_metrics_server
+
+  # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/Chart.yaml
+  name             = try(var.metrics_server.name, "metrics-server")
+  description      = try(var.metrics_server.description, "A Helm chart to install the Metrics Server")
+  namespace        = try(var.metrics_server.namespace, "kube-system")
+  create_namespace = try(var.metrics_server.create_namespace, false)
+  chart            = "metrics-server"
+  chart_version    = try(var.metrics_server.chart_version, "3.10.0")
+  repository       = try(var.metrics_server.repository, "https://kubernetes-sigs.github.io/metrics-server/")
+  values           = try(var.metrics_server.values, [])
+
+  timeout                    = try(var.metrics_server.timeout, null)
+  repository_key_file        = try(var.metrics_server.repository_key_file, null)
+  repository_cert_file       = try(var.metrics_server.repository_cert_file, null)
+  repository_ca_file         = try(var.metrics_server.repository_ca_file, null)
+  repository_username        = try(var.metrics_server.repository_username, null)
+  repository_password        = try(var.metrics_server.repository_password, null)
+  devel                      = try(var.metrics_server.devel, null)
+  verify                     = try(var.metrics_server.verify, null)
+  keyring                    = try(var.metrics_server.keyring, null)
+  disable_webhooks           = try(var.metrics_server.disable_webhooks, null)
+  reuse_values               = try(var.metrics_server.reuse_values, null)
+  reset_values               = try(var.metrics_server.reset_values, null)
+  force_update               = try(var.metrics_server.force_update, null)
+  recreate_pods              = try(var.metrics_server.recreate_pods, null)
+  cleanup_on_fail            = try(var.metrics_server.cleanup_on_fail, null)
+  max_history                = try(var.metrics_server.max_history, null)
+  atomic                     = try(var.metrics_server.atomic, null)
+  skip_crds                  = try(var.metrics_server.skip_crds, null)
+  render_subchart_notes      = try(var.metrics_server.render_subchart_notes, null)
+  disable_openapi_validation = try(var.metrics_server.disable_openapi_validation, null)
+  wait                       = try(var.metrics_server.wait, null)
+  wait_for_jobs              = try(var.metrics_server.wait_for_jobs, null)
+  dependency_update          = try(var.metrics_server.dependency_update, null)
+  replace                    = try(var.metrics_server.replace, null)
+  lint                       = try(var.metrics_server.lint, null)
+
+  postrender    = try(var.metrics_server.postrender, [])
+  set           = try(var.metrics_server.set, [])
+  set_sensitive = try(var.metrics_server.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Secrets Store CSI Driver
+################################################################################
+
+module "secrets_store_csi_driver" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_secrets_store_csi_driver
+
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml
+  name             = try(var.secrets_store_csi_driver.name, "secrets-store-csi-driver")
+  description      = try(var.secrets_store_csi_driver.description, "A Helm chart to install the Secrets Store CSI Driver")
+  namespace        = try(var.secrets_store_csi_driver.namespace, "kube-system")
+  create_namespace = try(var.secrets_store_csi_driver.create_namespace, false)
+  chart            = "secrets-store-csi-driver"
+  chart_version    = try(var.secrets_store_csi_driver.chart_version, "1.3.2")
+  repository       = try(var.secrets_store_csi_driver.repository, "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts")
+  values           = try(var.secrets_store_csi_driver.values, [])
+
+  timeout                    = try(var.secrets_store_csi_driver.timeout, null)
+  repository_key_file        = try(var.secrets_store_csi_driver.repository_key_file, null)
+  repository_cert_file       = try(var.secrets_store_csi_driver.repository_cert_file, null)
+  repository_ca_file         = try(var.secrets_store_csi_driver.repository_ca_file, null)
+  repository_username        = try(var.secrets_store_csi_driver.repository_username, null)
+  repository_password        = try(var.secrets_store_csi_driver.repository_password, null)
+  devel                      = try(var.secrets_store_csi_driver.devel, null)
+  verify                     = try(var.secrets_store_csi_driver.verify, null)
+  keyring                    = try(var.secrets_store_csi_driver.keyring, null)
+  disable_webhooks           = try(var.secrets_store_csi_driver.disable_webhooks, null)
+  reuse_values               = try(var.secrets_store_csi_driver.reuse_values, null)
+  reset_values               = try(var.secrets_store_csi_driver.reset_values, null)
+  force_update               = try(var.secrets_store_csi_driver.force_update, null)
+  recreate_pods              = try(var.secrets_store_csi_driver.recreate_pods, null)
+  cleanup_on_fail            = try(var.secrets_store_csi_driver.cleanup_on_fail, null)
+  max_history                = try(var.secrets_store_csi_driver.max_history, null)
+  atomic                     = try(var.secrets_store_csi_driver.atomic, null)
+  skip_crds                  = try(var.secrets_store_csi_driver.skip_crds, null)
+  render_subchart_notes      = try(var.secrets_store_csi_driver.render_subchart_notes, null)
+  disable_openapi_validation = try(var.secrets_store_csi_driver.disable_openapi_validation, null)
+  wait                       = try(var.secrets_store_csi_driver.wait, null)
+  wait_for_jobs              = try(var.secrets_store_csi_driver.wait_for_jobs, null)
+  dependency_update          = try(var.secrets_store_csi_driver.dependency_update, null)
+  replace                    = try(var.secrets_store_csi_driver.replace, null)
+  lint                       = try(var.secrets_store_csi_driver.lint, null)
+
+  postrender    = try(var.secrets_store_csi_driver.postrender, [])
+  set           = try(var.secrets_store_csi_driver.set, [])
+  set_sensitive = try(var.secrets_store_csi_driver.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Secrets Store CSI Driver Provider AWS
+################################################################################
+
+locals {
+  secrets_store_csi_driver_provider_aws_service_account = try(var.secrets_store_csi_driver_provider_aws.service_account_name, "secrets-store-csi-driver-provider-aws-sa")
+}
+
+module "secrets_store_csi_driver_provider_aws" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_secrets_store_csi_driver_provider_aws
+
+  # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
+  name             = try(var.secrets_store_csi_driver_provider_aws.name, "secrets-store-csi-driver-provider-aws")
+  description      = try(var.secrets_store_csi_driver_provider_aws.description, "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster.")
+  namespace        = try(var.secrets_store_csi_driver_provider_aws.namespace, "kube-system")
+  create_namespace = try(var.secrets_store_csi_driver_provider_aws.create_namespace, false)
+  chart            = "secrets-store-csi-driver-provider-aws"
+  chart_version    = try(var.secrets_store_csi_driver_provider_aws.chart_version, "0.3.2")
+  repository       = try(var.secrets_store_csi_driver_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws")
+  values           = try(var.secrets_store_csi_driver_provider_aws.values, [])
+
+  timeout                    = try(var.secrets_store_csi_driver_provider_aws.timeout, null)
+  repository_key_file        = try(var.secrets_store_csi_driver_provider_aws.repository_key_file, null)
+  repository_cert_file       = try(var.secrets_store_csi_driver_provider_aws.repository_cert_file, null)
+  repository_ca_file         = try(var.secrets_store_csi_driver_provider_aws.repository_ca_file, null)
+  repository_username        = try(var.secrets_store_csi_driver_provider_aws.repository_username, null)
+  repository_password        = try(var.secrets_store_csi_driver_provider_aws.repository_password, null)
+  devel                      = try(var.secrets_store_csi_driver_provider_aws.devel, null)
+  verify                     = try(var.secrets_store_csi_driver_provider_aws.verify, null)
+  keyring                    = try(var.secrets_store_csi_driver_provider_aws.keyring, null)
+  disable_webhooks           = try(var.secrets_store_csi_driver_provider_aws.disable_webhooks, null)
+  reuse_values               = try(var.secrets_store_csi_driver_provider_aws.reuse_values, null)
+  reset_values               = try(var.secrets_store_csi_driver_provider_aws.reset_values, null)
+  force_update               = try(var.secrets_store_csi_driver_provider_aws.force_update, null)
+  recreate_pods              = try(var.secrets_store_csi_driver_provider_aws.recreate_pods, null)
+  cleanup_on_fail            = try(var.secrets_store_csi_driver_provider_aws.cleanup_on_fail, null)
+  max_history                = try(var.secrets_store_csi_driver_provider_aws.max_history, null)
+  atomic                     = try(var.secrets_store_csi_driver_provider_aws.atomic, null)
+  skip_crds                  = try(var.secrets_store_csi_driver_provider_aws.skip_crds, null)
+  render_subchart_notes      = try(var.secrets_store_csi_driver_provider_aws.render_subchart_notes, null)
+  disable_openapi_validation = try(var.secrets_store_csi_driver_provider_aws.disable_openapi_validation, null)
+  wait                       = try(var.secrets_store_csi_driver_provider_aws.wait, null)
+  wait_for_jobs              = try(var.secrets_store_csi_driver_provider_aws.wait_for_jobs, null)
+  dependency_update          = try(var.secrets_store_csi_driver_provider_aws.dependency_update, null)
+  replace                    = try(var.secrets_store_csi_driver_provider_aws.replace, null)
+  lint                       = try(var.secrets_store_csi_driver_provider_aws.lint, null)
+
+  postrender = try(var.secrets_store_csi_driver_provider_aws.postrender, [])
+  set = concat([
+    {
+      name  = "serviceAccount.name"
+      value = local.secrets_store_csi_driver_provider_aws_service_account
+    }],
+    try(var.secrets_store_csi_driver_provider_aws.set, [])
+  )
+  set_sensitive = try(var.secrets_store_csi_driver_provider_aws.set_sensitive, [])
+
+  tags = var.tags
+}
+
+################################################################################
+# Velero
+################################################################################
+
+locals {
+  velero_name                    = "velero"
+  velero_service_account         = try(var.velero.service_account_name, "${local.velero_name}-server")
+  velero_backup_s3_bucket        = try(split(":", var.velero.s3_backup_location), [])
+  velero_backup_s3_bucket_arn    = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location, "")
+  velero_backup_s3_bucket_name   = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5], "")
+  velero_backup_s3_bucket_prefix = try(split("/", var.velero.s3_backup_location)[1], "")
+}
+
+# https://github.com/vmware-tanzu/velero-plugin-for-aws#option-1-set-permissions-with-an-iam-user
+data "aws_iam_policy_document" "velero" {
+  count = var.enable_velero ? 1 : 0
+
+  statement {
+    actions = [
+      "ec2:CreateSnapshot",
+      "ec2:CreateSnapshots",
+      "ec2:CreateTags",
+      "ec2:CreateVolume",
+      "ec2:DeleteSnapshot"
+    ]
+    resources = [
+      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:instance/*",
+      "arn:${local.partition}:ec2:${local.region}::snapshot/*",
+      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:volume/*"
+    ]
+  }
+
+  statement {
+    actions = [
+      "ec2:DescribeSnapshots",
+      "ec2:DescribeVolumes"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "s3:AbortMultipartUpload",
+      "s3:DeleteObject",
+      "s3:GetObject",
+      "s3:ListMultipartUploadParts",
+      "s3:PutObject",
+    ]
+    resources = ["${var.velero.s3_backup_location}/*"]
+  }
+
+  statement {
+    actions   = ["s3:ListBucket"]
+    resources = [local.velero_backup_s3_bucket_arn]
+  }
+}
+
+module "velero" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_velero
+
+  # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/Chart.yaml
+  name             = try(var.velero.name, "velero")
+  description      = try(var.velero.description, "A Helm chart to install the Velero")
+  namespace        = try(var.velero.namespace, "velero")
+  create_namespace = try(var.velero.create_namespace, true)
+  chart            = "velero"
+  chart_version    = try(var.velero.chart_version, "3.1.6")
+  repository       = try(var.velero.repository, "https://vmware-tanzu.github.io/helm-charts/")
+  values           = try(var.velero.values, [])
+
+  timeout                    = try(var.velero.timeout, null)
+  repository_key_file        = try(var.velero.repository_key_file, null)
+  repository_cert_file       = try(var.velero.repository_cert_file, null)
+  repository_ca_file         = try(var.velero.repository_ca_file, null)
+  repository_username        = try(var.velero.repository_username, null)
+  repository_password        = try(var.velero.repository_password, null)
+  devel                      = try(var.velero.devel, null)
+  verify                     = try(var.velero.verify, null)
+  keyring                    = try(var.velero.keyring, null)
+  disable_webhooks           = try(var.velero.disable_webhooks, null)
+  reuse_values               = try(var.velero.reuse_values, null)
+  reset_values               = try(var.velero.reset_values, null)
+  force_update               = try(var.velero.force_update, null)
+  recreate_pods              = try(var.velero.recreate_pods, null)
+  cleanup_on_fail            = try(var.velero.cleanup_on_fail, null)
+  max_history                = try(var.velero.max_history, null)
+  atomic                     = try(var.velero.atomic, null)
+  skip_crds                  = try(var.velero.skip_crds, null)
+  render_subchart_notes      = try(var.velero.render_subchart_notes, null)
+  disable_openapi_validation = try(var.velero.disable_openapi_validation, null)
+  wait                       = try(var.velero.wait, null)
+  wait_for_jobs              = try(var.velero.wait_for_jobs, null)
+  dependency_update          = try(var.velero.dependency_update, null)
+  replace                    = try(var.velero.replace, null)
+  lint                       = try(var.velero.lint, null)
+
+  postrender = try(var.velero.postrender, [])
+  set = concat([
+    {
+      name  = "initContainers"
+      value = <<-EOT
+   - name: velero-plugin-for-aws
+     image: velero/velero-plugin-for-aws:v1.7.0
+     imagePullPolicy: IfNotPresent
+     volumeMounts:
+       - mountPath: /target
+         name: plugins
+            EOT
+    },
+    {
+      name  = "serviceAccount.server.name"
+      value = local.velero_service_account
+    },
+    {
+      name  = "configuration.provider"
+      value = "aws"
+    },
+    {
+      name  = "configuration.backupStorageLocation.prefix"
+      value = local.velero_backup_s3_bucket_prefix
+    },
+    {
+      name  = "configuration.backupStorageLocation.bucket"
+      value = local.velero_backup_s3_bucket_name
+    },
+    {
+      name  = "configuration.backupStorageLocation.config.region"
+      value = local.region
+    },
+    {
+      name  = "configuration.volumeSnapshotLocation.config.region"
+      value = local.region
+    },
+    {
+      name  = "credentials.useSecret"
+      value = false
+    }],
+    try(var.velero.set, [])
+  )
+  set_sensitive = try(var.velero.set_sensitive, [])
+
+  # IAM role for service account (IRSA)
+  set_irsa_names                = ["serviceAccount.server.annotations.eks\\.amazonaws\\.com/role-arn"]
+  create_role                   = try(var.velero.create_role, true)
+  role_name                     = try(var.velero.role_name, "velero")
+  role_name_use_prefix          = try(var.velero.role_name_use_prefix, true)
+  role_path                     = try(var.velero.role_path, "/")
+  role_permissions_boundary_arn = lookup(var.velero, "role_permissions_boundary_arn", null)
+  role_description              = try(var.velero.role_description, "IRSA for Velero")
+  role_policies                 = lookup(var.velero, "role_policies", {})
+
+  source_policy_documents = compact(concat(
+    data.aws_iam_policy_document.velero[*].json,
+    lookup(var.velero, "source_policy_documents", [])
+  ))
+  override_policy_documents = lookup(var.velero, "override_policy_documents", [])
+  policy_statements         = lookup(var.velero, "policy_statements", [])
+  policy_name               = try(var.velero.policy_name, "velero")
+  policy_name_use_prefix    = try(var.velero.policy_name_use_prefix, true)
+  policy_path               = try(var.velero.policy_path, null)
+  policy_description        = try(var.velero.policy_description, "IAM Policy for Velero")
+
+  oidc_providers = {
+    controller = {
+      provider_arn = local.oidc_provider_arn
+      # namespace is inherited from chart
+      service_account = local.velero_service_account
+    }
+  }
+
+  tags = var.tags
+}
+
+################################################################################
+# Vertical Pod Autoscaler
+################################################################################
+
+module "vpa" {
+  source  = "aws-ia/eks-blueprints-addon/aws"
+  version = "1.0.0"
+
+  create = var.enable_vpa
+
+  # https://github.com/FairwindsOps/charts/blob/master/stable/vpa/Chart.yaml
+  # (there is no offical helm chart for VPA)
+  name             = try(var.vpa.name, "vpa")
+  description      = try(var.vpa.description, "A Helm chart to install the Vertical Pod Autoscaler")
+  namespace        = try(var.vpa.namespace, "vpa")
+  create_namespace = try(var.vpa.create_namespace, true)
+  chart            = "vpa"
+  chart_version    = try(var.vpa.chart_version, "1.7.2")
+  repository       = try(var.vpa.repository, "https://charts.fairwinds.com/stable")
+  values           = try(var.vpa.values, [])
+
+  timeout                    = try(var.vpa.timeout, null)
+  repository_key_file        = try(var.vpa.repository_key_file, null)
+  repository_cert_file       = try(var.vpa.repository_cert_file, null)
+  repository_ca_file         = try(var.vpa.repository_ca_file, null)
+  repository_username        = try(var.vpa.repository_username, null)
+  repository_password        = try(var.vpa.repository_password, null)
+  devel                      = try(var.vpa.devel, null)
+  verify                     = try(var.vpa.verify, null)
+  keyring                    = try(var.vpa.keyring, null)
+  disable_webhooks           = try(var.vpa.disable_webhooks, null)
+  reuse_values               = try(var.vpa.reuse_values, null)
+  reset_values               = try(var.vpa.reset_values, null)
+  force_update               = try(var.vpa.force_update, null)
+  recreate_pods              = try(var.vpa.recreate_pods, null)
+  cleanup_on_fail            = try(var.vpa.cleanup_on_fail, null)
+  max_history                = try(var.vpa.max_history, null)
+  atomic                     = try(var.vpa.atomic, null)
+  skip_crds                  = try(var.vpa.skip_crds, null)
+  render_subchart_notes      = try(var.vpa.render_subchart_notes, null)
+  disable_openapi_validation = try(var.vpa.disable_openapi_validation, null)
+  wait                       = try(var.vpa.wait, null)
+  wait_for_jobs              = try(var.vpa.wait_for_jobs, null)
+  dependency_update          = try(var.vpa.dependency_update, null)
+  replace                    = try(var.vpa.replace, null)
+  lint                       = try(var.vpa.lint, null)
+
+  postrender    = try(var.vpa.postrender, [])
+  set           = try(var.vpa.set, [])
+  set_sensitive = try(var.vpa.set_sensitive, [])
+
+  tags = var.tags
+}
diff --git a/examples/do-not-use/outputs.tf b/examples/do-not-use/outputs.tf
new file mode 100644
index 0000000000..22ce2ffe7a
--- /dev/null
+++ b/examples/do-not-use/outputs.tf
@@ -0,0 +1,141 @@
+output "argo_rollouts" {
+  description = "Map of attributes of the Helm release created"
+  value       = module.argo_rollouts
+}
+
+output "argo_workflows" {
+  description = "Map of attributes of the Helm release created"
+  value       = module.argo_workflows
+}
+
+output "argocd" {
+  description = "Map of attributes of the Helm release created"
+  value       = module.argocd
+}
+
+output "aws_cloudwatch_metrics" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_cloudwatch_metrics
+}
+
+output "aws_efs_csi_driver" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_efs_csi_driver
+}
+
+output "aws_for_fluentbit" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_for_fluentbit
+}
+
+output "aws_fsx_csi_driver" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_fsx_csi_driver
+}
+
+output "aws_load_balancer_controller" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_load_balancer_controller
+}
+
+output "aws_node_termination_handler" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value = merge(
+    module.aws_node_termination_handler,
+    {
+      sqs = module.aws_node_termination_handler_sqs
+    }
+  )
+}
+
+output "aws_privateca_issuer" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.aws_privateca_issuer
+}
+
+output "cert_manager" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.cert_manager
+}
+
+output "cluster_autoscaler" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.cluster_autoscaler
+}
+
+output "cluster_proportional_autoscaler" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.cluster_proportional_autoscaler
+}
+
+output "eks_addons" {
+  description = "Map of attributes for each EKS addons enabled"
+  value       = aws_eks_addon.this
+}
+
+output "external_dns" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.external_dns
+}
+
+output "external_secrets" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.external_secrets
+}
+
+output "fargate_fluentbit" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = kubernetes_config_map_v1.aws_logging
+}
+
+output "gatekeeper" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.gatekeeper
+}
+
+output "ingress_nginx" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.ingress_nginx
+}
+
+output "karpenter" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value = merge(
+    module.karpenter,
+    {
+      node_instance_profile_name = try(aws_iam_instance_profile.karpenter[0].name, "")
+      node_iam_role_arn          = try(aws_iam_role.karpenter[0].arn, "")
+      sqs                        = module.karpenter_sqs
+    }
+  )
+}
+
+output "kube_prometheus_stack" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.kube_prometheus_stack
+}
+
+output "metrics_server" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.metrics_server
+}
+
+output "secrets_store_csi_driver" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.secrets_store_csi_driver
+}
+
+output "secrets_store_csi_driver_provider_aws" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.secrets_store_csi_driver_provider_aws
+}
+
+output "velero" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.velero
+}
+
+output "vpa" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = module.vpa
+}
diff --git a/examples/do-not-use/variables.tf b/examples/do-not-use/variables.tf
new file mode 100644
index 0000000000..b445835bbe
--- /dev/null
+++ b/examples/do-not-use/variables.tf
@@ -0,0 +1,525 @@
+variable "tags" {
+  description = "A map of tags to add to all resources"
+  type        = map(string)
+  default     = {}
+}
+
+variable "cluster_name" {
+  description = "Name of the EKS cluster"
+  type        = string
+}
+
+variable "cluster_endpoint" {
+  description = "Endpoint for your Kubernetes API server"
+  type        = string
+}
+
+variable "cluster_version" {
+  description = "Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`)"
+  type        = string
+}
+
+variable "oidc_provider_arn" {
+  description = "The ARN of the cluster OIDC Provider"
+  type        = string
+}
+
+variable "create_delay_duration" {
+  description = "The duration to wait before creating resources"
+  type        = string
+  default     = "30s"
+}
+
+variable "create_delay_dependencies" {
+  description = "Dependency attribute which must be resolved before starting the `create_delay_duration`"
+  type        = list(string)
+  default     = []
+}
+
+################################################################################
+# Argo Rollouts
+################################################################################
+
+variable "enable_argo_rollouts" {
+  description = "Enable Argo Rollouts add-on"
+  type        = bool
+  default     = false
+}
+
+variable "argo_rollouts" {
+  description = "Argo Rollouts addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Argo Workflows
+################################################################################
+
+variable "enable_argo_workflows" {
+  description = "Enable Argo workflows add-on"
+  type        = bool
+  default     = false
+}
+
+variable "argo_workflows" {
+  description = "Argo Workflows addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# ArgoCD
+################################################################################
+
+variable "enable_argocd" {
+  description = "Enable Argo CD Kubernetes add-on"
+  type        = bool
+  default     = false
+}
+
+variable "argocd" {
+  description = "ArgoCD addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS Cloudwatch Metrics
+################################################################################
+
+variable "enable_aws_cloudwatch_metrics" {
+  description = "Enable AWS Cloudwatch Metrics add-on for Container Insights"
+  type        = bool
+  default     = false
+}
+
+variable "aws_cloudwatch_metrics" {
+  description = "Cloudwatch Metrics addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS EFS CSI Driver
+################################################################################
+
+variable "enable_aws_efs_csi_driver" {
+  description = "Enable AWS EFS CSI Driver add-on"
+  type        = bool
+  default     = false
+}
+
+variable "aws_efs_csi_driver" {
+  description = "EFS CSI Driver addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS for Fluentbit
+################################################################################
+
+variable "enable_aws_for_fluentbit" {
+  description = "Enable AWS for FluentBit add-on"
+  type        = bool
+  default     = false
+}
+
+variable "aws_for_fluentbit" {
+  description = "AWS Fluentbit add-on configurations"
+  type        = any
+  default     = {}
+}
+
+variable "aws_for_fluentbit_cw_log_group" {
+  description = "AWS Fluentbit CloudWatch Log Group configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS FSx CSI Driver
+################################################################################
+
+variable "enable_aws_fsx_csi_driver" {
+  description = "Enable AWS FSX CSI Driver add-on"
+  type        = bool
+  default     = false
+}
+
+variable "aws_fsx_csi_driver" {
+  description = "FSX CSI Driver addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS Load Balancer Controller
+################################################################################
+
+variable "enable_aws_load_balancer_controller" {
+  description = "Enable AWS Load Balancer Controller add-on"
+  type        = bool
+  default     = false
+}
+
+variable "aws_load_balancer_controller" {
+  description = "AWS Load Balancer Controller addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# AWS Node Termination Handler
+################################################################################
+
+variable "enable_aws_node_termination_handler" {
+  description = "Enable AWS Node Termination Handler add-on"
+  type        = bool
+  default     = false
+}
+
+variable "aws_node_termination_handler" {
+  description = "AWS Node Termination Handler addon configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "aws_node_termination_handler_sqs" {
+  description = "AWS Node Termination Handler SQS queue configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "aws_node_termination_handler_asg_arns" {
+  description = "List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events"
+  type        = list(string)
+  default     = []
+}
+
+################################################################################
+# AWS Private CA Issuer
+################################################################################
+
+variable "enable_aws_privateca_issuer" {
+  description = "Enable AWS PCA Issuer"
+  type        = bool
+  default     = false
+}
+
+variable "aws_privateca_issuer" {
+  description = "AWS PCA Issuer add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Cert Manager
+################################################################################
+
+variable "enable_cert_manager" {
+  description = "Enable cert-manager add-on"
+  type        = bool
+  default     = false
+}
+
+variable "cert_manager" {
+  description = "cert-manager addon configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "cert_manager_route53_hosted_zone_arns" {
+  description = "List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records"
+  type        = list(string)
+  default     = ["arn:aws:route53:::hostedzone/*"]
+}
+
+################################################################################
+# Cluster Autoscaler
+################################################################################
+
+variable "enable_cluster_autoscaler" {
+  description = "Enable Cluster autoscaler add-on"
+  type        = bool
+  default     = false
+}
+
+variable "cluster_autoscaler" {
+  description = "Cluster Autoscaler addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Cluster Proportional Autoscaler
+################################################################################
+
+variable "enable_cluster_proportional_autoscaler" {
+  description = "Enable Cluster Proportional Autoscaler"
+  type        = bool
+  default     = false
+}
+
+variable "cluster_proportional_autoscaler" {
+  description = "Cluster Proportional Autoscaler add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# EKS Addons
+################################################################################
+
+variable "eks_addons" {
+  description = "Map of EKS addon configurations to enable for the cluster. Addon name can be the map keys or set with `name`"
+  type        = any
+  default     = {}
+}
+
+variable "eks_addons_timeouts" {
+  description = "Create, update, and delete timeout configurations for the EKS addons"
+  type        = map(string)
+  default     = {}
+}
+
+################################################################################
+# External DNS
+################################################################################
+
+variable "enable_external_dns" {
+  description = "Enable external-dns operator add-on"
+  type        = bool
+  default     = false
+}
+
+variable "external_dns" {
+  description = "external-dns addon configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "external_dns_route53_zone_arns" {
+  description = "List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53)"
+  type        = list(string)
+  default     = []
+}
+
+################################################################################
+# External Secrets
+################################################################################
+
+variable "enable_external_secrets" {
+  description = "Enable External Secrets operator add-on"
+  type        = bool
+  default     = false
+}
+
+variable "external_secrets" {
+  description = "External Secrets addon configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "external_secrets_ssm_parameter_arns" {
+  description = "List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets"
+  type        = list(string)
+  default     = ["arn:aws:ssm:*:*:parameter/*"]
+}
+
+variable "external_secrets_secrets_manager_arns" {
+  description = "List of Secrets Manager ARNs that contain secrets to mount using External Secrets"
+  type        = list(string)
+  default     = ["arn:aws:secretsmanager:*:*:secret:*"]
+}
+
+variable "external_secrets_kms_key_arns" {
+  description = "List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets"
+  type        = list(string)
+  default     = ["arn:aws:kms:*:*:key/*"]
+}
+
+################################################################################
+# Fargate Fluentbit
+################################################################################
+
+variable "enable_fargate_fluentbit" {
+  description = "Enable Fargate FluentBit add-on"
+  type        = bool
+  default     = false
+}
+
+variable "fargate_fluentbit_cw_log_group" {
+  description = "AWS Fargate Fluentbit CloudWatch Log Group configurations"
+  type        = any
+  default     = {}
+}
+
+variable "fargate_fluentbit" {
+  description = "Fargate fluentbit add-on config"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Gatekeeper
+################################################################################
+
+variable "enable_gatekeeper" {
+  description = "Enable Gatekeeper add-on"
+  type        = bool
+  default     = false
+}
+
+variable "gatekeeper" {
+  description = "Gatekeeper add-on configuration"
+  type        = bool
+  default     = false
+}
+
+################################################################################
+# Ingress Nginx
+################################################################################
+
+variable "enable_ingress_nginx" {
+  description = "Enable Ingress Nginx"
+  type        = bool
+  default     = false
+}
+
+variable "ingress_nginx" {
+  description = "Ingress Nginx add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Karpenter
+################################################################################
+
+variable "enable_karpenter" {
+  description = "Enable Karpenter controller add-on"
+  type        = bool
+  default     = false
+}
+
+variable "karpenter" {
+  description = "Karpenter addon configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "karpenter_enable_spot_termination" {
+  description = "Determines whether to enable native node termination handling"
+  type        = bool
+  default     = true
+}
+
+variable "karpenter_sqs" {
+  description = "Karpenter SQS queue for native node termination handling configuration values"
+  type        = any
+  default     = {}
+}
+
+variable "karpenter_node" {
+  description = "Karpenter IAM role and IAM instance profile configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Kube Prometheus Stack
+################################################################################
+
+variable "enable_kube_prometheus_stack" {
+  description = "Enable Kube Prometheus Stack"
+  type        = bool
+  default     = false
+}
+
+variable "kube_prometheus_stack" {
+  description = "Kube Prometheus Stack add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Metrics Server
+################################################################################
+
+variable "enable_metrics_server" {
+  description = "Enable metrics server add-on"
+  type        = bool
+  default     = false
+}
+
+variable "metrics_server" {
+  description = "Metrics Server add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Secrets Store CSI Driver
+################################################################################
+
+variable "enable_secrets_store_csi_driver" {
+  description = "Enable CSI Secrets Store Provider"
+  type        = bool
+  default     = false
+}
+
+variable "secrets_store_csi_driver" {
+  description = "CSI Secrets Store Provider add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# CSI Secrets Store Provider AWS
+################################################################################
+
+variable "enable_secrets_store_csi_driver_provider_aws" {
+  description = "Enable AWS CSI Secrets Store Provider"
+  type        = bool
+  default     = false
+}
+
+variable "secrets_store_csi_driver_provider_aws" {
+  description = "CSI Secrets Store Provider add-on configurations"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Velero
+################################################################################
+
+variable "enable_velero" {
+  description = "Enable Kubernetes Dashboard add-on"
+  type        = bool
+  default     = false
+}
+
+variable "velero" {
+  description = "Velero addon configuration values"
+  type        = any
+  default     = {}
+}
+
+################################################################################
+# Vertical Pod Autoscaler
+################################################################################
+
+variable "enable_vpa" {
+  description = "Enable Vertical Pod Autoscaler add-on"
+  type        = bool
+  default     = false
+}
+
+variable "vpa" {
+  description = "Vertical Pod Autoscaler addon configuration values"
+  type        = any
+  default     = {}
+}
diff --git a/examples/do-not-use/versions.tf b/examples/do-not-use/versions.tf
new file mode 100644
index 0000000000..bea670ee5c
--- /dev/null
+++ b/examples/do-not-use/versions.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.47"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.9"
+    }
+  }
+}
diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index b6947c6c3b..227551df08 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -31,75 +31,13 @@ terraform apply
 
 Enter `yes` at command prompt to apply
 
-## Validate
-
-The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
-
-1. Run `update-kubeconfig` command:
-
-```sh
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
-```
-
-2. Test by listing all the pods running currently. The CoreDNS pod should reach a status of `Running` after approximately 60 seconds:
-
-```sh
-kubectl get pods -A
-
-# Output should look like below
-NAMESPACE     NAME                                  READY   STATUS    RESTARTS   AGE
-kube-system   coredns-66b965946d-gd59n              1/1     Running   0          92s
-kube-system   coredns-66b965946d-tsjrm              1/1     Running   0          92s
-kube-system   ebs-csi-controller-57cb869486-bcm9z   6/6     Running   0          90s
-kube-system   ebs-csi-controller-57cb869486-xw4z4   6/6     Running   0          90s
-```
-
-3. View the current nodes - these should all be Fargate nodes at this point:
-
-```sh
-kubectl get nodes
-
-# Output should look like below
-NAME                                                STATUS   ROLES    AGE     VERSION
-fargate-ip-10-0-10-11.us-west-2.compute.internal    Ready    <none>   8m7s    v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-210.us-west-2.compute.internal   Ready    <none>   2m50s   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-218.us-west-2.compute.internal   Ready    <none>   8m6s    v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-227.us-west-2.compute.internal   Ready    <none>   8m8s    v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-42.us-west-2.compute.internal    Ready    <none>   8m6s    v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-71.us-west-2.compute.internal    Ready    <none>   2m48s   v1.24.8-eks-a1bebd3
-```
-
-4. Scale up the sample `pause` deployment to see Karpenter respond by provisioning nodes to support the workload:
-
-```sh
-kubectl scale deployment inflate --replicas 5
-# To view logs
-# kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller
-```
-
-5. Re-check the nodes, you will now see a new EC2 node provisioned to support the scaled workload:
-
-```sh
-kubectl get nodes
-
-# Output should look like below
-NAME                                                STATUS   ROLES    AGE   VERSION
-fargate-ip-10-0-10-11.us-west-2.compute.internal    Ready    <none>   18m   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-210.us-west-2.compute.internal   Ready    <none>   13m   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-218.us-west-2.compute.internal   Ready    <none>   18m   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-227.us-west-2.compute.internal   Ready    <none>   18m   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-42.us-west-2.compute.internal    Ready    <none>   18m   v1.24.8-eks-a1bebd3
-fargate-ip-10-0-10-71.us-west-2.compute.internal    Ready    <none>   13m   v1.24.8-eks-a1bebd3
-ip-10-0-11-62.us-west-2.compute.internal            Ready    <none>   35s   v1.24.7-eks-fb459a0 # <= new EC2 node launched
-```
-
 ## Destroy
 
 To teardown and remove the resources created in this example:
 
 ```sh
 kubectl delete deployment inflate
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
+terraform destroy -target="module.eks_blueprints_addons" -auto-approve
 terraform destroy -target="module.eks" -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 133d754ea4..8d6acc2cd6 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -77,7 +77,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -87,6 +87,19 @@ module "eks" {
   create_cluster_security_group = false
   create_node_security_group    = false
 
+  manage_aws_auth_configmap = true
+  aws_auth_roles = [
+    # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
+    {
+      rolearn  = module.eks_blueprints_addons.karpenter.node_iam_role_arn
+      username = "system:node:{{EC2PrivateDNSName}}"
+      groups = [
+        "system:bootstrappers",
+        "system:nodes",
+      ]
+    },
+  ]
+
   fargate_profiles = {
     karpenter = {
       selectors = [
@@ -114,19 +127,17 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source = "../do-not-use"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
   cluster_version   = module.eks.cluster_version
   oidc_provider_arn = module.eks.oidc_provider_arn
 
+  # We want to wait for the Fargate profiles to be deployed first
+  create_delay_dependencies = [for prof in module.eks.fargate_profiles : prof.fargate_profile_arn]
+
   eks_addons = {
-    aws-ebs-csi-driver = {
-      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
-    }
     coredns = {
       configuration_values = jsonencode({
         computeType = "Fargate"
@@ -152,18 +163,7 @@ module "eks_blueprints_addons" {
         }
       })
     }
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-      most_recent              = true
-      before_compute           = true
-      configuration_values = jsonencode({
-        env = {
-          # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html
-          ENABLE_PREFIX_DELEGATION = "true"
-          WARM_PREFIX_TARGET       = "1"
-        }
-      })
-    }
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -172,9 +172,6 @@ module "eks_blueprints_addons" {
     repository_username = data.aws_ecrpublic_authorization_token.token.user_name
     repository_password = data.aws_ecrpublic_authorization_token.token.password
   }
-  karpenter_instance_profile = {
-    iam_role_name = module.eks.fargate_profiles["karpenter"].iam_role_name
-  }
 
   tags = local.tags
 }
@@ -238,14 +235,10 @@ resource "kubectl_manifest" "karpenter_node_template" {
         karpenter.sh/discovery: ${module.eks.cluster_name}
       securityGroupSelector:
         karpenter.sh/discovery: ${module.eks.cluster_name}
-      instanceProfile: ${module.eks_blueprints_addons.instance_profile_name}
+      instanceProfile: ${module.eks_blueprints_addons.karpenter.node_instance_profile_name}
       tags:
         karpenter.sh/discovery: ${module.eks.cluster_name}
   YAML
-
-  depends_on = [
-    module.eks_blueprints_addons
-  ]
 }
 
 # Example deployment using the [pause image](https://www.ianlewis.org/en/almighty-pause-container)
@@ -276,7 +269,7 @@ resource "kubectl_manifest" "karpenter_example_deployment" {
   YAML
 
   depends_on = [
-    module.eks_blueprints_addons
+    kubectl_manifest.karpenter_node_template
   ]
 }
 
@@ -310,40 +303,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "ebs_csi_driver_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
-
-  attach_ebs_csi_policy = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
-    }
-  }
-
-  tags = local.tags
-}
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf
index dab7cc2162..dc60719d10 100644
--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -8,7 +8,7 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
+      version = ">= 2.20"
     }
     helm = {
       source  = "hashicorp/helm"

From af85d0a388e446a266e46fe79afd3550c03353ca Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Thu, 4 May 2023 15:33:49 -0400
Subject: [PATCH 17/31] chore: Validate velero, efs, and stateful example
 (#1580)

Signed-off-by: Carlos Santana <csantana23@gmail.com>
---
 .../do-not-use/docs}/aws-efs-csi-driver.md    | 26 ++-------
 .../do-not-use/docs}/velero.md                | 55 ++++++++++---------
 examples/stateful/README.md                   |  2 +-
 examples/stateful/main.tf                     | 24 +++++---
 examples/stateful/outputs.tf                  |  4 ++
 5 files changed, 54 insertions(+), 57 deletions(-)
 rename {docs/add-ons => examples/do-not-use/docs}/aws-efs-csi-driver.md (71%)
 rename {docs/add-ons => examples/do-not-use/docs}/velero.md (70%)

diff --git a/docs/add-ons/aws-efs-csi-driver.md b/examples/do-not-use/docs/aws-efs-csi-driver.md
similarity index 71%
rename from docs/add-ons/aws-efs-csi-driver.md
rename to examples/do-not-use/docs/aws-efs-csi-driver.md
index 051d2e70c9..7be5b4ce25 100644
--- a/docs/add-ons/aws-efs-csi-driver.md
+++ b/examples/do-not-use/docs/aws-efs-csi-driver.md
@@ -32,26 +32,12 @@ You can optionally customize the Helm chart that deploys the driver via the foll
   enable_aws_efs_csi_driver = true
 
   # Optional aws_efs_csi_driver_helm_config
-  aws_efs_csi_driver_helm_config = {
-    repository  = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
-    version     = "2.2.3"
+  aws_efs_csi_driver = {
+    repository     = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
+    chart_version  = "2.4.1"
   }
-  aws_efs_csi_driver_irsa_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
-```
-
-### GitOps Configuration
-
-`ArgoCD` with `App of Apps` GitOps enabled for this Add-on by enabling the following variable
-
-```hcl
-argocd_manage_add_ons = true
-```
-
-The following is configured to ArgoCD App of Apps for this Add-on.
-
-```hcl
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
+  aws_efs_csi_driver {
+    role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
   }
 ```
+
diff --git a/docs/add-ons/velero.md b/examples/do-not-use/docs/velero.md
similarity index 70%
rename from docs/add-ons/velero.md
rename to examples/do-not-use/docs/velero.md
index 54ed43b7a5..028a7e5a6a 100644
--- a/docs/add-ons/velero.md
+++ b/examples/do-not-use/docs/velero.md
@@ -12,23 +12,23 @@
 ```hcl
 enable_velero           = true
 velero_backup_s3_bucket = "<YOUR_BUCKET_NAME>"
+velero = {
+    s3_backup_location = "<YOUR_S3_BUCKET_ARN>[/prefix]"
+  }
 ```
 
 You can also customize the Helm chart that deploys `velero` via the following configuration:
 
 ```hcl
 enable_velero           = true
-velero_helm_config = {
-  name        = "velero"
-  description = "A Helm chart for velero"
-  chart       = "velero"
-  version     = "2.30.0"
-  repository  = "https://vmware-tanzu.github.io/helm-charts/"
-  namespace   = "velero"
-  values = [templatefile("${path.module}/values.yaml", {
-    bucket = "<YOUR_BUCKET_NAME>",
-    region = "<YOUR_BUCKET_REGION>"
-  })]
+velero = {
+  name          = "velero"
+  description   = "A Helm chart for velero"
+  chart         = "velero"
+  chart_version = "3.1.6"
+  repository    = "https://vmware-tanzu.github.io/helm-charts/"
+  namespace     = "velero"
+  values        = <EXTRA_HELM_VALUES>
 }
 ```
 
@@ -50,16 +50,16 @@ kubectl get all -n velero
 
 # Output should look similar to below
 NAME                         READY   STATUS    RESTARTS   AGE
-pod/velero-b4d8fd5c7-5smp6   1/1     Running   0          112s
+pod/velero-7b8994d56-z89sl   1/1     Running   0          25h
 
-NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
-service/velero   ClusterIP   172.20.217.203   <none>        8085/TCP   114s
+NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
+service/velero   ClusterIP   172.20.20.118   <none>        8085/TCP   25h
 
 NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/velero   1/1     1            1           114s
+deployment.apps/velero   1/1     1            1           25h
 
 NAME                               DESIRED   CURRENT   READY   AGE
-replicaset.apps/velero-b4d8fd5c7   1         1         1       114s
+replicaset.apps/velero-7b8994d56   1         1         1       25h
 ```
 
 3. Get backup location using velero [CLI](https://velero.io/docs/v1.8/basic-install/#install-the-cli)
@@ -68,8 +68,8 @@ replicaset.apps/velero-b4d8fd5c7   1         1         1       114s
 velero backup-location get
 
 # Output should look similar to below
-NAME      PROVIDER   BUCKET/PREFIX             PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
-default   aws        velero-ssqwm44hvofzb32d   Available   2022-05-22 10:53:26 -0400 EDT   ReadWrite     true
+NAME      PROVIDER   BUCKET/PREFIX                                 PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
+default   aws        stateful-20230503175301619800000005/backups   Available   2023-05-04 15:15:00 -0400 EDT   ReadWrite     true
 ```
 
 4. To demonstrate creating a backup and restoring, create a new namespace and run nginx using below commands:
@@ -98,14 +98,12 @@ velero backup describe backup1
 Name:         backup1
 Namespace:    velero
 Labels:       velero.io/storage-location=default
-Annotations:  velero.io/source-cluster-k8s-gitversion=v1.21.9-eks-14c7a48
+Annotations:  velero.io/source-cluster-k8s-gitversion=v1.26.2-eks-a59e1f0
               velero.io/source-cluster-k8s-major-version=1
-              velero.io/source-cluster-k8s-minor-version=21+
+              velero.io/source-cluster-k8s-minor-version=26+
 
 Phase:  Completed
 
-Errors:    0
-Warnings:  0
 
 Namespaces:
   Included:  backupdemo
@@ -124,17 +122,20 @@ Velero-Native Snapshot PVs:  auto
 
 TTL:  720h0m0s
 
+CSISnapshotTimeout:    10m0s
+ItemOperationTimeout:  0s
+
 Hooks:  <none>
 
 Backup Format Version:  1.1.0
 
-Started:    2022-05-22 10:54:32 -0400 EDT
-Completed:  2022-05-22 10:54:35 -0400 EDT
+Started:    2023-05-04 15:16:31 -0400 EDT
+Completed:  2023-05-04 15:16:33 -0400 EDT
 
-Expiration:  2022-06-21 10:54:32 -0400 EDT
+Expiration:  2023-06-03 15:16:31 -0400 EDT
 
-Total items to be backed up:  10
-Items backed up:              10
+Total items to be backed up:  9
+Items backed up:              9
 
 Velero-Native Snapshots: <none included>
 ```
diff --git a/examples/stateful/README.md b/examples/stateful/README.md
index 5b84bd1b3e..1863bce45b 100644
--- a/examples/stateful/README.md
+++ b/examples/stateful/README.md
@@ -142,7 +142,7 @@ Filesystem     1K-blocks    Used Available Use% Mounted on
 To teardown and remove the resources created in this example:
 
 ```bash
-terraform destroy -target module.eks_blueprints_kubernetes_addons
+terraform destroy -target module.eks_blueprints_addons
 terraform destroy
 ```
 
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 9bf77bcce2..a95408babb 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -46,6 +46,8 @@ locals {
     Blueprint  = local.name
     GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
   }
+
+  velero_s3_backup_location = "${module.velero_backup_s3_bucket.s3_bucket_arn}/backups"
 }
 
 ################################################################################
@@ -58,7 +60,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -194,13 +196,15 @@ module "eks" {
 module "eks_blueprints_addons" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source = "../do-not-use"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
   cluster_version   = module.eks.cluster_version
   oidc_provider_arn = module.eks.oidc_provider_arn
 
+  create_delay_dependencies = [for group in module.eks.eks_managed_node_groups : group.node_group_arn]
+
   eks_addons = {
     aws-ebs-csi-driver = {
       service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
@@ -213,8 +217,9 @@ module "eks_blueprints_addons" {
   }
 
   enable_velero = true
+  # An S3 Bucket ARN is required. This can be declared with or without a Prefix.
   velero = {
-    s3_backup_location = module.velero_backup_s3_bucket.s3_bucket_id
+    s3_backup_location = local.velero_s3_backup_location
   }
   enable_aws_efs_csi_driver = true
 
@@ -228,19 +233,20 @@ module "eks_blueprints_addons" {
 resource "kubernetes_annotations" "gp2" {
   api_version = "storage.k8s.io/v1"
   kind        = "StorageClass"
-  force       = "true"
+  # This is true because the resources was already created by the ebs-csi-driver addon
+  force = "true"
 
   metadata {
     name = "gp2"
   }
 
   annotations = {
-    # Modify annotations to remove gp2 as default storage class still reatain the class
+    # Modify annotations to remove gp2 as default storage class still retain the class
     "storageclass.kubernetes.io/is-default-class" = "false"
   }
 
   depends_on = [
-    module.eks_blueprints_kubernetes_addons
+    module.eks_blueprints_addons
   ]
 }
 
@@ -266,7 +272,7 @@ resource "kubernetes_storage_class_v1" "gp3" {
   }
 
   depends_on = [
-    module.eks_blueprints_kubernetes_addons
+    module.eks_blueprints_addons
   ]
 }
 
@@ -287,7 +293,7 @@ resource "kubernetes_storage_class_v1" "efs" {
   ]
 
   depends_on = [
-    module.eks_blueprints_kubernetes_addons
+    module.eks_blueprints_addons
   ]
 }
 
@@ -362,7 +368,7 @@ module "velero_backup_s3_bucket" {
 
 module "efs" {
   source  = "terraform-aws-modules/efs/aws"
-  version = "~> 1.0"
+  version = "~> 1.1"
 
   creation_token = local.name
   name           = local.name
diff --git a/examples/stateful/outputs.tf b/examples/stateful/outputs.tf
index c624023e90..2b2ba58283 100644
--- a/examples/stateful/outputs.tf
+++ b/examples/stateful/outputs.tf
@@ -2,3 +2,7 @@ output "configure_kubectl" {
   description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
   value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
 }
+output "velero_s3_backup_location" {
+  description = "S3 backup location"
+  value       = local.velero_s3_backup_location
+}

From 382d03b40987d301ae65e27b75984fb9023a750f Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Thu, 4 May 2023 19:02:41 -0400
Subject: [PATCH 18/31] feat: Update ipv4-prefix-delegation example (#1582)

---
 examples/ipv4-prefix-delegation/README.md | 25 +++--------------------
 examples/ipv4-prefix-delegation/main.tf   |  2 +-
 2 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/examples/ipv4-prefix-delegation/README.md b/examples/ipv4-prefix-delegation/README.md
index 05e925e4fe..45465644bf 100644
--- a/examples/ipv4-prefix-delegation/README.md
+++ b/examples/ipv4-prefix-delegation/README.md
@@ -54,7 +54,7 @@ ip-10-0-30-125.us-west-2.compute.internal   Ready                         <none>
 3. Inspect the nodes settings and check for the max allocatable pods - should be 110 in this scenario with m5.xlarge:
 
 ```sh
-kubectl describe node ip-10-0-30-125.us-west-2.compute.internal
+kubectl describe node
 
 # Output should look like below (truncated for brevity)
   Capacity:
@@ -91,30 +91,11 @@ kube-system   kube-proxy-plwlc           1/1     Running       0          6m5s
 5. Inspect one of the `aws-node-*` (AWS VPC CNI) pods to ensure prefix delegation is enabled and warm prefix target is 1:
 
 ```sh
-kubectl describe pod aws-node-77rwz -n kube-system
+kubectl describe ds -n kube-system aws-node | grep ENABLE_PREFIX_DELEGATION: -A 3
 
 # Output should look like below (truncated for brevity)
-  Environment:
-    ADDITIONAL_ENI_TAGS:                    {}
-    AWS_VPC_CNI_NODE_PORT_SUPPORT:          true
-    AWS_VPC_ENI_MTU:                        9001
-    AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER:     false
-    AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG:     false
-    AWS_VPC_K8S_CNI_EXTERNALSNAT:           false
-    AWS_VPC_K8S_CNI_LOGLEVEL:               DEBUG
-    AWS_VPC_K8S_CNI_LOG_FILE:               /host/var/log/aws-routed-eni/ipamd.log
-    AWS_VPC_K8S_CNI_RANDOMIZESNAT:          prng
-    AWS_VPC_K8S_CNI_VETHPREFIX:             eni
-    AWS_VPC_K8S_PLUGIN_LOG_FILE:            /var/log/aws-routed-eni/plugin.log
-    AWS_VPC_K8S_PLUGIN_LOG_LEVEL:           DEBUG
-    DISABLE_INTROSPECTION:                  false
-    DISABLE_METRICS:                        false
-    DISABLE_NETWORK_RESOURCE_PROVISIONING:  false
-    ENABLE_IPv4:                            true
-    ENABLE_IPv6:                            false
-    ENABLE_POD_ENI:                         false
     ENABLE_PREFIX_DELEGATION:               true # <- this should be set to true
-    MY_NODE_NAME:                            (v1:spec.nodeName)
+    VPC_ID:                                 vpc-0399887df9d0add85
     WARM_ENI_TARGET:                        1 # <- this should be set to 1
     WARM_PREFIX_TARGET:                     1
     ...
diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf
index 1aa02d58d8..c7960439af 100644
--- a/examples/ipv4-prefix-delegation/main.tf
+++ b/examples/ipv4-prefix-delegation/main.tf
@@ -53,7 +53,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   # EKS Addons

From 5dac153b23af9057ccd366f1043ff977f9ed5a5c Mon Sep 17 00:00:00 2001
From: Rodrigo Bersa <rodrigo.bersa@gmail.com>
Date: Tue, 16 May 2023 20:34:21 -0400
Subject: [PATCH 19/31] refactor: Refactor examples for
 `fully-private-cluster`,  `tls-with-aws-pca-issuer`, `fargate-serverless`
 with Addons docs. (#1602)

---
 docs/add-ons/aws-for-fluent-bit.md            |  70 ----
 docs/add-ons/aws-load-balancer-controller.md  |  63 ----
 docs/add-ons/aws-privateca-issuer.md          | 110 ------
 docs/add-ons/cert-manager-csi-driver.md       |  24 --
 docs/add-ons/cert-manager-istio-csr.md        |  24 --
 docs/add-ons/cert-manager.md                  |  50 ---
 docs/advanced/private-clusters.md             |  14 -
 .../docs/aws-load-balancer-controller.md      |  86 +++++
 .../do-not-use/docs/aws-private-ca-issuer.md  |  65 ++++
 examples/do-not-use/docs/cert-manager.md      |  95 +++++
 examples/do-not-use/docs/fargate-fluentbit.md | 107 ++++++
 examples/do-not-use/main.tf                   | 356 ++++++++++--------
 examples/do-not-use/outputs.tf                |   5 +
 examples/fargate-serverless/README.md         | 153 ++++++--
 examples/fargate-serverless/main.tf           |  66 +---
 examples/fully-private-cluster/README.md      |  64 +++-
 examples/fully-private-cluster/main.tf        |  46 ++-
 examples/tls-with-aws-pca-issuer/README.md    |  91 ++---
 examples/tls-with-aws-pca-issuer/main.tf      |   8 +-
 19 files changed, 841 insertions(+), 656 deletions(-)
 delete mode 100644 docs/add-ons/aws-for-fluent-bit.md
 delete mode 100644 docs/add-ons/aws-load-balancer-controller.md
 delete mode 100644 docs/add-ons/aws-privateca-issuer.md
 delete mode 100644 docs/add-ons/cert-manager-csi-driver.md
 delete mode 100644 docs/add-ons/cert-manager-istio-csr.md
 delete mode 100644 docs/add-ons/cert-manager.md
 delete mode 100644 docs/advanced/private-clusters.md
 create mode 100644 examples/do-not-use/docs/aws-load-balancer-controller.md
 create mode 100644 examples/do-not-use/docs/aws-private-ca-issuer.md
 create mode 100644 examples/do-not-use/docs/cert-manager.md
 create mode 100644 examples/do-not-use/docs/fargate-fluentbit.md

diff --git a/docs/add-ons/aws-for-fluent-bit.md b/docs/add-ons/aws-for-fluent-bit.md
deleted file mode 100644
index 0c735720e2..0000000000
--- a/docs/add-ons/aws-for-fluent-bit.md
+++ /dev/null
@@ -1,70 +0,0 @@
-# AWS for Fluent Bit
-
-Fluent Bit is an open source Log Processor and Forwarder which allows you to collect any data like metrics and logs from different sources, enrich them with filters and send them to multiple destinations.
-
-## AWS for Fluent Bit
-
-AWS provides a Fluent Bit image with plugins for both CloudWatch Logs and Kinesis Data Firehose. The [AWS for Fluent Bit](https://github.com/aws/aws-for-fluent-bit) image is available on the Amazon ECR Public Gallery. For more details, see [aws-for-fluent-bit](https://gallery.ecr.aws/aws-observability/aws-for-fluent-bit) on the Amazon ECR Public Gallery.
-
-### Usage
-
-[aws-for-fluent-bit](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-for-fluentbit) can be deployed by enabling the add-on via the following.
-
-This add-on is configured to stream the worker node logs to CloudWatch Logs by default. It can further be configured to stream the logs to additional destinations like Kinesis Data Firehose, Kinesis Data Streams and Amazon OpenSearch Service by passing the custom `values.yaml`.
-See this [Helm Chart](https://github.com/aws/eks-charts/tree/master/stable/aws-for-fluent-bit) for more details.
-
-```hcl
-enable_aws_for_fluentbit = true
-```
-
-You can optionally customize the Helm chart that deploys `aws_for_fluentbit` via the following configuration.
-
-```hcl
-  enable_aws_for_fluentbit = true
-  aws_for_fluentbit_irsa_policies = ["IAM Policies"] # Add list of additional policies to IRSA to enable access to Kinesis, OpenSearch etc.
-  aws_for_fluentbit_cw_log_group_retention = 90
-  aws_for_fluentbit_helm_config = {
-    name                                      = "aws-for-fluent-bit"
-    chart                                     = "aws-for-fluent-bit"
-    repository                                = "https://aws.github.io/eks-charts"
-    version                                   = "0.1.0"
-    namespace                                 = "logging"
-    aws_for_fluent_bit_cw_log_group           = "/${local.cluster_id}/worker-fluentbit-logs" # Optional
-    create_namespace                          = true
-    values = [templatefile("${path.module}/values.yaml", {
-      region                          = data.aws_region.current.name,
-      aws_for_fluent_bit_cw_log_group = "/${local.cluster_id}/worker-fluentbit-logs"
-    })]
-    set = [
-      {
-        name  = "nodeSelector.kubernetes\\.io/os"
-        value = "linux"
-      }
-    ]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-awsForFluentBit = {
-  enable       = true
-  logGroupName = "<log_group_name>"
-}
-```
-
-### Externally-Created CloudWatch Log Group(s)
-
-If the CloudWatch log group FluentBit puts logs to is required to be encrypted by an existing KMS
-customer-managed key, then the CloudWatch log group needs to be created external to the
-kubernetes-addons module and passed in. Creating the CloudWatch log group externally is also useful
-if FluentBit is putting logs to multiple log groups because all the log groups can be created in
-the same code file. To do this, set the create log group flag to false and supply the
-previously-created log group name.
-
-```hcl
-aws_for_fluentbit_create_cw_log_group = false
-aws_for_fluentbit_cw_log_group_name   = aws_cloudwatch_log_group.application.name
-```
diff --git a/docs/add-ons/aws-load-balancer-controller.md b/docs/add-ons/aws-load-balancer-controller.md
deleted file mode 100644
index 04cd2d6370..0000000000
--- a/docs/add-ons/aws-load-balancer-controller.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# AWS Load Balancer Controller
-
-The [AWS Load Balancer Controller](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) manages AWS Elastic Load Balancers for a Kubernetes cluster. The controller provisions the following resources:
-
-* An AWS Application Load Balancer (ALB) when you create a Kubernetes Ingress.
-* An AWS Network Load Balancer (NLB) when you create a Kubernetes Service of type LoadBalancer.
-
-For more information about AWS Load Balancer Controller please see the [official documentation](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).
-
-## Usage
-
-```hcl
-enable_aws_load_balancer_controller = true
-```
-
-You can optionally customize the Helm chart that deploys `aws-lb-ingress-controller` via the following configuration.
-
-```hcl
-  enable_aws_load_balancer_controller = true
-  # Optional
-  aws_load_balancer_controller_helm_config = {
-    name                       = "aws-load-balancer-controller"
-    chart                      = "aws-load-balancer-controller"
-    repository                 = "https://aws.github.io/eks-charts"
-    version                    = "1.3.1"
-    namespace                  = "kube-system"
-    values = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
-
-To validate that controller is running, ensure that controller deployment is in RUNNING state:
-
-```sh
-# Assuming controller is installed in kube-system namespace
-$ kubectl get deployments -n kube-system
-NAME                                                       READY   UP-TO-DATE   AVAILABLE   AGE
-aws-load-balancer-controller                               2/2     2            2           3m58s
-```
-#### AWS Service annotations for LB Ingress Controller
-
-Here is the link to get the AWS ELB [service annotations](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/) for LB Ingress controller.
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-awsLoadBalancerController = {
-  enable             = true
-  serviceAccountName = "<service_account>"
-}
-```
-
-### IRSA is too long
-
-If the IAM role is too long, override the service account name in the `helm_config` to create a shorter role name.
-
-```hcl
-  enable_aws_load_balancer_controller = true
-  aws_load_balancer_controller_helm_config = {
-    service_account = "aws-lb-sa"
-  }
-```
diff --git a/docs/add-ons/aws-privateca-issuer.md b/docs/add-ons/aws-privateca-issuer.md
deleted file mode 100644
index 35f0041f40..0000000000
--- a/docs/add-ons/aws-privateca-issuer.md
+++ /dev/null
@@ -1,110 +0,0 @@
-# aws-privateca-issuer
-
-AWS ACM Private CA is a module of the [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/) that can setup and manage private CAs. `cert-manager` is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry. This module `aws-pca-issuer` is a addon for `cert-manager` that issues certificates using AWS ACM PCA.
-
-See the [aws-privateca-issuer documentation](https://cert-manager.github.io/aws-privateca-issuer/).
-
-## Usage
-
-aws_privateca_issuer can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_cert_manager   = true
-enable_aws_privateca_issuer = true
-```
-
-Create `AWSPCAClusterIssuer` custom resource definition (CRD). It is a Kubernetes resources that represent certificate authorities (CAs) from AWS ACM and are able to generate signed certificates by honoring certificate signing requests. For more details on external `Issuer` types, please check [aws-privateca-issuer](https://github.com/cert-manager/aws-privateca-issuer)
-
-```hcl
-resource "kubernetes_manifest" "cluster-pca-issuer" {
-  manifest = {
-    apiVersion = "awspca.cert-manager.io/v1beta1"
-    kind       = "AWSPCAClusterIssuer"
-
-    metadata = {
-      name = "logical.name.of.this.issuer"
-    }
-
-    spec = {
-      arn = "ARN for AWS PCA"
-      region: "data.aws_region.current.id OR AWS region of the AWS PCA"
-
-    }
-  }
-}
-```
-
-Create `Certificate` CRD. Certificates define a desired X.509 certificate which will be renewed and kept up to date. For more details on how to specify and request Certificate resources, please check [Certificate Resources guide](https://cert-manager.io/docs/usage/certificate/).
-
-A Certificate is a namespaced resource that references `AWSPCAClusterIssuer` (created in above step) that determine what will be honoring the certificate request.
-
-```hcl
-resource "kubernetes_manifest" "example_pca_certificate" {
-  manifest = {
-    apiVersion = "cert-manager.io/v1"
-    kind       = "Certificate"
-
-    metadata = {
-      name = "name of the certificate"
-      namespace = "default or any namespace"
-    }
-
-    spec = {
-      commonName = "common name for your certificate"
-      duration = "duration"
-      issuerRef = {
-          group = "awspca.cert-manager.io"
-          kind = "AWSPCAClusterIssuer"
-          name: "name of AWSPCAClusterIssuer created above"
-      }
-      renewBefore = "360h0m0s"
-      secretName = "name of the secret where certificate will be mounted"
-      usages = [
-          "server auth",
-          "client auth"
-      ]
-      privateKey = {
-          algorithm: "RSA"
-          size: 2048
-        }
-    }
-  }
-
-}
-```
-
-When a Certificate is created, a corresponding CertificateRequest resource is created by `cert-manager` containing the encoded X.509 certificate request, Issuer reference, and other options based upon the specification of the Certificate resource.
-
-This Certificate CRD will tell cert-manager to attempt to use the Issuer (as AWS ACM) to obtain a certificate key pair for the specified domains. If successful, the resulting TLS key and certificate will be stored in a kubernetes secret named , with keys of tls.key, and tls.crt respectively. This secret will live in the same namespace as the Certificate resource.
-
-Now, you may run `kubectl get Certificate` to view the status of Certificate Request from AWS PCA.
-
-```
-NAME      READY   SECRET                                 AGE
-example   True    aws001-preprod-dev-eks-clusterissuer   3h35m
-```
-
-If the status is `True`, that means, the `tls.crt`, `tls.key` and `ca.crt` will all be available in [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/)
-
-```
-aws001-preprod-dev-eks-clusterissuer
-Name:         aws001-preprod-dev-eks-clusterissuer
-Namespace:    default
-Labels:       <none>
-Annotations:  cert-manager.io/alt-names:
-              cert-manager.io/certificate-name: example
-              cert-manager.io/common-name: example.com
-              cert-manager.io/ip-sans:
-              cert-manager.io/issuer-group: awspca.cert-manager.io
-              cert-manager.io/issuer-kind: AWSPCAClusterIssuer
-              cert-manager.io/issuer-name: aws001-preprod-dev-eks
-              cert-manager.io/uri-sans:
-
-Type:  kubernetes.io/tls
-
-Data
-====
-ca.crt:   1785 bytes
-tls.crt:  1517 bytes
-tls.key:  1679 bytes
-```
diff --git a/docs/add-ons/cert-manager-csi-driver.md b/docs/add-ons/cert-manager-csi-driver.md
deleted file mode 100644
index dd2b917c67..0000000000
--- a/docs/add-ons/cert-manager-csi-driver.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# cert-manager-csi-driver
-
-Cert Manager csi-driver is a Container Storage Interface (CSI) driver plugin for Kubernetes to work along cert-manager. The goal for this plugin is to seamlessly request and mount certificate key pairs to pods. This is useful for facilitating mTLS, or otherwise securing connections of pods with guaranteed present certificates whilst having all of the features that cert-manager provides.
-
-For complete project documentation, please visit the [cert-manager-csi-driver documentation site](https://cert-manager.io/docs/projects/csi-driver).
-
-## Usage
-
-cert-manger can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_cert_manager_csi_driver = true
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-
-certManagerCsiDriver = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/cert-manager-istio-csr.md b/docs/add-ons/cert-manager-istio-csr.md
deleted file mode 100644
index 8050c93976..0000000000
--- a/docs/add-ons/cert-manager-istio-csr.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# cert-manager-istio-csr
-
-istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.
-
-For complete project documentation, please visit the [cert-manager documentation site](https://cert-manager.io/docs/usage/istio/).
-
-## Usage
-
-cert-manger-istio-csr can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_cert_manager_istio_csr = true
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-
-certManagerIstioCsr = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/cert-manager.md b/docs/add-ons/cert-manager.md
deleted file mode 100644
index f126f3be34..0000000000
--- a/docs/add-ons/cert-manager.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# cert-manager
-
-cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
-
-For complete project documentation, please visit the [cert-manager documentation site](https://cert-manager.io/docs/).
-
-## Usage
-
-cert-manger can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_cert_manager = true
-```
-
-cert-manger can optionally leverage the `cert_manager_domain_names` global property of the `kubernetes_addon` submodule for DNS01 protocol. The value for this property should be a list of Route53 domains managed by your account. cert-manager is restricted to the zones from the list.
-
-```
-cert_manager_domain_names = [<cluster_domain>, <another_cluster_domain>]
-```
-
-With this add-on self-signed CA and Let's Encrypt cluster issuers will be installed.
-
-You can disable Let's Encrypt cluster issuers with:
-
-```
-cert_manager_install_letsencrypt_issuers = false
-```
-
-You can set an email address for expiration emails with:
-
-```
-cert_manager_letsencrypt_email = "user@example.com"
-```
-
-You can pass previously created secrets for use as `imagePullSecrets` on the Service Account
-
-```
-cert_manager_kubernetes_svc_image_pull_secrets = ["regcred"]
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-
-certManager = {
-  enable = true
-}
-```
diff --git a/docs/advanced/private-clusters.md b/docs/advanced/private-clusters.md
deleted file mode 100644
index 3bfec2b12b..0000000000
--- a/docs/advanced/private-clusters.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# Private Clusters
-
-For fully Private EKS clusters requires the following VPC endpoints to be created to communicate with AWS services. This module will create these endpoints if you choose to create VPC. If you are using an existing VPC then you may need to ensure these endpoints are created.
-
-    com.amazonaws.region.aps-workspaces            - For AWS Managed Prometheus Workspace
-    com.amazonaws.region.ssm                       - Secrets Management
-    com.amazonaws.region.ec2
-    com.amazonaws.region.ecr.api
-    com.amazonaws.region.ecr.dkr
-    com.amazonaws.region.logs                       – For CloudWatch Logs
-    com.amazonaws.region.sts                        – If using AWS Fargate or IAM roles for service accounts
-    com.amazonaws.region.elasticloadbalancing       – If using Application Load Balancers
-    com.amazonaws.region.autoscaling                – If using Cluster Autoscaler
-    com.amazonaws.region.s3                         – Creates S3 gateway
diff --git a/examples/do-not-use/docs/aws-load-balancer-controller.md b/examples/do-not-use/docs/aws-load-balancer-controller.md
new file mode 100644
index 0000000000..132a44ec04
--- /dev/null
+++ b/examples/do-not-use/docs/aws-load-balancer-controller.md
@@ -0,0 +1,86 @@
+# AWS Load Balancer Controller.
+
+[AWS Load Balancer Controller ](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.
+
+## Usage 
+
+In order to deploy the AWS Load Balancer Controller Addon via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+
+  enable_aws_load_balancer_controller = true
+  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+    ]
+  }
+```
+### Helm Chart customization
+
+It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
+
+```hcl
+  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+      {
+        name  = "resources.requests.cpu"
+        value = 100m
+      },
+      {
+        name  = "resources.requests.memory"
+        value = 128Mi
+      },
+    ]
+  }
+}
+```
+
+You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml).
+
+
+## Validate
+
+1. To validate the deployment, check if the `aws-load-balancer-controller` Pods were created in the `kube-system` Namespace, as the following example.
+
+```sh
+kubectl -n kube-system get pods | grep aws-load-balancer-controller
+NAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE
+kube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m
+kube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m
+```
+
+2. Create a Kubernetes Ingress, using the `alb` IngressClass, pointing to an existing Service. In this example we'll use a Service called `example-svc`.
+
+```sh
+kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \
+--annotation alb.ingress.kubernetes.io/scheme=internet-facing \
+--annotation alb.ingress.kubernetes.io/target-type=ip
+```
+
+```sh
+kubectl get ingress  
+NAME                CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
+example-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
+```
+
+## Resources
+
+[GitHub Repo](https://github.com/kubernetes-sigs/aws-load-balancer-controller/)
+[Helm Chart](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller)
+[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
\ No newline at end of file
diff --git a/examples/do-not-use/docs/aws-private-ca-issuer.md b/examples/do-not-use/docs/aws-private-ca-issuer.md
new file mode 100644
index 0000000000..101aea6839
--- /dev/null
+++ b/examples/do-not-use/docs/aws-private-ca-issuer.md
@@ -0,0 +1,65 @@
+# AWS Private CA (PCA) Issuer
+
+[AWS Private CA](https://aws.amazon.com/private-ca/) is an AWS service that can setup and manage private CAs, as well as issue private certifiates. This Add-on deployes the AWS Private CA Issuer as an [external issuer](https://cert-manager.io/docs/configuration/external/) to **cert-manager** that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster.
+
+## Usage
+
+### Pre-requisites
+
+To deploy the AWS PCA, you need to install cert-manager first, refer to this [documentation](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/docs/cert-manager.md) to do it through EKS Blueprints Addons.
+
+### Deployment
+
+With **cert-manager** deployed in place, you can deploy the AWS Private CA Issuer Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+
+  enable_cert_manager         = true
+  enable_aws_privateca_issuer = true
+  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+  }
+}
+```
+
+### Helm Chart customization
+
+It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
+
+```hcl
+  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+    namespace        = "aws-privateca-issuer"
+    create_namespace = true
+  }
+```
+
+You can find all available Helm Chart parameter values [here](https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/values.yaml).
+
+## Validation
+
+1. List all the pods running in `aws-privateca-issuer` and `cert-manager` Namespace.
+
+```sh
+kubectl get pods -n aws-privateca-issuer
+kubectl get pods -n cert-manager
+```
+
+2. Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
+
+```sh
+kubectl get certificate -o wide
+NAME      READY   SECRET                  ISSUER                    STATUS                                          AGE
+example   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m
+
+kubectl get secret example-clusterissuer
+NAME                    TYPE                DATA   AGE
+example-clusterissuer   kubernetes.io/tls   3      43m
+```
+
+## Resources
+
+[GitHub Repo](https://github.com/cert-manager/aws-privateca-issuer)
+[Helm Chart](https://github.com/cert-manager/aws-privateca-issuer/tree/main/charts/aws-pca-issuer)
+[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html)
\ No newline at end of file
diff --git a/examples/do-not-use/docs/cert-manager.md b/examples/do-not-use/docs/cert-manager.md
new file mode 100644
index 0000000000..813095bea4
--- /dev/null
+++ b/examples/do-not-use/docs/cert-manager.md
@@ -0,0 +1,95 @@
+# Certificate Manager
+
+[Cert-manager](https://cert-manager.io/) is a X.509 certificate controller for Kubernetes-like workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. This Add-on deploys this controller in an Amazon EKS Cluster.
+
+## Usage
+
+To deploy cert-manager Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+    
+  enable_cert_manager         = true
+}
+```
+
+### Helm Chart customization
+
+It's possible to customize your deployment using the Helm Chart parameters inside the `cert-manager` configuration block:
+
+```hcl
+  cert-manager = {
+    chart_version    = "v1.11.1"
+    namespace        = "cert-manager"
+    create_namespace = true
+  }
+```
+
+You can find all available Helm Chart parameter values [here]https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
+
+## Validation
+
+1. Validate if the Cert-Manger Pods are Running.
+
+```sh
+kubectl -n cert-manager get pods
+NAME                                      READY   STATUS    RESTARTS   AGE
+cert-manager-5989bcc87-96qvf              1/1     Running   0          2m49s
+cert-manager-cainjector-9b44ddb68-8c7b9   1/1     Running   0          2m49s
+cert-manager-webhook-776b65456-k6br4      1/1     Running   0          2m49s
+```
+
+2. Create a SelfSigned ClusterIssuer resource in the cluster.
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-cluster-issuer
+spec:
+  selfSigned: {}
+```
+
+```sh
+kubectl get clusterissuers -o wide selfsigned-cluster-issuer
+NAME                        READY   STATUS   AGE
+selfsigned-cluster-issuer   True             3m
+```
+
+2. Create a Certificate in a given Namespace.
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: example
+  namespace: default
+spec:
+  isCA: true
+  commonName: example
+  secretName: example-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-cluster-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+```
+
+3.  Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
+
+```sh
+kubectl get certificate -o wide
+NAME      READY   SECRET           ISSUER                      STATUS                                          AGE
+example   True    example-secret   selfsigned-cluster-issuer   Certificate is up to date and has not expired   44s
+
+kubectl get secret example-secret 
+NAME             TYPE                DATA   AGE
+example-secret   kubernetes.io/tls   3      70s
+```
+
+## Resources
+
+[GitHub Repo](https://github.com/cert-manager/cert-manager)
+[Helm Chart](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/)
\ No newline at end of file
diff --git a/examples/do-not-use/docs/fargate-fluentbit.md b/examples/do-not-use/docs/fargate-fluentbit.md
new file mode 100644
index 0000000000..ed6f1ba197
--- /dev/null
+++ b/examples/do-not-use/docs/fargate-fluentbit.md
@@ -0,0 +1,107 @@
+# Fargate Fluentbit
+
+Amazon EKS on Fargate offers a built-in log router based on Fluent Bit. This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you. All that you have to do is configure the log router. The configuration happens through a dedicated ConfigMap, that is deployed via this Add-on.
+
+## Usage
+
+To configure the Fargate Fluentbit ConfigMap via the [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), just reference the following parameters under the `module.eks_blueprints_addons`.
+
+```hcl
+module "eks_blueprints_addons" {
+
+  enable_fargate_fluentbit = true
+  fargate_fluentbit = {
+    flb_log_cw = true
+  }
+}
+```
+
+It's possible to customize the CloudWatch Log Group parameters in the `fargate_fluentbit_cw_log_group` configuration block:
+
+```hcl
+  fargate_fluentbit_cw_log_group = {
+
+  name              = "existing-log-group"
+  name_prefix       = "dev-environment-logs"
+  retention_in_days = 7
+  kms_key_id        = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+  skip_destroy      = true
+```
+
+## Validation
+
+1. Check if the `aws-logging` configMap for Fargate Fluentbit was created.
+
+```sh
+kubectl -n aws-observability get configmap aws-logging -o yaml
+apiVersion: v1
+data:
+  filters.conf: |
+    [FILTER]
+      Name parser
+      Match *
+      Key_Name log
+      Parser regex
+      Preserve_Key True
+      Reserve_Data True
+  flb_log_cw: "true"
+  output.conf: |
+    [OUTPUT]
+      Name cloudwatch_logs
+      Match *
+      region us-west-2
+      log_group_name /fargate-serverless/fargate-fluentbit-logs20230509014113352200000006
+      log_stream_prefix fargate-logs-
+      auto_create_group true
+  parsers.conf: |
+    [PARSER]
+      Name regex
+      Format regex
+      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+      Time_Key time
+      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+      Time_Keep On
+      Decode_Field_As json message
+immutable: false
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2023-05-08T21:14:52Z"
+  name: aws-logging
+  namespace: aws-observability
+  resourceVersion: "1795"
+  uid: d822bcf5-a441-4996-857e-7fb1357bc07e
+```
+
+2. Validate if the CloudWatch LogGroup was created accordingly, and LogStreams were populated.
+
+```sh
+aws logs describe-log-groups --log-group-name-prefix "/fargate-serverless/fargate-fluentbit"
+{
+    "logGroups": [
+        {
+            "logGroupName": "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006",
+            "creationTime": 1683580491652,
+            "retentionInDays": 90,
+            "metricFilterCount": 0,
+            "arn": "arn:aws:logs:us-west-2:111122223333:log-group:/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006:*",
+            "storedBytes": 0
+        }
+    ]
+}
+```
+
+```sh
+aws logs describe-log-streams --log-group-name "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006" --log-stream-name-prefix fargate-logs --query 'logStreams[].logStreamName'
+[
+    "fargate-logs-flblogs.var.log.fluent-bit.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-grjsq_kube-system_aws-load-balancer-controller-feaa22b4cdaa71ecfc8355feb81d4b61ea85598a7bb57aef07667c767c6b98e4.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-wzr46_kube-system_aws-load-balancer-controller-69075ea9ab3c7474eac2a1696d3a84a848a151420cd783d79aeef960b181567f.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-8cxvq_kube-system_coredns-9e4f3ab435269a566bcbaa606c02c146ad58508e67cef09fa87d5c09e4ac0088.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-gcjwp_kube-system_coredns-11016818361cd68c32bf8f0b1328f3d92a6d7b8cf5879bfe8b301f393cb011cc.log"
+]
+```
+
+## Resources
+
+[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html)
+[Fluent Bit for Amazon EKS on AWS Fargate Blog Post](https://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/)
\ No newline at end of file
diff --git a/examples/do-not-use/main.tf b/examples/do-not-use/main.tf
index 2691af9f78..e45754dd5e 100644
--- a/examples/do-not-use/main.tf
+++ b/examples/do-not-use/main.tf
@@ -494,14 +494,15 @@ module "aws_efs_csi_driver" {
 ################################################################################
 
 locals {
-  aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
+  aws_for_fluentbit_service_account   = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
+  aws_for_fluentbit_cw_log_group_name = try(var.aws_for_fluentbit_cw_log_group.create, true) ? try(var.aws_for_fluentbit_cw_log_group.name, "/${var.cluster_name}/aws-fluentbit-logs") : null
 }
 
 resource "aws_cloudwatch_log_group" "aws_for_fluentbit" {
   count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
 
-  name              = try(var.aws_for_fluentbit_cw_log_group.name, null)
-  name_prefix       = try(var.aws_for_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/aws-fluentbit-logs")
+  name              = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? null : local.aws_for_fluentbit_cw_log_group_name
+  name_prefix       = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? try(var.aws_for_fluentbit_cw_log_group.name_prefix, "${local.aws_for_fluentbit_cw_log_group_name}-") : null
   retention_in_days = try(var.aws_for_fluentbit_cw_log_group.retention, 90)
   kms_key_id        = try(var.aws_for_fluentbit_cw_log_group.kms_key_arn, null)
   skip_destroy      = try(var.aws_for_fluentbit_cw_log_group.skip_destroy, false)
@@ -789,7 +790,9 @@ locals {
 
 data "aws_iam_policy_document" "aws_load_balancer_controller" {
   statement {
-    resources = ["*"]
+    sid       = "AllowCreateServiceLinkedRole"
+    effect    = "Allow"
+    resources = ["arn:${local.partition}:iam::${local.account_id}:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"]
     actions   = ["iam:CreateServiceLinkedRole"]
 
     condition {
@@ -800,8 +803,28 @@ data "aws_iam_policy_document" "aws_load_balancer_controller" {
   }
 
   statement {
+    sid       = "AllowDescribeElbTags"
+    effect    = "Allow"
+    resources = ["*"] #tfsec:ignore:aws-iam-no-policy-wildcards
+
+    actions = ["elasticloadbalancing:DescribeTags"]
+  }
+
+  statement {
+    sid       = "AllowGetResources"
+    effect    = "Allow"
     resources = ["*"]
+
     actions = [
+      "elasticloadbalancing:DescribeListenerCertificates",
+      "elasticloadbalancing:DescribeListeners",
+      "elasticloadbalancing:DescribeLoadBalancerAttributes",
+      "elasticloadbalancing:DescribeLoadBalancers",
+      "elasticloadbalancing:DescribeRules",
+      "elasticloadbalancing:DescribeSSLPolicies",
+      "elasticloadbalancing:DescribeTargetGroupAttributes",
+      "elasticloadbalancing:DescribeTargetGroups",
+      "elasticloadbalancing:DescribeTargetHealth",
       "ec2:DescribeAccountAttributes",
       "ec2:DescribeAddresses",
       "ec2:DescribeAvailabilityZones",
@@ -815,238 +838,211 @@ data "aws_iam_policy_document" "aws_load_balancer_controller" {
       "ec2:DescribeVpcPeeringConnections",
       "ec2:DescribeVpcs",
       "ec2:GetCoipPoolUsage",
-      "elasticloadbalancing:DescribeListenerCertificates",
-      "elasticloadbalancing:DescribeListeners",
-      "elasticloadbalancing:DescribeLoadBalancerAttributes",
-      "elasticloadbalancing:DescribeLoadBalancers",
-      "elasticloadbalancing:DescribeRules",
-      "elasticloadbalancing:DescribeSSLPolicies",
-      "elasticloadbalancing:DescribeTags",
-      "elasticloadbalancing:DescribeTargetGroupAttributes",
-      "elasticloadbalancing:DescribeTargetGroups",
-      "elasticloadbalancing:DescribeTargetHealth",
     ]
   }
 
   statement {
-    resources = ["*"]
-    actions = [
-      "acm:DescribeCertificate",
-      "acm:ListCertificates",
-      "cognito-idp:DescribeUserPoolClient",
-      "iam:GetServerCertificate",
-      "iam:ListServerCertificates",
-      "shield:CreateProtection",
-      "shield:DeleteProtection",
-      "shield:DescribeProtection",
-      "shield:GetSubscriptionState",
-      "waf-regional:AssociateWebACL",
-      "waf-regional:DisassociateWebACL",
-      "waf-regional:GetWebACL",
-      "waf-regional:GetWebACLForResource",
-      "wafv2:AssociateWebACL",
-      "wafv2:DisassociateWebACL",
-      "wafv2:GetWebACL",
-      "wafv2:GetWebACLForResource",
+    sid    = "AllowManageElbs"
+    effect = "Allow"
+
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/net/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
     ]
-  }
 
-  statement {
-    resources = ["*"]
     actions = [
-      "ec2:AuthorizeSecurityGroupIngress",
-      "ec2:RevokeSecurityGroupIngress",
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:RemoveTags",
+      "elasticloadbalancing:CreateLoadBalancer",
+      "elasticloadbalancing:CreateListener",
+      "elasticloadbalancing:DeleteLoadBalancer",
+      "elasticloadbalancing:ModifyLoadBalancerAttributes",
+      "elasticloadbalancing:SetIpAddressType",
+      "elasticloadbalancing:SetSecurityGroups",
+      "elasticloadbalancing:SetSubnets",
     ]
   }
 
   statement {
-    resources = ["*"]
-    actions   = ["ec2:CreateSecurityGroup"]
+    sid    = "AllowManageTargetGroup"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
+    ]
+
+    actions = [
+      "elasticloadbalancing:CreateTargetGroup",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:ModifyTargetGroup",
+      "elasticloadbalancing:ModifyTargetGroupAttributes",
+    ]
   }
 
   statement {
-    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
-    actions   = ["ec2:CreateTags"]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
+    sid    = "AllowManageListeners"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/app/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/net/*/*/*",
+    ]
 
-    condition {
-      test     = "StringEquals"
-      variable = "ec2:CreateAction"
-      values   = ["CreateSecurityGroup"]
-    }
+    actions = [
+      "elasticloadbalancing:CreateRule",
+      "elasticloadbalancing:DeleteListener",
+      "elasticloadbalancing:ModifyListener",
+      "elasticloadbalancing:AddListenerCertificates",
+      "elasticloadbalancing:RemoveListenerCertificates"
+    ]
   }
 
   statement {
-    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
-    actions = [
-      "ec2:CreateTags",
-      "ec2:DeleteTags",
+    sid    = "AllowManageRules"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/app/*/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/net/*/*/*/*",
     ]
 
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
-      values   = ["false"]
-    }
+    actions = [
+      "elasticloadbalancing:DeleteRule",
+      "elasticloadbalancing:ModifyRule"
+    ]
   }
 
   statement {
+    sid    = "AllowManageResourceTags"
+    effect = "Allow"
+
     resources = [
-      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/net/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/app/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/net/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/app/*/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/net/*/*/*/*",
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
     ]
+
     actions = [
       "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:DeleteTargetGroup",
       "elasticloadbalancing:RemoveTags",
     ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
-      values   = ["false"]
-    }
   }
 
   statement {
-    resources = ["arn:${local.partition}:ec2:*:*:security-group/*"]
+    sid       = "AllowManageTargets"
+    effect    = "Allow"
+    resources = ["arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*"]
+
     actions = [
-      "ec2:CreateTags",
-      "ec2:DeleteTags",
+      "elasticloadbalancing:DeregisterTargets",
+      "elasticloadbalancing:RegisterTargets"
     ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["true"]
-    }
   }
 
   statement {
-    resources = ["*"]
-    actions = [
-      "ec2:AuthorizeSecurityGroupIngress",
-      "ec2:DeleteSecurityGroup",
-      "ec2:RevokeSecurityGroupIngress",
+    sid    = "AllowGetCertificates"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:acm:${local.region}:${local.account_id}:*",
+      "arn:${local.partition}:acm:${local.region}:${local.account_id}:certificate/*"
     ]
 
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    resources = ["*"]
     actions = [
-      "elasticloadbalancing:CreateLoadBalancer",
-      "elasticloadbalancing:CreateTargetGroup",
+      "acm:DescribeCertificate",
+      "acm:ListCertificates"
     ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
   }
 
   statement {
-    resources = ["*"]
-    actions = [
-      "elasticloadbalancing:CreateListener",
-      "elasticloadbalancing:CreateRule",
-      "elasticloadbalancing:DeleteListener",
-      "elasticloadbalancing:DeleteRule",
-    ]
+    sid       = "AllowDescribeCognitoIdp"
+    effect    = "Allow"
+    resources = ["arn:${local.partition}:cognito-idp:${local.region}:${local.account_id}:userpool/*"]
+
+    actions = ["cognito-idp:DescribeUserPoolClient"]
   }
 
   statement {
+    sid    = "AllowGetServerCertificates"
+    effect = "Allow"
     resources = [
-      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+      "arn:${local.partition}:iam::${local.account_id}:*",
+      "arn:${local.partition}:iam::${local.account_id}:server-certificate/*"
     ]
+
     actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:RemoveTags",
+      "iam:GetServerCertificate",
+      "iam:ListServerCertificates",
     ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["true"]
-    }
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
   }
 
   statement {
+    sid    = "AllowShield"
+    effect = "Allow"
     resources = [
-      "arn:${local.partition}:elasticloadbalancing:*:*:listener/net/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:listener/app/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:*:*:listener-rule/app/*/*/*",
+      "arn:${local.partition}:shield::${local.account_id}:*",
+      "arn:${local.partition}:shield::${local.account_id}:protection/*"
     ]
+
     actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:RemoveTags",
+      "shield:CreateProtection",
+      "shield:DeleteProtection",
+      "shield:DescribeProtection",
+      "shield:GetSubscriptionState",
     ]
   }
 
   statement {
-    resources = ["*"]
-    actions = [
-      "elasticloadbalancing:DeleteLoadBalancer",
-      "elasticloadbalancing:DeleteTargetGroup",
-      "elasticloadbalancing:ModifyLoadBalancerAttributes",
-      "elasticloadbalancing:ModifyTargetGroup",
-      "elasticloadbalancing:ModifyTargetGroupAttributes",
-      "elasticloadbalancing:SetIpAddressType",
-      "elasticloadbalancing:SetSecurityGroups",
-      "elasticloadbalancing:SetSubnets",
+    sid    = "AllowManageWebAcl"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
+      "arn:${local.partition}:apigateway:${local.region}::/restapis/*/stages/*",
+      "arn:${local.partition}:appsync:${local.region}:${local.account_id}:apis/*",
+      "arn:${local.partition}:cognito-idp:${local.region}:${local.account_id}:userpool/*",
+      "arn:${local.partition}:wafv2:${local.region}:${local.account_id}:*",
+      "arn:${local.partition}:wafv2:${local.region}:${local.account_id}:*/webacl/*/*",
+      "arn:${local.partition}:waf-regional:${local.region}:${local.account_id}:*",
+      "arn:${local.partition}:waf-regional:${local.region}:${local.account_id}:webacl/*"
     ]
 
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
+    actions = [
+      "elasticloadbalancing:SetWebAcl",
+      "waf-regional:AssociateWebACL",
+      "waf-regional:DisassociateWebACL",
+      "waf-regional:GetWebACL",
+      "waf-regional:GetWebACLForResource",
+      "wafv2:AssociateWebACL",
+      "wafv2:DisassociateWebACL",
+      "wafv2:GetWebACL",
+      "wafv2:GetWebACLForResource",
+    ]
   }
 
   statement {
-    resources = ["arn:${local.partition}:elasticloadbalancing:*:*:targetgroup/*/*"]
+    sid       = "AllowManageSecurityGroups"
+    effect    = "Allow"
+    resources = ["arn:${local.partition}:ec2:${local.region}:${local.account_id}:security-group/*"]
+
     actions = [
-      "elasticloadbalancing:DeregisterTargets",
-      "elasticloadbalancing:RegisterTargets",
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:RevokeSecurityGroupIngress",
+      "ec2:DeleteSecurityGroup",
+      "ec2:CreateTags",
+      "ec2:DeleteTags",
     ]
   }
 
   statement {
-    resources = ["*"]
-    actions = [
-      "elasticloadbalancing:AddListenerCertificates",
-      "elasticloadbalancing:ModifyListener",
-      "elasticloadbalancing:ModifyRule",
-      "elasticloadbalancing:RemoveListenerCertificates",
-      "elasticloadbalancing:SetWebAcl",
+    sid    = "AllowCreateSecurityGroups"
+    effect = "Allow"
+    resources = [
+      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:security-group/*",
+      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:vpc/*",
     ]
+    actions = ["ec2:CreateSecurityGroup"]
   }
 }
 
@@ -2086,6 +2082,10 @@ module "external_secrets" {
 # Fargate Fluentbit
 ################################################################################
 
+locals {
+  fargate_fluentbit_policy_name = try(var.fargate_fluentbit_cw_log_group.create, true) ? try(var.fargate_fluentbit.policy_name, "${var.cluster_name}-fargate-fluentbit-logs") : null
+}
+
 resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
   count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
 
@@ -2097,6 +2097,34 @@ resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
   tags              = merge(var.tags, try(var.fargate_fluentbit_cw_log_group.tags, {}))
 }
 
+resource "aws_iam_policy" "fargate_fluentbit" {
+  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
+
+  name        = try(var.fargate_fluentbit.policy_name_use_prefix, true) ? null : local.fargate_fluentbit_policy_name
+  name_prefix = try(var.fargate_fluentbit.policy_name_use_prefix, true) ? try(var.fargate_fluentbit.policy_name_prefix, "${local.fargate_fluentbit_policy_name}-") : null
+  description = try(var.fargate_fluentbit.policy_description, null)
+  policy      = data.aws_iam_policy_document.fargate_fluentbit[0].json
+}
+
+data "aws_iam_policy_document" "fargate_fluentbit" {
+  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
+
+  statement {
+    sid    = "PutLogEvents"
+    effect = "Allow"
+    actions = [
+      "logs:CreateLogStream",
+      "logs:CreateLogGroup",
+      "logs:DescribeLogStreams",
+      "logs:PutLogEvents"
+    ]
+    resources = [
+      try("${var.fargate_fluentbit.cwlog_arn}:*", "${aws_cloudwatch_log_group.fargate_fluentbit[0].arn}:*"),
+      try("${var.fargate_fluentbit.cwlog_arn}:logstream:*", "${aws_cloudwatch_log_group.fargate_fluentbit[0].arn}:logstream:*")
+    ]
+  }
+}
+
 # Help on Fargate Logging with Fluentbit and CloudWatch
 # https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
 resource "kubernetes_namespace_v1" "aws_observability" {
diff --git a/examples/do-not-use/outputs.tf b/examples/do-not-use/outputs.tf
index 22ce2ffe7a..4317180304 100644
--- a/examples/do-not-use/outputs.tf
+++ b/examples/do-not-use/outputs.tf
@@ -88,6 +88,11 @@ output "fargate_fluentbit" {
   value       = kubernetes_config_map_v1.aws_logging
 }
 
+output "fargate_fluentbit_policy" {
+  description = "Map of attributes of the Helm release and IRSA created"
+  value       = aws_iam_policy.fargate_fluentbit
+}
+
 output "gatekeeper" {
   description = "Map of attributes of the Helm release and IRSA created"
   value       = module.gatekeeper
diff --git a/examples/fargate-serverless/README.md b/examples/fargate-serverless/README.md
index efad8b3370..c7acab770e 100644
--- a/examples/fargate-serverless/README.md
+++ b/examples/fargate-serverless/README.md
@@ -1,6 +1,6 @@
 # Serverless EKS Cluster using Fargate Profiles
 
-This example shows how to provision a serverless cluster (serverless data plane) using Fargate Profiles.
+This example shows how to provision an Amazon EKS Cluster (serverless data plane) using Fargate Profiles.
 
 This example solution provides:
 
@@ -25,6 +25,7 @@ To provision this example:
 ```sh
 terraform init
 terraform apply
+
 ```
 
 Enter `yes` at command prompt to apply
@@ -33,43 +34,148 @@ Enter `yes` at command prompt to apply
 
 The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
 
-1. Run `update-kubeconfig` command:
+1. Check the Terraform provided Output, to update your `kubeconfig`
+
+```hcl
+Apply complete! Resources: 63 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+configure_kubectl = "aws eks --region us-west-2 update-kubeconfig --name fully-private-cluster"
+```
+
+2. Run `update-kubeconfig` command, using the Terraform provided Output, replace with your `$AWS_REGION` and your `$CLUSTER_NAME` variables.
 
 ```sh
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
 ```
 
-2. Test by listing all the pods running currently. The CoreDNS pod should reach a status of `Running` after approximately 60 seconds:
+3. Test by listing Nodes in in the Cluster, you should see Fargate instances as your Cluster Nodes.
+
+
+```sh
+kubectl get nodes  
+NAME                                                STATUS   ROLES    AGE   VERSION
+fargate-ip-10-0-17-17.us-west-2.compute.internal    Ready    <none>   25m   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-20-244.us-west-2.compute.internal   Ready    <none>   71s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-41-143.us-west-2.compute.internal   Ready    <none>   25m   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-44-95.us-west-2.compute.internal    Ready    <none>   25m   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-45-153.us-west-2.compute.internal   Ready    <none>   77s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-47-31.us-west-2.compute.internal    Ready    <none>   75s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-6-175.us-west-2.compute.internal    Ready    <none>   25m   v1.26.3-eks-f4dc2c0
+```
+
+4. Test by listing all the Pods running currently. All the Pods should reach a status of `Running` after approximately 60 seconds:
 
 ```sh
 kubectl get pods -A
+NAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE
+app-2048        app-2048-65bd744dfb-7g9rx                       1/1     Running   0          2m34s
+app-2048        app-2048-65bd744dfb-nxcbm                       1/1     Running   0          2m34s
+app-2048        app-2048-65bd744dfb-z4b6z                       1/1     Running   0          2m34s
+kube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m
+kube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m
+kube-system     coredns-7b7bddbc85-jmbv6                        1/1     Running   0          26m
+kube-system     coredns-7b7bddbc85-rgmzq                        1/1     Running   0          26m
+```
+
+5. Check if the `aws-logging` configMap for Fargate Fluentbit was created.
 
-# Output should look like below
-game-2048     deployment-2048-7ff458c9f-mb5xs                 1/1     Running   0          5h23m
-game-2048     deployment-2048-7ff458c9f-qc99d                 1/1     Running   0          4h23m
-game-2048     deployment-2048-7ff458c9f-rm26f                 1/1     Running   0          4h23m
-game-2048     deployment-2048-7ff458c9f-vzjhm                 1/1     Running   0          4h23m
-game-2048     deployment-2048-7ff458c9f-xnrgh                 1/1     Running   0          4h23m
-kube-system   aws-load-balancer-controller-7b69cfcc44-49z5n   1/1     Running   0          5h42m
-kube-system   aws-load-balancer-controller-7b69cfcc44-9vhq7   1/1     Running   0          5h43m
-kube-system   coredns-7c9d764485-z247p                        1/1     Running   0          6h1m
+```sh
+kubectl -n aws-observability get configmap aws-logging -o yaml
+apiVersion: v1
+data:
+  filters.conf: |
+    [FILTER]
+      Name parser
+      Match *
+      Key_Name log
+      Parser regex
+      Preserve_Key True
+      Reserve_Data True
+  flb_log_cw: "true"
+  output.conf: |
+    [OUTPUT]
+      Name cloudwatch_logs
+      Match *
+      region us-west-2
+      log_group_name /fargate-serverless/fargate-fluentbit-logs20230509014113352200000006
+      log_stream_prefix fargate-logs-
+      auto_create_group true
+  parsers.conf: |
+    [PARSER]
+      Name regex
+      Format regex
+      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+      Time_Key time
+      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+      Time_Keep On
+      Decode_Field_As json message
+immutable: false
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2023-05-08T21:14:52Z"
+  name: aws-logging
+  namespace: aws-observability
+  resourceVersion: "1795"
+  uid: d822bcf5-a441-4996-857e-7fb1357bc07e
 ```
 
-3. Test that the sample application is now available
+You can also validate if the CloudWatch LogGroup was created accordingly, and LogStreams were populated.
 
 ```sh
-kubectl get ingress/ingress-2048 -n game-2048
+aws logs describe-log-groups --log-group-name-prefix "/fargate-serverless/fargate-fluentbit"
+{
+    "logGroups": [
+        {
+            "logGroupName": "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006",
+            "creationTime": 1683580491652,
+            "retentionInDays": 90,
+            "metricFilterCount": 0,
+            "arn": "arn:aws:logs:us-west-2:111222333444:log-group:/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006:*",
+            "storedBytes": 0
+        }
+    ]
+}
+```
 
-# Output should look like this
-NAME           CLASS   HOSTS   ADDRESS                                                                  PORTS   AGE
-ingress-2048   alb     *       k8s-game2048-ingress2-0d47205282-922438252.us-east-1.elb.amazonaws.com   80      4h28m
+```sh
+aws logs describe-log-streams --log-group-name "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006" --log-stream-name-prefix fargate-logs --query 'logStreams[].logStreamName'
+[
+    "fargate-logs-flblogs.var.log.fluent-bit.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-grjsq_kube-system_aws-load-balancer-controller-feaa22b4cdaa71ecfc8355feb81d4b61ea85598a7bb57aef07667c767c6b98e4.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-wzr46_kube-system_aws-load-balancer-controller-69075ea9ab3c7474eac2a1696d3a84a848a151420cd783d79aeef960b181567f.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-8cxvq_kube-system_coredns-9e4f3ab435269a566bcbaa606c02c146ad58508e67cef09fa87d5c09e4ac0088.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-gcjwp_kube-system_coredns-11016818361cd68c32bf8f0b1328f3d92a6d7b8cf5879bfe8b301f393cb011cc.log"
+]
 ```
 
-4. Open the browser to access the application via the ALB address http://k8s-game2048-ingress2-0d47205282-922438252.us-east-1.elb.amazonaws.com/
+6. (Optional) Test that the sample application.
+
+Create an Ingress using the AWS LoadBalancer Controller deployed with the EKS Blueprints Add-ons module, pointing to our application Service.
+
+```sh
+kubectl get svc -n app-2048
+NAME       TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
+app-2048   NodePort   172.20.33.217   <none>        80:32568/TCP   2m48s
+```
+
+```sh
+kubectl -n app-2048 create ingress app-2048 --class alb --rule="/*=app-2048:80" \
+--annotation alb.ingress.kubernetes.io/scheme=internet-facing \
+--annotation alb.ingress.kubernetes.io/target-type=ip
+```
+
+```sh
+kubectl -n app-2048 get ingress  
+NAME       CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
+app-2048   alb     *       k8s-app2048-app2048-6d9c5e92d6-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
+```
 
-⚠️ You might need to wait a few minutes, and then refresh your browser.
+Open the browser to access the application via the URL address shown in the last output in the ADDRESS column. In our example `k8s-app2048-app2048-6d9c5e92d6-1234567890.us-west-2.elb.amazonaws.com`.
 
-⚠️ If your Ingress isn't created after several minutes, then run this command to view the AWS Load Balancer Controller logs:
+> You might need to wait a few minutes, and then refresh your browser.
+> If your Ingress isn't created after several minutes, then run this command to view the AWS Load Balancer Controller logs:
 
 ```sh
 kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
@@ -80,7 +186,8 @@ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
-terraform destroy -target="module.eks" -auto-approve
+kubectl -n app-2048 delete ingress app-2048
+terraform destroy -target module.eks_blueprints_addons -auto-approve
+terraform destroy -target module.eks -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index 886ff8b302..1bf9d437fd 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -31,8 +31,9 @@ provider "helm" {
 data "aws_availability_zones" "available" {}
 
 locals {
-  name   = basename(path.cwd)
-  region = "us-west-2"
+  name     = basename(path.cwd)
+  region   = "us-west-2"
+  app_name = "app-2048"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -53,7 +54,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -77,6 +78,12 @@ module "eks" {
     }
   }
 
+  fargate_profile_defaults = {
+    iam_role_additional_policies = {
+      additional = module.eks_blueprints_addons.fargate_fluentbit_policy[0].arn
+    }
+  }
+
   tags = local.tags
 }
 
@@ -87,7 +94,8 @@ module "eks" {
 module "eks_blueprints_addons" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source = "../do-not-use"
+  #source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
@@ -135,7 +143,7 @@ module "eks_blueprints_addons" {
 
   enable_aws_load_balancer_controller = true
   aws_load_balancer_controller = {
-    set_values = [
+    set = [
       {
         name  = "vpcId"
         value = module.vpc.vpc_id
@@ -185,13 +193,13 @@ module "vpc" {
 
 resource "kubernetes_namespace_v1" "this" {
   metadata {
-    name = local.name
+    name = local.app_name
   }
 }
 
 resource "kubernetes_deployment_v1" "this" {
   metadata {
-    name      = local.name
+    name      = local.app_name
     namespace = kubernetes_namespace_v1.this.metadata[0].name
   }
 
@@ -200,14 +208,14 @@ resource "kubernetes_deployment_v1" "this" {
 
     selector {
       match_labels = {
-        "app.kubernetes.io/name" = local.name
+        "app.kubernetes.io/name" = local.app_name
       }
     }
 
     template {
       metadata {
         labels = {
-          "app.kubernetes.io/name" = local.name
+          "app.kubernetes.io/name" = local.app_name
         }
       }
 
@@ -215,7 +223,7 @@ resource "kubernetes_deployment_v1" "this" {
         container {
           image = "public.ecr.aws/l6m2t8p7/docker-2048:latest"
           # image_pull_policy = "Always"
-          name = local.name
+          name = local.app_name
 
           port {
             container_port = 80
@@ -228,13 +236,13 @@ resource "kubernetes_deployment_v1" "this" {
 
 resource "kubernetes_service_v1" "this" {
   metadata {
-    name      = local.name
+    name      = local.app_name
     namespace = kubernetes_namespace_v1.this.metadata[0].name
   }
 
   spec {
     selector = {
-      "app.kubernetes.io/name" = local.name
+      "app.kubernetes.io/name" = local.app_name
     }
 
 
@@ -248,40 +256,6 @@ resource "kubernetes_service_v1" "this" {
   }
 }
 
-resource "kubernetes_ingress_v1" "this" {
-  metadata {
-    name      = local.name
-    namespace = kubernetes_namespace_v1.this.metadata[0].name
-
-    annotations = {
-      "alb.ingress.kubernetes.io/scheme"      = "internet-facing"
-      "alb.ingress.kubernetes.io/target-type" = "ip"
-    }
-  }
-
-  spec {
-    ingress_class_name = "alb"
-
-    rule {
-      http {
-        path {
-          path      = "/"
-          path_type = "Prefix"
-
-          backend {
-            service {
-              name = local.name
-              port {
-                number = 80
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-}
-
 module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
diff --git a/examples/fully-private-cluster/README.md b/examples/fully-private-cluster/README.md
index eb8c83f16b..6e9c7adb54 100644
--- a/examples/fully-private-cluster/README.md
+++ b/examples/fully-private-cluster/README.md
@@ -1,6 +1,21 @@
 # Fully Private EKS Cluster
 
-Please see this [document](https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html) for more details on configuring fully private EKS Clusters
+This examples demonstrates how to deploy an Amazon EKS cluster that is deployed on the AWS Cloud, but doesn't have outbound internet access. For that your cluster must pull images from a container registry that's in your VPC, and also must have endpoint private access enabled. This is required for nodes to register with the cluster endpoint.
+
+Please see this [document](https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html) for more details on configuring fully private EKS Clusters.
+
+For fully Private EKS clusters requires the following VPC endpoints to be created to communicate with AWS services. This example solution will provide these endpoints if you choose to create VPC. If you are using an existing VPC then you may need to ensure these endpoints are created.
+
+    com.amazonaws.region.aps-workspaces            - For AWS Managed Prometheus Workspace
+    com.amazonaws.region.ssm                       - Secrets Management
+    com.amazonaws.region.ec2
+    com.amazonaws.region.ecr.api
+    com.amazonaws.region.ecr.dkr
+    com.amazonaws.region.logs                       – For CloudWatch Logs
+    com.amazonaws.region.sts                        – If using AWS Fargate or IAM roles for service accounts
+    com.amazonaws.region.elasticloadbalancing       – If using Application Load Balancers
+    com.amazonaws.region.autoscaling                – If using Cluster Autoscaler
+    com.amazonaws.region.s3                         – Creates S3 gateway
 
 ## Prerequisites:
 
@@ -12,6 +27,11 @@ Ensure that you have the following tools installed locally:
 
 ## Deploy
 
+Since this is a Fully Private Amazon EKS Cluster, make sure that you'll have access to the Amazon VPC where the cluster will be deployed, otherwise you won't be able to access it.
+
+For this example, we'll be using an Amazon Cloud9 environment to run Terraform and manage the Amazon EKS Cluster. The Cloud9 environment is already running in the Default VPC, we'll setup a VPC peering between the Default and the Cluster VPC in order to have access to the Kubernetes API and manage our EKS Cluster.
+
+
 To provision this example:
 
 ```sh
@@ -27,22 +47,45 @@ Enter `yes` at command prompt to apply
 
 The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
 
-1. Run `update-kubeconfig` command:
+1. Check the Terraform provided Output, to update your `kubeconfig`
+
+```hcl
+Apply complete! Resources: 63 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+configure_kubectl = "aws eks --region us-west-2 update-kubeconfig --name fully-private-cluster"
+```
+
+2. Run `update-kubeconfig` command, using the Terraform provided Output, replace with your `$AWS_REGION` and your `$CLUSTER_NAME` variables.
 
 ```sh
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
 ```
 
-2. Test by listing all the pods running currently. The CoreDNS pod should reach a status of `Running` after approximately 60 seconds:
+3. Test by listing Nodes in in the Cluster.
 
 ```sh
-kubectl get pods -A
+kubectl get nodes  
+NAME                                        STATUS   ROLES    AGE     VERSION
+ip-10-0-19-90.us-west-2.compute.internal    Ready    <none>   8m34s   v1.26.2-eks-a59e1f0
+ip-10-0-44-110.us-west-2.compute.internal   Ready    <none>   8m36s   v1.26.2-eks-a59e1f0
+ip-10-0-9-147.us-west-2.compute.internal    Ready    <none>   8m35s   v1.26.2-eks-a59e1f0
+```
+
+4. Test by listing all the Pods running currently. All the Pods should reach a status of `Running` after approximately 60 seconds:
 
-# Output should look like below
-NAMESPACE     NAME                                  READY   STATUS    RESTARTS   AGE
-kube-system   coredns-66b965946d-gd59n              1/1     Running   0          92s
-kube-system   coredns-66b965946d-tsjrm              1/1     Running   0          92s
-...
+```sh
+kubectl $ kubectl get pods -A  
+NAMESPACE     NAME                       READY   STATUS    RESTARTS   AGE
+kube-system   aws-node-jvn9x             1/1     Running   0          7m42s
+kube-system   aws-node-mnjlf             1/1     Running   0          7m45s
+kube-system   aws-node-q458h             1/1     Running   0          7m49s
+kube-system   coredns-6c45d94f67-495rr   1/1     Running   0          14m
+kube-system   coredns-6c45d94f67-5c8tc   1/1     Running   0          14m
+kube-system   kube-proxy-47wfh           1/1     Running   0          8m32s
+kube-system   kube-proxy-f6chz           1/1     Running   0          8m30s
+kube-system   kube-proxy-xcfkc           1/1     Running   0          8m31s
 ```
 
 ## Destroy
@@ -50,6 +93,5 @@ kube-system   coredns-66b965946d-tsjrm              1/1     Running   0
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target="module.eks" -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/fully-private-cluster/main.tf b/examples/fully-private-cluster/main.tf
index 75b8442af0..bda680ab01 100644
--- a/examples/fully-private-cluster/main.tf
+++ b/examples/fully-private-cluster/main.tf
@@ -27,7 +27,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name    = local.name
-  cluster_version = "1.25"
+  cluster_version = "1.26"
 
   # EKS Addons
   cluster_addons = {
@@ -45,7 +45,7 @@ module "eks" {
 
       min_size     = 1
       max_size     = 5
-      desired_size = 2
+      desired_size = 3
     }
   }
 
@@ -60,6 +60,8 @@ module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "~> 4.0"
 
+  manage_default_vpc = true
+
   name = local.name
   cidr = local.vpc_cidr
 
@@ -131,3 +133,43 @@ module "vpc_endpoints" {
 
   tags = local.tags
 }
+
+resource "aws_vpc_peering_connection" "this" {
+  peer_vpc_id = module.vpc.vpc_id
+  vpc_id      = module.vpc.default_vpc_id
+  auto_accept = true
+
+  accepter {
+    allow_remote_vpc_dns_resolution = true
+  }
+
+  requester {
+    allow_remote_vpc_dns_resolution = true
+  }
+}
+
+resource "aws_route" "default_to_eks" {
+  route_table_id            = module.vpc.default_vpc_default_route_table_id
+  destination_cidr_block    = module.vpc.vpc_cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  depends_on                = [module.vpc]
+}
+
+resource "aws_route" "eks_to_default" {
+  for_each = { for rt in module.vpc.private_route_table_ids : rt => rt }
+
+  route_table_id            = each.value
+  destination_cidr_block    = module.vpc.default_vpc_cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  depends_on                = [module.vpc]
+}
+
+resource "aws_vpc_security_group_ingress_rule" "this" {
+  for_each          = { for sg in concat([module.eks.cluster_security_group_id, module.eks.cluster_primary_security_group_id]) : sg => sg }
+  security_group_id = each.value
+
+  cidr_ipv4   = module.vpc.default_vpc_cidr_block
+  from_port   = 443
+  to_port     = 443
+  ip_protocol = "tcp"
+}
diff --git a/examples/tls-with-aws-pca-issuer/README.md b/examples/tls-with-aws-pca-issuer/README.md
index ad792db9e7..ba9a6fefd0 100644
--- a/examples/tls-with-aws-pca-issuer/README.md
+++ b/examples/tls-with-aws-pca-issuer/README.md
@@ -13,73 +13,66 @@ This example deploys the following
 
 ## How to Deploy
 
-### Prerequisites:
+## Prerequisites:
 
-Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply
+Ensure that you have the following tools installed locally:
 
-1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
-2. [Kubectl](https://Kubernetes.io/docs/tasks/tools/)
-3. [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
+1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
+2. [kubectl](https://Kubernetes.io/docs/tasks/tools/)
+3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
 
-### Deployment Steps
+## Deploy
 
-#### Step 1: Clone the repo using the command below
+To provision this example:
 
 ```sh
-git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
-```
-
-#### Step 2: Run Terraform INIT
-
-Initialize a working directory with configuration files
-
-```sh
-cd examples/tls-with-aws-pca-issuer/
 terraform init
-```
-
-#### Step 3: Run Terraform PLAN
-
-Verify the resources created by this execution
+terraform apply -target module.vpc
+terraform apply -target module.eks
+terraform apply
 
-```sh
-export AWS_REGION=<ENTER YOUR REGION>   # Select your own region
-terraform plan
 ```
 
-#### Step 4: Finally, Terraform APPLY
+Enter `yes` at command prompt to apply
 
-**Deploy the pattern**
+## Validate
 
-```sh
-terraform apply
-```
+The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
 
-Enter `yes` to apply.
+1. Check the Terraform provided Output, to update your `kubeconfig`
 
-### Configure `kubectl` and test cluster
+```hcl
+Apply complete! Resources: 63 added, 0 changed, 0 destroyed.
 
-EKS Cluster details can be extracted from terraform output or from AWS Console to get the name of cluster.
-This following command used to update the `kubeconfig` in your local machine where you run kubectl commands to interact with your EKS Cluster.
+Outputs:
 
-#### Step 5: Run `update-kubeconfig` command
-
-`~/.kube/config` file gets updated with cluster details and certificate from the below command
+configure_kubectl = "aws eks --region us-west-2 update-kubeconfig --name fully-private-cluster"
+```
 
-    $ aws eks --region <enter-your-region> update-kubeconfig --name <cluster-name>
+2. Run `update-kubeconfig` command, using the Terraform provided Output, replace with your `$AWS_REGION` and your `$CLUSTER_NAME` variables.
 
-#### Step 6: List all the worker nodes by running the command below
+```sh
+aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
+```
 
-    $ kubectl get nodes
+3. List all the pods running in `aws-privateca-issuer` and `cert-manager` Namespace.
 
-#### Step 7: List all the pods running in `aws-privateca-issuer` and `cert-manager` namespace
+```sh
+kubectl get pods -n aws-privateca-issuer
+kubectl get pods -n cert-manager
+```
 
-    $ kubectl get pods -n aws-privateca-issuer
-    $ kubectl get pods -n cert-manager
+4. View the `certificate` status in the `default` Namespace. It should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
 
-#### Step 8: View the `Certificate` status. It should be in 'Ready' state.
+```sh
+kubectl get certificate -o wide
+NAME      READY   SECRET                  ISSUER                    STATUS                                          AGE
+example   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m
 
-    $ kubectl get Certificate
+kubectl get secret example-clusterissuer
+NAME                    TYPE                DATA   AGE
+example-clusterissuer   kubernetes.io/tls   3      43m
+```
 
 ## Cleanup
 
@@ -88,13 +81,7 @@ To clean up your environment, destroy the Terraform modules in reverse order.
 Destroy the Kubernetes Add-ons, EKS cluster with Node groups and VPC
 
 ```sh
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
-terraform destroy -target="module.eks" -auto-approve
-terraform destroy -target="module.vpc" -auto-approve
-```
-
-Finally, destroy any additional resources that are not in the above modules
-
-```sh
+terraform destroy -target module.eks_blueprints_kubernetes_addons -auto-approve
+terraform destroy -target module.eks -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index 36aa78c5bc..2c1d6a4448 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -114,7 +114,9 @@ module "eks_blueprints_addons" {
   enable_cert_manager         = true
   enable_aws_privateca_issuer = true
   aws_privateca_issuer = {
-    acmca_arn = aws_acmpca_certificate_authority.this.arn
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+    namespace        = "aws-privateca-issuer"
+    create_namespace = true
   }
 
   tags = local.tags
@@ -127,7 +129,7 @@ module "eks_blueprints_addons" {
 resource "helm_release" "cert_manager_csi" {
   name             = "cert-manager-csi-driver"
   chart            = "cert-manager-csi-driver"
-  version          = "v0.4.2"
+  version          = "v0.5.0"
   repository       = "https://charts.jetstack.io"
   description      = "Cert Manager CSI Driver Add-on"
   namespace        = "cert-manager"

From 6152daa4cc82d3cabcca7ad492ffadc0c1e3d783 Mon Sep 17 00:00:00 2001
From: candonov <25967713+candonov@users.noreply.github.com>
Date: Wed, 17 May 2023 09:31:20 -0700
Subject: [PATCH 20/31] fix(chore): Argo example update (#1604)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 examples/argocd/README.md   | 124 +++++++++++++++++++-----------------
 examples/argocd/main.tf     | 111 +++++++++++++-------------------
 examples/argocd/outputs.tf  |   2 +-
 examples/argocd/versions.tf |   8 +--
 4 files changed, 114 insertions(+), 131 deletions(-)

diff --git a/examples/argocd/README.md b/examples/argocd/README.md
index 5333319d89..51c8b03c3e 100644
--- a/examples/argocd/README.md
+++ b/examples/argocd/README.md
@@ -45,7 +45,7 @@ The following command will update the `kubeconfig` on your local machine and all
 1. Run `update-kubeconfig` command:
 
     ```sh
-    aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+    aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME> --alias <CLUSTER_NAME>
     ```
 
 2. List out the pods running currently:
@@ -53,65 +53,69 @@ The following command will update the `kubeconfig` on your local machine and all
     ```sh
     kubectl get pods -A
 
-    NAMESPACE            NAME                                                         READY   STATUS    RESTARTS   AGE
-    argo-rollouts        argo-rollouts-5656b86459-jgssp                               1/1     Running   0          6m59s
-    argo-rollouts        argo-rollouts-5656b86459-kncxg                               1/1     Running   0          6m59s
-    argocd               argo-cd-argocd-application-controller-0                      1/1     Running   0          15m
-    argocd               argo-cd-argocd-applicationset-controller-9f66b8d6b-bnvqk     1/1     Running   0          15m
-    argocd               argo-cd-argocd-dex-server-66c5769c46-kxns4                   1/1     Running   0          15m
-    argocd               argo-cd-argocd-notifications-controller-74c78485d-fgh4w      1/1     Running   0          15m
-    argocd               argo-cd-argocd-repo-server-77b8c98d6f-kcq6j                  1/1     Running   0          15m
-    argocd               argo-cd-argocd-repo-server-77b8c98d6f-mt7nf                  1/1     Running   0          15m
-    argocd               argo-cd-argocd-server-849d775f7b-t2crt                       1/1     Running   0          15m
-    argocd               argo-cd-argocd-server-849d775f7b-vnwtq                       1/1     Running   0          15m
-    argocd               argo-cd-redis-ha-haproxy-578979d984-5chwx                    1/1     Running   0          15m
-    argocd               argo-cd-redis-ha-haproxy-578979d984-74qdg                    1/1     Running   0          15m
-    argocd               argo-cd-redis-ha-haproxy-578979d984-9dwf2                    1/1     Running   0          15m
-    argocd               argo-cd-redis-ha-server-0                                    4/4     Running   0          15m
-    argocd               argo-cd-redis-ha-server-1                                    4/4     Running   0          12m
-    argocd               argo-cd-redis-ha-server-2                                    4/4     Running   0          11m
-    aws-for-fluent-bit   aws-for-fluent-bit-7gwzd                                     1/1     Running   0          7m10s
-    aws-for-fluent-bit   aws-for-fluent-bit-9gzqw                                     1/1     Running   0          7m10s
-    aws-for-fluent-bit   aws-for-fluent-bit-csrgh                                     1/1     Running   0          7m10s
-    aws-for-fluent-bit   aws-for-fluent-bit-h9vtm                                     1/1     Running   0          7m10s
-    aws-for-fluent-bit   aws-for-fluent-bit-p4bmj                                     1/1     Running   0          7m10s
-    cert-manager         cert-manager-765c5d7777-k7jkk                                1/1     Running   0          7m6s
-    cert-manager         cert-manager-cainjector-6bc9d758b-kt8dm                      1/1     Running   0          7m6s
-    cert-manager         cert-manager-webhook-586d45d5ff-szkc7                        1/1     Running   0          7m6s
-    geolocationapi       geolocationapi-fbb6987f8-d22qv                               2/2     Running   0          6m15s
-    geolocationapi       geolocationapi-fbb6987f8-fqshh                               2/2     Running   0          6m15s
-    karpenter            karpenter-5d65d77779-nnsjp                                   2/2     Running   0          7m42s
-    keda                 keda-operator-676b4b8d8c-5bjmt                               1/1     Running   0          7m16s
-    keda                 keda-operator-metrics-apiserver-5d679f968c-jkhz8             1/1     Running   0          7m16s
-    kube-system          aws-node-66dl8                                               1/1     Running   0          14m
-    kube-system          aws-node-7fgks                                               1/1     Running   0          14m
-    kube-system          aws-node-828t9                                               1/1     Running   0          14m
-    kube-system          aws-node-k7phx                                               1/1     Running   0          14m
-    kube-system          aws-node-rptsc                                               1/1     Running   0          14m
-    kube-system          cluster-autoscaler-aws-cluster-autoscaler-74456d5cc9-hfqlz   1/1     Running   0          7m24s
-    kube-system          coredns-657694c6f4-kp6sm                                     1/1     Running   0          19m
-    kube-system          coredns-657694c6f4-wcqh2                                     1/1     Running   0          19m
-    kube-system          kube-proxy-6zwcj                                             1/1     Running   0          14m
-    kube-system          kube-proxy-9kkg7                                             1/1     Running   0          14m
-    kube-system          kube-proxy-q9bgv                                             1/1     Running   0          14m
-    kube-system          kube-proxy-rzndg                                             1/1     Running   0          14m
-    kube-system          kube-proxy-w86mz                                             1/1     Running   0          14m
-    kube-system          metrics-server-694d47d564-psr4s                              1/1     Running   0          6m37s
-    prometheus           prometheus-alertmanager-758597fd7-pntlj                      2/2     Running   0          7m18s
-    prometheus           prometheus-kube-state-metrics-5fd8648d78-w48p2               1/1     Running   0          7m18s
-    prometheus           prometheus-node-exporter-7wr8x                               1/1     Running   0          7m18s
-    prometheus           prometheus-node-exporter-9hjzw                               1/1     Running   0          7m19s
-    prometheus           prometheus-node-exporter-kjsxt                               1/1     Running   0          7m18s
-    prometheus           prometheus-node-exporter-mr9cx                               1/1     Running   0          7m19s
-    prometheus           prometheus-node-exporter-qmm58                               1/1     Running   0          7m19s
-    prometheus           prometheus-pushgateway-8696df5474-cv59q                      1/1     Running   0          7m18s
-    prometheus           prometheus-server-58c58c58cc-n4242                           2/2     Running   0          7m18s
-    team-burnham         nginx-66b6c48dd5-nnp9l                                       1/1     Running   0          7m39s
-    team-riker           guestbook-ui-6847557d79-lrms2                                1/1     Running   0          7m39s
-    traefik              traefik-b9955f58-pc2zp                                       1/1     Running   0          7m4s
-    vpa                  vpa-recommender-554f56647b-lcz9w                             1/1     Running   0          7m35s
-    vpa                  vpa-updater-67d6c5c7cf-b9hw4                                 1/1     Running   0          7m35s
-    yunikorn             yunikorn-scheduler-5c446fcc89-lcmmm                          2/2     Running   0          7m28s
+    NAMESPACE        NAME                                                        READY   STATUS    RESTARTS          AGE
+    argo-rollouts    argo-rollouts-5d47ccb8d4-854s6                              1/1     Running   0                 23h
+    argo-rollouts    argo-rollouts-5d47ccb8d4-srjk9                              1/1     Running   0                 23h
+    argocd           argo-cd-argocd-application-controller-0                     1/1     Running   0                 24h
+    argocd           argo-cd-argocd-applicationset-controller-547f9cfd68-kp89p   1/1     Running   0                 24h
+    argocd           argo-cd-argocd-dex-server-55765f7cd7-t8r2f                  1/1     Running   0                 24h
+    argocd           argo-cd-argocd-notifications-controller-657df4dbcb-p596r    1/1     Running   0                 24h
+    argocd           argo-cd-argocd-repo-server-7d4dddf886-2vmgt                 1/1     Running   0                 24h
+    argocd           argo-cd-argocd-repo-server-7d4dddf886-bm7tz                 1/1     Running   0                 24h
+    argocd           argo-cd-argocd-server-775ddf74b8-8jzvc                      1/1     Running   0                 24h
+    argocd           argo-cd-argocd-server-775ddf74b8-z6lz6                      1/1     Running   0                 24h
+    argocd           argo-cd-redis-ha-haproxy-6d7b7d4656-b8bt8                   1/1     Running   0                 24h
+    argocd           argo-cd-redis-ha-haproxy-6d7b7d4656-mgjx5                   1/1     Running   0                 24h
+    argocd           argo-cd-redis-ha-haproxy-6d7b7d4656-qsbgw                   1/1     Running   0                 24h
+    argocd           argo-cd-redis-ha-server-0                                   4/4     Running   0                 24h
+    argocd           argo-cd-redis-ha-server-1                                   4/4     Running   0                 24h
+    argocd           argo-cd-redis-ha-server-2                                   4/4     Running   0                 24h
+    cert-manager     cert-manager-586ccb6656-2v8mf                               1/1     Running   0                 23h
+    cert-manager     cert-manager-cainjector-99d64d795-2gwnj                     1/1     Running   0                 23h
+    cert-manager     cert-manager-webhook-8d87786cb-24kww                        1/1     Running   0                 23h
+    geolocationapi   geolocationapi-85599c5c74-rqqqs                             2/2     Running   0                 25m
+    geolocationapi   geolocationapi-85599c5c74-whsp6                             2/2     Running   0                 25m
+    geordie          downstream0-7f6ff946b6-r8sxc                                1/1     Running   0                 25m
+    geordie          downstream1-64c7db6f9-rsbk5                                 1/1     Running   0                 25m
+    geordie          frontend-646bfb947c-wshpb                                   1/1     Running   0                 25m
+    geordie          redis-server-6bd7885d5d-s7rqw                               1/1     Running   0                 25m
+    geordie          yelb-appserver-5d89946ffd-vkxt9                             1/1     Running   0                 25m
+    geordie          yelb-db-697bd9f9d9-2t4b6                                    1/1     Running   0                 25m
+    geordie          yelb-ui-75ff8b96ff-fh6bw                                    1/1     Running   0                 25m
+    karpenter        karpenter-7b99fb785d-87k6h                                  1/1     Running   0                 106m
+    karpenter        karpenter-7b99fb785d-lkq9l                                  1/1     Running   0                 106m
+    kube-system      aws-load-balancer-controller-6cf9bdbfdf-h7bzb               1/1     Running   0                 20m
+    kube-system      aws-load-balancer-controller-6cf9bdbfdf-vfbrj               1/1     Running   0                 20m
+    kube-system      aws-node-cvjmq                                              1/1     Running   0                 24h
+    kube-system      aws-node-fw7zc                                              1/1     Running   0                 24h
+    kube-system      aws-node-l7589                                              1/1     Running   0                 24h
+    kube-system      aws-node-nll82                                              1/1     Running   0                 24h
+    kube-system      aws-node-zhz8l                                              1/1     Running   0                 24h
+    kube-system      coredns-7975d6fb9b-5sf7r                                    1/1     Running   0                 24h
+    kube-system      coredns-7975d6fb9b-k78dz                                    1/1     Running   0                 24h
+    kube-system      ebs-csi-controller-5cd4944c94-7jwlb                         6/6     Running   0                 24h
+    kube-system      ebs-csi-controller-5cd4944c94-8tcsg                         6/6     Running   0                 24h
+    kube-system      ebs-csi-node-66jmx                                          3/3     Running   0                 24h
+    kube-system      ebs-csi-node-b2pw4                                          3/3     Running   0                 24h
+    kube-system      ebs-csi-node-g4v9z                                          3/3     Running   0                 24h
+    kube-system      ebs-csi-node-k7nvp                                          3/3     Running   0                 24h
+    kube-system      ebs-csi-node-tfq9q                                          3/3     Running   0                 24h
+    kube-system      kube-proxy-4x8vm                                            1/1     Running   0                 24h
+    kube-system      kube-proxy-gtlpm                                            1/1     Running   0                 24h
+    kube-system      kube-proxy-vfnbf                                            1/1     Running   0                 24h
+    kube-system      kube-proxy-z9wdh                                            1/1     Running   0                 24h
+    kube-system      kube-proxy-zzx9m                                            1/1     Running   0                 24h
+    kube-system      metrics-server-7f4db5fd87-9n6dv                             1/1     Running   0                 23h
+    kube-system      metrics-server-7f4db5fd87-t8wxg                             1/1     Running   0                 23h
+    kube-system      metrics-server-7f4db5fd87-xcxlv                             1/1     Running   0                 23h
+    team-burnham     burnham-66fccc4fb5-k4qtm                                    1/1     Running   0                 25m
+    team-burnham     burnham-66fccc4fb5-rrf4j                                    1/1     Running   0                 25m
+    team-burnham     burnham-66fccc4fb5-s9kbr                                    1/1     Running   0                 25m
+    team-burnham     nginx-7d47cfdff7-lzdjb                                      1/1     Running   0                 25m
+    team-riker       deployment-2048-6f7c78f959-h76rx                            1/1     Running   0                 25m
+    team-riker       deployment-2048-6f7c78f959-skmrr                            1/1     Running   0                 25m
+    team-riker       deployment-2048-6f7c78f959-tn9dw                            1/1     Running   0                 25m
+    team-riker       guestbook-ui-c86c478bd-zg2z4                                1/1     Running   0                 25m
     ```
 
 3. You can access the ArgoCD UI by running the following command:
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 3fcb461bb1..76bf9cd7cb 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -33,8 +33,7 @@ provider "bcrypt" {}
 data "aws_availability_zones" "available" {}
 
 locals {
-  name   = basename(path.cwd)
-  region = "us-west-2"
+  name = basename(path.cwd)
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
@@ -55,9 +54,18 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
+  # EKS Addons
+  cluster_addons = {
+    coredns    = {}
+    kube-proxy = {}
+    vpc-cni = {
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+  }
+
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -81,57 +89,46 @@ module "eks" {
 module "eks_blueprints_addons" {
   # Users should pin the version to the latest available release
   # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
-
-  cluster_name      = module.eks.cluster_name
-  cluster_endpoint  = module.eks.cluster_endpoint
-  cluster_version   = module.eks.cluster_version
-  oidc_provider_arn = module.eks.oidc_provider_arn
+  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.31.0"
+
+  eks_cluster_id        = module.eks.cluster_name
+  eks_cluster_endpoint  = module.eks.cluster_endpoint
+  eks_cluster_version   = module.eks.cluster_version
+  eks_oidc_provider     = module.eks.oidc_provider
+  eks_oidc_provider_arn = module.eks.oidc_provider_arn
+
+  enable_argocd = true
+  # This example shows how to set default ArgoCD Admin Password using SecretsManager with Helm Chart set_sensitive values.
+  argocd_helm_config = {
+    set_sensitive = [
+      {
+        name  = "configs.secret.argocdServerAdminPassword"
+        value = bcrypt_hash.argo.id
+      }
+    ]
+  }
 
-  eks_addons = {
-    aws-ebs-csi-driver = {
-      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+  argocd_manage_add_ons = true # Indicates that ArgoCD is responsible for managing/deploying add-ons
+  argocd_applications = {
+    addons = {
+      path               = "chart"
+      repo_url           = "https://github.com/aws-samples/eks-blueprints-add-ons.git"
+      add_on_application = true
     }
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    workloads = {
+      path               = "envs/dev"
+      repo_url           = "https://github.com/aws-samples/eks-blueprints-workloads.git"
+      add_on_application = false
     }
-    kube-proxy = {}
   }
 
-  # enable_argocd = true
-  # # This example shows how to set default ArgoCD Admin Password using SecretsManager with Helm Chart set_sensitive values.
-  # argocd_helm_config = {
-  #   set_sensitive = [
-  #     {
-  #       name  = "configs.secret.argocdServerAdminPassword"
-  #       value = bcrypt_hash.argo.id
-  #     }
-  #   ]
-  # }
-
-  # argocd_manage_add_ons = true # Indicates that ArgoCD is responsible for managing/deploying add-ons
-  # argocd_applications = {
-  #   addons = {
-  #     path               = "chart"
-  #     repo_url           = "https://github.com/aws-samples/eks-blueprints-add-ons.git"
-  #     add_on_application = true
-  #   }
-  #   workloads = {
-  #     path               = "envs/dev"
-  #     repo_url           = "https://github.com/aws-samples/eks-blueprints-workloads.git"
-  #     add_on_application = false
-  #   }
-  # }
-
   # Add-ons
-  enable_aws_for_fluentbit = true
-  # Let fluentbit create the cw log group
-  enable_cert_manager   = true
-  enable_karpenter      = true
-  enable_metrics_server = true
-  enable_vpa            = true
-  enable_argo_rollouts  = true
+  enable_amazon_eks_aws_ebs_csi_driver = true
+  enable_aws_load_balancer_controller  = true
+  enable_cert_manager                  = true
+  enable_karpenter                     = true
+  enable_metrics_server                = true
+  enable_argo_rollouts                 = true
 
   tags = local.tags
 }
@@ -192,24 +189,6 @@ module "vpc" {
   tags = local.tags
 }
 
-module "ebs_csi_driver_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
-
-  attach_ebs_csi_policy = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
-    }
-  }
-
-  tags = local.tags
-}
-
 module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.14"
diff --git a/examples/argocd/outputs.tf b/examples/argocd/outputs.tf
index c624023e90..d79912bf44 100644
--- a/examples/argocd/outputs.tf
+++ b/examples/argocd/outputs.tf
@@ -1,4 +1,4 @@
 output "configure_kubectl" {
   description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
+  value       = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name}"
 }
diff --git a/examples/argocd/versions.tf b/examples/argocd/versions.tf
index bd247274fc..24fef0882a 100644
--- a/examples/argocd/versions.tf
+++ b/examples/argocd/versions.tf
@@ -4,19 +4,19 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.66"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 2.20"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
     }
     random = {
       source  = "hashicorp/random"
-      version = "3.3.2"
+      version = "3.5.1"
     }
     bcrypt = {
       source  = "viktorradnai/bcrypt"

From 10ee0fd06f600ec14bdc8784c64cd9de4fa7cc9a Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Mon, 22 May 2023 11:45:53 -0400
Subject: [PATCH 21/31] feat: Test ipv6 example (#1584)

Update ipv6 example
---
 .pre-commit-config.yaml                       |  2 +-
 .../do-not-use/docs/aws-efs-csi-driver.md     |  1 -
 .../docs/aws-load-balancer-controller.md      |  4 ++--
 .../do-not-use/docs/aws-private-ca-issuer.md  |  2 +-
 examples/do-not-use/docs/cert-manager.md      |  6 +++---
 examples/do-not-use/docs/fargate-fluentbit.md |  2 +-
 examples/ipv6-eks-cluster/README.md           |  2 --
 examples/ipv6-eks-cluster/main.tf             | 21 ++++++++++---------
 8 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1adb378661..a59ad6e315 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.78.0
+    rev: v1.79.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
diff --git a/examples/do-not-use/docs/aws-efs-csi-driver.md b/examples/do-not-use/docs/aws-efs-csi-driver.md
index 7be5b4ce25..4a4155682c 100644
--- a/examples/do-not-use/docs/aws-efs-csi-driver.md
+++ b/examples/do-not-use/docs/aws-efs-csi-driver.md
@@ -40,4 +40,3 @@ You can optionally customize the Helm chart that deploys the driver via the foll
     role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
   }
 ```
-
diff --git a/examples/do-not-use/docs/aws-load-balancer-controller.md b/examples/do-not-use/docs/aws-load-balancer-controller.md
index 132a44ec04..afe8ff2362 100644
--- a/examples/do-not-use/docs/aws-load-balancer-controller.md
+++ b/examples/do-not-use/docs/aws-load-balancer-controller.md
@@ -2,7 +2,7 @@
 
 [AWS Load Balancer Controller ](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.
 
-## Usage 
+## Usage
 
 In order to deploy the AWS Load Balancer Controller Addon via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
 
@@ -83,4 +83,4 @@ example-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us
 
 [GitHub Repo](https://github.com/kubernetes-sigs/aws-load-balancer-controller/)
 [Helm Chart](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller)
-[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
\ No newline at end of file
+[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
diff --git a/examples/do-not-use/docs/aws-private-ca-issuer.md b/examples/do-not-use/docs/aws-private-ca-issuer.md
index 101aea6839..d7a5bd4638 100644
--- a/examples/do-not-use/docs/aws-private-ca-issuer.md
+++ b/examples/do-not-use/docs/aws-private-ca-issuer.md
@@ -62,4 +62,4 @@ example-clusterissuer   kubernetes.io/tls   3      43m
 
 [GitHub Repo](https://github.com/cert-manager/aws-privateca-issuer)
 [Helm Chart](https://github.com/cert-manager/aws-privateca-issuer/tree/main/charts/aws-pca-issuer)
-[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html)
\ No newline at end of file
+[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html)
diff --git a/examples/do-not-use/docs/cert-manager.md b/examples/do-not-use/docs/cert-manager.md
index 813095bea4..9c69f67d82 100644
--- a/examples/do-not-use/docs/cert-manager.md
+++ b/examples/do-not-use/docs/cert-manager.md
@@ -8,7 +8,7 @@ To deploy cert-manager Add-on via [EKS Blueprints Addons](https://github.com/aws
 
 ```hcl
 module "eks_blueprints_addons" {
-    
+
   enable_cert_manager         = true
 }
 ```
@@ -84,7 +84,7 @@ kubectl get certificate -o wide
 NAME      READY   SECRET           ISSUER                      STATUS                                          AGE
 example   True    example-secret   selfsigned-cluster-issuer   Certificate is up to date and has not expired   44s
 
-kubectl get secret example-secret 
+kubectl get secret example-secret
 NAME             TYPE                DATA   AGE
 example-secret   kubernetes.io/tls   3      70s
 ```
@@ -92,4 +92,4 @@ example-secret   kubernetes.io/tls   3      70s
 ## Resources
 
 [GitHub Repo](https://github.com/cert-manager/cert-manager)
-[Helm Chart](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/)
\ No newline at end of file
+[Helm Chart](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/)
diff --git a/examples/do-not-use/docs/fargate-fluentbit.md b/examples/do-not-use/docs/fargate-fluentbit.md
index ed6f1ba197..4aca457c21 100644
--- a/examples/do-not-use/docs/fargate-fluentbit.md
+++ b/examples/do-not-use/docs/fargate-fluentbit.md
@@ -104,4 +104,4 @@ aws logs describe-log-streams --log-group-name "/fargate-serverless/fargate-flue
 ## Resources
 
 [AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html)
-[Fluent Bit for Amazon EKS on AWS Fargate Blog Post](https://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/)
\ No newline at end of file
+[Fluent Bit for Amazon EKS on AWS Fargate Blog Post](https://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/)
diff --git a/examples/ipv6-eks-cluster/README.md b/examples/ipv6-eks-cluster/README.md
index 996b968c42..d9bb1e71aa 100644
--- a/examples/ipv6-eks-cluster/README.md
+++ b/examples/ipv6-eks-cluster/README.md
@@ -62,7 +62,5 @@ ip-10-0-12-188.us-west-2.compute.internal   Ready    <none>   4m57s   v1.24.7-ek
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
-terraform destroy -target="module.eks" -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/ipv6-eks-cluster/main.tf b/examples/ipv6-eks-cluster/main.tf
index 293eceb76a..d1fa32aaa5 100644
--- a/examples/ipv6-eks-cluster/main.tf
+++ b/examples/ipv6-eks-cluster/main.tf
@@ -53,17 +53,11 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.26"
   cluster_endpoint_public_access = true
 
   # IPV6
-  cluster_ip_family = "ipv6"
-
-  # We are using the IRSA created below for permissions
-  # However, we have to deploy with the policy attached FIRST (when creating a fresh cluster)
-  # and then turn this off after the cluster/node group is created. Without this initial policy,
-  # the VPC CNI fails to assign IPs and nodes cannot join the cluster
-  # See https://github.com/aws/containers-roadmap/issues/1666 for more context
+  cluster_ip_family          = "ipv6"
   create_cni_ipv6_iam_policy = true
 
   cluster_addons = {
@@ -103,8 +97,15 @@ module "vpc" {
   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
 
-  enable_nat_gateway = true
-  single_nat_gateway = true
+  enable_nat_gateway     = true
+  single_nat_gateway     = true
+  enable_ipv6            = true
+  create_egress_only_igw = true
+
+  public_subnet_ipv6_prefixes                    = [0, 1, 2]
+  public_subnet_assign_ipv6_address_on_creation  = true
+  private_subnet_ipv6_prefixes                   = [3, 4, 5]
+  private_subnet_assign_ipv6_address_on_creation = true
 
   public_subnet_tags = {
     "kubernetes.io/role/elb" = 1

From 352bfc7190dfb3f8d885bec068ea754f9bdd4e69 Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Wed, 24 May 2023 16:20:39 -0400
Subject: [PATCH 22/31] feat: Update v5 docs for gatekeeper, vpa, nginx (#1613)

Signed-off-by: Carlos Santana <csantana23@gmail.com>
---
 examples/do-not-use/docs/gatekeeper.md | 28 +++++++++++++++++++
 examples/do-not-use/docs/nginx.md      | 38 ++++++++++++++++++++++++++
 examples/do-not-use/docs/velero.md     |  4 +--
 examples/do-not-use/docs/vpa.md        | 28 +++++++++++++++++++
 examples/do-not-use/variables.tf       |  4 +--
 5 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 examples/do-not-use/docs/gatekeeper.md
 create mode 100644 examples/do-not-use/docs/nginx.md
 create mode 100644 examples/do-not-use/docs/vpa.md

diff --git a/examples/do-not-use/docs/gatekeeper.md b/examples/do-not-use/docs/gatekeeper.md
new file mode 100644
index 0000000000..e159a169a3
--- /dev/null
+++ b/examples/do-not-use/docs/gatekeeper.md
@@ -0,0 +1,28 @@
+# Gatekeeper
+
+Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.
+
+For complete project documentation, please visit the [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/).
+For reference templates refer [Templates](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper/templates)
+
+## Usage
+
+Gatekeeper can be deployed by enabling the add-on via the following.
+
+```hcl
+enable_gatekeeper = true
+```
+
+You can also customize the Helm chart that deploys `gatekeeper` via the following configuration:
+
+```hcl
+  enable_gatekeeper = true
+
+  gatekeeper = {
+    name          = "gatekeeper"
+    chart_version = "3.12.0"
+    repository    = "https://open-policy-agent.github.io/gatekeeper/charts"
+    namespace     = "gatekeeper-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+```
diff --git a/examples/do-not-use/docs/nginx.md b/examples/do-not-use/docs/nginx.md
new file mode 100644
index 0000000000..fc68acdd39
--- /dev/null
+++ b/examples/do-not-use/docs/nginx.md
@@ -0,0 +1,38 @@
+# Nginx
+
+This add-on installs [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/) on Amazon EKS. The Nginx ingress controller uses [Nginx](https://www.nginx.org/) as a reverse proxy and load balancer.
+
+Other than handling Kubernetes ingress objects, this ingress controller can facilitate multi-tenancy and segregation of workload ingresses based on host name (host-based routing) and/or URL Path (path based routing).
+
+## Usage
+
+Nginx Ingress Controller can be deployed by enabling the add-on via the following.
+
+```hcl
+enable_ingress_nginx = true
+```
+
+You can also customize the Helm chart that deploys `ingress-nginx` via the following configuration:
+
+```sh
+$ kubectl get pods -n ingress-nginx
+NAME                                       READY   STATUS    RESTARTS   AGE
+ingress-nginx-controller-f6c55fdc8-8bt2z   1/1     Running   0          44m
+```
+
+Note that the ingress controller is deployed in the `ingress-nginx` namespace.
+
+You can optionally customize the Helm chart that deploys `nginx` via the following configuration.
+
+```hcl
+  enable_ingress_nginx = true
+
+  ingress_nginx = {
+    name          = "ingress-nginx"
+    chart_version = "4.6.1"
+    repository    = "https://kubernetes.github.io/ingress-nginx"
+    namespace     = "ingress-nginx"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+```
diff --git a/examples/do-not-use/docs/velero.md b/examples/do-not-use/docs/velero.md
index 028a7e5a6a..4fff0ca57c 100644
--- a/examples/do-not-use/docs/velero.md
+++ b/examples/do-not-use/docs/velero.md
@@ -21,14 +21,14 @@ You can also customize the Helm chart that deploys `velero` via the following co
 
 ```hcl
 enable_velero           = true
+
 velero = {
   name          = "velero"
   description   = "A Helm chart for velero"
-  chart         = "velero"
   chart_version = "3.1.6"
   repository    = "https://vmware-tanzu.github.io/helm-charts/"
   namespace     = "velero"
-  values        = <EXTRA_HELM_VALUES>
+  values        = [templatefile("${path.module}/values.yaml", {})]
 }
 ```
 
diff --git a/examples/do-not-use/docs/vpa.md b/examples/do-not-use/docs/vpa.md
new file mode 100644
index 0000000000..751ccb37a4
--- /dev/null
+++ b/examples/do-not-use/docs/vpa.md
@@ -0,0 +1,28 @@
+# Vertical Pod Autoscaler
+[VPA](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help "right size" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.
+
+NOTE: Metrics Server add-on is a dependency for this addon
+
+## Usage
+
+This step deploys the Vertical Pod Autoscaler with default Helm Chart config
+
+```hcl
+  enable_vpa            = true
+  enable_metrics_server = true
+```
+
+You can also customize the Helm chart that deploys `vpa` via the following configuration:
+
+```hcl
+  enable_vpa = true
+  enable_metrics_server = true
+
+  vpa = {
+    name          = "vpa"
+    chart_version = "1.7.5"
+    repository    = "https://charts.fairwinds.com/stable"
+    namespace     = "vpa"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+```
diff --git a/examples/do-not-use/variables.tf b/examples/do-not-use/variables.tf
index b445835bbe..b3b8302911 100644
--- a/examples/do-not-use/variables.tf
+++ b/examples/do-not-use/variables.tf
@@ -374,8 +374,8 @@ variable "enable_gatekeeper" {
 
 variable "gatekeeper" {
   description = "Gatekeeper add-on configuration"
-  type        = bool
-  default     = false
+  type        = any
+  default     = {}
 }
 
 ################################################################################

From 1be5f74302abdbf1a65e3581aa17edc0265deba0 Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Thu, 25 May 2023 13:00:50 -0400
Subject: [PATCH 23/31] feat: Update aws-cloudwatch-metrics module (#1615)

---
 .../do-not-use/docs/aws-cloudwatch-metrics.md | 30 +++++++++++++++++++
 examples/do-not-use/main.tf                   |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 examples/do-not-use/docs/aws-cloudwatch-metrics.md

diff --git a/examples/do-not-use/docs/aws-cloudwatch-metrics.md b/examples/do-not-use/docs/aws-cloudwatch-metrics.md
new file mode 100644
index 0000000000..030c0f221c
--- /dev/null
+++ b/examples/do-not-use/docs/aws-cloudwatch-metrics.md
@@ -0,0 +1,30 @@
+# AWS CloudWatch Metrics
+
+Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.
+
+Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.
+
+## Usage
+
+[aws-cloudwatch-metrics](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-cloudwatch-metrics) can be deployed by enabling the add-on via the following.
+
+```hcl
+enable_aws_cloudwatch_metrics = true
+```
+
+You can also customize the Helm chart that deploys `aws-cloudwatch-metrics` via the following configuration:
+
+
+```hcl
+  enable_aws_cloudwatch_metrics        = true
+
+  aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"]
+  aws_cloudwatch_metrics   = {
+    role_policies = ["IAM Policies"]  # extra policies in addition of CloudWatchAgentServerPolicy
+    name          = "aws-cloudwatch-metrics"
+    repository    = "https://aws.github.io/eks-charts"
+    chart_version = "0.0.9"
+    namespace     = "amazon-cloudwatch"
+    values        = [templatefile("${path.module}/values.yaml", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here
+  }
+```
diff --git a/examples/do-not-use/main.tf b/examples/do-not-use/main.tf
index e45754dd5e..83c95cdbca 100644
--- a/examples/do-not-use/main.tf
+++ b/examples/do-not-use/main.tf
@@ -245,7 +245,7 @@ module "aws_cloudwatch_metrics" {
   namespace        = try(var.aws_cloudwatch_metrics.namespace, "amazon-cloudwatch")
   create_namespace = try(var.aws_cloudwatch_metrics.create_namespace, true)
   chart            = "aws-cloudwatch-metrics"
-  chart_version    = try(var.aws_cloudwatch_metrics.chart_version, "0.0.8")
+  chart_version    = try(var.aws_cloudwatch_metrics.chart_version, "0.0.9")
   repository       = try(var.aws_cloudwatch_metrics.repository, "https://aws.github.io/eks-charts")
   values           = try(var.aws_cloudwatch_metrics.values, [])
 

From 287283b528bb7204c8e355887a60755526161fea Mon Sep 17 00:00:00 2001
From: Frank Carta <fcarta@byteknowledge.com>
Date: Thu, 25 May 2023 11:30:18 -0700
Subject: [PATCH 24/31] refactor: Removing amp-amg-opensearch example until it
 is improved (#1616)

Co-authored-by: Frank Carta <fcarta@amazon.com>
---
 examples/amp-amg-opensearch/README.md         | 179 ----------
 examples/amp-amg-opensearch/data.tf           |  46 ---
 .../helm_values/aws-for-fluentbit-values.yaml |  19 --
 examples/amp-amg-opensearch/main.tf           | 322 ------------------
 examples/amp-amg-opensearch/outputs.tf        |  20 --
 examples/amp-amg-opensearch/variables.tf      |  31 --
 examples/amp-amg-opensearch/versions.tf       |  29 --
 7 files changed, 646 deletions(-)
 delete mode 100644 examples/amp-amg-opensearch/README.md
 delete mode 100644 examples/amp-amg-opensearch/data.tf
 delete mode 100644 examples/amp-amg-opensearch/helm_values/aws-for-fluentbit-values.yaml
 delete mode 100644 examples/amp-amg-opensearch/main.tf
 delete mode 100644 examples/amp-amg-opensearch/outputs.tf
 delete mode 100644 examples/amp-amg-opensearch/variables.tf
 delete mode 100644 examples/amp-amg-opensearch/versions.tf

diff --git a/examples/amp-amg-opensearch/README.md b/examples/amp-amg-opensearch/README.md
deleted file mode 100644
index a796475318..0000000000
--- a/examples/amp-amg-opensearch/README.md
+++ /dev/null
@@ -1,179 +0,0 @@
-# Observability pattern with EKS Cluster, Amazon Managed Prometheus, Amazon Managed Grafana and Amazon Open Search Service
-
-This example demonstrates how to use the Amazon EKS Blueprints for Terraform to deploy a new Amazon EKS Cluster with Prometheus server for metrics and AWS Fluent Bit for logs. Outside of the EKS cluster, it also provisions Amazon Managed Prometheus, Amazon OpenSearch Service within a VPC, and integrates Amazon Managed Prometheus with Amazon Managed Grafana. It also deploys a bastion host to let us test OpenSearch. Lastly, it includes a sample workload, provisioned with ArgoCD, to generate logs and metrics.
-
-Prometheus server collects these metrics and writes to remote Amazon Managed Prometheus endpoint via `remote write` config property. Amazon Managed Grafana is used to visualize the metrics in dashboards by leveraging Amazon Managed Prometheus workspace as a data source.
-
-AWS FluentBit Addon is configured to collect the container logs from EKS Cluster nodes and write to Amazon Open Search service.
-
-**NOTE**
-
-For the sake of simplicity in this example, we store sensitive information and credentials in `dev.tfvars`. This should not be done in a production environment. Instead, use an external secret store such as AWS Secrets Manager and use the [aws_secretsmanager_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) data source to retrieve them.
-
-Checkout additional observability patterns at the [AWS Observability Accelerator for Terraform](https://github.com/aws-observability/terraform-aws-observability-accelerator)
-
-## How to Deploy
-
-### Prerequisites
-
-- Terraform
-- An AWS Account
-- kubectl
-- awscli
-- jq
-- An existing Amazon Managed Grafana workspace.
-  - As of this writing (February 3, 2022), the AWS Terraform Provider does not support Amazon Managed Grafana, so it must be manually created beforehand. Follow the instructions [here](https://docs.aws.amazon.com/grafana/latest/userguide/getting-started-with-AMG.html) to deploy an Amazon Managed Grafana workspace.
-
-#### Generate a Grafana API Key
-
-- Give admin access to the SSO user you set up when creating the Amazon Managed Grafana Workspace:
-  - In the AWS Console, navigate to Amazon Grafana. In the left navigation bar, click **All workspaces**, then click on the workspace name you are using for this example.
-  - Under **Authentication** within **AWS Single Sign-On (SSO)**, click **Configure users and user groups**
-  - Check the box next to the SSO user you created and click **Make admin**
-- Navigate back to the Grafana Dashboard. If you don't see the gear icon in the left navigation bar, log out and log back in.
-- Click on the gear icon, then click on the **API keys** tab.
-- Click **Add API key**, fill in the _Key name_ field and select _Admin_ as the Role.
-- Copy your API key into `dev.tfvars` under `grafana_api_key`
-
-### Deployment Steps
-
-- Clone this repository:
-
-```
-git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
-```
-
-- Initialize a working directory
-
-```
-terraform init
-```
-
-- Fill-in the values for the variables in `dev.tfvars`
-  - The password for OpenSearch must be a minimum of eight characters with at least one uppercase, one lowercase, one digit, and one special character.
-  - If the `AWSServiceRoleForAmazonElasticsearchService` role already exists in your account, set `create_iam_service_linked_role = false`.
-- Verify the resources created by this execution:
-
-```
-export AWS_REGION=<ENTER YOUR REGION>   # Select your own region
-terraform validate
-terraform plan -var-file=dev.tfvars
-```
-
-- Deploy resources:
-
-```
-terraform apply -var-file=dev.tfvars --auto-approve
-```
-
-- Add the cluster to your kubeconfig:
-
-```
-aws eks --region $AWS_REGION update-kubeconfig --name aws001-preprod-observability-eks
-```
-
-`terraform apply` will provision a new EKS cluster with Fluent Bit, Prometheus, and a sample workload. It will also provision Amazon Managed Prometheus to ingest metrics from Prometheus, an Amazon OpenSearch service domain for ingesting logs from Fluent Bit, and a bastion host so we can test OpenSearch.
-
----
-
-**NOTE**
-
-This example automatically generates a key-pair for you and saves the private key to your current directory to make the next steps simpler. In production workloads, it is best practice to use your own key-pair instead of using Terraform to generate one for you.
-
----
-
-#### Verify that the Resources Deployed Successfully
-
-- Check that the bastion host we use to test OpenSearch is running in the EC2 Console.
-
-- Check that the status of OpenSearch is green:
-  Navigate to Amazon OpenSearch in the AWS Console and select the **opensearch** domain. Verify that _Cluster Health_ under _General Information_ lists Green.
-
-- Verify that Amazon Managed Prometheus workspace was created successfully:
-
-  - Check the status of Amazon Managed Prometheus workspace through the AWS console.
-
-- Check that Prometheus Server is healthy:
-
-  - The following command gets the pod that is running the Prometheus server and sets up port fowarding to http://localhost:8080
-
-  ```
-  kubectl port-forward $(kubectl get pods --namespace=prometheus --selector='component=server' --output=name) 8080:9090 -n prometheus
-  ```
-
-  - Navigate to http://localhost:8080 and confirm that the dashboard webpage loads.
-  - Press `CTRL+C` to stop port forwarding.
-
-- To check that Fluent Bit is working:
-
-  - Fluent Bit is provisioned properly if you see the option to add an index pattern while following the steps for the section below named **Set up an Index Pattern in OpenSearch to Explore Log Data**
-
-- Check that the sample workload is running:
-  - Run the command below, then navigate to http://localhost:4040 and confirm the webpage loads.
-
-```
-kubectl port-forward svc/guestbook-ui -n team-riker 4040:80
-```
-
-#### Map the Fluent Bit Role as a Backend Role in OpenSearch
-
-OpenSearch roles are the core method for controlling access within your OpenSearch cluster. Backend roles are a method for mapping an external identity (such as an IAM role) to an OpenSearch role. Mapping the external identity to an OpenSearch role allows that identity to gain the permissions of that role. Here we map the Fluent Bit IAM role as a backend role to OpenSearch's _all_access_ role. This gives the Fluent Bit IAM role permission to send logs to OpenSearch. Read more about OpenSearch roles [here](https://opensearch.org/docs/latest/security-plugin/access-control/users-roles/).
-
-- In a different terminal window, navigate back to the example directory and establish and SSH tunnel from https://localhost:9200 to your OpenSearch Service domain through the bastion host:
-  - Because we provisioned OpenSearch within our VPC, we connect to a bastion host with an SSH tunnel to test and access our OpenSearch endpoints. Refer to the [Amazon OpenSearch Developer Guide](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html#vpc-test) for more information.
-  - For connecting with additional access control using Amazon Cognito, see this [page](https://aws.amazon.com/premiumsupport/knowledge-center/opensearch-outside-vpc-ssh/).
-
-```
-export PRIVATE_KEY_FILE=bastion_host_private_key.pem
-export BASTION_HOST_IP=$(terraform output -raw bastion_host_public_ip)
-export OS_VPC_ENDPOINT=$(terraform output -raw opensearch_vpc_endpoint)
-ssh -i $PRIVATE_KEY_FILE ec2-user@$BASTION_HOST_IP -N -L "9200:${OS_VPC_ENDPOINT}:443"
-```
-
-- Back in your first terminal window:
-
-```
-export BASTION_HOST_IP=$(terraform output -raw bastion_host_public_ip)
-export OS_DOMAIN_USER=$(terraform output -raw opensearch_user)
-export OS_DOMAIN_PASSWORD=$(terraform output -raw opensearch_pw)
-export FLUENTBIT_ROLE="arn:aws:iam::$(aws sts get-caller-identity | jq -r '.Account'):role/aws001-preprod-observability-eks-aws-for-fluent-bit-sa-irsa"
-
-curl  --insecure -sS -u "${OS_DOMAIN_USER}:${OS_DOMAIN_PASSWORD}" \
-    -X PATCH \
-    https://localhost:9200/_opendistro/_security/api/rolesmapping/all_access?pretty \
-    -H 'Content-Type: application/json' \
-    -d'
-[
-  {
-    "op": "add", "path": "/backend_roles", "value": ["'${FLUENTBIT_ROLE}'"]
-  }
-]
-'
-```
-
-#### Set up an Index Pattern in OpenSearch Dashboards to Explore Log Data
-
-You must set up an index pattern before you can explore data in the OpenSearch Dashboards. An index pattern selects which data to use. Read more about index patterns [here](https://www.elastic.co/guide/en/kibana/current/index-patterns.html).
-
-- Follow the steps outlined in **Configure the SOCKS proxy** and **Create the SSH tunnel** sections of this [Knowledge Center](https://aws.amazon.com/premiumsupport/knowledge-center/opensearch-outside-vpc-ssh/) article to establish a SOCKS5 tunnel from localhost to OpenSearch via the bastion host.
-- Log into the AWS console, navigate to Amazon OpenSearch Service, click on the "opensearch" domain and click on the link under **OpenSearch Dashboards URL** to access the OpenSearch Dashboards.
-- Log into the OpenSearch Dashboards with the credentials you set in `dev.tfvars`
-- From the OpenSearch Dashboards Welcome screen select **Explore on my own**
-- On _Select your tenant_ screen, select Private and click **Confirm**
-- On the next screen click on the _OpenSearch Dashboards_ tile
-- Click **Add your data**
-- Click **Create index Pattern**
-- Add **\*fluent-bit\*** as the Index pattern and click **Next step**
-- Select **@timestamp** as the Time filter field name and close the Configuration window by clicking on **Create index pattern**
-- Select **Discover** from the left panel and start exploring the logs
-
-## Cleanup
-
-- Run `terraform destroy -var-file=dev.tfvars` to remove all resources except for your Amazon Managed Grafana workspace.
-- Delete your Amazon Managed Grafana workspace through the AWS console.
-- Delete the private key file: `bastion_host_private_key.pem`.
-
-## Troubleshooting
-
-- When running `terraform apply` or `terraform destroy`, the process will sometimes time-out. If that happens, run the command again and the operation will continue where it left off.
-- If your connection times out when trying to establish an SSH tunnel with the bastion host, check that you are disconnected from any VPNs.
diff --git a/examples/amp-amg-opensearch/data.tf b/examples/amp-amg-opensearch/data.tf
deleted file mode 100644
index 0e94faaac5..0000000000
--- a/examples/amp-amg-opensearch/data.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-data "aws_caller_identity" "current" {}
-
-data "aws_iam_policy_document" "fluentbit_opensearch_access" {
-  # Identity Based Policy specifies a list of IAM permissions
-  # that principal has against OpenSearch service API
-  # ref: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-types-identity
-  statement {
-    sid       = "OpenSearchAccess"
-    effect    = "Allow"
-    resources = ["${aws_elasticsearch_domain.opensearch.arn}/*"]
-    actions   = ["es:ESHttp*"]
-  }
-}
-
-data "aws_iam_policy_document" "opensearch_access_policy" {
-  # This is the resource-based policy that allows to set access permissions on OpenSearch level
-  # To be working properly the client must support IAM (SDK, fluent-bit with sigv4, etc.) Browsers don't do IAM.
-  # ref: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-types-resource
-  statement {
-    sid       = "WriteDomainLevelAccessToOpenSearch"
-    effect    = "Allow"
-    resources = ["${aws_elasticsearch_domain.opensearch.arn}/*"] # this can be an index prefix like '/foo-*'
-    actions = [                                                  #ref: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html#ac-reference
-      "es:ESHttpPost",
-      "es:ESHttpPut"
-    ]
-    principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/amp-amg-opensearch-aws-for-fluent-bit-sa-irsa"]
-    }
-  }
-
-  statement {
-    sid    = "AdminDomainLevelAccessToOpenSearch"
-    effect = "Allow"
-    resources = [
-      aws_elasticsearch_domain.opensearch.arn,
-      "${aws_elasticsearch_domain.opensearch.arn}/*",
-    ]
-    actions = ["es:*"]
-    principals {
-      type        = "*"
-      identifiers = ["*"] # must be set to wildcard when clients can't sign sigv4 or pass IAM to OpenSearch (aka browsers)
-    }
-  }
-}
diff --git a/examples/amp-amg-opensearch/helm_values/aws-for-fluentbit-values.yaml b/examples/amp-amg-opensearch/helm_values/aws-for-fluentbit-values.yaml
deleted file mode 100644
index 581819e18c..0000000000
--- a/examples/amp-amg-opensearch/helm_values/aws-for-fluentbit-values.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-serviceAccount:
-  create: false
-  name: "aws-for-fluent-bit-sa"
-
-elasticsearch:
-  enabled: true
-  match: "*"
-  awsRegion: ${aws_region}
-  host: ${host}
-
-# These plugins are not used in this example. They are enabled by default if not explicitly disabled
-firehose:
-  enabled: false
-
-kinesis:
-  enabled: false
-
-cloudWatch:
-  enabled: false
diff --git a/examples/amp-amg-opensearch/main.tf b/examples/amp-amg-opensearch/main.tf
deleted file mode 100644
index 544e6fc1f4..0000000000
--- a/examples/amp-amg-opensearch/main.tf
+++ /dev/null
@@ -1,322 +0,0 @@
-provider "aws" {
-  region = local.region
-}
-
-provider "kubernetes" {
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-
-  exec {
-    api_version = "client.authentication.k8s.io/v1beta1"
-    command     = "aws"
-    # This requires the awscli to be installed locally where Terraform is executed
-    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
-  }
-}
-
-provider "helm" {
-  kubernetes {
-    host                   = module.eks.cluster_endpoint
-    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-
-    exec {
-      api_version = "client.authentication.k8s.io/v1beta1"
-      command     = "aws"
-      # This requires the awscli to be installed locally where Terraform is executed
-      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
-    }
-  }
-}
-provider "grafana" {
-  url  = var.grafana_endpoint
-  auth = var.grafana_api_key
-}
-
-data "aws_availability_zones" "available" {}
-
-locals {
-  name   = basename(path.cwd)
-  region = "us-west-2"
-
-  cluster_version = "1.25"
-
-  vpc_cidr = "10.0.0.0/16"
-  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
-
-  tags = {
-    Blueprint  = local.name
-    GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
-  }
-}
-
-################################################################################
-# Cluster
-################################################################################
-
-#tfsec:ignore:aws-eks-enable-control-plane-logging
-module "eks" {
-  source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.13"
-
-  cluster_name                   = local.name
-  cluster_version                = local.cluster_version
-  cluster_endpoint_public_access = true
-
-  vpc_id     = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnets
-
-  eks_managed_node_groups = {
-    initial = {
-      instance_types = ["m5.large"]
-
-      min_size     = 1
-      max_size     = 5
-      desired_size = 2
-    }
-  }
-
-  tags = local.tags
-}
-
-################################################################################
-# EKS Blueprints Addons
-################################################################################
-
-module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
-
-  cluster_name      = module.eks.cluster_name
-  cluster_endpoint  = module.eks.cluster_endpoint
-  cluster_version   = module.eks.cluster_version
-  oidc_provider_arn = module.eks.oidc_provider_arn
-
-  # EKS Add-ons
-  eks_addons = {
-    aws-ebs-csi-driver = {
-      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
-    }
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
-    kube-proxy = {}
-  }
-
-  # Add-ons
-  enable_metrics_server     = true
-  enable_cluster_autoscaler = true
-  enable_aws_for_fluentbit  = true
-  aws_for_fluentbit = {
-    role_policies = [aws_iam_policy.fluentbit_opensearch_access.arn]
-    values = [templatefile("${path.module}/helm_values/aws-for-fluentbit-values.yaml", {
-      aws_region = local.region
-      host       = aws_elasticsearch_domain.opensearch.endpoint
-    })]
-  }
-
-  # enable_prometheus                    = true
-  # enable_amazon_prometheus             = true
-  # amazon_prometheus_workspace_endpoint = module.managed_prometheus.workspace_prometheus_endpoint
-
-  tags = local.tags
-}
-
-#---------------------------------------------------------------
-# Configure AMP as a Grafana Data Source
-#---------------------------------------------------------------
-resource "grafana_data_source" "prometheus" {
-  type       = "prometheus"
-  name       = "amp"
-  is_default = true
-  url        = module.managed_prometheus.workspace_prometheus_endpoint
-
-  json_data {
-    http_method     = "POST"
-    sigv4_auth      = true
-    sigv4_auth_type = "workspace-iam-role"
-    sigv4_region    = local.region
-  }
-}
-
-#---------------------------------------------------------------
-# Provision OpenSearch and Allow Access
-#---------------------------------------------------------------
-#tfsec:ignore:aws-elastic-search-enable-domain-logging
-resource "aws_elasticsearch_domain" "opensearch" {
-  domain_name           = "opensearch"
-  elasticsearch_version = "OpenSearch_1.3"
-
-  cluster_config {
-    instance_type          = "m6g.large.elasticsearch"
-    instance_count         = 3
-    zone_awareness_enabled = true
-
-    zone_awareness_config {
-      availability_zone_count = 3
-    }
-  }
-
-  node_to_node_encryption {
-    enabled = true
-  }
-
-  domain_endpoint_options {
-    enforce_https       = true
-    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
-  }
-
-  encrypt_at_rest {
-    enabled = true
-  }
-
-  ebs_options {
-    ebs_enabled = true
-    volume_size = 10
-  }
-
-  advanced_security_options {
-    enabled                        = false
-    internal_user_database_enabled = true
-
-    master_user_options {
-      master_user_name     = var.opensearch_dashboard_user
-      master_user_password = var.opensearch_dashboard_pw
-    }
-  }
-
-  vpc_options {
-    subnet_ids         = module.vpc.public_subnets
-    security_group_ids = [aws_security_group.opensearch_access.id]
-  }
-
-  depends_on = [
-    aws_iam_service_linked_role.opensearch
-  ]
-
-  tags = local.tags
-}
-
-resource "aws_iam_service_linked_role" "opensearch" {
-  count            = var.create_iam_service_linked_role == true ? 1 : 0
-  aws_service_name = "es.amazonaws.com"
-}
-
-resource "aws_iam_policy" "fluentbit_opensearch_access" {
-  name        = "fluentbit_opensearch_access"
-  description = "IAM policy to allow Fluentbit access to OpenSearch"
-  policy      = data.aws_iam_policy_document.fluentbit_opensearch_access.json
-}
-
-resource "aws_elasticsearch_domain_policy" "opensearch_access_policy" {
-  domain_name     = aws_elasticsearch_domain.opensearch.domain_name
-  access_policies = data.aws_iam_policy_document.opensearch_access_policy.json
-}
-
-resource "aws_security_group" "opensearch_access" {
-  vpc_id      = module.vpc.vpc_id
-  description = "OpenSearch access"
-
-  ingress {
-    description = "host access to OpenSearch"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    self        = true
-  }
-
-  ingress {
-    description = "allow instances in the VPC (like EKS) to communicate with OpenSearch"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-
-    cidr_blocks = [module.vpc.vpc_cidr_block]
-  }
-
-  egress {
-    description = "Allow all outbound access"
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
-  }
-
-  tags = local.tags
-}
-
-################################################################################
-# Supporting Resources
-################################################################################
-
-module "managed_prometheus" {
-  source  = "terraform-aws-modules/managed-service-prometheus/aws"
-  version = "~> 2.1"
-
-  workspace_alias = local.name
-
-  tags = local.tags
-}
-
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
-
-  name = local.name
-  cidr = local.vpc_cidr
-
-  azs             = local.azs
-  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
-  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
-
-  enable_nat_gateway = true
-  single_nat_gateway = true
-
-  public_subnet_tags = {
-    "kubernetes.io/role/elb" = 1
-  }
-
-  private_subnet_tags = {
-    "kubernetes.io/role/internal-elb" = 1
-  }
-
-  tags = local.tags
-}
-
-module "ebs_csi_driver_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
-
-  attach_ebs_csi_policy = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
-    }
-  }
-
-  tags = local.tags
-}
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/amp-amg-opensearch/outputs.tf b/examples/amp-amg-opensearch/outputs.tf
deleted file mode 100644
index d82e1c7f1e..0000000000
--- a/examples/amp-amg-opensearch/outputs.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-output "opensearch_pw" {
-  description = "Amazon OpenSearch Service Domain password"
-  value       = var.opensearch_dashboard_pw
-  sensitive   = true
-}
-
-output "opensearch_user" {
-  description = "Amazon OpenSearch Service Domain username"
-  value       = var.opensearch_dashboard_user
-}
-
-output "opensearch_vpc_endpoint" {
-  description = "Amazon OpenSearch Service Domain-specific endpoint"
-  value       = aws_elasticsearch_domain.opensearch.endpoint
-}
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
-}
diff --git a/examples/amp-amg-opensearch/variables.tf b/examples/amp-amg-opensearch/variables.tf
deleted file mode 100644
index 52d29445df..0000000000
--- a/examples/amp-amg-opensearch/variables.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-variable "grafana_endpoint" {
-  description = "Grafana endpoint"
-  type        = string
-  default     = "https://example.com"
-}
-
-variable "grafana_api_key" {
-  description = "Api key for authorizing the Grafana provider to make changes to Amazon Managed Grafana"
-  type        = string
-  default     = ""
-  sensitive   = true
-}
-
-variable "opensearch_dashboard_user" {
-  description = "OpenSearch dashboard user"
-  type        = string
-  default     = ""
-}
-
-variable "opensearch_dashboard_pw" {
-  description = "OpenSearch dashboard user password"
-  type        = string
-  default     = ""
-  sensitive   = true
-}
-
-variable "create_iam_service_linked_role" {
-  description = "Whether to create the AWSServiceRoleForAmazonElasticsearchService role used by the OpenSearch service"
-  type        = bool
-  default     = true
-}
diff --git a/examples/amp-amg-opensearch/versions.tf b/examples/amp-amg-opensearch/versions.tf
deleted file mode 100644
index 123e505f1d..0000000000
--- a/examples/amp-amg-opensearch/versions.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.47"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.8"
-    }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.34"
-    }
-  }
-
-  # ##  Used for end-to-end testing on project; update to suit your needs
-  # backend "s3" {
-  #   bucket = "terraform-ssp-github-actions-state"
-  #   region = "us-west-2"
-  #   key    = "e2e/amp-amg-opensearch/terraform.tfstate"
-  # }
-}

From b30013561cb12880fdcb55a065333a3784a5015c Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Thu, 25 May 2023 19:17:55 -0400
Subject: [PATCH 25/31] chore: Replace localy copy of addons module with
 published version (#1617)

---
 .pre-commit-config.yaml                       |   10 +-
 examples/agones-game-controller/main.tf       |    5 +-
 examples/agones-game-controller/versions.tf   |    2 +-
 examples/appmesh-mtls/main.tf                 |    5 +-
 examples/appmesh-mtls/versions.tf             |    2 +-
 examples/argocd/main.tf                       |    3 +-
 examples/argocd/versions.tf                   |    2 +-
 .../modules/eks_cluster/main.tf               |   24 +-
 .../modules/eks_cluster/variables.tf          |   18 -
 examples/do-not-use/README.md                 |    5 -
 .../do-not-use/docs/aws-cloudwatch-metrics.md |   30 -
 .../do-not-use/docs/aws-efs-csi-driver.md     |   42 -
 .../docs/aws-load-balancer-controller.md      |   86 -
 .../do-not-use/docs/aws-private-ca-issuer.md  |   65 -
 examples/do-not-use/docs/cert-manager.md      |   95 -
 examples/do-not-use/docs/fargate-fluentbit.md |  107 -
 examples/do-not-use/docs/gatekeeper.md        |   28 -
 examples/do-not-use/docs/karpenter.md         |   99 -
 examples/do-not-use/docs/nginx.md             |   38 -
 examples/do-not-use/docs/velero.md            |  163 -
 examples/do-not-use/docs/vpa.md               |   28 -
 examples/do-not-use/main.tf                   | 3066 -----------------
 examples/do-not-use/outputs.tf                |  146 -
 examples/do-not-use/variables.tf              |  525 ---
 examples/do-not-use/versions.tf               |   18 -
 examples/external-secrets/main.tf             |   12 +-
 examples/external-secrets/versions.tf         |    2 +-
 examples/fargate-serverless/main.tf           |    8 +-
 examples/fargate-serverless/versions.tf       |    2 +-
 examples/fully-private-cluster/versions.tf    |    2 +-
 examples/ipv4-prefix-delegation/versions.tf   |    2 +-
 examples/ipv6-eks-cluster/versions.tf         |    2 +-
 examples/karpenter/main.tf                    |    3 +-
 examples/karpenter/versions.tf                |    2 +-
 examples/multi-tenancy-with-teams/versions.tf |    2 +-
 examples/stateful/main.tf                     |    5 +-
 examples/stateful/versions.tf                 |    2 +-
 examples/tls-with-aws-pca-issuer/main.tf      |    5 +-
 examples/tls-with-aws-pca-issuer/versions.tf  |    2 +-
 .../vpc-cni-custom-networking/versions.tf     |    2 +-
 examples/wireguard-with-cilium/versions.tf    |    2 +-
 41 files changed, 41 insertions(+), 4626 deletions(-)
 delete mode 100644 examples/do-not-use/README.md
 delete mode 100644 examples/do-not-use/docs/aws-cloudwatch-metrics.md
 delete mode 100644 examples/do-not-use/docs/aws-efs-csi-driver.md
 delete mode 100644 examples/do-not-use/docs/aws-load-balancer-controller.md
 delete mode 100644 examples/do-not-use/docs/aws-private-ca-issuer.md
 delete mode 100644 examples/do-not-use/docs/cert-manager.md
 delete mode 100644 examples/do-not-use/docs/fargate-fluentbit.md
 delete mode 100644 examples/do-not-use/docs/gatekeeper.md
 delete mode 100644 examples/do-not-use/docs/karpenter.md
 delete mode 100644 examples/do-not-use/docs/nginx.md
 delete mode 100644 examples/do-not-use/docs/velero.md
 delete mode 100644 examples/do-not-use/docs/vpa.md
 delete mode 100644 examples/do-not-use/main.tf
 delete mode 100644 examples/do-not-use/outputs.tf
 delete mode 100644 examples/do-not-use/variables.tf
 delete mode 100644 examples/do-not-use/versions.tf

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a59ad6e315..8a58cc720b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -33,8 +33,8 @@ repos:
           - '--args=--only=terraform_workspace_remote'
       - id: terraform_validate
         exclude: deploy
-      - id: terraform_tfsec
-        files: ^examples/ # only scan `examples/*` which are the implementation
-        args:
-          - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
-          - --args=--concise-output
+      # - id: terraform_tfsec
+      #   files: ^examples/ # only scan `examples/*` which are the implementation
+      #   args:
+      #     - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
+      #     - --args=--concise-output
diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 485311bc60..6e8c36fdda 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -95,9 +95,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/agones-game-controller/versions.tf b/examples/agones-game-controller/versions.tf
index 7d1c18b4b2..d89e94b43b 100644
--- a/examples/agones-game-controller/versions.tf
+++ b/examples/agones-game-controller/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 9b616e092b..67bd07a23d 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -94,9 +94,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/appmesh-mtls/versions.tf b/examples/appmesh-mtls/versions.tf
index ccd94bcc24..56ca0fff60 100644
--- a/examples/appmesh-mtls/versions.tf
+++ b/examples/appmesh-mtls/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 76bf9cd7cb..8945f12d98 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -33,7 +33,8 @@ provider "bcrypt" {}
 data "aws_availability_zones" "available" {}
 
 locals {
-  name = basename(path.cwd)
+  name   = basename(path.cwd)
+  region = "us-west-2"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
diff --git a/examples/argocd/versions.tf b/examples/argocd/versions.tf
index 24fef0882a..6d0c2ca7d3 100644
--- a/examples/argocd/versions.tf
+++ b/examples/argocd/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.66"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
index ef00cde9a9..b412954fbf 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/main.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/main.tf
@@ -1,24 +1,13 @@
 locals {
-  core_stack_name   = var.core_stack_name
   suffix_stack_name = var.suffix_stack_name
 
-  env  = "dev" # use to suffix some kubernetes objects
-  name = "${var.core_stack_name}-${local.suffix_stack_name}"
-
-  eks_cluster_domain = "${local.core_stack_name}.${var.hosted_zone_name}" # for external-dns
-
+  name            = "${var.core_stack_name}-${local.suffix_stack_name}"
   cluster_version = var.cluster_version
 
-  # Route 53 Ingress Weights
-  argocd_route53_weight      = var.argocd_route53_weight
-  route53_weight             = var.route53_weight
-  ecsfrontend_route53_weight = var.ecsfrontend_route53_weight
-
   tag_val_vpc            = var.vpc_tag_value == "" ? var.core_stack_name : var.vpc_tag_value
   tag_val_private_subnet = var.vpc_tag_value == "" ? "${var.core_stack_name}-private-" : var.vpc_tag_value
 
-  node_group_name            = "managed-ondemand"
-  argocd_secret_manager_name = var.argocd_secret_manager_name_suffix
+  node_group_name = "managed-ondemand"
 
   # #---------------------------------------------------------------
   # # ARGOCD ADD-ON APPLICATION
@@ -189,15 +178,6 @@ data "aws_route53_zone" "sub" {
   name = "${var.core_stack_name}.${var.hosted_zone_name}"
 }
 
-
-data "aws_secretsmanager_secret" "argocd" {
-  name = "${local.argocd_secret_manager_name}.${local.core_stack_name}"
-}
-
-data "aws_secretsmanager_secret_version" "admin_password_version" {
-  secret_id = data.aws_secretsmanager_secret.argocd.id
-}
-
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
diff --git a/examples/blue-green-upgrade/modules/eks_cluster/variables.tf b/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
index 5e7bbd9857..24cbceccaf 100644
--- a/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
+++ b/examples/blue-green-upgrade/modules/eks_cluster/variables.tf
@@ -82,21 +82,3 @@ variable "vpc_tag_value" {
   type        = string
   default     = ""
 }
-
-variable "argocd_route53_weight" {
-  description = "The Route53 weighted records weight for argocd application"
-  type        = string
-  default     = "0"
-}
-
-variable "ecsfrontend_route53_weight" {
-  description = "The Route53 weighted records weight for ecsdeo-frontend application"
-  type        = string
-  default     = "0"
-}
-
-variable "route53_weight" {
-  description = "The Route53 weighted records weight for others application"
-  type        = string
-  default     = "0"
-}
diff --git a/examples/do-not-use/README.md b/examples/do-not-use/README.md
deleted file mode 100644
index 18d28c3ec3..0000000000
--- a/examples/do-not-use/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# DO NOT USE
-
-This is a local copy of https://github.com/aws-ia/terraform-aws-eks-blueprints-addons to speed up testing and validation of both the examples provided here and the addons defined in the addons repository.
-
-Once all addons and examples have been validated, we will sync the changes from here back up to https://github.com/aws-ia/terraform-aws-eks-blueprints-addons
diff --git a/examples/do-not-use/docs/aws-cloudwatch-metrics.md b/examples/do-not-use/docs/aws-cloudwatch-metrics.md
deleted file mode 100644
index 030c0f221c..0000000000
--- a/examples/do-not-use/docs/aws-cloudwatch-metrics.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# AWS CloudWatch Metrics
-
-Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.
-
-Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.
-
-## Usage
-
-[aws-cloudwatch-metrics](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-cloudwatch-metrics) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_aws_cloudwatch_metrics = true
-```
-
-You can also customize the Helm chart that deploys `aws-cloudwatch-metrics` via the following configuration:
-
-
-```hcl
-  enable_aws_cloudwatch_metrics        = true
-
-  aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"]
-  aws_cloudwatch_metrics   = {
-    role_policies = ["IAM Policies"]  # extra policies in addition of CloudWatchAgentServerPolicy
-    name          = "aws-cloudwatch-metrics"
-    repository    = "https://aws.github.io/eks-charts"
-    chart_version = "0.0.9"
-    namespace     = "amazon-cloudwatch"
-    values        = [templatefile("${path.module}/values.yaml", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here
-  }
-```
diff --git a/examples/do-not-use/docs/aws-efs-csi-driver.md b/examples/do-not-use/docs/aws-efs-csi-driver.md
deleted file mode 100644
index 4a4155682c..0000000000
--- a/examples/do-not-use/docs/aws-efs-csi-driver.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# AWS EFS CSI Driver
-
-This add-on deploys the [AWS EFS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) into an EKS cluster.
-
-## Usage
-
-The [AWS EFS CSI driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-efs-csi-driver) can be deployed by enabling the add-on via the following. Check out the full [example](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/examples/stateful/main.tf) to deploy an EKS Cluster with EFS backing the dynamic provisioning of persistent volumes.
-
-```hcl
-  enable_aws_efs_csi_driver = true
-```
-
-Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace.
-
-```sh
-$ kubectl get deployment efs-csi-controller -n kube-system
-
-NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
-efs-csi-controller   2/2     2            2           4m29s
-```
-
-```sh
-$ kubectl get daemonset efs-csi-node -n kube-system
-
-NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
-efs-csi-node   3         3         3       3            3           beta.kubernetes.io/os=linux   4m32s
-```
-
-You can optionally customize the Helm chart that deploys the driver via the following configuration.
-
-```hcl
-  enable_aws_efs_csi_driver = true
-
-  # Optional aws_efs_csi_driver_helm_config
-  aws_efs_csi_driver = {
-    repository     = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
-    chart_version  = "2.4.1"
-  }
-  aws_efs_csi_driver {
-    role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
-  }
-```
diff --git a/examples/do-not-use/docs/aws-load-balancer-controller.md b/examples/do-not-use/docs/aws-load-balancer-controller.md
deleted file mode 100644
index afe8ff2362..0000000000
--- a/examples/do-not-use/docs/aws-load-balancer-controller.md
+++ /dev/null
@@ -1,86 +0,0 @@
-# AWS Load Balancer Controller.
-
-[AWS Load Balancer Controller ](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.
-
-## Usage
-
-In order to deploy the AWS Load Balancer Controller Addon via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
-
-```hcl
-module "eks_blueprints_addons" {
-
-  enable_aws_load_balancer_controller = true
-  aws_load_balancer_controller = {
-    set = [
-      {
-        name  = "vpcId"
-        value = module.vpc.vpc_id
-      },
-      {
-        name  = "podDisruptionBudget.maxUnavailable"
-        value = 1
-      },
-    ]
-  }
-```
-### Helm Chart customization
-
-It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
-
-```hcl
-  aws_load_balancer_controller = {
-    set = [
-      {
-        name  = "vpcId"
-        value = module.vpc.vpc_id
-      },
-      {
-        name  = "podDisruptionBudget.maxUnavailable"
-        value = 1
-      },
-      {
-        name  = "resources.requests.cpu"
-        value = 100m
-      },
-      {
-        name  = "resources.requests.memory"
-        value = 128Mi
-      },
-    ]
-  }
-}
-```
-
-You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml).
-
-
-## Validate
-
-1. To validate the deployment, check if the `aws-load-balancer-controller` Pods were created in the `kube-system` Namespace, as the following example.
-
-```sh
-kubectl -n kube-system get pods | grep aws-load-balancer-controller
-NAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE
-kube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m
-kube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m
-```
-
-2. Create a Kubernetes Ingress, using the `alb` IngressClass, pointing to an existing Service. In this example we'll use a Service called `example-svc`.
-
-```sh
-kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \
---annotation alb.ingress.kubernetes.io/scheme=internet-facing \
---annotation alb.ingress.kubernetes.io/target-type=ip
-```
-
-```sh
-kubectl get ingress  
-NAME                CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
-example-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
-```
-
-## Resources
-
-[GitHub Repo](https://github.com/kubernetes-sigs/aws-load-balancer-controller/)
-[Helm Chart](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller)
-[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
diff --git a/examples/do-not-use/docs/aws-private-ca-issuer.md b/examples/do-not-use/docs/aws-private-ca-issuer.md
deleted file mode 100644
index d7a5bd4638..0000000000
--- a/examples/do-not-use/docs/aws-private-ca-issuer.md
+++ /dev/null
@@ -1,65 +0,0 @@
-# AWS Private CA (PCA) Issuer
-
-[AWS Private CA](https://aws.amazon.com/private-ca/) is an AWS service that can setup and manage private CAs, as well as issue private certifiates. This Add-on deployes the AWS Private CA Issuer as an [external issuer](https://cert-manager.io/docs/configuration/external/) to **cert-manager** that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster.
-
-## Usage
-
-### Pre-requisites
-
-To deploy the AWS PCA, you need to install cert-manager first, refer to this [documentation](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons/docs/cert-manager.md) to do it through EKS Blueprints Addons.
-
-### Deployment
-
-With **cert-manager** deployed in place, you can deploy the AWS Private CA Issuer Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
-
-```hcl
-module "eks_blueprints_addons" {
-
-  enable_cert_manager         = true
-  enable_aws_privateca_issuer = true
-  aws_privateca_issuer = {
-    acmca_arn        = aws_acmpca_certificate_authority.this.arn
-  }
-}
-```
-
-### Helm Chart customization
-
-It's possible to customize your deployment using the Helm Chart parameters inside the `aws_load_balancer_controller` configuration block:
-
-```hcl
-  aws_privateca_issuer = {
-    acmca_arn        = aws_acmpca_certificate_authority.this.arn
-    namespace        = "aws-privateca-issuer"
-    create_namespace = true
-  }
-```
-
-You can find all available Helm Chart parameter values [here](https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/values.yaml).
-
-## Validation
-
-1. List all the pods running in `aws-privateca-issuer` and `cert-manager` Namespace.
-
-```sh
-kubectl get pods -n aws-privateca-issuer
-kubectl get pods -n cert-manager
-```
-
-2. Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
-
-```sh
-kubectl get certificate -o wide
-NAME      READY   SECRET                  ISSUER                    STATUS                                          AGE
-example   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m
-
-kubectl get secret example-clusterissuer
-NAME                    TYPE                DATA   AGE
-example-clusterissuer   kubernetes.io/tls   3      43m
-```
-
-## Resources
-
-[GitHub Repo](https://github.com/cert-manager/aws-privateca-issuer)
-[Helm Chart](https://github.com/cert-manager/aws-privateca-issuer/tree/main/charts/aws-pca-issuer)
-[AWS Docs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaKubernetes.html)
diff --git a/examples/do-not-use/docs/cert-manager.md b/examples/do-not-use/docs/cert-manager.md
deleted file mode 100644
index 9c69f67d82..0000000000
--- a/examples/do-not-use/docs/cert-manager.md
+++ /dev/null
@@ -1,95 +0,0 @@
-# Certificate Manager
-
-[Cert-manager](https://cert-manager.io/) is a X.509 certificate controller for Kubernetes-like workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. This Add-on deploys this controller in an Amazon EKS Cluster.
-
-## Usage
-
-To deploy cert-manager Add-on via [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), reference the following parameters under the `module.eks_blueprints_addons`.
-
-```hcl
-module "eks_blueprints_addons" {
-
-  enable_cert_manager         = true
-}
-```
-
-### Helm Chart customization
-
-It's possible to customize your deployment using the Helm Chart parameters inside the `cert-manager` configuration block:
-
-```hcl
-  cert-manager = {
-    chart_version    = "v1.11.1"
-    namespace        = "cert-manager"
-    create_namespace = true
-  }
-```
-
-You can find all available Helm Chart parameter values [here]https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
-
-## Validation
-
-1. Validate if the Cert-Manger Pods are Running.
-
-```sh
-kubectl -n cert-manager get pods
-NAME                                      READY   STATUS    RESTARTS   AGE
-cert-manager-5989bcc87-96qvf              1/1     Running   0          2m49s
-cert-manager-cainjector-9b44ddb68-8c7b9   1/1     Running   0          2m49s
-cert-manager-webhook-776b65456-k6br4      1/1     Running   0          2m49s
-```
-
-2. Create a SelfSigned ClusterIssuer resource in the cluster.
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-cluster-issuer
-spec:
-  selfSigned: {}
-```
-
-```sh
-kubectl get clusterissuers -o wide selfsigned-cluster-issuer
-NAME                        READY   STATUS   AGE
-selfsigned-cluster-issuer   True             3m
-```
-
-2. Create a Certificate in a given Namespace.
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: example
-  namespace: default
-spec:
-  isCA: true
-  commonName: example
-  secretName: example-secret
-  privateKey:
-    algorithm: ECDSA
-    size: 256
-  issuerRef:
-    name: selfsigned-cluster-issuer
-    kind: ClusterIssuer
-    group: cert-manager.io
-```
-
-3.  Check the `certificate` status in it should be in `Ready` state, and be pointing to a `secret` created in the same Namespace.
-
-```sh
-kubectl get certificate -o wide
-NAME      READY   SECRET           ISSUER                      STATUS                                          AGE
-example   True    example-secret   selfsigned-cluster-issuer   Certificate is up to date and has not expired   44s
-
-kubectl get secret example-secret
-NAME             TYPE                DATA   AGE
-example-secret   kubernetes.io/tls   3      70s
-```
-
-## Resources
-
-[GitHub Repo](https://github.com/cert-manager/cert-manager)
-[Helm Chart](https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/)
diff --git a/examples/do-not-use/docs/fargate-fluentbit.md b/examples/do-not-use/docs/fargate-fluentbit.md
deleted file mode 100644
index 4aca457c21..0000000000
--- a/examples/do-not-use/docs/fargate-fluentbit.md
+++ /dev/null
@@ -1,107 +0,0 @@
-# Fargate Fluentbit
-
-Amazon EKS on Fargate offers a built-in log router based on Fluent Bit. This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you. All that you have to do is configure the log router. The configuration happens through a dedicated ConfigMap, that is deployed via this Add-on.
-
-## Usage
-
-To configure the Fargate Fluentbit ConfigMap via the [EKS Blueprints Addons](https://github.com/aws-ia/terraform-aws-eks-blueprints-addons), just reference the following parameters under the `module.eks_blueprints_addons`.
-
-```hcl
-module "eks_blueprints_addons" {
-
-  enable_fargate_fluentbit = true
-  fargate_fluentbit = {
-    flb_log_cw = true
-  }
-}
-```
-
-It's possible to customize the CloudWatch Log Group parameters in the `fargate_fluentbit_cw_log_group` configuration block:
-
-```hcl
-  fargate_fluentbit_cw_log_group = {
-
-  name              = "existing-log-group"
-  name_prefix       = "dev-environment-logs"
-  retention_in_days = 7
-  kms_key_id        = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
-  skip_destroy      = true
-```
-
-## Validation
-
-1. Check if the `aws-logging` configMap for Fargate Fluentbit was created.
-
-```sh
-kubectl -n aws-observability get configmap aws-logging -o yaml
-apiVersion: v1
-data:
-  filters.conf: |
-    [FILTER]
-      Name parser
-      Match *
-      Key_Name log
-      Parser regex
-      Preserve_Key True
-      Reserve_Data True
-  flb_log_cw: "true"
-  output.conf: |
-    [OUTPUT]
-      Name cloudwatch_logs
-      Match *
-      region us-west-2
-      log_group_name /fargate-serverless/fargate-fluentbit-logs20230509014113352200000006
-      log_stream_prefix fargate-logs-
-      auto_create_group true
-  parsers.conf: |
-    [PARSER]
-      Name regex
-      Format regex
-      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
-      Time_Key time
-      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
-      Time_Keep On
-      Decode_Field_As json message
-immutable: false
-kind: ConfigMap
-metadata:
-  creationTimestamp: "2023-05-08T21:14:52Z"
-  name: aws-logging
-  namespace: aws-observability
-  resourceVersion: "1795"
-  uid: d822bcf5-a441-4996-857e-7fb1357bc07e
-```
-
-2. Validate if the CloudWatch LogGroup was created accordingly, and LogStreams were populated.
-
-```sh
-aws logs describe-log-groups --log-group-name-prefix "/fargate-serverless/fargate-fluentbit"
-{
-    "logGroups": [
-        {
-            "logGroupName": "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006",
-            "creationTime": 1683580491652,
-            "retentionInDays": 90,
-            "metricFilterCount": 0,
-            "arn": "arn:aws:logs:us-west-2:111122223333:log-group:/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006:*",
-            "storedBytes": 0
-        }
-    ]
-}
-```
-
-```sh
-aws logs describe-log-streams --log-group-name "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006" --log-stream-name-prefix fargate-logs --query 'logStreams[].logStreamName'
-[
-    "fargate-logs-flblogs.var.log.fluent-bit.log",
-    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-grjsq_kube-system_aws-load-balancer-controller-feaa22b4cdaa71ecfc8355feb81d4b61ea85598a7bb57aef07667c767c6b98e4.log",
-    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-wzr46_kube-system_aws-load-balancer-controller-69075ea9ab3c7474eac2a1696d3a84a848a151420cd783d79aeef960b181567f.log",
-    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-8cxvq_kube-system_coredns-9e4f3ab435269a566bcbaa606c02c146ad58508e67cef09fa87d5c09e4ac0088.log",
-    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-gcjwp_kube-system_coredns-11016818361cd68c32bf8f0b1328f3d92a6d7b8cf5879bfe8b301f393cb011cc.log"
-]
-```
-
-## Resources
-
-[AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html)
-[Fluent Bit for Amazon EKS on AWS Fargate Blog Post](https://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/)
diff --git a/examples/do-not-use/docs/gatekeeper.md b/examples/do-not-use/docs/gatekeeper.md
deleted file mode 100644
index e159a169a3..0000000000
--- a/examples/do-not-use/docs/gatekeeper.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# Gatekeeper
-
-Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.
-
-For complete project documentation, please visit the [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/).
-For reference templates refer [Templates](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper/templates)
-
-## Usage
-
-Gatekeeper can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_gatekeeper = true
-```
-
-You can also customize the Helm chart that deploys `gatekeeper` via the following configuration:
-
-```hcl
-  enable_gatekeeper = true
-
-  gatekeeper = {
-    name          = "gatekeeper"
-    chart_version = "3.12.0"
-    repository    = "https://open-policy-agent.github.io/gatekeeper/charts"
-    namespace     = "gatekeeper-system"
-    values        = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
diff --git a/examples/do-not-use/docs/karpenter.md b/examples/do-not-use/docs/karpenter.md
deleted file mode 100644
index 61fb291bb1..0000000000
--- a/examples/do-not-use/docs/karpenter.md
+++ /dev/null
@@ -1,99 +0,0 @@
-# Karpenter
-
-## Prerequisites
-
-If deploying a node template that uses `spot`, please ensure you have the Spot service linked role available in your account. You can run the following command to ensure this role is available:
-
-```sh
-aws iam create-service-linked-role --aws-service-name spot.amazonaws.com || true
-```
-
-## Validate
-
-The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the CoreDNS deployment for Fargate.
-
-1. Run `update-kubeconfig` command:
-
-```sh
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
-```
-
-2. Test by listing all the pods running currently
-
-```sh
-kubectl get pods -n karpenter
-
-# Output should look similar to below
-NAME                         READY   STATUS    RESTARTS   AGE
-karpenter-6f97df4f77-5nqsk   1/1     Running   0          3m28s
-karpenter-6f97df4f77-n7fkf   1/1     Running   0          3m28s
-```
-
-3. View the current nodes - this example utilizes EKS Fargate for hosting the Karpenter controller so only Fargate nodes are present currently:
-
-```sh
-kubectl get nodes
-
-# Output should look similar to below
-NAME                                                STATUS   ROLES    AGE     VERSION
-fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   2m56s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   2m57s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   2m34s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   2m33s   v1.26.3-eks-f4dc2c0
-```
-
-4. Create a sample `pause` deployment to demonstrate scaling:
-
-```sh
-kubectl apply -f - <<EOF
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-    name: inflate
-spec:
-    replicas: 0
-    selector:
-    matchLabels:
-        app: inflate
-    template:
-    metadata:
-        labels:
-        app: inflate
-    spec:
-        terminationGracePeriodSeconds: 0
-        containers:
-        - name: inflate
-            image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
-            resources:
-            requests:
-                cpu: 1
-EOF
-```
-
-5. Scale up the sample `pause` deployment to see Karpenter respond by provisioning nodes to support the workload:
-
-```sh
-kubectl scale deployment inflate --replicas 5
-# To view logs
-# kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller
-```
-
-6. Re-check the nodes, you will now see a new EC2 node provisioned to support the scaled workload:
-
-```sh
-kubectl get nodes
-
-# Output should look similar to below
-NAME                                                STATUS   ROLES    AGE     VERSION
-fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   5m15s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   5m16s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   4m53s   v1.26.3-eks-f4dc2c0
-fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   4m52s   v1.26.3-eks-f4dc2c0
-ip-10-0-1-184.us-west-2.compute.internal            Ready    <none>   26s     v1.26.2-eks-a59e1f0 # <= new EC2 node launched
-```
-
-7. Remove the sample `pause` deployment:
-
-```sh
-kubectl delete deployment inflate
-```
diff --git a/examples/do-not-use/docs/nginx.md b/examples/do-not-use/docs/nginx.md
deleted file mode 100644
index fc68acdd39..0000000000
--- a/examples/do-not-use/docs/nginx.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Nginx
-
-This add-on installs [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/) on Amazon EKS. The Nginx ingress controller uses [Nginx](https://www.nginx.org/) as a reverse proxy and load balancer.
-
-Other than handling Kubernetes ingress objects, this ingress controller can facilitate multi-tenancy and segregation of workload ingresses based on host name (host-based routing) and/or URL Path (path based routing).
-
-## Usage
-
-Nginx Ingress Controller can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_ingress_nginx = true
-```
-
-You can also customize the Helm chart that deploys `ingress-nginx` via the following configuration:
-
-```sh
-$ kubectl get pods -n ingress-nginx
-NAME                                       READY   STATUS    RESTARTS   AGE
-ingress-nginx-controller-f6c55fdc8-8bt2z   1/1     Running   0          44m
-```
-
-Note that the ingress controller is deployed in the `ingress-nginx` namespace.
-
-You can optionally customize the Helm chart that deploys `nginx` via the following configuration.
-
-```hcl
-  enable_ingress_nginx = true
-
-  ingress_nginx = {
-    name          = "ingress-nginx"
-    chart_version = "4.6.1"
-    repository    = "https://kubernetes.github.io/ingress-nginx"
-    namespace     = "ingress-nginx"
-    values        = [templatefile("${path.module}/values.yaml", {})]
-  }
-
-```
diff --git a/examples/do-not-use/docs/velero.md b/examples/do-not-use/docs/velero.md
deleted file mode 100644
index 4fff0ca57c..0000000000
--- a/examples/do-not-use/docs/velero.md
+++ /dev/null
@@ -1,163 +0,0 @@
-# Velero
-
-[Velero](https://velero.io/) is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.
-
-- [Helm chart](https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero)
-- [Plugin for AWS](https://github.com/vmware-tanzu/velero-plugin-for-aws)
-
-## Usage
-
-[Velero](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/velero) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_velero           = true
-velero_backup_s3_bucket = "<YOUR_BUCKET_NAME>"
-velero = {
-    s3_backup_location = "<YOUR_S3_BUCKET_ARN>[/prefix]"
-  }
-```
-
-You can also customize the Helm chart that deploys `velero` via the following configuration:
-
-```hcl
-enable_velero           = true
-
-velero = {
-  name          = "velero"
-  description   = "A Helm chart for velero"
-  chart_version = "3.1.6"
-  repository    = "https://vmware-tanzu.github.io/helm-charts/"
-  namespace     = "velero"
-  values        = [templatefile("${path.module}/values.yaml", {})]
-}
-```
-
-To see a working example, see the [`stateful`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/stateful) example blueprint.
-
-## Validate
-
-
-1. Run `update-kubeconfig` command:
-
-```bash
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
-```
-
-2. Test by listing velero resources provisioned:
-
-```bash
-kubectl get all -n velero
-
-# Output should look similar to below
-NAME                         READY   STATUS    RESTARTS   AGE
-pod/velero-7b8994d56-z89sl   1/1     Running   0          25h
-
-NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
-service/velero   ClusterIP   172.20.20.118   <none>        8085/TCP   25h
-
-NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/velero   1/1     1            1           25h
-
-NAME                               DESIRED   CURRENT   READY   AGE
-replicaset.apps/velero-7b8994d56   1         1         1       25h
-```
-
-3. Get backup location using velero [CLI](https://velero.io/docs/v1.8/basic-install/#install-the-cli)
-
-```bash
-velero backup-location get
-
-# Output should look similar to below
-NAME      PROVIDER   BUCKET/PREFIX                                 PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
-default   aws        stateful-20230503175301619800000005/backups   Available   2023-05-04 15:15:00 -0400 EDT   ReadWrite     true
-```
-
-4. To demonstrate creating a backup and restoring, create a new namespace and run nginx using below commands:
-
-```bash
-kubectl create namespace backupdemo
-kubectl run nginx --image=nginx -n backupdemo
-```
-
-5. Create backup of this namespace using velero
-
-```bash
-velero backup create backup1 --include-namespaces backupdemo
-
-# Output should look similar to below
-Backup request "backup1" submitted successfully.
-Run `velero backup describe backup1` or `velero backup logs backup1` for more details.
-```
-
-6. Describe the backup to check the backup status
-
-```bash
-velero backup describe backup1
-
-# Output should look similar to below
-Name:         backup1
-Namespace:    velero
-Labels:       velero.io/storage-location=default
-Annotations:  velero.io/source-cluster-k8s-gitversion=v1.26.2-eks-a59e1f0
-              velero.io/source-cluster-k8s-major-version=1
-              velero.io/source-cluster-k8s-minor-version=26+
-
-Phase:  Completed
-
-
-Namespaces:
-  Included:  backupdemo
-  Excluded:  <none>
-
-Resources:
-  Included:        *
-  Excluded:        <none>
-  Cluster-scoped:  auto
-
-Label selector:  <none>
-
-Storage Location:  default
-
-Velero-Native Snapshot PVs:  auto
-
-TTL:  720h0m0s
-
-CSISnapshotTimeout:    10m0s
-ItemOperationTimeout:  0s
-
-Hooks:  <none>
-
-Backup Format Version:  1.1.0
-
-Started:    2023-05-04 15:16:31 -0400 EDT
-Completed:  2023-05-04 15:16:33 -0400 EDT
-
-Expiration:  2023-06-03 15:16:31 -0400 EDT
-
-Total items to be backed up:  9
-Items backed up:              9
-
-Velero-Native Snapshots: <none included>
-```
-
-7. Delete the namespace - this will be restored using the backup created
-
-```bash
-kubectl delete namespace backupdemo
-```
-
-8. Restore the namespace from your backup
-
-```bash
-velero restore create --from-backup backup1
-```
-
-9. Verify that the namespace is restored
-
-```bash
-kubectl get all -n backupdemo
-
-# Output should look similar to below
-NAME        READY   STATUS    RESTARTS   AGE
-pod/nginx   1/1     Running   0          21s
-```
diff --git a/examples/do-not-use/docs/vpa.md b/examples/do-not-use/docs/vpa.md
deleted file mode 100644
index 751ccb37a4..0000000000
--- a/examples/do-not-use/docs/vpa.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# Vertical Pod Autoscaler
-[VPA](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help "right size" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.
-
-NOTE: Metrics Server add-on is a dependency for this addon
-
-## Usage
-
-This step deploys the Vertical Pod Autoscaler with default Helm Chart config
-
-```hcl
-  enable_vpa            = true
-  enable_metrics_server = true
-```
-
-You can also customize the Helm chart that deploys `vpa` via the following configuration:
-
-```hcl
-  enable_vpa = true
-  enable_metrics_server = true
-
-  vpa = {
-    name          = "vpa"
-    chart_version = "1.7.5"
-    repository    = "https://charts.fairwinds.com/stable"
-    namespace     = "vpa"
-    values        = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
diff --git a/examples/do-not-use/main.tf b/examples/do-not-use/main.tf
deleted file mode 100644
index 83c95cdbca..0000000000
--- a/examples/do-not-use/main.tf
+++ /dev/null
@@ -1,3066 +0,0 @@
-data "aws_partition" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
-# This resource is used to provide a means of mapping an implicit dependency
-# between the cluster and the addons.
-resource "time_sleep" "this" {
-  create_duration = var.create_delay_duration
-
-  triggers = {
-    cluster_endpoint  = var.cluster_endpoint
-    cluster_name      = var.cluster_name
-    custom            = join(",", var.create_delay_dependencies)
-    oidc_provider_arn = var.oidc_provider_arn
-  }
-}
-
-locals {
-  account_id = data.aws_caller_identity.current.account_id
-  dns_suffix = data.aws_partition.current.dns_suffix
-  partition  = data.aws_partition.current.partition
-  region     = data.aws_region.current.name
-
-  # Threads the sleep resource into the module to make the dependency
-  cluster_endpoint  = time_sleep.this.triggers["cluster_endpoint"]
-  cluster_name      = time_sleep.this.triggers["cluster_name"]
-  oidc_provider_arn = time_sleep.this.triggers["oidc_provider_arn"]
-
-  iam_role_policy_prefix = "arn:${local.partition}:iam::aws:policy"
-
-  # Used by Karpenter & AWS Node Termination Handler
-  ec2_events = {
-    health_event = {
-      name        = "HealthEvent"
-      description = "AWS health event"
-      event_pattern = {
-        source      = ["aws.health"]
-        detail-type = ["AWS Health Event"]
-      }
-    }
-    spot_interupt = {
-      name        = "SpotInterrupt"
-      description = "EC2 spot instance interruption warning"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Spot Instance Interruption Warning"]
-      }
-    }
-    instance_rebalance = {
-      name        = "InstanceRebalance"
-      description = "EC2 instance rebalance recommendation"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Instance Rebalance Recommendation"]
-      }
-    }
-    instance_state_change = {
-      name        = "InstanceStateChange"
-      description = "EC2 instance state-change notification"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Instance State-change Notification"]
-      }
-    }
-  }
-}
-
-################################################################################
-# Argo Rollouts
-################################################################################
-
-module "argo_rollouts" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_argo_rollouts
-
-  # https://github.com/argoproj/argo-helm/tree/main/charts/argo-rollouts
-  name             = try(var.argo_rollouts.name, "argo-rollouts")
-  description      = try(var.argo_rollouts.description, "A Helm chart for Argo Rollouts")
-  namespace        = try(var.argo_rollouts.namespace, "argo-rollouts")
-  create_namespace = try(var.argo_rollouts.create_namespace, true)
-  chart            = "argo-rollouts"
-  chart_version    = try(var.argo_rollouts.chart_version, "2.22.3")
-  repository       = try(var.argo_rollouts.repository, "https://argoproj.github.io/argo-helm")
-  values           = try(var.argo_rollouts.values, [])
-
-  timeout                    = try(var.argo_rollouts.timeout, null)
-  repository_key_file        = try(var.argo_rollouts.repository_key_file, null)
-  repository_cert_file       = try(var.argo_rollouts.repository_cert_file, null)
-  repository_ca_file         = try(var.argo_rollouts.repository_ca_file, null)
-  repository_username        = try(var.argo_rollouts.repository_username, null)
-  repository_password        = try(var.argo_rollouts.repository_password, null)
-  devel                      = try(var.argo_rollouts.devel, null)
-  verify                     = try(var.argo_rollouts.verify, null)
-  keyring                    = try(var.argo_rollouts.keyring, null)
-  disable_webhooks           = try(var.argo_rollouts.disable_webhooks, null)
-  reuse_values               = try(var.argo_rollouts.reuse_values, null)
-  reset_values               = try(var.argo_rollouts.reset_values, null)
-  force_update               = try(var.argo_rollouts.force_update, null)
-  recreate_pods              = try(var.argo_rollouts.recreate_pods, null)
-  cleanup_on_fail            = try(var.argo_rollouts.cleanup_on_fail, null)
-  max_history                = try(var.argo_rollouts.max_history, null)
-  atomic                     = try(var.argo_rollouts.atomic, null)
-  skip_crds                  = try(var.argo_rollouts.skip_crds, null)
-  render_subchart_notes      = try(var.argo_rollouts.render_subchart_notes, null)
-  disable_openapi_validation = try(var.argo_rollouts.disable_openapi_validation, null)
-  wait                       = try(var.argo_rollouts.wait, null)
-  wait_for_jobs              = try(var.argo_rollouts.wait_for_jobs, null)
-  dependency_update          = try(var.argo_rollouts.dependency_update, null)
-  replace                    = try(var.argo_rollouts.replace, null)
-  lint                       = try(var.argo_rollouts.lint, null)
-
-  postrender    = try(var.argo_rollouts.postrender, [])
-  set           = try(var.argo_rollouts.set, [])
-  set_sensitive = try(var.argo_rollouts.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Argo Workflows
-################################################################################
-
-module "argo_workflows" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_argo_workflows
-
-  # https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
-  name             = try(var.argo_workflows.name, "argo-workflows")
-  description      = try(var.argo_workflows.description, "A Helm chart for Argo Workflows")
-  namespace        = try(var.argo_workflows.namespace, "argo-workflows")
-  create_namespace = try(var.argo_workflows.create_namespace, true)
-  chart            = "argo-workflows"
-  chart_version    = try(var.argo_workflows.chart_version, "2.22.13")
-  repository       = try(var.argo_workflows.repository, "https://argoproj.github.io/argo-helm")
-  values           = try(var.argo_workflows.values, [])
-
-  timeout                    = try(var.argo_workflows.timeout, null)
-  repository_key_file        = try(var.argo_workflows.repository_key_file, null)
-  repository_cert_file       = try(var.argo_workflows.repository_cert_file, null)
-  repository_ca_file         = try(var.argo_workflows.repository_ca_file, null)
-  repository_username        = try(var.argo_workflows.repository_username, null)
-  repository_password        = try(var.argo_workflows.repository_password, null)
-  devel                      = try(var.argo_workflows.devel, null)
-  verify                     = try(var.argo_workflows.verify, null)
-  keyring                    = try(var.argo_workflows.keyring, null)
-  disable_webhooks           = try(var.argo_workflows.disable_webhooks, null)
-  reuse_values               = try(var.argo_workflows.reuse_values, null)
-  reset_values               = try(var.argo_workflows.reset_values, null)
-  force_update               = try(var.argo_workflows.force_update, null)
-  recreate_pods              = try(var.argo_workflows.recreate_pods, null)
-  cleanup_on_fail            = try(var.argo_workflows.cleanup_on_fail, null)
-  max_history                = try(var.argo_workflows.max_history, null)
-  atomic                     = try(var.argo_workflows.atomic, null)
-  skip_crds                  = try(var.argo_workflows.skip_crds, null)
-  render_subchart_notes      = try(var.argo_workflows.render_subchart_notes, null)
-  disable_openapi_validation = try(var.argo_workflows.disable_openapi_validation, null)
-  wait                       = try(var.argo_workflows.wait, null)
-  wait_for_jobs              = try(var.argo_workflows.wait_for_jobs, null)
-  dependency_update          = try(var.argo_workflows.dependency_update, null)
-  replace                    = try(var.argo_workflows.replace, null)
-  lint                       = try(var.argo_workflows.lint, null)
-
-  postrender    = try(var.argo_workflows.postrender, [])
-  set           = try(var.argo_workflows.set, [])
-  set_sensitive = try(var.argo_workflows.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# ArgoCD
-################################################################################
-
-module "argocd" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_argocd
-
-  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
-  # (there is no offical helm chart for argocd)
-  name             = try(var.argocd.name, "argo-cd")
-  description      = try(var.argocd.description, "A Helm chart to install the ArgoCD")
-  namespace        = try(var.argocd.namespace, "argocd")
-  create_namespace = try(var.argocd.create_namespace, true)
-  chart            = "argo-cd"
-  chart_version    = try(var.argocd.chart_version, "5.29.1")
-  repository       = try(var.argocd.repository, "https://argoproj.github.io/argo-helm")
-  values           = try(var.argocd.values, [])
-
-  timeout                    = try(var.argocd.timeout, null)
-  repository_key_file        = try(var.argocd.repository_key_file, null)
-  repository_cert_file       = try(var.argocd.repository_cert_file, null)
-  repository_ca_file         = try(var.argocd.repository_ca_file, null)
-  repository_username        = try(var.argocd.repository_username, null)
-  repository_password        = try(var.argocd.repository_password, null)
-  devel                      = try(var.argocd.devel, null)
-  verify                     = try(var.argocd.verify, null)
-  keyring                    = try(var.argocd.keyring, null)
-  disable_webhooks           = try(var.argocd.disable_webhooks, null)
-  reuse_values               = try(var.argocd.reuse_values, null)
-  reset_values               = try(var.argocd.reset_values, null)
-  force_update               = try(var.argocd.force_update, null)
-  recreate_pods              = try(var.argocd.recreate_pods, null)
-  cleanup_on_fail            = try(var.argocd.cleanup_on_fail, null)
-  max_history                = try(var.argocd.max_history, null)
-  atomic                     = try(var.argocd.atomic, null)
-  skip_crds                  = try(var.argocd.skip_crds, null)
-  render_subchart_notes      = try(var.argocd.render_subchart_notes, null)
-  disable_openapi_validation = try(var.argocd.disable_openapi_validation, null)
-  wait                       = try(var.argocd.wait, null)
-  wait_for_jobs              = try(var.argocd.wait_for_jobs, null)
-  dependency_update          = try(var.argocd.dependency_update, null)
-  replace                    = try(var.argocd.replace, null)
-  lint                       = try(var.argocd.lint, null)
-
-  postrender    = try(var.argocd.postrender, [])
-  set           = try(var.argocd.set, [])
-  set_sensitive = try(var.argocd.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS Cloudwatch Metrics
-################################################################################
-
-locals {
-  aws_cloudwatch_metrics_service_account = try(var.aws_cloudwatch_metrics.service_account_name, "aws-cloudwatch-metrics")
-}
-
-module "aws_cloudwatch_metrics" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_cloudwatch_metrics
-
-  # https://github.com/aws/eks-charts/tree/master/stable/aws-cloudwatch-metrics
-  name             = try(var.aws_cloudwatch_metrics.name, "aws-cloudwatch-metrics")
-  description      = try(var.aws_cloudwatch_metrics.description, "A Helm chart to deploy aws-cloudwatch-metrics project")
-  namespace        = try(var.aws_cloudwatch_metrics.namespace, "amazon-cloudwatch")
-  create_namespace = try(var.aws_cloudwatch_metrics.create_namespace, true)
-  chart            = "aws-cloudwatch-metrics"
-  chart_version    = try(var.aws_cloudwatch_metrics.chart_version, "0.0.9")
-  repository       = try(var.aws_cloudwatch_metrics.repository, "https://aws.github.io/eks-charts")
-  values           = try(var.aws_cloudwatch_metrics.values, [])
-
-  timeout                    = try(var.aws_cloudwatch_metrics.timeout, null)
-  repository_key_file        = try(var.aws_cloudwatch_metrics.repository_key_file, null)
-  repository_cert_file       = try(var.aws_cloudwatch_metrics.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_cloudwatch_metrics.repository_ca_file, null)
-  repository_username        = try(var.aws_cloudwatch_metrics.repository_username, null)
-  repository_password        = try(var.aws_cloudwatch_metrics.repository_password, null)
-  devel                      = try(var.aws_cloudwatch_metrics.devel, null)
-  verify                     = try(var.aws_cloudwatch_metrics.verify, null)
-  keyring                    = try(var.aws_cloudwatch_metrics.keyring, null)
-  disable_webhooks           = try(var.aws_cloudwatch_metrics.disable_webhooks, null)
-  reuse_values               = try(var.aws_cloudwatch_metrics.reuse_values, null)
-  reset_values               = try(var.aws_cloudwatch_metrics.reset_values, null)
-  force_update               = try(var.aws_cloudwatch_metrics.force_update, null)
-  recreate_pods              = try(var.aws_cloudwatch_metrics.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_cloudwatch_metrics.cleanup_on_fail, null)
-  max_history                = try(var.aws_cloudwatch_metrics.max_history, null)
-  atomic                     = try(var.aws_cloudwatch_metrics.atomic, null)
-  skip_crds                  = try(var.aws_cloudwatch_metrics.skip_crds, null)
-  render_subchart_notes      = try(var.aws_cloudwatch_metrics.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_cloudwatch_metrics.disable_openapi_validation, null)
-  wait                       = try(var.aws_cloudwatch_metrics.wait, null)
-  wait_for_jobs              = try(var.aws_cloudwatch_metrics.wait_for_jobs, null)
-  dependency_update          = try(var.aws_cloudwatch_metrics.dependency_update, null)
-  replace                    = try(var.aws_cloudwatch_metrics.replace, null)
-  lint                       = try(var.aws_cloudwatch_metrics.lint, null)
-
-  postrender = try(var.aws_cloudwatch_metrics.postrender, [])
-  set = concat(
-    [
-      {
-        name  = "clusterName"
-        value = local.cluster_name
-      },
-      {
-        name  = "serviceAccount.name"
-        value = local.aws_cloudwatch_metrics_service_account
-      }
-    ],
-    try(var.aws_cloudwatch_metrics.set, [])
-  )
-  set_sensitive = try(var.aws_cloudwatch_metrics.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.aws_cloudwatch_metrics.create_role, true)
-  role_name                     = try(var.aws_cloudwatch_metrics.role_name, "aws-cloudwatch-metrics")
-  role_name_use_prefix          = try(var.aws_cloudwatch_metrics.role_name_use_prefix, true)
-  role_path                     = try(var.aws_cloudwatch_metrics.role_path, "/")
-  role_permissions_boundary_arn = try(var.aws_cloudwatch_metrics.role_permissions_boundary_arn, null)
-  role_description              = try(var.aws_cloudwatch_metrics.role_description, "IRSA for aws-cloudwatch-metrics project")
-  role_policies = lookup(var.aws_cloudwatch_metrics, "role_policies",
-    { CloudWatchAgentServerPolicy = "arn:${local.partition}:iam::aws:policy/CloudWatchAgentServerPolicy" }
-  )
-  create_policy = try(var.aws_cloudwatch_metrics.create_policy, false)
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_cloudwatch_metrics_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS EFS CSI DRIVER
-################################################################################
-
-locals {
-  aws_efs_csi_driver_controller_service_account = try(var.aws_efs_csi_driver.controller_service_account_name, "efs-csi-controller-sa")
-  aws_efs_csi_driver_node_service_account       = try(var.aws_efs_csi_driver.node_service_account_name, "efs-csi-node-sa")
-  efs_arns = lookup(var.aws_efs_csi_driver, "efs_arns",
-    ["arn:${local.partition}:elasticfilesystem:${local.region}:${local.account_id}:file-system/*"],
-  )
-  efs_access_point_arns = lookup(var.aws_efs_csi_driver, "efs_access_point_arns",
-    ["arn:${local.partition}:elasticfilesystem:${local.region}:${local.account_id}:access-point/*"]
-  )
-}
-
-data "aws_iam_policy_document" "aws_efs_csi_driver" {
-  count = var.enable_aws_efs_csi_driver ? 1 : 0
-
-  statement {
-    sid       = "AllowDescribeAvailabilityZones"
-    actions   = ["ec2:DescribeAvailabilityZones"]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "AllowDescribeFileSystems"
-    actions = [
-      "elasticfilesystem:DescribeAccessPoints",
-      "elasticfilesystem:DescribeFileSystems",
-      "elasticfilesystem:DescribeMountTargets"
-    ]
-    resources = flatten([
-      local.efs_arns,
-      local.efs_access_point_arns,
-    ])
-  }
-
-  statement {
-    sid       = "AllowCreateAccessPoint"
-    actions   = ["elasticfilesystem:CreateAccessPoint"]
-    resources = local.efs_arns
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = "AllowDeleteAccessPoint"
-    actions   = ["elasticfilesystem:DeleteAccessPoint"]
-    resources = local.efs_access_point_arns
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:ResourceTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid = "ClientReadWrite"
-    actions = [
-      "elasticfilesystem:ClientRootAccess",
-      "elasticfilesystem:ClientWrite",
-      "elasticfilesystem:ClientMount",
-    ]
-    resources = local.efs_arns
-
-    condition {
-      test     = "Bool"
-      variable = "elasticfilesystem:AccessedViaMountTarget"
-      values   = ["true"]
-    }
-  }
-}
-
-module "aws_efs_csi_driver" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_efs_csi_driver
-
-  # https://github.com/kubernetes-sigs/aws-efs-csi-driver/tree/master/charts/aws-efs-csi-driver
-  name             = try(var.aws_efs_csi_driver.name, "aws-efs-csi-driver")
-  description      = try(var.aws_efs_csi_driver.description, "A Helm chart to deploy aws-efs-csi-driver")
-  namespace        = try(var.aws_efs_csi_driver.namespace, "kube-system")
-  create_namespace = try(var.aws_efs_csi_driver.create_namespace, false)
-  chart            = "aws-efs-csi-driver"
-  chart_version    = try(var.aws_efs_csi_driver.chart_version, "2.4.1")
-  repository       = try(var.aws_efs_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-efs-csi-driver/")
-  values           = try(var.aws_efs_csi_driver.values, [])
-
-  timeout                    = try(var.aws_efs_csi_driver.timeout, null)
-  repository_key_file        = try(var.aws_efs_csi_driver.repository_key_file, null)
-  repository_cert_file       = try(var.aws_efs_csi_driver.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_efs_csi_driver.repository_ca_file, null)
-  repository_username        = try(var.aws_efs_csi_driver.repository_username, null)
-  repository_password        = try(var.aws_efs_csi_driver.repository_password, null)
-  devel                      = try(var.aws_efs_csi_driver.devel, null)
-  verify                     = try(var.aws_efs_csi_driver.verify, null)
-  keyring                    = try(var.aws_efs_csi_driver.keyring, null)
-  disable_webhooks           = try(var.aws_efs_csi_driver.disable_webhooks, null)
-  reuse_values               = try(var.aws_efs_csi_driver.reuse_values, null)
-  reset_values               = try(var.aws_efs_csi_driver.reset_values, null)
-  force_update               = try(var.aws_efs_csi_driver.force_update, null)
-  recreate_pods              = try(var.aws_efs_csi_driver.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_efs_csi_driver.cleanup_on_fail, null)
-  max_history                = try(var.aws_efs_csi_driver.max_history, null)
-  atomic                     = try(var.aws_efs_csi_driver.atomic, null)
-  skip_crds                  = try(var.aws_efs_csi_driver.skip_crds, null)
-  render_subchart_notes      = try(var.aws_efs_csi_driver.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_efs_csi_driver.disable_openapi_validation, null)
-  wait                       = try(var.aws_efs_csi_driver.wait, null)
-  wait_for_jobs              = try(var.aws_efs_csi_driver.wait_for_jobs, null)
-  dependency_update          = try(var.aws_efs_csi_driver.dependency_update, null)
-  replace                    = try(var.aws_efs_csi_driver.replace, null)
-  lint                       = try(var.aws_efs_csi_driver.lint, null)
-
-  postrender = try(var.aws_efs_csi_driver.postrender, [])
-  set = concat([
-    {
-      name  = "controller.serviceAccount.name"
-      value = local.aws_efs_csi_driver_controller_service_account
-    },
-    {
-      name  = "node.serviceAccount.name"
-      value = local.aws_efs_csi_driver_node_service_account
-    }],
-    try(var.aws_efs_csi_driver.set, [])
-  )
-  set_sensitive = try(var.aws_efs_csi_driver.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names = [
-    "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
-    "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
-  ]
-  create_role                   = try(var.aws_efs_csi_driver.create_role, true)
-  role_name                     = try(var.aws_efs_csi_driver.role_name, "aws-efs-csi-driver")
-  role_name_use_prefix          = try(var.aws_efs_csi_driver.role_name_use_prefix, true)
-  role_path                     = try(var.aws_efs_csi_driver.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_efs_csi_driver, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_efs_csi_driver.role_description, "IRSA for aws-efs-csi-driver project")
-  role_policies                 = lookup(var.aws_efs_csi_driver, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_efs_csi_driver[*].json,
-    lookup(var.aws_efs_csi_driver, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_efs_csi_driver, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_efs_csi_driver, "policy_statements", [])
-  policy_name               = try(var.aws_efs_csi_driver.policy_name, null)
-  policy_name_use_prefix    = try(var.aws_efs_csi_driver.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_efs_csi_driver.policy_path, null)
-  policy_description        = try(var.aws_efs_csi_driver.policy_description, "IAM Policy for AWS EFS CSI Driver")
-
-  oidc_providers = {
-    controller = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_efs_csi_driver_controller_service_account
-    }
-    node = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_efs_csi_driver_node_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS for Fluent-bit
-################################################################################
-
-locals {
-  aws_for_fluentbit_service_account   = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
-  aws_for_fluentbit_cw_log_group_name = try(var.aws_for_fluentbit_cw_log_group.create, true) ? try(var.aws_for_fluentbit_cw_log_group.name, "/${var.cluster_name}/aws-fluentbit-logs") : null
-}
-
-resource "aws_cloudwatch_log_group" "aws_for_fluentbit" {
-  count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
-
-  name              = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? null : local.aws_for_fluentbit_cw_log_group_name
-  name_prefix       = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? try(var.aws_for_fluentbit_cw_log_group.name_prefix, "${local.aws_for_fluentbit_cw_log_group_name}-") : null
-  retention_in_days = try(var.aws_for_fluentbit_cw_log_group.retention, 90)
-  kms_key_id        = try(var.aws_for_fluentbit_cw_log_group.kms_key_arn, null)
-  skip_destroy      = try(var.aws_for_fluentbit_cw_log_group.skip_destroy, false)
-  tags              = merge(var.tags, try(var.aws_for_fluentbit_cw_log_group.tags, {}))
-}
-
-data "aws_iam_policy_document" "aws_for_fluentbit" {
-  count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0
-
-  statement {
-    sid    = "PutLogEvents"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*",
-    ]
-
-    actions = [
-      "logs:PutLogEvents"
-    ]
-  }
-
-  statement {
-    sid    = "CreateCWLogs"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}",
-    ]
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-      "logs:PutRetentionPolicy",
-    ]
-  }
-}
-
-module "aws_for_fluentbit" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_for_fluentbit
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
-  name             = try(var.aws_for_fluentbit.name, "aws-for-fluent-bit")
-  description      = try(var.aws_for_fluentbit.description, "A Helm chart to install the Fluent-bit Driver")
-  namespace        = try(var.aws_for_fluentbit.namespace, "kube-system")
-  create_namespace = try(var.aws_for_fluentbit.create_namespace, false)
-  chart            = "aws-for-fluent-bit"
-  chart_version    = try(var.aws_for_fluentbit.chart_version, "0.1.24")
-  repository       = try(var.aws_for_fluentbit.repository, "https://aws.github.io/eks-charts")
-  values           = try(var.aws_for_fluentbit.values, [])
-
-  timeout                    = try(var.aws_for_fluentbit.timeout, null)
-  repository_key_file        = try(var.aws_for_fluentbit.repository_key_file, null)
-  repository_cert_file       = try(var.aws_for_fluentbit.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_for_fluentbit.repository_ca_file, null)
-  repository_username        = try(var.aws_for_fluentbit.repository_username, null)
-  repository_password        = try(var.aws_for_fluentbit.repository_password, null)
-  devel                      = try(var.aws_for_fluentbit.devel, null)
-  verify                     = try(var.aws_for_fluentbit.verify, null)
-  keyring                    = try(var.aws_for_fluentbit.keyring, null)
-  disable_webhooks           = try(var.aws_for_fluentbit.disable_webhooks, null)
-  reuse_values               = try(var.aws_for_fluentbit.reuse_values, null)
-  reset_values               = try(var.aws_for_fluentbit.reset_values, null)
-  force_update               = try(var.aws_for_fluentbit.force_update, null)
-  recreate_pods              = try(var.aws_for_fluentbit.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_for_fluentbit.cleanup_on_fail, null)
-  max_history                = try(var.aws_for_fluentbit.max_history, null)
-  atomic                     = try(var.aws_for_fluentbit.atomic, null)
-  skip_crds                  = try(var.aws_for_fluentbit.skip_crds, null)
-  render_subchart_notes      = try(var.aws_for_fluentbit.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_for_fluentbit.disable_openapi_validation, null)
-  wait                       = try(var.aws_for_fluentbit.wait, null)
-  wait_for_jobs              = try(var.aws_for_fluentbit.wait_for_jobs, null)
-  dependency_update          = try(var.aws_for_fluentbit.dependency_update, null)
-  replace                    = try(var.aws_for_fluentbit.replace, null)
-  lint                       = try(var.aws_for_fluentbit.lint, null)
-
-  postrender = try(var.aws_for_fluentbit.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.aws_for_fluentbit_service_account
-    }],
-    try(var.aws_for_fluentbit.set, [])
-  )
-  set_sensitive = try(var.aws_for_fluentbit.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names = [
-    "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
-  ]
-  create_role                   = try(var.aws_for_fluentbit.create_role, true)
-  role_name                     = try(var.aws_for_fluentbit.role_name, "aws-for-fluent-bit")
-  role_name_use_prefix          = try(var.aws_for_fluentbit.role_name_use_prefix, true)
-  role_path                     = try(var.aws_for_fluentbit.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_for_fluentbit, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_for_fluentbit.role_description, "IRSA for aws-for-fluent-bit")
-  role_policies                 = lookup(var.aws_for_fluentbit, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_for_fluentbit[*].json,
-    lookup(var.aws_for_fluentbit, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_for_fluentbit, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_for_fluentbit, "policy_statements", [])
-  policy_name               = try(var.aws_for_fluentbit.policy_name, "aws-for-fluent-bit")
-  policy_name_use_prefix    = try(var.aws_for_fluentbit.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_for_fluentbit.policy_path, null)
-  policy_description        = try(var.aws_for_fluentbit.policy_description, "IAM Policy for AWS Fluentbit")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_for_fluentbit_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS FSX CSI DRIVER
-################################################################################
-
-locals {
-  aws_fsx_csi_driver_controller_service_account = try(var.aws_fsx_csi_driver.controller_service_account_name, "aws-fsx-csi-controller-sa")
-  aws_fsx_csi_driver_node_service_account       = try(var.aws_fsx_csi_driver.node_service_account_name, "aws-fsx-csi-node-sa")
-}
-
-data "aws_iam_policy_document" "aws_fsx_csi_driver" {
-  statement {
-    sid       = "AllowCreateServiceLinkedRoles"
-    resources = ["arn:${local.partition}:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.${local.dns_suffix}/*"]
-
-    actions = [
-      "iam:CreateServiceLinkedRole",
-      "iam:AttachRolePolicy",
-      "iam:PutRolePolicy",
-    ]
-  }
-
-  statement {
-    sid       = "AllowCreateServiceLinkedRole"
-    resources = ["arn:${local.partition}:iam::${local.account_id}:role/*"]
-    actions   = ["iam:CreateServiceLinkedRole"]
-
-    condition {
-      test     = "StringLike"
-      variable = "iam:AWSServiceName"
-      values   = ["fsx.${local.dns_suffix}"]
-    }
-  }
-
-  statement {
-    sid       = "AllowListBuckets"
-    resources = ["arn:${local.partition}:s3:::*"]
-    actions = [
-      "s3:ListBucket"
-    ]
-  }
-
-  statement {
-    resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:file-system/*"]
-    actions = [
-      "fsx:CreateFileSystem",
-      "fsx:DeleteFileSystem",
-      "fsx:UpdateFileSystem",
-    ]
-  }
-
-  statement {
-    resources = ["arn:${local.partition}:fsx:${local.region}:${local.account_id}:*"]
-    actions = [
-      "fsx:DescribeFileSystems",
-      "fsx:TagResource"
-    ]
-  }
-}
-
-module "aws_fsx_csi_driver" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_fsx_csi_driver
-
-  # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/tree/master/charts/aws-fsx-csi-driver
-  name             = try(var.aws_fsx_csi_driver.name, "aws-fsx-csi-driver")
-  description      = try(var.aws_fsx_csi_driver.description, "A Helm chart for AWS FSx for Lustre CSI Driver")
-  namespace        = try(var.aws_fsx_csi_driver.namespace, "kube-system")
-  create_namespace = try(var.aws_fsx_csi_driver.create_namespace, false)
-  chart            = "aws-fsx-csi-driver"
-  chart_version    = try(var.aws_fsx_csi_driver.chart_version, "1.5.1")
-  repository       = try(var.aws_fsx_csi_driver.repository, "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/")
-  values           = try(var.aws_fsx_csi_driver.values, [])
-
-  timeout                    = try(var.aws_fsx_csi_driver.timeout, null)
-  repository_key_file        = try(var.aws_fsx_csi_driver.repository_key_file, null)
-  repository_cert_file       = try(var.aws_fsx_csi_driver.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_fsx_csi_driver.repository_ca_file, null)
-  repository_username        = try(var.aws_fsx_csi_driver.repository_username, null)
-  repository_password        = try(var.aws_fsx_csi_driver.repository_password, null)
-  devel                      = try(var.aws_fsx_csi_driver.devel, null)
-  verify                     = try(var.aws_fsx_csi_driver.verify, null)
-  keyring                    = try(var.aws_fsx_csi_driver.keyring, null)
-  disable_webhooks           = try(var.aws_fsx_csi_driver.disable_webhooks, null)
-  reuse_values               = try(var.aws_fsx_csi_driver.reuse_values, null)
-  reset_values               = try(var.aws_fsx_csi_driver.reset_values, null)
-  force_update               = try(var.aws_fsx_csi_driver.force_update, null)
-  recreate_pods              = try(var.aws_fsx_csi_driver.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_fsx_csi_driver.cleanup_on_fail, null)
-  max_history                = try(var.aws_fsx_csi_driver.max_history, null)
-  atomic                     = try(var.aws_fsx_csi_driver.atomic, null)
-  skip_crds                  = try(var.aws_fsx_csi_driver.skip_crds, null)
-  render_subchart_notes      = try(var.aws_fsx_csi_driver.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_fsx_csi_driver.disable_openapi_validation, null)
-  wait                       = try(var.aws_fsx_csi_driver.wait, null)
-  wait_for_jobs              = try(var.aws_fsx_csi_driver.wait_for_jobs, null)
-  dependency_update          = try(var.aws_fsx_csi_driver.dependency_update, null)
-  replace                    = try(var.aws_fsx_csi_driver.replace, null)
-  lint                       = try(var.aws_fsx_csi_driver.lint, null)
-
-  postrender = try(var.aws_fsx_csi_driver.postrender, [])
-  set = concat([
-    {
-      name  = "controller.serviceAccount.name"
-      value = local.aws_fsx_csi_driver_controller_service_account
-    },
-    {
-      name  = "node.serviceAccount.name"
-      value = local.aws_fsx_csi_driver_node_service_account
-    }],
-    try(var.aws_fsx_csi_driver.set, [])
-  )
-  set_sensitive = try(var.aws_fsx_csi_driver.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names = [
-    "controller.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn",
-    "node.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
-  ]
-  create_role                   = try(var.aws_fsx_csi_driver.create_role, true)
-  role_name                     = try(var.aws_fsx_csi_driver.role_name, "aws-fsx-csi-driver")
-  role_name_use_prefix          = try(var.aws_fsx_csi_driver.role_name_use_prefix, true)
-  role_path                     = try(var.aws_fsx_csi_driver.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_fsx_csi_driver, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_fsx_csi_driver.role_description, "IRSA for aws-fsx-csi-driver")
-  role_policies                 = lookup(var.aws_fsx_csi_driver, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_fsx_csi_driver[*].json,
-    lookup(var.aws_fsx_csi_driver, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_fsx_csi_driver, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_fsx_csi_driver, "policy_statements", [])
-  policy_name               = try(var.aws_fsx_csi_driver.policy_name, "aws-fsx-csi-driver")
-  policy_name_use_prefix    = try(var.aws_fsx_csi_driver.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_fsx_csi_driver.policy_path, null)
-  policy_description        = try(var.aws_fsx_csi_driver.policy_description, "IAM Policy for AWS FSX CSI Driver")
-
-  oidc_providers = {
-    controller = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_fsx_csi_driver_controller_service_account
-    }
-    node = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_fsx_csi_driver_node_service_account
-    }
-  }
-}
-
-################################################################################
-# AWS Load Balancer Controller
-################################################################################
-
-locals {
-  aws_load_balancer_controller_service_account = try(var.aws_load_balancer_controller.service_account_name, "aws-load-balancer-controller-sa")
-}
-
-data "aws_iam_policy_document" "aws_load_balancer_controller" {
-  statement {
-    sid       = "AllowCreateServiceLinkedRole"
-    effect    = "Allow"
-    resources = ["arn:${local.partition}:iam::${local.account_id}:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"]
-    actions   = ["iam:CreateServiceLinkedRole"]
-
-    condition {
-      test     = "StringEquals"
-      variable = "iam:AWSServiceName"
-      values   = ["elasticloadbalancing.${local.dns_suffix}"]
-    }
-  }
-
-  statement {
-    sid       = "AllowDescribeElbTags"
-    effect    = "Allow"
-    resources = ["*"] #tfsec:ignore:aws-iam-no-policy-wildcards
-
-    actions = ["elasticloadbalancing:DescribeTags"]
-  }
-
-  statement {
-    sid       = "AllowGetResources"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "elasticloadbalancing:DescribeListenerCertificates",
-      "elasticloadbalancing:DescribeListeners",
-      "elasticloadbalancing:DescribeLoadBalancerAttributes",
-      "elasticloadbalancing:DescribeLoadBalancers",
-      "elasticloadbalancing:DescribeRules",
-      "elasticloadbalancing:DescribeSSLPolicies",
-      "elasticloadbalancing:DescribeTargetGroupAttributes",
-      "elasticloadbalancing:DescribeTargetGroups",
-      "elasticloadbalancing:DescribeTargetHealth",
-      "ec2:DescribeAccountAttributes",
-      "ec2:DescribeAddresses",
-      "ec2:DescribeAvailabilityZones",
-      "ec2:DescribeCoipPools",
-      "ec2:DescribeInstances",
-      "ec2:DescribeInternetGateways",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DescribeSecurityGroups",
-      "ec2:DescribeSubnets",
-      "ec2:DescribeTags",
-      "ec2:DescribeVpcPeeringConnections",
-      "ec2:DescribeVpcs",
-      "ec2:GetCoipPoolUsage",
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageElbs"
-    effect = "Allow"
-
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/net/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:DeleteTargetGroup",
-      "elasticloadbalancing:RemoveTags",
-      "elasticloadbalancing:CreateLoadBalancer",
-      "elasticloadbalancing:CreateListener",
-      "elasticloadbalancing:DeleteLoadBalancer",
-      "elasticloadbalancing:ModifyLoadBalancerAttributes",
-      "elasticloadbalancing:SetIpAddressType",
-      "elasticloadbalancing:SetSecurityGroups",
-      "elasticloadbalancing:SetSubnets",
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageTargetGroup"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:CreateTargetGroup",
-      "elasticloadbalancing:DeleteTargetGroup",
-      "elasticloadbalancing:ModifyTargetGroup",
-      "elasticloadbalancing:ModifyTargetGroupAttributes",
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageListeners"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/app/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/net/*/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:CreateRule",
-      "elasticloadbalancing:DeleteListener",
-      "elasticloadbalancing:ModifyListener",
-      "elasticloadbalancing:AddListenerCertificates",
-      "elasticloadbalancing:RemoveListenerCertificates"
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageRules"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/app/*/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/net/*/*/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:DeleteRule",
-      "elasticloadbalancing:ModifyRule"
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageResourceTags"
-    effect = "Allow"
-
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/net/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/app/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener/net/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/app/*/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:listener-rule/net/*/*/*/*",
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:RemoveTags",
-    ]
-  }
-
-  statement {
-    sid       = "AllowManageTargets"
-    effect    = "Allow"
-    resources = ["arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:targetgroup/*/*"]
-
-    actions = [
-      "elasticloadbalancing:DeregisterTargets",
-      "elasticloadbalancing:RegisterTargets"
-    ]
-  }
-
-  statement {
-    sid    = "AllowGetCertificates"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:acm:${local.region}:${local.account_id}:*",
-      "arn:${local.partition}:acm:${local.region}:${local.account_id}:certificate/*"
-    ]
-
-    actions = [
-      "acm:DescribeCertificate",
-      "acm:ListCertificates"
-    ]
-  }
-
-  statement {
-    sid       = "AllowDescribeCognitoIdp"
-    effect    = "Allow"
-    resources = ["arn:${local.partition}:cognito-idp:${local.region}:${local.account_id}:userpool/*"]
-
-    actions = ["cognito-idp:DescribeUserPoolClient"]
-  }
-
-  statement {
-    sid    = "AllowGetServerCertificates"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:iam::${local.account_id}:*",
-      "arn:${local.partition}:iam::${local.account_id}:server-certificate/*"
-    ]
-
-    actions = [
-      "iam:GetServerCertificate",
-      "iam:ListServerCertificates",
-    ]
-  }
-
-  statement {
-    sid    = "AllowShield"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:shield::${local.account_id}:*",
-      "arn:${local.partition}:shield::${local.account_id}:protection/*"
-    ]
-
-    actions = [
-      "shield:CreateProtection",
-      "shield:DeleteProtection",
-      "shield:DescribeProtection",
-      "shield:GetSubscriptionState",
-    ]
-  }
-
-  statement {
-    sid    = "AllowManageWebAcl"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:elasticloadbalancing:${local.region}:${local.account_id}:loadbalancer/app/*/*",
-      "arn:${local.partition}:apigateway:${local.region}::/restapis/*/stages/*",
-      "arn:${local.partition}:appsync:${local.region}:${local.account_id}:apis/*",
-      "arn:${local.partition}:cognito-idp:${local.region}:${local.account_id}:userpool/*",
-      "arn:${local.partition}:wafv2:${local.region}:${local.account_id}:*",
-      "arn:${local.partition}:wafv2:${local.region}:${local.account_id}:*/webacl/*/*",
-      "arn:${local.partition}:waf-regional:${local.region}:${local.account_id}:*",
-      "arn:${local.partition}:waf-regional:${local.region}:${local.account_id}:webacl/*"
-    ]
-
-    actions = [
-      "elasticloadbalancing:SetWebAcl",
-      "waf-regional:AssociateWebACL",
-      "waf-regional:DisassociateWebACL",
-      "waf-regional:GetWebACL",
-      "waf-regional:GetWebACLForResource",
-      "wafv2:AssociateWebACL",
-      "wafv2:DisassociateWebACL",
-      "wafv2:GetWebACL",
-      "wafv2:GetWebACLForResource",
-    ]
-  }
-
-  statement {
-    sid       = "AllowManageSecurityGroups"
-    effect    = "Allow"
-    resources = ["arn:${local.partition}:ec2:${local.region}:${local.account_id}:security-group/*"]
-
-    actions = [
-      "ec2:AuthorizeSecurityGroupIngress",
-      "ec2:RevokeSecurityGroupIngress",
-      "ec2:DeleteSecurityGroup",
-      "ec2:CreateTags",
-      "ec2:DeleteTags",
-    ]
-  }
-
-  statement {
-    sid    = "AllowCreateSecurityGroups"
-    effect = "Allow"
-    resources = [
-      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:security-group/*",
-      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:vpc/*",
-    ]
-    actions = ["ec2:CreateSecurityGroup"]
-  }
-}
-
-module "aws_load_balancer_controller" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_load_balancer_controller
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
-  name        = try(var.aws_load_balancer_controller.name, "aws-load-balancer-controller")
-  description = try(var.aws_load_balancer_controller.description, "A Helm chart to deploy aws-load-balancer-controller for ingress resources")
-  namespace   = try(var.aws_load_balancer_controller.namespace, "kube-system")
-  # namespace creation is false here as kube-system already exists by default
-  create_namespace = try(var.aws_load_balancer_controller.create_namespace, false)
-  chart            = "aws-load-balancer-controller"
-  chart_version    = try(var.aws_load_balancer_controller.chart_version, "1.4.8")
-  repository       = try(var.aws_load_balancer_controller.repository, "https://aws.github.io/eks-charts")
-  values           = try(var.aws_load_balancer_controller.values, [])
-
-  timeout                    = try(var.aws_load_balancer_controller.timeout, null)
-  repository_key_file        = try(var.aws_load_balancer_controller.repository_key_file, null)
-  repository_cert_file       = try(var.aws_load_balancer_controller.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_load_balancer_controller.repository_ca_file, null)
-  repository_username        = try(var.aws_load_balancer_controller.repository_username, null)
-  repository_password        = try(var.aws_load_balancer_controller.repository_password, null)
-  devel                      = try(var.aws_load_balancer_controller.devel, null)
-  verify                     = try(var.aws_load_balancer_controller.verify, null)
-  keyring                    = try(var.aws_load_balancer_controller.keyring, null)
-  disable_webhooks           = try(var.aws_load_balancer_controller.disable_webhooks, null)
-  reuse_values               = try(var.aws_load_balancer_controller.reuse_values, null)
-  reset_values               = try(var.aws_load_balancer_controller.reset_values, null)
-  force_update               = try(var.aws_load_balancer_controller.force_update, null)
-  recreate_pods              = try(var.aws_load_balancer_controller.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_load_balancer_controller.cleanup_on_fail, null)
-  max_history                = try(var.aws_load_balancer_controller.max_history, null)
-  atomic                     = try(var.aws_load_balancer_controller.atomic, null)
-  skip_crds                  = try(var.aws_load_balancer_controller.skip_crds, null)
-  render_subchart_notes      = try(var.aws_load_balancer_controller.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_load_balancer_controller.disable_openapi_validation, null)
-  wait                       = try(var.aws_load_balancer_controller.wait, null)
-  wait_for_jobs              = try(var.aws_load_balancer_controller.wait_for_jobs, null)
-  dependency_update          = try(var.aws_load_balancer_controller.dependency_update, null)
-  replace                    = try(var.aws_load_balancer_controller.replace, null)
-  lint                       = try(var.aws_load_balancer_controller.lint, null)
-
-  postrender = try(var.aws_load_balancer_controller.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.aws_load_balancer_controller_service_account
-      }, {
-      name  = "clusterName"
-      value = local.cluster_name
-    }],
-    try(var.aws_load_balancer_controller.set, [])
-  )
-  set_sensitive = try(var.aws_load_balancer_controller.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  create_role                   = try(var.aws_load_balancer_controller.create_role, true)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  role_name                     = try(var.aws_load_balancer_controller.role_name, "alb-controller")
-  role_name_use_prefix          = try(var.aws_load_balancer_controller.role_name_use_prefix, true)
-  role_path                     = try(var.aws_load_balancer_controller.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_load_balancer_controller, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_load_balancer_controller.role_description, "IRSA for aws-load-balancer-controller project")
-  role_policies                 = lookup(var.aws_load_balancer_controller, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_load_balancer_controller[*].json,
-    lookup(var.aws_load_balancer_controller, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_load_balancer_controller, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_load_balancer_controller, "policy_statements", [])
-  policy_name               = try(var.aws_load_balancer_controller.policy_name, null)
-  policy_name_use_prefix    = try(var.aws_load_balancer_controller.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_load_balancer_controller.policy_path, null)
-  policy_description        = try(var.aws_load_balancer_controller.policy_description, "IAM Policy for AWS Load Balancer Controller")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_load_balancer_controller_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS Node Termination Handler
-################################################################################
-
-locals {
-  aws_node_termination_handler_service_account = try(var.aws_node_termination_handler.service_account_name, "aws-node-termination-handler-sa")
-  aws_node_termination_handler_events = merge(
-    {
-      autoscaling_terminate = {
-        name        = "ASGTerminiate"
-        description = "Auto scaling instance terminate event"
-        event_pattern = {
-          source      = ["aws.autoscaling"]
-          detail-type = ["EC2 Instance-terminate Lifecycle Action"]
-        }
-      }
-    },
-    local.ec2_events
-  )
-}
-
-module "aws_node_termination_handler_sqs" {
-  source  = "terraform-aws-modules/sqs/aws"
-  version = "4.0.1"
-
-  create = var.enable_aws_node_termination_handler
-
-  name = try(var.aws_node_termination_handler_sqs.queue_name, "aws-nth-${var.cluster_name}")
-
-  message_retention_seconds         = try(var.aws_node_termination_handler_sqs.message_retention_seconds, 300)
-  sqs_managed_sse_enabled           = try(var.aws_node_termination_handler_sqs.sse_enabled, true)
-  kms_master_key_id                 = try(var.aws_node_termination_handler_sqs.kms_master_key_id, null)
-  kms_data_key_reuse_period_seconds = try(var.aws_node_termination_handler_sqs.kms_data_key_reuse_period_seconds, null)
-
-  create_queue_policy = true
-  queue_policy_statements = {
-    account = {
-      sid     = "SendEventsToQueue"
-      actions = ["sqs:SendMessage"]
-      principals = [
-        {
-          type = "Service"
-          identifiers = [
-            "events.${local.dns_suffix}",
-            "sqs.${local.dns_suffix}",
-          ]
-        }
-      ]
-    }
-  }
-
-  tags = merge(var.tags, try(var.aws_node_termination_handler_sqs.tags, {}))
-}
-
-resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler" {
-  for_each = { for k, v in var.aws_node_termination_handler_asg_arns : k => v if var.enable_aws_node_termination_handler }
-
-  name                   = "aws_node_termination_handler"
-  autoscaling_group_name = replace(each.value, "/^.*:autoScalingGroupName//", "")
-  default_result         = "CONTINUE"
-  heartbeat_timeout      = 300
-  lifecycle_transition   = "autoscaling:EC2_INSTANCE_TERMINATING"
-}
-
-resource "aws_autoscaling_group_tag" "aws_node_termination_handler" {
-  for_each = { for k, v in var.aws_node_termination_handler_asg_arns : k => v if var.enable_aws_node_termination_handler }
-
-  autoscaling_group_name = replace(each.value, "/^.*:autoScalingGroupName//", "")
-
-  tag {
-    key                 = "aws-node-termination-handler/managed"
-    value               = "true"
-    propagate_at_launch = true
-  }
-}
-
-resource "aws_cloudwatch_event_rule" "aws_node_termination_handler" {
-  for_each = { for k, v in local.aws_node_termination_handler_events : k => v if var.enable_aws_node_termination_handler }
-
-  name_prefix   = "NTH-${each.value.name}-"
-  description   = each.value.description
-  event_pattern = jsonencode(each.value.event_pattern)
-
-  tags = merge(
-    { "ClusterName" : var.cluster_name },
-    var.tags,
-  )
-}
-
-resource "aws_cloudwatch_event_target" "aws_node_termination_handler" {
-  for_each = { for k, v in local.aws_node_termination_handler_events : k => v if var.enable_aws_node_termination_handler }
-
-  rule      = aws_cloudwatch_event_rule.aws_node_termination_handler[each.key].name
-  target_id = "AWSNodeTerminationHandlerQueueTarget"
-  arn       = module.aws_node_termination_handler_sqs.queue_arn
-}
-
-data "aws_iam_policy_document" "aws_node_termination_handler" {
-  count = var.enable_aws_node_termination_handler ? 1 : 0
-
-  statement {
-    actions = [
-      "autoscaling:DescribeAutoScalingInstances",
-      "autoscaling:DescribeTags",
-      "ec2:DescribeInstances",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    actions   = ["autoscaling:CompleteLifecycleAction"]
-    resources = var.aws_node_termination_handler_asg_arns
-  }
-
-  statement {
-    actions = [
-      "sqs:DeleteMessage",
-      "sqs:ReceiveMessage",
-    ]
-    resources = [module.aws_node_termination_handler_sqs.queue_arn]
-  }
-}
-
-module "aws_node_termination_handler" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_node_termination_handler
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml
-  name             = try(var.aws_node_termination_handler.name, "aws-node-termination-handler")
-  description      = try(var.aws_node_termination_handler.description, "A Helm chart to deploy AWS Node Termination Handler")
-  namespace        = try(var.aws_node_termination_handler.namespace, "aws-node-termination-handler")
-  create_namespace = try(var.aws_node_termination_handler.create_namespace, true)
-  chart            = "aws-node-termination-handler"
-  chart_version    = try(var.aws_node_termination_handler.chart_version, "0.21.0")
-  repository       = try(var.aws_node_termination_handler.repository, "https://aws.github.io/eks-charts")
-  values           = try(var.aws_node_termination_handler.values, [])
-
-  timeout                    = try(var.aws_node_termination_handler.timeout, null)
-  repository_key_file        = try(var.aws_node_termination_handler.repository_key_file, null)
-  repository_cert_file       = try(var.aws_node_termination_handler.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_node_termination_handler.repository_ca_file, null)
-  repository_username        = try(var.aws_node_termination_handler.repository_username, null)
-  repository_password        = try(var.aws_node_termination_handler.repository_password, null)
-  devel                      = try(var.aws_node_termination_handler.devel, null)
-  verify                     = try(var.aws_node_termination_handler.verify, null)
-  keyring                    = try(var.aws_node_termination_handler.keyring, null)
-  disable_webhooks           = try(var.aws_node_termination_handler.disable_webhooks, null)
-  reuse_values               = try(var.aws_node_termination_handler.reuse_values, null)
-  reset_values               = try(var.aws_node_termination_handler.reset_values, null)
-  force_update               = try(var.aws_node_termination_handler.force_update, null)
-  recreate_pods              = try(var.aws_node_termination_handler.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_node_termination_handler.cleanup_on_fail, null)
-  max_history                = try(var.aws_node_termination_handler.max_history, null)
-  atomic                     = try(var.aws_node_termination_handler.atomic, null)
-  skip_crds                  = try(var.aws_node_termination_handler.skip_crds, null)
-  render_subchart_notes      = try(var.aws_node_termination_handler.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_node_termination_handler.disable_openapi_validation, null)
-  wait                       = try(var.aws_node_termination_handler.wait, null)
-  wait_for_jobs              = try(var.aws_node_termination_handler.wait_for_jobs, null)
-  dependency_update          = try(var.aws_node_termination_handler.dependency_update, null)
-  replace                    = try(var.aws_node_termination_handler.replace, null)
-  lint                       = try(var.aws_node_termination_handler.lint, null)
-
-  postrender = try(var.aws_node_termination_handler.postrender, [])
-  set = concat(
-    [
-      {
-        name  = "serviceAccount.name"
-        value = local.aws_node_termination_handler_service_account
-      },
-      {
-        name  = "awsRegion"
-        value = local.region
-      },
-      { name  = "queueURL"
-        value = module.aws_node_termination_handler_sqs.queue_url
-      },
-      {
-        name  = "enableSqsTerminationDraining"
-        value = true
-      }
-    ],
-    try(var.aws_node_termination_handler.set, [])
-  )
-  set_sensitive = try(var.aws_node_termination_handler.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.aws_node_termination_handler.create_role, true)
-  role_name                     = try(var.aws_node_termination_handler.role_name, "aws-node-termination-handler")
-  role_name_use_prefix          = try(var.aws_node_termination_handler.role_name_use_prefix, true)
-  role_path                     = try(var.aws_node_termination_handler.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_node_termination_handler, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_node_termination_handler.role_description, "IRSA for AWS Node Termination Handler project")
-  role_policies                 = lookup(var.aws_node_termination_handler, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_node_termination_handler[*].json,
-    lookup(var.aws_node_termination_handler, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_node_termination_handler, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_node_termination_handler, "policy_statements", [])
-  policy_name               = try(var.aws_node_termination_handler.policy_name, null)
-  policy_name_use_prefix    = try(var.aws_node_termination_handler.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_node_termination_handler.policy_path, null)
-  policy_description        = try(var.aws_node_termination_handler.policy_description, "IAM Policy for AWS Node Termination Handler")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_node_termination_handler_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# AWS Private CA Issuer
-################################################################################
-
-locals {
-  aws_privateca_issuer_service_account = try(var.aws_privateca_issuer.service_account_name, "aws-privateca-issuer-sa")
-}
-
-data "aws_iam_policy_document" "aws_privateca_issuer" {
-  count = var.enable_aws_privateca_issuer ? 1 : 0
-
-  statement {
-    actions = [
-      "acm-pca:DescribeCertificateAuthority",
-      "acm-pca:GetCertificate",
-      "acm-pca:IssueCertificate",
-    ]
-    resources = [
-      try(var.aws_privateca_issuer.acmca_arn,
-      "arn:${local.partition}:acm-pca:${local.region}:${local.account_id}:certificate-authority/*")
-    ]
-  }
-}
-
-module "aws_privateca_issuer" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_aws_privateca_issuer
-
-  # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
-  name             = try(var.aws_privateca_issuer.name, "aws-privateca-issuer")
-  description      = try(var.aws_privateca_issuer.description, "A Helm chart to install the AWS Private CA Issuer")
-  namespace        = try(var.aws_privateca_issuer.namespace, "kube-system")
-  create_namespace = try(var.aws_privateca_issuer.create_namespace, false)
-  chart            = "aws-privateca-issuer"
-  chart_version    = try(var.aws_privateca_issuer.chart_version, "v1.2.5")
-  repository       = try(var.aws_privateca_issuer.repository, "https://cert-manager.github.io/aws-privateca-issuer")
-  values           = try(var.aws_privateca_issuer.values, [])
-
-  timeout                    = try(var.aws_privateca_issuer.timeout, null)
-  repository_key_file        = try(var.aws_privateca_issuer.repository_key_file, null)
-  repository_cert_file       = try(var.aws_privateca_issuer.repository_cert_file, null)
-  repository_ca_file         = try(var.aws_privateca_issuer.repository_ca_file, null)
-  repository_username        = try(var.aws_privateca_issuer.repository_username, null)
-  repository_password        = try(var.aws_privateca_issuer.repository_password, null)
-  devel                      = try(var.aws_privateca_issuer.devel, null)
-  verify                     = try(var.aws_privateca_issuer.verify, null)
-  keyring                    = try(var.aws_privateca_issuer.keyring, null)
-  disable_webhooks           = try(var.aws_privateca_issuer.disable_webhooks, null)
-  reuse_values               = try(var.aws_privateca_issuer.reuse_values, null)
-  reset_values               = try(var.aws_privateca_issuer.reset_values, null)
-  force_update               = try(var.aws_privateca_issuer.force_update, null)
-  recreate_pods              = try(var.aws_privateca_issuer.recreate_pods, null)
-  cleanup_on_fail            = try(var.aws_privateca_issuer.cleanup_on_fail, null)
-  max_history                = try(var.aws_privateca_issuer.max_history, null)
-  atomic                     = try(var.aws_privateca_issuer.atomic, null)
-  skip_crds                  = try(var.aws_privateca_issuer.skip_crds, null)
-  render_subchart_notes      = try(var.aws_privateca_issuer.render_subchart_notes, null)
-  disable_openapi_validation = try(var.aws_privateca_issuer.disable_openapi_validation, null)
-  wait                       = try(var.aws_privateca_issuer.wait, null)
-  wait_for_jobs              = try(var.aws_privateca_issuer.wait_for_jobs, null)
-  dependency_update          = try(var.aws_privateca_issuer.dependency_update, null)
-  replace                    = try(var.aws_privateca_issuer.replace, null)
-  lint                       = try(var.aws_privateca_issuer.lint, null)
-
-  postrender = try(var.aws_privateca_issuer.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.aws_privateca_issuer_service_account
-    }],
-    try(var.aws_privateca_issuer.set, [])
-  )
-  set_sensitive = try(var.aws_privateca_issuer.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.aws_privateca_issuer.create_role, true)
-  role_name                     = try(var.aws_privateca_issuer.role_name, "aws-privateca-issuer")
-  role_name_use_prefix          = try(var.aws_privateca_issuer.role_name_use_prefix, true)
-  role_path                     = try(var.aws_privateca_issuer.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.aws_privateca_issuer, "role_permissions_boundary_arn", null)
-  role_description              = try(var.aws_privateca_issuer.role_description, "IRSA for AWS Private CA Issuer")
-  role_policies                 = lookup(var.aws_privateca_issuer, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.aws_privateca_issuer[*].json,
-    lookup(var.aws_privateca_issuer, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.aws_privateca_issuer, "override_policy_documents", [])
-  policy_statements         = lookup(var.aws_privateca_issuer, "policy_statements", [])
-  policy_name               = try(var.aws_privateca_issuer.policy_name, "aws-privateca-issuer")
-  policy_name_use_prefix    = try(var.aws_privateca_issuer.policy_name_use_prefix, true)
-  policy_path               = try(var.aws_privateca_issuer.policy_path, null)
-  policy_description        = try(var.aws_privateca_issuer.policy_description, "IAM Policy for AWS Private CA Issuer")
-
-  oidc_providers = {
-    controller = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.aws_privateca_issuer_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Cert Manager
-################################################################################
-
-locals {
-  cert_manager_service_account = try(var.cert_manager.service_account_name, "cert-manager")
-  create_cert_manager_irsa     = var.enable_cert_manager && length(var.cert_manager_route53_hosted_zone_arns) > 0
-}
-
-data "aws_iam_policy_document" "cert_manager" {
-  count = local.create_cert_manager_irsa ? 1 : 0
-
-  statement {
-    actions   = ["route53:GetChange", ]
-    resources = ["arn:${local.partition}:route53:::change/*"]
-  }
-
-  statement {
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:ListResourceRecordSets",
-    ]
-    resources = var.cert_manager_route53_hosted_zone_arns
-  }
-
-  statement {
-    actions   = ["route53:ListHostedZonesByName"]
-    resources = ["*"]
-  }
-}
-
-module "cert_manager" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_cert_manager
-
-  # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/Chart.template.yaml
-  name             = try(var.cert_manager.name, "cert-manager")
-  description      = try(var.cert_manager.description, "A Helm chart to deploy cert-manager")
-  namespace        = try(var.cert_manager.namespace, "cert-manager")
-  create_namespace = try(var.cert_manager.create_namespace, true)
-  chart            = "cert-manager"
-  chart_version    = try(var.cert_manager.chart_version, "v1.11.1")
-  repository       = try(var.cert_manager.repository, "https://charts.jetstack.io")
-  values           = try(var.cert_manager.values, [])
-
-  timeout                    = try(var.cert_manager.timeout, null)
-  repository_key_file        = try(var.cert_manager.repository_key_file, null)
-  repository_cert_file       = try(var.cert_manager.repository_cert_file, null)
-  repository_ca_file         = try(var.cert_manager.repository_ca_file, null)
-  repository_username        = try(var.cert_manager.repository_username, null)
-  repository_password        = try(var.cert_manager.repository_password, null)
-  devel                      = try(var.cert_manager.devel, null)
-  verify                     = try(var.cert_manager.verify, null)
-  keyring                    = try(var.cert_manager.keyring, null)
-  disable_webhooks           = try(var.cert_manager.disable_webhooks, null)
-  reuse_values               = try(var.cert_manager.reuse_values, null)
-  reset_values               = try(var.cert_manager.reset_values, null)
-  force_update               = try(var.cert_manager.force_update, null)
-  recreate_pods              = try(var.cert_manager.recreate_pods, null)
-  cleanup_on_fail            = try(var.cert_manager.cleanup_on_fail, null)
-  max_history                = try(var.cert_manager.max_history, null)
-  atomic                     = try(var.cert_manager.atomic, null)
-  skip_crds                  = try(var.cert_manager.skip_crds, null)
-  render_subchart_notes      = try(var.cert_manager.render_subchart_notes, null)
-  disable_openapi_validation = try(var.cert_manager.disable_openapi_validation, null)
-  wait                       = try(var.cert_manager.wait, null)
-  wait_for_jobs              = try(var.cert_manager.wait_for_jobs, null)
-  dependency_update          = try(var.cert_manager.dependency_update, null)
-  replace                    = try(var.cert_manager.replace, null)
-  lint                       = try(var.cert_manager.lint, null)
-
-  postrender = try(var.cert_manager.postrender, [])
-  set = concat([
-    {
-      name  = "installCRDs"
-      value = true
-    }
-    ],
-    try(var.cert_manager.set, [])
-  )
-  set_sensitive = try(var.cert_manager.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = local.create_cert_manager_irsa && try(var.cert_manager.create_role, true)
-  role_name                     = try(var.cert_manager.role_name, "cert-manager")
-  role_name_use_prefix          = try(var.cert_manager.role_name_use_prefix, true)
-  role_path                     = try(var.cert_manager.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.cert_manager, "role_permissions_boundary_arn", null)
-  role_description              = try(var.cert_manager.role_description, "IRSA for cert-manger project")
-  role_policies                 = lookup(var.cert_manager, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.cert_manager[*].json,
-    lookup(var.cert_manager, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.cert_manager, "override_policy_documents", [])
-  policy_statements         = lookup(var.cert_manager, "policy_statements", [])
-  policy_name               = try(var.cert_manager.policy_name, null)
-  policy_name_use_prefix    = try(var.cert_manager.policy_name_use_prefix, true)
-  policy_path               = try(var.cert_manager.policy_path, null)
-  policy_description        = try(var.cert_manager.policy_description, "IAM Policy for cert-manager")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.cert_manager_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Cluster Autoscaler
-################################################################################
-
-locals {
-  cluster_autoscaler_service_account = try(var.cluster_autoscaler.service_account_name, "cluster-autoscaler-sa")
-
-  # Lookup map to pull latest cluster-autoscaler patch version given the cluster version
-  cluster_autoscaler_image_tag = {
-    "1.20" = "v1.20.3"
-    "1.21" = "v1.21.3"
-    "1.22" = "v1.22.3"
-    "1.23" = "v1.23.1"
-    "1.24" = "v1.24.1"
-    "1.25" = "v1.25.1"
-    "1.26" = "v1.26.2"
-  }
-}
-
-data "aws_iam_policy_document" "cluster_autoscaler" {
-  count = var.enable_cluster_autoscaler ? 1 : 0
-
-  statement {
-    actions = [
-      "autoscaling:DescribeAutoScalingGroups",
-      "autoscaling:DescribeAutoScalingInstances",
-      "autoscaling:DescribeLaunchConfigurations",
-      "autoscaling:DescribeScalingActivities",
-      "autoscaling:DescribeTags",
-      "ec2:DescribeLaunchTemplateVersions",
-      "ec2:DescribeInstanceTypes",
-      "eks:DescribeNodegroup",
-      "ec2:DescribeImages",
-      "ec2:GetInstanceTypesFromInstanceRequirements"
-    ]
-
-    resources = ["*"]
-  }
-
-  statement {
-    actions = [
-      "autoscaling:SetDesiredCapacity",
-      "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "autoscaling:UpdateAutoScalingGroup",
-    ]
-
-    resources = ["*"]
-
-    condition {
-      test     = "StringEquals"
-      variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
-      values   = ["owned"]
-    }
-  }
-}
-
-module "cluster_autoscaler" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_cluster_autoscaler
-
-  # https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/Chart.yaml
-  name             = try(var.cluster_autoscaler.name, "cluster-autoscaler")
-  description      = try(var.cluster_autoscaler.description, "A Helm chart to deploy cluster-autoscaler")
-  namespace        = try(var.cluster_autoscaler.namespace, "kube-system")
-  create_namespace = try(var.cluster_autoscaler.create_namespace, false)
-  chart            = "cluster-autoscaler"
-  chart_version    = try(var.cluster_autoscaler.chart_version, "9.28.0")
-  repository       = try(var.cluster_autoscaler.repository, "https://kubernetes.github.io/autoscaler")
-  values           = try(var.cluster_autoscaler.values, [])
-
-  timeout                    = try(var.cluster_autoscaler.timeout, null)
-  repository_key_file        = try(var.cluster_autoscaler.repository_key_file, null)
-  repository_cert_file       = try(var.cluster_autoscaler.repository_cert_file, null)
-  repository_ca_file         = try(var.cluster_autoscaler.repository_ca_file, null)
-  repository_username        = try(var.cluster_autoscaler.repository_username, null)
-  repository_password        = try(var.cluster_autoscaler.repository_password, null)
-  devel                      = try(var.cluster_autoscaler.devel, null)
-  verify                     = try(var.cluster_autoscaler.verify, null)
-  keyring                    = try(var.cluster_autoscaler.keyring, null)
-  disable_webhooks           = try(var.cluster_autoscaler.disable_webhooks, null)
-  reuse_values               = try(var.cluster_autoscaler.reuse_values, null)
-  reset_values               = try(var.cluster_autoscaler.reset_values, null)
-  force_update               = try(var.cluster_autoscaler.force_update, null)
-  recreate_pods              = try(var.cluster_autoscaler.recreate_pods, null)
-  cleanup_on_fail            = try(var.cluster_autoscaler.cleanup_on_fail, null)
-  max_history                = try(var.cluster_autoscaler.max_history, null)
-  atomic                     = try(var.cluster_autoscaler.atomic, null)
-  skip_crds                  = try(var.cluster_autoscaler.skip_crds, null)
-  render_subchart_notes      = try(var.cluster_autoscaler.render_subchart_notes, null)
-  disable_openapi_validation = try(var.cluster_autoscaler.disable_openapi_validation, null)
-  wait                       = try(var.cluster_autoscaler.wait, null)
-  wait_for_jobs              = try(var.cluster_autoscaler.wait_for_jobs, null)
-  dependency_update          = try(var.cluster_autoscaler.dependency_update, null)
-  replace                    = try(var.cluster_autoscaler.replace, null)
-  lint                       = try(var.cluster_autoscaler.lint, null)
-
-  postrender = try(var.cluster_autoscaler.postrender, [])
-  set = concat(
-    [
-      {
-        name  = "awsRegion"
-        value = local.region
-      },
-      {
-        name  = "autoDiscovery.clusterName"
-        value = local.cluster_name
-      },
-      {
-        name  = "image.tag"
-        value = try(local.cluster_autoscaler_image_tag[var.cluster_version], "v${var.cluster_version}.0")
-      },
-      {
-        name  = "rbac.serviceAccount.name"
-        value = local.cluster_autoscaler_service_account
-      }
-    ],
-    try(var.cluster_autoscaler.set, [])
-  )
-  set_sensitive = try(var.cluster_autoscaler.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.cluster_autoscaler.create_role, true)
-  role_name                     = try(var.cluster_autoscaler.role_name, "cluster-autoscaler")
-  role_name_use_prefix          = try(var.cluster_autoscaler.role_name_use_prefix, true)
-  role_path                     = try(var.cluster_autoscaler.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.cluster_autoscaler, "role_permissions_boundary_arn", null)
-  role_description              = try(var.cluster_autoscaler.role_description, "IRSA for cluster-autoscaler operator")
-  role_policies                 = lookup(var.cluster_autoscaler, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.cluster_autoscaler[*].json,
-    lookup(var.cluster_autoscaler, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.cluster_autoscaler, "override_policy_documents", [])
-  policy_statements         = lookup(var.cluster_autoscaler, "policy_statements", [])
-  policy_name               = try(var.cluster_autoscaler.policy_name, null)
-  policy_name_use_prefix    = try(var.cluster_autoscaler.policy_name_use_prefix, true)
-  policy_path               = try(var.cluster_autoscaler.policy_path, null)
-  policy_description        = try(var.cluster_autoscaler.policy_description, "IAM Policy for cluster-autoscaler operator")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.cluster_autoscaler_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Cluster Proportional Autoscaler
-################################################################################
-
-module "cluster_proportional_autoscaler" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_cluster_proportional_autoscaler
-
-  # https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/blob/master/charts/cluster-proportional-autoscaler/Chart.yaml
-  name             = try(var.cluster_proportional_autoscaler.name, "cluster-proportional-autoscaler")
-  description      = try(var.cluster_proportional_autoscaler.description, "A Helm chart to install the Cluster Proportional Autoscaler")
-  namespace        = try(var.cluster_proportional_autoscaler.namespace, "kube-system")
-  create_namespace = try(var.cluster_proportional_autoscaler.create_namespace, false)
-  chart            = "cluster-proportional-autoscaler"
-  chart_version    = try(var.cluster_proportional_autoscaler.chart_version, "1.1.0")
-  repository       = try(var.cluster_proportional_autoscaler.repository, "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler")
-  values           = try(var.cluster_proportional_autoscaler.values, [])
-
-  timeout                    = try(var.cluster_proportional_autoscaler.timeout, null)
-  repository_key_file        = try(var.cluster_proportional_autoscaler.repository_key_file, null)
-  repository_cert_file       = try(var.cluster_proportional_autoscaler.repository_cert_file, null)
-  repository_ca_file         = try(var.cluster_proportional_autoscaler.repository_ca_file, null)
-  repository_username        = try(var.cluster_proportional_autoscaler.repository_username, null)
-  repository_password        = try(var.cluster_proportional_autoscaler.repository_password, null)
-  devel                      = try(var.cluster_proportional_autoscaler.devel, null)
-  verify                     = try(var.cluster_proportional_autoscaler.verify, null)
-  keyring                    = try(var.cluster_proportional_autoscaler.keyring, null)
-  disable_webhooks           = try(var.cluster_proportional_autoscaler.disable_webhooks, null)
-  reuse_values               = try(var.cluster_proportional_autoscaler.reuse_values, null)
-  reset_values               = try(var.cluster_proportional_autoscaler.reset_values, null)
-  force_update               = try(var.cluster_proportional_autoscaler.force_update, null)
-  recreate_pods              = try(var.cluster_proportional_autoscaler.recreate_pods, null)
-  cleanup_on_fail            = try(var.cluster_proportional_autoscaler.cleanup_on_fail, null)
-  max_history                = try(var.cluster_proportional_autoscaler.max_history, null)
-  atomic                     = try(var.cluster_proportional_autoscaler.atomic, null)
-  skip_crds                  = try(var.cluster_proportional_autoscaler.skip_crds, null)
-  render_subchart_notes      = try(var.cluster_proportional_autoscaler.render_subchart_notes, null)
-  disable_openapi_validation = try(var.cluster_proportional_autoscaler.disable_openapi_validation, null)
-  wait                       = try(var.cluster_proportional_autoscaler.wait, null)
-  wait_for_jobs              = try(var.cluster_proportional_autoscaler.wait_for_jobs, null)
-  dependency_update          = try(var.cluster_proportional_autoscaler.dependency_update, null)
-  replace                    = try(var.cluster_proportional_autoscaler.replace, null)
-  lint                       = try(var.cluster_proportional_autoscaler.lint, null)
-
-  postrender    = try(var.cluster_proportional_autoscaler.postrender, [])
-  set           = try(var.cluster_proportional_autoscaler.set, [])
-  set_sensitive = try(var.cluster_proportional_autoscaler.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# EKS Addons
-################################################################################
-
-data "aws_eks_addon_version" "this" {
-  for_each = var.eks_addons
-
-  addon_name         = try(each.value.name, each.key)
-  kubernetes_version = var.cluster_version
-  most_recent        = try(each.value.most_recent, true)
-}
-
-resource "aws_eks_addon" "this" {
-  for_each = var.eks_addons
-
-  cluster_name = local.cluster_name
-  addon_name   = try(each.value.name, each.key)
-
-  addon_version            = try(each.value.addon_version, data.aws_eks_addon_version.this[each.key].version)
-  configuration_values     = try(each.value.configuration_values, null)
-  preserve                 = try(each.value.preserve, null)
-  resolve_conflicts        = try(each.value.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = try(each.value.service_account_role_arn, null)
-
-  timeouts {
-    create = try(each.value.timeouts.create, var.eks_addons_timeouts.create, null)
-    update = try(each.value.timeouts.update, var.eks_addons_timeouts.update, null)
-    delete = try(each.value.timeouts.delete, var.eks_addons_timeouts.delete, null)
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# External DNS
-################################################################################
-
-locals {
-  external_dns_service_account = try(var.external_dns.service_account_name, "external-dns-sa")
-}
-
-# https://github.com/external-secrets/kubernetes-external-secrets#add-a-secret
-data "aws_iam_policy_document" "external_dns" {
-  count = var.enable_external_dns && length(var.external_dns_route53_zone_arns) > 0 ? 1 : 0
-
-  statement {
-    actions   = ["route53:ChangeResourceRecordSets"]
-    resources = var.external_dns_route53_zone_arns
-  }
-
-  statement {
-    actions = [
-      "route53:ListHostedZones",
-      "route53:ListResourceRecordSets",
-    ]
-    resources = ["*"]
-  }
-}
-
-module "external_dns" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_external_dns
-
-  # https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns/Chart.yaml
-  name             = try(var.external_dns.name, "external-dns")
-  description      = try(var.external_dns.description, "A Helm chart to deploy external-dns")
-  namespace        = try(var.external_dns.namespace, "external-dns")
-  create_namespace = try(var.external_dns.create_namespace, true)
-  chart            = "external-dns"
-  chart_version    = try(var.external_dns.chart_version, "1.12.2")
-  repository       = try(var.external_dns.repository, "https://kubernetes-sigs.github.io/external-dns/")
-  values           = try(var.external_dns.values, ["provider: aws"])
-
-  timeout                    = try(var.external_dns.timeout, null)
-  repository_key_file        = try(var.external_dns.repository_key_file, null)
-  repository_cert_file       = try(var.external_dns.repository_cert_file, null)
-  repository_ca_file         = try(var.external_dns.repository_ca_file, null)
-  repository_username        = try(var.external_dns.repository_username, null)
-  repository_password        = try(var.external_dns.repository_password, null)
-  devel                      = try(var.external_dns.devel, null)
-  verify                     = try(var.external_dns.verify, null)
-  keyring                    = try(var.external_dns.keyring, null)
-  disable_webhooks           = try(var.external_dns.disable_webhooks, null)
-  reuse_values               = try(var.external_dns.reuse_values, null)
-  reset_values               = try(var.external_dns.reset_values, null)
-  force_update               = try(var.external_dns.force_update, null)
-  recreate_pods              = try(var.external_dns.recreate_pods, null)
-  cleanup_on_fail            = try(var.external_dns.cleanup_on_fail, null)
-  max_history                = try(var.external_dns.max_history, null)
-  atomic                     = try(var.external_dns.atomic, null)
-  skip_crds                  = try(var.external_dns.skip_crds, null)
-  render_subchart_notes      = try(var.external_dns.render_subchart_notes, null)
-  disable_openapi_validation = try(var.external_dns.disable_openapi_validation, null)
-  wait                       = try(var.external_dns.wait, null)
-  wait_for_jobs              = try(var.external_dns.wait_for_jobs, null)
-  dependency_update          = try(var.external_dns.dependency_update, null)
-  replace                    = try(var.external_dns.replace, null)
-  lint                       = try(var.external_dns.lint, null)
-
-  postrender = try(var.external_dns.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.external_dns_service_account
-    }],
-    try(var.external_dns.set, [])
-  )
-  set_sensitive = try(var.external_dns.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.external_dns.create_role, true) && length(var.external_dns_route53_zone_arns) > 0
-  role_name                     = try(var.external_dns.role_name, "external-dns")
-  role_name_use_prefix          = try(var.external_dns.role_name_use_prefix, true)
-  role_path                     = try(var.external_dns.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.external_dns, "role_permissions_boundary_arn", null)
-  role_description              = try(var.external_dns.role_description, "IRSA for external-dns operator")
-  role_policies                 = lookup(var.external_dns, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.external_dns[*].json,
-    lookup(var.external_dns, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.external_dns, "override_policy_documents", [])
-  policy_statements         = lookup(var.external_dns, "policy_statements", [])
-  policy_name               = try(var.external_dns.policy_name, null)
-  policy_name_use_prefix    = try(var.external_dns.policy_name_use_prefix, true)
-  policy_path               = try(var.external_dns.policy_path, null)
-  policy_description        = try(var.external_dns.policy_description, "IAM Policy for external-dns operator")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.external_dns_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# External Secrets
-################################################################################
-
-locals {
-  external_secrets_service_account = try(var.external_secrets.service_account_name, "external-secrets-sa")
-}
-
-# https://github.com/external-secrets/kubernetes-external-secrets#add-a-secret
-data "aws_iam_policy_document" "external_secrets" {
-  count = var.enable_external_secrets ? 1 : 0
-
-  dynamic "statement" {
-    for_each = length(var.external_secrets_ssm_parameter_arns) > 0 ? [1] : []
-
-    content {
-      actions   = ["ssm:DescribeParameters"]
-      resources = ["*"]
-    }
-  }
-
-  dynamic "statement" {
-    for_each = length(var.external_secrets_ssm_parameter_arns) > 0 ? [1] : []
-
-    content {
-      actions = [
-        "ssm:GetParameter",
-        "ssm:GetParameters",
-      ]
-      resources = var.external_secrets_ssm_parameter_arns
-    }
-  }
-
-  dynamic "statement" {
-    for_each = length(var.external_secrets_secrets_manager_arns) > 0 ? [1] : []
-
-    content {
-      actions   = ["secretsmanager:ListSecrets"]
-      resources = ["*"]
-    }
-  }
-
-  dynamic "statement" {
-    for_each = length(var.external_secrets_secrets_manager_arns) > 0 ? [1] : []
-
-    content {
-      actions = [
-        "secretsmanager:GetResourcePolicy",
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:DescribeSecret",
-        "secretsmanager:ListSecretVersionIds",
-      ]
-      resources = var.external_secrets_secrets_manager_arns
-    }
-  }
-
-  dynamic "statement" {
-    for_each = length(var.external_secrets_kms_key_arns) > 0 ? [1] : []
-
-    content {
-      actions   = ["kms:Decrypt"]
-      resources = var.external_secrets_kms_key_arns
-    }
-  }
-}
-
-module "external_secrets" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_external_secrets
-
-  # https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/Chart.yaml
-  name             = try(var.external_secrets.name, "external-secrets")
-  description      = try(var.external_secrets.description, "A Helm chart to deploy external-secrets")
-  namespace        = try(var.external_secrets.namespace, "external-secrets")
-  create_namespace = try(var.external_secrets.create_namespace, true)
-  chart            = "external-secrets"
-  chart_version    = try(var.external_secrets.chart_version, "0.8.1")
-  repository       = try(var.external_secrets.repository, "https://charts.external-secrets.io")
-  values           = try(var.external_secrets.values, [])
-
-  timeout                    = try(var.external_secrets.timeout, null)
-  repository_key_file        = try(var.external_secrets.repository_key_file, null)
-  repository_cert_file       = try(var.external_secrets.repository_cert_file, null)
-  repository_ca_file         = try(var.external_secrets.repository_ca_file, null)
-  repository_username        = try(var.external_secrets.repository_username, null)
-  repository_password        = try(var.external_secrets.repository_password, null)
-  devel                      = try(var.external_secrets.devel, null)
-  verify                     = try(var.external_secrets.verify, null)
-  keyring                    = try(var.external_secrets.keyring, null)
-  disable_webhooks           = try(var.external_secrets.disable_webhooks, null)
-  reuse_values               = try(var.external_secrets.reuse_values, null)
-  reset_values               = try(var.external_secrets.reset_values, null)
-  force_update               = try(var.external_secrets.force_update, null)
-  recreate_pods              = try(var.external_secrets.recreate_pods, null)
-  cleanup_on_fail            = try(var.external_secrets.cleanup_on_fail, null)
-  max_history                = try(var.external_secrets.max_history, null)
-  atomic                     = try(var.external_secrets.atomic, null)
-  skip_crds                  = try(var.external_secrets.skip_crds, null)
-  render_subchart_notes      = try(var.external_secrets.render_subchart_notes, null)
-  disable_openapi_validation = try(var.external_secrets.disable_openapi_validation, null)
-  wait                       = try(var.external_secrets.wait, null)
-  wait_for_jobs              = try(var.external_secrets.wait_for_jobs, null)
-  dependency_update          = try(var.external_secrets.dependency_update, null)
-  replace                    = try(var.external_secrets.replace, null)
-  lint                       = try(var.external_secrets.lint, null)
-
-  postrender = try(var.external_secrets.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.external_secrets_service_account
-    }],
-    try(var.external_secrets.set, [])
-  )
-  set_sensitive = try(var.external_secrets.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.external_secrets.create_role, true)
-  role_name                     = try(var.external_secrets.role_name, "external-secrets")
-  role_name_use_prefix          = try(var.external_secrets.role_name_use_prefix, true)
-  role_path                     = try(var.external_secrets.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.external_secrets, "role_permissions_boundary_arn", null)
-  role_description              = try(var.external_secrets.role_description, "IRSA for external-secrets operator")
-  role_policies                 = lookup(var.external_secrets, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.external_secrets[*].json,
-    lookup(var.external_secrets, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.external_secrets, "override_policy_documents", [])
-  policy_statements         = lookup(var.external_secrets, "policy_statements", [])
-  policy_name               = try(var.external_secrets.policy_name, null)
-  policy_name_use_prefix    = try(var.external_secrets.policy_name_use_prefix, true)
-  policy_path               = try(var.external_secrets.policy_path, null)
-  policy_description        = try(var.external_secrets.policy_description, "IAM Policy for external-secrets operator")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.external_secrets_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Fargate Fluentbit
-################################################################################
-
-locals {
-  fargate_fluentbit_policy_name = try(var.fargate_fluentbit_cw_log_group.create, true) ? try(var.fargate_fluentbit.policy_name, "${var.cluster_name}-fargate-fluentbit-logs") : null
-}
-
-resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
-  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
-
-  name              = try(var.fargate_fluentbit_cw_log_group.name, null)
-  name_prefix       = try(var.fargate_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/fargate-fluentbit-logs")
-  retention_in_days = try(var.fargate_fluentbit_cw_log_group.retention, 90)
-  kms_key_id        = try(var.fargate_fluentbit_cw_log_group.kms_key_arn, null)
-  skip_destroy      = try(var.fargate_fluentbit_cw_log_group.skip_destroy, false)
-  tags              = merge(var.tags, try(var.fargate_fluentbit_cw_log_group.tags, {}))
-}
-
-resource "aws_iam_policy" "fargate_fluentbit" {
-  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
-
-  name        = try(var.fargate_fluentbit.policy_name_use_prefix, true) ? null : local.fargate_fluentbit_policy_name
-  name_prefix = try(var.fargate_fluentbit.policy_name_use_prefix, true) ? try(var.fargate_fluentbit.policy_name_prefix, "${local.fargate_fluentbit_policy_name}-") : null
-  description = try(var.fargate_fluentbit.policy_description, null)
-  policy      = data.aws_iam_policy_document.fargate_fluentbit[0].json
-}
-
-data "aws_iam_policy_document" "fargate_fluentbit" {
-  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
-
-  statement {
-    sid    = "PutLogEvents"
-    effect = "Allow"
-    actions = [
-      "logs:CreateLogStream",
-      "logs:CreateLogGroup",
-      "logs:DescribeLogStreams",
-      "logs:PutLogEvents"
-    ]
-    resources = [
-      try("${var.fargate_fluentbit.cwlog_arn}:*", "${aws_cloudwatch_log_group.fargate_fluentbit[0].arn}:*"),
-      try("${var.fargate_fluentbit.cwlog_arn}:logstream:*", "${aws_cloudwatch_log_group.fargate_fluentbit[0].arn}:logstream:*")
-    ]
-  }
-}
-
-# Help on Fargate Logging with Fluentbit and CloudWatch
-# https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
-resource "kubernetes_namespace_v1" "aws_observability" {
-  count = var.enable_fargate_fluentbit ? 1 : 0
-
-  metadata {
-    name = "aws-observability"
-
-    labels = {
-      aws-observability = "enabled"
-    }
-  }
-}
-
-# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
-resource "kubernetes_config_map_v1" "aws_logging" {
-  count = var.enable_fargate_fluentbit ? 1 : 0
-
-  metadata {
-    name      = "aws-logging"
-    namespace = kubernetes_namespace_v1.aws_observability[0].id
-  }
-
-  data = {
-    "parsers.conf" = try(
-      var.fargate_fluentbit.parsers_conf,
-      <<-EOT
-        [PARSER]
-          Name regex
-          Format regex
-          Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
-          Time_Key time
-          Time_Format %Y-%m-%dT%H:%M:%S.%L%z
-          Time_Keep On
-          Decode_Field_As json message
-      EOT
-    )
-    "filters.conf" = try(
-      var.fargate_fluentbit.filters_conf,
-      <<-EOT
-        [FILTER]
-          Name parser
-          Match *
-          Key_Name log
-          Parser regex
-          Preserve_Key True
-          Reserve_Data True
-      EOT
-    )
-    "output.conf" = try(
-      var.fargate_fluentbit.output_conf,
-      <<-EOT
-        [OUTPUT]
-          Name cloudwatch_logs
-          Match *
-          region ${local.region}
-          log_group_name ${try(var.fargate_fluentbit.cwlog_group, aws_cloudwatch_log_group.fargate_fluentbit[0].name)}
-          log_stream_prefix ${try(var.fargate_fluentbit.cwlog_stream_prefix, "fargate-logs-")}
-          auto_create_group true
-      EOT
-    )
-    "flb_log_cw" = try(var.fargate_fluentbit.flb_log_cw, false)
-  }
-}
-
-################################################################################
-# Gatekeeper
-################################################################################
-
-module "gatekeeper" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_gatekeeper
-
-  # https://github.com/open-policy-agent/gatekeeper/blob/master/charts/gatekeeper/Chart.yaml
-  name             = try(var.gatekeeper.name, "gatekeeper")
-  description      = try(var.gatekeeper.description, "A Helm chart to install Gatekeeper")
-  namespace        = try(var.gatekeeper.namespace, "gatekeeper-system")
-  create_namespace = try(var.gatekeeper.create_namespace, true)
-  chart            = "gatekeeper"
-  chart_version    = try(var.gatekeeper.chart_version, "3.12.0")
-  repository       = try(var.gatekeeper.repository, "https://open-policy-agent.github.io/gatekeeper/charts")
-  values           = try(var.gatekeeper.values, [])
-
-  timeout                    = try(var.gatekeeper.timeout, null)
-  repository_key_file        = try(var.gatekeeper.repository_key_file, null)
-  repository_cert_file       = try(var.gatekeeper.repository_cert_file, null)
-  repository_ca_file         = try(var.gatekeeper.repository_ca_file, null)
-  repository_username        = try(var.gatekeeper.repository_username, null)
-  repository_password        = try(var.gatekeeper.repository_password, null)
-  devel                      = try(var.gatekeeper.devel, null)
-  verify                     = try(var.gatekeeper.verify, null)
-  keyring                    = try(var.gatekeeper.keyring, null)
-  disable_webhooks           = try(var.gatekeeper.disable_webhooks, null)
-  reuse_values               = try(var.gatekeeper.reuse_values, null)
-  reset_values               = try(var.gatekeeper.reset_values, null)
-  force_update               = try(var.gatekeeper.force_update, null)
-  recreate_pods              = try(var.gatekeeper.recreate_pods, null)
-  cleanup_on_fail            = try(var.gatekeeper.cleanup_on_fail, null)
-  max_history                = try(var.gatekeeper.max_history, null)
-  atomic                     = try(var.gatekeeper.atomic, null)
-  skip_crds                  = try(var.gatekeeper.skip_crds, null)
-  render_subchart_notes      = try(var.gatekeeper.render_subchart_notes, null)
-  disable_openapi_validation = try(var.gatekeeper.disable_openapi_validation, null)
-  wait                       = try(var.gatekeeper.wait, null)
-  wait_for_jobs              = try(var.gatekeeper.wait_for_jobs, null)
-  dependency_update          = try(var.gatekeeper.dependency_update, null)
-  replace                    = try(var.gatekeeper.replace, null)
-  lint                       = try(var.gatekeeper.lint, null)
-
-  postrender    = try(var.gatekeeper.postrender, [])
-  set           = try(var.gatekeeper.set, [])
-  set_sensitive = try(var.gatekeeper.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Ingress Nginx
-################################################################################
-
-module "ingress_nginx" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_ingress_nginx
-
-  # https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/Chart.yaml
-  name             = try(var.ingress_nginx.name, "ingress-nginx")
-  description      = try(var.ingress_nginx.description, "A Helm chart to install the Ingress Nginx")
-  namespace        = try(var.ingress_nginx.namespace, "ingress-nginx")
-  create_namespace = try(var.ingress_nginx.create_namespace, true)
-  chart            = "ingress-nginx"
-  chart_version    = try(var.ingress_nginx.chart_version, "4.6.0")
-  repository       = try(var.ingress_nginx.repository, "https://kubernetes.github.io/ingress-nginx")
-  values           = try(var.ingress_nginx.values, [])
-
-  timeout                    = try(var.ingress_nginx.timeout, null)
-  repository_key_file        = try(var.ingress_nginx.repository_key_file, null)
-  repository_cert_file       = try(var.ingress_nginx.repository_cert_file, null)
-  repository_ca_file         = try(var.ingress_nginx.repository_ca_file, null)
-  repository_username        = try(var.ingress_nginx.repository_username, null)
-  repository_password        = try(var.ingress_nginx.repository_password, null)
-  devel                      = try(var.ingress_nginx.devel, null)
-  verify                     = try(var.ingress_nginx.verify, null)
-  keyring                    = try(var.ingress_nginx.keyring, null)
-  disable_webhooks           = try(var.ingress_nginx.disable_webhooks, null)
-  reuse_values               = try(var.ingress_nginx.reuse_values, null)
-  reset_values               = try(var.ingress_nginx.reset_values, null)
-  force_update               = try(var.ingress_nginx.force_update, null)
-  recreate_pods              = try(var.ingress_nginx.recreate_pods, null)
-  cleanup_on_fail            = try(var.ingress_nginx.cleanup_on_fail, null)
-  max_history                = try(var.ingress_nginx.max_history, null)
-  atomic                     = try(var.ingress_nginx.atomic, null)
-  skip_crds                  = try(var.ingress_nginx.skip_crds, null)
-  render_subchart_notes      = try(var.ingress_nginx.render_subchart_notes, null)
-  disable_openapi_validation = try(var.ingress_nginx.disable_openapi_validation, null)
-  wait                       = try(var.ingress_nginx.wait, null)
-  wait_for_jobs              = try(var.ingress_nginx.wait_for_jobs, null)
-  dependency_update          = try(var.ingress_nginx.dependency_update, null)
-  replace                    = try(var.ingress_nginx.replace, null)
-  lint                       = try(var.ingress_nginx.lint, null)
-
-  postrender    = try(var.ingress_nginx.postrender, [])
-  set           = try(var.ingress_nginx.set, [])
-  set_sensitive = try(var.ingress_nginx.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Karpenter
-################################################################################
-
-locals {
-  karpenter_service_account_name    = try(var.karpenter.service_account_name, "karpenter")
-  karpenter_enable_spot_termination = var.enable_karpenter && var.karpenter_enable_spot_termination
-
-  create_karpenter_node_iam_role = var.enable_karpenter && try(var.karpenter_node.create_iam_role, true)
-  karpenter_node_iam_role_arn    = try(aws_iam_role.karpenter[0].arn, var.karpenter_node.iam_role_arn, "")
-  karpenter_node_iam_role_name   = try(var.karpenter_node.iam_role_name, "karpenter-${var.cluster_name}")
-}
-
-data "aws_iam_policy_document" "karpenter" {
-  count = var.enable_karpenter ? 1 : 0
-
-  statement {
-    actions = [
-      "ec2:DescribeAvailabilityZones",
-      "ec2:DescribeImages",
-      "ec2:DescribeInstances",
-      "ec2:DescribeInstanceTypeOfferings",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeLaunchTemplates",
-      "ec2:DescribeSecurityGroups",
-      "ec2:DescribeSpotPriceHistory",
-      "ec2:DescribeSubnets",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    actions = [
-      "ec2:CreateFleet",
-      "ec2:CreateLaunchTemplate",
-      "ec2:CreateTags",
-      "ec2:DeleteLaunchTemplate",
-      "ec2:RunInstances"
-    ]
-    resources = [
-      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:*",
-      "arn:${local.partition}:ec2:${local.region}::image/*"
-    ]
-  }
-
-  statement {
-    actions   = ["iam:PassRole"]
-    resources = [local.karpenter_node_iam_role_arn]
-  }
-
-  statement {
-    actions   = ["pricing:GetProducts"]
-    resources = ["*"]
-  }
-
-  statement {
-    actions   = ["ssm:GetParameter"]
-    resources = ["arn:${local.partition}:ssm:${local.region}::parameter/*"]
-  }
-
-  statement {
-    actions   = ["eks:DescribeCluster"]
-    resources = ["arn:${local.partition}:eks:*:${local.account_id}:cluster/${var.cluster_name}"]
-  }
-
-  statement {
-    actions   = ["ec2:TerminateInstances"]
-    resources = ["arn:${local.partition}:ec2:${local.region}:${local.account_id}:instance/*"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/Name"
-      values   = ["*karpenter*"]
-    }
-  }
-
-  dynamic "statement" {
-    for_each = var.karpenter_enable_spot_termination ? [1] : []
-
-    content {
-      actions = [
-        "sqs:DeleteMessage",
-        "sqs:GetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:ReceiveMessage",
-      ]
-      resources = [module.karpenter_sqs.queue_arn]
-    }
-  }
-}
-
-module "karpenter_sqs" {
-  source  = "terraform-aws-modules/sqs/aws"
-  version = "4.0.1"
-
-  create = local.karpenter_enable_spot_termination
-
-  name = try(var.karpenter_sqs.queue_name, "karpenter-${var.cluster_name}")
-
-  message_retention_seconds         = try(var.karpenter_sqs.message_retention_seconds, 300)
-  sqs_managed_sse_enabled           = try(var.karpenter_sqs.sse_enabled, true)
-  kms_master_key_id                 = try(var.karpenter_sqs.kms_master_key_id, null)
-  kms_data_key_reuse_period_seconds = try(var.karpenter_sqs.kms_data_key_reuse_period_seconds, null)
-
-  create_queue_policy = true
-  queue_policy_statements = {
-    account = {
-      sid     = "SendEventsToQueue"
-      actions = ["sqs:SendMessage"]
-      principals = [
-        {
-          type = "Service"
-          identifiers = [
-            "events.${local.dns_suffix}",
-            "sqs.${local.dns_suffix}",
-          ]
-        }
-      ]
-    }
-  }
-
-  tags = merge(var.tags, try(var.karpenter_sqs.tags, {}))
-}
-
-resource "aws_cloudwatch_event_rule" "karpenter" {
-  for_each = { for k, v in local.ec2_events : k => v if local.karpenter_enable_spot_termination }
-
-  name_prefix   = "Karpenter-${each.value.name}-"
-  description   = each.value.description
-  event_pattern = jsonencode(each.value.event_pattern)
-
-  tags = merge(
-    { "ClusterName" : var.cluster_name },
-    var.tags,
-  )
-}
-
-resource "aws_cloudwatch_event_target" "karpenter" {
-  for_each = { for k, v in local.ec2_events : k => v if local.karpenter_enable_spot_termination }
-
-  rule      = aws_cloudwatch_event_rule.karpenter[each.key].name
-  target_id = "KarpenterQueueTarget"
-  arn       = module.karpenter_sqs.queue_arn
-}
-
-data "aws_iam_policy_document" "karpenter_assume_role" {
-  count = local.create_karpenter_node_iam_role ? 1 : 0
-
-  statement {
-    sid     = "KarpenterNodeAssumeRole"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.${local.dns_suffix}"]
-    }
-  }
-}
-
-resource "aws_iam_role" "karpenter" {
-  count = local.create_karpenter_node_iam_role ? 1 : 0
-
-  name        = try(var.karpenter_node.iam_role_use_name_prefix, true) ? null : local.karpenter_node_iam_role_name
-  name_prefix = try(var.karpenter_node.iam_role_use_name_prefix, true) ? "${local.karpenter_node_iam_role_name}-" : null
-  path        = try(var.karpenter_node.iam_role_path, null)
-  description = try(var.karpenter_node.iam_role_description, "Karpenter EC2 node IAM role")
-
-  assume_role_policy    = try(data.aws_iam_policy_document.karpenter_assume_role[0].json, "")
-  max_session_duration  = try(var.karpenter_node.iam_role_max_session_duration, null)
-  permissions_boundary  = try(var.karpenter_node.iam_role_permissions_boundary, null)
-  force_detach_policies = true
-
-  tags = merge(var.tags, try(var.karpenter_node.iam_role_tags, {}))
-}
-
-resource "aws_iam_role_policy_attachment" "karpenter" {
-  for_each = { for k, v in {
-    AmazonEKSWorkerNodePolicy          = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodePolicy",
-    AmazonEC2ContainerRegistryReadOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryReadOnly",
-    AmazonEKS_CNI_Policy               = "${local.iam_role_policy_prefix}/AmazonEKS_CNI_Policy"
-  } : k => v if local.create_karpenter_node_iam_role }
-
-  policy_arn = each.value
-  role       = aws_iam_role.karpenter[0].name
-}
-
-resource "aws_iam_role_policy_attachment" "additional" {
-  for_each = { for k, v in try(var.karpenter_node.iam_role_additional_policies, {}) : k => v if local.create_karpenter_node_iam_role }
-
-  policy_arn = each.value
-  role       = aws_iam_role.karpenter[0].name
-}
-
-resource "aws_iam_instance_profile" "karpenter" {
-  count = var.enable_karpenter && try(var.karpenter_node.create_instance_profile, true) ? 1 : 0
-
-  name        = try(var.karpenter_node.iam_role_use_name_prefix, true) ? null : local.karpenter_node_iam_role_name
-  name_prefix = try(var.karpenter_node.iam_role_use_name_prefix, true) ? "${local.karpenter_node_iam_role_name}-" : null
-  path        = try(var.karpenter_node.iam_role_path, null)
-  role        = try(aws_iam_role.karpenter[0].name, var.karpenter_node.iam_role_name, "")
-
-  tags = merge(var.tags, try(var.karpenter_node.instance_profile_tags, {}))
-}
-
-module "karpenter" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_karpenter
-
-  # https://github.com/aws/karpenter/blob/main/charts/karpenter/Chart.yaml
-  name             = try(var.karpenter.name, "karpenter")
-  description      = try(var.karpenter.description, "A Helm chart to deploy Karpenter")
-  namespace        = try(var.karpenter.namespace, "karpenter")
-  create_namespace = try(var.karpenter.create_namespace, true)
-  chart            = "karpenter"
-  chart_version    = try(var.karpenter.chart_version, "v0.27.2")
-  repository       = try(var.karpenter.repository, "oci://public.ecr.aws/karpenter")
-  values           = try(var.karpenter.values, [])
-
-  timeout                    = try(var.karpenter.timeout, null)
-  repository_key_file        = try(var.karpenter.repository_key_file, null)
-  repository_cert_file       = try(var.karpenter.repository_cert_file, null)
-  repository_ca_file         = try(var.karpenter.repository_ca_file, null)
-  repository_username        = try(var.karpenter.repository_username, null)
-  repository_password        = try(var.karpenter.repository_password, null)
-  devel                      = try(var.karpenter.devel, null)
-  verify                     = try(var.karpenter.verify, null)
-  keyring                    = try(var.karpenter.keyring, null)
-  disable_webhooks           = try(var.karpenter.disable_webhooks, null)
-  reuse_values               = try(var.karpenter.reuse_values, null)
-  reset_values               = try(var.karpenter.reset_values, null)
-  force_update               = try(var.karpenter.force_update, null)
-  recreate_pods              = try(var.karpenter.recreate_pods, null)
-  cleanup_on_fail            = try(var.karpenter.cleanup_on_fail, null)
-  max_history                = try(var.karpenter.max_history, null)
-  atomic                     = try(var.karpenter.atomic, null)
-  skip_crds                  = try(var.karpenter.skip_crds, null)
-  render_subchart_notes      = try(var.karpenter.render_subchart_notes, null)
-  disable_openapi_validation = try(var.karpenter.disable_openapi_validation, null)
-  wait                       = try(var.karpenter.wait, null)
-  wait_for_jobs              = try(var.karpenter.wait_for_jobs, null)
-  dependency_update          = try(var.karpenter.dependency_update, null)
-  replace                    = try(var.karpenter.replace, null)
-  lint                       = try(var.karpenter.lint, null)
-
-  postrender = try(var.karpenter.postrender, [])
-  set = concat(
-    [
-      {
-        name  = "settings.aws.clusterName"
-        value = local.cluster_name
-      },
-      {
-        name  = "settings.aws.clusterEndpoint"
-        value = local.cluster_endpoint
-      },
-      {
-        name  = "settings.aws.defaultInstanceProfile"
-        value = try(aws_iam_instance_profile.karpenter[0].name, var.karpenter_node.instance_profile_name, "")
-      },
-      {
-        name  = "settings.aws.interruptionQueueName"
-        value = module.karpenter_sqs.queue_name
-      },
-      {
-        name  = "serviceAccount.name"
-        value = local.karpenter_service_account_name
-      },
-    ],
-    try(var.karpenter.set, [])
-  )
-  set_sensitive = try(var.karpenter.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.karpenter.create_role, true)
-  role_name                     = try(var.karpenter.role_name, "karpenter")
-  role_name_use_prefix          = try(var.karpenter.role_name_use_prefix, true)
-  role_path                     = try(var.karpenter.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.karpenter, "role_permissions_boundary_arn", null)
-  role_description              = try(var.karpenter.role_description, "IRSA for Karpenter")
-  role_policies                 = lookup(var.karpenter, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.karpenter[*].json,
-    lookup(var.karpenter, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.karpenter, "override_policy_documents", [])
-  policy_statements         = lookup(var.karpenter, "policy_statements", [])
-  policy_name               = try(var.karpenter.policy_name, null)
-  policy_name_use_prefix    = try(var.karpenter.policy_name_use_prefix, true)
-  policy_path               = try(var.karpenter.policy_path, null)
-  policy_description        = try(var.karpenter.policy_description, "IAM Policy for karpenter")
-
-  oidc_providers = {
-    this = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.karpenter_service_account_name
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Kube Prometheus stack
-################################################################################
-
-# During destroy CRDs created by this chart are not removed by default and
-# should be manually cleaned up:
-# kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
-# kubectl delete crd alertmanagers.monitoring.coreos.com
-# kubectl delete crd podmonitors.monitoring.coreos.com
-# kubectl delete crd probes.monitoring.coreos.com
-# kubectl delete crd prometheuses.monitoring.coreos.com
-# kubectl delete crd prometheusrules.monitoring.coreos.com
-# kubectl delete crd servicemonitors.monitoring.coreos.com
-# kubectl delete crd thanosrulers.monitoring.coreos.com
-
-module "kube_prometheus_stack" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_kube_prometheus_stack
-
-  # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml
-  name             = try(var.kube_prometheus_stack.name, "kube-prometheus-stack")
-  description      = try(var.kube_prometheus_stack.description, "A Helm chart to install the Kube Prometheus Stack")
-  namespace        = try(var.kube_prometheus_stack.namespace, "kube-prometheus-stack")
-  create_namespace = try(var.kube_prometheus_stack.create_namespace, true)
-  chart            = "kube-prometheus-stack"
-  chart_version    = try(var.kube_prometheus_stack.chart_version, "45.10.1")
-  repository       = try(var.kube_prometheus_stack.repository, "https://prometheus-community.github.io/helm-charts")
-  values           = try(var.kube_prometheus_stack.values, [])
-
-  timeout                    = try(var.kube_prometheus_stack.timeout, null)
-  repository_key_file        = try(var.kube_prometheus_stack.repository_key_file, null)
-  repository_cert_file       = try(var.kube_prometheus_stack.repository_cert_file, null)
-  repository_ca_file         = try(var.kube_prometheus_stack.repository_ca_file, null)
-  repository_username        = try(var.kube_prometheus_stack.repository_username, null)
-  repository_password        = try(var.kube_prometheus_stack.repository_password, null)
-  devel                      = try(var.kube_prometheus_stack.devel, null)
-  verify                     = try(var.kube_prometheus_stack.verify, null)
-  keyring                    = try(var.kube_prometheus_stack.keyring, null)
-  disable_webhooks           = try(var.kube_prometheus_stack.disable_webhooks, null)
-  reuse_values               = try(var.kube_prometheus_stack.reuse_values, null)
-  reset_values               = try(var.kube_prometheus_stack.reset_values, null)
-  force_update               = try(var.kube_prometheus_stack.force_update, null)
-  recreate_pods              = try(var.kube_prometheus_stack.recreate_pods, null)
-  cleanup_on_fail            = try(var.kube_prometheus_stack.cleanup_on_fail, null)
-  max_history                = try(var.kube_prometheus_stack.max_history, null)
-  atomic                     = try(var.kube_prometheus_stack.atomic, null)
-  skip_crds                  = try(var.kube_prometheus_stack.skip_crds, null)
-  render_subchart_notes      = try(var.kube_prometheus_stack.render_subchart_notes, null)
-  disable_openapi_validation = try(var.kube_prometheus_stack.disable_openapi_validation, null)
-  wait                       = try(var.kube_prometheus_stack.wait, null)
-  wait_for_jobs              = try(var.kube_prometheus_stack.wait_for_jobs, null)
-  dependency_update          = try(var.kube_prometheus_stack.dependency_update, null)
-  replace                    = try(var.kube_prometheus_stack.replace, null)
-  lint                       = try(var.kube_prometheus_stack.lint, null)
-
-  postrender    = try(var.kube_prometheus_stack.postrender, [])
-  set           = try(var.kube_prometheus_stack.set, [])
-  set_sensitive = try(var.kube_prometheus_stack.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Metrics Server
-################################################################################
-
-module "metrics_server" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_metrics_server
-
-  # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/Chart.yaml
-  name             = try(var.metrics_server.name, "metrics-server")
-  description      = try(var.metrics_server.description, "A Helm chart to install the Metrics Server")
-  namespace        = try(var.metrics_server.namespace, "kube-system")
-  create_namespace = try(var.metrics_server.create_namespace, false)
-  chart            = "metrics-server"
-  chart_version    = try(var.metrics_server.chart_version, "3.10.0")
-  repository       = try(var.metrics_server.repository, "https://kubernetes-sigs.github.io/metrics-server/")
-  values           = try(var.metrics_server.values, [])
-
-  timeout                    = try(var.metrics_server.timeout, null)
-  repository_key_file        = try(var.metrics_server.repository_key_file, null)
-  repository_cert_file       = try(var.metrics_server.repository_cert_file, null)
-  repository_ca_file         = try(var.metrics_server.repository_ca_file, null)
-  repository_username        = try(var.metrics_server.repository_username, null)
-  repository_password        = try(var.metrics_server.repository_password, null)
-  devel                      = try(var.metrics_server.devel, null)
-  verify                     = try(var.metrics_server.verify, null)
-  keyring                    = try(var.metrics_server.keyring, null)
-  disable_webhooks           = try(var.metrics_server.disable_webhooks, null)
-  reuse_values               = try(var.metrics_server.reuse_values, null)
-  reset_values               = try(var.metrics_server.reset_values, null)
-  force_update               = try(var.metrics_server.force_update, null)
-  recreate_pods              = try(var.metrics_server.recreate_pods, null)
-  cleanup_on_fail            = try(var.metrics_server.cleanup_on_fail, null)
-  max_history                = try(var.metrics_server.max_history, null)
-  atomic                     = try(var.metrics_server.atomic, null)
-  skip_crds                  = try(var.metrics_server.skip_crds, null)
-  render_subchart_notes      = try(var.metrics_server.render_subchart_notes, null)
-  disable_openapi_validation = try(var.metrics_server.disable_openapi_validation, null)
-  wait                       = try(var.metrics_server.wait, null)
-  wait_for_jobs              = try(var.metrics_server.wait_for_jobs, null)
-  dependency_update          = try(var.metrics_server.dependency_update, null)
-  replace                    = try(var.metrics_server.replace, null)
-  lint                       = try(var.metrics_server.lint, null)
-
-  postrender    = try(var.metrics_server.postrender, [])
-  set           = try(var.metrics_server.set, [])
-  set_sensitive = try(var.metrics_server.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Secrets Store CSI Driver
-################################################################################
-
-module "secrets_store_csi_driver" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_secrets_store_csi_driver
-
-  # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml
-  name             = try(var.secrets_store_csi_driver.name, "secrets-store-csi-driver")
-  description      = try(var.secrets_store_csi_driver.description, "A Helm chart to install the Secrets Store CSI Driver")
-  namespace        = try(var.secrets_store_csi_driver.namespace, "kube-system")
-  create_namespace = try(var.secrets_store_csi_driver.create_namespace, false)
-  chart            = "secrets-store-csi-driver"
-  chart_version    = try(var.secrets_store_csi_driver.chart_version, "1.3.2")
-  repository       = try(var.secrets_store_csi_driver.repository, "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts")
-  values           = try(var.secrets_store_csi_driver.values, [])
-
-  timeout                    = try(var.secrets_store_csi_driver.timeout, null)
-  repository_key_file        = try(var.secrets_store_csi_driver.repository_key_file, null)
-  repository_cert_file       = try(var.secrets_store_csi_driver.repository_cert_file, null)
-  repository_ca_file         = try(var.secrets_store_csi_driver.repository_ca_file, null)
-  repository_username        = try(var.secrets_store_csi_driver.repository_username, null)
-  repository_password        = try(var.secrets_store_csi_driver.repository_password, null)
-  devel                      = try(var.secrets_store_csi_driver.devel, null)
-  verify                     = try(var.secrets_store_csi_driver.verify, null)
-  keyring                    = try(var.secrets_store_csi_driver.keyring, null)
-  disable_webhooks           = try(var.secrets_store_csi_driver.disable_webhooks, null)
-  reuse_values               = try(var.secrets_store_csi_driver.reuse_values, null)
-  reset_values               = try(var.secrets_store_csi_driver.reset_values, null)
-  force_update               = try(var.secrets_store_csi_driver.force_update, null)
-  recreate_pods              = try(var.secrets_store_csi_driver.recreate_pods, null)
-  cleanup_on_fail            = try(var.secrets_store_csi_driver.cleanup_on_fail, null)
-  max_history                = try(var.secrets_store_csi_driver.max_history, null)
-  atomic                     = try(var.secrets_store_csi_driver.atomic, null)
-  skip_crds                  = try(var.secrets_store_csi_driver.skip_crds, null)
-  render_subchart_notes      = try(var.secrets_store_csi_driver.render_subchart_notes, null)
-  disable_openapi_validation = try(var.secrets_store_csi_driver.disable_openapi_validation, null)
-  wait                       = try(var.secrets_store_csi_driver.wait, null)
-  wait_for_jobs              = try(var.secrets_store_csi_driver.wait_for_jobs, null)
-  dependency_update          = try(var.secrets_store_csi_driver.dependency_update, null)
-  replace                    = try(var.secrets_store_csi_driver.replace, null)
-  lint                       = try(var.secrets_store_csi_driver.lint, null)
-
-  postrender    = try(var.secrets_store_csi_driver.postrender, [])
-  set           = try(var.secrets_store_csi_driver.set, [])
-  set_sensitive = try(var.secrets_store_csi_driver.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Secrets Store CSI Driver Provider AWS
-################################################################################
-
-locals {
-  secrets_store_csi_driver_provider_aws_service_account = try(var.secrets_store_csi_driver_provider_aws.service_account_name, "secrets-store-csi-driver-provider-aws-sa")
-}
-
-module "secrets_store_csi_driver_provider_aws" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_secrets_store_csi_driver_provider_aws
-
-  # https://github.com/aws/eks-charts/blob/master/stable/csi-secrets-store-provider-aws/Chart.yaml
-  name             = try(var.secrets_store_csi_driver_provider_aws.name, "secrets-store-csi-driver-provider-aws")
-  description      = try(var.secrets_store_csi_driver_provider_aws.description, "A Helm chart to install the Secrets Store CSI Driver and the AWS Key Management Service Provider inside a Kubernetes cluster.")
-  namespace        = try(var.secrets_store_csi_driver_provider_aws.namespace, "kube-system")
-  create_namespace = try(var.secrets_store_csi_driver_provider_aws.create_namespace, false)
-  chart            = "secrets-store-csi-driver-provider-aws"
-  chart_version    = try(var.secrets_store_csi_driver_provider_aws.chart_version, "0.3.2")
-  repository       = try(var.secrets_store_csi_driver_provider_aws.repository, "https://aws.github.io/secrets-store-csi-driver-provider-aws")
-  values           = try(var.secrets_store_csi_driver_provider_aws.values, [])
-
-  timeout                    = try(var.secrets_store_csi_driver_provider_aws.timeout, null)
-  repository_key_file        = try(var.secrets_store_csi_driver_provider_aws.repository_key_file, null)
-  repository_cert_file       = try(var.secrets_store_csi_driver_provider_aws.repository_cert_file, null)
-  repository_ca_file         = try(var.secrets_store_csi_driver_provider_aws.repository_ca_file, null)
-  repository_username        = try(var.secrets_store_csi_driver_provider_aws.repository_username, null)
-  repository_password        = try(var.secrets_store_csi_driver_provider_aws.repository_password, null)
-  devel                      = try(var.secrets_store_csi_driver_provider_aws.devel, null)
-  verify                     = try(var.secrets_store_csi_driver_provider_aws.verify, null)
-  keyring                    = try(var.secrets_store_csi_driver_provider_aws.keyring, null)
-  disable_webhooks           = try(var.secrets_store_csi_driver_provider_aws.disable_webhooks, null)
-  reuse_values               = try(var.secrets_store_csi_driver_provider_aws.reuse_values, null)
-  reset_values               = try(var.secrets_store_csi_driver_provider_aws.reset_values, null)
-  force_update               = try(var.secrets_store_csi_driver_provider_aws.force_update, null)
-  recreate_pods              = try(var.secrets_store_csi_driver_provider_aws.recreate_pods, null)
-  cleanup_on_fail            = try(var.secrets_store_csi_driver_provider_aws.cleanup_on_fail, null)
-  max_history                = try(var.secrets_store_csi_driver_provider_aws.max_history, null)
-  atomic                     = try(var.secrets_store_csi_driver_provider_aws.atomic, null)
-  skip_crds                  = try(var.secrets_store_csi_driver_provider_aws.skip_crds, null)
-  render_subchart_notes      = try(var.secrets_store_csi_driver_provider_aws.render_subchart_notes, null)
-  disable_openapi_validation = try(var.secrets_store_csi_driver_provider_aws.disable_openapi_validation, null)
-  wait                       = try(var.secrets_store_csi_driver_provider_aws.wait, null)
-  wait_for_jobs              = try(var.secrets_store_csi_driver_provider_aws.wait_for_jobs, null)
-  dependency_update          = try(var.secrets_store_csi_driver_provider_aws.dependency_update, null)
-  replace                    = try(var.secrets_store_csi_driver_provider_aws.replace, null)
-  lint                       = try(var.secrets_store_csi_driver_provider_aws.lint, null)
-
-  postrender = try(var.secrets_store_csi_driver_provider_aws.postrender, [])
-  set = concat([
-    {
-      name  = "serviceAccount.name"
-      value = local.secrets_store_csi_driver_provider_aws_service_account
-    }],
-    try(var.secrets_store_csi_driver_provider_aws.set, [])
-  )
-  set_sensitive = try(var.secrets_store_csi_driver_provider_aws.set_sensitive, [])
-
-  tags = var.tags
-}
-
-################################################################################
-# Velero
-################################################################################
-
-locals {
-  velero_name                    = "velero"
-  velero_service_account         = try(var.velero.service_account_name, "${local.velero_name}-server")
-  velero_backup_s3_bucket        = try(split(":", var.velero.s3_backup_location), [])
-  velero_backup_s3_bucket_arn    = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location, "")
-  velero_backup_s3_bucket_name   = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5], "")
-  velero_backup_s3_bucket_prefix = try(split("/", var.velero.s3_backup_location)[1], "")
-}
-
-# https://github.com/vmware-tanzu/velero-plugin-for-aws#option-1-set-permissions-with-an-iam-user
-data "aws_iam_policy_document" "velero" {
-  count = var.enable_velero ? 1 : 0
-
-  statement {
-    actions = [
-      "ec2:CreateSnapshot",
-      "ec2:CreateSnapshots",
-      "ec2:CreateTags",
-      "ec2:CreateVolume",
-      "ec2:DeleteSnapshot"
-    ]
-    resources = [
-      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:instance/*",
-      "arn:${local.partition}:ec2:${local.region}::snapshot/*",
-      "arn:${local.partition}:ec2:${local.region}:${local.account_id}:volume/*"
-    ]
-  }
-
-  statement {
-    actions = [
-      "ec2:DescribeSnapshots",
-      "ec2:DescribeVolumes"
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    actions = [
-      "s3:AbortMultipartUpload",
-      "s3:DeleteObject",
-      "s3:GetObject",
-      "s3:ListMultipartUploadParts",
-      "s3:PutObject",
-    ]
-    resources = ["${var.velero.s3_backup_location}/*"]
-  }
-
-  statement {
-    actions   = ["s3:ListBucket"]
-    resources = [local.velero_backup_s3_bucket_arn]
-  }
-}
-
-module "velero" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_velero
-
-  # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/Chart.yaml
-  name             = try(var.velero.name, "velero")
-  description      = try(var.velero.description, "A Helm chart to install the Velero")
-  namespace        = try(var.velero.namespace, "velero")
-  create_namespace = try(var.velero.create_namespace, true)
-  chart            = "velero"
-  chart_version    = try(var.velero.chart_version, "3.1.6")
-  repository       = try(var.velero.repository, "https://vmware-tanzu.github.io/helm-charts/")
-  values           = try(var.velero.values, [])
-
-  timeout                    = try(var.velero.timeout, null)
-  repository_key_file        = try(var.velero.repository_key_file, null)
-  repository_cert_file       = try(var.velero.repository_cert_file, null)
-  repository_ca_file         = try(var.velero.repository_ca_file, null)
-  repository_username        = try(var.velero.repository_username, null)
-  repository_password        = try(var.velero.repository_password, null)
-  devel                      = try(var.velero.devel, null)
-  verify                     = try(var.velero.verify, null)
-  keyring                    = try(var.velero.keyring, null)
-  disable_webhooks           = try(var.velero.disable_webhooks, null)
-  reuse_values               = try(var.velero.reuse_values, null)
-  reset_values               = try(var.velero.reset_values, null)
-  force_update               = try(var.velero.force_update, null)
-  recreate_pods              = try(var.velero.recreate_pods, null)
-  cleanup_on_fail            = try(var.velero.cleanup_on_fail, null)
-  max_history                = try(var.velero.max_history, null)
-  atomic                     = try(var.velero.atomic, null)
-  skip_crds                  = try(var.velero.skip_crds, null)
-  render_subchart_notes      = try(var.velero.render_subchart_notes, null)
-  disable_openapi_validation = try(var.velero.disable_openapi_validation, null)
-  wait                       = try(var.velero.wait, null)
-  wait_for_jobs              = try(var.velero.wait_for_jobs, null)
-  dependency_update          = try(var.velero.dependency_update, null)
-  replace                    = try(var.velero.replace, null)
-  lint                       = try(var.velero.lint, null)
-
-  postrender = try(var.velero.postrender, [])
-  set = concat([
-    {
-      name  = "initContainers"
-      value = <<-EOT
-   - name: velero-plugin-for-aws
-     image: velero/velero-plugin-for-aws:v1.7.0
-     imagePullPolicy: IfNotPresent
-     volumeMounts:
-       - mountPath: /target
-         name: plugins
-            EOT
-    },
-    {
-      name  = "serviceAccount.server.name"
-      value = local.velero_service_account
-    },
-    {
-      name  = "configuration.provider"
-      value = "aws"
-    },
-    {
-      name  = "configuration.backupStorageLocation.prefix"
-      value = local.velero_backup_s3_bucket_prefix
-    },
-    {
-      name  = "configuration.backupStorageLocation.bucket"
-      value = local.velero_backup_s3_bucket_name
-    },
-    {
-      name  = "configuration.backupStorageLocation.config.region"
-      value = local.region
-    },
-    {
-      name  = "configuration.volumeSnapshotLocation.config.region"
-      value = local.region
-    },
-    {
-      name  = "credentials.useSecret"
-      value = false
-    }],
-    try(var.velero.set, [])
-  )
-  set_sensitive = try(var.velero.set_sensitive, [])
-
-  # IAM role for service account (IRSA)
-  set_irsa_names                = ["serviceAccount.server.annotations.eks\\.amazonaws\\.com/role-arn"]
-  create_role                   = try(var.velero.create_role, true)
-  role_name                     = try(var.velero.role_name, "velero")
-  role_name_use_prefix          = try(var.velero.role_name_use_prefix, true)
-  role_path                     = try(var.velero.role_path, "/")
-  role_permissions_boundary_arn = lookup(var.velero, "role_permissions_boundary_arn", null)
-  role_description              = try(var.velero.role_description, "IRSA for Velero")
-  role_policies                 = lookup(var.velero, "role_policies", {})
-
-  source_policy_documents = compact(concat(
-    data.aws_iam_policy_document.velero[*].json,
-    lookup(var.velero, "source_policy_documents", [])
-  ))
-  override_policy_documents = lookup(var.velero, "override_policy_documents", [])
-  policy_statements         = lookup(var.velero, "policy_statements", [])
-  policy_name               = try(var.velero.policy_name, "velero")
-  policy_name_use_prefix    = try(var.velero.policy_name_use_prefix, true)
-  policy_path               = try(var.velero.policy_path, null)
-  policy_description        = try(var.velero.policy_description, "IAM Policy for Velero")
-
-  oidc_providers = {
-    controller = {
-      provider_arn = local.oidc_provider_arn
-      # namespace is inherited from chart
-      service_account = local.velero_service_account
-    }
-  }
-
-  tags = var.tags
-}
-
-################################################################################
-# Vertical Pod Autoscaler
-################################################################################
-
-module "vpa" {
-  source  = "aws-ia/eks-blueprints-addon/aws"
-  version = "1.0.0"
-
-  create = var.enable_vpa
-
-  # https://github.com/FairwindsOps/charts/blob/master/stable/vpa/Chart.yaml
-  # (there is no offical helm chart for VPA)
-  name             = try(var.vpa.name, "vpa")
-  description      = try(var.vpa.description, "A Helm chart to install the Vertical Pod Autoscaler")
-  namespace        = try(var.vpa.namespace, "vpa")
-  create_namespace = try(var.vpa.create_namespace, true)
-  chart            = "vpa"
-  chart_version    = try(var.vpa.chart_version, "1.7.2")
-  repository       = try(var.vpa.repository, "https://charts.fairwinds.com/stable")
-  values           = try(var.vpa.values, [])
-
-  timeout                    = try(var.vpa.timeout, null)
-  repository_key_file        = try(var.vpa.repository_key_file, null)
-  repository_cert_file       = try(var.vpa.repository_cert_file, null)
-  repository_ca_file         = try(var.vpa.repository_ca_file, null)
-  repository_username        = try(var.vpa.repository_username, null)
-  repository_password        = try(var.vpa.repository_password, null)
-  devel                      = try(var.vpa.devel, null)
-  verify                     = try(var.vpa.verify, null)
-  keyring                    = try(var.vpa.keyring, null)
-  disable_webhooks           = try(var.vpa.disable_webhooks, null)
-  reuse_values               = try(var.vpa.reuse_values, null)
-  reset_values               = try(var.vpa.reset_values, null)
-  force_update               = try(var.vpa.force_update, null)
-  recreate_pods              = try(var.vpa.recreate_pods, null)
-  cleanup_on_fail            = try(var.vpa.cleanup_on_fail, null)
-  max_history                = try(var.vpa.max_history, null)
-  atomic                     = try(var.vpa.atomic, null)
-  skip_crds                  = try(var.vpa.skip_crds, null)
-  render_subchart_notes      = try(var.vpa.render_subchart_notes, null)
-  disable_openapi_validation = try(var.vpa.disable_openapi_validation, null)
-  wait                       = try(var.vpa.wait, null)
-  wait_for_jobs              = try(var.vpa.wait_for_jobs, null)
-  dependency_update          = try(var.vpa.dependency_update, null)
-  replace                    = try(var.vpa.replace, null)
-  lint                       = try(var.vpa.lint, null)
-
-  postrender    = try(var.vpa.postrender, [])
-  set           = try(var.vpa.set, [])
-  set_sensitive = try(var.vpa.set_sensitive, [])
-
-  tags = var.tags
-}
diff --git a/examples/do-not-use/outputs.tf b/examples/do-not-use/outputs.tf
deleted file mode 100644
index 4317180304..0000000000
--- a/examples/do-not-use/outputs.tf
+++ /dev/null
@@ -1,146 +0,0 @@
-output "argo_rollouts" {
-  description = "Map of attributes of the Helm release created"
-  value       = module.argo_rollouts
-}
-
-output "argo_workflows" {
-  description = "Map of attributes of the Helm release created"
-  value       = module.argo_workflows
-}
-
-output "argocd" {
-  description = "Map of attributes of the Helm release created"
-  value       = module.argocd
-}
-
-output "aws_cloudwatch_metrics" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_cloudwatch_metrics
-}
-
-output "aws_efs_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_efs_csi_driver
-}
-
-output "aws_for_fluentbit" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_for_fluentbit
-}
-
-output "aws_fsx_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_fsx_csi_driver
-}
-
-output "aws_load_balancer_controller" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_load_balancer_controller
-}
-
-output "aws_node_termination_handler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value = merge(
-    module.aws_node_termination_handler,
-    {
-      sqs = module.aws_node_termination_handler_sqs
-    }
-  )
-}
-
-output "aws_privateca_issuer" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.aws_privateca_issuer
-}
-
-output "cert_manager" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.cert_manager
-}
-
-output "cluster_autoscaler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.cluster_autoscaler
-}
-
-output "cluster_proportional_autoscaler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.cluster_proportional_autoscaler
-}
-
-output "eks_addons" {
-  description = "Map of attributes for each EKS addons enabled"
-  value       = aws_eks_addon.this
-}
-
-output "external_dns" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.external_dns
-}
-
-output "external_secrets" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.external_secrets
-}
-
-output "fargate_fluentbit" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = kubernetes_config_map_v1.aws_logging
-}
-
-output "fargate_fluentbit_policy" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = aws_iam_policy.fargate_fluentbit
-}
-
-output "gatekeeper" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.gatekeeper
-}
-
-output "ingress_nginx" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.ingress_nginx
-}
-
-output "karpenter" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value = merge(
-    module.karpenter,
-    {
-      node_instance_profile_name = try(aws_iam_instance_profile.karpenter[0].name, "")
-      node_iam_role_arn          = try(aws_iam_role.karpenter[0].arn, "")
-      sqs                        = module.karpenter_sqs
-    }
-  )
-}
-
-output "kube_prometheus_stack" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.kube_prometheus_stack
-}
-
-output "metrics_server" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.metrics_server
-}
-
-output "secrets_store_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.secrets_store_csi_driver
-}
-
-output "secrets_store_csi_driver_provider_aws" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.secrets_store_csi_driver_provider_aws
-}
-
-output "velero" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.velero
-}
-
-output "vpa" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = module.vpa
-}
diff --git a/examples/do-not-use/variables.tf b/examples/do-not-use/variables.tf
deleted file mode 100644
index b3b8302911..0000000000
--- a/examples/do-not-use/variables.tf
+++ /dev/null
@@ -1,525 +0,0 @@
-variable "tags" {
-  description = "A map of tags to add to all resources"
-  type        = map(string)
-  default     = {}
-}
-
-variable "cluster_name" {
-  description = "Name of the EKS cluster"
-  type        = string
-}
-
-variable "cluster_endpoint" {
-  description = "Endpoint for your Kubernetes API server"
-  type        = string
-}
-
-variable "cluster_version" {
-  description = "Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`)"
-  type        = string
-}
-
-variable "oidc_provider_arn" {
-  description = "The ARN of the cluster OIDC Provider"
-  type        = string
-}
-
-variable "create_delay_duration" {
-  description = "The duration to wait before creating resources"
-  type        = string
-  default     = "30s"
-}
-
-variable "create_delay_dependencies" {
-  description = "Dependency attribute which must be resolved before starting the `create_delay_duration`"
-  type        = list(string)
-  default     = []
-}
-
-################################################################################
-# Argo Rollouts
-################################################################################
-
-variable "enable_argo_rollouts" {
-  description = "Enable Argo Rollouts add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argo_rollouts" {
-  description = "Argo Rollouts addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Argo Workflows
-################################################################################
-
-variable "enable_argo_workflows" {
-  description = "Enable Argo workflows add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argo_workflows" {
-  description = "Argo Workflows addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# ArgoCD
-################################################################################
-
-variable "enable_argocd" {
-  description = "Enable Argo CD Kubernetes add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argocd" {
-  description = "ArgoCD addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS Cloudwatch Metrics
-################################################################################
-
-variable "enable_aws_cloudwatch_metrics" {
-  description = "Enable AWS Cloudwatch Metrics add-on for Container Insights"
-  type        = bool
-  default     = false
-}
-
-variable "aws_cloudwatch_metrics" {
-  description = "Cloudwatch Metrics addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS EFS CSI Driver
-################################################################################
-
-variable "enable_aws_efs_csi_driver" {
-  description = "Enable AWS EFS CSI Driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_efs_csi_driver" {
-  description = "EFS CSI Driver addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS for Fluentbit
-################################################################################
-
-variable "enable_aws_for_fluentbit" {
-  description = "Enable AWS for FluentBit add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_for_fluentbit" {
-  description = "AWS Fluentbit add-on configurations"
-  type        = any
-  default     = {}
-}
-
-variable "aws_for_fluentbit_cw_log_group" {
-  description = "AWS Fluentbit CloudWatch Log Group configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS FSx CSI Driver
-################################################################################
-
-variable "enable_aws_fsx_csi_driver" {
-  description = "Enable AWS FSX CSI Driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_fsx_csi_driver" {
-  description = "FSX CSI Driver addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS Load Balancer Controller
-################################################################################
-
-variable "enable_aws_load_balancer_controller" {
-  description = "Enable AWS Load Balancer Controller add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_load_balancer_controller" {
-  description = "AWS Load Balancer Controller addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# AWS Node Termination Handler
-################################################################################
-
-variable "enable_aws_node_termination_handler" {
-  description = "Enable AWS Node Termination Handler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_node_termination_handler" {
-  description = "AWS Node Termination Handler addon configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "aws_node_termination_handler_sqs" {
-  description = "AWS Node Termination Handler SQS queue configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "aws_node_termination_handler_asg_arns" {
-  description = "List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events"
-  type        = list(string)
-  default     = []
-}
-
-################################################################################
-# AWS Private CA Issuer
-################################################################################
-
-variable "enable_aws_privateca_issuer" {
-  description = "Enable AWS PCA Issuer"
-  type        = bool
-  default     = false
-}
-
-variable "aws_privateca_issuer" {
-  description = "AWS PCA Issuer add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Cert Manager
-################################################################################
-
-variable "enable_cert_manager" {
-  description = "Enable cert-manager add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cert_manager" {
-  description = "cert-manager addon configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "cert_manager_route53_hosted_zone_arns" {
-  description = "List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records"
-  type        = list(string)
-  default     = ["arn:aws:route53:::hostedzone/*"]
-}
-
-################################################################################
-# Cluster Autoscaler
-################################################################################
-
-variable "enable_cluster_autoscaler" {
-  description = "Enable Cluster autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cluster_autoscaler" {
-  description = "Cluster Autoscaler addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Cluster Proportional Autoscaler
-################################################################################
-
-variable "enable_cluster_proportional_autoscaler" {
-  description = "Enable Cluster Proportional Autoscaler"
-  type        = bool
-  default     = false
-}
-
-variable "cluster_proportional_autoscaler" {
-  description = "Cluster Proportional Autoscaler add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# EKS Addons
-################################################################################
-
-variable "eks_addons" {
-  description = "Map of EKS addon configurations to enable for the cluster. Addon name can be the map keys or set with `name`"
-  type        = any
-  default     = {}
-}
-
-variable "eks_addons_timeouts" {
-  description = "Create, update, and delete timeout configurations for the EKS addons"
-  type        = map(string)
-  default     = {}
-}
-
-################################################################################
-# External DNS
-################################################################################
-
-variable "enable_external_dns" {
-  description = "Enable external-dns operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "external_dns" {
-  description = "external-dns addon configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "external_dns_route53_zone_arns" {
-  description = "List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53)"
-  type        = list(string)
-  default     = []
-}
-
-################################################################################
-# External Secrets
-################################################################################
-
-variable "enable_external_secrets" {
-  description = "Enable External Secrets operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "external_secrets" {
-  description = "External Secrets addon configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "external_secrets_ssm_parameter_arns" {
-  description = "List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = ["arn:aws:ssm:*:*:parameter/*"]
-}
-
-variable "external_secrets_secrets_manager_arns" {
-  description = "List of Secrets Manager ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = ["arn:aws:secretsmanager:*:*:secret:*"]
-}
-
-variable "external_secrets_kms_key_arns" {
-  description = "List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = ["arn:aws:kms:*:*:key/*"]
-}
-
-################################################################################
-# Fargate Fluentbit
-################################################################################
-
-variable "enable_fargate_fluentbit" {
-  description = "Enable Fargate FluentBit add-on"
-  type        = bool
-  default     = false
-}
-
-variable "fargate_fluentbit_cw_log_group" {
-  description = "AWS Fargate Fluentbit CloudWatch Log Group configurations"
-  type        = any
-  default     = {}
-}
-
-variable "fargate_fluentbit" {
-  description = "Fargate fluentbit add-on config"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Gatekeeper
-################################################################################
-
-variable "enable_gatekeeper" {
-  description = "Enable Gatekeeper add-on"
-  type        = bool
-  default     = false
-}
-
-variable "gatekeeper" {
-  description = "Gatekeeper add-on configuration"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Ingress Nginx
-################################################################################
-
-variable "enable_ingress_nginx" {
-  description = "Enable Ingress Nginx"
-  type        = bool
-  default     = false
-}
-
-variable "ingress_nginx" {
-  description = "Ingress Nginx add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Karpenter
-################################################################################
-
-variable "enable_karpenter" {
-  description = "Enable Karpenter controller add-on"
-  type        = bool
-  default     = false
-}
-
-variable "karpenter" {
-  description = "Karpenter addon configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "karpenter_enable_spot_termination" {
-  description = "Determines whether to enable native node termination handling"
-  type        = bool
-  default     = true
-}
-
-variable "karpenter_sqs" {
-  description = "Karpenter SQS queue for native node termination handling configuration values"
-  type        = any
-  default     = {}
-}
-
-variable "karpenter_node" {
-  description = "Karpenter IAM role and IAM instance profile configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Kube Prometheus Stack
-################################################################################
-
-variable "enable_kube_prometheus_stack" {
-  description = "Enable Kube Prometheus Stack"
-  type        = bool
-  default     = false
-}
-
-variable "kube_prometheus_stack" {
-  description = "Kube Prometheus Stack add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Metrics Server
-################################################################################
-
-variable "enable_metrics_server" {
-  description = "Enable metrics server add-on"
-  type        = bool
-  default     = false
-}
-
-variable "metrics_server" {
-  description = "Metrics Server add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Secrets Store CSI Driver
-################################################################################
-
-variable "enable_secrets_store_csi_driver" {
-  description = "Enable CSI Secrets Store Provider"
-  type        = bool
-  default     = false
-}
-
-variable "secrets_store_csi_driver" {
-  description = "CSI Secrets Store Provider add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# CSI Secrets Store Provider AWS
-################################################################################
-
-variable "enable_secrets_store_csi_driver_provider_aws" {
-  description = "Enable AWS CSI Secrets Store Provider"
-  type        = bool
-  default     = false
-}
-
-variable "secrets_store_csi_driver_provider_aws" {
-  description = "CSI Secrets Store Provider add-on configurations"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Velero
-################################################################################
-
-variable "enable_velero" {
-  description = "Enable Kubernetes Dashboard add-on"
-  type        = bool
-  default     = false
-}
-
-variable "velero" {
-  description = "Velero addon configuration values"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# Vertical Pod Autoscaler
-################################################################################
-
-variable "enable_vpa" {
-  description = "Enable Vertical Pod Autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "vpa" {
-  description = "Vertical Pod Autoscaler addon configuration values"
-  type        = any
-  default     = {}
-}
diff --git a/examples/do-not-use/versions.tf b/examples/do-not-use/versions.tf
deleted file mode 100644
index bea670ee5c..0000000000
--- a/examples/do-not-use/versions.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.47"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.20"
-    }
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.9"
-    }
-  }
-}
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 6dad5b17f3..4d9c7c7a4c 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -43,17 +43,16 @@ provider "kubectl" {
 }
 
 data "aws_availability_zones" "available" {}
-
 data "aws_caller_identity" "current" {}
 
 locals {
-  name      = basename(path.cwd)
-  namespace = "external-secrets"
-  region    = "us-west-2"
+  name   = basename(path.cwd)
+  region = "us-west-2"
 
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
+  namespace                = "external-secrets"
   cluster_secretstore_name = "cluster-secretstore-sm"
   cluster_secretstore_sa   = "cluster-secretstore-sa"
   secretstore_name         = "secretstore-ps"
@@ -99,9 +98,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/external-secrets/versions.tf b/examples/external-secrets/versions.tf
index d84d6347aa..7f9a2540c0 100644
--- a/examples/external-secrets/versions.tf
+++ b/examples/external-secrets/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index 1bf9d437fd..f0de755990 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -80,7 +80,7 @@ module "eks" {
 
   fargate_profile_defaults = {
     iam_role_additional_policies = {
-      additional = module.eks_blueprints_addons.fargate_fluentbit_policy[0].arn
+      additional = module.eks_blueprints_addons.fargate_fluentbit.iam_policy[0].arn
     }
   }
 
@@ -92,10 +92,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "../do-not-use"
-  #source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/fargate-serverless/versions.tf b/examples/fargate-serverless/versions.tf
index cadca7f7d3..a29742772b 100644
--- a/examples/fargate-serverless/versions.tf
+++ b/examples/fargate-serverless/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/fully-private-cluster/versions.tf b/examples/fully-private-cluster/versions.tf
index 95e312cfcd..b9a53d3b9c 100644
--- a/examples/fully-private-cluster/versions.tf
+++ b/examples/fully-private-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
   }
 
diff --git a/examples/ipv4-prefix-delegation/versions.tf b/examples/ipv4-prefix-delegation/versions.tf
index cadd2ef8e0..50bbc69fa6 100644
--- a/examples/ipv4-prefix-delegation/versions.tf
+++ b/examples/ipv4-prefix-delegation/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/ipv6-eks-cluster/versions.tf b/examples/ipv6-eks-cluster/versions.tf
index 52c719a48f..61a7c662cb 100644
--- a/examples/ipv6-eks-cluster/versions.tf
+++ b/examples/ipv6-eks-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 8d6acc2cd6..5c1283b01a 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -127,7 +127,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  source = "../do-not-use"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf
index dc60719d10..d008ba9c97 100644
--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/multi-tenancy-with-teams/versions.tf b/examples/multi-tenancy-with-teams/versions.tf
index 060687ec1c..702af14dc0 100644
--- a/examples/multi-tenancy-with-teams/versions.tf
+++ b/examples/multi-tenancy-with-teams/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index a95408babb..60dc7e9dc9 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -194,9 +194,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "../do-not-use"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/stateful/versions.tf b/examples/stateful/versions.tf
index e092a53f95..9b2e12d3ec 100644
--- a/examples/stateful/versions.tf
+++ b/examples/stateful/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index 2c1d6a4448..6f3a4c237e 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -92,9 +92,8 @@ module "eks" {
 ################################################################################
 
 module "eks_blueprints_addons" {
-  # Users should pin the version to the latest available release
-  # tflint-ignore: terraform_module_pinned_source
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints-addons"
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.1.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/tls-with-aws-pca-issuer/versions.tf b/examples/tls-with-aws-pca-issuer/versions.tf
index 703bf976fd..9009b6026d 100644
--- a/examples/tls-with-aws-pca-issuer/versions.tf
+++ b/examples/tls-with-aws-pca-issuer/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/vpc-cni-custom-networking/versions.tf b/examples/vpc-cni-custom-networking/versions.tf
index 7061fb9c9a..8d3fd30590 100644
--- a/examples/vpc-cni-custom-networking/versions.tf
+++ b/examples/vpc-cni-custom-networking/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/wireguard-with-cilium/versions.tf b/examples/wireguard-with-cilium/versions.tf
index 4d1b50ad2a..4e2e5b8339 100644
--- a/examples/wireguard-with-cilium/versions.tf
+++ b/examples/wireguard-with-cilium/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47"
+      version = ">= 4.47, <5.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

From 870cefcaf14bb8a115bb3149a6e4b41792471afa Mon Sep 17 00:00:00 2001
From: Carlos Santana <csantana23@gmail.com>
Date: Fri, 26 May 2023 22:16:17 -0400
Subject: [PATCH 26/31] fix: Update wireguard-with-cilium example (#1619)

---
 examples/wireguard-with-cilium/README.md   | 43 ++++++--------------
 examples/wireguard-with-cilium/destroy.sh  |  4 ++
 examples/wireguard-with-cilium/main.tf     | 46 ++++++++++++++--------
 examples/wireguard-with-cilium/versions.tf |  4 ++
 4 files changed, 51 insertions(+), 46 deletions(-)
 create mode 100755 examples/wireguard-with-cilium/destroy.sh

diff --git a/examples/wireguard-with-cilium/README.md b/examples/wireguard-with-cilium/README.md
index 4172c84963..61e11172e5 100644
--- a/examples/wireguard-with-cilium/README.md
+++ b/examples/wireguard-with-cilium/README.md
@@ -79,36 +79,20 @@ apt-get update
 apt-get install -y tcpdump
 ```
 
-6. Start a packet capture and verify you don't see payload in clear text
+6. Start a packet capture on `cilium_wg0` and verify you see payload in clear text, it means the traffic is encrypted with wireguard
 
 ```sh
-tcpdump -A -c 3 -i cilium_wg0
-
-# Output should look similar below (truncated for brevity)
-
-tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
-listening on cilium_wg0, link-type RAW (Raw IP), capture size 262144 bytes
-05:28:30.234209 IP ip-10-0-11-73.ec2.internal.58086 > ip-10-0-10-160.ec2.internal.http: Flags [S], seq 2831772984, win 62727, options [mss 8961,sackOK,TS val 3834644316 ecr 0,nop,wscale 7], length 0
-E..<].@.?...
-..I
-.
-....P..m8........&.....#....
-...\........
-05:28:30.234306 IP ip-10-0-10-160.ec2.internal.http > ip-10-0-11-73.ec2.internal.58086: Flags [S.], seq 131501951, ack 2831772985, win 62643, options [mss 8961,sackOK,TS val 1959385110 ecr 3834644316,nop,wscale 7], length 0
-E..<..@.?...
-.
-.
-..I.P........m9....*.....#....
-t......\....
-05:28:30.234930 IP ip-10-0-11-73.ec2.internal.58086 > ip-10-0-10-160.ec2.internal.http: Flags [.], ack 1, win 491, options [nop,nop,TS val 3834644317 ecr 1959385110], length 0
-E..4].@.?...
-..I
-.
-....P..m9...............
-...]t...
-3 packets captured
-9 packets received by filter
-1 packet dropped by kernel
+tcpdump -A -c 40 -i cilium_wg0 | grep "Welcome to nginx!"
+
+# Output should look similar below
+
+<title>Welcome to nginx!</title>
+<h1>Welcome to nginx!</h1>
+...
+
+40 packets captured
+40 packets received by filter
+0 packets dropped by kernel
 ```
 7. Exit the container shell
 
@@ -121,7 +105,6 @@ exit
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target=module.eks_blueprints_kubernetes_addons -auto-approve
-terraform destroy -target=module.eks_blueprints -auto-approve
+terraform destroy -target=module.eks -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/wireguard-with-cilium/destroy.sh b/examples/wireguard-with-cilium/destroy.sh
new file mode 100755
index 0000000000..dd4567a6b2
--- /dev/null
+++ b/examples/wireguard-with-cilium/destroy.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+terraform destroy -target=module.eks -auto-approve
+terraform destroy -auto-approve
diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf
index 8183257f69..55ca941b67 100644
--- a/examples/wireguard-with-cilium/main.tf
+++ b/examples/wireguard-with-cilium/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   # EKS Addons
@@ -81,20 +81,31 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
+
   eks_managed_node_groups = {
     initial = {
       instance_types = ["m5.large"]
-
-      # BottleRocket ships with kernel 5.10 so there is no need
-      # to do anything special
-      ami_type = "BOTTLEROCKET_x86_64"
-      platform = "bottlerocket"
-
+      # Cilium Wireguard requires Linux Kernel 5.10 or aboved.
+      # For EKS 1.24 and above, the AMI the Kernerl version is 5.10
+      # For EKS 1.23 and below, you need to use Bottlerocket OS. For example:
+      #    ami_type = "BOTTLEROCKET_x86_64"
+      #    platform = "bottlerocket"
       min_size     = 1
-      max_size     = 5
+      max_size     = 3
       desired_size = 2
     }
   }
+  # Extend node-to-node security group rules
+  node_security_group_additional_rules = {
+    ingress_cilium_wireguard = {
+      description = "Allow Cilium Wireguard node to node"
+      protocol    = "udp"
+      from_port   = 51871
+      to_port     = 51871 # Cilium Wireguard Port https://github.com/cilium/cilium/blob/main/Documentation/security/network/encryption-wireguard.rst
+      type        = "ingress"
+      self        = true
+    }
+  }
 
   tags = local.tags
 }
@@ -106,7 +117,7 @@ module "eks" {
 resource "helm_release" "cilium" {
   name             = "cilium"
   chart            = "cilium"
-  version          = "1.12.3"
+  version          = "1.13.2"
   repository       = "https://helm.cilium.io/"
   description      = "Cilium Add-on"
   namespace        = "kube-system"
@@ -132,11 +143,18 @@ resource "helm_release" "cilium" {
   ]
 }
 
-
 #---------------------------------------------------------------
 # Sample App for Testing
 #---------------------------------------------------------------
 
+# For some reason the example pods can't be deployed right after helm install of cilium a delay needs to be introduced. This is being investigated
+resource "time_sleep" "wait_wireguard" {
+  count           = var.enable_example ? 1 : 0
+  create_duration = "15s"
+
+  depends_on = [helm_release.cilium]
+}
+
 resource "kubectl_manifest" "server" {
   count = var.enable_example ? 1 : 0
 
@@ -172,9 +190,7 @@ resource "kubectl_manifest" "server" {
     }
   })
 
-  depends_on = [
-    helm_release.cilium
-  ]
+  depends_on = [time_sleep.wait_wireguard]
 }
 
 resource "kubectl_manifest" "service" {
@@ -235,9 +251,7 @@ resource "kubectl_manifest" "client" {
     }
   })
 
-  depends_on = [
-    kubectl_manifest.server[0]
-  ]
+  depends_on = [kubectl_manifest.server]
 }
 
 ################################################################################
diff --git a/examples/wireguard-with-cilium/versions.tf b/examples/wireguard-with-cilium/versions.tf
index 4e2e5b8339..895e26d778 100644
--- a/examples/wireguard-with-cilium/versions.tf
+++ b/examples/wireguard-with-cilium/versions.tf
@@ -18,6 +18,10 @@ terraform {
       source  = "gavinbunney/kubectl"
       version = ">= 1.14"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.9"
+    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

From e6b199f25ca57eff5eb83e8be3a74c36094c94c2 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Fri, 2 Jun 2023 17:24:58 -0400
Subject: [PATCH 27/31] chore: Remove docs that are no longer hosted in this
 project; update existing docs (#1626)

---
 .github/workflows/publish-docs.yml            |  12 +-
 .pre-commit-config.yaml                       |   2 +-
 README.md                                     |  41 +++--
 docs/.pages                                   |  13 +-
 docs/add-ons/.pages                           |   3 -
 docs/add-ons/agones.md                        |  45 -----
 docs/add-ons/apache-airflow.md                | 116 -------------
 docs/add-ons/argo-workflows.md                |  26 ---
 docs/add-ons/argocd.md                        | 155 ------------------
 docs/add-ons/aws-cloudwatch-metrics.md        |  40 -----
 docs/add-ons/aws-fsx-csi-driver.md            |  60 -------
 docs/add-ons/aws-node-termination-handler.md  |  61 -------
 docs/add-ons/calico.md                        |  39 -----
 docs/add-ons/chaos-mesh.md                    |  39 -----
 docs/add-ons/cilium.md                        |  45 -----
 docs/add-ons/cluster-autoscaler.md            |  27 ---
 .../cluster-proportional-autoscaler.md        |  81 ---------
 docs/add-ons/consul.md                        |  41 -----
 docs/add-ons/crossplane.md                    | 105 ------------
 docs/add-ons/crowdstrike-falcon.md            |  23 ---
 .../add-ons/csi-secrets-store-provider-aws.md |  12 --
 docs/add-ons/datadog-operator.md              |  11 --
 docs/add-ons/external-dns.md                  |  52 ------
 docs/add-ons/external-secrets.md              |  37 -----
 docs/add-ons/fargate-fluent-bit.md            |  11 --
 docs/add-ons/gatekeeper.md                    |  43 -----
 docs/add-ons/grafana.md                       |  53 ------
 docs/add-ons/index.md                         | 104 ------------
 docs/add-ons/kafka.md                         |  38 -----
 docs/add-ons/keda.md                          |  42 -----
 docs/add-ons/kube-prometheus-stack.md         |  53 ------
 docs/add-ons/kube-state-metrics.md            |  42 -----
 docs/add-ons/kubecost.md                      |  41 -----
 docs/add-ons/kuberay-operator.md              |  24 ---
 docs/add-ons/kubernetes-dashboard.md          |  42 -----
 docs/add-ons/kyverno.md                       |  36 ----
 docs/add-ons/local-volume-provisioner.md      |  23 ---
 docs/add-ons/managed-add-ons.md               |  96 -----------
 docs/add-ons/metrics-server.md                |  32 ----
 docs/add-ons/nginx.md                         |  51 ------
 docs/add-ons/nvidia-device-plugin.md          |  48 ------
 docs/add-ons/portworx.md                      | 135 ---------------
 docs/add-ons/prometheus.md                    |  54 ------
 docs/add-ons/promtail.md                      |  39 -----
 docs/add-ons/secrets-store-csi-driver.md      |  37 -----
 docs/add-ons/smb-csi-driver.md                |  38 -----
 docs/add-ons/spark-history-server.md          |  73 ---------
 docs/add-ons/spark-on-k8s-operator.md         |  42 -----
 docs/add-ons/tetrate-istio.md                 |  90 ----------
 docs/add-ons/thanos.md                        |  23 ---
 docs/add-ons/traefik.md                       |  43 -----
 docs/add-ons/vault.md                         |  34 ----
 docs/add-ons/vpa.md                           |  27 ---
 docs/add-ons/yunikorn.md                      |  27 ---
 docs/advanced/.pages                          |   8 -
 docs/advanced/bottlerocket.md                 |  22 ---
 docs/advanced/cluster-upgrades.md             |  59 -------
 docs/advanced/ecr-instructions.md             |  31 ----
 docs/advanced/gitops-with-flux.md             | 114 -------------
 docs/advanced/multi-cluster.md                |  62 -------
 docs/core-concepts.md                         |  37 -----
 docs/getting-started.md                       |   2 +-
 docs/images/colored-logo.png                  | Bin 0 -> 106378 bytes
 docs/images/white-logo.png                    | Bin 0 -> 94617 bytes
 docs/index.md                                 |  42 +----
 docs/internal/.pages                          |   1 -
 docs/modules/emr-on-eks.md                    |  37 -----
 docs/teams.md                                 | 118 -------------
 mkdocs.yml                                    |  72 ++++++--
 69 files changed, 96 insertions(+), 3036 deletions(-)
 delete mode 100644 docs/add-ons/.pages
 delete mode 100644 docs/add-ons/agones.md
 delete mode 100644 docs/add-ons/apache-airflow.md
 delete mode 100644 docs/add-ons/argo-workflows.md
 delete mode 100644 docs/add-ons/argocd.md
 delete mode 100644 docs/add-ons/aws-cloudwatch-metrics.md
 delete mode 100644 docs/add-ons/aws-fsx-csi-driver.md
 delete mode 100644 docs/add-ons/aws-node-termination-handler.md
 delete mode 100644 docs/add-ons/calico.md
 delete mode 100644 docs/add-ons/chaos-mesh.md
 delete mode 100644 docs/add-ons/cilium.md
 delete mode 100644 docs/add-ons/cluster-autoscaler.md
 delete mode 100644 docs/add-ons/cluster-proportional-autoscaler.md
 delete mode 100644 docs/add-ons/consul.md
 delete mode 100644 docs/add-ons/crossplane.md
 delete mode 100644 docs/add-ons/crowdstrike-falcon.md
 delete mode 100644 docs/add-ons/csi-secrets-store-provider-aws.md
 delete mode 100644 docs/add-ons/datadog-operator.md
 delete mode 100644 docs/add-ons/external-dns.md
 delete mode 100644 docs/add-ons/external-secrets.md
 delete mode 100644 docs/add-ons/fargate-fluent-bit.md
 delete mode 100644 docs/add-ons/gatekeeper.md
 delete mode 100644 docs/add-ons/grafana.md
 delete mode 100644 docs/add-ons/index.md
 delete mode 100644 docs/add-ons/kafka.md
 delete mode 100644 docs/add-ons/keda.md
 delete mode 100644 docs/add-ons/kube-prometheus-stack.md
 delete mode 100644 docs/add-ons/kube-state-metrics.md
 delete mode 100644 docs/add-ons/kubecost.md
 delete mode 100644 docs/add-ons/kuberay-operator.md
 delete mode 100644 docs/add-ons/kubernetes-dashboard.md
 delete mode 100644 docs/add-ons/kyverno.md
 delete mode 100644 docs/add-ons/local-volume-provisioner.md
 delete mode 100644 docs/add-ons/managed-add-ons.md
 delete mode 100644 docs/add-ons/metrics-server.md
 delete mode 100644 docs/add-ons/nginx.md
 delete mode 100644 docs/add-ons/nvidia-device-plugin.md
 delete mode 100644 docs/add-ons/portworx.md
 delete mode 100644 docs/add-ons/prometheus.md
 delete mode 100644 docs/add-ons/promtail.md
 delete mode 100644 docs/add-ons/secrets-store-csi-driver.md
 delete mode 100644 docs/add-ons/smb-csi-driver.md
 delete mode 100644 docs/add-ons/spark-history-server.md
 delete mode 100644 docs/add-ons/spark-on-k8s-operator.md
 delete mode 100644 docs/add-ons/tetrate-istio.md
 delete mode 100644 docs/add-ons/thanos.md
 delete mode 100644 docs/add-ons/traefik.md
 delete mode 100644 docs/add-ons/vault.md
 delete mode 100644 docs/add-ons/vpa.md
 delete mode 100644 docs/add-ons/yunikorn.md
 delete mode 100644 docs/advanced/.pages
 delete mode 100644 docs/advanced/bottlerocket.md
 delete mode 100644 docs/advanced/cluster-upgrades.md
 delete mode 100644 docs/advanced/ecr-instructions.md
 delete mode 100644 docs/advanced/gitops-with-flux.md
 delete mode 100644 docs/advanced/multi-cluster.md
 delete mode 100644 docs/core-concepts.md
 create mode 100644 docs/images/colored-logo.png
 create mode 100644 docs/images/white-logo.png
 delete mode 100644 docs/internal/.pages
 delete mode 100644 docs/modules/emr-on-eks.md
 delete mode 100644 docs/teams.md

diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml
index 910d1d7ff3..9a806ec576 100644
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -4,9 +4,10 @@ on:
     branches:
       - main
     paths:
-      - "docs/**"
-      - "mkdocs.yml"
-
+      - 'docs/**'
+      - mkdocs.yml
+      - README.md
+      - '.github/workflows/publish-docs.yml'
   release:
     types:
       - published
@@ -32,7 +33,10 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install mike==1.1.2 mkdocs-material==8.3.2 mkdocs-awesome-pages-plugin==2.7.0 mkdocs-include-markdown-plugin==3.5.2
+          pip install mike==1.1.2 \
+            mkdocs-material==9.1.4 \
+            mkdocs-include-markdown-plugin==4.0.4 \
+            mkdocs-awesome-pages-plugin==2.9.1
 
       - name: git config
         run: |
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8a58cc720b..0759776129 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.79.1
+    rev: v1.80.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
diff --git a/README.md b/README.md
index 64de5dd5ce..92190b58b1 100644
--- a/README.md
+++ b/README.md
@@ -1,37 +1,44 @@
 # Amazon EKS Blueprints for Terraform
 
-[![plan-examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/actions/workflows/plan-examples.yml/badge.svg)](https://github.com/aws-ia/terraform-aws-eks-blueprints/actions/workflows/plan-examples.yml)
-[![pre-commit](https://github.com/aws-ia/terraform-aws-eks-blueprints/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/aws-ia/terraform-aws-eks-blueprints/actions/workflows/pre-commit.yml)
+Welcome to Amazon EKS Blueprints for Terraform!
 
----
+This project contains a collection of Amazon EKS cluster patterns implemented in Terraform that demonstrate how fast and easy it is for customers to adopt [Amazon EKS](https://aws.amazon.com/eks/). The patterns can be used by AWS customers, partners, and internal AWS teams to configure and manage complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads.
 
-## :bangbang: Notice of Potential Breaking Changes in Version 5 :bangbang:
+## Motivation
 
-The direction for EKS Blueprints in v5 will shift from providing an all-encompassing, monolithic "framework" and instead focus more on how users can organize a set of modular components to create the desired solution on Amazon EKS.
+Kubernetes is a powerful and extensible container orchestration technology that allows you to deploy and manage containerized applications at scale. The extensible nature of Kubernetes also allows you to use a wide range of popular open-source tools, commonly referred to as add-ons, in Kubernetes clusters. With such a large number of tooling and design choices available however, building a tailored EKS cluster that meets your application’s specific needs can take a significant amount of time. It involves integrating a wide range of open-source tools and AWS services and requires deep expertise in AWS and Kubernetes.
 
-The issue below was created to provide community notice and to help track progress, learn what's new and how the migration path would look like to upgrade your current Terraform deployments.
+AWS customers have asked for examples that demonstrate how to integrate the landscape of Kubernetes tools and make it easy for them to provision complete, opinionated EKS clusters that meet specific application requirements. Customers can use EKS Blueprints to configure and deploy purpose built EKS clusters, and start onboarding workloads in days, rather than months.
 
-We welcome the EKS Blueprints community to continue the discussion in issue https://github.com/aws-ia/terraform-aws-eks-blueprints/issues/1421
+## Core Concepts
 
----
+This document provides a high level overview of the Core Concepts that are embedded in EKS Blueprints. For the purposes of this document, we will assume the reader is familiar with Git, Docker, Kubernetes and AWS.
 
-Welcome to Amazon EKS Blueprints for Terraform!
+| Concept                     | Description                                                                                   |
+| --------------------------- | --------------------------------------------------------------------------------------------- |
+| [Cluster](#cluster)         | An Amazon EKS Cluster and associated worker groups.                                           |
+| [Add-on](#add-on)           | Operational software that provides key functionality to support your Kubernetes applications. |
+| [Team](#team)               | A logical grouping of IAM identities that have access to Kubernetes resources.                |
 
-This project contains a collection of Amazon EKS cluster patterns implemented in Terraform that demonstrate how fast and easy it is for customers to adopt [Amazon EKS](https://aws.amazon.com/eks/). The patterns can be used by AWS customers, partners, and internal AWS teams to configure and manage complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads.
+### Cluster
 
-## Getting Started
+A `cluster` is simply an EKS cluster. EKS Blueprints provides for customizing the compute options you leverage with your `clusters`. The framework currently supports `EC2`, `Fargate` and `BottleRocket` instances. It also supports managed and self-managed node groups.
 
-The easiest way to get started with EKS Blueprints is to follow our [Getting Started guide](https://aws-ia.github.io/terraform-aws-eks-blueprints/latest/getting-started/).
+We rely on [`terraform-aws-modules/eks/aws`](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest) to configure `clusters`. See our [examples](getting-started.md) to see how `terraform-aws-modules/eks/aws` is configured for EKS Blueprints.
 
-## Examples
+### Add-on
 
-To view examples for how you can leverage EKS Blueprints, please see the [examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples) directory.
+`Add-ons` allow you to configure the operational tools that you would like to deploy into your EKS cluster. When you configure `add-ons` for a `cluster`, the `add-ons` will be provisioned at deploy time by leveraging the Terraform Helm provider. Add-ons can deploy both Kubernetes specific resources and AWS resources needed to support add-on functionality.
 
-## Motivation
+For example, the `metrics-server` add-on only deploys the Kubernetes manifests that are needed to run the Kubernetes Metrics Server. By contrast, the `aws-load-balancer-controller` add-on deploys both Kubernetes YAML, in addition to creating resources via AWS APIs that are needed to support the AWS Load Balancer Controller functionality.
 
-Kubernetes is a powerful and extensible container orchestration technology that allows you to deploy and manage containerized applications at scale. The extensible nature of Kubernetes also allows you to use a wide range of popular open-source tools, commonly referred to as add-ons, in Kubernetes clusters. With such a large number of tooling and design choices available however, building a tailored EKS cluster that meets your application’s specific needs can take a significant amount of time. It involves integrating a wide range of open-source tools and AWS services and requires deep expertise in AWS and Kubernetes.
+EKS Blueprints allows you to manage your add-ons directly via Terraform (by leveraging the Terraform Helm provider) or via GitOps with ArgoCD. See our [`Add-ons`](https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/main/) documentation page for detailed information.
 
-AWS customers have asked for examples that demonstrate how to integrate the landscape of Kubernetes tools and make it easy for them to provision complete, opinionated EKS clusters that meet specific application requirements. Customers can use EKS Blueprints to configure and deploy purpose built EKS clusters, and start onboarding workloads in days, rather than months.
+### Team
+
+`Teams` allow you to configure the logical grouping of users that have access to your EKS clusters, in addition to the access permissions they are granted.
+
+See our [`Teams`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams) documentation page for detailed information.
 
 ## Support & Feedback
 
diff --git a/docs/.pages b/docs/.pages
index 882bceafbd..fe13cd026e 100644
--- a/docs/.pages
+++ b/docs/.pages
@@ -1,11 +1,4 @@
 nav:
-    - Overview: index.md
-    - Getting Started: getting-started.md
-    - Core Concepts: core-concepts.md
-    - IAM: iam
-    - Teams: teams.md
-    - Modules: modules
-    - Add-ons: add-ons
-    - Advanced: advanced
-    - Extensibility: extensibility.md
-    - ...
+  - Overview: index.md
+  - Getting Started: getting-started.md
+  - IAM: iam
diff --git a/docs/add-ons/.pages b/docs/add-ons/.pages
deleted file mode 100644
index 3f7ce6c21a..0000000000
--- a/docs/add-ons/.pages
+++ /dev/null
@@ -1,3 +0,0 @@
-nav:
-    - Overview: index.md
-    - ...
diff --git a/docs/add-ons/agones.md b/docs/add-ons/agones.md
deleted file mode 100644
index a36dc002d4..0000000000
--- a/docs/add-ons/agones.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Agones
-
-[Agones](https://agones.dev/) is an open source platform for deploying, hosting, scaling, and orchestrating dedicated game servers for large scale multiplayer games on Kubernetes.
-
-For complete project documentation, please visit the [Agones documentation site](https://agones.dev/site/docs/).
-
-## Usage
-
-Agones can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_agones = true
-```
-
-You can optionally customize the Helm chart that deploys `Agones` via the following configuration.
-
-*NOTE: Agones requires a Node group in Public Subnets and enable Public IP*
-
-```hcl
-  enable_agones = true
-  # Optional  agones_helm_config
-  agones_helm_config = {
-    name                       = "agones"
-    chart                      = "agones"
-    repository                 = "https://agones.dev/chart/stable"
-    version                    = "1.21.0"
-    namespace                  = "agones-system" # Agones recommends to install in it's own namespace such as `agones-system` as shown here. You can specify any namespace other than `kube-system`
-    values = [templatefile("${path.module}/helm_values/agones-values.yaml", {
-      expose_udp            = true
-      gameserver_namespaces = "{${join(",", ["default", "xbox-gameservers", "xbox-gameservers"])}}"
-      gameserver_minport    = 7000
-      gameserver_maxport    = 8000
-    })]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-agones = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/apache-airflow.md b/docs/add-ons/apache-airflow.md
deleted file mode 100644
index b6197b470f..0000000000
--- a/docs/add-ons/apache-airflow.md
+++ /dev/null
@@ -1,116 +0,0 @@
-# Apache Airflow add-on
-
-This document describes the details of the best practices for building and deploying Self-managed **Highly Scalable Apache Airflow cluster on Kubernetes(Amazon EKS) Cluster**.
-Alternatively, Amazon also provides a fully managed Apache Airflow service(MWAA).
-
-Apache Airflow is used for the scheduling and orchestration of data pipelines or workflows.
-Orchestration of data pipelines refers to the sequencing, coordination, scheduling, and managing complex data pipelines from diverse sources.
-A workflow is represented as a [DAG](https://airflow.apache.org/docs/apache-airflow/stable/concepts/dags.html) (a Directed Acyclic Graph), and contains individual pieces of work called [Tasks](https://airflow.apache.org/docs/apache-airflow/stable/concepts/tasks.html), arranged with dependencies and data flows taken into account.
-
-## Production considerations for running Apache Airflow on EKS
-
-### Airflow Metadata Database
-It is advised to set up an external database for the Airflow metastore. The default Helm chart deploys a Postgres database running in a container but this should be used only for development.
-Apache Airflow recommends to use MySQL or Postgres. This deployment configures the highly available Amazon RDS Postgres database as external database.
-
-### PgBouncer for Amazon Postgres RDS
-Airflow can open a lot of database connections due to its distributed nature and using a connection pooler can significantly reduce the number of open connections on the database.
-This deployment enables the PgBouncer for Postgres
-
-### Webserver Secret Key
-You should set a static webserver secret key when deploying with this chart as it will help ensure your Airflow components only restart when necessary.
-This deployment creates Kubernetes secret for Webserver Secret Key and applies to Airflow
-
-### Managing DAG Files with GitHub and EFS
-It's recommended to Mounting DAGs using Git-Sync sidecar with Persistence enabled.
-Developers can create a repo to store the DAGs and configure to sync with Airflow servers.
-This deployment provisions EFS(Amazon Elastic File System) through Persistent Volume Claim with an access mode of ReadWriteMany.
-The Airflow scheduler pod will sync DAGs from a git repository onto the PVC every configured number of seconds.
-The other pods will read the synced DAGs.
-
-GitSync is configured with a sample repo with this example. This can be replaced with your internal GitHub repo
-
-### Managing Log Files with S3 with IRSA
-Airflow writes logs for tasks in a way that allows you to see the logs for each task separately in the Airflow UI.
-Core Airflow implements writing and serving logs locally. However, you can also write logs to remote services via community providers, or write your own loggers.
-This example configures S3 bucket to store the Airflow logs. IAM roles for server account(IRSA) is configured for Airflow pods to access this S3 bucket.
-
-### Airflow StatsD Metrics
-This example configures to send the metrics to an existing StatsD to Prometheus endpoint. This can be configured to send it to external StatsD instance
-
-### Airflow Executors (Celery Vs Kubernetes)
-This deployment uses Kubernetes Executor. With KubernetesExecutor, each task runs in its own pod.
-The pod is created when the task is queued, and terminates when the task completes.
-With KubernetesExecutor, the workers (pods) talk directly to the same Postgres backend as the Scheduler and can to a large degree take on the labor of task monitoring.
-
-* KubernetesExecutor can work well when your tasks are not very uniform with respect to resource requirements or images.
-* Each task on the Kubernetes executor gets its own pod, which allows you to pass an executor_config in your task params. This lets you assign resources at the task level by passing an executor_config. e.g, the first task may be a sensor that only requires a few resources, but the downstream tasks have to run on your GPU node pool with a higher CPU request. See the code snippet below
-* Since each task is a pod, it is managed independently of the code deploys. This is great for longer running tasks or environments with a lot of users, as users can push new code without fear of interrupting that task.
-* This makes the *k8s executor the most fault-tolerant* option, as running tasks won’t be affected when code is pushed
-* In contrast to CeleryExecutor, KubernetesExecutor does not require additional components such as Redis, but does require access to Kubernetes cluster.
-* Pod monitoring can be done with native Kubernetes tools
-* A Kubernetes watcher is a thread that can subscribe to every change that occurs in Kubernetes’ database. It is alerted when pods start, run, end, and fail. By monitoring this stream, the KubernetesExecutor can discover that the worker crashed and correctly report the task as failed
-
-### Airflow Schedulers
-The Airflow scheduler monitors all tasks and DAGs, then triggers the task instances once their dependencies are complete.
-Ths deployment uses *HA scheduler* with two replicas to take advantage of the existing metadata database.
-
-### Accessing Airflow Web UI
-This deployment example uses internet facing Load Balancer to easily access the WebUI however it's not recommended for Production.
-You can modify the `values.yaml` to set the Load Balancer to `internal` and upload certificate to use HTTPS.
-Ensure access to the WebUI using internal domain and network.
-
-## Usage
-
-The Apache Airflow can be deployed by enabling the add-on via the following.
-
-```hcl
-  enable_airflow = true
-```
-
-For production workloads, you can use the following custom Helm Config.
-
-```hcl
-    enable_airflow = true
-    airflow_helm_config = {
-      name             = "airflow"
-      chart            = "airflow"
-      repository       = "https://airflow.apache.org"
-      version          = "1.6.0"
-      namespace        = module.airflow_irsa.namespace
-      create_namespace = false
-      timeout          = 360
-      description      = "Apache Airflow v2 Helm chart deployment configuration"
-      # Check the example for `values.yaml` file
-      values = [templatefile("${path.module}/values.yaml", {
-        # Airflow Postgres RDS Config
-        airflow_db_user = "airflow"
-        airflow_db_name = module.db.db_instance_name
-        airflow_db_host = element(split(":", module.db.db_instance_endpoint), 0)
-        # S3 bucket config for Logs
-        s3_bucket_name          = aws_s3_bucket.this.id
-        webserver_secret_name   = local.airflow_webserver_secret_name
-        airflow_service_account = local.airflow_service_account
-      })]
-
-      set_sensitive = [
-        {
-          name  = "data.metadataConnection.pass"
-          value = data.aws_secretsmanager_secret_version.postgres.secret_string
-        }
-      ]
-    }
-```
-
-Once deployed, you will be able to see the deployment status
-
-```shell
-kubectl get deployment -n airflow
-
-NAME                READY   UP-TO-DATE   AVAILABLE   AGE
-airflow-pgbouncer   1/1     1            1           77m
-airflow-scheduler   2/2     2            2           77m
-airflow-statsd      1/1     1            1           77m
-airflow-triggerer   1/1     1            1           77m
-airflow-webserver   2/2     2            2           77m
-```
diff --git a/docs/add-ons/argo-workflows.md b/docs/add-ons/argo-workflows.md
deleted file mode 100644
index e6a524d352..0000000000
--- a/docs/add-ons/argo-workflows.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Argo Workflows
-
-[Argo Workflows](https://argoproj.github.io/argo-workflows/) is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. It is implemented as a Kubernetes CRD (Custom Resource Definition). As a result, Argo workflows can be managed using kubectl and natively integrates with other Kubernetes services such as volumes, secrets, and RBAC.
-
-For complete project documentation, please visit the [Argo Workflows documentation site](https://argoproj.github.io/argo-workflows/).
-
-## Usage
-
-Argo Workflows can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_argo_workflows = true
-```
-
-
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-argoWorkflows = {
-  enable             = true
-}
-```
diff --git a/docs/add-ons/argocd.md b/docs/add-ons/argocd.md
deleted file mode 100644
index 91f4c24a85..0000000000
--- a/docs/add-ons/argocd.md
+++ /dev/null
@@ -1,155 +0,0 @@
-# ArgoCD
-
-[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
-
-Application definitions, configurations, and environments should be declarative and version controlled. Application deployment and lifecycle management should be automated, auditable, and easy to understand.
-
-## Usage
-
-ArgoCD can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_argocd = true
-```
-
-### Admin Password
-
-ArgoCD has a built-in `admin` user that has full access to the ArgoCD instance. By default, Argo will create a password for the admin user.
-
-See the [ArgoCD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/) for additional details on managing users.
-
-### Customizing the Helm Chart
-
-You can customize the Helm chart that deploys `ArgoCD` via the following configuration:
-
-```hcl
-argocd_helm_config = {
-  name             = "argo-cd"
-  chart            = "argo-cd"
-  repository       = "https://argoproj.github.io/argo-helm"
-  version          = "<chart_version>"
-  namespace        = "argocd"
-  timeout          = "1200"
-  create_namespace = true
-  values = [templatefile("${path.module}/argocd-values.yaml", {})]
-}
-```
-
-### Bootstrapping
-
-The framework provides an approach to bootstrapping workloads and/or additional add-ons by leveraging the ArgoCD [App of Apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern.
-
-The following code example demonstrates how you can supply information for a repository in order to bootstrap multiple workloads in a new EKS cluster. The example leverages a [sample App of Apps repository](https://github.com/aws-samples/eks-blueprints-workloads.git).
-
-```hcl
-argocd_applications = {
-  addons = {
-    path                = "chart"
-    repo_url            = "https://github.com/aws-samples/eks-blueprints-add-ons.git"
-    add_on_application  = true # Indicates the root add-on application.
-  }
-}
-```
-
-### Add-ons
-
-A common operational pattern for EKS customers is to leverage Infrastructure as Code to provision EKS clusters (in addition to other AWS resources), and ArgoCD to manage cluster add-ons. This can present a challenge when add-ons managed by ArgoCD depend on AWS resource values which are created via Terraform execution (such as an IAM ARN for an add-on that leverages IRSA), to function properly. The framework provides an approach to bridging the gap between Terraform and ArgoCD by leveraging the ArgoCD [App of Apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern.
-
-To indicate that ArgoCD should responsible for managing cluster add-ons (applying add-on Helm charts to a cluster), you can set the `argocd_manage_add_ons` property to true. When this flag is set, the framework will still provision all AWS resources necessary to support add-on functionality, but it will not apply Helm charts directly via the Terraform Helm provider.
-
-Next, identify which ArgoCD Application will serve as the add-on configuration repository by setting the `add_on_application` flag to true. When this flag is set, the framework will aggregate AWS resource values that are needed for each add-on into an object. It will then pass that object to ArgoCD via the values map of the Application resource. [See here](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/locals.tf#L4) for the values object that gets passed to the ArgoCD add-ons Application.
-
-Sample configuration can be found below:
-
-```hcl
-enable_argocd           = true
-argocd_manage_add_ons   = true
-argocd_applications     = {
-  addons = {
-    path                = "chart"
-    repo_url            = "https://github.com/aws-samples/eks-blueprints-add-ons.git"
-    add_on_application  = true # Indicates the root add-on application.
-  }
-}
-```
-
-### Private Repositories
-
-In order to leverage ArgoCD with private Git repositories, you must supply a private SSH key to Argo. The framework provides support for doing so via an integration with AWS Secrets Manager.
-
-To leverage private repositories, do the following:
-
-1. Create a new secret in AWS Secrets Manager for your desired region. The value for the secret should be a private SSH key for your Git provider.
-2. Set the `ssh_key_secret_name` in each Application's configuration as the name of the secret.
-
-Internally, the framework will create a Kubernetes Secret, which ArgoCD will leverage when making requests to your Git provider. See the example configuration below.
-
-```hcl
-enable_argocd           = true
-argocd_manage_add_ons   = true
-argocd_applications     = {
-  addons = {
-    path                = "chart"
-    repo_url            = "git@github.com:aws-samples/eks-blueprints-add-ons.git"
-    project             = "default"
-    add_on_application  = true              # Indicates the root add-on application.
-    ssh_key_secret_name = "github-ssh-key"  # Needed for private repos
-    insecure            = false # Set to true to disable the server's certificate verification
-  }
-}
-```
-
-### Complete Example
-
-The following demonstrates a complete example for configuring ArgoCD.
-
-```hcl
-enable_argocd                       = true
-argocd_manage_add_ons               = true
-
-argocd_helm_config = {
-  name             = "argo-cd"
-  chart            = "argo-cd"
-  repository       = "https://argoproj.github.io/argo-helm"
-  version          = "3.29.5"
-  namespace        = "argocd"
-  timeout          = "1200"
-  create_namespace = true
-  values = [templatefile("${path.module}/argocd-values.yaml", {})]
-}
-
-argocd_applications = {
-  workloads = {
-    path                = "envs/dev"
-    repo_url            = "https://github.com/aws-samples/eks-blueprints-workloads.git"
-    values              = {}
-    type                = "helm"            # Optional, defaults to helm.
-  }
-  kustomize-apps = {
-    /*
-      This points to a single application with no overlays, but it could easily
-      point to a a specific overlay for an environment like "dev", and/or utilize
-      the ArgoCD app of apps model to install many additional ArgoCD apps.
-    */
-    path                = "argocd-example-apps/kustomize-guestbook/"
-    repo_url            = "https://github.com/argoproj/argocd-example-apps.git"
-    type                = "kustomize"
-  }
-  addons = {
-    path                = "chart"
-    repo_url            = "git@github.com:aws-samples/eks-blueprints-add-ons.git"
-    add_on_application  = true              # Indicates the root add-on application.
-                                            # If provided, the type must be set to "helm" for the root add-on application.
-    ssh_key_secret_name = "github-ssh-key"  # Needed for private repos
-    values              = {}
-    type                = "helm"            # Optional, defaults to helm.
-    #ignoreDifferences   = [ # Enable this to ignore children apps' sync policy
-    #  {
-    #    group        = "argoproj.io"
-    #    kind         = "Application"
-    #    jsonPointers = ["/spec/syncPolicy"]
-    #  }
-    #]
-  }
-}
-```
diff --git a/docs/add-ons/aws-cloudwatch-metrics.md b/docs/add-ons/aws-cloudwatch-metrics.md
deleted file mode 100644
index 82c7a51b0f..0000000000
--- a/docs/add-ons/aws-cloudwatch-metrics.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# AWS CloudWatch Metrics
-
-Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.
-
-Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.
-
-## Usage
-
-[aws-cloudwatch-metrics](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-cloudwatch-metrics) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_aws_cloudwatch_metrics = true
-```
-
-You can optionally customize the Helm chart that deploys `aws_cloudwatch_metrics` via the following configuration.
-
-```hcl
-  enable_aws_cloudwatch_metrics        = true
-  aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"]
-  aws_cloudwatch_metrics_helm_config   = {
-    name       = "aws-cloudwatch-metrics"
-    chart      = "aws-cloudwatch-metrics"
-    repository = "https://aws.github.io/eks-charts"
-    version    = "0.0.7"
-    namespace  = "amazon-cloudwatch"
-    values     = [templatefile("${path.module}/values.yaml", {
-      eks_cluster_id = var.addon_context.eks_cluster_id
-    })]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-awsCloudWatchMetrics = {
-  enable       = true
-}
-```
diff --git a/docs/add-ons/aws-fsx-csi-driver.md b/docs/add-ons/aws-fsx-csi-driver.md
deleted file mode 100644
index 1c2dcdade6..0000000000
--- a/docs/add-ons/aws-fsx-csi-driver.md
+++ /dev/null
@@ -1,60 +0,0 @@
-# Amazon FSx for Lustre CSI Driver
-
-Fully managed shared storage built on the world's most popular high-performance file system.
-This add-on deploys the [Amazon FSx for Lustre CSI Driver](https://aws.amazon.com/fsx/lustre/) into an EKS cluster.
-
-## Usage
-
-The [Amazon FSx for Lustre CSI Driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-fsx-csi-driver) can be deployed by enabling the add-on via the following.
-
-```hcl
-  enable_aws_fsx_csi_driver = true
-```
-
-You can optionally customize the Helm chart that deploys `enable_aws_fsx_csi_driver` via the following configuration.
-
-```hcl
-  enable_aws_fsx_csi_driver = true
-  aws_fsx_csi_driver_helm_config = {
-    name                       = "aws-fsx-csi-driver"
-    chart                      = "aws-fsx-csi-driver"
-    repository                 = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
-    version                    = "1.4.2"
-    namespace                  = "kube-system"
-    values = [templatefile("${path.module}/aws-fsx-csi-driver-values.yaml", {})] # Create this `aws-fsx-csi-driver-values.yaml` file with your own custom values
-  }
-  aws_fsx_csi_driver_irsa_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
-```
-
-Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace.
-
-```sh
-$ kubectl get deployment fsx-csi-controller -n kube-system
-
-NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
-fsx-csi-controller   2/2     2            2           4m29s
-```
-
-```sh
-$ kubectl get daemonset fsx-csi-node -n kube-system
-
-NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
-fsx-csi-node   3         3         3       3            3           kubernetes.io/os=linux   4m32s
-```
-
-### GitOps Configuration
-
-`ArgoCD` with `App of Apps` GitOps enabled for this Add-on by enabling the following variable
-
-```hcl
-argocd_manage_add_ons = true
-```
-
-The following is configured to ArgoCD App of Apps for this Add-on.
-
-```hcl
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-```
diff --git a/docs/add-ons/aws-node-termination-handler.md b/docs/add-ons/aws-node-termination-handler.md
deleted file mode 100644
index 4bb60d5155..0000000000
--- a/docs/add-ons/aws-node-termination-handler.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# AWS Node Termination Handler
-
-This project ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, ASG Scale-In, ASG AZ Rebalance, and EC2 Instance Termination via the API or Console. If not handled, your application code may not stop gracefully, take longer to recover full availability, or accidentally schedule work to nodes that are going down. For more information see [README.md](https://github.com/aws/aws-node-termination-handler#readme).
-
-The aws-node-termination-handler (NTH) can operate in two different modes: Instance Metadata Service (IMDS) or the Queue Processor. In the EKS Blueprints, we provision the NTH in Queue Processor mode. This means that NTH will monitor an SQS queue of events from Amazon EventBridge for ASG lifecycle events, EC2 status change events, Spot Interruption Termination Notice events, and Spot Rebalance Recommendation events. When NTH detects an instance is going down, NTH uses the Kubernetes API to cordon the node to ensure no new work is scheduled there, then drain it, removing any existing work.
-
-The NTH will be deployed in the `kube-system` namespace. AWS resources required as part of the setup of NTH will be provisioned for you. These include:
-
-1. Node group ASG tagged with `key=aws-node-termination-handler/managed`
-2. AutoScaling Group Termination Lifecycle Hook
-3. Amazon Simple Queue Service (SQS) Queue
-4. Amazon EventBridge Rule
-5. IAM Role for the aws-node-termination-handler Queue Processing Pods
-
-## Usage
-
-```hcl
-enable_aws_node_termination_handler = true
-```
-
-You can optionally customize the Helm chart that deploys `aws-node-termination-handler` via the following configuration.
-
-```hcl
-  enable_aws_node_termination_handler = true
-
-  aws_node_termination_handler_helm_config = {
-    name                       = "aws-node-termination-handler"
-    chart                      = "aws-node-termination-handler"
-    repository                 = "https://aws.github.io/eks-charts"
-    version                    = "0.16.0"
-    timeout                    = "1200"
-  }
-```
-
-
-To validate that controller is running, ensure that controller deployment is in RUNNING state:
-
-```sh
-# Assuming controller is installed in kube-system namespace
-$ kubectl get deployments -n kube-system
-aws-node-termination-handler  1/1   1   1   5d9h
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
-
-When enabling NTH for GitOps, be sure that you are using `self_managed_node_groups` as this module will check to ensure that it finds valid backing autoscaling groups.
-
-If you're using `managed_node_groups`, NTH isn't required as per the following - https://github.com/aws/aws-node-termination-handler/issues/186
-```
-Amazon EKS automatically drains nodes using the Kubernetes API during terminations or updates. Updates respect the pod disruption budgets that you set for your pods.
-```
-
-```hcl
-  awsNodeTerminationHandler = {
-    enable             = true
-    serviceAccountName = "<service_account>"
-  }
-```
diff --git a/docs/add-ons/calico.md b/docs/add-ons/calico.md
deleted file mode 100644
index cb29067aa5..0000000000
--- a/docs/add-ons/calico.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Calico
-
-Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads
-Calico provides two major services for Cloud Native applications: network connectivity between workloads and network security policy enforcement between workloads.
-[Calico](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm#download-the-helm-chart) docs chart bootstraps Calico infrastructure on a Kubernetes cluster using the Helm package manager.
-
-For complete project documentation, please visit the [Calico documentation site](https://docs.tigera.io/calico/next/about/).
-
-## Usage
-
-Calico can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_calico = true
-```
-
-Deploy Calico with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass calico-values.yaml from consumer module
-   calico_helm_config = {
-    name       = "calico"                                               # (Required) Release name.
-    repository = "https://docs.projectcalico.org/charts"                # (Optional) Repository URL where to locate the requested chart.
-    chart      = "tigera-operator"                                      # (Required) Chart name to be installed.
-    version    = "v3.24.1"                                              # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/calico/locals.tf
-    namespace  = "tigera-operator"                                      # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/calico-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```sh
-calico = {
-  enable  = true
-}
-```
diff --git a/docs/add-ons/chaos-mesh.md b/docs/add-ons/chaos-mesh.md
deleted file mode 100644
index 6cf27d48b8..0000000000
--- a/docs/add-ons/chaos-mesh.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Chaos Mesh
-
-Chaos Mesh is an open source cloud-native Chaos Engineering platform. It offers various types of fault simulation and has an enormous capability to orchestrate fault scenarios
-
-[Chaos Mesh](https://chaos-mesh.org/docs/production-installation-using-helm/) docs chart bootstraps Chaos Mesh infrastructure on a Kubernetes cluster using the Helm package manager.
-
-For complete project documentation, please visit the [Chaos Mesh site](https://chaos-mesh.org/docs/).
-
-## Usage
-
-Chaos Mesh can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_chaos_mesh = true
-```
-
-Deploy Chaos Mesh with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass chaos-mesh-values.yaml from consumer module
-   chaos_mesh_helm_config = {
-    name       = "chaos-mesh"                                               # (Required) Release name.
-    repository = "https://charts.chaos-mesh.org"                            # (Optional) Repository URL where to locate the requested chart.
-    chart      = "chaos-mesh"                                               # (Required) Chart name to be installed.
-    version    = "2.3.0"                                                    # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/chaos-mesh/locals.tf
-    namespace  = "chaos-testing"                                            # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/chaos-mesh-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```sh
-chaosMesh = {
-  enable  = true
-}
-```
diff --git a/docs/add-ons/cilium.md b/docs/add-ons/cilium.md
deleted file mode 100644
index a2b194ee64..0000000000
--- a/docs/add-ons/cilium.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Cilium
-
-Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
-
-Cilium can be set up in two manners:
-- In combination with the `Amazon VPC CNI plugin`. In this hybrid mode, the AWS VPC CNI plugin is responsible for setting up the virtual network devices as well as for IP address management (IPAM) via ENIs.
-After the initial networking is setup for a given pod, the Cilium CNI plugin is called to attach eBPF programs to the network devices set up by the AWS VPC CNI plugin in order to enforce network policies, perform load-balancing and provide encryption.
-Read the installation instruction [here](https://docs.cilium.io/en/latest/installation/cni-chaining-aws-cni/)
-- As a replacement of `Amazon VPC CNI`,  read the complete installation guideline [here](https://docs.cilium.io/en/latest/installation/k8s-install-helm/)
-
-For complete project documentation, please visit the [Cilium documentation site](https://docs.cilium.io/en/stable/).
-
-## Usage
-
-By Cilium in combination with the `Amazon VPC CNI plugin` by enabling the add-on via the following.
-
-```hcl
-enable_cilium = true
-```
-
-Deploy Cilium with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass cilium-values.yaml from consumer module
-   cilium_helm_config = {
-    name       = "cilium"                                               # (Required) Release name.
-    repository = "https://helm.cilium.io/"                              # (Optional) Repository URL where to locate the requested chart.
-    chart      = "cilium"                                               # (Required) Chart name to be installed.
-    version    = "1.12.1"                                               # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/cilium/locals.tf
-    values = [templatefile("${path.module}/cilium-values.yaml", {})]
-  }
-```
-
-Refer to the [cilium default values file](https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/values.yaml) for complete values options for the chart
-
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-cilium = {
-  enable  = true
-}
-```
diff --git a/docs/add-ons/cluster-autoscaler.md b/docs/add-ons/cluster-autoscaler.md
deleted file mode 100644
index 810dc405a0..0000000000
--- a/docs/add-ons/cluster-autoscaler.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Cluster Autoscaler
-
-Cluster Autoscaler is a tool that automatically adjusts the number of nodes in your cluster when:
-
-* Pods fail due to insufficient resources, or
-* Pods are rescheduled onto other nodes due to being in nodes that are underutilized for an extended period of time.
-
-The [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) add-on adds support for Cluster Autoscaler to an EKS cluster. It is typically installed as a **Deployment** in your cluster. It uses leader election to ensure high availability, but scaling is one done via one replica at a time.
-
-## Usage
-
-[Cluster Autoscaler](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/cluster-autoscaler) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_cluster_autoscaler = true
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-clusterAutoscaler = {
-  enable = true
-  serviceAccountName = "<service_account>"
-}
-```
diff --git a/docs/add-ons/cluster-proportional-autoscaler.md b/docs/add-ons/cluster-proportional-autoscaler.md
deleted file mode 100644
index 647358d369..0000000000
--- a/docs/add-ons/cluster-proportional-autoscaler.md
+++ /dev/null
@@ -1,81 +0,0 @@
-# Horizontal cluster-proportional-autoscaler container
-
-Horizontal cluster-proportional-autoscaler watches over the number of schedulable nodes and cores of the cluster and resizes the number of replicas for the required resource. This functionality may be desirable for applications that need to be autoscaled with the size of the cluster, such as CoreDNS and other services that scale with the number of nodes/pods in the cluster.
-
-The [cluster-proportional-autoscaler](https://github.com/kubernetes-sigs/cluster-proportional-autoscaler) helps to scale the applications using deployment or replicationcontroller or replicaset. This is an alternative solution to Horizontal Pod Autoscaling.
-It is typically installed as a **Deployment** in your cluster.
-
-## Usage
-
-This add-on requires both `enable_coredns_autoscaler` and `coredns_autoscaler_helm_config` as mandatory fields.
-
-[cluster-proportional-autoscaler](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/cluster-proportional-autoscaler) can be deployed by enabling the add-on via the following.
-
-The example shows how to enable `cluster-proportional-autoscaler` for `CoreDNS Deployment`. CoreDNS deployment is not configured with HPA. So, this add-on helps to scale CoreDNS Add-on according to the size of the nodes and cores.
-
-This Add-on can be used to scale any application with Deployment objects.
-
-```hcl
-enable_coredns_autoscaler = true
-coredns_autoscaler_helm_config = {
-  name        = "cluster-proportional-autoscaler"
-  chart       = "cluster-proportional-autoscaler"
-  repository  = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler"
-  version     = "1.0.0"
-  namespace   = "kube-system"
-  timeout     = "300"
-  values = [
-    <<-EOT
-    nameOverride: kube-dns-autoscaler
-
-     # Formula for controlling the replicas. Adjust according to your needs
-     #  replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
-    config:
-      linear:
-      coresPerReplica: 256
-      nodesPerReplica: 16
-      min: 1
-      max: 100
-      preventSinglePointFailure: true
-      includeUnschedulableNodes: true
-
-    # Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).
-    options:
-      target: deployment/coredns # Notice the target as `deployment/coredns`
-
-    serviceAccount:
-      create: true
-      name: kube-dns-autoscaler
-
-    podSecurityContext:
-      seccompProfile:
-      type: RuntimeDefault
-      supplementalGroups: [ 65534 ]
-      fsGroup: 65534
-
-    resources:
-      limits:
-        cpu: 100m
-        memory: 128Mi
-      requests:
-        cpu: 100m
-        memory: 128Mi
-
-    tolerations:
-      - key: "CriticalAddonsOnly"
-        operator: "Exists"
-        description = "Cluster Proportional Autoscaler for CoreDNS Service"
-    EOT
-  ]
-}
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-corednsAutoscaler = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/consul.md b/docs/add-ons/consul.md
deleted file mode 100644
index dfa785b231..0000000000
--- a/docs/add-ons/consul.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Consul
-
-HashiCorp Consul is a service networking solution that enables teams to manage secure network connectivity between services and across on-prem and multi-cloud environments and runtimes. Consul offers service discovery, service mesh, traffic management, and automated updates to network infrastructure device.
-
-For complete project documentation, please visit the [consul](https://developer.hashicorp.com/consul/docs/k8s/installation/install).
-
-## Usage
-
-Consul can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_consul = true
-```
-
-You can optionally customize the Helm chart via the following configuration.
-
-```hcl
-  enable_consul = true
-  # Optional consul_helm_config
-  consul_helm_config = {
-    name                       = "consul"
-    chart                      = "consul"
-    repository                 = "https://helm.releases.hashicorp.com"
-    version                    = "1.0.1"
-    namespace                  = "consul"
-    values = [templatefile("${path.module}/values.yaml", {
-      ...
-    })]
-  }
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
-
-```hcl
-  consul = {
-    enable = true
-  }
-```
diff --git a/docs/add-ons/crossplane.md b/docs/add-ons/crossplane.md
deleted file mode 100644
index 67d9166815..0000000000
--- a/docs/add-ons/crossplane.md
+++ /dev/null
@@ -1,105 +0,0 @@
-# Crossplane
-Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume, without having to write any code.
-
- - Crossplane is a control plane
- - Allow engineers to model their infrastructure as declarative configuration
- - Support managing a myriad of diverse infrastructure using "provider" plugins
- - It's an open source tool with strong communities
-
-For complete project documentation, please visit the [Crossplane](https://crossplane.io/).
-
-## Usage
-
-### Crossplane Deployment
-
-Crossplane can be deployed by enabling the add-on via the following. Check out the full [example](https://github.com/awslabs/crossplane-on-eks/tree/main/bootstrap/terraform) to deploy the EKS Cluster with Crossplane.
-
-```hcl
-  enable_crossplane = true
-```
-
-You can optionally customize the Helm chart that deploys `Crossplane` via the following configuration.
-
-```hcl
-  enable_crossplane = true
-
-  crossplane_helm_config = {
-    name                      = "crossplane"
-    chart                     = "crossplane"
-    repository                = "https://charts.crossplane.io/stable/"
-    version                   = "1.10.1" # Get the lates version from https://github.com/crossplane/crossplane
-    namespace                 = "crossplane-system"
-  }
-```
-
-To install the [Upbound Universal Crossplane (UXP) helm chart](https://github.com/upbound/universal-crossplane/tree/main/cluster/charts/universal-crossplane) use the following configuration.
-
-```hcl
-  enable_crossplane = true #defaults to Upstream Crossplane Helm Chart
-
-  crossplane_helm_config = {
-    name        = "crossplane"
-    chart       = "universal-crossplane"
-    repository  = "https://charts.upbound.io/stable/"
-    version     = "1.10.1" # Get the latest version from https://github.com/upbound/universal-crossplane
-    namespace   = "upbound-system"
-    description = "Upbound Universal Crossplane (UXP)"
-  }
-```
-
-
-### Crossplane Providers Deployment
-This module provides options to deploy the following providers for Crossplane. These providers disabled by default, and it can be enabled using the config below.
-
- - [AWS Provider](https://github.com/crossplane/provider-aws)
- - [Upbound AWS Provider](https://github.com/upbound/provider-aws)
- - [Kubernetes Provider](https://github.com/crossplane-contrib/provider-kubernetes)
- - [Helm Provider](https://github.com/crossplane-contrib/provider-helm)
- - [Terrajet AWS Provider](https://github.com/crossplane-contrib/provider-jet-aws)
-
-_NOTE: Crossplane requires Admin like permissions to create and update resources similar to Terraform deploy role.
-This example config uses AdministratorAccess, but you should select a policy with the minimum permissions required to provision your resources._
-
-Config to deploy [AWS Provider](https://github.com/crossplane/provider-aws)
-```hcl
-# Creates ProviderConfig -> aws-provider
-crossplane_aws_provider = {
-  enable                   = true
-}
-```
-
-Config to deploy [Upbound AWS Provider](https://github.com/upbound/provider-aws)
-```hcl
-# Creates ProviderConfig -> upbound-aws-provider
-crossplane_upbound_aws_provider = {
-  enable                   = true
-}
-```
-
-Config to deploy [Terrajet AWS Provider (Deprecated)](https://github.com/crossplane-contrib/provider-jet-aws)
-```hcl
-# Creates ProviderConfig -> jet-aws-provider
-crossplane_jet_aws_provider = {
-  enable                   = true
-  provider_aws_version     = "v0.4.1"  # Get the latest version from  https://github.com/crossplane-contrib/provider-jet-aws
-  additional_irsa_policies = ["arn:aws:iam::aws:policy/AdministratorAccess"]
-}
-```
-
-_NOTE: Crossplane requires cluster-admin permissions to create and update Kubernetes resources._
-
-Config to deploy [Kubernetes provider](https://github.com/crossplane-contrib/provider-kubernetes)
-```hcl
-# Creates ProviderConfig -> kubernetes-provider
-crossplane_kubernetes_provider = {
-  enable                   = true
-}
-```
-
-Config to deploy [Helm Provider](https://github.com/crossplane-contrib/provider-helm)
-```hcl
-# Creates ProviderConfig -> helm-provider
-crossplane_helm_provider = {
-  enable                   = true
-}
-```
diff --git a/docs/add-ons/crowdstrike-falcon.md b/docs/add-ons/crowdstrike-falcon.md
deleted file mode 100644
index 7fe372f163..0000000000
--- a/docs/add-ons/crowdstrike-falcon.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# CrowdStrike Falcon
-
-[`terraform-kubectl-falcon`](https://github.com/CrowdStrike/terraform-kubectl-falcon) is a Terraform module that can automate the deployment of CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.
-
-## Falcon Operator
-
-Falcon Operator is a Kubernetes operator that manages the deployment of the CrowdStrike Falcon Sensor on a Kubernetes cluster. The CrowdStrike Falcon Sensor provides runtime protection for workloads running on a Kubernetes cluster.
-
-More information can be found in the [Operator submodule](https://github.com/CrowdStrike/terraform-kubectl-falcon/blob/main/modules/operator/README.md).
-
-## Kubernetes Protection Agent (KPA)
-
-The Kubernetes Protection Agent provides visibility into the cluster by collecting event information from the Kubernetes layer. These events are correlated to sensor events and cloud events to provide complete cluster visibility.
-
-More information can be found in the [KPA sub-module](https://github.com/CrowdStrike/terraform-kubectl-falcon/blob/main/modules/k8s-protection-agent/README.md).
-
-## Usage
-
-Refer to the [`terraform-kubectl-falcon`](https://github.com/CrowdStrike/terraform-kubectl-falcon) documentation for the most up-to-date information on inputs and outputs.
-
-## Example
-
-A full end to end example of using the `terraform-kubectl-falcon` module with `eks_blueprints` can be found in the [examples](https://github.com/CrowdStrike/terraform-kubectl-falcon/tree/v0.1.0/examples/aws-eks-blueprint-example) directory of the `terraform-kubectl-falcon` module.
diff --git a/docs/add-ons/csi-secrets-store-provider-aws.md b/docs/add-ons/csi-secrets-store-provider-aws.md
deleted file mode 100644
index 2c4c88f793..0000000000
--- a/docs/add-ons/csi-secrets-store-provider-aws.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# secrets-store-csi-driver-provider-aws
-
-AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. For detailed architectual overview, refer [How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver] (https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/)
-
-## Usage
-
-csi-secrets-store-provider-aws can be deployed by enabling the add-ons via the following.
-
-```hcl
-enable_secrets_store_csi_driver = true
-enable_secrets_store_csi_driver_provider_aws = true
-```
diff --git a/docs/add-ons/datadog-operator.md b/docs/add-ons/datadog-operator.md
deleted file mode 100644
index 19626a5f27..0000000000
--- a/docs/add-ons/datadog-operator.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Datadog Operator
-The [Datadog Operator](https://github.com/DataDog/datadog-operator) is a Kubernetes add-on that can automate the deployment of a best-practice Datadog monitoring agent on a Kubernetes cluster.
-
-## Usage
-The Datadog Operator can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_datadog_operator = true
-```
-
-Once the operator is provisioned, the Datadog Agent can be deployed by creating a `DatadogAgent` resource and supplying an API key.
diff --git a/docs/add-ons/external-dns.md b/docs/add-ons/external-dns.md
deleted file mode 100644
index 19e6752c72..0000000000
--- a/docs/add-ons/external-dns.md
+++ /dev/null
@@ -1,52 +0,0 @@
-# ExternalDNS
-
-[External DNS](https://github.com/kubernetes-sigs/external-dns) is a Kubernetes add-on that can automate the management of DNS records based on Ingress and Service resources.
-
-For complete project documentation, please visit the [External DNS Github repository](https://github.com/kubernetes-sigs/external-dns).
-
-## Usage
-
-External DNS can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_external_dns = true
-```
-
-External DNS can optionally leverage the `eks_cluster_domain` global property of the `kubernetes_addon` submodule. The value for this property should be a Route53 domain managed by your account. ExternalDNS will leverage the value supplied for its `zoneIdFilters` property, which will restrict ExternalDNS to only create records for this domain. See docs [here](https://github.com/bitnami/charts/tree/master/bitnami/external-dns).
-
-```
-eks_cluster_domain = <cluster_domain>
-```
-
-Alternatively, you can supply a list of Route53 zone ARNs which external-dns will have access to create/manage records:
-
-```hcl
-  external_dns_route53_zone_arns = [
-    "arn:aws:route53::123456789012:hostedzone/Z1234567890"
-  ]
-```
-
-You can optionally customize the Helm chart that deploys `external-dns` via the following configuration.
-
-```hcl
-  enable_external_dns = true
-  external_dns_helm_config = {
-    name                       = "external-dns"
-    chart                      = "external-dns"
-    repository                 = "https://charts.bitnami.com/bitnami"
-    version                    = "6.1.6"
-    namespace                  = "external-dns"
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-external_dns = {
-  enable            = true
-  zoneFilterIds     = local.zone_filter_ids
-  serviceAccountName = local.service_account
-}
-```
diff --git a/docs/add-ons/external-secrets.md b/docs/add-ons/external-secrets.md
deleted file mode 100644
index d3488eadac..0000000000
--- a/docs/add-ons/external-secrets.md
+++ /dev/null
@@ -1,37 +0,0 @@
-
-# External Secrets Operator
-
-[External Secrets Operator](https://external-secrets.io/latest) is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
-
-## Usage
-
-The External Secrets Operator can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_external_secrets = true
-```
-
-You can optionally customize the Helm chart that deploys the operator via the following configuration.
-
-```hcl
-  enable_external_secrets = true
-  external_secrets_helm_config = {
-    name                       = "external-secrets"
-    chart                      = "external-secrets"
-    repository                 = "https://charts.external-secrets.io/"
-    version                    = "0.5.9"
-    namespace                  = "external-secrets"
-  }
-```
-
-###  GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-Refer to [locals.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/external-secrets/locals.tf) for latest config. GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml).
-
-```hcl
-  argocd_gitops_config = {
-    enable = true
-  }
-```
diff --git a/docs/add-ons/fargate-fluent-bit.md b/docs/add-ons/fargate-fluent-bit.md
deleted file mode 100644
index 2bbf826a04..0000000000
--- a/docs/add-ons/fargate-fluent-bit.md
+++ /dev/null
@@ -1,11 +0,0 @@
-## Fluent Bit for Fargate
-
-[Fluent Bit for Fargate](https://aws.amazon.com/blogs/containers/fluent-bit-for-amazon-eks-on-aws-fargate-is-here/) configures Fluent Bit to forward Fargate Container logs to CloudWatch.
-
-### Usage
-
-Fluent Bit for Fargate can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_fargate_fluentbit = true
-```
diff --git a/docs/add-ons/gatekeeper.md b/docs/add-ons/gatekeeper.md
deleted file mode 100644
index dbc3dd82ec..0000000000
--- a/docs/add-ons/gatekeeper.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Gatekeeper
-
-Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.
-
-For complete project documentation, please visit the [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/).
-For reference templates refer [Templates](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper/templates)
-
-## Usage
-
-Gatekeeper can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_gatekeeper = true
-```
-
-You can optionally customize the Helm chart that deploys `Gatekeeper` via the following configuration.
-
-```hcl
-  enable_gatekeeper = true
-  # Optional  gatekeeper_helm_config
-  gatekeeper_helm_config = {
-    name                       = "gatekeeper"
-    chart                      = "gatekeeper"
-    repository                 = "https://open-policy-agent.github.io/gatekeeper/charts"
-    version                    = "3.9.0"
-    namespace                  = "gatekeeper-system"
-    values = [
-      <<-EOT
-        clusterName: ${var.eks_cluster_id}
-      EOT
-    ]
-  }
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-  argocd_gitops_config = {
-    enable          = true
-    clusterName     = var.eks_cluster_id
-  }
-```
diff --git a/docs/add-ons/grafana.md b/docs/add-ons/grafana.md
deleted file mode 100644
index 19076fb89d..0000000000
--- a/docs/add-ons/grafana.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Grafana
-
-[Grafana](https://github.com/grafana/grafana) is an open source platform for monitoring and observability.
-
-Grafana addon can be deployed with EKS blueprints in Amazon EKS server.
-This add-on configures [Prometheus](https://grafana.com/docs/grafana/latest/datasources/prometheus/) and [CloudWatch](https://grafana.com/docs/grafana/latest/datasources/aws-cloudwatch/) data sources.
-You can add more data sources using the [values.yaml](https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml)
-
-## Usage
-
-[Grafana](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/spark-k8s-operator) can be deployed by enabling the add-on via the following. This example shows the usage of the Secrets Manager to create a new secret for Grafana adminPassword.
-
-This option sets a default `adminPassword` by the helm chart which can be extracted from kubernetes `secrets` with the name as `grafana`.
-
-```
-enable_grafana = true
-```
-
-You can optionally customize the Helm chart that deploys `Grafana` via the following configuration.
-Also, provide the `adminPassword` using set_sensitive values as shown in the example
-
-```
-  enable_grafana = true
-  grafana_irsa_policies = [] # Optional to add additional policies to IRSA
-
-# Optional grafana_helm_config
-  grafana_helm_config = {
-    name        = "grafana"
-    chart       = "grafana"
-    repository  = "https://grafana.github.io/helm-charts"
-    version     = "6.32.1"
-    namespace   = "grafana"
-    description = "Grafana Helm Chart deployment configuration"
-    values = [templatefile("${path.module}/values.yaml", {})]
-    set_sensitive = [
-      {
-        name  = "adminPassword"
-        value = "<YOUR_SECURE_PASSWORD_FOR_GRAFANA_ADMIN>"
-      }
-    ]
-  }
-
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-grafana = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/index.md b/docs/add-ons/index.md
deleted file mode 100644
index ceb3885c8f..0000000000
--- a/docs/add-ons/index.md
+++ /dev/null
@@ -1,104 +0,0 @@
-# Kubernetes Addons Module
-
-The [`kubernetes-addons`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons) module within EKS Blueprints allows you to configure the add-ons you would like deployed into you EKS cluster with simple **true/false** flags.
-
-The framework currently provides support for add-ons listed in the current folder.
-
-## Add-on Management
-
-The framework provides two approaches to managing add-on configuration for your EKS clusters. They are:
-
-1. Via Terraform by leveraging the [Terraform Helm provider](https://registry.terraform.io/providers/hashicorp/helm/latest/docs).
-2. Via GitOps with [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).
-
-### Terraform
-
-The default method for managing add-on configuration is via Terraform. By default, each individual add-on module will do the following:
-
-1. Create any AWS resources needed to support add-on functionality.
-2. Deploy a Helm chart into your EKS cluster by leveraging the Terraform Helm provider.
-
-In order to deploy an add-on with default configuration, simply enable the add-on via Terraform properties.
-
-```hcl
-module "eks_blueprints_kubernetes_addons" {
-  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons"
-
-  eks_cluster_id = <EKS-CLUSTER-ID>
-
-  # EKS Addons
-
-  enable_amazon_eks_aws_ebs_csi_driver  = true
-  enable_amazon_eks_coredns             = true
-  enable_amazon_eks_kube_proxy          = true
-  enable_amazon_eks_vpc_cni             = true
-
-  #K8s Add-ons
-  enable_argocd                        = true
-  enable_aws_for_fluentbit             = true
-  enable_aws_load_balancer_controller  = true
-  enable_cluster_autoscaler            = true
-  enable_metrics_server                = true
-}
-```
-
-To customize the behavior of the Helm charts that are ultimately deployed, you can supply custom Helm configuration. The following demonstrates how you can supply this configuration, including a dedicated `values.yaml` file.
-
-```hcl
-enable_metrics_server      = true
-metrics_server_helm_config = {
-  name           = "metrics-server"
-  repository     = "https://kubernetes-sigs.github.io/metrics-server/"
-  chart          = "metrics-server"
-  version        = "3.8.1"
-  namespace      = "kube-system"
-  timeout        = "1200"
-
-  # (Optional) Example to pass values.yaml from your local repo
-  values = [templatefile("${path.module}/values.yaml", {
-   operating_system = "linux"
-  })]
-}
-```
-
-Each add-on module is configured to fetch Helm Charts from Open Source, public Helm repositories and Docker images from Docker Hub/Public ECR repositories. This requires outbound Internet connection from your EKS Cluster.
-
-If you would like to use private repositories, you can download Docker images for each add-on and push them to an AWS ECR repository. ECR can be accessed from within a private existing VPC using an ECR VPC endpoint. For instructions on how to download existing images and push them to ECR, see [ECR instructions](../advanced/ecr-instructions.md).
-
-### GitOps with ArgoCD
-
-To indicate that you would like to manage add-ons via ArgoCD, you must do the following:
-
-1. Enable the ArgoCD add-on by setting `argocd_enable` to `true`.
-2. Specify you would like ArgoCD to be responsible for deploying your add-ons by setting `argocd_manage_add_ons` to `true`. This will prevent the individual Terraform add-on modules from deploying Helm charts.
-3. Pass Application configuration for your add-ons repository via the `argocd_applications` property.
-
-Note, that the `add_on_application` flag in your `Application` configuration must be set to `true`.
-
-```hcl
-enable_argocd           = true
-argocd_manage_add_ons   = true
-argocd_applications     = {
-  infra = {
-    namespace             = "argocd"
-    path                  = "<path>"
-    repo_url              = "<repo_url>"
-    values                = {}
-    add_on_application    = true # Indicates the root add-on application.
-  }
-}
-```
-
-#### GitOps Bridge
-
-When managing add-ons via ArgoCD, certain AWS resources may still need to be created via Terraform in order to support add-on functionality (e.g. IAM Roles and Services Account). Certain resource values will also need to passed from Terraform to ArgoCD via the ArgoCD Application resource's values map. We refer to this concept as the `GitOps Bridge`
-
-To ensure that AWS resources needed for add-on functionality are created, you still need to indicate in Terraform configuration which add-ons will be managed via ArgoCD. To do so, simply enable the add-ons via their boolean properties.
-
-```
-enable_metrics_server       = true # Deploys Metrics Server Addon
-enable_cluster_autoscaler   = true # Deploys Cluster Autoscaler Addon
-enable_prometheus           = true # Deploys Prometheus Addon
-```
-
-This will indicate to each add-on module that it should create the necessary AWS resources and pass the relevant values to the ArgoCD Application resource via the Application's values map.
diff --git a/docs/add-ons/kafka.md b/docs/add-ons/kafka.md
deleted file mode 100644
index 0206a96381..0000000000
--- a/docs/add-ons/kafka.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Strimzi Operator for Apache Kafka
-[Apache Kafka](https://kafka.apache.org/intro) is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
-This addon deploys Strimizi Kafka Operator and it makes it really easy to spin up a Kafka cluster in minutes.
-
-For complete project documentation, please visit the [Strimzi Kafka](https://strimzi.io/).
-
-## Usage
-Strimzi Kafka Operator can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_strimzi_kafka_operator = true
-```
-
-You can optionally customize the Helm chart that deploys `Kafka` via the following configuration.
-
-```hcl
-  enable_strimzi_kafka_operator = true
-  # Optional  kafka_helm_config
-  strimzi_kafka_operator_helm_config = {
-    name             = local.name
-    chart            = "strimzi-kafka-operator"
-    repository       = "https://strimzi.io/charts/"
-    version          = "0.31.1"
-    namespace        = local.name
-    create_namespace = true
-    values           = [templatefile("${path.module}/values.yaml", {})]
-    description      = "Strimzi - Apache Kafka on Kubernetes"
-  }
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-strimziKafkaOperator = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/keda.md b/docs/add-ons/keda.md
deleted file mode 100644
index 75b71074c6..0000000000
--- a/docs/add-ons/keda.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# KEDA
-
-KEDA is a Kubernetes-based Event Driven Autoscaler. With KEDA, you can drive the scaling of any container in Kubernetes based on the number of events needing to be processed.
-
-KEDA is a single-purpose and lightweight component that can be added into any Kubernetes cluster. KEDA works alongside standard Kubernetes components like the Horizontal Pod Autoscaler and can extend functionality without overwriting or duplication. With KEDA you can explicitly map the apps you want to use event-driven scale, with other apps continuing to function. This makes KEDA a flexible and safe option to run alongside any number of any other Kubernetes applications or frameworks..
-
-[KEDA](https://github.com/kedacore/charts/tree/main/keda) chart bootstraps KEDA infrastructure on a Kubernetes cluster using the Helm package manager.
-
-For complete project documentation, please visit the [KEDA documentation site](https://keda.sh/).
-
-## Usage
-
-KEDA can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_keda = true
-```
-
-Deploy KEDA with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass keda-values.yaml from consumer module
-  keda_helm_config = {
-    name       = "keda"                                               # (Required) Release name.
-    repository = "https://kedacore.github.io/charts"                  # (Optional) Repository URL where to locate the requested chart.
-    chart      = "keda"                                               # (Required) Chart name to be installed.
-    version    = "2.6.2"                                              # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/keda/locals.tf
-    namespace  = "keda"                                               # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/keda-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```
-keda = {
-  enable             = true
-  serviceAccountName = "<service_account>"
-}
-```
diff --git a/docs/add-ons/kube-prometheus-stack.md b/docs/add-ons/kube-prometheus-stack.md
deleted file mode 100644
index b6e935ed44..0000000000
--- a/docs/add-ons/kube-prometheus-stack.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# kube-prometheus-stack
-[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)is a a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
-
-Components installed by this chart in this package by default:
-
-  - [The Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
-  - Highly available [Prometheus](https://github.com/prometheus/prometheus)
-  - Highly available [Alertmanager](https://github.com/prometheus/alertmanager)
-  - [Prometheus node-exporter](https://github.com/prometheus/node_exporter)
-  - [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)
-  - [Grafana](https://github.com/grafana/grafana)
-
-
-## Usage
-
-The default values.yaml file in this add-on has disabled the components that are unreachable in EKS environments, and an EBS Volume for Persistent Storage.
-
-You can override the defaults using the `set` helm_config key, and set the admin password with `set_sensitive`:
-
-```hcl
-  enable_kube_prometheus_stack      = true
-  kube_prometheus_stack_helm_config = {
-    set = [
-      {
-        name  = "kubeProxy.enabled"
-        value = false
-      }
-    ],
-    set_sensitive = [
-      {
-        name  = "grafana.adminPassword"
-        value = data.aws_secretsmanager_secret_version.admin_password_version.secret_string
-      }
-    ]
-  }
-```
-
-## Upgrading the Chart
-
-Be aware that it is likely necessary to update the CRDs when updating the Chart version. Refer to the Project documentation on upgrades for your specific versions: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#upgrading-chart
-
-
-For complete project documentation, please visit the [kube-prometheus-stack Github repository](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack).
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-kubePrometheusStack = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/kube-state-metrics.md b/docs/add-ons/kube-state-metrics.md
deleted file mode 100644
index 6d64b7422e..0000000000
--- a/docs/add-ons/kube-state-metrics.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Kube-State-Metrics
-
-[kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
-
-The metrics are exported on the HTTP endpoint /metrics on the listening port (default 8080). They are served as plaintext. They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
-
-This add-on is implemented as an external add-on. For detailed documentation and usage of the add-on please refer to the add-on [repository](https://github.com/askulkarni2/terraform-eksblueprints-kube-state-metrics-addon).
-
-## Usage
-
-The following will deploy the KSM into an EKS Cluster.
-
-```hcl-terraform
-enable_kube_state_metrics = true
-```
-
-Enable KSM with custom `values.yaml`
-
-```hcl-terraform
-  enable_kube_state_metrics = true
-
-  # Optional Map value
-  kube_state_metrics_helm_config = {
-    name       = "kube-state-metrics" # (Required) Release name.
-    repository = "https://prometheus-community.github.io/helm-charts" # (Optional) Repository URL where to locate the requested chart.
-    chart      = "kube-state-metrics" # (Required) Chart name to be installed.
-    version    = "4.5.0"
-    namespace  = "kube-state-metrics"
-    values = [templatefile("${path.module}/values.yaml", {}})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```hcl-terraform
-argocd_gitops_config = {
-  enable             = true
-  serviceAccountName = local.service_account
-}
-```
diff --git a/docs/add-ons/kubecost.md b/docs/add-ons/kubecost.md
deleted file mode 100644
index 5ca662312e..0000000000
--- a/docs/add-ons/kubecost.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Kubecost
-
-Kubecost provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs.
-Amazon EKS supports Kubecost, which you can use to monitor your costs broken down by Kubernetes resources including pods, nodes, namespaces, and labels.
-[Cost monitoring](https://docs.aws.amazon.com/eks/latest/userguide/cost-monitoring.html) docs provides steps to bootstrap Kubecost infrastructure on a EKS cluster using the Helm package manager.
-
-For complete project documentation, please visit the [Kubecost documentation site](https://www.kubecost.com/).
-
-Note: If your cluster is version 1.23 or later, you must have the [Amazon EBS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) installed on your cluster.
-
-## Usage
-
-Kubecost can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_kubecost = true
-```
-
-Deploy Kubecost with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass kubecost-values.yaml from consumer module
-    kubecost_helm_config = {
-    name       = "kubecost"                                             # (Required) Release name.
-    repository = "oci://public.ecr.aws/kubecost"                        # (Optional) Repository URL where to locate the requested chart.
-    chart      = "cost-analyzer"                                        # (Required) Chart name to be installed.
-    version    = "1.96.0"                                               # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/kubecost/locals.tf
-    namespace  = "kubecost"                                             # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/kubecost-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```sh
-kubecost = {
-  enable  = true
-}
-```
diff --git a/docs/add-ons/kuberay-operator.md b/docs/add-ons/kuberay-operator.md
deleted file mode 100644
index 47f5478789..0000000000
--- a/docs/add-ons/kuberay-operator.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# KubeRay Operator
-
-[KubeRay](https://github.com/ray-project/kuberay) is an open source toolkit to run [Ray](https://www.ray.io/) applications on Kubernetes. For details on its design, please refer to the KubeRay [documentation](https://ray-project.github.io/kuberay/).
-
-> 🛑 This add-on should be considered as experimental and should only be used for proof of concept.
-
-
-## Usage
-
-KubeRay operator can be deployed by enabling the add-on via the following.
-
-### Basic Example
-
-```hcl
-enable_kuberay_operator = true
-```
-
-### Advanced Example
-
-Advanced example of KubeRay operator add-on is not currently supported as the upstream project does not publish a [Helm chart yet]. Please 👍 this [issue](https://github.com/ray-project/kuberay/issues/475).
-
-### GitOps Configuration
-
-GitOps is not currently supported due to lack of a published Helm chart upstream. Please 👍 this [issue](https://github.com/ray-project/kuberay/issues/475).
diff --git a/docs/add-ons/kubernetes-dashboard.md b/docs/add-ons/kubernetes-dashboard.md
deleted file mode 100644
index e78cc0f4da..0000000000
--- a/docs/add-ons/kubernetes-dashboard.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Kubernetes Dashboard
-
-[Kubernetes Dashboard](https://github.com/kubernetes/dashboard) is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
-
-## Usage
-
-The following will deploy the Kubernetes Dashboard into an EKS Cluster.
-
-```hcl-terraform
-enable_kubernetes_dashboard = true
-```
-
-Enable Kubernetes Dashboard with custom `values.yaml`
-
-```hcl-terraform
-  enable_kubernetes_dashboard = true
-
-  # Optional Map value
-  kubernetes_dashboard_helm_config = {
-    name       = "kubernetes-dashboard" # (Required) Release name.
-    repository = "https://kubernetes.github.io/dashboard/" # (Optional) Repository URL where to locate the requested chart.
-    chart      = "kubernetes-dashboard" # (Required) Chart name to be installed.
-    version    = "5.2.0"
-    namespace  = "kube-system"
-    values = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```hcl-terraform
-argocd_gitops_config = {
-  enable             = true
-  serviceAccountName = local.service_account
-}
-```
-
-### Connecting to the Dashboard
-
-Follow the steps outlined [here](https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html#view-dashboard) to connect to the dashboard
diff --git a/docs/add-ons/kyverno.md b/docs/add-ons/kyverno.md
deleted file mode 100644
index 0b4aa52f65..0000000000
--- a/docs/add-ons/kyverno.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Kyverno
-
-Kyverno is a policy engine that can help kubernetes clusters to enforce security and governance policies.
-
-This addon provides support for:
-1. [Kyverno](https://github.com/kyverno/kyverno/tree/main/charts/kyverno)
-2. [Kyverno policies](https://github.com/kyverno/kyverno/tree/main/charts/kyverno-policies)
-3. [Kyverno policy reporter](https://github.com/kyverno/policy-reporter/tree/main/charts/policy-reporter)
-
-## Usage
-
-Kyverno can be deployed by enabling the respective add-on(s) via the following.
-
-```hcl
-enable_kyverno                 = true
-enable_kyverno_policies        = true
-enable_kyverno_policy_reporter = true
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```sh
-kyverno = {
-  enable = true
-}
-
-kyverno_policies = {
-  enable = true
-}
-
-kyverno_policy_reporter = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/local-volume-provisioner.md b/docs/add-ons/local-volume-provisioner.md
deleted file mode 100644
index 3b3dce9fd8..0000000000
--- a/docs/add-ons/local-volume-provisioner.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# Local volume provisioner
-
-[Local volume provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) manages PersistentVolume lifecycle for pre-allocated disks by detecting and creating PVs for each local disk on the host, and cleaning up the disks when released
-
-
-## Usage
-
-Local volume provisioner can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_local_volume_provisioner = true
-```
-
-Deploy Local volume provisioner with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass local-volume-provisioner-values.yaml from consumer module
-   local_volume_provisioner_helm_config = {
-    name       = "local-static-provisioner"                                            # (Required) Release name.
-    namespace  = "local-static-provisioner"                                            # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/local-volume-provisioner-values.yaml", {})]
-  }
-```
diff --git a/docs/add-ons/managed-add-ons.md b/docs/add-ons/managed-add-ons.md
deleted file mode 100644
index 9450b3d842..0000000000
--- a/docs/add-ons/managed-add-ons.md
+++ /dev/null
@@ -1,96 +0,0 @@
-# Amazon EKS Add-ons
-
-[Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) provide installation and management of a curated set of add-ons for Amazon EKS clusters. All Amazon EKS add-ons include the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that your Amazon EKS clusters are secure and stable and reduce the amount of work that you need to do in order to install, configure, and update add-ons.
-
-EKS currently provides support for the following managed add-ons.
-
-| Name | Description |
-|------|-------------|
-| [Amazon VPC CNI](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html)  | Native VPC networking for Kubernetes pods. |
-| [CoreDNS](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html) | A flexible, extensible DNS server that can serve as the Kubernetes cluster DNS. |
-| [kube-proxy](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html) | Enables network communication to your pods. |
-| [Amazon EBS CSI](https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html) | Manage the Amazon EBS CSI driver as an Amazon EKS add-on. |
-
-EKS managed add-ons can be enabled via the following.
-
-Note: EKS managed Add-ons can be converted to self-managed add-on with `preserve` field.
-`preserve=true` option removes Amazon EKS management of any settings and the ability for Amazon EKS to notify you of updates and automatically update the Amazon EKS add-on after you initiate an update, but preserves the add-on's software on your cluster.
-This option makes the add-on a self-managed add-on, rather than an Amazon EKS add-on.
-There is no downtime while deleting EKS managed Add-ons when `preserve=true`. This is a default option for `enable_amazon_eks_vpc_cni` , `enable_amazon_eks_coredns` and `enable_amazon_eks_kube_proxy`.
-
-Checkout this [doc](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#updating-vpc-cni-eks-add-on) for more details. Custom add-on configuration can be passed using [configuration_values](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) as a single JSON string while creating or updating the add-on.
-
-```
-# EKS Addons
-  enable_amazon_eks_vpc_cni = true # default is false
-  #Optional
-  amazon_eks_vpc_cni_config = {
-    addon_name               = "vpc-cni"
-    addon_version            = "v1.11.2-eksbuild.1"
-    service_account          = "aws-node"
-    resolve_conflicts        = "OVERWRITE"
-    namespace                = "kube-system"
-    service_account_role_arn = ""
-    preserve                 = true
-    additional_iam_policies  = []
-    configuration_values = jsonencode({
-      env = {
-        ENABLE_PREFIX_DELEGATION = "true"
-        WARM_PREFIX_TARGET       = "1"
-      }
-    })
-    tags = {}
-  }
-
-  enable_amazon_eks_coredns = true # default is false
-  #Optional
-  amazon_eks_coredns_config = {
-    addon_name               = "coredns"
-    addon_version            = "v1.8.4-eksbuild.1"
-    service_account          = "coredns"
-    resolve_conflicts        = "OVERWRITE"
-    namespace                = "kube-system"
-    service_account_role_arn = ""
-    preserve                 = true
-    additional_iam_policies  = []
-    configuration_values     = ""
-    tags                     = {}
-  }
-
-  enable_amazon_eks_kube_proxy = true # default is false
-  #Optional
-  amazon_eks_kube_proxy_config = {
-    addon_name               = "kube-proxy"
-    addon_version            = "v1.21.2-eksbuild.2"
-    service_account          = "kube-proxy"
-    resolve_conflicts        = "OVERWRITE"
-    namespace                = "kube-system"
-    service_account_role_arn = ""
-    preserve                 = true
-    additional_iam_policies  = []
-    configuration_values     = ""
-    tags                     = {}
-  }
-
-  enable_amazon_eks_aws_ebs_csi_driver = true # default is false
-  #Optional
-  amazon_eks_aws_ebs_csi_driver_config = {
-    addon_name               = "aws-ebs-csi-driver"
-    addon_version            = "v1.4.0-eksbuild.preview"
-    service_account          = "ebs-csi-controller-sa"
-    resolve_conflicts        = "OVERWRITE"
-    namespace                = "kube-system"
-    additional_iam_policies  = []
-    service_account_role_arn = ""
-    configuration_values     = ""
-    tags                     = {}
-  }
-```
-
-## Updating Managed Add-ons
-
-EKS won't modify any of your Kubernetes add-ons when you update a cluster to a newer Kubernetes version. As a result, it is important to upgrade EKS add-ons each time you upgrade an EKS cluster.
-
-Our [Cluster Upgrade](../advanced/cluster-upgrades.md) guide demonstrates how you can leverage this framework to upgrade your EKS cluster in addition to the EKS managed add-ons running in each cluster.
-
-Additional information on updating a EKS cluster can be found in the [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html).
diff --git a/docs/add-ons/metrics-server.md b/docs/add-ons/metrics-server.md
deleted file mode 100644
index dfd5f7c981..0000000000
--- a/docs/add-ons/metrics-server.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Metrics Server
-
-Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. It is not deployed by default in Amazon EKS clusters. The Metrics Server is commonly used by other Kubernetes add-ons, such as the Horizontal Pod Autoscaler, Vertical Autoscaling or the Kubernetes Dashboard.
-
-> **Important**: Don't use Metrics Server when you need an accurate source of resource usage metrics or as a monitoring solution.
-
-## Usage
-
-[Metrics Server](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/metrics-server) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_metrics_server = true
-```
-
-Once deployed, you can see metrics-server pod in the `kube-system` namespace.
-
-```sh
-$ kubectl get deployments -n kube-system
-
-NAME                                                          READY   UP-TO-DATE   AVAILABLE   AGE
-metrics-server                                                1/1     1            1           20m
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-metricsServer = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/nginx.md b/docs/add-ons/nginx.md
deleted file mode 100644
index d5ab3354b5..0000000000
--- a/docs/add-ons/nginx.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Nginx
-
-This add-on installs [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/) on Amazon EKS. The Nginx ingress controller uses [Nginx](https://www.nginx.org/) as a reverse proxy and load balancer.
-
-Other than handling Kubernetes ingress objects, this ingress controller can facilitate multi-tenancy and segregation of workload ingresses based on host name (host-based routing) and/or URL Path (path based routing).
-
-## Usage
-
-Nginx Ingress Controller can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_ingress_nginx = true
-```
-
-To validate that installation is successful run the following command:
-
-```sh
-$ kubectl get po -n kube-system
-NAME                                                              READY   STATUS    RESTARTS   AGE
-eks-blueprints-addon-ingress-nginx-78b8567p4q6   1/1     Running   0          4d10h
-```
-
-Note that the ingress controller is deployed in the `ingress-nginx` namespace.
-
-You can optionally customize the Helm chart that deploys `nginx` via the following configuration.
-
-```hcl
-  enable_ingress_nginx = true
-
-  # Optional  ingress_nginx_helm_config
-  ingress_nginx_helm_config = {
-    repository  = "https://kubernetes.github.io/ingress-nginx"
-    version     = "4.0.17"
-    values      = [file("${path.module}/values.yaml")]
-  }
-
-  nginx_irsa_policies = [] # Optional to add additional policies to IRSA
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
-
-``` hcl
-argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-```
diff --git a/docs/add-ons/nvidia-device-plugin.md b/docs/add-ons/nvidia-device-plugin.md
deleted file mode 100644
index 6e30fad557..0000000000
--- a/docs/add-ons/nvidia-device-plugin.md
+++ /dev/null
@@ -1,48 +0,0 @@
-# NVIDIA Device Plugin
-
-The NVIDIA device plugin for Kubernetes is a Daemonset that allows you to automatically:
-
-* Expose the number of GPUs on each nodes of your cluster
-* Keep track of the health of your GPUs
-* Run GPU enabled containers in your Kubernetes cluster.
-
-
-For complete project documentation, please visit the [NVIDIA Device Plugin](https://github.com/NVIDIA/k8s-device-plugin#readme).
-
-Additionally, refer to this AWS [blog](https://aws.amazon.com/blogs/compute/running-gpu-accelerated-kubernetes-workloads-on-p3-and-p2-ec2-instances-with-amazon-eks/) for more information on how the add-on can be tested.
-
-## Usage
-
-NVIDIA device plugin can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_nvidia_device_plugin = true
-```
-
-You can optionally customize the Helm chart via the following configuration.
-
-```hcl
-  enable_nvidia_device_plugin = true
-  # Optional nvidia_device_plugin_helm_config
-  nvidia_device_plugin_helm_config = {
-    name                       = "nvidia-device-plugin"
-    chart                      = "nvidia-device-plugin"
-    repository                 = "https://nvidia.github.io/k8s-device-plugin"
-    version                    = "0.12.3"
-    namespace                  = "nvidia-device-plugin"
-    values = [templatefile("${path.module}/values.yaml", {
-      ...
-    })]
-  }
-```
-
-### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps.
-
-Refer to [locals.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/nvidia-device-plugin/locals.tf) for latest config. GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
-
-```hcl
-  argocd_gitops_config = {
-    enable = true
-  }
-```
diff --git a/docs/add-ons/portworx.md b/docs/add-ons/portworx.md
deleted file mode 100644
index e51df974a8..0000000000
--- a/docs/add-ons/portworx.md
+++ /dev/null
@@ -1,135 +0,0 @@
-# Portworx add-on for EKS Blueprints
-
-## Introduction
-
-[Portworx](https://portworx.com/) is a Kubernetes data services platform that provides persistent storage, data protection, disaster recovery, and other capabilities for containerized applications. This blueprint installs Portworx on Amazon Elastic Kubernetes Service (EKS) environment.
-
-- [Helm chart](https://github.com/portworx/helm)
-
-## Requirements
-
-For the add-on to work, Portworx needs additional permission to AWS resources which can be provided in the following way.
-
-Note: Portworx currently does not support obtaining these permissions with an IRSA. Its support will be added with future releases.
-
-### Creating the required IAM policy resource
-
-1. Add the below code block in your terraform script to create a policy with the required permissions. Make a note of the resource name for the policy you created:
-
-```
-resource "aws_iam_policy" "<policy-resource-name>" {
-  name = "<policy-name>"
-
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Action = [
-          "ec2:AttachVolume",
-          "ec2:ModifyVolume",
-          "ec2:DetachVolume",
-          "ec2:CreateTags",
-          "ec2:CreateVolume",
-          "ec2:DeleteTags",
-          "ec2:DeleteVolume",
-          "ec2:DescribeTags",
-          "ec2:DescribeVolumeAttribute",
-          "ec2:DescribeVolumesModifications",
-          "ec2:DescribeVolumeStatus",
-          "ec2:DescribeVolumes",
-          "ec2:DescribeInstances",
-          "autoscaling:DescribeAutoScalingGroups"
-        ]
-        Effect   = "Allow"
-        Resource = "*"
-      },
-    ]
-  })
-}
-```
-
-2. Run `terraform apply` command for the policy (replace it with your resource name):
-
-```bash
-terraform apply -target="aws_iam_policy.<policy-resource-name>"
-```
-3. Attach the newly created AWS policy ARN to the node groups in your cluster:
-
-```
- managed_node_groups = {
-    node_group_1 = {
-      node_group_name           = "my_node_group_1"
-      instance_types            = ["t2.small"]
-      min_size                  = 3
-      max_size                  = 3
-      subnet_ids                = module.vpc.private_subnets
-
-      #Add this line to the code block or add the new policy ARN to the list if it already exists
-      additional_iam_policies   = [aws_iam_policy.<policy-resource-name>.arn]
-
-    }
-  }
-```
-4. Run the command below to apply the changes. (This step can be performed even if the cluster is up and running. The policy attachment happens without having to restart the nodes)
-```bash
-terraform apply -target="module.eks_blueprints"
-```
-
-
-## Usage
-
-After completing the requirement step, installing Portworx is simple, set ```enable_portworx``` variable to true inside the Kubernetes add-on module.
-
-```
-  enable_portworx = true
-```
-
-To customize Portworx installation, pass the configuration values as shown below:
-
-```
-  enable_portworx         = true
-
-  portworx_helm_config = {
-    set = [
-      {
-        name  = "clusterName"
-        value = "testCluster"
-      },
-      {
-        name  = "imageVersion"
-        value = "2.11.1"
-      }
-    ]
-  }
-
-}
-```
-
-## Portworx Configuration
-
-The following tables lists the configurable parameters of the Portworx chart and their default values.
-
-| Parameter | Description | Default |
-|-----------|-------------| --------|
-| `imageVersion` | The image tag to pull | "2.11.0" |
-| `useAWSMarketplace` | Set this variable to true if you wish to use AWS marketplace license for Portworx | "false" |
-| `clusterName` | Portworx Cluster Name| portworx-\<random_string\> |
-| `drives` | Semi-colon separated list of drives to be used for storage. (example: "/dev/sda;/dev/sdb" or "type=gp2,size=200;type=gp3,size=500")  |  "type=gp2,size=200"|
-| `useInternalKVDB` | boolean variable to set internal KVDB on/off | true |
-| `kvdbDevice` | specify a separate device to store KVDB data, only used when internalKVDB is set to true | type=gp2,size=150 |
-| `envVars` | semi-colon-separated list of environment variables that will be exported to portworx. (example: MYENV1=val1;MYENV2=val2) | "" |
-| `maxStorageNodesPerZone` | The maximum number of storage nodes desired per zone| 3 |
-| `useOpenshiftInstall` | boolean variable to install Portworx on Openshift .| false |
-| `etcdEndPoint` | The ETCD endpoint. Should be in the format etcd:http://(your-etcd-endpoint):2379. If there are multiple etcd endpoints they need to be ";" separated. | "" |
-| `dataInterface` | Name of the interface <ethX>.| none |
-| `managementInterface` |  Name of the interface <ethX>.| none |
-| `useStork` | [Storage Orchestration for Hyperconvergence](https://github.com/libopenstorage/stork).| true  |
-| `storkVersion` | Optional: version of Stork. For eg: 2.11.0, when it's empty Portworx operator will pick up version according to Portworx version. | "2.11.0" |
-| `customRegistryURL` | URL where to pull Portworx image from | ""  |
-| `registrySecret` | Image registry credentials to pull Portworx Images from a secure registry | "" |
-| `licenseSecret` | Kubernetes secret name that has Portworx licensing information | ""  |
-| `monitoring` | Enable Monitoring on Portworx cluster | false  |
-| `enableCSI` | Enable CSI | false  |
-| `enableAutopilot` | Enable Autopilot | false  |
-| `KVDBauthSecretName` | Refer [Securing with certificates in Kubernetes](https://docs.portworx.com/operations/etcd/#securing-with-certificates-in-kubernetes) to  create a kvdb secret and specify the name of the secret here| none |
-| `deleteType` | Specify which strategy to use while Uninstalling Portworx. "Uninstall" values only removes Portworx but with "UninstallAndWipe" value all data from your disks including the Portworx metadata is also wiped permanently | UninstallAndWipe |
diff --git a/docs/add-ons/prometheus.md b/docs/add-ons/prometheus.md
deleted file mode 100644
index 1673781752..0000000000
--- a/docs/add-ons/prometheus.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Prometheus
-
-Prometheus is an open source monitoring and alerting service. Prometheus joined the Cloud Native Computing Foundation in 2016 as the second hosted project, after Kubernetes.
-
-This project provides support for installing a open source Prometheus server in your EKS cluster and for deploying a new Prometheus instance via [Amazon Managed Service for Prometheus](https://aws.amazon.com/prometheus/).
-
-## Usage
-
-The following will deploy the Prometheus server into an EKS Cluster and provision a new Amazon Managed Service for Prometheus instance.
-
-```hcl-terraform
-# Creates the AMP workspace and all the relevant IAM Roles
-enable_amazon_prometheus         = true
-
-# Deploys Prometheus server with remote write to AWS AMP Workspace
-enable_prometheus             = true
-```
-
-Enable Prometheus with custom `values.yaml`
-
-```hcl-terraform
-  #---------------------------------------
-  # Prometheus Server integration with Amazon Prometheus
-  #---------------------------------------
-  # Amazon Prometheus Configuration to integrate with Prometheus Server Add-on
-  enable_amazon_prometheus = true
-  amazon_prometheus_workspace_endpoint = "<Enter Amazon Workspace Endpoint>"
-
-  enable_prometheus = true
-  # Optional Map value
-  prometheus_helm_config = {
-    name       = "prometheus"                                         # (Required) Release name.
-    repository = "https://prometheus-community.github.io/helm-charts" # (Optional) Repository URL where to locate the requested chart.
-    chart      = "prometheus"                                         # (Required) Chart name to be installed.
-    version    = "15.3.0"                                             # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/prometheus/locals.tf
-    namespace  = "prometheus"                                         # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/prometheus-values.yaml", {
-      operating_system = "linux"
-    })]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```hcl-terraform
-prometheus = {
-  enable             = true
-  ampWorkspaceUrl    = "<workspace_url>"
-  roleArn            = "<role_arn>"
-  serviceAccountName = "<service_account>"
-}
-```
diff --git a/docs/add-ons/promtail.md b/docs/add-ons/promtail.md
deleted file mode 100644
index ff54972bca..0000000000
--- a/docs/add-ons/promtail.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Promtail
-
-Promtail is an agent which ships the contents of local logs to a Loki instance.
-
-[Promtail](https://github.com/grafana/helm-charts/tree/main/charts/promtail) chart bootstraps Promtail infrastructure on a Kubernetes cluster using the Helm package manager.
-
-For complete project documentation, please visit the [Promtail documentation site](https://grafana.com/docs/loki/latest/clients/promtail/).
-
-## Usage
-
-Promtail can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_promtail = true
-```
-
-Deploy Promtail with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass promtail-values.yaml from consumer module
-  promtail_helm_config = {
-    name       = "promtail"                                               # (Required) Release name.
-    repository = "https://grafana.github.io/helm-charts"                  # (Optional) Repository URL where to locate the requested chart.
-    chart      = "promtail"                                               # (Required) Chart name to be installed.
-    version    = "6.3.0"                                                  # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/promtail/locals.tf
-    namespace  = "promtail"                                               # (Optional) The namespace to install the release into.
-    values = [templatefile("${path.module}/promtail-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```hcl
-promtail = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/secrets-store-csi-driver.md b/docs/add-ons/secrets-store-csi-driver.md
deleted file mode 100644
index a8110f736f..0000000000
--- a/docs/add-ons/secrets-store-csi-driver.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# secrets-store-csi-driver
-
-Secrets Store CSI Driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/) volume.
-
-The Secrets Store CSI Driver `secrets-store.csi.k8s.io` allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.
-
-For more details, refer [Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/)
-
-## Usage
-
-secrets-store-csi-driver can be deployed by enabling the add-ons via the following.
-
-```hcl
-enable_secrets_store_csi_driver = true
-```
-
-You can optionally customize the Helm chart that deploys `secrets_store_csi_driver` via the following configuration.
-
-```hcl
-secrets_store_csi_driver_helm_config = {
-    name       = "secrets-store-csi-driver"
-    chart      = "secrets-store-csi-driver"
-    repository = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
-    version    = "1.2.4"
-    namespace  = "secrets-store-csi-driver"
-    set_values = [
-      {
-        name  = "syncSecret.enabled"
-        value = "false"
-      },
-      {
-        name  = "enableSecretRotation"
-        value = "false"
-      }
-    ]
-}
-```
diff --git a/docs/add-ons/smb-csi-driver.md b/docs/add-ons/smb-csi-driver.md
deleted file mode 100644
index 87da9b8eb5..0000000000
--- a/docs/add-ons/smb-csi-driver.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# SMB CSI Driver Helm Chart
-SMB CSI Driver allows Kubernetes to access SMB server on both Linux and Windows nodes.
-The driver requires existing and already configured SMB server, it supports dynamic provisioning of Persistent Volumes via Persistent Volume Claims by creating a new subdirectory under SMB server.
-
-[SMB CSI Driver](https://github.com/kubernetes-csi/csi-driver-smb/tree/master/charts) docs chart bootstraps SMB CSI Driver infrastructure on a Kubernetes cluster using the Helm package manager.
-
-For complete project documentation, please visit the [SMB CSI Driver documentation site](https://github.com/kubernetes-csi/csi-driver-smb).
-
-## Usage
-
-SMB CSI Driver can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_smb_csi_driver = true
-```
-
-Deploy SMB CSI Driver with custom `values.yaml`
-
-```hcl
-  # Optional Map value; pass smb-csi-driver-values.yaml from consumer module
-   smb_csi_driver_helm_config = {
-    name       = "csi-driver-smb"                                                                          # (Required) Release name.
-    repository = "https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts"           # (Optional) Repository URL where to locate the requested chart.
-    chart      = "csi-driver-smb"                                                                          # (Required) Chart name to be installed.
-    version    = "v1.9.0"                                                                                  # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/smb-csi-driver/locals.tf
-    values     = [templatefile("${path.module}/smb-csi-driver-values.yaml", {})]
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps.
-
-```sh
-smbCsiDriver = {
-  enable  = true
-}
-```
diff --git a/docs/add-ons/spark-history-server.md b/docs/add-ons/spark-history-server.md
deleted file mode 100644
index b1b0d1045e..0000000000
--- a/docs/add-ons/spark-history-server.md
+++ /dev/null
@@ -1,73 +0,0 @@
-# Spark History Server
-
-[Spark Web UI](https://spark.apache.org/docs/latest/web-ui.html#web-ui) can be enabled by this Add-on.
-This Add-on deploys Spark History Server and fetches the Spark Event logs stored in S3. Spark Web UI can be exposed via Ingress and LoadBalancer with `values.yaml`.
-Alternatively, you can port-forward on spark-history-server service. e.g.,  `kubectl port-forward services/spark-history-server 18085:80 -n spark-history-server`
-
-## Usage
-
-[Spark History Server](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/spark-k8s-operator) can be deployed by enabling the add-on via the following.
-
-### Basic Example
-
-```
-enable_spark_history_server   = true
-spark_history_server_s3a_path = "s3a://<ENTER_S3_BUCKET_NAME>/<PREFIX_FOR_SPARK_EVENT_LOGS>/"
-```
-
-### Advanced Example
-
-```
-enable_spark_history_server = true
-
-# IAM policy used by IRSA role. It's recommended to create a dedicated IAM policy to access your s3 bucket
-spark_history_server_irsa_policies = ["<IRSA_POLICY_ARN>"]
-
-# NOTE: This block requires passing the helm values.yaml
-# spark_history_server_s3a_path won't be used when you pass custom `values.yaml`. s3a path is passed via `sparkHistoryOpts` in `values.yaml`
-
-spark_history_server_helm_config = {
-    name             = "spark-history-server"
-    chart            = "spark-history-server"
-    repository       = "https://hyper-mesh.github.io/spark-history-server"
-    version          = "1.0.0"
-    namespace        = "spark-history-server"
-    timeout          = "300"
-    values = [
-        <<-EOT
-        serviceAccount:
-          create: false
-
-        # Enter S3 bucket with Spark Event logs location.
-        # Ensure IRSA roles has permissions to read the files for the given S3 bucket
-        sparkHistoryOpts: "-Dspark.history.fs.logDirectory=s3a://<ENTER_S3_BUCKET_NAME>/<PREFIX_FOR_SPARK_EVENT_LOGS>/"
-
-        # Update spark conf according to your needs
-        sparkConf: |-
-          spark.hadoop.fs.s3a.aws.credentials.provider=com.amazonaws.auth.WebIdentityTokenCredentialsProvider
-          spark.history.fs.eventLog.rolling.maxFilesToRetain=5
-          spark.hadoop.fs.s3a.impl=org.apache.hadoop.fs.s3a.S3AFileSystem
-          spark.eventLog.enabled=true
-          spark.history.ui.port=18080
-
-        resources:
-          limits:
-            cpu: 200m
-            memory: 2G
-          requests:
-            cpu: 100m
-            memory: 1G
-        EOT
-    ]
-}
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-sparkHistoryServer = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/spark-on-k8s-operator.md b/docs/add-ons/spark-on-k8s-operator.md
deleted file mode 100644
index b2288e6e81..0000000000
--- a/docs/add-ons/spark-on-k8s-operator.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Spark K8S Operator
-The Kubernetes Operator for Apache Spark aims to make specifying and running Spark applications as easy and idiomatic as running other workloads on Kubernetes. It uses Kubernetes custom resources for specifying, running, and surfacing status of Spark applications. For a complete reference of the custom resource definitions, please refer to the API Definition. For details on its design, please refer to the design doc. It requires Spark 2.3 and above that supports Kubernetes as a native scheduler backend.
-
-For complete project documentation, please visit the [Spark K8S Operator documentation site](https://github.com/GoogleCloudPlatform/spark-on-k8s-operator).
-
-## Usage
-
-[Spark K8S Operator](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/spark-k8s-operator) can be deployed by enabling the add-on via the following.
-
-### Basic Example
-
-```hcl
-  enable_spark_k8s_operator = true
-```
-
-### Advanced Example
-```hcl
-  enable_spark_k8s_operator = true
-  # Optional Map value
-  # NOTE: This block requires passing the helm values.yaml
-  spark_k8s_operator_helm_config = {
-    name             = "spark-operator"
-    chart            = "spark-operator"
-    repository       = "https://googlecloudplatform.github.io/spark-on-k8s-operator"
-    version          = "1.1.19"
-    namespace        = "spark-k8s-operator"
-    timeout          = "1200"
-    create_namespace = true
-    values = [templatefile("${path.module}/values.yaml", {})]
-
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-sparkK8sOperator = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/tetrate-istio.md b/docs/add-ons/tetrate-istio.md
deleted file mode 100644
index b5b2cff138..0000000000
--- a/docs/add-ons/tetrate-istio.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Tetrate Istio Distro
-
-[Tetrate Istio Distro](https://istio.tetratelabs.io/) is simple, safe enterprise-grade Istio distro.
-
-This add-on is implemented as an external add-on. For detailed documentation and usage of the add-on please refer to the add-on [repository](https://github.com/tetratelabs/terraform-eksblueprints-tetrate-istio-addon).
-
-## Example
-
-Checkout the full [example](https://github.com/tetratelabs/terraform-eksblueprints-tetrate-istio-addon/tree/main/blueprints/getting-started).
-
-## Usage
-
-This step deploys the [Tetrate Istio Distro](https://istio.tetratelabs.io/) with default Helm Chart config
-
-```hcl
-  enable_tetrate_istio = true
-```
-
-Alternatively, you can override the helm values by using the code snippet below
-
-```hcl
-  enable_tetrate_istio = true
-
-  # Optional fine-grained configuration
-
-  tetrate_istio_distribution    = "TID"    # (default, Tetrate Istio Distro)
-  tetrate_istio_version         = "1.12.2"
-  tetrate_istio_install_base    = "true"   # (default, Istio `base` Helm Chart)
-  tetrate_istio_install_cni     = "true"   # (default, Istio `cni` Helm Chart)
-  tetrate_istio_install_istiod  = "true"   # (default, Istio `istiod` Helm Chart)
-  tetrate_istio_install_gateway = "true"   # (default, Istio `gateway` Helm Chart)
-
-  # Istio `base` Helm Chart config
-  tetrate_istio_base_helm_config = {
-    name = "istio-base"            # (default) Release name.
-    repository = "https://istio-release.storage.googleapis.com/charts" # (default) Repository URL where to locate the requested chart.
-    chart   = "base"               # (default) Chart name to be installed.
-    version = "1.12.2"             # (default) The exact chart version to install.
-    values  = []
-  }
-
-  # Istio `cni` Helm Chart config
-  tetrate_istio_cni_helm_config = {
-    name = "istio-cni"             # (default) Release name.
-    repository = "https://istio-release.storage.googleapis.com/charts" # (default) Repository URL where to locate the requested chart.
-    chart   = "cni"                # (default) Chart name to be installed.
-    version = "1.12.2"             # (default) The exact chart version to install.
-    values  = [yamlencode({
-      "global" : {
-        "hub" : "containers.istio.tetratelabs.com",
-        "tag" : "1.12.2-tetratefips-v0",
-      }
-    })]
-  }
-
-  # Istio `istiod` Helm Chart config
-  tetrate_istio_istiod_helm_config = {
-    name = "istio-istiod"          # (default) Release name.
-    repository = "https://istio-release.storage.googleapis.com/charts" # (default) Repository URL where to locate the requested chart.
-    chart   = "istiod"             # (default) Chart name to be installed.
-    version = "1.12.2"             # (default) The exact chart version to install.
-    values  = [yamlencode({
-      "global" : {
-        "hub" : "containers.istio.tetratelabs.com",
-        "tag" : "1.12.2-tetratefips-v0",
-      }
-    })]
-  }
-
-  # Istio `gateway` Helm Chart config
-  tetrate_istio_gateway_helm_config = {
-    name = "istio-ingress"         # (default) Release name.
-    repository = "https://istio-release.storage.googleapis.com/charts" # (default) Repository URL where to locate the requested chart.
-    chart   = "gateway"            # (default) Chart name to be installed.
-    version = "1.12.2"             # (default) The exact chart version to install.
-    values  = []
-  }
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```hcl
-tetrateIstio = {
-  enable = true
-}
-```
-
-GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml)
diff --git a/docs/add-ons/thanos.md b/docs/add-ons/thanos.md
deleted file mode 100644
index 86b9443892..0000000000
--- a/docs/add-ons/thanos.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# Thanos
-
-Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations.
-
-For complete project documentation, please visit the [Thanos documentation site](https://thanos.io/tip/thanos/getting-started.md/).
-
-## Usage
-
-[Thanos](https://github.com/bitnami/charts/tree/main/bitnami/thanos) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_thanos = true
-```
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-thanos = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/traefik.md b/docs/add-ons/traefik.md
deleted file mode 100644
index a9855ca1b5..0000000000
--- a/docs/add-ons/traefik.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Traefik
-
-Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.
-
-For complete project documentation, please visit the [Traefik documentation site](https://doc.traefik.io/traefik/).
-
-## Usage
-
-[Traefik](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/traefik) can be deployed by enabling the add-on via the following.
-
-```hcl
-enable_traefik = true
-```
-
-## How to test Traefik Web UI
-
-Once the Traefik deployment is successful, run the following command from your a local machine which have access to an EKS cluster using kubectl.
-
-```
-$ kubectl port-forward svc/traefik -n kube-system 9000:9000
-```
-
-Now open the browser from your machine and enter the below URL to access Traefik Web UI.
-
-```
-http://127.0.0.1:9000/dashboard/
-```
-
-![alt text](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/a8ceac6c977a3ccbcb95ef7fb21fff0daf0b7081/images/traefik_web_ui.png "Traefik Dashboard")
-
-#### AWS Service annotations for Traefik Ingress Controller
-
-Here is the link to get the AWS ELB [service annotations](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/) for Traefik Ingress controller
-
-### GitOps Configuration
-
-The following properties are made available for use when managing the add-on via GitOps
-
-```
-traefik = {
-  enable = true
-}
-```
diff --git a/docs/add-ons/vault.md b/docs/add-ons/vault.md
deleted file mode 100644
index dbb8504789..0000000000
--- a/docs/add-ons/vault.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# HashiCorp Vault
-
-[HashiCorp Vault](https://www.vaultproject.io) brokers and deeply integrates with trusted identities to automate access to secrets, data, and systems.
-
-This add-on is implemented as an external add-on. For detailed documentation and usage of the add-on please refer to the add-on [repository](https://github.com/hashicorp/terraform-aws-hashicorp-vault-eks-addon).
-
-## Example
-
-Checkout the full [example](https://github.com/hashicorp/terraform-aws-hashicorp-vault-eks-addon/tree/main/blueprints/getting-started).
-
-## Usage
-
-This step deploys the [HashiCorp Vault](https://www.vaultproject.io) with default Helm Chart config
-
-```hcl
-  enable_vault = true
-```
-
-Alternatively, you can override the Helm Values by setting the `vault_helm_config` object, like shown in the code snippet below:
-
-```hcl
-  enable_vault = true
-
-  vault_helm_config = {
-    name       = "vault"                                          # (Required) Release name.
-    chart      = "vault"                                          # (Required) Chart name to be installed.
-    repository = "https://helm.releases.hashicorp.com"            # (Optional) Repository URL where to locate the requested chart.
-    version    = "v0.19.0"                                        # (Optional) Specify the exact chart version to install.
-
-    # ...
-  }
-```
-
-This snippet does not contain _all_ available options that can be set as part of `vault_helm_config`. For the complete listing, see the [`hashicorp-vault-eks-blueprints-addon` repository](https://github.com/hashicorp/terraform-aws-hashicorp-vault-eks-addon/).
diff --git a/docs/add-ons/vpa.md b/docs/add-ons/vpa.md
deleted file mode 100644
index 804ac07f9d..0000000000
--- a/docs/add-ons/vpa.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Vertical Pod Autoscaler
-[VPA](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help "right size" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.
-
-NOTE: Metrics Server add-on is a dependency for this addon
-
-## Usage
-
-This step deploys the Vertical Pod Autoscaler with default Helm Chart config
-
-```hcl
-  enable_vpa = true
-```
-
-Alternatively, you can override the helm values by using the code snippet below
-
-```hcl
-  vpa_enable = true
-
-  vpa_helm_config = {
-    name       = "vpa"                                 # (Required) Release name.
-    repository = "https://charts.fairwinds.com/stable" # (Optional) Repository URL where to locate the requested chart.
-    chart      = "vpa"                                 # (Required) Chart name to be installed.
-    version    = "1.0.0"                               # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/vpa/locals.tf
-    namespace  = "vpa"                              # (Optional) The namespace to install the release into.
-    values     = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
diff --git a/docs/add-ons/yunikorn.md b/docs/add-ons/yunikorn.md
deleted file mode 100644
index eae5b97e2f..0000000000
--- a/docs/add-ons/yunikorn.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# Apache YuniKorn
-[YuniKorn](https://yunikorn.apache.org/) YuniKorn is a light-weight, universal resource scheduler for container orchestrator systems.
-
-Apache YuniKorn (Incubating) is a new Apache incubator project that offers rich scheduling capabilities on Kubernetes. It fills the scheduling gap while running Big Data workloads on Kubernetes, with a ton of useful features such as hierarchical queues, elastic queue quotas, resource fairness, and job ordering
-
-You can define `batchScheduler: "yunikorn"` when you are running Spark Applications using SparkK8sOperator
-
-## Usage
-This step deploys the Apache YuniKorn K8s schedular with default Helm Chart config
-
-```hcl
-  enable_yunikorn = true
-```
-
-Alternatively, you can override the helm values by using the code snippet below
-
-```hcl
-  enable_yunikorn = true
-
-  yunikorn_helm_config = {
-    name       = "yunikorn"                                 # (Required) Release name.
-    repository = "https://apache.github.io/yunikorn-release" # (Optional) Repository URL where to locate the requested chart.
-    chart      = "yunikorn"                                 # (Required) Chart name to be installed.
-    version    = "0.12.2"                               # (Optional) Specify the exact chart version to install. If this is not specified, it defaults to the version set within default_helm_config: https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/yunikorn/locals.tf
-    values     = [templatefile("${path.module}/values.yaml", {})]
-  }
-```
diff --git a/docs/advanced/.pages b/docs/advanced/.pages
deleted file mode 100644
index 9fbb9ca8b9..0000000000
--- a/docs/advanced/.pages
+++ /dev/null
@@ -1,8 +0,0 @@
-nav:
-    - Bottlerocket: bottlerocket.md
-    - Cluster Upgrades: cluster-upgrades.md
-    - ECR Instructions: ecr-instructions.md
-    - GitOps with Flux: gitops-with-flux.md
-    - Multi-cluster: multi-cluster.md
-    - Private Clusters: private-clusters.md
-    - ...
diff --git a/docs/advanced/bottlerocket.md b/docs/advanced/bottlerocket.md
deleted file mode 100644
index 9098834b91..0000000000
--- a/docs/advanced/bottlerocket.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Bottlerocket OS
-
-[Bottlerocket](https://aws.amazon.com/bottlerocket/) is an open source operating system specifically designed for running containers. Bottlerocket build system is based on Rust. It's a container host OS and doesn't have additional software's or package managers other than what is needed for running containers hence its very light weight and secure. Container optimized operating systems are ideal when you need to run applications in Kubernetes  with minimal setup and do not want to worry about security or updates, or want OS support from  cloud provider. Container operating systems does updates transactionally.
-
-Bottlerocket has two containers runtimes running. Control container **on** by default used for AWS Systems manager and remote API access. Admin container **off** by default for deep debugging and exploration.
-
-Bottlerocket [Launch templates userdata](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl) uses the TOML format with Key-value pairs.  
-Remote API access API via SSM agent. You can launch trouble shooting container via user data `[settings.host-containers.admin] enabled = true`.
-
-### Features
-* [Secure](https://github.com/bottlerocket-os/bottlerocket/blob/develop/SECURITY_FEATURES.md) - Opinionated, specialized and highly secured
-* **Flexible** - Multi cloud and multi orchestrator
-* **Transactional** -  Image based upgraded and rollbacks
-* **Isolated** - Separate container Runtimes
-
-### Updates
-Bottlerocket can be updated automatically via Kubernetes  Operator
-
-```sh
-    kubectl apply -f Bottlerocket_k8s.csv.yaml
-    kubectl get ClusterServiceVersion Bottlerocket_k8s | jq.'status'
-```
diff --git a/docs/advanced/cluster-upgrades.md b/docs/advanced/cluster-upgrades.md
deleted file mode 100644
index 755458787b..0000000000
--- a/docs/advanced/cluster-upgrades.md
+++ /dev/null
@@ -1,59 +0,0 @@
-### EKS Upgrade Documentation
-
-#### Objective:
-
-The purpose of this document is to provide an overview of the steps for upgrading the EKS Cluster from one version to another. Please note that EKS upgrade documentation gets published by AWS every year.
-
-The current version of the upgrade documentation while writing this [README](https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)
-
-#### Prerequisites:
-
-    1. Download the latest upgrade docs from AWS sites (https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)
-    2. Always upgrade one increment at a time (E.g., 1.20 to 1.21). AWS doesn't support upgrades from 1.20 to 1.22 directly
-
-#### Steps to Upgrade EKS cluster:
-
-1. Change the version in Terraform to the desired Kubernetes cluster version. See the example below
-
-   ```hcl-terraform
-   cluster_version      = "1.21"
-   ```
-
-2. If you are specifying a version for EKS managed addons, you will need to ensure the version used is compatible with the new cluster version, or use a data source to pull the appropriate version. If you are not specifying a version for EKS managed addons, no changes are required since the EKS service will update the default addon version based on the cluster version specified.
-
-To ensure the correct addon version is used, it is recommended to use the addon version data source which will pull the appropriate version for a given cluster version:
-
-```hcl-terraform
-module "eks_blueprints_kubernetes_addons" {
-  # Essential inputs are not shown for brevity
-
-  enable_amazon_eks_coredns = true
-  amazon_eks_coredns_config = {
-    most_recent = true
-  }
-
-  enable_amazon_eks_aws_ebs_csi_driver = true
-  amazon_eks_aws_ebs_csi_driver_config = {
-    most_recent = true
-  }
-
-  enable_amazon_eks_kube_proxy = true
-  amazon_eks_kube_proxy_config = {
-    most_recent = true
-  }
-
-  enable_amazon_eks_vpc_cni = true
-  amazon_eks_vpc_cni_config = {
-    most_recent = true
-  }
-}
-```
-
-3. Apply the changes to the cluster with Terraform. This will:
-  - Upgrade the Control Plane to the version specified
-  - Update the Data Plane to ensure the compute resources are utilizing the corresponding AMI for the given cluster version
-  - Update addons to reflect the respective versions
-
-## Important Note
-
-Please note that you may need to update other Kubernetes Addons deployed through Helm Charts to match with new Kubernetes upgrade version
diff --git a/docs/advanced/ecr-instructions.md b/docs/advanced/ecr-instructions.md
deleted file mode 100644
index cc23551caf..0000000000
--- a/docs/advanced/ecr-instructions.md
+++ /dev/null
@@ -1,31 +0,0 @@
-# Docker upload to Elastic Container Registry
-
-Download the docker image to your local Mac/Laptop
-
-```
-$ docker pull <image name>:<image tag>
-```
-
-Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:
-
-```
-$ aws ecr get-login-password --region <aws region> | docker login --username AWS --password-stdin <account id>.dkr.ecr.<aws region>.amazonaws.com
-```
-
-Create an ECR repo for your image.
-
-```
-$ aws ecr create-repository --repository-name <image name> --image-scanning-configuration scanOnPush=true
-```
-
-After the repo is created in ECR, tag your image so, you can push the image to this repository:
-
-```
-$ docker tag <image name>:<image tag> <account id>.dkr.ecr.<aws region.amazonaws.com/<image name>:<image tag>
-```
-
-Step 6: Run the following command to push this image to your newly created AWS repository:
-
-```
-$ docker push <account id>.dkr.ecr.<aws region.amazonaws.com/<image name>:<image tag>
-```
diff --git a/docs/advanced/gitops-with-flux.md b/docs/advanced/gitops-with-flux.md
deleted file mode 100644
index 79d0210a19..0000000000
--- a/docs/advanced/gitops-with-flux.md
+++ /dev/null
@@ -1,114 +0,0 @@
-# Manage your cluster(s) configuration with Flux
-
-Once you have deployed your EKS cluster(s) with Terraform, you can leverage [Flux](https://fluxcd.io) to manage your cluster's configuration with [GitOps](https://www.gitops.tech/), including the deployment of add-ons, cluster configuration (e.g. cluster policies) and applications. Using GitOps practices to manage your clusters configuration will simplify management, scaling the number of clusters you run and be able to easily recreate your clusters, treating them as ephemeral resources. Recreating your cluster is as simple as deploying a new cluster with Terraform and bootstrapping it with Flux pointing to the repository containing the configuration.
-
-The [aws-samples/flux-eks-gitops-config](https://github.com/aws-samples/flux-eks-gitops-config) repository provides a sample configuration blueprint for configuring multiple Amazon EKS clusters belonging to different stages (`test` and `production`) using [GitOps](https://www.gitops.tech/) with [Flux v2](https://fluxcd.io/docs/). This repository installs a set of commonly used Kubernetes add-ons to perform policy enforcement, restrict network traffic with network policies, cluster monitoring, extend Kubernetes deployment capabilities enabling progressive Canary deployments for your applications...
-
-You can use the above sample repository to experiment with the predefined cluster configurations and use it as a baseline to adjust it to your own needs.
-
-This sample installs the following Kubernetes add-ons:
-
-* **[metrics-server](https://github.com/kubernetes-sigs/metrics-server):** Aggregator of resource usage data in your cluster, commonly used by other Kubernetes add ons, such us [Horizontal Pod Autoscaler](https://docs.aws.amazon.com/eks/latest/userguide/horizontal-pod-autoscaler.html) or [Kubernetes Dashboard](https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html).
-* **[Calico](https://docs.tigera.io/calico/next/about/):** Project Calico is a network policy engine for Kubernetes. Calico network policy enforcement allows you to implement network segmentation and tenant isolation. For more information check the [Amazon EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/calico.html).
-* **[Kyverno](https://kyverno.io/):** Kubernetes Policy Management Engine. Kyverno allows cluster administrators to manage environment specific configurations independently of workload configurations and enforce configuration best practices for their clusters. Kyverno can be used to scan existing workloads for best practices, or can be used to enforce best practices by blocking or mutating API requests.
-* **[Prometheus](https://prometheus.io/):** Defacto standard open-source systems monitoring and alerting toolkit for Kubernetes. This repository installs [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack).
-* **[Flagger](https://flagger.app/):** Progressive delivery operator for Flux. Flagger can run automated application analysis, testing, promotion and rollback for the following deployment strategies: Canary, A/B Testing and Blue/Green. For more details, check the [Flagger documentation](https://docs.flagger.app/).
-* **[nginx-ingress-controller](https://kubernetes.github.io/ingress-nginx/):** Ingress controller to expose apps and enable [canary deployments and A/B testing with Flagger](https://docs.flagger.app/tutorials/nginx-progressive-delivery).
-
-**NOTE:** The add-ons on the sample are not configured for a production-ready cluster (e.g. Prometheus would need to be configured for long term metric storage, nginx would need HPA and any custom settings you need...).
-
-There're also a set of Kyverno cluster policies deployed to audit (test) or enforce (production) security settings on your workloads, as well as [podinfo](https://github.com/stefanprodan/podinfo) as a sample application, configured with [Flagger](https://flagger.app/) to perform progressive deployments. For further information, visit the [aws-samples/flux-eks-gitops-config](https://github.com/aws-samples/flux-eks-gitops-config) repository documentation.
-
-## Bootstrap your cluster with Flux
-
-The below instructions assume you have created a cluster with `eks-blueprints` with no add-ons other than aws-load-balancer-controller. If you're installing additional add-ons via terraform, the configuration may clash with the one on the sample repository. If you plan to leverage Flux, we recommend that you use Terraform to install and manage only add-ons that require additional AWS resources to be created (like IAM roles for Service accounts), and then use Flux to manage the rest.
-
-### Prerequisites
-
-The add-ons and configurations of this repository require Kubernetes 1.21 or higher (this is required by the version of kube-prometheus-stack that is installed, you can use 1.19+ installing previous versions of kube-prometheus-stack).
-
-You'll also need the following:
-
-* Install flux CLI on your computer following the instructions [here](https://fluxcd.io/docs/installation/). This repository has been tested with flux 0.22.
-* A GitHub account and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) that can create repositories.
-
-### Bootstrap your cluster
-
-Fork the [aws-samples/flux-eks-gitops-config](https://github.com/aws-samples/flux-eks-gitops-config) repository on your personal GitHub account and export your GitHub access token, username and repo name:
-
-```sh
-  export GITHUB_TOKEN=<your-token>
-  export GITHUB_USER=<your-username>
-  export GITHUB_REPO=<repository-name>
-```
-
-Define whether you want to bootstrap your cluster with the `TEST` or the `PRODUCTION` configuration:
-
-```sh
-  # TEST configuration
-  export CLUSTER_ENVIRONMENT=test
-
-  # PRODUCTION configuration
-  export CLUSTER_ENVIRONMENT=production
-```
-
-Verify that your staging cluster satisfies the prerequisites with:
-
-```sh
-  flux check --pre
-```
-
-You can now bootstrap your cluster with Flux CLI.
-
-```sh
-  flux bootstrap github --owner=${GITHUB_USER} --repository=${GITHUB_REPO} --branch=main --path=clusters/${CLUSTER_ENVIRONMENT} --personal
-```
-
-The bootstrap command commits the manifests for the Flux components in `clusters/${CLUSTER_ENVIRONMENT}/flux-system` directory and creates a deploy key with read-only access on GitHub, so it can pull changes inside the cluster.
-
-Confirm that Flux has finished applying the configuration to your cluster (it will take 3 or 4 minutes to sync everything):
-
-```sh
-  $ flux get kustomization
-  NAME                READY MESSAGE                                                           REVISION                                        SUSPENDED
-  apps                True  Applied revision: main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   False
-  calico-installation True  Applied revision: master/00a2f33ea55f2018819434175c09c8bd8f20741a master/00a2f33ea55f2018819434175c09c8bd8f20741a False
-  calico-operator     True  Applied revision: master/00a2f33ea55f2018819434175c09c8bd8f20741a master/00a2f33ea55f2018819434175c09c8bd8f20741a False
-  config              True  Applied revision: main/8fd33f531df71002f2da7bc9619ee75281a9ead0   main/8fd33f531df71002f2da7bc9619ee75281a9ead0   False
-  flux-system         True  Applied revision: main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   False
-  infrastructure      True  Applied revision: main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   main/b7d10ca21be7cac0dcdd14c80353012ccfedd4fe   False
-```
-
-Get the URL for the nginx ingress controller that has been deployed in your cluster (you will see two ingresses, since Flagger will create a canary ingress):
-
-```sh
-   $ kubectl get ingress -n podinfo
-   NAME             CLASS   HOSTS          ADDRESS                               PORTS   AGE
-   podinfo          nginx   podinfo.test   k8s-xxxxxx.elb.us-west-2.amazonaws.com   80      23h
-   podinfo-canary   nginx   podinfo.test   k8s-xxxxxx.elb.us-west-2.amazonaws.com   80      23h
-```
-
-Confirm that podinfo can be correctly accessed via ingress:
-
-```sh
-  $ curl -H "Host: podinfo.test" k8s-xxxxxx.elb.us-west-2.amazonaws.com
-  {
-  "hostname": "podinfo-primary-65584c8f4f-d7v4t",
-  "version": "6.0.0",
-  "revision": "",
-  "color": "#34577c",
-  "logo": "https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/cuddle_clap.gif",
-  "message": "greetings from podinfo v6.0.0",
-  "goos": "linux",
-  "goarch": "amd64",
-  "runtime": "go1.16.5",
-  "num_goroutine": "10",
-  "num_cpu": "2"
-  }
-```
-
-Congratulations! Your cluster has sync'ed all the configuration defined on the repository. Continue exploring the deployed configuration following these docs:
-
-* [Review the repository structure to understand the applied configuration](https://github.com/aws-samples/flux-eks-gitops-config/blob/main/docs/repository-structure.md)
-* [Test the cluster policies configured with Kyverno](https://github.com/aws-samples/flux-eks-gitops-config/blob/main/docs/test-kyverno-policies.md)
-* [Test progressive deployments with Flux, Flagger and nginx controller](https://github.com/aws-samples/flux-eks-gitops-config/blob/main/docs/flagger-canary-deployments.md)
diff --git a/docs/advanced/multi-cluster.md b/docs/advanced/multi-cluster.md
deleted file mode 100644
index 75d58e4137..0000000000
--- a/docs/advanced/multi-cluster.md
+++ /dev/null
@@ -1,62 +0,0 @@
-## Advanced Deployment Folder Structure
-
-This example shows how to structure folders in your repo when you want to deploy multiple EKS Clusters across multiple regions and accounts.
-
-The top-level `examples\advanced` folder provides an example of how you can structure your folders and files to define multiple EKS Cluster environments and consume this Blueprints module. This approach is suitable for large projects, with clearly defined sub directory and file structure.
-
-Each folder under `live/<region>/application` represents an EKS cluster environment(e.g., dev, test, load etc.). Each folder contains a `backend.conf` and `<env>.tfvars`, used to create a unique Terraform state for each cluster environment.
-
-Terraform backend configuration can be updated in `backend.conf` and cluster common configuration variables in `<env>.tfvars`
-
-e.g. folder/file structure for defining multiple clusters
-
-        ├── examples\advanced
-        │   └── live
-        │       └── preprod
-        │           └── eu-west-1
-        │               └── application
-        │                   └── dev
-        │                       └── backend.conf
-        │                       └── dev.tfvars
-        │                       └── main.tf
-        │                       └── variables.tf
-        │                       └── outputs.tf
-        │                   └── test
-        │                       └── backend.conf
-        │                       └── test.tfvars
-        │       └── prod
-        │           └── eu-west-1
-        │               └── application
-        │                   └── prod
-        │                       └── backend.conf
-        │                       └── prod.tfvars
-        │                       └── main.tf
-        │                       └── variables.tf
-        │                       └── outputs.tf
-
-
-## Important Note
-
-If you are using an existing VPC, you need to ensure that the following tags are added to the VPC and subnet resources
-
-Add Tags to **VPC**
-```hcl
-    Key = "Kubernetes.io/cluster/${local.cluster_id}"
-    Value = "Shared"
-```
-
-Add Tags to **Public Subnets tagging** requirement
-```hcl
-    public_subnet_tags = {
-      "Kubernetes.io/cluster/${local.cluster_id}" = "shared"
-      "Kubernetes.io/role/elb"                      = "1"
-    }
-```
-
-Add Tags to **Private Subnets tagging** requirement
-```hcl
-    private_subnet_tags = {
-      "Kubernetes.io/cluster/${local.cluster_id}" = "shared"
-      "Kubernetes.io/role/internal-elb"             = "1"
-    }
-```
diff --git a/docs/core-concepts.md b/docs/core-concepts.md
deleted file mode 100644
index 7798d11bf9..0000000000
--- a/docs/core-concepts.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# Core Concepts
-
-This document provides a high level overview of the Core Concepts that are embedded in EKS Blueprints. For the purposes of this document, we will assume the reader is familiar with Git, Docker, Kubernetes and AWS.
-
-| Concept                     | Description                                                                                   |
-| --------------------------- | --------------------------------------------------------------------------------------------- |
-| [Cluster](#cluster)         | An Amazon EKS Cluster and associated worker groups.                                           |
-| [Add-on](#add-on)           | Operational software that provides key functionality to support your Kubernetes applications. |
-| [Team](#team)               | A logical grouping of IAM identities that have access to Kubernetes resources.                |
-| Pipeline                    | Continuous Delivery pipelines for deploying `clusters` and `add-ons`.                         |
-| [Application](#application) | An application that runs within an EKS Cluster.                                               |
-
-## Cluster
-
-A `cluster` is simply an EKS cluster. EKS Blueprints provides for customizing the compute options you leverage with your `clusters`. The framework currently supports `EC2`, `Fargate` and `BottleRocket` instances. It also supports managed and self-managed node groups.
-
-We rely on [`terraform-aws-modules/eks/aws`](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest) to configure `clusters`. See our [examples](getting-started.md) to see how `terraform-aws-modules/eks/aws` is configured for EKS Blueprints.
-
-## Add-on
-
-`Add-ons` allow you to configure the operational tools that you would like to deploy into your EKS cluster. When you configure `add-ons` for a `cluster`, the `add-ons` will be provisioned at deploy time by leveraging the Terraform Helm provider. Add-ons can deploy both Kubernetes specific resources and AWS resources needed to support add-on functionality.
-
-For example, the `metrics-server` add-on only deploys the Kubernetes manifests that are needed to run the Kubernetes Metrics Server. By contrast, the `aws-load-balancer-controller` add-on deploys both Kubernetes YAML, in addition to creating resources via AWS APIs that are needed to support the AWS Load Balancer Controller functionality.
-
-EKS Blueprints allows you to manage your add-ons directly via Terraform (by leveraging the Terraform Helm provider) or via GitOps with ArgoCD. See our [`Add-ons`](add-ons/index.md) documentation page for detailed information.
-
-## Team
-
-`Teams` allow you to configure the logical grouping of users that have access to your EKS clusters, in addition to the access permissions they are granted. EKS Blueprints currently supports two types of `teams`: `application-team` and `platform-team`. `application-team` members are granted access to specific namespaces. `platform-team` members are granted administrative access to your clusters.
-
-See our [`Teams`](teams.md) documentation page for detailed information.
-
-## Application
-
-`Applications` represent the actual workloads that run within a Kubernetes cluster. The framework leverages a GitOps approach for deploying applications onto clusters.
-
-See our [`Applications`](https://aws-ia.github.io/terraform-aws-eks-blueprints/main/add-ons/argocd/#bootstrapping) documentation for detailed information.
diff --git a/docs/getting-started.md b/docs/getting-started.md
index a40d0ed0c5..abe0e68db3 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -70,7 +70,7 @@ fargate-ip-10-0-10-71.us-west-2.compute.internal    Ready    <none>   2m48s   v1
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
+terraform destroy -target="module.eks_blueprints_addons" -auto-approve
 terraform destroy -target="module.eks" -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/docs/images/colored-logo.png b/docs/images/colored-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..d49129e3f81fa9d5b871804893bf6807489a1ecc
GIT binary patch
literal 106378
zcmeFa2|U!@+duvpgse^33dN9+Wf;qhEZHMTD0_x6mTbciQj8>HuP9{aR$55OS~0R!
zwxm#Y3Z<wNBK*%#cir7Q-{pCJzu)tH{p)ovxjyH*&N=VvT+6wxb9YA=8S1h!ZDE2S
zh*fWomN5jaZ-$_CJ&g2#GN&o$3;wm9u*ZT3K~h50zhVBlYDXc6X}^o6rje1er;jJm
z*^?lkr>QAG@b+|cal=E9|BEyeCsUKxTq-ktpEUN8NeO#BjX4<wj5VT29A`zu1=nxT
zCktjh=R8mi*Vd-veUM3}jg2Kma~_ajiDc?xcqy128=6Cod^A58nB&@UcV?t{vA9!p
z^!ij<Q7Z$5k>$c3)B$-C%N32S@PW{V+WNtlQoBQ#gbC0F#v%tn;(`zinhjD`-ie?v
zR6;QSc4kJ1vM+^#<O^S7f1{CX4I`a`QGCv#_cD?=pxwt}H7-HBbzr2lBoPxRlMcc*
z;_QbZBS{FmBY318BBjkH2f`q$1VK(%=2=K!6P~OEIq!n5w;qbrhRl%=hvVK_4AdnF
zA@$50_dtcE5T#`U^DT&x1wtMmhlxRSfe`kAkdQxgDjDL?`Dmv6VQ0aHQE`A&@-5|Z
zVT^W&6{DmVgPEDsR?!wc?wuS8b~JVucT3$5NZu?PBF8>3)dWGAXF0)crxyHM*a})&
z6k<!*Y$e}R(JvwF?S~g%wO%9ahM+;8pteN`>7p&9UGyaP#q8}9bk2vFGks^G9B;Aj
zE`~B+zc8C3P_fa@I#d4q`Ky;NyYy={tn40{omh0bZ%Z*-aQhOZ{B`E@K;@8dh^$SB
zF5T?F{iaU_xqPkX)}ONP8Hv;VTFSiimA@TPt7l(sF3vH0V53*8*2U;4*<3_~#yPRN
z?N62*hWaJuX;u5>p~54ou)wpDc{VuO>AgEPnEOzMW+3R}9nb2gqKvd8=g`4czokjF
z1>MZ;5Xn*RoEHQg))JO7eN?2@zz9KFnIYnZ>b#$-c_b+GeAVlEs+qrH6;5dg*WTCI
zpuyxo;`7FeT|cQIdb+ugUmPp_bT_{o<$&|)cmkW${exv}Dg^d9JI3^C(Yqn*>C_)E
zZn6`6L5A5!nhV7;awmt)3Rdr-+ZZJ*@Q}=L0I~P1{2m$ONK=7>d-y-9c++6Qt#vBS
z?s@>pp8R_HuC7c%$gKk^Pg#mJ%kvbsoYKi=e(c~Qb1{x9Gv%@O?JX+N3R$C%uQ{{7
zh*Q;UKvKqd7*MrtNU8c7jhkqR_3^mIn~3Wy*Xp+v9=c9@C*m`%^`;-)#t?1FdIdT^
z4FS8Y>U+!$%niHt<O%Qz%fVl)S6okf>cIUSi1@s{w?!)8Uut>mWo5$6_ecnJY>e9^
zy&;gSS*s|#F+x*zNBJ2Vy_<iSKH2z0=ZS~0&})e+DRO(Z2*p2q;oy3U0h1shu=7FK
z%e0p@FHtXfUkZM-VoI~$?e)j3$&je=qa*s8Uu}3L_lh2$B&&Wf=b~|MUY03bKF(4j
zKdZ#}#)0s>O>({$G0mY|dV6#8v(LA0aprcOak(+(QvvTiztu4DvDuTx*ScegW3-?A
zSXfVUhBlC$L^r4KFz`5S_T#ycWN>M7d(`FzQ>3EIc+zMxd$Q+2bMX@K<D6$7F`d^x
zFLIt&T-x-?)k|0Vt}-8-I@o9$cjd6ji2|L2D3jqU>z`h@cJOMN(YOh(iPM!`dEr-`
z@;pt|{s^*Ih@iKqF{s(E`Nx6Go3_Ju>jju`n~VG<1YKFLo%RipuNAr3{QUS)@jFQi
z{CA>Mu3pK)XrlB{W<|zR365$E!%1GVsXm75M@26uP6b8waZHL0iSb^NGboqATf1Jp
zka)rT+Ma6%uIY~7Qz&?MIqlLt?K>9pA#Cam`a7(5=sLx<tV<g;d2Z5sndvguJ{6_U
z1yWaCb9uAwX!%unT%JfuuRKgjH}JgN7jSQMj_-u@g6V?$+~v=@Eavn@EW-5NEG<0B
zb@E=G%KXv|-5(BU+SKgU%(XjjmpFLpY<Zh<&NH1D9rkFKdh21~VfT9X`Wz8@5kZl?
z``+xExM;ku{F2zET?V@h8k(D$vzt4T<x^B-I%P*wMpHUd`b)8v{+1FYc_n3dy<0CW
zFIh~K-1P{v#8~8-AGEY7(#cQD-`;U2|ITIj<#NM#!)xgsPBn!eN*<P6DcxN7s*Aq6
zpv1l8gq@Q;w^M0dLCr+`z4#LqCt?;<7+Axfvt8r2<PRd=_U2GJq||q@C3QmWMBS$g
zuce*LTQ{_Jp@vH~HHy``q?x3&>pF2el@mj!$Wak{Pc}*=s!FBs*7rWR_fp^IvzN`_
zu_vF?Qi@XUzsu{sF`+QwG7;XB(Il54mTrL}KCXG7IdI@rn;LV*d8BLq^`QNl`$L?H
zM}?$u(r3-`I}1y5{jSc~O>(PFt9oY)s}3tG_R02H*fuFrN*|Oq?yvDow+-vp3>I2)
zSUR@U23;m?hdI$kgs6vD(ag^tJ1$ritESYApT70{oqBX;xjLtM+{yftud4F}ogchC
zlP@?kn$&W(#f2@*C}^zXF@xQRT~tjF%Z{+{FtgKYu>`XDmNuD0dB3(EO=7>+oYn=c
zz7!{!{g@k)`tstcSEY_9zfi1@t5B<#a<piAW}arQ=eCy*BPCv-;Ne!;|MlHe_)yvq
z^Kc+{lJo-`LO@o_{ZC<+xvofUlu){`+kk9{PI#}rK|GHudi%#se%oW20`BwQcS1<F
zDYTKhG_A$A8h+d(zVFz%w`cFl2ME`pawT4spW1Qd%v}RkgWeRSbgqj>1>9v-l<vud
zo;!QSOXI5GzW5TSH%=ptM;ou>!)`6sc|?^;Z#~cO(6#8y^>r4KOeGqZ#!M|mJH;7p
zIpNJ5tC}MoVJ=)t-`V`GspwJn8O7AejHP!Q?{6GDSCV^rubCvj`N+NNM=-aPy#l(K
zhB?>mJbj4%x^h`$iMac-{ny@^B^CtT6FIieHRN#hqm$LeFxPSBgG{f&PK@_-zO&hH
zE^X0YY&Um0jaQX3BC>#^n>&#+xJ$Ih{}pez=cB6Ro`l<1uGN-1v^qX<d_B@9nQp~)
z;cDVYBAW;6^B1>S`w!iI_jy{oTRO2>wEIqIiDr3Dm2%l#{N;x&&AZf0|1kYzI%ldd
z@uaudu5;F-ZGt!O?zG(7XWdqJXBJc+R(2nR9o+ZK@fm(zZ@y?otsvs+>)8wQ?l$>`
z?q2U2XrIt7FbJ`gbe2DT#{Wdc)HtqV=eRCg!?w!Bv`IfnRt46BF{$-KLIkaVm#=5m
z_s?u)ReEtWI`H}+L;JR){7(GRM>H;eyr`36a&g|u-l}4MlWJSXo4#XTb-TB*r^+c?
z1n5thK6H8U`eb{&)5q56wDV~vf~3CmV7s$R0!MKz{YTh6Co4Ai3_j6biW=Q@cUOz`
z$1<Ofx4K_#GAlE?ctgq7{f*BX<;D2+{S9|g?_4Y>w{|U`ICif%&~fH9Z@OYj@27hK
zAGnq}o~2_{dhbmg^PH)h`P|Rd8|1xXp{4Q8bH5!E`FHo<wf(gFo%(al-tcE?R*OAd
zlRd#lD1Mn!Z9Td(^kJc`i)TN_v1_i2OO9(i&3bw~9j%JN45@i9y#9Jwv(=$hB%OOP
zd$F;An@c)q_Stx6OIuP~R^rFR_$v3~xeIS7<C|}E*Wa(-TKUi)C3E=Gq4{^!em#Et
zlR5qD`(GXx2o_y({&MrP$>YoO@tfo0m*{AdroQ4(lHDNuySSK|`<U-DP{Mh-OW8Si
z+T*4C-3cHOg&<`$e}Wy(74IWpk9TtMP(e)IsX_?2IH(}Z<o6->5j646E_;r7<4ukk
zn&OVR;xG;fHB}~Me<dKm9q(f&;P39{K~(ZrK`hHv0>7t{r4a(lLwsCS5bD$k1<dyu
z321tH;|1iU6eMvnC|LnTjFgN#Miwn6As~yCQIJN;Ny}g)Wl&1sFFB;Zw_gZVCh$9D
zZwE&uV=bL;(}AB<5Y9e61SM%{KR-VyKa`ZGw-aE;V5E_<(z3FWV1y(wz{AJRU($mp
zv?AoY94$N%=j}r9aq;vJpvtwg_w@BqK_I9T{rPKUUk<oG=OOrdyDiV+fRo0%;ob2b
zK1695DH-Y2_y9V8GI|idVGhuj_O~MdCgfU7`}Y0UZ0_!>auR)v@jnn*bwZ+P00A#;
zj3;{fdgJh5xX^0rCi-X}1yFp0_MZ@>eH7rZswfvXH(#QUx1Eot_v!+F8t`91Vrt~H
zI{$YleWVFaYoMa#;{IRruAl;j;XR1pIDnI~${_&C)cvo;tUf>Cr&IbDD8UD?W7MjP
z2H$`&t)>9#m$lixUmVxq{r-7Pq<vf**Em7cFKe>l{aw~zqkdUoTejd8!%}v@DLHz2
zyW9Dwy13gp;iU;4PRi0hh(FM$j`VTyal`+_4P-1k0(Cc^zf!+{aC4zL2qiZ=4{&Du
zB^~gNcD`;t2vv166I%mMCr?`)7Y{o(TVq`fWofGAySe;T&I<Lf;+L2A>q?ZtnNZU7
z##2wXsi&u#>WY*5aeW83ci`0IrQ`)f_u1iGJgB#NF=gpr*?!vZpP%qrc0PDjz^y2W
zRFssJF_l3op%j&5<-w0iNaRmKR!06JW1pvki(|mwWXLF?<dsmEpJn_s@>dzag*({!
z*!@#dejfW*Is5i08RI=1T&SK_)6I@ZR0S0cPe&zil9zY!_wRq>-|y`L!jhevmM6}a
z>T>n8RDFG29F!E~wG~hpqykz&Q%6QdOG8~jTUHB=R@Bs1*VK?hDt?#03jg2c_(}Fk
z5OeUvfhh>zZAQr+hjeg|lR-<`;T>coWn>iXB<+xna*}A29LCNbtU|#~;roO?3H#eb
zdLBd{I}aQlYyxOo$^}f~fRV=`7335o?a(NDNjU|yyrexEg_lI46mS?vSw%UtJpQ}r
zpV<E<S_|*(aun~N<L&9b9McGP-b6gr<*OjR`}{wH;5SoT4jM`>e_s;{<$y+_9dVL)
z2MkV9P7Y696UI>ziIJ7Fb41DD6lK76|Hl4fO;mGS`3#W!t~Tn99l(zN73n{*uO{8|
z-##2Gt6PPCwQ0Q9Ji{wue);}G#COI0q@17p4b_JL3)tgA1WqL2rw`w~nF-$Ouhj1!
zfSaRwuYauLKQ#@ax{@7^YKN*sJ8({@>idcIW63KV)QMIGta3aY?By_MIY)U(w4x$j
zQVwk|D`_tWj;x~t(jMuEk&(m6{we<__O<8mbH;o8>F;DPrZNgjNHlO)-+k4}N|r~h
zErjUl=;LSSjaPR9UgDcO*87oy2&_0{#lO1a70G{PU3&_gGl(mA2UY3s=zS;r%CdTJ
z`QM>EM>&)O%1%aB5+#qs0PQI#N@6fF_L9Jv%Hr(NijJ}lGT-<2uWL^hX^O-sQU9U_
zujOd<Kd3!<Db#<u{&1ciNAcc1|AGYqE4KqzD!eyQ)sgDm?Fa-n7n~i{mZb@vM4y$r
zjDU~lU%njmaQJrX_$kf)uGgPL{wEz>oV*N5K>>}Ev_~NoB;_!UGLmRHIeSUGEXH02
z99=m(dHe5M{5Ov7N}?sNB(L!M=>8uG97qSWojqR80R#@D49F`K<s~r=au`V*N*0Zg
z#mFP^_OkzN{r#LM|8_k;2l@XWyPn@$|34CNR<7`P0ufy2R&4D*G_w4&cM@vK{O?7U
zU#{Q(wrBc>6^0eb|4AwB|4HNgsmS#I@_;(5+|IvS$+w%>uesNcTh~u!^d~w3%h}%#
zlcQ#Q|4X*_-@j7+Q&o@^4gR*jmE?^2&y|bjU+V<liw=LUD=7bT6;LwqvGexvB^a$d
zF;X?dgVg!I`2ORpQp*;gCa+{@1nRd$Rd8ASE8*`W_t+5+xe#6K-SDQ~b{<4<xbYsi
z09743H{wcdiz;r7LI0Js{op1=@CLQjHAVdx@pn1<?EI-aFmXAC|0k;{pd<o11xkLZ
zibw@1<nk}7MX%6)Ot50cRI0P8JWB4Dk<NcD>3oyv>*3;~YUJXNcO!lmxlH;Y^-q|8
zTK7+)zH7zE4HS<J!G)3d(?{xxs0E|H9u(>U`t||T!9h)2K;7N$80d-Z2U>ChnpwL-
z{#QYNE^XDxzpu>1&&~(utn2OROZXSp_D`zk+kU`l)Kzk#PD6!3RcoaOAh0sM!1Dad
z3;ub~513bkP;vPohgwEeU8%c&V_K%H$)xG&<_RG5`DL3wM6acbzmE79t9(D0msd_)
zhI<(T&3zVof7R`;V^-PBF9Ln2D3}=SH~og*^3VSS8`VB#kjOvHV0mUAD)k>TyL&p|
zRjJGWHs|us|CkLIVCSLw%Z$skf6Pj4N`bDisvKrz!7J`fSLr+bA4>?pySaJ#sbb`$
zKsOrv`nL3M<bTX>?*{tuzpj3TxF+-Jw)&?6!EcuB|9|X6t>P^HgAUYk`)_%@|Kxe{
z21Q?4dHHXer2e#~Ca6#^i+1wHgQ~WSJn9?Q%Fq9p&)&`VhqGD!VNIU@+gkrico-rj
z7^xeY?l;sHkU=TR3uu1Z=TClT&4vF7(*HA`^7{yUdkFGNQ}Ab(@u!x4Qt5IiG4TQ&
zSOGl`*Z(M$|C?b%UUtQguXL1kmHx#zg8G&z{@ZcnmoWA(h7t5H)Bi7wBmbGF>ECi7
zsPBj9UkM>{-<kfU2%-Qg>C18Ge^&_k9x~*>`@jFJh+&`(-VFUKNrM4M8KmSuSM}SI
z9bF}Ze<E#ASC#ypF{u9&!!=YT(chM(vG(x)+lj*8(nA59Cn4b9juuA7`!%&qOuq5|
zU%PkwTPFVRrHMbd{v{*-!S>&>@|EN9*E{{6iNH71*S^!Pez;bXxh#rW>sh&r|E(0D
z4Bmw)fr6BSFAneh{Y4#k^Xukf?``KDAON1zQElljqkiO=RBr$8Z}JX-b~*L2i!69+
zE49M&w{JhQ{`u5vd7t2699|We;g1(!Kgg?cf&W<Vdm)WTJ^XswnhG))1qDf2DG>O7
zi1}&UPjaXaES11RHR{E4`H2qT`5W!m@#fTLU2eY1<54TcC~0ubrUJCg`}6l-c`g0{
z@6X?V<^92WkXo|>VP<){U&udkQQv_oE#qebUYg^n1;bxSzm8rmgqi>ODi=6XB)CQ|
zbN%{hRaT21tTOUcM1HXT^ywSx%1Qm{P581OU7>;(=isrs^q;TY*LJag+ROjIZ+`6Q
ze?Zt;B7RS@7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMN
ztI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e
z!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZ
zENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{S
zf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA
z7BZ{Sf5WvZENc;e!?hMNtJ42VxR`$Y`SIWnNmW7kfj=F-Nqb`g_><)YaC?mRLC~@7
z5JU=vpf5|{->)Ia7YRXcun?q_1VP-M=WOeAAeh2#JuP)p{}*q2$IrKSl_(5gs=OAr
zZK_s)V-e19b#Ay1y!td_rVxo=ofD9DYms)*+!b=pVC<OD%ofYcw5~j&*NUR2ox9~%
z<LYYj$CYwfDCxTKBW1)$|H8YG3&EccXf*|W3@)0jQ`=R1P|GdoV`~TeL;vJr-=(Gg
z<5QFPkr$=3)ISa%!p`c8HTwmR&sQy)eVtX77*cL6JLENAblvysEZ?<zU$~Q>&)tTx
z?a+phk<FCrwq3eaWwt%D4OP9fpTF)%p$YQnU78&l-mjo=t*M91ydu-DU;c#iT*i`O
z(4vG}WXFfkU!I8|7Asy&1|D7ao;h*^I(<*f{1fw1O4L${P5%}#R^z}%5&W~IVngsh
zh62AR!oALPA6|{7)DdD%#oBMO-GA6pyLPFrbEsmUV}TZ(!P#sKY08~xr0w2zoC!Ac
zV{V`gZ`M79WoDxry!!+%&dz;x<*KM*wdr0uK2?4`TM2ucqZ!8MXY#l<PTOmWpd~)j
zpX!#q^H%#6wq-W-HD3N<t~M3sc}Znj-lBb<TCX66supf2Zc&HiP2?B~mo8;S+z9hp
zdZS2dtH4N*uvHKV{;YPx-C&uWq&c1u)+{u1;JB4216+;kX>pb&zY$EE2z9&DI}W;U
zep5IRe4M4uXL&T`f`>A@Yxd4FDd9o~pSOxvDukG8&-5JG&V^+J%luj<=se`A-s1`Q
z>Py93gzV2J^WI$H{M2JCP|DbhK&KrPy+qq$(8h;F4Y+T<<l643r8=#4LzXDXwLFq1
z(fARfQgxH7MhIWc)B4gnpNqR8-5h7Oq(?f~t+sJy&s5le_B=HfBgq|Y1<O1}8H*0N
zA{C?dF<N<DN*>C0n8JK0A)*&)>&w<BeU4hv7CjTHY5qCojC7cf>)DkBA$$B4rgL|D
z2y*Ip@H4$8sfdB$h49&1vrEPTiiu2oCxo8VcOojz?^zx{;G-|bowbL}!&295&x}k3
zqT-M+<p!AINH^3pG@c?G_1JLBY3wE&c<=n<h!x$i6(rmulcNYd;yn%Gsh8-!p325x
z$9PEr$E}1*&oHs{RrHgNN0W1pb}dgqP&*+M5jB>6)<&z=K)kSY-|-WtU&(DxLTeK#
zj}@S)Sxe#0Q#pt1SPm`Fzr1(o8`B-$-j_k_F~S3;FJ>*ZIwNT>X}0kZChC@yIUZIg
zxDAaTD5!W0qfUTy$xVnFi+p+UeJac8Ojd0l<od`Fl8N+Jrw_$@ChiYy6Y=DPd*<xS
zw2E3bGLp<4ueWa!HOiAsv5#LEX))yd;mn4v8>)KEy<n+FTXidzjMuu`+;kqjynLR}
zNv2m)!ZZh6b9QE19ZO&53yvQjZcuHK`>SoNb(-F~vdg}rnaiRxjhS9yH!8Gow%v;>
z*wkw&Y{U*WnZ>oR5ADr~j{S2O4OlUGR*2(KHAj9<;HA$psKg<X9gzFBV!*bxQ^<@r
z0@~5zb~lFX>N&o=3M5@_f=DITqh?{6PcOzQ9!sipo*X<N$I#<c9SpB{2&=gnNnZNI
z8xw=hd{kVA=+RPs=<kwBhh&JQ=#09Mj*OIBXh{frnI}KjhtVtc0n?DJurDtMuI#!d
zw-Qgs7Aramf7F6Vg@-ryMi~8DB}8Ah0|nd3Q8arjVLp3FCcf$Ub%cHU((JXR08Y58
z=PsJJD*ck#f#wQv<lwqa2B(-)Y!i)NIonkHXFZpulsKYk`CJR;Zzayl-dN~ZQf9A1
zT<&Yn7aGE8-Hv=TC^0;U_X+dv_(D+)e4$WzG^;2)3}qz8aJ=fVt(KX<OrSsShP+lK
zzJ4Z6OEWq6he@O3wkZk~;mB<{JC%^>G+)sT&2uWmO}0_@oz89U>BIK6I=PGfL0dLy
ztr)k>Hpsq=*w;<=#}$O;#6>N|78Ioxs}Y>91*!T)?@T?DjTvaXd96y<Z<B)*94mYQ
z{^8IJ2Hp4~JA#}z=-z$PT-(g;{UHWg?9fy<qVgzCvEkX3m<h=sn*hioV_fR~iJ^<`
zh#|G)FZvvW$2UL7`kbdVbmg3AxUVOAG1Nusy;Ga-@h|yH0V15(+KxeYEA%U+VP7rf
z#M-e2Q+|~Yv3D8LIpd--i4Vp`ZZCZzUOYjAd{yqTRcS{|vp6C>-~n4;T#W5BtX^lJ
zC$JMQni-k{plP=lXdN2Ac@5}C<c(5=qKCW00NORiZ!o|6O3amD@pM`pr5nvT;}?&K
zu@bjX_Ka4D_%LoO+NY)L#m;hc3-3}PJ4AnkpJ{9$lcTx1jC*Ekwj_rSN-OC%wT_};
zE18(xu(ibCnXlH}$GHqVZK{?xdv1@))e$KiBNaR6OZB==-N$qtb-No~aIHsU%kJ$R
zStPdUOU`WdrG*)~KxN@|DwIPhk!nKrSGs7YErZeL&hPVSSd!3&nJQ=8V``9YYj#<B
z*kqOs=_qyHOQ?N0QXD=JSe=g>lBk%s2-d2#M(nOT1plB=;bi0LMVSVRL~~6~8Hq9!
z#_iMkx&zTy7Qr}kI2@b?^^KnjP*ce~q(>vSEYS9;+wu`ZR~Xnx<*{&Q)Kmn|K!%Lh
z*4{?h#KEx5*i%zM$0akn$+SWH+W4N{$;+tg)F{_MKnyn{3et*&lCksh4@ciCNcCH4
z`_Vnt;n=-ystZvuG?^?n`*4wR^XTq(#NO)}<6KXYZtqBb9vKo57d|ys;eJ@3Ht9jo
z(apUd@;jjSn<7Ut3)U@2RA`j<&u75U>ElMq41W3hq=bg_H}=?bGL4c3TX9iF$cA2p
zECO4eUqMRPNsLlOv&^fTgsqXUNG?{oohK$<prmInWMlGh>cMcEtkiWXl-D-lLzvm;
zTVC0Sz8oFBko?7zg|d6JP+K$!7nov%W_YUD*{o5`*MH1S3j9wFfup`@EyPL+mdF`b
zE#+7Tj-#OT2sf~wv8`II!Zd`Vomu{D9t8(S;2$hD_6+WGtlU70q+s60-&2^m9Z}Fl
z34-$QmGc{zv<ua67l->1h{L?Jupk$H_)<i{e2)&F!Ly}JFqR{NYSOuP#dD9xPS7vn
z%Ocp39EtD`<q01vf~|Nj6~JLu{(XM?=y@Jh26DkC-xfcwPMl=h%{tY)Gf?5}aPmNx
zqI9mc_RR6-8UBIJkv2}AB^&+nH_Wl%4~4rJIwd^>3@CoS2C+4BOUhUuC19A9Pvq|D
zawgq|qJ^X@D0XDRmvO2+(FIbE>YR0_mY>AVo{^A1i)cbmimo5ac&;2Y{Y0lWn6LLy
z0svu3awugCxbgeE6HxIBt=g!jyIkuwSvMY!B!>xi8K)%guZ38!+X~1eP5*Pr`8*_8
zi*M1Gl0<WE2qrorIzYN+uM8Ak5=&N7nYU-+Yh}7@L+Muz`mBi#;><i+L@onROl-S<
zKS4r^q9T`@07g6Y#I+)T^7$SdTuP(ixtN%Rjomfvh`_SA&M)%3Y0bj24e*S7`24&x
zcR?Bl?8vZ)R3(~wcbxmZhcy&Ur2UYU@G(n`4XUp!xvA&KedB~533bdvx+SD@skIJb
zamy${D!?}Jj7#N==Y5ft%Z1Q&eKX<+)tQ)(=sVG|*%)-+{RKy}a=$kI8YW7a{KAO3
z9V4!E18i54wx0>_z{`2!FuU%1Pw6IzcFK~@ZSX8(p3lDi1Y=cgv%7Yz^aRVIv59NP
zy)QE2K$^l<Md&=pMjCD7Y<;c_9amHpM?x*TtN9v`Q@u2&vlG1GvAquSUzm?<=^t4@
zm9h_RHzW~L8ai=S(zVq*Km|3DFMQ9_4qURR3YdMo?JUi1-4Gbz$-*%$YyFc#<)$ob
zET^Q1l&+2sMaGY=jm6sEJHtrHY!Vtu8?}uN$;Nbfw)G_#7igGaprC??0{rKlx+OGP
zr)X#gZgadD+C?92+5f6<ZVOL)*-^O7&7Q``{BZ1pi|@ZiJrcVZIxpSfl$+34d95e>
zeZ3OY9q`<9>y`tMC=xQf6`avsM5KwVhPk?uX!HB$bIkk0?6IU59XT0%&-G(~7h2#N
zzmYR8?uV~tqp$(P0eX31rAVn21MGwS2#Oyo56WhQ1dnmLasR+|NFE$Ohw)vlRe2HF
zn6kjEpee?V(JW3mXg+W&Jma3PW?ctj0P?AYV#^aV!la0)ExF+|l;p31G?^cL=d%-r
zL=TZZlraK+ayDl6i^jq&+q_*TIZ3!A?U|0|^9*iJMNpl_0}uxf)Zhc(TH*Dgcp;33
zWFnp`2XEVRGH_0mhF<n`^IUtHs&=gg0?O$Y3S89Y1RIHq`ZSuGAgx<ynMX@-0|tAg
z>N%^tMHGqFUy5d64_{)$Bp>o<MHB4co5|21rWrb@enPfl)Ry@G(iHeNtIXEDVmGpP
zo&4<U<K#h0xdODKxpZ{<Q+r7oHcF`K08ijoZU6PL?N$lKBleJ?TxawB*P?G7g=ktZ
zM?cS~sht`nKqfMA1%!$7qC5y~qQQv}RjMB_lbDg^>!qOts7UAfkDs=@u0?@0?G@v;
zhu93%rAD*6`3T~z+N68R@@+P3*pG)V824cc&SxEvYcS;=jpD8IPTUB??&fOqO+%^4
z_$+b47_!UOp>H$82ktPKYu4l|AO;eA5@`qSs1()1S@a`G5t1z_V@i+YpFo*3jb#4|
z$-D=UkA0sp=n(|iQAA1l0cffnQNhMVkcvYQx6@M&M+-hOXkCZ-{Nk&4MdB&gK-4~;
z*2)Xn13f+$apKHVml8e-R-~+t(Sq`7wZRTT9yJ|e;`6^ti>6ESd(Tf7jUwDBW<;N-
zp6tVp7JFz(lTC=Bv`vXTG}^@I69)>+*+?&%YrOJVI`!%J$PB@hENe2<uTDYJPQOpp
z6~p(bB?gMILKB2%+Xh*ka-3stN<HFigds(Wf~E-Dndlw2)37;YT@xXY0%1{OhtVYB
z#gulEP>XM3Tdxqw=IeHvSY;g>txlVQv-FVFv5Dv0qkjM)k`Jgt920XB_U9%fi}Elk
z_F#m2M@T2i*-4WK<k6}qk_u49%};43`@-%Yh9)MB2l+;`0jEU$=)&%+VA(gVv}&Dt
zck+-A(eXVFV+8jNVTvD|Cx3CBlB?tN&5bZ!o|F+FAO6953-nffkk2X0IratjFxAS*
zvwU!>>JX0LD5_mp*CK*4gWo($$1sH6g}pIPJGfoxbWR)p7W7GGcwxA&V?iAyq;r6~
zjlbcDG&@Dmdb)TUK{j%Pr^fy(@b^i1*A~ZU(U;FNq6Kts)7&|tMVb^wdRLg=iUVsq
zH*5|=pG(}LL(q>L$@3Bf2k-b8_b@R6LVAH?J?V36AX+t&L|d@|R+!UIWyR*RsC`ak
zM4wuu%VQrzAA({>A4LeKMrLD<SVgPF72E-V7Mg9));ey4Zb-h37$AXtmh+JK<$z1r
z$a8J+DQ8!MF&!UP!V*9<&IcJ%P|}7PZG6QNwN-b^KPufmMo;RNKn%r~dZLS)+;S-)
zHe{$QZc*f_{Dx4gj62ord}nejo;N6=I_<Ho@-uj!eUjHbA#|99mUTo3&O}a^mH9)|
z`w=F{4Y#$oTaozy!9E{so}Dgap1OGvtTHU{XlzcxM<os^h;WQsNs8zO;F{C;dQj^w
zvu6QBDRFG$Y_W+vxd}K8wmdkDu)it->feXGKF2*ga*mRohKg3RH4Hf>#R|2&)aUk#
z)obI^JWQ^NA}2n9NP#Jzc_a27ARxf3?}IYW(h%6GHn%=HsaR&-GLpnU{R&)juq-qK
zO^#XqDMH3_4I8+Jih=}#1X-c3sQVa01ge|dwdW-55iN)Z^}d&m%xJR{T)<K9I?EGz
z*AbarAS5KcSBxk_U;zt%p>f<pkPTwUCB&MzXj5PTNJckpC;j8PA?uN`g>j{bfppiz
zM)E9&jng)WCo(vSgfo(BIKwqmWQ1gZ8VCpV10?BV-{vr)GcWaTgL*KBfsq{moAub=
zQTH~76E?#`OxLYFFAVWy?wyIk&}$P}@PevQ1y~ON06KCsmqYO$`cf_<x=@FX!sT<R
z){mo5<aBpF)k&1J^(%gQA_-~AN0FIj2+m-=k$zb<d=OuE?tM(`c2p<)<^?*2KOR6`
z^%``uu{1){cNn{BjOluE6J*CHxj{Zj3L$FkWVq}cD=6{6He7K88ZhN(@iN#8C+wbP
zq)20K#p*ZBO^TD`WiC%2rt7(xp04f3^b{QZJW6(gEH`a9uxX<7gA}sA)OrYgrO`O@
zOCoL-Xx6!{pTaPktV1_jK!bbMzbo9vUABmmwu%P_^xq`;2W+>tlomx$?BZ~bPX&xL
z<qxtk4%+a9<h^19Yz!mGmJp4qyhbWU_OvXfX1uvGAf7~<sRO)&CQvDc`&A-bCXo(G
zZ9We+iWQ?_+jAE7ekb)PFqt#g<nuK@%I9c;8I|h*Gt9=cyv}8W2Ht|5ImbG`I<o~1
zm5Svy)kOI}#q|X{!LEm4!eR{He|2EJM+U%)utMVLt=Ho*Jle!mSAjb$ils2DXn~t7
zIuqz2Q(Fu#LO;OOAvN1VlY@_oJ%Q2XG2;Tc6*TWUdm2nuXVDHJB_`)moC*`0taWQG
zH}V+?(F}0KUa#@v;z7-{J`c~a_;UIr2GSWh%ZTOxv*5f`<H*c<5J*1|L!tLEYz`}1
zBBbchnbs@uB3r$fVjW-cGL1lmRi`sd<ic6ip!anW6*-np+1UMkM;aDk=!-%5vWax(
zy<VaT837)G>yJK-B=HVEL;xU=szf+JG;##ZkpBvXE#qqIH3&_^JMzML^$2-hdH}mL
zps5L(dZx1TiCtvIbwnsSD80yWM1Z5&i;Wurk<>wiEvTiWUjR-A;HQW#+1zhKF^5eL
zeLV$sLV729ari0oXB{TUD6G-=(N38{2G3IBo~?W|it>m|V`exsf{D#*Zi?Z#w6B^E
z>S!ud0sDTTK?fPdfMBp!rZ5M%Oe#*N!x)hnFr2A=a`I?bXkuryAh^RYK!x(u@j`HD
z_rb$6iai5|=SsU1&kgM6qIy7x|Lq5UdYuUky0_I^kH2t@wh&FCh03_UPjTKt>+ZPc
z-Rcu3IA9D<$q<rjU>8etk0%1Fd#%Yj%I+e-2;0kY2gLU)l3Eb-ELpd9mrP+O(6@l1
z284rE)=;|S!RT1Ww7eBB0rkXXV+_j)8GB*S)n^IDhoeH~$NIf(^-gNWXd<BKb<q?J
zI*R+;{3ubcFejH$WIXNjI*8%{0M%Fc3K^AxylAfsVSnGzQSAJB=^@JP^Tu4pSUShb
zM#_FUFx7aIb%foy@!_2~28c32Wdk7Y{(Ly_L4%4Ua7FS62nWqd(F(nqb$om0xuw{v
zgCMb`fv|o+&$-Er5SC-=%R#ZayDf+2N_#s2RLXnkmN{_G$Rz&P?^R_M^fpLuhe3tg
z08USqA|Xh}4i3LjM^OQxW%m|1Ne0rnl}<kkvVpB|u#3=rjxUJ&UGF+mFBuRtZz9(q
zMnx;f>v`2PrtbG0yTWBBw~5khYPX$7>0woAb>0AlIE$Us%Z~sTLPNk4p5@F2k!<cw
z7sk0ej2JUfHBNXJIw^;gjdgc4J8YanHhv^g!A3;6KoB3WCI~tz&+J)x>mE?W26m3>
zVs_m7J#-Y-7{;!!#HS*!Y|w4%A!>QSOP>gbC}R@(VmE3jTz3~*vg8m@r|PUBEv{`_
zDLS5Rmw6;scDVL@F)c(H1b!!B1RU!F$1L<+YAO8SSR2hV>1x*8{-k@Ld}4Eo_EIl>
zVFp-{VM@K_tSmwb;6(5Tm1_unYA5@`?D?i1ty*x^+5^_#96G6h+!!n1WVRO`ZPg#~
zk%~^k@=i6AbZdc@!$F|ft!z%$sT^IcLAP5p6R+sL<h@1cSyk$sI(0C(?m#5XfQh6-
z6OTbkAk#r|-CDm}UDUw3Dm-29BtQD1?^jixZ4eZ@w~Y_L_%i8GkT^AU0sb918FvMC
zsrqw^IXDu-B*v~bW4d7wc-&c8Aj0wGCI1nCzI5K!3P^U*f`%_gNmdS19=t|Blsc4L
z&Q;^wNe|RxO<l+3<#iAZc2<2nKursyk*pmYv$3@G(CmdA3*D;;vT@{{dJvSlteV(r
znfxAcRN`_5^_UEasE0`4X7<n__Z?Qiu>&wV?vRrrV9<aZsA)q4mMKC4omwd{LFCR{
ziCQS969hvq%4hZ^bEgq~mSGe90Dky%83gSB<xz-)3%HUQmO;?k8UBO})i)}gj4+~O
zYtKy)zXLRxFy0sS{-YQ~c?hb_&_L4RD3X<gHYLRWG2?It5bKML))zx{s_r@_eeyso
zgV{NtIN))>p)xU{MjA!@hzP<`k3g2up+g>F!X-!QBA{{euKOaWcexFtHd;-!5J+H_
z(JSd(uqq<Nmkwj-bYE1L$%ABzpGPcg@U6YrNiVTn<x)_jMgtoH!a;I%I5K3Cx)M1A
z=>v!|nhmU%K$IDUxth;%N@v8l-n+v%(+EK=`cy?;es8TP>hY+_SL^!rYS`El*f8);
z{Q=nMIm5Tp4R3G79oDxqEx5lI0YOf=R8UL;Bxx#(0E7T;9X)jklc_y)*afEP)^;QP
z0M1A!7}R38Eci)+u~aRE)f0G%CZAiUyb5?hex{5xW~zA}1~hs9=5+|FIg1!L#T$ZH
z2PNJ0byNkYbdZC?hxc^#M>QQ6qUUMuK}M0QwpY`sJOGXx`)R6Yl$^AehFI&+K-!<x
z$oKRJCp=}>;+G}<fvTw+k{wJjaiI~e)N)u?=MovTzcyV=G(L<U*?Hixl}>FgPglDq
z{DTe)a!U+j(tE#PF?yaGpl8L=<Q1HMvb-%Cb_0}^Qrjz*;BA~$3%<nb_r6FwI$90#
zpzh$KEow`pCHmj`yV}qgq*MKZ;k*9a1VxY8CxP1{N4ji<Xm~gqI%Ez;fx2Z!K4HEx
z`O#<XqF8*`u*-agS(|U5)r{Iz2~xLqaMis9J*n>K15=CAo{Mt_e6;<Fj6N|(gAy&t
z%c|~Oes(A5lnE{RRY_!fw$GYlKZ3i0GU9N=$*zy}tUdAt3C0(%^w5Q^FLc6Q<%m8x
z&gW6YQ7vj60ZreU2)>@ZGtyP)lF0@?x8yI|`*)o;u6+BPyRCP8$vgFJ;x_1WbTDGT
zR9{S+sW5(D)%w|w;~B+KeGVg6@87iJ>aR@uxM15aL9wcBjru^EQ+}&BY`&usWOsUn
zm(}<eSaOoNd(^PEWZM@kd1m-#Fv<oaL5GsRn6o^yoo^KyDi+4x@sh3>%CDNU_2j5O
zs5sI*|G5QG;dIP4eM<hxAn8TZaRmKzZaW_(dB-Q-6zE-cm8HkcvBg_ui??QDXXi=^
z!W5ql;<c1F(ZWB-a5Udkv)P5E^SC}`cdL^WeiHd&Ja8-1NST^$QAhB*R&a*iquhO3
z8$bi8*!MlUXUwv5(ZRsFw)12~zec#yKs2@E7F-S59A8sr=MFXL%LPhTO!g=PP$Vi+
z7CjfZ)Q;YwZ5h3l@bR(-QOiu?U5xAWGcsh|h&<<-$w`|uJWwB$TwxQ|ZX%E!s9F*^
z@#^{cQHOS)oU`@pf$59eD*~1@W%vmjftgNs)_2}7^IgI{lm3dH918RuM$H9%Sis-x
z)vB%X___rx**ijRvQ9KUl$DpP^16jKC(~8f1UM^fY-pe50lkI5r;jZ%ULVQXdB(K{
zg(`Vp6nJdGyn;Mo(T7lOq-DcQlS!LA*djT2s%e5jZF1qGYwuYd%%SFCS6FXO5KJ|Z
zh3}c>uvl(_*<jhm=@}=-%8j(9D%;BZC{NvGr$TtJ3B;cMtZt5(DG`({IqS{%BC)Kr
z$>(+(_rrj!vzwxCfQD87iGbM7J@{idLq}CO?ferLwgKI1W0Av)Om$xI?ZF-6Wo>B%
z39@%?jvd;=5I&=XNRPDpcmZ5*7hd<lILAGY)jVz17h_HfqfTb9v8O!{ZhE4(ifQJ|
z=2BmunJHDr5o5ko<0@Or-dlZ^T7JRr8*jjZRMM$i+i+L1Wkc~o_M01ELd&y-uaXp^
z3dj?ULwC+Hz11$o+zn~AQz%cKE;pJ~ey?0%e=MnjJNb(a3pN(_#Aj>%{KX92+RH`~
zjkCAgI6q1CHs+rDP!@56Rc6cZ$Fh2%v=LC47$J#Sd}f}jLfF5`cb`6+3@WYJmVLKo
z7bQ8`s!!aDCOg>|w#AS^G8kv9KdjA|cfsTA;{ahAWP?n=UbyKyyl4~FdbkZV(qhng
zdckpp3m-fCeREvzGxuOqH^44uxAW~Ni7nVOf%94CoxcZNQ|9M|8w6#&9=%e`@QAk7
z-FUjdITXq^0(Lc(VUdlUTQGb4)RNKi9@3R23SW%hiy*U~%k*wE5^a#He;aVTn*}Fz
z{>YeIgE~lX6XHRQGge8azEs=W^(^vn*vur{OAuc6%-8Xag45kk$cTHLVIE1li^pHJ
zo+AbOXVKN88YHuKU4oZfNKWs67T6rjc=?RcWpEdcnb`Ucl(v0XG8#Z@G>VXM>_HFh
z2y)y5PPnh9)5gb;#z;MhzGriu$b3Llay_>2sWIEiwq;v?*pU5n@7OU4oqX(4BHU~H
z`q_peP+O*rwvPqXz8l-CRU}YTS9q?w4ALpUz4+mt;Ht<rYiA9*e5ZM0wCJ^g@DEE`
zkm)UFTb<e{vVUsY4$xMr<|}^Ggm+YJY+`_axZR)RAx!(hm@a<iFx}g0YHSR7jh+aS
zr}9Qvbp0fPQt7{O{;@^b4Q-VdV~3ykpGlVHXsUiEOFW<KIXC)bbMMq$MUa}XMZZ+y
zhVAG<0{BW4KDh6|MEPElJ9PLIo6ma+9E#t{-~|6rD%{nc0p@2hdN#X+L5u+0uFFo{
z<iT<fQ|E_z66X=VhsSS#8b(b?M1gu;hT$A3G<tq&EdAAM4Zp2Q&0ZTKM+ihxwSik3
z=R--(ht+D@LLi$7uT$9cM^_!stQdmp9G0DlHM6q##z~jiv)SwOf@595ElaqJft@sN
z(;CDkt&TECA<ypDx_h(aR89*mcbjip6>^(7>HvE~5zXkW$bu8^;wNLRY$E6pvc&l0
z&V`ecc3NLIzfeK(FHI;W8+2O13onOx(Om_JiZ$<m(rGe5&NV+hoM!!LCw|*F?1@|~
zTkL2(>Yh{b7XiLure`2VrFwe>^-6Et>M%0gbo^{`zVkp!-E>9&Q&nIEZN84DWKy(e
z6u8>)slyw#z<0|BZG!b25u{oIW-t6{Zm`{W|2gdLjyBFlm8K@pyLycuxfRT|h(v4+
zr%~dW_$*FiSms4g9+y*`1uf&^4WydbD^q0u&G5u0*grZJPM>=nOUw|mms&slp6ZTZ
zS9zxR8(B+<JuFYv8p?OHoLE-E)jKUW?yFdyw&RBfizkGtw{E63kt;62h!I`V#2}?+
zSoq;HRT1RN3umwGM@_|?#Gvn1&i53N{WtWs<?~)a%1#+S3gZ!R7o(X5iOtoU8(>L|
zST}vK0=tREw(Fm5MyEi3>WjOE6DCi?vA`#DR}!eD(SZ(jCFqbM5L>62KXNCRb1<j6
zh1>&;JotygDlW-_&6{+s3{t|^y>)Hd7EjBPbdrV;Lm@9n(M-6AoqThb1Lkx)Vj}EV
zowrfeB-2>BPOY!=8Lw?iJ80O{K}X+qJm^WsKDN`vWqqGIhib_FT#=(Z;g^DOi7v6O
z`6+aK_Iz+ynPIg&O<B+tiW17qK2LY)Tt}ENIvzyEmL{|0ayY|NNmOF;7YWoht(j;~
zvGcn&&!ZW^vK0=s-OK-2HYqY=poro5G&ENsolbPyiOcNnxozQDc%xqnDlp0G5rXeN
zF=u}<Ot^4~zjzcbvxye?E%J^Nno-4Q?D09L<NIsYoA_BokV37AAVpJTisZQ3{YO<C
zx#K?X)vbX}ZM~E)eq|AwX$o!pGKKIu;fBISa@je$Ky&;EPKFe?&S>gb*`xyWRK5y4
zf!L)-VBbF%JO0!w2K0xBW&Mv_7Lt>1)I#y8e&E5&=pE$D*Ws)!^la*vG1NM9LxE}(
znPI_7yi<fX&nnn${2JN6$9C8##RC1t{?P>lc7N2O9X)dQ!am!9*w2No>#qJ0FFteg
z0MaaNG|M@p-9kH<<C-Y;BGn(XW{<1RNFXj%dUWO44H$uzK<$o%u}J51$C1#*u4k^j
z$FT{_Z+xpVgEm@nnQYU&ZRq#*MH!3&qu$<jlpTUPC231I)O{B>z;=9ea#U?;IxkA9
zJWvnP)rbPp1SpEnU#?GjPz~BWuPtUajm7hZc`Lj^rmges-exjmpUv#@=JsP7+><^~
zSAP8wR<J*>7l5xaXV@@Z*fkS7v!yDUTrP~h<vS+D@KvK<Vp!Wzl?>XBM>K-J##O@j
z-db)19&8VXSgNlV2vDVcIxvsuM$mp^(zP`XAFs4RwDVqDZf(A`d&V72Tf;lN#MWS0
zt<aJD#fZhI`Rh?Qd{Vf&M7F)CqN3o#{w(B$VN0D_)MX9WuBHP~V}=vud|$R5WH4ka
z<pREv?+?!Av<@YXN3iagR&LPwYW|~|1RDQYDcbS;mwV1Q+OkJ)Lzdk<u{AP#P<5;0
zh$V|r9iJcPaIn$C!DYXHwY(DeGJ*B6W7>|DaN5Gr<Dfb?+Qz>_b=&i8t$Xo&3Bwk4
z*3`&g<NLX$a{IWx1m(sjT{*Srg2!B^k8o8W3@vspTdQ^Az(tt#4Hi%l9{(85h&~7U
z`Uj8<d>W1(vQr0bt*0gGeS=TD-ZXM%xo`diq|I`uZ4M)-FmFmM^VsEup#UK`{iB$N
zua5zNpHdhpzU$8i3e)gZR>r@v-q-^Qk<YCAiymu(Lb<jXvNMtfeY@#yOVbYc2jPl~
zCtoZyTz&)!grOCR?TXB=+zLWMCDMh4ys8d_XSvKVY%uV2vkW_Vc$z3k!_#+H3S7fU
zuID4H@R#m+sHB5BY&0z>H0Eo;_)Hv2fTdQ%UoP0WfRjKG-?hI4EB1O5wr$=eXPoA<
z04hT~fj0Iw;jq)lFi!*Tj_6iUu4$|YKheb5d!O*hM#(y!pcb|G0(N@ej)N1LW}hq2
zun<iv9W!Jpd>ui20Yw3EOaQSMU2*tO@ZhGGkEzuNt`m1GK5wGbG#!6ZYIJ@(Au?>L
zh+w_5W|;n!&pmEfAgDhV=;rlkfcz6@dI6EADVDol`UJte^8_(EMwCQ+&;&Z=kD3_3
zgEVW_uccpg5;3vBd$F{OAo{dwLCi=^7J&^|M~#e={Wmg=^27#+;RR3Y9nq$w`z%16
zLQg?UoW-pFIVjAQ-1cs*5<fij@=U=zcL$6<%k#w)x?(h>Q`1^eyOWch4cr(ne>y<t
z2M%U?({T{ZWr^E2VxcHdQBr1Ua6|EVm>Lo#UYsg@|9n5Fcc^H*;z+$;XhS9iI%^w+
zFZzGl3))yrBc$p_P1E&l`O*k`6;gkP2qOJ;)5Dw8!XWJyHOtTOEuod1Q^vv+i2G3r
z&jhcC!7|S9{I|G1za^-}Q;?=h4_xEq!t#3>tl*}@8gzUQjH~&KLKnw66qCOoD^+=W
zQU^<KMUZ!FVf8WqWv=a^&r4~+-C}z7S&TV}iR)pj2Iv+k?##6&+nuunL0N~6a5$Hv
zQ?Tqb#WMbiRp6}Ec~GOLHP;43%S<KPidOtcXb_)OI-%#dTXXGAP!@X1eE*7Tj_bBJ
zvj;Or)_p7@&zfvZeLjgudO2HEa>-$TMKI-yJc4vjLJO)f(YF8(%r?4#sB@&?U3qyT
z5Znn~>oH|ICI_S?@6Xv)`FU@AjAooWFv%iM<=YpO8ZJ4<ny_W3@YI)gUIw{p*-JY|
z)rU>4{q$Hm+}ySIj(nrOf+rt(YwetO)`FZa`*T`rV$&WzJ;9+a4+`e#3T^W3U1S=b
zs6~gX<GlQ1=~`y&Z4)1Y@5J7a=e+Sp)5FSE(0bGtGlP3!&Z<qwBKjOhp6p<c_O}L(
zZl@kWWPfu}Jf9yI{Da=cw}V-w9D~<~{m;_8#kZ>^K&R!a?lITN^E5R0y9YC+jdZof
zH@Ve825yVipQc8Y5nJn8cgfxWuOi`XN?CElFWcY*`$=4nHZf)F#hJy1P&AfFcB&$H
z;tC;_IIF_vB3tL>bWq=7hS#G@yZy%VkWJ&B7is2`L7{W2C`F(%sW2v&@v6n07R_qD
z`2bKsPs$FeI?}4o$=CYmN{p{pS>#00{qW>3pelg8SvTp6zIuMDY(t3r_P5}T3_&%9
zaX^3zK^h#RKFGrEozympp*HRCRJRAQq=4$II7(5bpn$Ejt@uz-Pe%8>4`Q^N`1@~Y
zc5XHFJfvT~p+-310Y!BSobp`Ma$V=f=(8upX4)b%w*-UwXnxJ!5y)sAsEpQh!zGT|
zYSo4|9lum8yL$&JBMkJBT4`%sVig;yy(IqTdE8M_yDPBh?S<0#`xg%1y%7r9Xzi#@
zCFm(I+8v$T$;I*>&O$>jj;c*fid=W0(%28J_j!v_JHmjgF|VO6!Ua>o#-<NLn_C(0
zuxTIn5~Ml$NvDVv$_ocgg;%ZmK^fz-FAh$)^gp8`*#>Tb@01}RrWOU2+lTFF=O44u
z8MYp0EfC{LGu9VcH(@766R4x(&i`3?i4FqUv(u9*{0GO(s(T>3Gpn{8WW!#T3EE^c
zn0hnbq<llQu%tH0i}vbJwNTk5Z1fg*Vea`+7GKfarnj4)pT$|gGC|W5eOV1>o<@EF
z5+*o1cndZC5W3UY<m(egBrsJ)Vb2XWiTD&d_@QjX2Va8Xu`83#9@x%q;QNUZIY-}>
zBcP|cU>)shW5+j+z5`G4CT5=j<qD&2+*?OODD<j)*I<q=0o@g;(|R8thnxWQv-Yu3
z7ot305G$xhr1}P>SeST&s-kI4V{%WYNDl)8NgNpL^*Ng2aIY6qg4bp(MQ6&?f_&e#
zL+D57C6OMEmvUR+2F4)zWbR~4ZPB0`ctJC7B;xjJ^C{Pq1M_jG`5>bmK*PN;u|&_<
zPZ?cWwZ6wyjvdV6qqwL<G2)~eMkEJZ3WUt+xu-$B%~0p8cv2(fYkfj7A}^Hf;ahAP
zHH(6LK}$-&VFcvSz%h?8^-SN4^o)85GW(*%v1i4%VTNk;y0s>H1cw+#5mzyqqjJmD
z&k>irq?7ze5Y9>wdG%q8WtY{oA?UL{9I2I?U{QtnB3V&-j0-L^KVj<%Dp;T<HD;Mw
z`h=F}ZP%hW;xKr^a?D;5`S4~g^~Q?Tm7dF~4H=%8T)IHVr|Vcz#XO>T+C43qz0Rn)
zctMJzWpIw3^l)|?kbc4}d%UX(bcbs;ciWyf4vH(-uq8HYy>7aJmz&F8v6R^l>zKRh
zmn(Gy(~cklSWbPE5TRsYhZ|0erc)s&w~-GrZTWB=qKK(%g6V#`v$8Fa;9ENxm4`77
zNbtoqm8eE$vgIad`wPas%STOFvOq?PphQY}=rAIFH>BZ%#GH_K(pGlCu4mVSku-d9
z*&v6n<^eqx=9DJu$ZFqa(FI-598#n5=;24Mk<Il^3b|+@_4dNCJy0i4Sv|=FoKMX}
z-M0rD#?CT!JrO|^)Bym&n^q__6laOyN>dOKMJW#2(bco^q*AQ{tz=^|_^HX$ZTudi
zb$9fWTUFfaAX93+l;FJ}lkX{94Ywv^Z}GJ~DggG_23&lBJddEXO=12aI;t@sz<sIY
z(`C?F;iDF`M?X6G<i8y}GqP|1W6)|$_jXVCR`gcwbpw{6GDoy13W26+dDflLPsBkt
z9U^&wOCOY~9X$LV+$2uw(8cqabii+(1B)ZLhq$t$FD!1)FBk4Q39_wQ8(>y*abOx{
z>NHN^#+mgXtft)sS78Y@PqG`^g>Dgs?a1nuO*IsvDY?xNq9Rz}4q>~NS9PhIFT7+!
zwZlD5*e>w4AStd|p21Dsj<wqybMcw-BT>xJ&5#Z#F+hYv$<I$u81Z$0R_>-6;f8qd
z9|{OpOX-WnaDa{qC&`tqeoTYTt(w`!_uabDEKS*NueY*LbTp{GVi|o>h93jt>M*9`
zQKZPPE5Hmq=2MA1@!DBZi{#1+T>@=;h;a0TU!JQTVYiaIL1Jl;j0Yw8bFUJ(;>SO6
z-yC}byx9Zy6-yT1<}9H0SjTlFxG}(pr7i<B8MzQimzu2gL-;{cV+vU|O|pG|Ze2IX
zH_~*$;BCNEhN(>xo>PmGJzxp}U|ZmpdGvt3%u$M+s5s<`CB(=a^aSI}8M`!g(m*`a
z3O(h_m_kFfXi&18?(JJUhv~~MTspG-<N>2XriN}?DTKYq`ia681LBbrTnI`rE7VSH
zMDVcmj-U&HpS}hFHFkpn#dDjQst>lLjDUVJI3m(5N5HMKqo5<-?apC(NM{e&IZ`h6
zCb;cX8JOCV?wq6B1;zzhku#OH2@OfhM2C7bVuK$(A2od=%MAmHOOm24Ez`k~x36y)
z33g6h-KIMFLd8y_6W6QqLqhI=WNVk3EK!VpN+jp@Mi>+wPt^i>QHX{O+qVtgAO~84
zvEa}i_8Gcj;8=1Zv7=bdI+PN3*EB?BEN@{iU5{P-|3}rEheP@O|Ks=ALu#^3)>lKa
zWJ_g4C|j0fiR>mqC5#ZV4JAXCHd#wZREWwR#$FjDLLnnHlr6~;;rG1t{(P_NcU}H;
z&wZbBp67X<%j5AlX>!U4m4Nn3*zzM(0_C^x5Fyk^l#m<aK*zOuPS-5?LxOX~7t&Uy
zV!2C?27~W0@N}_BH-vZwwJe>5d=3H`EVrBw)4G))dN1fn@8{(O1K;?@!aL8mGmG3w
zk*%D~G&)R68)^{(BLi*%qI43@NJ`}4!#f%tR+YXn<y)tA3g8Pa7hh-@wPW#i^Lp)g
z7ZPfnWOqEB#}it3L7N{4II+q*EFpFj;`_1J`}jtlXN>3}>fN#Vn$rovexhQW)dG<|
zL1|I)YUyR2lOelU%ZXv!hy;Kd5!~|)3i)t{v5bnciJctNCGgx1>bxb@d2)%tJ!Kq~
z_bclm?AXtX34CKR>5AZ#(a9&eF=X-9w}>aWuqNrM>mSbznUT1bdIEothI_x22P`_f
z?2Lv8TY-(hAxf$8(+t?}S-Yx<CB>A%HXYiWo%}%&0Kq7o0|zxlzHNi9w$GoCA{&R>
z+W8T&jb+V_pW`0bsr>(*fo539N(#rLrx9ZjySH5W2}#lcm5bBz^YAqXb9|38VMlj!
zmcQUTQZ}UcML`axr*d<8iWGyY?n1gxA^v*xr%M4nZrz*v(yG?qXnD4brL*9V&dCJY
zueoTtEyEJ>K<NX)q3&0EE1C%J)m4IeYDxP*xA+^@q3k>Rwrvyj>{<Vk6~>no%uV5F
z$)8fqVp_1jjv%doU`CXJ(yF-IbW39_-X7(=EvC~qs=ucOI*InmU47%HqJ4{k95RU8
zY~71@l|Oh|wI()JE&vt^5g777pdU}%=7%-;4DOM7(}8Zc^XZ4K^&{@Zja+iB-LNuR
zA|2IPDj0-pgbwWd=(OWv>Gp=NYK$~Tv;^>$!>c^#b^VSWY3Z}k!)S@8gbx#M?_O>J
z9u;-<C$l3;D(<qV|DwLby}wqhHZ+o>mCm)irLEuU@$i?CKhlrP(M>9z*y>=rB-D2R
zdT8i($-?+^(>Ro_mE`KP{50mmp7h9w`CF9Qdc+)=@*k$5rLl0>GK(n)Vy1@9-0@c}
z?Zx00aE*!nPp&$9>YCkKERJX}KiStn^uFS37l-KkNWe6sCzkesm5LzMTSURUJJEbn
zKH!(Y2*V9ep9}N+@!{^qc{%xh=}K?9HN>p7X&jYJMl6U@I5aWHpP+M?$iSzT(}r+5
z0}ZHSX8wCpBI?P@rRBhYvjGWFlWdDwCw5L~o?t-`Ak84>$3{hK>?nvUhdQK`TC#bS
z2U`zsEB_)CZHt=gz-8}@7{TJ@GPjMRKnwae6fdaZ7;Nmov~Iryhd13CMxQ^t=uD$o
zJLIBkq9_udYl}gMlBiu<eIH?X?QY;<;QvDbMYmX%;Gp+j$l!RA!9H7)SUz*9sIfQ5
zmdQ^7K}>*`gFMjx{KHL<3;WJfk9xR6)Qi0WcE!pcpWO%hWh<TNldlHqDSB(`r~YpM
z08<gA>1xjwaSR-hU|N21=ebga_4ruqx+-_qt2<vVv-$}y-U=<-4%8cTihe)<fj@YQ
zUWcAj6KyxjBrEqA3^r7NQ|UY(vvFLmyt{;lt$)j^JpdYzR^ad;W>2kIrifBZ@w=t~
zaTcnx>pKghjy7~v!p`vp{ZJ%@Qnoo<2Xwe)mlc^Vm25}nX1`({tp(XQ3vSWM8L7B#
z9a?Nlx<^)kMz7LA^i%B0@I>|vIVL=mg=JXLHO8+ny|0p#dU0u8y3X7N)?BSZ{;0>r
z@aZBBpxSM|!0Ja*vyE{SxHhsdzz*(<d}L+x*iBn5_r>{$Y@WUOkmxBEq6jYp!2yN^
z(eAK@e*_1~X7KW&a{|YIc)lBb1;Yyw1LBj_0@=abG_O<x%%l`TG(m@O!0#mA63mw>
zz&P$R)=KXv1tf4hc|OB6LQ9k8WbzZPnQP=n5VYfoJa8}KsDv)838(H~KiWJn2P`F+
zXt{Ck_EfqrK95u5Zq=x$I=GyC++6{JtAA&1fwg<_Ln@B|o_-Al!1;e~&@l4iG5^^Y
z=L-WUKD}%%!4wV&Na|Geo4*Jmfr1JO9Oal`>uiDM`2lJ#qq<Ig((X?2X`GCr-cPye
zA|`}-Y;*sQGj=ZlJVkLOF&R$vZBRaT;5JEZjH)hNjjGT&+wxtAEksx9Ec|$3^#6I@
zGW%F$pa)=W@adr&X>_}f?XvLG_n`F5xBS5gZfkWRze$h%pEEP7NrqV408dwsLn@z*
z=u!ESEreuDE+=}nsBx-@T8;`=EB=z3)kAJG!~n;WiB8h_HD61BN^MiY{v0Me-=9c2
z0UhjuXpSd6c7d*9%>B&cSq71^9cWOpc>-O5SH!@^){|qJQAxaGA>cxc@*jKLE~T=q
z*7Trr_1)9^jbvV!ZSU+VT8Z){R@1PE(nZvwlu0k~OHd`RAWiYWJRl<>Y{g|Wt!3QB
ztd|z8S;&Hn|D86jB|9)B`FR|bdmJyP-dR80ZL-5kO+V6JuFpJmNwl1LnP&={e_kGf
zL)bU*DKH2kHyDxTtKDyx_WAL0Vk)!rSxn-qdW6(g#++1h4kSfRl5g6prw9CAmt!jb
zeGEL3)8=-oy7`6&Oiuuib53IvCI=~f)%z=bucvRWKePW{{V4lV-ko4+4j_u)k;?!K
z{db(&yu>4mFZnR2uNVoGsyw(Z?bN@&k_}f?fk$Y9|MPaGHrJtqq)S~|DNb(PF{6_r
zCY3$gs*<8>m1sLqzGGH;uP!-2Wa#{`xB<^kH?7`d7^D@AE0qKQaZN%1rML~&fr74s
z*yP4CrLFFwix}c6%AS8uXXhPs4IpSh#x{ev>((q(%qv06(kAwV$}-Vvna0akZX1%M
zBf<3O7`xTfmRL#xM~OQVg6<*LQUS~oeN?OB$8~OSHey0pdPpa=(DdiXvb4LWi_$aY
zqiCLjS?<hHtc0Ksji;43)2i+=k^V!!i<1Xe21q86F1w6Nk{esmV7JeQs7Npu#uA5F
zHa&OincYluM5L_=QeEO#)O~f=Q18)~Pnk9=kJ;2WoEta0woB!d1^s@wAgm$4&0v4`
z;fZiq{p5mO8<Q5rtY3_c45o#C7m6vJ==bt7{K;#KMYMdo14rSTbkT2;iijo4cj!{P
zAVJmGI~p#8RdPuzdD{LYtIhO?s#rh4rb1b&owqZayUC7as0ZCtn{LYWxc~-=dYH;>
zZ7-GF!GF9@{9PaIDZ-<dEv+^0#B%!uOwjL`|Np=LTM=BYMcnMAFw>90!MkV7Q<DLj
zPp#g{cZE5yYggZKL`h-O(t!lvCBs5Lwa-s94x{vlJR1=9iMKOZ*e}mhRM!5PJQ|F9
zm;P8Hn_TCapZYQaXstOkg^Ir>oJox=gTNGqax@8?^TN))CdOM|lEdykPm^JLEMi~H
z2NMQm6NGr750CIPU*Vn6X~4MlQXa@o?_AF~^s=(A;c|kqO&s;pmU2kPVIh%LDAa&o
zhY&R8Mw*-}=h8b0S=slhV{)fCwJ$D=j{$W=b$G#tPj6VMhilO{T>0M{&?PB}wr08T
z^v?TZk=VJg;;tXP8x6Ff%(43Go?@3A@;f9O<nN*x&C3ywQ+}%v2#y{6I(6XhDV7W8
zq?pQo0=O3JQ2*;qaMa(`AKurITQ?_N*xh%|<O2*y{hb#NqOZOAfx_^Cw@{cYYGb$c
zS**@=Esv}l|1AzKG0nA@R1vu6x>fI+=bm8(@?bNjD7B462qk$O0~QiYtq)KHSC!<G
zUvu#r)7F1;;iQ9i+)#@z;~2Q&?e{N0K#+O{#k!nv+)ux8sZw*gYP~6~if3D9$7y;^
zLakW9$}^4ukCBrojtc2T0clDH<)CB)iJ38Km-;NJ5^AL#Na9_UQ|V3Azzm`Bt~{KS
z&u*s0hl5Z$*h~v#)2ePV*{6eXwj~Et-t1h24yVLBSRkF$T+J06?X(gR(7u4_(w?~6
zz79C|Q;<U+LeGfSvw#w%evTu{AHY9whgu2HOwE&b@fDV7viads`;{UrGBEy=ZX)ZB
zMrqeE$dAoDF*lim%nT7pIk1l{9=IfM(9D-U1iCq{O6x1f$Uh_pC&b#skv|);Oq~+|
z3?vj1fa?knu$cAf`7+6YTVvA&ACIzp=rEtw4wsY5YLy1eeRcd68+V32w@njCThQqN
zGkFD#$Tq)^141n01df8#FHzMmnOABFj7}WV=hpkBmZNgC9?*crE3OR~veD)P6N+Fy
za9r$ZK`wZX>Z|d4>Jq&_nNN->u~BdQo-B=)RPq>IrN#m{*a+$<!0?4o>%&o&Ap>^>
zoju0o{S@-2I~JinlP`qcX;keykqG%1fV2Bt<AY~tv@#s-%jG!pO6g5A|M37#k#YfI
zEny2&sP;Kg=m5UJbaLrRDN@*0nF1&JBNW>RsO5K)5btv%N+^bqtZWBXv;*?eB7h`A
zz2%49{NlFYj@u&XM<rUnz_+-_FnQabiX}6r>or?Nm=F*pB0Ps6<&fjp+f^PhjTXY5
z%v%WgV&j*}QQ#Os`{}SF)MNUrb@<Uytu~tzwF3XDwg4NGUl0wmGc3u|XX(w+(mX2_
z`-FRD)Z4un?=qJA_<o~LVH56Y9>;Pl^opYZZ0rYVE$N?S$TQI?kl~=iO5YE|Qhztn
z|JK0O1esJ~`vJCj91;imF{c!Z!lwukP@@<mcdTG5{q_G=>$L>-q}y<ymMFe0BjHMv
z1iWZ$sA>muJ%BPLg8Ks(*$_6=(<9WwzoV->4NF+t2F*A3;M!-xqKFjJc`GA;4m<2f
z&8kFMA-8OGLrD<`at$h<@X#70>36|v`NwfR*+1azov5l35jm^Kyx_#rTV3bE=MFqg
zgzbO-3*{U8i?2ivK=^sDZ#KzQE)OSM@L?9>md%4_Qn2#^mUA2-LQfTrs}FGq;V#WV
zuUUV`g={Q_KS(m_N#Sa4V~k0@fFEvoW}hS^JT00Lyl{*!3v9jzjf?@13`6JQQf+#y
z4OvE^?DFAq%}3_%<dc6u)Y2^)$*wBHXcfA)%ND4(2o5^)u%b1=icIDHyO^#$i7<O{
zL)VIJgRZ4wFWw^!9|)nJcPSsn)z(A#Nx)rrhM@BA8DLM`_5X4DwGcKnBJs?(+$Wz4
zXFsv_Ird)oC|<KA@GUKmkC3e=oykmoffj*~k}K;C?G~GZVJ_c(#Oh#L)swGFpH?bq
zr|IhL$b`tX1Kc_zNnucy)59S7XpD(_3Rcbg6S?L^8%8{+{$C#(dnPvHFcp*P5}lF_
zfoQZ1#=#5xp*^DE82azcnFGQNnHRP`coS;iZRUc<+lv-_6B>`Qr1lgHprt#i&^1n4
z&LkmFh7%!(ZjMI%hd8xRvOxd_L_$OMCzc(VJ>st3iG^9-k9)rcVt?MNz!PH*&}8v_
zx9HsNSYN>7?uN&=Za%*1>(4cK7Vwz6SKrdgpO0Lev{bPs&&o1($wJKJ@f+}Pfb!yH
zMMTiR4I!^VR*1ffA{P5V)+@SxJV~=0U89Dc!^!rAtBI$HTXhl?@Lw#U1qd$@+k8m~
z$)5|(Fl5AV(QK?~u&?bPCl{7zntK!sp-nSlCyM=dpP%3yzki(xN&IIF>(Db}y>}TG
zU+3CjvV)QC`j&QFdawAE=&^>9&YYtFCItcj@joZ^V*da42)f<C7cSj&baS`=?o+$)
zeWwaF@DA@FA)S9URG)#zYo=Hz=wgr<)DI)X6Kmb_q?FBC3fmX-xO=j^wBFsO%2^$x
zY{SV>8NIeM=F>RTV#(m{9A&<h75gD1+@>qxf%<bfIwZYI?^bI4+_|veV-Eef&vSZU
zT*Vy#kd`tn_j!;-G~h$%N*bxBg~fhcycE{f1Sg(_S4BBW$M|GmQwwB=aEsUkQ#w3{
znWrq98CAUx;6W~-Rs;{CTOxtu=ixK#MI&0{k21C}uQ_!d-J?rW6N#0udrWoH4OIYV
z%7o0E*xW-Hh^?S_MCX~WYZuJyL7m8lF69HO6RslB@G2(@%)JJ}%RCNTCGe<{Ei@}f
z5M*idR6;FQB?tm;(k`aXLhKQ%PuRaZtu<TCNzH`1lwM%AOwFhL)SUH``IanUk0Gj~
zuDBF+#aAHQXlQcmY*oHwweoaPOB+fm#`3PjDI!G(OKQ5vGHko^^PxuxlrqVJ*X^V;
za>xZhe!+&1{H=$9)Cx}N<#pd}MOy64%4k1=Y9`GxE|ADPZsVVkTOD8@diePVvF%7W
z^p4=6)8M&8`9w*kbs+(^9*oP95dzWNV-O)>s<vYmT{2&naTEkiF9J^$3|EjH3EhOL
zQ%}oq5`_~u2)u2~{do%>4LGK{qzi5ba*q13J=*ZLZ8v*yeIoHf?GN=bCIrRHBlHLR
z{5CC<eOs_v3IsPhkMFt^akc7CX*g=Ut`9`AVrOwf)BCEwRGo?&N6?T6p(?}v5QR~n
z&*K}ZSt-<C96uNK@I!|Br|XflbMus+j?E%X(02$3!jOGa^_ttwG}zHn0-))s*rFjf
zYa?4qBrg<nl8=wv>-bA4WeMH(r)+^^+~nGKJC^v@d-=LBO1}Rr5NbJKfn?qg@UJf=
z{;Cv(7Ut3^zM<PnH(Z`THCF#Dpox%F>CG+3em5<Hq_I74z9hvG{rT<yw{{c1F~VM5
zvRXo9upE==%e%HQ_~Wgfn-2ls2)?Op4q`!Y;rZ{y*)?wKTG>S?u$>>>CCi-J!?^XJ
z!gs&io=3-Smu9q7wD>U`5dD8M?Tb!<`<jk30W8jHryquDApT65HFTq7HU~id@n8n2
zWZO{r`!yCC>{J|jS|Ws~^?|#|l9dp6nxcW{KE|Kig}KBiiPpI_S84xchR8Y}hSzVW
z<J?dUv`>H+{?8cZpsv6pwsKJxvVwh|yf37k^A?E#)=s`Ml2JD)nE7cR{vag0;E;4=
zzFEqAvk*agH$mytxmWy{KuGvX7uqIhyUmmPvbN0&4jsw|jHCh&ZBOQLcW)56xJ7If
zKt1Lk2cuvsBV|=)v)!9BV{j|&>CZ*A`h%0=>y63~wRo?eHCQ+JJ7HOzm0N|r9yn5&
z#d?Tx5+wyY7bx@X?b=r4{HEKXSAzEkCKLTN>O-el*5l>G=OKopbBlN-)e2m>kv0j^
z2C9zw&G{B@*$pa~%((uoM&2qWaPDV{E4qF%{--^|XbeTA{L*~42wkbno-91se*DK%
zi?@J9?*}H*F$5?3@3{|gWOev?8_4r1Hpg;gpO$W5R`D^(N!6EI1xyd;AHXW#W;tvS
zrgHT_$07fWD_LoJ&ESb($fuw)y#>+v_t}({Msl9ya`O5vC6Oz$)?s!Lrm~y+6)Z@l
zw9Q2t9<2e4SB=G6kKu6yx8vX2$0^n`?<o-CK|uX<i|B!Tog06+X4-F3hcXrWUC{2$
zm5{Wy{uw`UBbgLDhMtKYg@}kV)GO$_l<MqFyy}!xg<R=%LfCg9a!hRc6>0-sPW7^R
ze}Sj>z5z$}LsKz?bY?AMT+Z+(>Me)yQoUhCvjraBg(F8<GNW>*{+Pm(mE-kyS*Fei
zU|~fbYt=1OjoD)e{F`5yKT5F<f73(^&8K|l$Gp`1^`ql(?^j*gxzJL8dEs#X4KwJ7
zC$ObOLGfZ1J`@<kHV8rB-@_1PfGLq@dmk39&Ujk>N=X{FVYa`>r?hCro$l>NA_-!B
z`5iICRx;m?N+KfZn<pvnM9nT>S||qLXxWE%9D&W{PILa5Ti0YFvE?!xZ{+U>*<)0%
z&n))^uFVxaGnU~hMMxZ*Ti-OFA5)JWK93Do2_Wq<a?@=(_t|HN6S@dD6LM`I6TST8
zw-C~Ubv2SGCsa8n7%mv%seg}-*K#Z;qa8?|-;Q>=OZu7%XV<D8_vXy9u(jo6>~e-I
zhjl%kl7OR6fHcLsFonEO**uL?+U(S@e>?Ri&EZ<c_+L9HaHU9{8xE98%SqA<cjZ|Q
zFWs%U%e<)$g{0qP$?OI73;=*4GiaFvp`L>@S<v5N)C@Ixxp{oDJ%#K#QG;6v$99W$
zRP!+>2k|<kUhyk7=6{DN`QNJKsWa8TCwxiN2}=Q+e{;!xvZk~!jP*(Wgz)^%w!S!W
zT%RfsK6h;))ad=S(XQCeg*c;W3_>V^dK5U5#qN4NEhyrAirx5gs*Z`Fu)KveEp+so
z#FJZT{e1)_>FX1m6Pj=i0y#wP0rNi}zGcBD^O+>941oqlchc>4nq`)t=8917vpX(R
zqc{a!ZE(G^kUw(wXy5@_dx-o7E&l^Y2bN6{Dkvw=Qh+tfKBb6;B!AOy*W5OKVNdQ>
z88rL3MMpL18LNLpibXLbe=e9*VA+DB&F_yRJKNl`aCad>8R^NsKMI~<`LzkpjxO*`
zxo9>yY|*-W`X2KKI50q*$x@qLY3skmEL7xy`mHm#F@=?=_Grl`&vzWrm6lcwY)BHZ
z?GiM`n$4~MTaJ?+0?u3$Ml#<ZjCpUIh>YcIo^cxBiUc(z-A^TO{CF=u7_D&Bb+af1
zTbkK^LC*ldo3mCyzC7mxu~_K)SHM^|D<23+Z1&$+4LB7h-^XbSFcg=~|B>^yV__PO
zY48F*TMx8nR)G!l`I#e9fHrFpvdV-ymzQM2iM_8%X~iR=*pqsJWzXin7;)wTnGWT!
zT`uClbsq*#L%id8w|`St#SkN^?dG{3i)1=)X#4xNA6*Se!n-Wq-pFWCT>q&2vVPeE
zP)(C}>+2K62j7A0*qA*PTl`cCuX!xWS>c*WQH<J>O#nX@NSb>9?P<Y1<mVt`QSg?x
z4HN{{*0yuHov-Mm#kf!p?R4cFI#k{P(A3ODO-+*6(+Sfwo6AQyh?VOA0WkRZ_u!f$
zC~M(nBE|+AD<A#RVmQ`sTo3sgFt6A@=XH8m7Qg;%W8u-pB!!ZYz=lZtRMz1BIv&n-
zk7K|~{OE2z+VCO86|sKM&q?!O*zrw$KgwdmrP5e70wM|?{*I4<_VZf{Bp&+KG8g;&
z<jIjmUAjm~ZC&0kjXL>jt3?}s+O@_sKCO=*51qbPF%uDlJJ2y%w&fn9(o?yxM`T?5
zDKLa8B$s2Y+%*N5mvEL&dd<d$m90giYA-y}fB?RT<JtsV={CEzu*Umm_BaYY@)QN%
zWRTB=WM-NAAtT<_9^L#+9joFS)pL_oSJ{fH<|eP(YYt`z-wN26Oj_##8pw3t=WFcr
zJ1Z5mLDGxNL3tp!8GQ8HRu6l-h$B2z(0&hhQlkX6WRIsSK676~<>Bkagdi!-)XYtn
z1boxu{;dA9u+uZ4G)BC&Qqe!YmSnKTczKg{=Ah*KdVh!fNCL$tDRRxireA-;hMj8u
zs)A=!FrBoQe-OIYvf_HAr+u#oaaCN4*&LZAZ0@vuevU?ePE73BYN>ji0uba^w%UT&
zB0*`4=}QG(jFPo#b*p^NByQ<jzsh$K;<Yi~wrqE1eCxpJ1k7>5r`Q^SrbG`n+}H;V
zyrywfR?zJ<MIdjwzQK#QoyuSryE?Su7|t*D-)gwZf-ilRw2?^3ubxqgoSU%>nq#dT
z-dD|3ofmL`Iu~?|Bi_xgic%Z`I!YDh<D&$tPLJUY8_*2YJ4MWYF!OutDCi}j>vcA9
zG~U+x&b-P~TIgQ3a-0Fs?>!AG%ZtW#a<nK+9b(&i6iXNmd&%xXO=aJX<(xngTjvV3
zi-h0k`L{h$Xe<?nuGGfdx0*lCH)ixh?ah`(*2hty2sWj2UVwGHblu|ZkX@ua;cao9
zZ<hTT_rckF1)=Ml26E4V%$>R??Oios;)1bG;h6C0oDB$bZ1tK4!6EkLU<RPZOMJH?
zVV$x3=}7TS&g6`?3f2JUx=C!9K{aJru1=t*NS94%i;u*YD%^4`3V5N4LgDzWGk!TQ
zdDee{@7MFEBYN8Y!~Vn_`{s|!d|UcC#XJx`TTh|%!$^2a1Yl7l!vw3OsueCCC%Eu~
z)L8!N^0$6anflf__i#(wA>V$Nfw@9%&!H7{y!$P>K!4gF6Yjq*e}TyAVR-Uec8pN{
zU(<S?mal!EOcqx9&)=d@*b}o{qbC2HnAw7a*ckMG|5N17jSTvYF%g#BOJaR$UVr3k
zTswGV(#&M(=^P{>^-kO&H`+>Ci=I-T$6wL$2Zc(*D=JZhV&x-)-}mY$l)zgBpLs)0
zPK|wR*r$>ehw;2j9$w1KCi4*G5<OT=Yv=5BPl@Co<5^TqnoYbs?flwlAp_s`imCTo
z7_7n`zi=71VmbbLI<C3;CH_XY?tV?<OUs>91FVu>TJW%V&*fcPi6`bK4h4d&RN?A@
zKdVs9XQSJLj$iJN!8ldyT!{3oE0(suwG_M^u6O&y_sx~1dVee6A|HWDhT?v#uRL3L
z>3XhM9A@T5T872jw}Ca6lR%0|hG|dEWIVIwLZR~pR3=1TYgDKBgP=r4_<bvF_IG|F
z{3OzvvTVKHsS;N|_NMa0X9ll|bL1Y{C!N`QzOhtcs0?>WL#|1<=5ut#+p1x}x$`nt
z#0vus)qaOna3Sw+>yhdH?f`=aP8qb&|JY`HhXrL!KFg|zUk916=;M|7TQZ47Vqxsn
z6N&mG6qeK+=>5}?jLKk{Z)jPezG^|CT6oa!JCzQ?Z4UF#>n~}gbV6f)a{ZGNWefcb
zr1M#5Sk)?hfsf{O+@NlyV`|SwYiCKOMI93-_j2r9z9iZ8*@xT^Uyy!UpUIkYT2y3U
zOs<XDM&A3adRQ?>{Zha#Ebg9^w+6Y^_thl)lkjjxeNigH(>d_A3siRIOZ~5Ydm!TG
zktzN(nM40Y#c$i^31GHRFu>#SDkvt6OYt?5@7KKnDpz}RLt@W;*W^>W1Zz{Y5PdP?
zs_UuKPtuo5Z+L&$SeD~^kC~EJf#BOJNG39?tEJzCuHJgRdgA`2dNp6s8Li%#n;eyG
zhhomzPquQ71PNiYawpkXNk)QeN&RbKZ!5s0a56yMP?WjDJX1mu-gdrz^4L<|4e#Aj
z<d9(TIAZ0n4>0V+A>S~PiwYSJkYRJ>8|xEic3*3^VEJj~?rkJ<LgLGn{bUup-&)=R
z@5=74BDuC8^Rj&Zs2ZK)(*);tP5o2HDl{8x`mSae!2)-_6mu`|EIk3+Ymyc!%~lxr
zr0fli-KDZW@b5l+v7~uzOtl56tt=en4k!no$Rq+@^yVhPlN@PlaO&r}HAd7-W!siW
zMd4?`{ysh%Sk7<cvB74bk{zr*THO)ZRwkvP%P4Ls$x*vjb8z*-@zxX48gz!u9Eu#w
z5%L0hVN-40*!)D|?p*J#eE`q<`^64|mag5(=Q!I(`^Uc4Or(n-+}(%3#V&EuBR~Ds
z!crfq+JT6U8zgo9s@cxhVqQ?s(SY4H4!Vk75M4n?2LV>ss)8|M2@oNzZs>4_^B%F%
zjH8FI;77|Op8(y`W`wxG91<)r%=H@4*`GASO4*ior+#%@0|K-2P@9%2xO36ms49+9
zpR3L|vx}dIfXdRVP*H4_(Kw`&R$AU2p#Mr~<P6up$v5&WtH3~xsp|Mi=r}(bnat=4
zQe;}LTECj;(S7eTM(NCpiTm?t>~^xWa|g!c%GjyMn>GeZ@1~wjBv#n1xeR$W&K3S|
z$2rxni4G@7ExRkwAS!t<OItPE(I?8gT<omB)F>Vh@=og~dq073Y#@yG3UyD2Y*~D<
zS@=00gge^QPbu>FNr>}6oDCNPtigntS>fRcp*cjNCyqSGINFxl^I}o?(TNr#me#%c
z#|0hl;>puz82j)}$CwIw^}s<uVufaY{*Bv7-f;}#RmdCb$Y1^ZeMB9PvEm-v`fqb~
z(r=DgKh_VzN&TbQ+-6z^d~+%c0-kSYZ)@qG`i~l8AF!Ngj*{YrI(DAt2QTwt`{64C
zu@Hl5-m$p9l>Z2mdC6-x6E3N4thqjSvXKQr$Iimt<TMD;myaRoIuHQ)o4&SDy0UKv
z9lyVL@5sRP>P$3sr7Z1_E_Z04S68mO=#_JRp(;}cuZ43&w^5f1@n5|Bm+JbyAc@EG
z)o^W$iRUB#g>kY%gq{0Ni(qFMWxpSv`d5qu#NqQjaYV&K3u!e!Yl#o%bEDJ-KK78h
z5L^~8GZQIY&Zhi7GFlOlXpkd38No6+Uspr5s(b^TXnhE7<=wq;ruWyJ9j!T;7W?8J
zgy-?O3Xb^o5)$2`MHeR9_l)8~h_4{df>;7_3rH+bzQoB#clLp9VBE|^RDX62q(rGu
z$pU?i)ctyF0q68evS<#`?2QbC&^;w1m^x<(FCY*oZJl2(CC?n)OReMUII?@ir3!+t
zZ!r5Nvd~Swn>I;-_}^YSJ-r+{&tJ}VHvuZK761iY1_`{5d#po52P`)(MmDMujnHJS
zR&FzCw$Nsu0?I%4P~fI`7?PR^$&#K#)SDTsNA}s`gGC%XUlg&aHMnFzpxw{49o1fG
ztn#>pNSzfJp7&$*r<wxGMmyOe-QsPG*<N-;DL_ohHv=#}DCq+-pMZ!90;`^S#2J^9
z{vB>IOoU8G8Q~kgtR|Rgvkw7W5SI$NW#WxZ+Y$1ccG^La7md?Xf{zSu9&xn8iuh|b
z4@J*1jg`!(yJBJ-6&+(5)yR}Vu8BgeNO2%nMNTB04ik*~h9JuzFEMm<u6MsYyfq0=
zD6nSv0IZ&s#49R>10zUGK8c6U{sPVLK-Uj4yh-xbP^j&77AoGYiJQUoaRCs6#HA-V
z^avZ-b*}+FS+f~;Z5E>iTbCdf?T2U`NTQ5GvEa@x_<IHAL@pC3gA;CByq(f79m>;%
zPl$%OYoTS7-X1hK2q^_BSGD;a86nbo6L-}Egblo#=43LND|;XxHfSEVcnkFrHxTX-
zNQLSF$tA3G=qWmh)VnAaV!YB(f+<V&O4*KvhVdqA&enaQ>;?D3wq|-y`-?)0rQ8?t
zFjz^);B#116FAdM<{PSIo6>zR3u=~w7bQh2x*xZUC-{b(x5J*Cy$N`}*<0$jn;)vB
z^P3(U6`|JBay&23Lv{4yToDTNqO%yuKy>Ek&;LUOrUMn4L2bbhE!PxrBpy}Hsk&b6
zNFjdO*Hg!48Zo@N8msAT6>SxEZH*j2ijn{js<DhXl-RUN0X$<0UG&72F#{C?eG~VH
zDh|cdAI{uPYn>Xq;khP|$2a!T|9ko&FJmk<7&<Hi?Xce_Yr1ORhw-5JD3K#FPy-F-
zA2u%pJvoGM!<uEN@qW{I{G44muIJ}ROJ;)?jXM{j{Z2@@fYRqZ5aDy1&}7erRplwn
z646@Vm4e#QdwVR2OVmEJlRHU5H%U@OHG6Of2S~%i)nhvjbu?`6vw%ttFqM$S0IYLO
z*Wv!-!atx;&-1m_yl@s(F+@a;MD&j6?+DGuHc0LT<4Wd8e8PWZfse`lg;GOljbbQU
zXJLKC1F$b8VB8(TuR{?YxFq<<%V40)BtAJ%4uSqj#gyTcUhCSQ&Zc%-t2ZEvXOMT>
zd5vb@^U&tvCy@@$Cc9_F_%Ek}J~Gp9fLJONDB)bO5JB6VL^z8eDO3|_;Y6t4g9e(t
zgs{t@JL93O!0_g*+p`qhMf11~4NY$2k+nHPm`lP-h{8pNIh&w$aLLRFxGi9BF+a<-
z;9EAuthnykht_e&D4cD};!+(Qox$zL{|r{yiOLRPu2mJkrL{pQxs`kcBpm%G!B8jH
zB|%vb_WI#u3#g!4g61e2h<`li!;Ap>{X9VR^7tDJ3w2SClgh_R?|Ec@klVo>7@JzV
zF(keh6X&^L*TFf=b(5+D^CG`6{Oz+|bIm(PKt9g@dKWvmxHo~XwMr0LQJb@~Cp#CN
z9ZjD{&|N8T5nTm6U}z%>AqG&1&oYt`A8Nlc52Y6SiJJDXL<$I`fkGOzQuScZ$az%k
zh^)F%)ZuTF%En5+UD0VWFL4sD@=W5(=H!$^HQ;xPpWqkrJk$&8-vy?Gh&l#VrGb^<
zqG%2=jojg12UN1;#{1*w5B)~%c6_j>5O)Bq{F4QX+3+Dxe(biUFm|$KQS!)Uxk#Y}
zlMgZ|;W<7rD>BvdEr3xx3uyf%A#D8nqbydwXC|QHRdBzNn5D8PPenlEMMd18xokgT
z>LP}PegP<Vb~HfV3>+pMEj0{6-43ULd`Ox;XYQCvk+EFVZHtFz<D155C0_e_hB)}!
zX~66=*@5g)+1BER3jfisS-gF9=a&pbQOpQ=*JP5ht#Q=semw4j*oSf36bJ^JNft#M
zPe5#z)}r*I>VjDHBh!yCn0gwVaBZVvEL6iKBM`(*go60*l{XB_%2;MZ`!H05)DyLY
z(T>MCJ(3-Yw(w~q?qc%WnfvXmHLk1LlizW4$U+F&a{&F4{c()cR~Byz?_A`E3X$?{
z02lK6?iC&JG?H07FqX~nTp=QszSkPB)HgcsmWqNCaUTu<fjS>McNBg@HK{mg=F06Y
zbP`{OGH98Dpdf`}3=3<PvA(PK-wr&B?m%l6k8JYLtLUzj(|~Vnl~EbFI%bFItg2go
z5X8d+uH*KH3dObUVn^Z83Tu{71A`RbDO<s8;mgPS*37e0*{kZK6&~l_YiD!^G!xTd
z^GPr&t;sJy`Tl;*kN#mQ4}5@OqAM#x)YXXp5|Y3XnwaSz7d1a2KH$9>%+TE8J1tn0
zRsse(#_WpPkj}AvXg|>@c;^<h`F7jFC=CM7XpmY&a7lm(NK8CD_P~|sD1yE01nbaG
zp*plywtj=F2{4bcwTc%EbqgP2NCy>j<?e?la1MZyj8v{x&#GmRA3s9Ieizp-yG2)r
zYM{rgT}m<si1fIu@tsNlSd^5p>V?!)nu8l-3@Cv@h=<B`3M3s}VO}gG!19<Jbv9qy
zCDI0dgAgp;vcxCeTN`r^g#vsS_-%0YqUPqu5dHl=;)kx^d!EMu^yqn@S0+-xIy>FP
zuuzDfT?sLvo{&y={f+YX=IlU_DSp6$1^i)TSJG{;3#T}Nwj+C3z$i-J0<44h%kxDW
z2<pJc1Yn167CnQ4kS{d}rqm8lF%YGL9vE1u@}#&?(e8$=(Byye$P%Vz>mlwUjvrYy
zx<mz6KK}+byb7=@@%Z~!SNW0gMVQ}U^DW^Z>}URCa3g|8br3;P6JcsiC8ExMZ0`g2
z^PjX+VHRF)a{H7q`Q{tiLH~QqxTs*lbN=uLXA`?+@*H%VV<@SH@a`?$-I230ngxC*
z)S;hp;3GlEUkQ%LXV`|bjOTils_Isr^Z1{&!j9u&23M7t=&uxVCJ!w+@WJoggx}F`
zt|3{nA>`QaBcDGXixLKJJVdBY=3qOp&7#8A`9gG6{AGDP<gZI@IqFE~JSrnFq`uly
zy04&u{+!+Q2h4>~-W{kj+yb;QFC-<Zdsm9xdi7$c)r1}XHg?!vt-x5SgZ>BqdbXK6
zY0u#89@A{3^|gLz1Id{yS%Gq=lZ;!RAk7h-%GmiEakG#J0+kH*sgiUYZZd!1yodtO
zl7t<#BE8%ghg7n3n|mNYWT6*2Ejo@1nJXQD->@4wFsg%U(vdk@g#R9!I}#>@?bY!m
z2XA-%Z{*hlulInSykv6%G};d><%2<-$703(@424m>o70+pWd9duDf?*lWZN(L!T^G
z0p{R+9Fb&=FZhgxNID;AZasOE2TE?!hJG8AYrbq{Bh)B5jtk@vIpH_*!f&jLa5A93
z8j|>EOsa)F;G8b;m0Mug+_Dksb03_q9x@H&b~3^Y_=)(Qk)x6p&t$>-(P!_~5odIC
zX%C@4qy;buaCQaPj$WxQ)KxlG#1S8D6G+^~)GLRoAt+T#*sJcq5HjG!j2vPiJj{>g
z0Y5##pGAv=8qXa$4Am;gqK~}Cl!Qa|`)lf)q2GQv5=j-hz<1fGANRrn0M4QnI5Zz7
z*j>=4N#Iz902mf`c(yUTLiXvpv>7c@<a5p)7mdOm;N=$Pagbe6wlt__26Z0VM%VZU
zxA1t@Iv|~%%Nf=%WEDh)djBBw*}YTM^|Lu)f5YUZuDG-&OFpUC9tl>&(2f2|-O?8X
z`S=d(iNY34Cj(zy?6>F{4@zfjv-+S}h?GR502{j<@HNDrBDwa024o(4Ii`7m{11Vd
zHpg6Ufq%<H$v1ODFGwTIbP)*uI}Z!8x`H(yu>=i6L>&NVTRER!1FEy@UiRFA?pH0}
z5BwW~WjhVtjf3WK=eM#kyPeFS1bR0LiuVK86SocZQi$(XM<CVzVG&d2I>825x_N;;
z`R{yl#=M~Rh-9`0w)pi;Ao&4cI3oQ<9bov!&;=)IrB&TwQl+gn?!ERH@C9~Q?r<K5
zm_&&WD4wXpEtMBj?zrJ-(A-2>R)Icu=6if~W0kSFnFPE)5q&=)6@t@jYy<Ior=_4l
zL|-<9WUz`l5t6sNJkvkNf$S-5=nUg2G}TGxH+9KD=)4S+6d!Eb`xT%vtIE)XiZ_oo
zGuD;_hCIzxq#xDQK&~-rzElZjGb>XcYoO}5&QBs`!T%|(NC<)=Bk1%&r}>&b%atLn
zF5uq9o(DvemNL7`=Pyv@M45nyPM=^GoNF=IIkZWid0u=e8<<F}2S9}Nzu#9F>V}Z<
zjsA`nl{0*okpehWTqb;m@}s^3?8Upy%hK588T;6d8=QFXsBE<CiyHa1t?ns;M;4V1
zywa(a3}^8i^+_R^f<i#Wq2DpK+)ypOy#NA*AM(0N7s8ILJM6gq;teeiNB%S<eLn=m
za7ia2_Ze5vYq)`OQ#VJ^4P7`kR=cJi3N`g@Hz*^|3ow)u0WSwM@sI9|+ms*?Y(MOq
zbm$|?DWk&I1Slx(#TNtd8KPpi@usm`A{6$01LOxn8Q~^*V*gH)pL_>RLE;H<y^#jh
zY+&U|d^xUr;UN==1O>-aE<_3l5eR_&$NVIL{hI<L|MH8vG1aC4VO0xs8&?0;OB6Od
z>GfHB;|(dTofeC@+Ni=c2YUW3eu|ClF-XiMTcbbk`eUg?sHr-9hWi6xG9c+gCqt7f
zK9Bc(+=I(pSZ+(_cZ8JYuOO}<!A6WnHFA9R&7aoQD7(u-D3HSQbt<Fcqg8ba?h;$z
z7ZM;fHB}G&hC7hOT4Njgz$i{MAz7pg4%s)|g;YtXi>PE>&9%qyoCAa#ZaXk^p|<i*
z-4Zb^=EnejN0VztQ6(Xlp%tGTYJ6l2=x;z%7bne6^m&ZB36aC(p__!Fp*n%Tv<DRb
z;wdR00Z4xF4jZKi6}zo2NmDB5IvxVvmp|*{;iH044M0;-lQVe1#Orhl6fO>-q2m~(
zvb>XJ;N#xvL_ZKaHic2dhL?oMqoc^!+!v8u<PcxbqlQz>XIIqe@3TvtlFDj6ddR!l
z)SGEtN0-#dVKgWzcmVM~cXEVfZM%0480E*`qPy%2-}z;xcac|>!~3Qc(Ni(9>*^7k
zIE4PxzPhV+3-t46Tm?AC39uJMlF_-x@fp1Qg$CZ3!FEV&tmglGIFVi2b#>kz<xwJ9
z!zv)#^FIX>3t7ZI4Vdbk00VDZJS36@CZGdN^IDJ|AGb70i%Dre51q?lzQc(};TN}f
zc<f~z2w(d@-Gb=Dtkin|NKAw~Qrfzqd}Pp^Ckg%px6--Y)9{_A?tdZW@8hWBum2=l
z#NTWBvsWN{IV29;0X=-5-@P=SI`z5$`JH6@4jB6$bnFv8F12^z6y}C_?zhNOsgUw{
za~4elw$otOmB9GgB)pJ^hY58HU^xktNubuV(S_07#K@uZfhm*LkVRBPRO#5Po;FO@
z)JG#ZrYwmo59k9P4S)9PAtXXt6^(|9Eb+a=g!;fe5D*cWlYXn&vWS2_s%6kTFH&$?
zIrH3M+R6T@h!}~o35~u3U%&Q`?8UF&)jeRnW^NQewjyUy@aa)RNxWxlPe^*2u`(hO
zmI&G}BRZ!}ktq}i+TPF-qzQL7uo!kHS}hN&pVDH>8!xWgaAioq*Nw&8<%OoT;0@59
z9R%Ib7HxmgE^8M;Frzn@zX5n#{lr=TEl0b|&I4EL+9Qu#xRqf)m>a%$HKho`pP9>8
zr%;wh=fIKU8{6YW5^~gd9>HY?P@BbEsfc~HO<#4cY+#x(l0*U7%*!mUJsRPAAK8ai
zy!qQ7xY5}t#Yeu0N+M4D6~Ov5lYY@2w>jf+$yU<oPlxe*Az2xoXD>svK`5$w`aWP|
z%yxr&(U`qD?J8Mj8UtPf+C6+CZk_y?n0JB@Lz!K9VL!4wH?my5-8(OA+H`DiZ{75R
zk3-7~K3acPwdJp$ZhNtB`cKE)4IEdO-&z=_=qJx#ByL6Cxvm9hU(ZUKmw9e8?hF?V
z<5<#u)Y@H$G}-rrf7ez`;ZVYYlZeI<_N%t4^)huFkANGk{98!kW1i+ipRQy!#K*i4
z9vl7J`e?y8622VQL=tG?)Jt8=L^~LTKP6S{l{2S4!D6+-R*gIDzj{D#tk{_5I@HCi
z_=So4l9Q8evv@cEOGQbh_@Ni;I8Oqu?Zrh3>qk#6WkQ^lzv$R{9Ngz6SITW4!CN})
zGL<=uQ_ol*H|XZ?l|On~6lq%m3B<Vo`S)?7lB?tToL0V$@uYe{i$$;69Dw7*oinKO
zV3Mu6Y1jJ&Hl>M$Y1x&YYb%xw3ORB)FFv!jP5_l{@s}d1kzM;+^>3Cj)GZf<GdA=C
z<Da|<|C{j<?xo@Y#l-k~ZT;Q>0RB0(F^}i_fGMd5z<~hs-1N<PkyC)m4drV%yEMY3
zd{XPKLJP5jY6vtIZPAq;3JAeutmmzPCfDItN?YRFp~%IX;7%C$3xvZDij|r%jaw_9
z1^BCe-{54uIHk&?xT0M7eWTB3uFO)jqyz2qr5bCdsVa%x|D6sOu#BJoHE?{u+$ly7
z73;MMLA$ZU>DPwPmwB-MCqw`;P@lCfmB&c3y<Ri#<Vl`}<GzcwXKJ~8_E5`t1BD$^
zqWV}mV_PSn0G>QkvHYo&XZbnKS~BX-7f`&r!_qx`_IwNJw`cLOY$3FHbq!wiudfB}
z%T>AZ5~&DN(vumEb!4xW(ojTxl+kGUE<|Us9nZU>-r84@Y6AS*u1eo>EpT0i#%00k
z#jl<cJEf{{*85}BK)E<e@`&zVRM?7sc}(29E^+m8uYCKV`>W2Xf}`O-dtbe#sk$Jz
zHO+;jiS&oG-ApH2*Gv`{wE(Eg+N%L=7tF?hZolD7nE$4_-x<}!)bsViBOcv{33j@t
zOwb<oV@!OYsdQdpQ-XPQ@yq{PoPwgG-3}iB2h8)hk5gpWf(04t(~^Vc^Y!&VvwHq|
z{(Wz?w*tPvE<|TBolB1z2DOZ<8EYkpbr}vot7~}Owq`5+$hGkLX;In#Hl<r+w#3I8
z)c1YXTSB4^Y1GX<-!fJsrr5-lUDjhx|J|R!lhE_!tTp*u7b=9uy5TL(#XTg27d!MP
z!Le#rXPBVjX0Ir<0K_>i`W)7Xj5yfoe6TBN#aU5O$LjiNRy@5x-uv>G4qC30XGBa2
z&-qfc{e)X{V!V)i(&x_LRjza=q(fE+@c-Y6ADngj0~Q<W1WL5dm}p3T)x4e)tQ-0q
z=i<_rZN@XB?z|t0qle>)DbTXM;>azRenrtW@Fr8XXIJS`Pu$iYqwbUYi`%<KgD!do
zm)ANe=mfSt?)K#;XBBaQztirwIl;{QrA|s6)sxxwOs7GlrvxtAyI4e^hkMs}udugV
zUvKjn4LU{6w!JoXaDoAc2}H7*al{>;NE*Q~@mzX``#3~eK9#YeG^c&ltH;byWghYF
zVas%5c0w)y$NFA`%>Yu;{`-hf<qZ~ze*NY_ip`-V5uUo6PHp|23C@hW!El)uE^euB
z^=f0WtHlMgk<T~gRsne2s^nADOiZ9QK#V~>xPqSqW1ireNS}zC5O|O2qyxAod;IT^
zCjcG-zjr;^5aHa3%Rla~8nr%k{W5vJQ|)@V&h*(+rY~@p9`X)3%x}nV!GDQW-IsJR
zL5=PG3VGBqWuA25;`Ckgrln$j9#DAE<3JW|wH$Ppm_A19BCERB-X7O3w;g~I()can
znLbE#CuG?V&~%Q6%0KjMWcJ{x!Y!JKcqdk5HD*x#6>q=V(RAclk*%~*kzod0G^CU^
zIY0aJ*4d7OX@9i24eCud?}#dvLk3(=gkrI9D_O+IiZG#E5Y_X%Ft!m(Ru|ZJ9PWE^
zfQ#QeG(cbw&bUxCR)uYQHx0tfBj^dOIy$kJtOEisIW@5zry(tVYk)PG5yLE`FF2YI
z6b#}|K!X$!v2gcZ8TUQ0+BlUDs$;{3W=Px5_f9vxAU;-j2B0MegHwCQD`jwPQXy$+
ziYuOnpm?bJiZa6}?l?&GF1$&h*!=d1^do>JJqHm1>05;$_Pf*1Y!;S7d0}ZWYk}22
zDK|tdTz)5=?4E6ZaIn)DPxpXMBowF?Y7%ECGF;xNeIn%)iq_GJlQVYQ>i7BU#I>|y
zTuWku&;wp%s`}z@Uq`WtW13ZAO?wPaPD2_W+i)N%cstp=P(6KOW^z!6Iff4E+z)$1
zwCqy>nVu(EFaQ@qO^sOFUT1!^TjkW~^jWeaN>_@%bQY?#u6bs}TdQnY!NWq>*C|cY
zth6ggrk~e+G&1&uV%N->H0ym-F_E6P_u!CGd6w&GzoqP)PN@h&Ef%pfxXS*O-O}i$
zTiB{$=uEHMjLlrG#W5{;CruXO_I-ZCg6|H;QrIEuc{Q<RXk;(^iYWZbmAbWQ_%2`_
z+&{zMZMg_kjqgcchmN`Y65!m<^9VK#AJ6KLavy$B2FTIm>^G1#gXmcgjYbI)8a`(!
z{2dvbItLTiLhXWp|KKw{ZM}o=5*2X|cR45@*UIZ@2OSHSKJ>e{<^KEe#L~M?8!ihb
zJ8q9sE+S8Eq_wZVd<-8Yi7J%Y?V~D!=y(=r<ER4aZgiAmA&3_`4E+%O5^$n{6f-hO
zda-}OMos_~`Y>#;x$Y1P<j@C=WuY0MK!&CdaQRiPdKxF(;Dr7X#Gy<6X}N4(x*9Wr
zjl#Z=8uePRTxI_jGO7OCtY4EiODkaCXR#Qj%OMC-pzmG`1vYohL<%H_jfcc5v%d=;
zYfyz*N`h99E^YUwt{%k7b5aC^>ib)9_sd(Uuh7dKuGK<`BTgYhGeXwdNSPt_8S)a>
z<TOuZ;GL#bb<)5sO5(+In_rmy$D`{|HS%VOuLFz4uF)T~i|F*}_dCucNCUKdrj~<4
z&w2HIc7EOAJ(>|T+pBn8*Z+`s15`c_?91I9)Yd4KiN)sZO7ftXDZ}Osb0yfddW7kk
zJFjz1dl8hkNjr?O+vDm$6#0RW=W53}H0o#UrJd#lGB9FtcDnvwxC>2sRqSakj-I(!
zs1OIhF~^Kksv?Y|Fm};1U<M#Sl~lM}IXHpi(r1sZrt9a*rVnTHN2*<qkUpB37~r1H
zj!Au3N1lP{h^MrHH%}8h{Wp{PS_?)7I^Rvdp^hFhD2~uC0EzLH-o`EdrT$Gk7<u-{
znm?CP(&>(ENX=WCm9zE|0WSu!ve0wP9iBxs$hEKLRK4kOOT@q>XrL|!1Qqg&izd8S
zvGiG^nEL?Ep)OG~_44oF+s>IQaU&ydXaVkZ-?`xSIGEwHJg)Pf+8cGH({)nRuDS6K
z`xXk^hjvJxc+bn5&0p6PqVB<BwYHY}{|?>uBcJ$Dq;+kanukN^<C{vYX@B;^+@OAE
zChf>Hqx-{K6v!`SlA^}O0QF=-B0mtQ&@t(=s85%T-zv}tHh*=@>1<MGCTPS3dxjzO
z{E%xj2Y1E`+FuLpB`JL0`$*X}`wBI_j^l&#@7xkk2X!kdse)DG?kvF%p~RMJAt0r~
z-}c_uQZDLA2hDc%yEsl>@^sNQWT;5-LC8(igZcs%PwtKO;gHvqAo*+OEcdILSJRZY
z1F$wd%?H>rXmyQ4kGS+Lhzhkf>ee{v4%=T%cH#(#MmwM$PvXmI-B%?eS7jY8|2h8&
zzNR1jn)y$<fg+O@d?4=L8^~1dq=Ow;gBd!X>6u5}TDOg{_m48aaeg>L?OsfSdXrx+
zdB(P~o=xY`;Luf>^o;);891_)KdYadIb>@0ivhx3nF3wz?l^MB3e&A*Nt*31S0<=)
zA^9I&3sq1%)^EN7&EDc%PX#9KCOw%Jr?WZmF~4)RIWh=YR%i{V;0*`~s|K1hTpA)i
zP0S&B_ryI|QS+3#c8^hFEB&{;l^scxQc(@V48Nd-ZpWTLFHSXP@0`iw02QH3E-}+{
z{EiJn`Y@(|*R+6%>MNZp7lrbnDtJ^muhhmne)#R0EkdZLIV`gJqcf}fY747B=vCcF
zIh}9VJ=6?Vh{}0%68X`J*!geEQsKOjnXOVP_A;dF$sF-5ybB;<H3kw5MAB-Hm3ti+
zuSedWUKW^;`&zoxorP#2M!Vymom><e)#ML<7ii;X+-S2`wQw3kR+%>Bd)JV*s9W7}
zJSnGY%XdYRpjv+UCJ4f+on}?3rW&xRWKcikr}z+Ut1O4d-<?}t_Z!g2G~LHPSx3OZ
zjXLtI{vfb%lUpRg+mAQ*thb$i+E}kO=;9%8p%d1`NrLH5{A&X&eO1}1nmM&;`7zvT
z^T71~O`8rzRK(5ajFy@_Sa?o^{ZES>neSxL3RL`?5Kv(8!Qbejpxe#07f5(bl_;@T
zdu^XzT3Q#hLv=N{qUT7*U<8z$s_&J2m_0AIY=Ss$rM3TD{Ly;=o<3GMb*jp>(>})a
zjb}awO{6smBxiOoBk|{FpT9xNmqLJP<qFw35E0R<n&-j<b^ur1s3k)v!3^v?YnIyw
z1Dhr;g(;{Q;@W>6KCL8#9rEN+sTb}?$Zyfw`N$at=<$jq`b39K98|@^I37Ue>m5ou
zbfUJD15vU|Je!A&bkL_O0v&%}II6BfJ8jd>OyzT9{HPhTw|`8nb+{ZHBm{510{7g#
zeL;IU0h%n&@;Ibs1F=JImB|66J}paUgkS~+|FlV|p!eapc#DjzNTNP8dsXDZB;1~n
zf7bi!%8!07LlRRz3g89mIWXaL3ni7$C2)MTsM@?3Ou+B6tcJ;xdr|IwIA@3rk=r9<
zuqD8Uatx0Xg*O!PXw6E1<!PO@V9BJW2-HJ6XT%<Qn>63Rksm(yJ9e8VfF;zK=u1SY
z!~L4NG)d(xsIXNi`WbElLMIdM=Tyx>eY~w4Brjc{4Fiqn+x--6F@DSa<k@zA+KMGX
zDJHuIl(w!b4v#}qEkwXHl{{O^*8nm>!lf2Qyl}nD^8Lj&e{d+6HQxYFLzDEenXl$A
zHeYNc!Q_W4_1_Rc(ECh&4?`2CfA2Rt+3i^DeBI2on-=?3y{l=y7b4u<<zNop*v1jx
zLo}0X0SwgZkzNbYU!Zz;+&on+p0b2TkeSkL=T+uy{fEcbU+!TFP<4HD*83sgm`HW|
z+CI25Kz#}^xyA0&a}ed5{oH1I@?{bzYT3j-IG@1b-QV?1#V~aPLA-m!hgW3l#D=Ty
za`Faz>>p7&3UfG#ANoxXI=J?Q1DZ-dYPR}pE(Kns%j{kfn6&#vhM0G1`yTJSc3Gq(
zN!XwwT;{%KUL%WR91*xJ3H`vEr8rf7WIFi(i=mp!>nWW}ta<Udz+8?g)F=MK-=?*(
zbI=|@=w>Tls`g;#nw?@}|5R{*+QbltS~^hg+!<v!1d%#1e(#*8?sjY(yC+zDGOqGj
zU5#w(c|Wx>=#L_VR?YAFb3<jispKl&J?O&((Cw1=sN2j1W8W@DJwA*IWnGE75(h3_
z3`&L_p$nqhLZn=$Uv7s>OyJ!f*f}M>F6HnD3NaME`*z=oNPCv|OL!U!dil#6Q^Ur$
zc>Ajl(gW4j*=lopo>AnJsJ}S&>eGL5IJ`XTjf(`iyN>hb@klU>q(q4Z(@Tj7pL<RV
zzkJSokyT2qp1379AB^XiF}s}nw#=H5GGd{t6woeHAEbBXL$@ezThbh7nn?%f5m9&D
zu{anvo=WZs?>7J`iJ{j6>B)!B8_6g(L;3Om2tK}lR5v{QewSH)x-|<S{E@N80oP^S
zTF@pV9g7>sRoV7_fh$3)=H_;}IbUdpzG%KRKK13dX6Jes{vD89p)V`D?@HS8@s33w
z*mmN}Yb$0NOG;u#T^y!X2+(T}JvJ)kRQVdvE%`<=8Ip|Ho&y=n0(r(U+6O?5gOIKf
z-C0}ibs~?R$qF2uP2h$Sym*`a%f$GcDs1Tixsd0_e>rf&hB^Y+8hca!wc2A9yO{%E
zp)V2Tqn^m?{uE@r+VispY%06bT4PE2jXwV5%t@B9?6aLQymbsX%farEI(jmQ%RL$H
z6#TsM1ehl5e9nDdKZebp*~bxom*?F{#=-N@t-NDVcf7yEO%5x&;DZJEi7MZ@JO9;`
z%jCV<4(u3b3nSY$y<!=Ay9mojP+N%9XK5|`w4k26SA;XS0;WyrOx_(2!@A=acWsq@
zd3NxU!ZnZ#R8`2w6WccD?>MyF9K8k=_AEb7`TXa6VZaFw!IiPI^07~3f)0iskM2xG
zwD~;?E#BrzZX4URyRe7=WH5<tA4Mg&{OBco9|cslgqIybzb$iMCFK5@8Lwyh5=<f|
zehc8u2m~ysiy>vwd2p9(jN$!OZ-L%111v~fRLw2hvP`8a_-Rk0bPV<$kYsywi8*{!
z{#l&2I^q5@(VI(jc)JuauSpg$%e8oW-QT{v_~8*&)4}q4vDtujY6W1)rDG{-L~a47
zJI1fK4jJv}%jL~BKH&%p8RXLF+UL9?e5miuSU&T9#H=X%|6}jX-=S>7|M7b)DMX4A
zgF?za%1%fqTd3@0kYpK4_H2VBYoU;R$x_*6EEOX~N`x>OBFdiZ`|>@f=l%H}pMT+V
z9Pjz%>39w^*L7d_d7bO)e4U^Bvbu5K>*M!R`v`?@f+j;9QzTJag7K~um6<GfD`t6R
z^0(OAv0l<7p;>IDwMXNyVcMOaOV4Y90XzbXLni)Gnhko3svIU(m3pv&pVw(-ABjOR
zagc(tGQaXu{qF5Aeh1LTy=jYbg9kGf%#*K5gAlf4|CL{pwCt}dQDe`(#_~-MZgA~L
zli1W*z>1Zu$V~Pnl#6lIh1b*zxvJyGqVzh)0#VDXqHlNd)+l#|v}`%ipj(-+kNR91
zX^s=dyt|+S4t;-8asY~dYuIR`nX6@qCmq!AWAqb?&v0bFgu0rbWh2m?Ek&^MwS-Gu
zUUAkN1~f47-B=DDx?)&MP=JGI!p?(Yay=EQS*DkK#P_NE+kRWyX!%tDG@#9)Txfci
z91AfIpUFeZXXH{Z(Sya+Bw(&py5}|o^D$YTMk6ETT7olY_{)`6IF3W@Mz&!+^aG7m
zRqo#f;7&qPLU%XEnrq9xsPrY{$Q|$X#nnAlJetBRP5t0F@m#mnuz~U#N2Z?12n0vr
z&))^FR`l&Hjmal)ah^}sI0Zib^<1+2$EXtPmks0{ofu%b${8A?iJP9!j{X>hD??oP
zkgW6kP(6;U?rFpGT6fqT5Fb}Tmvnn&khQ}2x+h=QM2!pe5&kHO`Id7+^$U0|kU?YR
zvOz7I%9(G!A6R8FU{^>&+}KXrp%xS4xB2~_9!SEu3A|Bq>SpVxV<J|hM`Z(J(KHnK
z6)F$Ipi+V!wQN1G6|Uq-$#z_j?I<EL-w@`@?Ky{F9CpGypsteSM<$$;_@>!qG1PDb
zrLdR=I2zJPnYjWdxt3$St~i;cRU>c<-O?A>7;Mk+RaA%VM^vtAeJ>DBfBk4*pXK1=
zTsa;^lQlBveqt$HPt)jlCDXe3zP@TmpwmIo+OewP#NBVKfoVR}h>oV9ow=4DYq$qG
zlL_!llEyXRpazV25slkoRQR!}tXT_fo601<09~<wUN0ucXGBz7l~+Oue~j@BzDor&
zrx4<BzZ3mL`Rb?!>lecpICCC(Z@W`e*n2R_Oje%RUZ<a(p}n|i1~}YWIgfCc6|8d<
zx}2gy@Qv4GTSEY^31qh`lqs3zQh=4)>V81H>%}-g$hdSNNY`_)X`w||G^XvkORtab
zK4jz^j7z-CVbu$#^OkZt*;{lNqdh*@=yXj98LHh!K~!3n@4m@5bb#r(CF=Usepc+~
zwRR4sJ+1NkM&T?XD$g)XKwmrp^<rpk;gK!)LW9Cwp~5z_DT!QKHgm=q$5Xl@(XKk4
zZ&JIR^2X3Kh}*e`qdBKnJEh*!3#Pu*-+K==*1?{ZJ`k$er*p@8qza<dv|a5fHlWt_
z-B|DA8=P$e)s_f8ZK~!~F#Btpaw`TFpc+nR=Ip5kIk17baA>RH5PRWBO|!V4>dVX}
zreXcIqEvAsP(_s<_t@?xD>#;^0n)%D@aLeOdr891)3yG?&%qCt7gZxN)fO?t+_e#+
z!Z(>jVpC`O;w|_qcL^QgWfTkrM=AlA{KL${89|hwGEhi<!L~|hVZC6<`lWYDfu%f5
zvq_5{G8K5<q$#tz2hk=#*je)TMU=<e{`V(w&JaksO-Kz2wZVA3)39yzE{lwDps9ds
zXZt(yF22b$5?dKG&mo)b1ta#*&|EpO8M4tub__a*5GS5o%`|PTIL(1I)PV0%=q)_A
z0ON6DlNZ{$i!I;oTP<cmUHT=jJ#^IeuEdUa6@%+c5ye6i-|jrVDZJ0ySuC_3>OwkX
zg3`@dr~(r2vEr$(>R@!EcUuBWX8z{alncR)=L3Lob$<Uvb?N-a6gOzDF!<|QJbyWN
znluR1(`Y=G4i$$W(xQbh-98oCCSS7dWaYc{!Y1Rh1c*gVJewBTY|s}}=)uQVjWlln
zV|JPN#8u$6uG@sR_48721LmxF5%#33p9JXX3#RF;6zIyQI?uTkySq50zx>hdlykT-
z8j6pFnWw)$2;oYN&gO=jo_7epWfqNKj?<3p2h3o1cYoXxL)=9nOqA+Wkoj_WjmIlO
zpbUhK-tVPLW<#V*)#0Vs1BK)ignG88kW2GgG(G5Kr@@45P)rF=YdYnRp(7G2*xP1I
z?h0Q5q&$Kj63&+#H=F&cL$jhUX`B@f)N$4O@$qTV2-X)=D!;iVtUHi)-U)R2BmdMD
z+MepF>h)T|4qAkiRp|cb@JwZ!0elhIeIjszc2FKKcAULQjgb(B4Kp{~D)u=3I!HSU
zdLszvCMVey=~QiM#H~<jNTAI%0ZVs_mvTx`uW+v)Q?0!^io)ChX=WS%*vqs0vZv=A
zVbyr9=k?h7;0NugzHf{I-Ng{Z|EiW>(oMbta}Fm%0UG=Avknk@nbF`Q&mgVfglJkP
zj7xci8G7n-nfFTY2S*X_E<Q;5@y=jr{s1sNC;~@XFX4|4y%#(%#QwFXkGY0aoI60v
z-T-cpgTtRMnG}WoG48tIubtzBqdq|};4c$Wd|kM>Er1d+!JAoB23cgBCz9$kfj+4I
zCVO6B$?PY><I1Dd7Y($&zpqXn5Domp__bacf+9Ee`Y-NQ=U9L#-NN!HaMV#4Rggq|
zB(6Q(Gc~EfXca3;72`2$@+7>6aFpjQC`?2aJv2@V3EvNFMx|mvsmctotUwNeHXlA^
zD;nAM+~)IZ0?vN?h#`<Hpp#9m2^h?u_l^bi&UB?lE(KBd@G^zz1t!r5dldl}n~1EG
ztItS^mc0I60mf16`-<$>WBUCqeWPR56>M?<A(@hHJs)^FR2~4eQ<x%ZTN$XpNr6B6
zjKgJ8{H^W^xJ_5F_}1S7rA^;TTPjArk#GHAM2H=5*?c6AT!7@PVJ?oG&stl!_W)rB
zj%;N5tIucBWt%&WCjHaju04chl_ZXC_j(16<2XfS98oa)8P1;1=@n2!g-wy*TXH3F
zC`tzWS35XX%-c>Dchg=h7|}42vUrOIax2UFNm4h=&8w&ow4R_{+Ar0^I#^3NQ+OK^
z@J3&;ps>X>04#o^(=(;th~fJ2vInfhY5%Ka-)!w^-x7-c^Mp&*qTOY2o}z-J;a0kw
zq{82&+*v|GO8UuRl1y^ZXEPc`-xzbwv1udIlPlc{(q=ASVaedYny9T=j2U34<*DnN
z(Cnfa)-V_K0rt*)#alD*fL@L2^z36PqrP5&qHivrUGk3YCNy4PK!^)Zliib724FB@
z;q6jxu^-gLWKlIl|J2aA0{gz<5uV)qnnD;DScJ!YoH6=bZDN~T0jcO6f9PWYbB2LQ
zp!oQ$D>R6qStK?g>Ec$X=k)V98-7QM^^MkQ=-_#4nD_hVVFVung*)45BX$az1QC$w
zh<;X(|A%UR0s99-{_UrxfiHo+rIuoEUr7DxDC!r5FM<I<@Ega=t>74emJwk;jneqI
zy051SJ<`7%R+G<>)-ZC^vHWPrf}_;{!SZgjhLc?}<T}unf9p!Z_utop!@R{yJi#>Y
z<HCwu2N!Ot#FdWpwlyG^8=mRGjD**g%ZOE0#pgP}22u;=7e6BcTi<__TLYAH0B%l!
zHVr@-p+6n#2LGsS(ERGbaGGz=SVAfsA9`wXm4O$A6ffX+z-0^pp}&gY#qZ<+_nR;a
zd*j2~KmQa#nD1zy<^HA*_v4rmb8ok~q}I%C4ge|cw}u5^Akvx!7C0mT`Z|!_ElZk~
zzkFBmRu5xUsf4~gAo^B2;mBrm5Bn+Mfypq6GQpK`1nHg5+RW0V%617noms*!U<a<7
z%?Yc|-DGPVga5N57ls-*C;M0OYFbP{?ORU?F#TieE&?btl2>s!#C`iK_#Ns#YpGDH
zrYvJ(C)$1xrzHqkcEn`t-zrGa(?8#8lTluBRGy;}aXb<3*<x^Ju~%q%&6jEWE}AvB
z$5{P)L&T91z|{fCHARG&D05)#0oQ&0iy9I}S!>WDG`PGsFd|CMJJz^G%w?2vV*B)t
z1-Lkhh5o!IInfN#<4E>)iJ@VK;(#>$M8Pd-d|Xz2Utb;zD$XkIrbKyJD@p1~R5P&2
zm9wD!Q43}p6@tm)GJnO<$&8y4bqhjT#jPY>@k-hD%TjI=CLsT@20aE06%fVx)pKJ5
z0FRx?qeUiYFBsd2QVI2efQB6xhjXy=&G<`#4oE;z$Hwmek6fOTP{3M1;Cm)UB9o^B
z2B>H7a0u!zEWDO#=*6jo_Z9w#H5f>`Y6M|RQ40()1-%R8xXUskw-OL`piWCf_dmSQ
zZ#F^ehW5DjIV6CqMQj41kT@VI{zpEj5*x&dBHn%r3Pt4f>fRlHN<@>wx8*WwE3jqf
zWQ5@Bw=ezA&vInIX41jl`I>n+GX0P$q&V^=B`~c8-HQIcNU~BP6PEZrTtA$lJh}dp
zSn!!Cp`-jZu-Iq!4FAg1rouwjQRma*{=Es+S<siVr!n`(d^wM`J4w&<=U(F!|K4aA
z9E2d*+<o4I_u}rcf%S<1Jvkx{Fu#~g(H8;*IP%4Zf0Zx41#RG_Xe;VC%OPPd1Ccd4
zG8Z^nrIo=Z4{8Yt3+i;-`L)O6Q*#u>mn&P~GOX)d{0r0W5AO~*EB}!;W^;h=nnx{6
zybeygAl*!6Pv_}z-m?3=d@avdF7zf{y1~Hty2aj7>pR5E*<$&ROIZJVD^idYB2|R%
z$Cf*H$%|@F1T{cD$+qiQt24hriJ#RQZ^pt=o_vah`j3W7MfVC2I#UD@RG}GY2=2+o
z%?ks)CjNIh$2h606ubAFX74D$pJQ7o6fA}i_p^|@5FL%-SbNb(P1Cs9y`Q@jqDun0
zl<dRD!zY)nEBL|U7`S<W?gP4FaOH{1q)JD#)gS8cT1=fg%@UQ>iTf%3`0t#(=3P|f
z)5%Nr;L9LR3K}>*ionzLz=hYZ+TFMIoF5T@cAIA+C9!Ty*xAjFtLB>5ow~~OTBVil
z_;NF$kfJm%E~_e*rg>;Oa!83piUyy1949U>htqOu>Rcid3jKG*ldhJw6bu&}Zz+Pq
zV>+L-ePXfe`#>si43DgX%ViC;*a97W#k0|z`j`M=7FltHzj{DMsWA%<I6-!PuZFd5
zLln;7HRbvOtO~gX4hS#dDs{@)aN3^A;_cy9dmfiu%8wi2hX}y_RQj;%@4rJ<qL=`n
zveuV?^nd_l*R(31yuT>|m+H?L&m04D(Ir?%kx&wgGc=D|-W$abcD9d#Xaggvao=t%
zD`;r6PO}A#O6+FZIJDbQDnW^r#k0e9YmnKAWycUCMyjWCT3E?o-l!3b4g-tI4&~r4
zuBy?Pkf<ucd%w-TR2fm|G6G$31j{g5FM4Tp4|{_FG=LmfLk@_|gy1@@;smIQ-f8`x
zA7?!xLF>eF9rrh!L|~ICqeYMx)hrZ0p-Hk`9r*^bUUlX+)d>h0IWr0iZg#nLHGKB_
z@a|2nkkVfrYiE!2ew<vwURbl)%90rf&!99+B!OFiEec{mMU>CHW5l`w(U$1vkUjs|
z&VP>Ak*){XW)P10X9XQvnw)$FQ3>V*Y>=19?Ibfcd7`*#GNJ7!J6{eHxTc><8E6}h
zI7s#JVpUnce#6zZN-c=cH++Hl!tBooxG%jMsQ}*w=L;zN%c;+?AZ%TBO!$Y8GIX!7
z)=Hw@TO;wPtLbP0dg)Kq339EJ(oB#N97)V@u$n#{xL+iQLQ|rVq7cZ+Yy(}gfNjOg
zKULt^q?upOXF*+~*sFe6HkjO3JhlY66)0!{drE<=7*+OR$VuPUrVK?q7P3^ev|TI6
zYZHoIT1j0C|K4|I9qg}8^oIQS9v_&hf-wjz?q5lkLv}T-bgDo$W?y{n@X0NP%$LB&
zr1xItbJmuM+Led?6v0?RiuFMlqjTj_;_CK8dygyQ<k?n<Ga?Zbxcl+XAv+4QS)(Tl
zZbS0$PacL`Yqtw|&E-Cn$&3dLBrLO2;vnA=;(wU70Ua^MG;I^zcc8?2?)9Gxm-D?2
z;HzhT5?Pyf-96FQ<wprF44y{fgCU=wl>^E<ARFULjkXNFxHX)BjO_cTEI$TkHJe4_
zpHG!-$*s;*Pxe>6_7v(f_;<Iko)GZyIIB_UKrttAWDa6T&Zbn9e+7}&C0ks~MAPQ%
z92sYS@||PxdC8CWq<G6SFDEoKPg^|8v-v@fV0is~Z{J_|{(urnVa*sviHDA{NAtrK
z7&-a_CZ#8>ZEq23U&8f?ak}m(k?sEQ=Y}P`hVea}PiFsuA@Et*--pC+8q%Q6t==5?
zW(%QT%9^FmoTK17$1@x@pEzJ-YedMdIeM7z_}`LZz+B9>cbXEEggLnXJjni-fXjOS
z#reK9+zpsAe?)Iqw=H9w9!E~K{RUESgu9>6Qau%Wjc&aLLx4f`{&3T+tOKoB;E_ea
z&R^^z{1IsrPav`%7&L%h+S-|BW$i9Q+n!?wL)>G{`fEOOZF73eBy>SC7$L5Uz@>Lq
zrySS{Fi&%(tf>nj7w6B``%7d?K#x|2F>gxDZ?3%`KDjSJJU(W@&@Yqfncy&MV9-T~
zgINxO;O0{Tvb&_U6id?wh%8}OaQm7j=7iaci*}T75Om_ZH-8&E%wZRhIZ|1;{oC81
zXeW&Ql3jkZ5KM1?NbV7pRRs$rLC~}em{qi&frNIy9n<}rVpK(-6lYSzVL((@SD*cH
zArOuCA6D98u35PWwHO#2f<oYr&SjH+V+i-p!;mIE!WpW#KmBL)ZG2%6mJn3K+iG!Z
z8TlVyR7^#OBmH}h(y#UU4}AFXZ)6B@a+2vwf3dngP|9P@Gq517;7>XvoYTapoP&9k
z|14+AVp8yrX4RG3YDjR`Q%5t~-qKyM<|-q~(jA@rFp|d$qFLr>XK%Y7gg+LH#GLO*
zPw3+e7;Y5xXwmdZWc^IP@laVE35EiA^%kr1jERI;{Yj`0#>{;k{A%{^+XwUtDr{l-
zOY;Mvp&=dtsu_ci)8l^Y?&@1v$Q(0<#Ewc~<8Dp-``Xs$=eI5I|Fd07fdX}<uFoiY
z_xcXHV_{jyO&>>As>sf!0+sxPgT<sZ;9YtiH~H!(GsbzAtjN1V4nA~T!W#Cr&ft*e
z^QaU1`=}^+sJeO+=PF_FDk8dvk#)nv*GClK@i$8q`?UHbIwrgv;n|mrXbjC~-2?JK
z8G_c*hCJbtw+j>vHYuWOHu$^E7_T74e?vP|i=8v)MwuEWcFEH!W=~4n!0@8`p>0c0
zd^>L0jm>T_vI4<($+4ki<_q@&6>+JUm_U^_tWGz7mOj3yRh32`7<Kz3+N@}|Iwn9a
z5v4xYnc64sWm}(%%d(MgJ8KJ$=Of6Nt&@?<JF{#khGFX!KhVz_k_nxoqsl8>HQIu(
zeX6in{$ktFpV<RSuVYz9ssf~^t0x(1OOy*7D5}PNYGSQ0VPs$5e<uJ{j0na#qS7&z
zLd~Ff8n)DEus?^P?Y41oi-E-uOj$tukifKeTE%U_QiK0)PkI!dll1s1!G@B{ODQ!a
z6QHW~x-ZKdW>IMco~9~FqN1KjQM-i8GGzyLNkj7=qn#Wz8qXeACO{2ma$AIoa)3bL
z{L-mw=rSry5py#zZ8}-=R(JMQc!kw7`GydC30V8J4%?c*D4S!guc{?V9BTycopXt8
zrI>&*5ZJ-=49-Qj+xe7K4%Bfzo?xCGNIN6{j<g@$3D$M~yUjfUE~8m^v`J<CMfLuc
zw*?rN*tilHXVEe-%uD158iXWuxdbk{L6v*t#{ePlIITy_n29&~;#<WonS-Crcjci`
z1Br3qv${5TQ)koQY93^hVgKoo__TSq+ixig^HF)vUZ)`jR^zr_exT;7JcPRL1ljqN
zz#QU+Lf3UjF0Q}OpvkkkCh|ctv(xEc8415|8(MGMbPk&|K1_qm7dY3mq)ur2DtGhc
zJ)rT6jzuM7Gwn$%<pi3oY*ReHhL$~aXsKc;69jMOL$kcC4aF&6*ieUdDA2%=KL!f_
zS<*XcPom`tt%vxjCQ^$Ai%Rd{tMvOkN>39-MyG~>1R2SC5^w%vY3=#ve@6%!^K2Vr
zR3AlL6fU@3ssy8p>FU3rd`u<Np~-3N)ue(l;sv4f;UudKx#ns@IM-kb!{3$Ez~3hg
zhe}$dN^$SOaS#F%48)$(`L|2YLQasC6n2dTsp+!XHpa99!vfM<`czs|I)VMIUNlR?
z5ly($_|DI2BE>QS7m{r$jh3(5pO$%C<7O&J&#lu^_JtbPcwp-pe3}URQOzIkkKT?+
z>tNQe0l&a{Bb?`)b8r;mQUK)Y)&WjY4KG(z6~{BcP$!6a4Bq$h{|&Fi0chulM@xvt
zf+@DDK(6ru;u`+#ubq11n&YEIpv`NaRPWcQDJbt_e;5m?2^b8LEH|ezG4%=LF|n}n
zdqmIfts_vSXNU&eqx{i8y8YRzJ6}GR@N2kkw5>4?7YwT&udUOd=}is(X-0mSdpwpB
zMQZ$pCXj<%qch;SUQzO${oJUI1VG!A!1Q$*{c0e$aqUw^ZD*W$0V#QxKNNR&y}eBI
z!&#1cEl?|JWP*J~BC4k9@CEQG|2@Mm9b>MMa}43?tnCuI$}lo{Twq*MByT-iAS!rd
z75bd*b*;4*48BhbLBWt|XJ^6cRFi03hZGf*PrkX@RX(Bd$3&OP6I=iL3Ck9>B6BEt
ztxIJ69S!R|6{8BNp_`(Sj-ri=9@CWU2J!ax;kBl6ffRm9Z2*P?U7<%<+b`7o8CGS~
zFKqaTJr&vIky+YG2;P6F78-9>;;v=QPG_gB_)a<kH#ij(Boh_mX=+}%XE>qZA+%p!
zTDAM}_dAo0e|-6aP`S$qS?WliF7XOT;@EdJ(b64X!8mtF#XJKsq9@q>7AvOH0Q~e@
za5WzSE#(1dl;Z()d7VO3!l<t7<`WC2Hrqb{@uho;Efs=c1hpS+$ym$TU-y51aZ2n^
zM=q90iR*}HYR=Wb=m4kF>`>}*n^<s8yU7>n7)VN3xz3trO}Rv$R{D3O5`Kyi<n<nc
zIoDc|2___9AL<;&-etH~#V-y$8A^81Mn!39scr%PEQ*^rY@>R%aqj{v<S$T&%3HXU
zr~E_@6w^VVS_2m`-o*n`Li;Wez*EFwh?idw4x`XRW;AZDgrMjCU*5JGE}*@fHs>B9
z$hVn(eh&$^OWfVu@!$@<*f}oa{=Lj90V=dDB{*`jCQNs;l5{0|=Uim^_WW_B3)%a~
zv3DaWtXsq#fY}aocJ&5|44w#!pRSoQU!9owtK{+H#_5el&(|s?iO!prIY`k=K=9GE
z_q7V<Rg_|Qy;McGz?PINc@^4%pPqq{%VDPVb9V~6@nxHG^}kg9I2E3gAQ~u#5zkYq
z{=}EJhR$;fvk-lkGgN}-I(w?hwikZe@9q+^W_F+6{2ii=Z^~LbHdWsqvVv$P@P<z7
z&6co|s&EOeI0Yn+Q~8$W4}R0j)Gjx#X>AxW>i?<rN&QvLKOzg$VU(L(TFzO%`&rwU
z|M>3*B#-@C@>J?o5ua^6*PbDrJ<DSp_@<04d(GVkbn&%WSuqP^i=bz$ia;{c)IXe$
z!C9AIUKFDrACVs4p*74_6}w3^fO)JL6}=MZ<PuYB8c^v;bJnB3xpy~A>#5fIapc_^
zIMdS8D8`nVGbv+1&R^ugh)x4(KDBIBd6+vzEf1;ZJe3^j3p)Bw?quoJmC6;ISnwPC
zZZeQ5*eoq+L{B!R=L={1_YnR-YB}o_PGRi|g0^GyeY(S{ZF^pYqJ%m>*fW7b$lg?M
zs@knmOx!ov<}mz@t0=MKgc}+XI{<{8@gz5(B5J0T!&KhJ)qUAe9Ewx=3tNV$_IVBU
z2nPOn=lzoM*y!dW(0sfEq%%`>(F}tNe)A{|q^hkZ-1H3InS4n|k3xaLMxj5L(Uf0{
z-A}YQT$@3_1%GiXok}ktH>_BKcc7SkpuB%+&$K?*uC^?;#IzMkdB3#;$+gIrpW9$c
z;ez*uV&h#D`mQ+;uaI)tiZk$O=4)B!u|Bi%sMeg9G}m9?$aV>*skghwr?~Izx{?Xv
zTV+S^Lm7LWHm9Y$?N5ce14f7m7@kigG88#om=|bM<tRV*nSh(H!8=0o8x6!v^L3#t
zq@=3>tJycC276?+7a_P+-gK%*1}_flzdMifo|0jKadvg?^Y;WJUQL=mrEb1)XnR0>
z|E+F(hQbll^_MIt^y3+}a@+jJl<e$Cwh=F0eueh-QdGk)^#rI`@74_0d(BzW)UMP8
z$Cu{N%zmnWT*=Zb%f=Ej`d(Rk(Mr<|tNgu&bDx|*d*Yk8xjW^0P-3ouEw+C0c|KEc
z;M;64u9M#X_~#p^<(|->V`j3kJ3czcG;d7#9&pQB+T{iOp$^CFS3oy}v$tp#*0D^A
ztE7o|+!jCon<mVhG5ypAAN@EM24#^m|L4WL2WvX}1^9uRVP>}1blFh*rTMEJ-MFF6
zmc9~X&-aJ2w$DRnfrH++Ir|eY>2?kJk{0h>Ov|6SMT-tTiE$#Y+Bvt<M=a;<hZ!a7
zm*5poFlb;;Q5E%(N{2*xq|W*F6aFLy9TP$pjhhCwHOn8a;3HI9b-U6(C=9mdiho1J
z)f_S@@V_&z!{MfHFLp&WWAn;Mb4}t8LH+QZSUd0$u~4JEKI8eU%qjC%KR-xeHQynO
zA86OeP`T9!cq!nf#Dk_DYhiA6FE}NO#+{rOX-kW-O+yvkVPvKFJXECD8Z;y4_Kn99
zC6<{vIyH9B+E110zJ=|3?WLj$yc>d_mOf%%t(=>iaifd|Iyzs@ATIiGBs&_fP9_BN
zZ>V#)UEhOir%fk9D$}J@$S_G4esh>hT&PYu;{Uc#^T)Dz%>WmQ9k4$3IC4WI9r=5i
zF)wAz+E}ikV(T)13c}g3e;GpTrwFzyeqm#2H8_8veMQ|`H08jsN}OQSAg*{9_4^zN
z99r@;XC0_#V=vhaT29j`Q%P-x464|B3MEeq#G98Swb%H2bXd!i)rpljvQL*K)BSOK
zN^lT&vQMvE8N85HrKIDn*gcRyM^S;@P5Zim`W0O;<4gyzjGGapVcAX(q%jf;0L0kK
z!DFqenYQBZSv#6sjv;V+gZ~^uc|;ON((gJRdy((4e-@@`&zpvQD#1xH8Ky;#h=1l6
zClhwynl;wP(SCc;XuK*vv~!zObBve5Svy8~5rhZt<Vd|#BO-0D`SqTm!d6`&`ho4d
zg)7!)gAW666N$6`d(PDzLg4n02oMMkP2dMQW|j!Jy$Akw=nnPa@~8s<EK(9?!64CR
z(!;hy5Gdt0XfB@3ObOvgk3^<>e3(qNsk~u=I6B6iaTNlvqCOoOtLk>cwYp^bgCRN7
zHMTo^1l!-`nbBBzcvKy$h595K>T=jy?Vn$J%|^w+&tAKszFCh?Sri%ZQIX^_%80W2
zs>ze7^oD7XBSxkfr#AB7geehRpfHAJXQ#5if=f7}W}1g^ix+;e2X=Revb!`fB=fyd
zv3`}68q#+~<uLPNQ<Jan(bZe9sR30QpR;<4PW6Axt^8G3Ws{&5Kb5MT4v3O<U7DWU
z+a0;wOcg4DV^jR=qrdiE!Gcp_m)rTNdQ;b;{jzxj>EcWHv4vSLHR#>+l|0J*q5hRp
z+Y|66aONsMu>qKKZV31#mOeVh)X?B<>2w$Nr9Ujz9r5&}=`*LlZx7LKOKn&Ya9aYF
zP7aB|>=D5bMZs{+SsgwqSy^-5W*6Mh8S3@VB15YsuA6_%gT1ooND%;8>-p2-DR3}u
zvTlFDCAj$CZ#_6ER{8^?fFpa2QNMriFZkiz<$6uoUOY?OKN~m7B@0Q(@@o)@2J|Vm
zC3+q_`~w1yb}!6G12`d8P8cA7X|*u-_q~<M`o(mx`Q#Ts#AHN<9=Nj2_PI%No0qBx
z#>CG1g_=FNO3>^}z-KI|&=UK<^jK2+gA(C^mtX)CVH%BWGgY2LzmpDIBc4ywfWn@y
z*9v2<85(l;`(I7wYboo(Nns9hII_3EzH;x-$e>IPL83viI-<b&xt#&!Vjusj|4cTu
zOOb2oq8PV|y)66)2BdcUx$OPfVk;F>MTtJmMjN@50@L~u7|?n;B^BH=NrJ}xA(KdC
z<i^pBTKrr;0S82Y35|1UZ?zZC5^U^D{`(a^nAd$7yjyB3l^qCSo}XdwdbU>#h9uX7
zsbF@P7e5X2qWxiFWsI%99P?FVwu5&lEI;@aZmU#0+dPW4U?NfAh({#m)ygX|j~)P~
zZX5ApM{a4}SYs%7DqH0FPI-ph5$vma>m*ysDygp~g-!?x)oM-5gUMHn-3HyA`3}@V
zID)L&WR~LR;KuLaKtu1%Z|F#3Zg}6!g`A`=gfa_Tx-{2En?oH=(hH@|cajN#Pk&j~
z6P7%lBX2=~d%H|&<_cL*>x`;jvU09|GGavhWwh@k&HY^3134-PJ`pI!!A|$#&h?ux
zWI1YFqx5lQTpXm<;!6$J&KY3l5A2yL{|xRIpSQn?Qj+M$F}<idj2irImV-iPxIA=I
z=FUcB<Lv6`x`!>vEi2bW^s_+R*ghLPE#y_{8kBr<81-Z$-wORyU*cKYZmw1Np3KlS
zw>Z5KC-8i}<pq!2hR1|?HX|PUp8zln*vO~6Pu(5zzOiOGc{De~8j56nGO51Fzq|$&
z^0<#t66Bys;+fy<FY<I>2D=W%xZ`~j%jqq>0m2Sn8_!PY(8B(~Z&y*W*Ws}T+rS=<
zO^dI(@}qnzy_*@akFNB1<!t4-zM8KT?|2%$FYYCP;u<|juRUW00>qxTNw;}OJUWw_
zb}uOUF@vW5^D0kVUDkt8YTadJMYbjRw%{%G4b`(mt{sr^C|uo$3*-$>fJlzx5k4tB
zpT<eMdVh`J0MaMJF<RO5-E(X5mKB5IUAIH!cgAy$E1ls@X-5c``%fKkBxo+adR%#!
zRzc}fNB8;aRolJuM6vTC`I6uzjMMJLG6cE3^nxaGa|z;!mh#h6+}l(x6I+yI6DD<G
z-c<3uton>6^U@pL?&X8(_@Q*;iK!@~;JCOu-&}h-_hOImcR9G6-BfQ3SFTPw?Fa52
zCwZtMOmnx83z!9)(B(X0-&6q(iSJ}wSA2I9xK~jz?|9o1`O6ZwjZe$hW;v~W{qgI?
z%R!5?F+>kq4-0^(n^8t)Rp=~gETDZ-eo=%iSD#6CxwhA5hjtq4FIEdfXkb`01H?9X
zb4X!gAHx-UFbA%o_!e(=xbMi)rfN@eU3~=MF+E>5rB{dOMX=BKp<@5?q=p<ZpX?uS
ziXK7>^IwiL&^0<@BBmwy@I7MK&UI@_jFC!a=^vnly<K)yo|`F*yxu0I&OT(aE>gd{
z<VE&eOWM^jR_l6j??9G}UeC})g;;s2mOnX5=b<Icz5=nW)Lc|-(=zYX%$m40l^L*6
zu@@x9hCRW`rgDBMQaP8z?P6oDwP7Ve%!cFE40=Mt-im!^`?IQ+xn-z$%hffp7&rXo
zL1$u>g;bjCll@0>Do|PZw_Q@hvP%!d3`w`C*Ux!yy6cP%5++ZtDyzM`P0VGi-5VU$
zWJMEoi?sxmBT@Tmly)y3#>VbD!p)Ec#Kf<Ao(VtOI!8ZM6rAD4@%pTUF4<G}AR%|;
zTGV)f+?fWQI|2s;US$JQ-b9NxciP05%N<HLGz@2(PH_^+9YI`19Rz=aH{v#CB1~J$
zVqW!5wzbI~xKM(m>VUhRH2p9nlVM_NE^FryxioafI3ON+EtnGi@;AMAPApE?p0hDo
zN!+q?uA~2^eVV$+es`fGow{M#KjSF&ku520@*R`RLL+x&xItW4XYTE|W^*8)PAn~Q
z8EZ0S3Ybf44U}A;-KcxK_?CSgu)jTAvR19!zjgYh=_l_8#hEQ9ZvNGo3t{P|?Dyez
z>aR%tk<T+Pu728!LhX~ge?Hm<wa#H46Xt$swc*yM)(@UDo*y{PyUN2nhIr@lnsj|f
z5`zKJT2DQ7wvAI$g)o)5xp7`I@4?SA6M3e}Iaa@>53u7UdT>m|PqB=^Q+ZJWFTp6Z
z0)(z7_p$$$T^ETOXD8rFqo#Jn<$D%ZmIio-&cFJ*`8WA$2&bQcmY>kR-N@WJ2j+5u
zBfimmjp1?4lnWJ3y|QPiV|L))Zu74ovEy+!(|$Q5B<GIoR~(}8YPZ}?yD4yBy%@;N
z?QQT)an>cQBRt<z*;*9#L6@@JboCXVp-otFhV`5744R<h^LN(D-~`=Tg{BWrOL`VO
zPDl34^K0vyRQXfK&Nwk7nrGM^ouVH-Iwk+{OP)&HPm+M2iI%A_@5E)#i4ghmbK;5V
znp8?N)`Iyg)QsMYRUIMXfE{i)MjhkL7;seGBc`Wdk8q_w$0eho{EES4uZicT_5SwJ
zp3F}55&K?G)U(Mf?g5M&(CRp{fLL~u@&?8suv_nD&5r6XTxsUKX&Pxy>gk@Carhm~
zO}(-}Z>!@Ba-ntr8i<x=e^Uc9>9Xt?!-QHeGwAg<P-o6oUD_oNkNXBD{?y&WrTyyM
ztx+l_v-WYB44c>_y?j>-=liA0dhbT9%Lm;lNqgcA$|#R;uSWKbrGa-hS)&gf@z<C%
z5d1xwIJRx6_~8RUo#>jg=)NRu8z06phS9f{+gU7yiEs3|9L7vb%$s^bclY;#*I7?I
z*D7{<_I!u-ZrCW0(mJXWAHHth`5N4K*@yX{><_;=^YC|rkFR(ffw9=L?YVp2n{Dqm
zHf_c>sh-vC$|;WC+wIZZi3qJV^^CSn7gG{VnK`ewcvTUd0%?@(mF~W~2b5+?_G9O5
zO?s>n5ha4reuQ}M%bhSMbpLof*@Er+DW2hp&G{w0)?T5gxzaz+JcoFVX<hf0+Wv}j
zDd~q_q93mXibH<O9DE4(s{O)KtF7PXq8~E%)!ogtH;&E@uR#INu-|gsFwDgRH$fW)
z+Rq2IRjWE;9|hIi2yK+`zQEO2N(Um0%vmQXSRC1ih>%I;d%MrWCgnbuK4|_pNUmD6
zUR)G#0aWXa8Gh!ysi_14t}~a6Ze7r?kz-#rbIAOa!9T*cH}l-G$cAxCs_lp-@lpdY
zjzi{ydoT0DYB7S5N((A&WTUNFh}}PV{um13tL`wSA5SPHTkQVO;%2%~A;4(TnE%o2
zu$xrP9n|3$*1~q{Brq9}Kuo}y)*XR|)ZCmCIF<lo+6kIL^&iwsS>#$Ve-*f>nqh=&
z05@@h?FFU50Ey{fc)j5UGf8T%<RGAdb^EPdJbHkZF^wD*$5)Qq&q#)(kCkU>sMazw
zbIB=G3kKR6pL+@Ze$HMitnRU$FD?XgKM)OUS}E2gFrslQZCy4LK-7BgkuXc)lDr}g
zC8!)JRq5w|X*dO~6YQO6<u*PEH{c^#|F%?noJM6Q^G5|%Y>NJ4Y&g1EoZ>DZK)i~&
z=@E_l8)E&{l%f4M)U#tUhsSQ5;0MildNX=heiqTMy0jzxvPISLoc5v`BgO<gb<g5Z
z`Vuhp(BFzV3)D#r5^ey~T8GHK3hHo(evUs|yX6uufD6%$kghpK%?RbSuNCx;*PyKC
zrG!Za#MJ`nJ)wB^L9SfGd(D0Lfj1<BrgRq%G+CS%|8uJK{uBO`TJVOd7}(6d-+%+x
z7(2b>?+unB%TUW<G?W8bfvJj$Lko=?|CX_@|I&p0-WM%MUgmm<-<&)gDF<J|?9<bR
z%5u3dZ0<Cq+V#U=L_kNY$k4d#*`aZ43ILhc=>mds<SC^ll@&0uFa$viy5plaPk#i`
z5PXQ<qcziCJO7q|72NtSJ85DJAQ*kY-6)-a&Fv$&K!s;>Vns7ED#Y@dWGhSoSB#E!
zL>PM-7{)=aNgV({x#=%n@PgucUJSnh<xI#=>MkZmSd*X{KX?ykhGI{B3oLj4ofib;
zj1WKTeEo+UxDJVHj1K^9gqDl`W-}=i-i|91%9qp><3|xyikVF?aK&3CA>_Z#h^bux
z%5e8{=VSM0?|MDnpEBzHcN`eBuK#hM2*fHJos80P^<*x<A!YpfnX`9|{KP{|ISSba
zRVo3E2%#bitL3*(XpTS$2Da!0H}vGbRTyR?)9v%ULRT1ReRXBAoF_5vXI%}RPnHeE
zm_Wr_Aj?cmN#{jUit0#Fx4fn8X%dL*pvmy+ol^&pI7vCBTTOtaqCixetJH-VeQ>W}
z4f%0SLE@P+o42&210&P{dL%|hZ)Be60k(JYT~?V0;Qd;`3$%g&F+wJO-*do%c@Za$
z?}M}lEYl%PKQ4O$R*8bclP&Lk^zSeE8NdOBnxBBGy%2k3!%UyiVRpc{;zRB}vz4SU
z!I)RUQ_z9x*>J$?B~D7W=0Le5?56Jf>y%QBLs2`S@%}+b5s$_DDMkQql0sH_ZVwZ(
z<zb+8{HA?R19@=3{Qb#lN*S5aMUlk8obs{a$7PhpZ#@<a3U2Q+oEn1k`gIKlhlN2u
zc?PL~4S$})xoJ>J@2xJHq(g(bT&70+2$<_Er=qWadGVTLIO-R$A@||fJm|5{SkX&s
zd_;pNWU@0ioO#Vd&FOlKPV(44fruG2qrr&PUpmVY2hB7^H|K6N2VMZgD0;2ic)Roz
zipXSfU0Nb&PIL@E&WpcL8X?{F0q^cFOho~t#gJYMpQ25flm8-1hj^Ks-q2)311+`p
z&q9843B-+A&&faGStC-j*oV@|tiVe+sUdmKP9#ZGNeMrywWmcc)?8WqN-d5~%axle
z`CFQ8CxG~XbFrA)UAFVQh8ep!m||DlCuZ^PwiGY+Jv7zWMDQc*o3bU?xC`)HSN_AE
zQ{m0;!sOZ_-)%B~-MsW2<mf}pU`6)Aal2;_I~28wvGdUm6Rjqw0Y!KM*E7T^>1uz7
z^-IOM{KtjRzBFiab-R2#w9YB>QU%SHeH?8wr1|-l3-?ptZ5UN(BS`s7MZ{9RXb~Nn
z1M8OVu!d73gU(k6V}5>E9vTl?BHY1u9>iDxr}=)!TpO52<5^&$A10X=e_;UhIyFd1
z#xw(6Py!8NRn9&2Y+apIs-pG7vv7V!m`@wiUSKs$J(fR`R$<Ed8qd7B6yiaJFgAlY
zvO~;1Yb(*s?<aHsQL5mcc~<+lQnyA|corH5ifqs(npC#TBOXj~4n#i`vi_O!6^PJh
z)dhd6CopItU(Ht%NB?|mZHTQ&J^z)KCcvm^fpPZkPGzj9+3{rXHrgFfSbc&4rj;m|
zYMYhW@<9ek0A;3UE0(f#b2cm^_`VuqXcCEMaR4hYqaPp3>5iA;Ko|j2IbMX%m0K+k
zkMkvE9YUoP6y`s^bcAEe$bBqws6OR#lVFTBBkBFci!sdv<;;+Uo{)$N$O^2tbKqvS
z5#&-uY^a<NT+E9iTC5!?9S_y*qTxzUN6$3dWM>H)ptHn}vCsQOgk3}E1KR%bBKR=M
zQL=#n`LS|Zjg|)KNjqev<2(4;jlG;&m*Tx$SI-f)&7MaJs=U8zBwwGd`SZGgIv{R|
z8bNo+x7EOg0anPAE1vGle*if$8tKbzX;i1o%%u`IlUco_%m<^u1ZwVwr2^t{yBT(=
zh(hSh&6Q?bZxjJ#BvYMi-GdGV#FlXO<gQaYnSbNU$)@vf^aJP(A4cfEELorvxa6bh
zXg{Mq;^av~hu<-4-MJu?e>*M=baxbRuS?v$p|#O=Z=Fv(!TCLr%emW2m}dG{i>MUj
zH~_MTinGSHZ;GbNBmgZ37@>f_yC<sQzDpcE^KevEk!a$as0hDw<il{wYn*dg+t3-6
z@cPa@VL^Qfu0rhHu|5I%14aFx1`gDoR8U2TbC%21Jo=)*Gxxa}SgnhO1T0_wW-ti2
zVI|vjIn><urnw?}_>=ubkNp_dXD{k{uG6|q^A0sP!u(i8Lrg0>5Kf%gJdLn*puWA-
zTzos4nI?(`(gMpfs^ML3)X8T3)3L1B1kb0>jKIjrq))iy!64|_PmoV%kihJV8kb$=
z{cWu{M6I6&o>c@vrEbBu=8DY%vH!L$(^xkE)kQ~^nEk80Evaf_!M>9c&_IosR+`fi
zeukX^cI_Wu84HJ&D$x8;OHjUW=!b_b*PcofI>t4lDzbFo+oeLml+{|hx2ia>eYMp6
zR>+7;Uj;QAAKbOP8NFhlCBLtHJZN$%Ug4n^nN;wk6UvZdPy%!WLzGUP%?sPE0h@1g
zX+Ki?`R;=C9+5333WjS`>YH8yf_Ht(<;0)WXXd2(EZ@hTQQB}8ObIhEkHmjUnQ3}8
zC9P>_o5bl2W%}2*Q?{sxU*3S%Fq?LfI0<Bzml>XTfk-oc>ACueFY)KlZ(wQcWNUBY
z?~~!w)Q_y*;HGr`qsxf*YLC$(R%=D#(h*(ornBKavB&5p{M8l|SF2cZpR3~+z>&oz
zvm&VktWQx1LB+Y)aP%&E#TUlRXO8`lo>NB=lbw5p_}(0%wFMh~Qp~9Ds4#M=dir#;
zlfkTAy8qFPhyuq9mzTB-x+zTNLqAPu9VwuAXNxk#J4ZQr8!p27N4Oi~gE}yy;r<&F
z16evZ6S60{V)v$h>DwyNiDipt!YNf>?>Uq>8TCnC&t*X!qJ70)g`X<<o?3f_4&i|(
z5BSS{@)|_1C&i8Wrsya7x)IWAulmr;W4W>)+57q9S0tSix36pY-OM?V*!uvV(@7m`
zfR~7l+7_e2CU0_~f}-d$k(5$g{T92Pdeb*J!pZ1=M>tE4p2T}GcG{-(RhZ{H*)|-e
z)k)=i%?RxNCpKo}2aOIhlKM93Nj>bfQ9}=rlmf4M|9j)#brN#r98HRy^8f+MLzv1!
zcUk_rJ(l)|r)B4RWv|2|Puf?QoAe5(v7>Q%*u_#QchY5Qd}Qr|0uG&Y_@-&G^VWw?
zS{#T%MHG|CMfTxTQbDghL&`g|7P*j|&P#|Aq~!PM<j9o&ty_?9TkDEFj&~;)_|Naf
z)9pQ#SNHh#%H(^})gUe71xDh~>34cwM2>IktCIE4;~e6rs%Qh^INvb#YSG}AsH%(W
z6w_(Ys=?yZ){2w#MA?$W09TiTFq8OOE!OYxuR4CjrDW>#J8?A$S%O0eS*ZRq%1T*}
zct~)PMyXpFsZ637zlN8nP}E(#R!?^dg=Nfy*i}5=Sq(+`jd~NmqqO^wnuS-77r(0c
zmX8g{w_Ve`ZqGUN8=sajQRAMMY<<UqDhuG4jE_`ZN7$X}44wPwRd%E`xmTr*5-CK-
zeie7R#El5u$a=1qXYxxs3x5`wQm4wOxjV!^XH>9mOKR%FMCEob>&wvlhK71ik88gp
z9Y5l@%sUkLPJ?yc2Yw{5qVmcjh7gOaf0G8f_`h2or@VYwKa5BP5ImEq=PJET<yy~S
z=;cDhV@=a)`&!B^pgo4TzAj?PM`z2ANRbL&Cog<^%ea0P0&?q|$}7gQ{g<gvOm#-o
zf9{nlz$I?;M>d(M`^b$1iK!8ZEmC-K1C!`6mXRY+VHEtm<!LzqRvnvd<StI_0`!@-
zrbW(Mt0eJfC>;`ILlJ@Y$TYeql{9DlAWIZZ#}dj7jPE}Mu&fXGslva^=mN2~OT99j
zo}q|%=dm0620>S}5cK^x%*m*pS6XY|J~9}@*eLoRm3e-D_4{HF@>;ghb+mxKnbM4I
zd-TctR}_X+QRzB9e=Q+a4Uw&khDL~*te!}`1ms}je|aU;N#f(l&t}Bz4=XlQI4AvL
zw*B4(I)Cvy)v8+%)I6^qMtj7-=#esZ_`Mbpd`9fkDt^6$ZG|=+UIhJBVCZd(2CJLD
z{1*wWz|XsX^R$^UE}e-1WkvR{Y`;qnCB86sKo1IKexzFU32J;GMuQH9aT-$_@9y5S
z?Y3hovdgG>OR$>(b~4#V%xecY4TwW<5oe<xXC){;*@ro+t9&4+@0gLqj|yiTTA>J+
z0FwliH=I%at6DVZE`V;zSUhwdYf*0fy-w}OsUQR1z*N)(M<h~yT6ggDy`lDDH6kmi
zl#M+SS6^ZR0$t}m+wW<vSg!oiQ?y+a6LK-V-(K^_2f}&ujcZzdXZDR8we5SuQ#JBc
zZ1dd_d}?c#U4m7DNItlv&SOd^XCV`z6Z*$2gvB@B<@MzwKON$1^~R>Y1&W>ZN~UHC
zyfNJ3ZHtZ&^C03{i*+sZnp0@q`rVhCFA6h{4R9lCOT2SO-px%o@nRjJLZ2|#mibf?
zPcJ!DZ-rBn*jR8%`lXu?F6n)X4TNDVv)?Oi>=E=zx_&?gt=r93omga9EywW^51-3-
zqTD!j0eazNK%ASBZ2k54>Wyc>IgUl$cTW6e4NP*Oa+?cIX}=8WJ8lnlO2Y+imMxo+
zZaq0gq8{{Wcg$5_qP)zQf4_7w&2vqHTPP*$d`G7m@i7#IM24=N2bNde#W&*f;hnLT
z(fq-eM>~w5kjdU57kCsxPDa?sR-EZ)h&-$(&(i7O0($+J@H3D&5C(UFb{3`)>X<2$
zCgtfEKP>SN3#E(++xE*_w#vCQe*FeNGawhpnQ>i~(SvTJ!PY2o4#i4ZtN-(y9WNML
z7C2GonrLyE2D>QMJ#;!ifL``%fDX;qE-xn8MgH|VoJrm9+7<q`vV_`rL%7KI1F!7y
zwW%JSZHoXluQjf+@hSOd?-~?+!VY2j#zop1^Z4Y5kBbu&y|NB50Zu>Q%?VR}zvD8+
z_~zT2n)7C?gYJWOpU$arWYy>zi_{#Z#mp~loF%-m4Q}x2Vk7-bSrOruw^RNPXz~bB
z0NQs39@fENt{B*NQ#^=2nqVIeGZT2kIu!MM^0=^8i6ar<e?aPJqITsB!DT(cu%0*M
z$r(I-$AoUeu>>r$=ed2}f7B08u&p*3jUvWQ?{R{^b006_5+W+p<%uN8x_Uj*1L`>0
zzlTu)H-`6Z*(Kyl;<>Jbo|ky1)FMLOwEV8&BbVLbu_4mN(*<>ct_nI*e@b->)AQLR
zoGGe7X}806#t1)v>;9useVCRJK>h2Rs=p-L%G{UeYlr#Q{a~Ce>#Rd@YW{17>J(qr
zmw-1izeKA)wGj|s>c%wZlr|UnyZQ|Ne5`4wO`4H+o?yNrD>bpC<!2SY@}(X+yqWW;
z(n&_JdBBEpGwGM61tX14=<!t(sor;WICv{99!kpE{R<p(WASol++ccu?qKo6u2Y@s
z`E>wORrqF>ZVh&Jt)s9Hq}{U)?E`-0!61~)XQL6PRQ^W6k)Qj=zKQe*r<;R%#Rg0)
zB~Q5o5G^SV4;wXhr-_Km6BZ(hwf^qmS2ok8VpL5mH7RAGWrU!vmON_vwA9x{>>!ap
zB_!6MN@uL4mvRHfl(K}=$He}tKA?Sf7R1_gI0n1*`aBSS&NRKmZ3TKVim4=W>z+Q0
zuyt$v&}y1sHTLd=&XAC$y<8&p{#m6jXXoD4QDm;bUCCIs6$gYwaZ)!#6W+u{XxGV+
zA5f!j#bmawmLL&s@pDQ)%~&ZwW4Ar^RuQPT>ivO|abg+`ObT>XYf@<~tYGWF<-JB@
z-Y#vF?cAl_Z3A+ra}r1&&-L<xs#C&5_m*jO7*JkSn@n5&vhI&M%nFK?&AtN2T_1)x
z)A}^i#>><i$_I8uEl)EiVjbDjTJDTFQdGxOW@l$^vy@e4n$Q`#`;xZ=SI4#crU*BO
z9#D-;j;%N(@buuu95W8MDWq8pogR#$o-Tl~GmWH_Lg93U#C<U?hqo2mKJlk~YRNa9
z7E32<NFc-rua?jJ+74gM)i20l+9jO6KQ#4l_}at5hOHf2bpWE|LAAtRh7_ry^r~Tl
z8DjldJDb>xyQ_^{)GmCm?G_o*ec3|~;0F|<q*RzyFe5LM+;X!dQBg{nR>&kwQFHNc
zElSz$*cAP^bS_eK>+N$q)5s@j<Fy0*qxc2LSZ`U~Y|ry$a!jYOT235^m1XZrSr+kf
z=4*%rZaOQ4!mO2v<vK}$ys3%8mP^?M3yw!WcwF;j0sg}3hd-nFl?#QltLA75ZXGc%
zf5#8_>t<2RE%*3C_gymPG=4z<u;BYjXYnr4wkz6G##lrR<q~vb&y5cNvjK!DdgdE`
zxyRX?QoNF0&Pl~|3beiSlsPIhim>;xH%zwv<w+C)dSH@zy%Q$(3<b8)^z+!UD$frd
z%B?+e7#i~Jl6J|~+#Fp00NC1^1t!$s#$ZECiDwJ8r&DiuT8J*jw_W~EYjM8BOUIcY
z(ZX6zto+#ec4GBuBK!EO##5$#DLhc*N27h*-IGd}230xS+;r=s>yPDP-;I4eYq>DE
z{W0sqMCKqBX+th3eomvsXXkEns%;8kO01(a@r`b!kqQ%gRg5V$Pt}jrVHp=8s;_|B
zFQxxEaTq0(O1|;FnFr$s?~Oe=%C5e{!@e8;cHq6y$@x0>N$8A_n+-2vX6SBFK-|ig
zc6cpivh4P>l`XdZ<lkGhNh>WMX|`Ba?hnG*UZKafzqr|MCj5wc<o?*&Sz~oi<YJYU
zkCn|S`V;UDFPiJO_po(*uV?eN_s1O`d_cYHj+Xx%6g?qrP)n~*CSjuEl&vyc?+P8q
zV#fNe((kobvmi{hNfrgd0m`xdH;4<xwp)fH+D<oFh}dJSg<$Qk<U<uWs!)BT)b{J>
z0K4RHQ|PNm=?O^uAsEfTo(DZZo%`97%MP__mobOheL}Y$5)3^+(<YbG)z{=|BMlRV
z#~fHlE3)wVE$gpbTnc7?n7X@Fvy=O3!4%-)2vR!3GjRTkAqy8Vuq02PsTNv)_4|2k
zp1$l*J{PHSI2=;P@X;^X-R(cy_Hc@OkhV6`i}e#~4F(ZTTPU^zj$((MTyyq3*>k8E
z{y*ifi4T_7h)H$Rsx^=3-M$D7xyaD}#`{B4-I$4Dx(14CjG$?C##qZV5)!8HY58l$
zGQ>;p2p1d}A5*O>xs11j;~X=W{r9)!SNgBkLDw%(JyJdv<PO+uOpm<r7fB9xWDB0Q
z<ux`XUpRd$XD>*AZJ$fxOPn#MUev$8Myvpg$O~^On&0EOiXmZRo%^Q-Kk+1`VO)eg
zX-fX9=oT$CqaD?@bbZ@@3n+l_C=TtE{~c{$XEaQF>3=U)7H<o)nR;%B1f0oD(+sC3
zX~aX)8a{5=K#xdu&%7{O(}}UId*<;-D`=bbSGbk4QIn)tU1gLJKQxrWhf#w}pxl|y
z7GBTNH1~Pm;!?jugcK3AQjPw4`DJ~zR-EJx&3b3h;%k-z|GuFg7F1ZEzW3+#<YhXU
z>MyOak{s~}Ol_bW^o%cW?@g3uc&_t9-kA1|Q=-+sFJPUOrY^6QS+MmsJuX>t=Zmer
zjOTzA=ISq-jE|khi5zNqId!^WFOmvq^5KIW-Ly=DDqa_qq?D5x`CheEQ`LE{(bw3Z
zT2#8w<)3NaRazag5QqI1aOf&8>~u!(kZqu25k4cgN{58gE=h2$m=?Y^E>dAip@I3J
z4aexJ0xVSQL)^C8=A_%myIWqYt^b|stge-g%;#RQD^;H64eunJmllq`<W$f_U4!{%
zvg1_N?zj+)wy}Qlq`nVNn$z&E$Ib-(*uSNa`(tKHk$$D#9;xaVxL#L$F?1gcR@ydM
zlf}ouEZ~oT;%>yOm+N0HrJqp};VrNk(sNecUf(O#^|TFzemeMIxclj+l>+vZv$oL*
zP72z;UtnBbdZ3B@a5^oOZYDRjrWAQx_cqG{f)q&14AFt)<zc1jE5_Ta`O1aR*F*W>
z8|#d&CtG+GY<+$1lG!=TnRi8ZZ-+diY|KvQrVNe6|9!CcN~JPWCSE+6yXbCdBTTX#
z7#}FTx^c5mP#uI726O$--wDhmW@H?#6Dr>FG%lQJY<&V1*pY;XJ{e|fjaeidJr)wG
z|D7Cy_y7=9F?g71)uS;fVDR^x$E~^nZ|^MWof>h|i5DY(qJuBV$o|jo{_lVO_XPg;
z1pfB~{`Um_Upj#ihA8Ni`tO5X7wgo!rFk@Kd-2WQ>hs{hpZ$%iYfN?-H@BV)?=^OA
z-(8v#SM=R(aQAfM{QvC^GNPh%ZJqFDbxe<8Xk5<4+PoyyN%@BWKv+8a>xBBq@Qon8
z(kXDP{?9^dZhk?Pm(R`w*F(=vmIYhum%Me{Bv_SSV`4sEB8H8zG8ATx|BtNq4y1bj
zAID#EOSi$Tl!no*6HY`)Ib=1&F~dbdlyD_`b<ERsODO8tTjtG<GLCgxgp9~2GdsuL
z+xPK0=g|A}`#t|E=k;8Vy`Ik}qjjH^{<$L`z7#Te&_3H`ERpxqcbJscLv~!J?w~^6
zX+yIS@#N+|$KKEL<jJp2>>j&qKicLACz@8fCzmts`$LRkW5fi949#}$@%<mq{6=+%
z{@FQ@Y9IX%nOS3Vg|bZmiIBpRPnNUYhc!h0`ma*Uo6K7|_qKQ5;?+n9oaJY<ZR0mu
z3gpQCwmcq^fvo%L`+9GaYrHDP#cmfKftzd?ZC5$pN87HXwyTcVLkp1*Gc)K)7Whw(
zs_1<7*EVs!9(qj#a!-MrgTI%--wpd4R}VdOfU3F8?Uj(5rL4jO^0l|lSx2V%JE*{G
z;-f*#zW__Ab<;RH|H2FE5Kr?{^#u}LCl*#s6@_p9+PZVI^((T%)MfTh7c<WPB-g9N
zKZeIHHx?>pNAM7-(_$$!x%X;^@texWenY>EfeBrAjzW`6-#$}~2lyK)0`beM01uT>
z;j6y}D3p{5PZ9vI)eLK#q?p}n<fuQPD+L6g*R~T3NX9&;FUGQ0o-$6;f;<oYCLG*p
z`#P~zAcAg_!;ObTHQzqfz|TorMp`BIv)6;I#OQeN&*(nlaXquRtq#8cceQ6~<xY6O
z&VJ;PQE=ZpOF)<5t{;BCpmObH^>iQ#Sf1r^sLb7VFA|D`^Wn3sfLS^I&9VPe=u#QG
z{Jj0rG1;VMaDaqZS9yM|>EP*(K8We^E}p9NgRa(WlRPIkyB-XK8RSTf@Sq1gpu8_z
zCEt-cjea$^$n!soC&E_{SxFQKiB$S6EZcA7)%{<vr#zo|XeW~_5EP03t^2re!~Qx;
z=f!|ubKssqZ{5s11F7Kc6dj0?&jDGR6)mys-?Y|7o?j9tMz>-JGw{<u>H4!xIwf*x
z^0Q=%3ES13()*w9KlLwGg16dlx|gZdPlXiAE$LBKT5YJki6|Sk&_TXx2u;1<q`Z)F
z2Ws+bTSKpCVzhh*pcl2Nao9LS?l@~c0_pQ~3<&>%YQY0^+2mt|o_x9xdpvEWg@ea<
z8Qr^i^kZV9co)x9hKnNGsO1mse_>Vn*0L7yWXXM)voUM+&tG$vz<>}f<I`1Sj#HFD
zX=_%^6TAk-n5WHK$W_rN!tuYw-EG5kNyG2UNiq}bcW6E*e5Cw5(+)`xRhm*F30pO$
z!u`zjcKVRJPGPP?GzyJ_8P+@ii^X>9p-osk=>%wr7`$kIDT?s^2*m_Q&mWQ4gna@E
z2_+rOyb`JK3c@?+iS}Qe;c(m}lB*vNq$4x6q~eAD^Vc6hyw5YQjVT{SFyBB_uC=Lo
zs&DS*+8dN+96s8?1F#c5<LIEJYdiCx;DX*#VOqP8zEF%k{Js@{Vz>@>i!y$cJx7!0
zF^K~Igem<-%)+Tm%`6GG#?T!psQ)Uq_-MDTDgrOm=1+V%knw9bUXCbUb@-hRK%A$&
zMx-V0Z>>#0>{2xpoL3^>7DoyKcwjpdfvy}i1~IXMBtg43Y71;F9?O>NtGty1ARV5r
zFkA^p;s~-(xCOJ;6WeduM4S*;nKE7vsIgj9OAi#qccN(OUuCQtVXtP&HtUjszeTsl
z|D7ouvV0m><23USEyFEtc(_46$?~r_5tgYTn1`csx8DHlHs-{lvy+bCyf_t8=DzTb
zF(7f0+*~~9BZ}aNDD%oFmTHJPqbg`hq_T%-*v?yN|8WCor={Wj@xYNX0vn>=g5u-W
z6kJIGY>)yWH2-t5mJM${SQOL!UWiVVF^@X1AhEN+aU^(2eQau_PY}+d{UHhx<b3CO
z#sdCRGxVMS%77Kb(~u|>d+5IqeCMu-ogOiLDA(k7USNECu(WjB4-){v>0NZ{uHo})
zlB}dY@OWE>A++ekZU{qWKvGVDqzoK_F|X4<hV1%q3}3p~$6;vNy8Nh)R9q}6vzU-|
zbwlWGL&c;M!2|ZpgAaiWn$cRYzCZ-^LP3*=5d>R7bQ8WgS8R;#KLlIRB{}13Ax$P*
z6PP%|+>*{yV7kBbnI)-<RE#oa^YRYHqP^{b4kP+nS|9Bv{y;VUS{qyRfU2h1Tm7Z1
z<xq_0Ovls)GNg(mWpsh@i}6zuI|h*d-b)q^i_XiFPpMVJ;ipzms+os-ENRUtt*d4%
z6g^8N`>^yBU;%O_PbNMZBnrf|-H&C^R`=QxSGR{sNzpeZ%KP=uJK_x-&LMp>u>O3E
zFgLKwtOsLPl+oGU1dp2g7Q2wJXV#>Z(>*O>N-cZm0!qJgF=i}y0UY-YSUuO_LhGp$
zTPWKFOYu2jl%3Ih1Oh;BU~1*V(G3bT{L*E(e%v7UFmljO7XWC^xA0DwB<TsTDMxRs
zp*0;E7vAI*58j3xpIM3YDV=~&M4mL21+E3AwXkBEOdE$2(!|LntJLU$%r;)a642Dn
zO?+t5L~V<K6?QjrHFNRmw(t|Q^~jg;Y*3DJIV?L6<9P+jPxrlOZ0|aU=SJn@@eM4M
zD>{oKyoxD>b=P?bzyMQJ=%BnI0H2@{U**<fK+VeYJAeAsedk>q1#Hy8gBP?WI|?y+
zVqYZY$QidU5WfU;jKkh)KWzM-f&Q-gljWnKob7QH(jXgm8TwiVz4LAq3_r=$(ePF;
zIlfSitY~Lt72Nj|wU*-P-@pw?@KFf<W=fm+ZbU(2>Ee_DsSsxcLHb&IJ$1%Mr!g>b
z886`&6g;$wt<DRmx5KW{mBjc!?H}5Re*#~GgG?%h(~`(SI?&<(zSF1oCYU_629Gzs
zGKQ}pX%&9w&)vvEv7KeNTXf%FnE7U)E{lzIQ(nw$wYMgrPwW~xmHch>jV)&6YGB`&
z|Fi5^I1xgr30B+o1&)V*$kF7$$Dk5TU<2?@Du9yq+7vnaX^iJV1!t>Blr-T{RQhtW
z1%MB_=SmCL0zCx24Bq}$2ssi`G4P4_z76)BM@6y{jbpmCt2nkbi{V3hzD25#PwDAw
zfUjGqy^V!fv^cP{Y)zAVO72?#fz$%PvIf{F8`0-N3W9;y%;4NB;;gZDi)esZynKb_
zm0}CQYLiaZ@Lf^;Pccx2Q~K3h2(W0#N5I5;f&M_{TR#wu{sz&kc!feeSCN3>GBZqM
zwyoU@sD@!9G2*5Og=IA_y-Z;XGM3ri$A*o%;A=^v4NrJ(hTc%pz;}YuW=6)wA|qE`
zfRr};pq=4;UWrDdMWug3`7PRr=5T?NJz`_sf8Mh|xO1uLs2e*KqXvqxYXhxDE->8M
zk$EapcW0I5`a4+evC1RNlV3!C=2=>9;Pv!w_rOSac9gihJdo%41Lz!T!~^erbY`!{
zpzykB7!&(>V+W^yhbmaaDWQE<_$K_h!7)nj@#KF(4UREwo3lot_XS_b6`Egc+cCJU
zpFrXOz;*dDXw66x#yo&ugWAoJE1F}=!ZQ!;%Xq~D2fu(R2PqZ$?vMmqnjD4W__g2;
zU5=33ck*EBGN{)hiH28yv|qc|X!&jF65N_gYmPu6gpfWC{OP?^2gltlFx28hnXZ+_
zGA(;eRE`lyi)J1c&&#YUR^IPk+hudM2n4>&XEnIl+xXyl)X3cc2YUPTt}D}(buIX{
z@$YqFi>_k%Z=$DI?fk>~Q`0(TdDiRR@Ce6$VqKGn4VH5I1N2MKXxu%LBx)2YZY~H)
z`dBmUoBAyy1B!|)r)<AO{*!MTqh<;RZ1m>3JVVoN7lj9f5jjlMc(P5%t6$xpJxap2
z5Fp7&-;pfW$Wl2+y1f>XU#r!UuafE8m50)wpRZnw{eho%Js`HPEmk*}PkMM*O4xM`
zDe-w%_~+gD`wWR3x5K?RLJY1pag;XvZT?FZb*&t!m4{OpZ0gGL(Q`VYEuPmPkzIT0
zj+8>0LtCEJ#{N$$uR8gz2VV(pE<AbPwav3^)Kdz7e(c*>lKt0X24>`OyQXl~M|aEQ
z>|3M{TF2X1eL}H+7JWMaZM*7$%BYwW(!qZroZ8u3IJ~`Orc2=8_u|yvOJts<@mu^J
zCs|gG!nq#h0WYULn+W%!DNd^tu{pEIGLHA|GZuMQAG$_Yg#6s`)8ol834iJ>@rk$V
zBJlp>gk<GTFDd$b6dP25`dkVu0!NGp1&nIz7T`GBdvf~Qsp<`+60QE+!#b2LXTQqi
z8Pb<D!eR{)hd+j~+JpZBZOD<t;C7z{g+|XZ)fO(RM$a}>WS!#vuV>}FTK?8qwpaVl
zEzetuH$3n-@X-EED;#8F%zadO!owB1`Tv6pt0Gv1WZH}k4rNwygW4|*I?mng_a8B<
z5}v1^e~$QP3P&xUo9(hTOex|hfll4igGB^*(Z!Q5T<Ko}+}$two<_o?VyA05CV_p6
zAXtSruwuixx;ht%Kft`YS8O%kk|blV#Tg2+L9Fv)H|t=D37jG`Yv|@iNo2iCgvjg?
zlG)q-&Q&8=WmC3tYIQk|g>shas?aui!YVrRwAD1I)~C+fT6+oBF|hisSMN_aA1nh?
zVLf|SpHWOw8c}Ap^e?l0n`n{;>1!8}$=oP1FMRCVK<akYP@K_!gC)8oK6S~8(OoHj
zk9~i;B65Sj`R@O8YO(GhE3~+e6}c6L-HFarY9DwnX3#_2QAfz-kLeu{LMQxh*MzLJ
zQj4R%gykj`!)3F>euEx(9a$Dbnn6@odg!}O6NjFZVoPW65?qr2wjBW|Cx?AQJs``d
zKR61&i{)LE#vk9ahCejS(VXw+zRz->MN48@y@Lot6u}+jAd6xWsgh!W+gc>uCKlYM
zYp#`%0j^nrlFIqs60<jW2?^61A|COcf}uIoT|aQRot^M<9_{9OYO)Dm#O7$r-2kD)
zi`Id=?z=Xtp-NZTZovJ>Q{Ftw4L7A5SsK0J8T{cjm?Nba=5f*aN{$u&N_*>$zXkti
zB9?mVmL-L~fqAPFUe+fs+>aH%FK>2e6A8%3H<UQy=l-s0=JA+NNn#nFFVtSF;1`4h
zHiOuRQW`jUjaxuc6PbaMpWh72Ts8jR5%7k%d3Y9ldhR`2>C1&~1Nk5AVW<ALJ8IYF
zVg&HYjbgz(#cco-&)B|qdg3>#H`xa<n&&?8&G(i_1e?r)>8>o)(Fuq*>1qAnfw%}T
z(0PL&oclD(XKn+)!SkERQ@uo|@FN?>3}T}LdNV69O7Zs0TE1`)rw%Or58wv8$h5TD
zrC-E^w0{8+BUyO?|D+9|u$~&cZ2GUTRdnAn#=?3QBWT>F%>V&1hI&Mi7!K0GHv>y*
zrH3XTtV}d=RR6cRyzcc}XW>ef#Gi+WU1K<}D6U!kJ*TwmZ*M)Jea&>M$yIT|+$~01
z!(Lns+aGs>>GszDw22bO2K&Ozo6RQtLR4&DJrxRXn7;DI`E5^Dzt{TBE-l03AF&+A
za9o};&Ccnmk$I_+@?W+{oeK<_YOiQ=xG%JU9>n9r>%xTjwI%B{k1etFY9z@?TN&{L
zOjhuQv_J}y#E#)^jLvqgtg?6Zrdnl^B-f^*2Qg3LB{ztj!uFTrS+$&?59&Ac*K4}e
zh5}te`kt$e1fKJq+N9bpv+wP;ceB<9tW)MXvy$Im1Yf3HnnU%wNTuH_`=t$FeYz{b
zd18^@r&pt?=4niOm+Hd46-SbN>|VYsm8p}JCR$<{n;9<Ew!0E5VL46Ddb9r<9{4fK
zv9kJCAp8qYN|EMM?L1nUi{a5}{4qU?*&JTAMfo@Rq}8ddo-+NSspLZCsXmLhHg?<8
zH)Jt#bn)_U^8Kr!!VAkU`Ct)RBzg6ygoAf9V_XY6HQ}@gtx<gb8#Wbsn9$&{_)l3i
z=H;;I^S+Bv)pq>|rceP}SE9W+9u8~2hx6&jP~mG4dTGPSD&aWi6T3@oxcfJPmPE~*
zKi*Dy2(I%6mfcYChKp1b|FI4`K`>$G+nCH2{yvDmsT9ASN?ufwuT3n>VsQ-bvn|c3
zJ3xv$LCB9_?aD}g@3RRR|JqBx$=_Og!*R04{j!!=ZjfV!lKI5$z<X8pW<88i5ge;l
zhhU-&dx)Xyi-z_9nMIzf_Ce#37(!75t4yXm9F(B9de5DEW;)Bt<}M`_^87cPoH0Cb
zizHw^!3=aF6FR8f_(K-6F=k1VZ`}L<ZNO7nj?)-8!)LP-z6*5ISMjd<MO7|8OSZdM
zFQN<VxTqzjgXfm>3u-%rA%v(9tT1rhHodh5q*}r93LDxxyrNRr2M;uKhiv;6G<Z{B
z!&XOT-s%5Vu{fz2QRJO!bpZRZFkG}CVH!5N&vs)JimG7QEQ_N3{9jEfdQCOGm{3qs
zwSmQYD&FHkn}jZ5j{WE6@_hc9toaxptX&kmm<-VZZ@eO5?EPH{NsbM2mlgZVF*oQ^
zRt;^?w#6-lin=YsJ0C6|<|C8<=uU2~jiRRKMrB*$jU3fg@%F-uYwWl-arQeVi=?mZ
z*yy|A+QSVgjXyjS>y<3E#MT#@c_Kvf<+M6pYjsE}+nw0$(Xc_s)lCk#z4Vd*sI2I$
zk*ino8(#&~vHnGeboN#+3<tKquqExMjo>B>7c%F&mM<q2a=jcLI9d5V=v-v>?m@hC
zdh&Z``0m)IC|F4CpI^IXZsnay1}E$p&y!`Z3lSKUwq)R2`(M!94YU5}>dSS7?$7#6
zsuEAP=9!Rm@R_M(^9>6f$>vJ?Ibl#mJnoX18aY1Kqa4vz$MOP52bi<Lh~+9a>2m;l
zu?Xz$vk?j;?mM^s#qe50TSBT8T$HBRpy<VQ5J*BJ#x>)Yu=)MQ%8)RB&8V)H*ffUC
zdiw2ySeqF51QyD-N!#65Ru&V=;zXShpm9y!S_8Zn7f|;9Z!<Q12V|CZdIo;E1^nZO
zfqMaC1Otl|?X;Ry;1O4PBU+<`qVed!mwj3tE7|+Z8rpxzD1>4)2XB~Xvm^wO20*4R
z*q!6@zp}wHl;>ex1H#xEM_Jk;?ft$Gvrqg&&aqA8xLDanmL-a|?ActV)CILEt8-kX
zFz4XrcH&ajifas)BBRJ=2Kp|ierLTC4!1c01U7{sQS%KT3Uf#)UW{AYF?ZpMp+*FC
zjH4Y_Srl|G!e+Z=Ro{CZDjq#4NNap1=eXA7cdV*6)nqK$H0L_aGZ!dK9nEjg-Fe}(
zg5C4J-n$ZRK+Sx|7)~(~moSjO>ZfSWrA_0a_b3-p7+lm$_1gSQsk3WN_+-s2Y+Wr-
z60aNjySFHQ%H<rF2Z#U;pqZnayO%JsZ7W+4)19pVGT<Xb-ofmah*z--?$go|Q`#iB
zireS7R7u5wSF9xqEImIa7IM?X?JZKc=+NVfBtM#vZ=0>$06sEjP6&OVrf4sv$>4Y4
z#ETVlG5LQ<Ih)U~XvHL{FeY_)fIzCiQqR0lD#zah?WFeqrOlxi&$qkut{SZ6H0TFt
zIi6M0Z6QC~#wDsSC1~PEr2=an*kH~2<Hz^Rl=ldE>Y8T`HW%IJIZ;U3#^n^#2U5h%
z%u!$i1#N#d)vO44u3I0wz)cltu)x<dgRlF4Wy4Sekk<LiaEyfY&8C`!q7~-A0e=M$
zm{{tK(1y6)tJpL>8QqQz$KBzp>~AI61yq@95f?;&q%?f(&zjfo8+=9H2r>`Fz&?Jg
z8mvE<O_#rSj!RlCd|<14&XcAL#<D06fD_ggUU010w)p!rv`>0Y0`Q;OKA&mSBI!_n
z2gjS<Twg`7vf!oh@zWt7s$kBXnAuMN88sSYq#U@@^cXZjTs`6!$1yO!D9>9H{R}oF
zQuz=w^vWdNieZp;hkyjcd3Mz1PlTP#UuX}<5cqs*T|xUc8LU5VX#eScF_w>Th<f8^
zSsKQ=xsjbQFzzCdQ;^7>dr^IcSog=aR$YGAG3J5AYKQuAKtKPf3&T!h>M&mjY#`J+
zXL+zS(E}W_xJv55<CV78F$BlhW;nG?YpXdzl`5o_hz8e#qupiZn%dH(Y9d8ye|je@
z=(}<!6=v#bJ5F~?uU|7Cb12JZ!R{NZO?vzMZ_VVo61%qy(zB6le*eHj30wV?ZGu;j
zRIG@te<OX2Z<;V~wJI*}YyeuN4;`VFV}VfhRUF5g3kI3~hPS?&%e~DZMkC~ib6?F}
zP3{1XTVd6BH&&0wr~D1(U#CV^FRxrq5|<Xs=`s~NuJq$s2-b34z|xbxeBzj%^Fa@_
zd9gtQIl@@049EKMhqbQPn`(N{3H|E~hrEJ(Q15K}n{UdodXE{(Cr+<9a!NYOXf&`o
zXiA@&aR0B^fCLQBi7)1;GAbCC(T?b?7G9!B#yxNsi)K?zFh2ugtY!wv5^AtnmzB)d
z_!zJOr`4q*>T2*LXVTDX5KaN(%K^ay3*R}`aLsS*R=x+>7G^!EX5hRv*747u`3|02
zsRlI~RrVPHcH=Vg!ncS1YLNmhF;%*L-Q3^WeUk0Afk29Jh={utFN4U5qk8jy)RH8t
zZP_Muc?tSWHSgq0T4J+=p_)Fvk$dfPOLzmPjKp^REA}CcaN`SaWzv8QeaVzMy)2_u
zDU;Op?kk<6=S_Ar2iFlhJvvL3M4n$UJC#NzOq|V<HTQ4h++L1#jbLf${#QRqIX2Rd
zf!}T`AShi$T`RkHXC&35sH2196`b=|K9m-L0I94i-jXD4<$4-a){#>;RO`U7#hh*2
zurEq2rL@K*E3MUWOUkyHv9Z<b&)?a48enT|TfE*)2d(zl-2INp#bk}dFzk%h>nh%X
zLGkT{qNR$qnVzwA<8UnwO2=!T1+GQ(ma=%aeAzMR0I34spNx1F#pi}~`URy!#b-&M
z*rYOtO?e;PbhC<0nYlfb43;yS$6WA=fqy$lSJ0fA$yRT%hqKh4p*C{$?BiPuLP`K7
zSpnkDkrZ&oW>5%~hOZ8~yd8ANugRZOgeOtW)E=Qm>K4c}mMa+0dvzboNU>gx5xMj4
zG8hkc5_AV;TDnezE5zsKiM&xa_qXH}EXQ|VZ9G6qMCE%^-B=ymcz`xs;%sw9S6~$1
zA%!~vLV$vkk5oN7J)f{DhprkQ`KXyBp65t8nE1p%DsbCMi)8YKaV3=-b8=o!x$S$f
zyjI8OkM)&xs~1UXq@i><*l7Nw@0xtbz4zp|i>+ksf?K3JIT5Ue<ueSMJMMk6W`C__
zmECclk+0PlwvY9A<2?@FdD>j$JVQ^Qa=CwrQW^yF9j%ljp>|5gQi=$Dy$CC4=NOQY
z`FLqw!hwf{?gw4l3yOG-zyNM~S)W|Aog6i|5=9fZ`hHNqhe<QA$w_=^7oD9xJn-P4
z#Qd8{39^tu69|+5%My_!aVPiF;%eBs-HA+HqH0sgsgdZ5(zI3t>#o!AwKHoN`j?NJ
zZ>+uLlXuwp7OmV=D{gCQFt+AZ0CN?t(t>6G!i)1JOYM<h18-Oj9w9KL>39A4(wl1_
z3|wx&w(@QQb1X~zw@bq*)(|coHF@5rrKm~X&se1mM{?C{`Q^)664U3-;-^&iM$g8j
zM$&tE<FIA^ju|$3mLy%0j!+PNfyD7MTA85?yt%DLr8wLeipfwjSt(NfmXc~^isw#N
z{<6j6UUun!tJ!o@(r>o!Dx)*TgjfSgF|yCN>OjHszg&8ie~X?J-s8}GuPv)SQJj^~
z;87~A%k1nN+^3=?X3u~M<>wi#vHz}r`TjKPB^$n+G?Z9Dy=b79AX@Q)4Ht;9HZ~Aw
zhZ^Nbj80p72g74?XmoklXN~7=z#UdgBNwv2e_NIZP_arKHl=cjQFX;<_+}+5y+(|l
z9E*CaUiG0I#ri0i{rebdoih}4JosV4z%415tc26f_tLjYt+a$?y&Q`e?Fn8B&=-H5
zYV{ox03X0jn|mL)!Wo*p2-dcs*^De@Mw*c50Yi8NRUj(C7d(vjEF7Fr8F!vk%rHx`
z;9Ip-6zF`rJ<k|$Li$FIW5_#))+O8NF3lbG%sx?%4ANu!R1KXWK%o>L$USn~=$SB%
zeE;a-#PrDGXWQ<nM2h6h)VQ2t&}#i2YDHz8W^&cj6Lu~^1FUQ37T&hp<U5s0CKUMT
zjO_Fm;(1o9kz5Oer}yTw=~BA}!(F#I2#S@Y5p*H6ywdd!QuVf!uId9(M3en=R-C^z
zXaU=iB$ay-k+yS+ki|reV5f6jWQ0yjL@Drj65wxcVEHM-EwuJFe*=>>M;ese4jdS&
zmU}-P6r4e^dX1&(8EQG^{=p!@do3<uAG09M`Bo=P)EVB{9Q=a+84nQ*&ynHa^#He@
zUa3|wAd_@S`B=>y;^^VTmEWqtjnGeg{U!@M5IKfso6iL?_AT9zOW`+(pB#G}8t#Q=
zwYzA$7)z}VqwXt3^{HlazQ>I$YpD$sx7UIh3cijXtoqMNZw!Zen3oWkE`e*U{Q~(h
z!KF9vfE79VZp&P<3O2p;RVl-$TD!Z7o6Ev#_IGEl-P+fBvDB&p+pn!UVsXjbUz(@j
zDmbM+qDEN<HakemSgpE}axuq!Yz(zJh9)=%EEXh_TrcH+2Fw&!uXlUiQ4UZ$Sd9r_
z7%*F0&)!^jDU4t>!!{0@-lm&B-R!W|i;DQM`RmkAPJ(har^_CrYn}CsOR9RMAM_-!
z`00Q&r{WPR!w|#WZqCZNJPo45=f_dQ7M=u)206Co_phC<!U;c#XS+$o4iC1l<SS2|
zG|?a4AcdLW*|d>LKLEPlt#QLHFH9`vi#Yt3du&PORZMV#dXq|IUnK-$j+=DN$ey(M
zBOz!Db#OMr^DjsH69?#gzC>BlVl@)_$14mL*g4WGa|R|XeN3PtEYV+h!;{jj9pBQ?
zFFSa>tm?&IjtOP<VOfizaBa#LakjZvO|=|c6&}PQh4A}Z9V$eUWaq1v81XgM$|Wrc
zBkiUd<1?In)b-2Cfg=$m>82_{1GuMN?Kl&IG-fV`iGM>yZp_{-xqXPfAg8+}g(IMh
zCvhU)^WdNgKwsPhes8qBZc|O8`-;4xeN+Qe-F20rJYABE{vUMxpS_bhn^u;j9PE|3
z;LUWL<pOtc@RdQy^kLIi0qY9p{+bttRDheFCNf1gC9@B8f<?3uG?;(WsXRwm9hN=j
z@EO#v+6S9w#_wsSDYhD5IYO0L<{{WCrjo;fw7r2~;K&8vZjJI=vG9Kr#Rp@kNA!ih
z_=)4F)myXF^!&<Dw$3qJnBkRr@m%*cGu|58Dh@?6hyXkgjpKm3;W6RZdOEGxbO325
z?owTps=R(|hEfax!P~gjGrckzLs2CeD70+;;7np4<ZU3{42KJPlVn>M@riEH4DY0s
z1CixJu{1?%^Q^ZV17S~xs+&5wyo&Y{i^TiSbJARn?jDLx!vNOL?xS0Hlu2-5dxL!J
z%q9;CuimL@zZLLjou<SwhYB!7)aDm?PS(7w*_qaICY56;RV7?@{%-7X2BEf=%pQ1E
zCszm?EMx&U=A%t^Z)H)dLhCuU`Bhw51Lw+Y_k!f%kMJzuy&Voh=jnTN`THCfD=8`k
zcwXt><CF2Jk%PB!L$>{a7zvZ{G~Ink;tS0e?V|cDSN`3?=|#)8>~Nriv?EXGHQY<=
zxXSKdDPj_@E#T|LWn8PVbkw1ulfKIYzgK2>p+qKmR5~j@sC`Jcf@S5?{RCtE?3jIQ
z66Z?)A(e4j+`P*6p+znTF5PDNj3>36ab)$cfdh={adg3idpx@>yDNde!aO_V&5?>|
zwpU|?N~}2%=hP#-+PFnoP~4kS)X9od@>*hN85(b-mdrn|S7n?9662UDxLXI_zYUO~
z@gkN*w<dzW=B)u+93AuB{BLyC;xrl4wfckFQp8rS9@rOylk&p^+$$UY@CuGQ=>Z1c
zY9A1&dE3Dj?-eG&k`jj^Vc;5{ISnSn(i<|FF5GhBs(O(cVS10__f;gdP<!`w*km`Q
z`v3|)znzh+tcH$!wmGWdvMI834xZRejc<p1x$*YjU#o{vzn>X4PJcK?;($fVeD%x}
zWsz}~<w{bHj#OY)Ef?89!1^0*Ts%L^5li*~vQyMyGy<$jxYkrNb#1+{f%D#Ax6AWB
zUFB#m&0GaA=trLM(Jfx0JJ6WfH}?K*dmpUdO*q~1(YTpVbqzzl1#yk{mrI!x?Xydm
zNBEO#-{NDxCNP%Bc}7kg%%vUn22vg+PtC&&rcm#S{`D&Js2n;^{^Kq55)_-?P~WuD
z8eiLc=GsCG+Dkgb-EJ2(h{fAO(7>G4$@#~EMCJ9vHd6;SaO~1|Lw!uJQsLOdWj~A>
z`+$VI^72ui+A#3{7V544ZQvZ4qby6B40BQj{Y<t>(BK_s&)(nNIe_QZfzV)lZbkm!
zmyRJ4pH_!H*V5B#5nikM`VkT=ZsyN5;)?8;=vEEqKk=L^uR(ys_`aB~AUorENkjjh
zH#ukFIwW?*oORCm4-f7dlWwXheoY~KlcQUMQIfDjJx%;?V@WFEA?NnV4F(Ws<a9^}
z5cTujk$5<YD0MKvc$jm--S7Gjx-D|=3z^?JL?h^k(r+GBl1ZoY+2w@&J>h7%V*FWd
z=cIe7qAcFx{4xPA?I{7L;u+9x_loBn`9M=3FLWy2wO||1i5H{Z2zja;==KNe=UyP9
z_ReDrTA(=dSG}!$jop_s5I@vmJ87IAKjw?>(W(C_@W^|fxY&xX;@wu8&<473J*}i$
z@!dDxxuU|B#6}u=;tf)RHvUCt*00I6O!Kcc@EH{}+v{hB_jp=y@K$Jywxd1vQ75+m
zWO#zE@CkzYZA}tWFlQw@Qardd2Z^x-^$Jt+iVv**q(=jB+(6ydSQ8LUMkxodjr|AW
zhh}Z34M;v1i5K=;|4I@c8u*wA`>(r^{KVIz_ck{Txl4F;R@R=AN!@_jmWn!>qw>Vl
zVbnqqrgBBf6v8FMo^6{53}H|Z@#eK4FE4Y=<m#F$w(J!RxftscUw%i8e&^Ar8WCPr
zJRjsC{>a;a<lTP-7Z`Z&gx3I}4Lx!!><tC@z4#0UqmnvjjqNOCPw)=!dWEFVXNa<_
zg0}eZRorO#J3n1BP%ftX*_9>JILM0tTw{NRv*XO1anQ3OBhZCjLZ!D9?dxNimw<<u
ziq0ub$yeQP*QT3^*#^FL_1Nm5->>gf=j?dp6xHX2k@%658ku6?_C9DJ&XZ-{4^TVO
zDOkB2w55Y#QP`ki=Vuzvmi2>}$v;k3YI<S(=UQE#_a#B+i#j~k+7VtJ+}-k2=Hi_e
zMm(U#t~{Uv-{bGq>zx>wQ_d1)jL%nWzgGM}9ROSb0iq4$rE+Y|#WJ=TGpv9fO9L`@
zCtT#=*i-c;8fdP;J^}51@!K4lXr%j5ohN`6zuE_(3;U)fF;#O`|6by{goonR*0TPk
zfgU!Qr!<*Oc?qU$ZxE>+o!gP_KHxbcL7B00YC}RnhP<*3l-VTbLY;<oo_`_}XHPtz
z$(D}gpmUiS3bfgA=TU>Y<~!)@xM`r9%meYb@ZOoWgA!l2(l~DF$bX_N6^;`;5by50
z1n-m8<Y4Ph(ZlJoh8f;EZbDVNF<VM(!}}iIV&ilEyw-QU<9D{Ao7!3tUcHjPD{GWL
zg_#{F$0~WSTgeaUsi2{p**M?ad%kwEWv@}ma+c#`C0AJ;sW|w<Tht3^ofXr7T`&JT
zA!#zjDXSxx8*@pgsfJO5=I|Dbh9ver4<(V1?K91SCR`Q*zJZb<Wlw6{3?{&AO3N&J
zu4r$w!uQY?!dV>ivMsOia7WAw`)QiNMCnZDkzYQQBq&DOK64{d<7>E2PhtR-hpX<w
z<eP;!wt!WD+RrFXA-W6V@KrK$lS=Njxj1$WzDZ;Dp{R$Yun&a9<9_xo<0@J3oM`+)
zZE4~WbT*I1T&44YgjKkR^fIK22I%f@w={_Dqe(~S3;9_%1J0uctdQJWmuK}#Fo0Jn
z`}N>~Zc()Zbd^brX`lE^Dh@c8Nki5O#pQcF#$<N*`Z1dzI+Gi@kF0lxdD@`H^KAc9
zfO(_Ttz8;7ng<(@C8t;WE%a$NNP(%8XisR6IRq9c>aH|yvKi$(tvIE=mj$&m(@Kk9
zDcX1Uoxz7o3=S|2C77h!(yS$%xM8|M^oK_$a9jPtgeqF<ejmh^u&|~;D2&J5#VdG#
zSSPk0%GmJCL(>nhTdBUVkfVXvMl#*tVW3mE$gRx%TMfl!idC>0_PCNr<fSN!8zEux
zyUI2j%z<z0LyV}v5RZk<kG@l=V3B((R=W?C`L;G_RB7(#ZtV!>QYVc<x-hc2BKFsG
z(B6)AwLfWFb7(|~K{;^wT=KTJFN>c1v|Cvywhigaz_8v0>$|tK<cp#`W!_5RCixJP
zKcEupzzE@U*18;N&{b5o65N9$RKxB@>;6O?*q%7<*-5IFIqSlg-v<PfB*jSEY(9wH
z%*BkSk;CaHf{pT<(`IUObc-aO?Z|dI)YxCpCf*-7{plhatE;aN(>G@=7=2oui{WTM
zR4E{4!Y<LQknD3*bGtym!#*Fx5Ms0-M&EMPo-%tCF<VdLc6wK8&1dRCzui&(Cdw~p
zoL-PSd+iba{E5Qne-W+2lGv?psM}Q7KW$3)ZsH}>w`3V4iFZr$#rOqP+B2IYeD@no
zchIZ^iVnD9>Q!W|#y(=(-^OH48RyQ$gGnQo$q?}|H|)9({miUfZf07$A*x?QlIgOS
z&#L6`cxX_?ldF4~tjrHI_AeAp*U?D)tCuv}Vf6^+Jlo?l4Jv=g4uAp|$%2SBO%Ot`
zO=(9Ua5dumrQAV0&tBRk9G<XdIh!^-U>n=Tlq7C+gfHP@6<M1PL%baxd4jA>OVG;l
zWbm*=+{v|b#O&{mfkggn!S8w!GP*S`*8{-wm|x_&22&C=4yVw}v+hT7p!gU&taofl
zu5=fwVp@4(Qsq!s$luySsJh$yUKetY+2iA2(`5VY`zlw}2fhcg7GF~X=zmV*ChylV
zyv`vxc8+@kU5TTRaeoI(cI(WEn9Zi4V&3_ZIcsZwO;a@nm}wzXPSIz~9ZX+aTJL2D
z8u5Ko4g`~<HOE9b)Yy42o2}M>r4bFD8Q+%=8X&s2+m!gnDr_mpAe`6SAoRRjkdL#o
z?;n;uN%7YQC^@-GFZ27*RNOS9UvxnX-(tt^gOupkc&K-*IH`k9+0ELl_kb5Gpi_67
z!j$cb66{!=H3wF2ytV9nrI#`G!^s+^Wl6%*X1=Vm=16<>G3`PcFLuFFE3g6YS4bLR
z%&nmb;nH%0b&lG(+_k8{^6!rZgtFT1jr>rhO|%S4QGOAr+fTErQYxyn;+PqNMr}|k
zO_y!(?HS8*4fx(s1g$8Tg5wB!Uj|Hltgy7?8BRz$a|>4kFTsS&=_<{3^TXZd%i*YX
z8P@qHkXk+88}+KM5OhHD?*2l5y$p4?G|CjlJ_y%owQ!+)_N}hcd^c)ba47nD8ZRV@
zvN-hjIfXQA=fN`@@g4XUG&G<{bCK#*Kz~Kmh!*10^|z7}RHneYQc|}ePWSS|2CGni
zvSLmZTf<}^QMvoJi2$Wj$SN0GUqe@5-miq1lyk6^PZPH|)C-!B^#yjYI+PYa2ELjq
zNR9mVszg)KURKANHRIma)+_=^MnlnICk_7;t90+}${LDxX6htnvSoPR&oc*1hdLG;
z?=~}YF@pxPc`_c>z**lP*a>%wZN>e2UX1U{DS94u9?b~jJyak=abnBN2a_s^W^H!P
z1xX2CbY4^%8@p8i{ba_jY<rcnzq|f>d(@SDc3Qm8t&NNkt2FIDDH|)OfeOou^0jFk
zAU^)^cdF6{<9KEegYyl}K%xs}YisZfTDPe}eFZU{%q=tOk!TXLPVQnwZ7x8lyb<(I
zz-+W;1oM)Uh@>C%G{}9jmnJ;;`uxDOsFXb^TUVpmd|C+YQ<!kQ#$~%DiKU`AM%SEm
zs26Yhhkzav`QD)uG<U)OF^SXW!}lO_4W0P7gu!k<^mAc<_u)hU#$X^|C2z~jTM;_)
zW<D*QdCZV%#~p$-!Yt%2de>EI=Z+ah9*-3X<*#7^vpFg;Xs|td%glR5F9&pr+acJr
z>x1!eEQ4lgy7S{hDW6Y(l(&sO9m}^Ubv2%OW^%xdo4%yED|l9%x+O^`<=Uekf7iCq
zpjF|+l5+Y1*ciC-$aW~kPGqXrtLFcLYLsj_MLQ%sMLAT@_aE-)vJBIXvNW*rquyNr
zH-eK|X;0FKvEQ<FsO-F$lEY4#ESZo(sZa%P#d$)!+u;qE;o<y4-wNH>fn$EWeHml{
zdeT_t`ArPr007H>bekt*ZOx_pl`1{9OhgRGpC0yRLA#*AIe;12n(wTM5b&jH?;QyR
zY^{L;bNAmhx!5ms!nJ8{K4Ml5l(!He2SV>5|IlP%=iTO2R~tovD40uA;-$Z4#Lzx-
zgtKIEDRN7!p99_ATe2`9Mc&aQF?VNu52~~ajgK1~Tvbmu?Z^*|puszZ@Q;)dwhlr?
zHX;YGa%34zMFtH)pxWy*Ch4e{KZ%oKseghn?EOicWbt4S+t$|_%aSs;01<qfDzSDB
zyhp(EQ6%MWl*1p=%uH5eDHT&vpCL8H_$AW*{TNtY99!ibEGN!9>K<vVR0&rK8bJ8k
z)D<tU>K{h<GHPlZGwo@R9VrLxK4^-!!t5trum~)Md{!Yp?j7}CHd1REOG-f!-kdcq
z>OLP>))ftik>zudr(^D<hru+1X+C$2dj%6oYL`8U$e4tPz@dm8{uAUMCRNS2xn2y7
zW)Q;|Vx4A{y;UpILW77l8I_oBEoe}Rz1IW3cyZR}FC@=2ywArH%enaG-=_5C+3vq~
z7AV>yhGj3x6m;8mAYEtcT#_uRMCsa$g4NBsb|fXJk9YE@7)9vyE8pP8!p!UlM^9Bc
zhfb92o8mVaZilmM1xX*5S_XqN=~PtlAytc568Z6@w(6k7dqAg)O;yE#BynP!J9D>5
zm0A@O#o#q6`p!H>)$P#pS+>xC-0)*!Av-9Yg2wv=Qk+L8u{#!*?a*MMCabJDYxf-A
z&~(sLRG=s#W4xzv2)YqjZ>;~Zh)cqV`D>*i-u2}$-Lym>8h9BQ#Z7mAWsw5DYahKL
zrErL48RYxD$?`jlu2M_4eIay7;zYb1gL8b}?BB|F-*QT#vJf-Z^YC_N11H5@tu-O2
zCo1qfQk1QXtzQklV|5r6CKI{J&zXl_%R!D(Xou>;jgPRszm2Q(_rmsKrEJw8(+bp@
zZ9LtsPbJet-NZR6&q@qtv1RG!^^-{S*JNckGW%9Ok5Rh=!0{i03eQ2;(Wnn7@{U7S
zKFds%1iv>Z;%!K%jU73g8k_QIH-@>M5Q^;&)@Cn=IaI1*$LkYqVO-Vj2|D54_!Vii
zq-1{K(QgP`RlB})HtC8O2P$Z3S(RE-*lqGBrkNT^ll|07>=RuT-(>K&g;De1#3Qf{
zjKuh6L3kuF$+CR5&sE6(1MNEVp2I@Bf;z}Flwtzg<=s(WTVfvrPv<##?gH|CaPT}3
zyOXmWPlnnU?79BTG-f<EMj6~24b&R4xlZNz6q6X#o36VR#|>f&FO+fR->jR=x;12;
z<j?LGVcL1PcUckY(RL#esVdldYy-$G3U~TWyWaMwV`8LTlrM#fQ}5>WenhrhL9^zs
z?7_|8_Wi*NAX|-|sMBoDV}+wqY=XJER0+ebYj4oVJ+Vk{-DVaS`A<8*Ti)_{j<2K8
zj)k#v4RTe+LnF<{D-y~;@wblSJ)iX*s~m^Q#5m6o^+d2wiQ^j2m~rNoin?Qp>^5oC
zWVXy;Co8B6Ieum(7>MGQ>RJM(jufTDOpMXH`W%RtxDTp=D!#D;lf(&Au;64j%*+31
zZczvILS|!2BkMl?kp*C4_55=}qCXOg*a(Ic>Lx;|LoPddV~YEn+(j$Su9mHFVM(Z<
z-ZJI@H`<se9VxQcYO2|H#x1&mQ&vo9J1@5AJIIA@g*PC}=BX(=yHFJzmzJ4vebtP;
z4_P47DYBqtwz&dx96zEQDPm%U_00l(IMn>`EureWHiXKfs&=;>OH#;J#x|V#00U5@
z4Fo>9#~cODL%O~s2lZ!OVVW;pJIuFu)F;}7=3co)qAL*I3znQzrR-rODvqESKGp@x
zC`3i#f-V|tsQFq@x3909#MB+~tNPAkm^^~UMn-1t&r)6uF9R6Jt}jk2eEYEm+;~l!
zoXq}n0Ba&4h8_!ZYeK!Bdoy8o&R(>_974u^o;11JsKK5cZ1G0zjI3#BOxUAEV~|!I
zWkv@fjt;bnh`s)n?reb3y)h0}o{dX0wFELj1%}OPEF>nQoiH?5(MA?6R%ra}w%GxQ
zyRp9y0Ct%f?70;Mb#-c2w;)~T17=ZHlQ)MNC=Es1*p@Wa#4Qw7!9d9jNbm1xU7Brg
zgNMjl!{xa-3b}yp)(oyF1D6|{Bb1C&n!XO6nXy9Y8Zg9=5LJr__w2k$PJ0r+5ns!F
z)c1RJ77Z%-{cwWaFS%Z{jmgP#1adFPCn&xca|zGf4^%)|OZU8XKS)K~iW5d?E#tro
zxqJTM<kI0x<F<hZ518^(L|N+Bcl!B3JqsWqdw=z87LWmO!vU1!7sL(2xy5{+9!5Aj
zwLp=={DUoCJo@XSpW%}jzaMijy?<}d?G1`28tC?AY5ojBI~SO*u2xMhwaB!n@sXI~
zj0dnM0s(NsEstp|x6iUFs8E|7U4e~0$6+swFu0b?$ed}6M)LCf;9&4iU;|C4RjR-y
z6{wQ{{PHl$`w%?D{vcH`GE1H$RBbz#H;#v@s@nxe0EE58;9&{lP#m&+F_n5Ml%$-m
z5U$+f3ndFf3A6K@6;wm*v@P}W3{HGTtqhoazrW~o*6_gdgJTd!>MjtLEXM|-0Xm}U
z-wDd#lsdGMImHwgV|rw=q}UL5@F#<T8Gm#ewS@IzcrdT_1*C_U^1$qk1>3_Dm17`2
zj!3+GDgshHTfWK`iF%xd5e7fqcMGe_=%Pek;%MJNkY)SMv<Cp|n;Se)h70;$<s<bR
zmgh~#>q;VOIWsEK;LhX)^&&X++#s!VC3RW8OuWpALkhRkzGK){CRSI0+@c2LDhc4X
zJr_md@(1uC-;|S4{{I6oAH~~`gL8kSW^?aSFAaTl941s5apY0WwZuYi7sw=uBOLs~
z2~BKB#hvF<`%K3*6&;njFux(hUK+R`7TA(J4P3bq)o+lo6WO=bVQgvE65de1*96{!
z_w5C7;1?l{ZFnKl3R(`0Gqp^2*@_TvUiYlCiqd#|<iukC_i2PuE&?PQ%paHA@&*Xj
zF<>Qor4Hmq_tMsCIVj)lW<RA-`gXxgIR)ORDA84WdZceav8hg&87a+BnM#E$P&`r9
zaQtTCJ!xZCs8J;xdlU=ALJ8#%^1{?<K-8IHZjp=qy1G0)4N>DOAZYWapT4w>HQa`@
zLvB-xRGn&d!&Y`M>!D1+SjW<ti3h!1PN2IdGIoZ+n+s!LN>OwKTgnc6OLw*0KMW-;
zTGW@e2|+AdRh}{vM~f77KY~V`8CY8I!sHG6IDTzQfawE-Os}F<=VPV-JL_?K%Nx<w
ze{VtRoek49SG(Gyj<O&l<yt}gaRDv0!p244&euT51M_GUjMeTuj&lk8PzWPq{aodR
z(3uyk2+?2HljmMg&4&V8_Fkm>j{$tlQt6(VIr5UGvO#CEx4(B=5=?3!Y{d)dL2wL-
zr}PH01Pq~`OJ5X0?lp?>mhWy>V<NtfNKp=ff+rW(5_dGXlQ#hMG<6@d4FFf|^Owx_
z0-}sOzo)kp^Da7P?jJ#Gewh(UXmeMYV!FmwV(IlndVkMTYiQkK-tBM^lg#}eoq*CN
zaycXe(RF+0e==+-jnH60Y(AhSgqWYr`e)OOVcAPa{gLV*tfEdlF`-a(9pjTh=v!_t
zdI3w%6Y}6i;YEH~ll<5G;B1!;&?p-s>+F8!ln~y-=UghPywpRyjEf)1s7>A2t7l77
zQ6rBUIFYu}?GaZ9tjJI(I1`T5v%*Od2$2iTPu^3s@xrVx^~@ubN!_cutp1CK*DtR;
zt3D6$((Bda3$X2x;oC!!wD1&CZ*Qrb%8V3nB;k<mi1U?cm{7%|Hm_UOX`*O<02;Wu
z<qX2Cb@t&G0uU#$w>ddzh}5^b^wVwC;YTC|p`6i#%&OIkr#YNaRjY5S;atdqIT}{<
zxs{K0Y}wjC>)7~4VR74}NM)Jv4KAdfnWn~WBvmf`6gFJpM!NOB^H;xp*>Ty;mnY_1
z`K#$$kRMhb34y&XmtK<ynBqhzEuUM|IPh!2Nk;ikZgU~oXxcc(!zpTt(k!D{YBs&d
zfl%CE1H?3o%iyJ1?Y%OiG|q070?uZ2{NjKzC9x<XD^^Iu*Ku@d5zS|_Ars%;Tx$P&
zmFk&`t$2C@&QE^wLzmL&Rg4;avA0iAxdGQULw+gKD6a1{9!pYg;a#*}%~@Rf*>K$x
z8Oj&dPWHFAztlb}!;G}1fLwFyVp3g_hD@!8;t>nodB}<oGxZgs<pE_zu>;hUYRvlD
zlu4;LGqQ|Ur(r+lUp(KRkIM2%_kBp5Yi7J4%a{qhf_qXk-K66zY=P`_(UG<Vp>Wtj
zF1F=VPK+st%u8303HL7k_p4L^5E4UvY5dhpk*+apV-_C1Z_-)fL|J5Ygwtyipya%s
z4-^@OQ0DPHnSEq$BNf4kbX^aO2;0SiaOR`^#KxbN<E0gPI=^49cKHK{#bNarRk8}Q
zlNG?%HF0%y>s?EWi-Tp5%hXp!M%p;!3e?Yc1uRJJ7lLfv7DTlkc$}EkC10X!_ot6*
zZpf@GP{C03$7YlY5Y;BP)z>OhgE}`e@32tBpzN&jP1jA&wdpGb7t{A_K^8*LRdkgN
zE(O)F9kLZ`&f$IrG~iw|B%wB?xAK=50wzS++{&>?yi@f(?N52AgxgwQG`@3}U2gaJ
z!nqaUuKQ3G=j^=SM7+CV{%`b{NzYAmH`ib{GqYRnkwgeq#~|OBXXG)uXhQPzq}I6|
z-)UqqKbO!R#qYVwy}l&zRd^i|T}AfjAanDM*6{FG&rQ1d{vHHY+&IT=8sppGrY-97
z3k#*4!fWmnVIX+e=(`K|&UM<>Dzm51BVeu0t>_>NFtxs%E^9$sNjHC`Jifgejxbf+
z#t8yW{rltZp&|%bGI_4?x@c{AeYrL^(vD?hIL0L?@?)N`=XxE_3jDtM70kt(g<Zdm
z*$OX8_D|}Ld5pMsdt0!n0c{x<;UZCSKx{m--ZNj_u74_W<&9ftm<vmV9h;<r$Xd@w
zu<)1W%JLWBFn?4CjnT(;KZq^hTRkXq&5;L<m-+pe08HVU{a)LWpnef-4g|{S%0j3i
zix$5NFIwmd<9m*HOmr-Ny|{Mcrc$Z&n^6n7eCt&(CkrypSJ_dV#%%fUo%o(wdi9(Y
z1Yf&bg<G$J-GG`N2+P^^^6EB>r^jI3fi6Nc6y)ywlJju6+_qH8(ejx!M^mZ3u1m+2
z9I!1Ej+lrW70owf^-i`F-AGgpx91$&4&YMle`m>#f(v&J2)S*g#Ix(iY~G^Bi*ap#
zOOY<NDzp4EpE`J7x@Wz1>i7@}CO2Oy2&U}S<#jYiS&-}PfxOm3xB12o=+;7yWiKoY
zn*V27bt}x;1_B(8wUY`0Qy^FE`-1j$lV2ee=0na;_89GR*}7AK#c(o9k)4tWk#e@e
zw!{TZF`BtVmIs7rmi>1GMF`r4vP^&@q@em0wTo;mAPAQ1;S>l|eNSkrHc(PYghVeL
zt+$=VWC0?4wzPVqMdc<(f6t%(FEz68AQ_?+$ePP5=Z#ZVaghVq!2W@FI2r)eXuhKc
z`HtYbYo2ikg<;*6<HrR}EU8xx)8?l<FgQU-5M<$e=Q8oh0^eRmGggN3*7q<WZXGUB
zi%>PMs=-^Qk_g~}Hu6oY>JFH+MCK)}-|`_QEBI*aEX;2OQ~7K1)<vU~0j>4L`AWem
zJ6RSqRX_?L6$DpMe+W86!3x^P<0o`cc85kBy^9_|(M1oS#O(y&P6t)UFP4H00!e-z
zKt=Z&2b?A1fI_fs3}lR%hiilsX@oG7P0?CA5z+@|G`YwBXbnh;7+a>mnW!AS-0_i)
z3mcZ|p#AAO@dz2}WnxYc1boKt21>qGEi#0`jfyy)4q_90<Qr&<K}v5ynE;prLpcCp
z2@~S>t~m(Uh96v#gB?2APvY=c00f;T(rZY?u!tq25?g8@rj&{%f^QFjNsF|OKJ3Fl
zwN)brZB(18Oby=ZQ*ul*AMZ*OE5P;pU7|EvSVHkOXMa&#F<jC)<j&DOw9j!a;GJVN
zAK$P=+@YvXhW8M@C$eIJ#eaMiY#L;_B%2crk-IVg*nJRaO+iF68CkkpqE3y*l>P+e
zxbw^mifhh+WA@KP9LIE59Oy*E=|v!k0pa>=87e}z2r-t@VIO1nb<kmyAHujg8m8$R
zEP?mbz@9ARCmLsSBU5M2o4MDZq5Ti_o**mhqy6geq^=%5`YkhYY?&k=c~k6;?l8bO
zkm`v^4)As$Jb(k^QFdPFl03@ky(u80p~Wfva!qkpq4@MN=@n+pZpE{^)l(8M6IaBM
zKu0@di_i{4FWqG2;G(@-Z9W5)plPF(kMB{33&)MFCcv+8I_M|r2cnJA`5DTcp@25U
z2+kI%etZ0}d|%SfUNA(FRkA`fgnl73OZ)PIeXvFdc>1{gRF&&Ifx8l4iSs~?=gO`M
zU{qv@@K!=`3X*k$@$}+HkDHqoGLm9ivO4?*vt~gHNpSK3=7;7VQjeNQPL1O?R((Ma
zLok`;wi$*+dt;38EA#CW3O-BsQFu@4e*i!JR3(EGCobm(<-qv}%1b?K@)Exf#$;+J
z0d^RVy9qnAapQQ69%zMIe9+eY=zOIX#DTD^L^v-5&yW7;gGo9q#_`@3d<9}}Nj8^B
zF4>VmQmU;YV7uvPk20-*W52>4faR^+M<uIy0f|JF%Z(98X85ag7U=%>GZfI)Tw$7U
zq*m-TR5}(4j{5%h<|u15lDnh9RfF5aX-kk#Re>u(-tEvP@_=bMPEuBte3S-!yKoQ3
zg)TUPqci~)On9P8`@S0|XuMT`5}nQ?wsODcj37zUZVYz{{qQ@-Td$y(_S*S02~)2#
zef{kY8)2Xc6O!LPf1^DQ3j-llgSeF*jrlN4uY+8A@pOMWB4Y^xpz5bp@?9wZ*ctnK
z3W~FZsdsSoJ-xIJ&H<zwZEf|1L%=b8vp%KEP;jLh0lS{a@awzCIFJ)}#1tz4QGWz2
z9$OHq?7PyniWVX*3gS>VfMO{W26+{wa7JzWay@UMBDVU}N2Y8k>Zm4<+DwN|*kzcw
zVEW@Up=zo5!4(>KS|7+Mszc-oDFXM<khc)`)_E0mF5I_)$%Q%>OOjB*&cOY>w<t3I
z+(GPsg6UX0m&+ok>(-N?2DukxWo7Fu&SVqy1qpEc5G(fx%2JB*x&0@XK6F|>6i4+b
zlILhE^~uzcsz8^0Zg59El*pUH*0Rv8rMywOixMjjArq(sak70O1p+M^?mdA<d~-hX
zr5z-(N4g;Rb7JxSrSYj_mB$;E7fArHY^vYb^e+v^XC5P>g>KFpB5vsBo;y45c_>~A
zVMNrXUm%dW>~18)(0EK$E3)rorGREXLN-S6WxlKE`juP$<LH9t-2apY27@zY4Am(Q
zhE5Q0xom#Aw|=qo17|q+`{EsE7s|Sv!|`s<G@_Q#qD~r!OPZjXHmDzx{X@y<{wm7$
zLuuvdLAMXiz+Z?#fh<o7u=?#KS^<x&A$mqh<ZKN~Tw8NnoHX}h(YLF&{PiIGh>#s#
zNkc+J3bgHZbZFVZ*Jrd?<D7wO!DW&6@X!eBZ3eMK%)D6uFQtU^fftN6mi)&r?T`}m
zFk=6GG3htzVZHve&kQMSa2l<wf_?^r=ziBYl~Z;c3|f$k0So#`rz@h-CAyR2Vm~mx
zF@OU{`v6M*@8FC;=pDO%$8Q{YC_aWNiJ{(yt4A4ULGEb+IN?l>1}9R1W_?L+k`2=#
z?>Og^0Yo#ampr31VlF6&JfrP{5)Iciz)4uZRD~H$PT1ZV*M?y|P^8)ja;$g-^|X)U
z%jrUPA=#vAsR>1uKYG|asQ0ks7XZ;I6jlC{J)WG6bgf<L5Zo6)BP^T;@G0C6cHAZO
zJOAfbkS+t4uWS1*bn|c^<~I~bxQo@8ERE!<H$4arJtu2fWo%Lr_w*g79?I5HRVr`!
zffERfLj(SLk?{6JupJY{{03X-f&*r}_E^&CmZeWQsIZ`5J26pkNQohYY_1I8JJGoL
z4q~Izl{8(bVK-($5ujPBiv}h=)EEe@zYK>BHJY=8J~GMLiPArWY&wEeJ$;Xf{0XNG
z(3K)w&cPyDkV`;HUjs^$x&jEN;!jtwqNr*wesJ*4S$8PwKtGJTd;ov*L^yU2GI5G(
zsl?;DBBT!)=@0TG1C*W?)^>j!$DSZRr^x~$^L1XhFw121B$5xp01A>ue@14VuDA)B
z5ouo==xIS~0nj$reX^1Vt@VPW45-mTe9Y{GiYFTS<+(VAGFP{i*dY{U){N@<)=W_7
zuRQh>V<8<6j5zcyauu!c=8>91ZI<peG0t982$SeiiRgMAir+HR4YwK{0opFY1jZB>
zS}NYM8aQ4djqdW^;6SfnGhGtrH=?VCu)-xUMl}Nz?JY_2wGTP}0m`8`Szp?QuZ2h!
zz1p4_2}PIL9;`%zVZ6E3bCFwCKaQ9GiEeLX?9rVd8b#7MD=Ja$JXJ@}7Rk1tkwUMg
zfwY*k-OavdC^qKo?M3iYZA;rs=&B2MxB4CpX%uPT9RP>pObvSa%qL*4H%jl>U6DZ-
z6>Y~_9G3aqPyiB(%yY3-r#>)IUeL{u3k%65V2T$8{9%B~U7La<A@H8%SUv{I0-(tX
z8=P2702_}V8TtnbMOCL>T(;JLhom7qDlOsg5cVqTY;{vQ%bE*MBW4N9kiGy6gpt8M
zt3L-@FeXoiHHuUkYhM3<MO_O})YTe4Uh-LHlaFqJlhTT=U`}WYrYLeH1rY<f3G%d9
z3>Q|OdC`PbYp#lrJObC{6$xYz5U<?z0y~YUAjbLv#6@<L#a$_2M1^?m{e5S>w`Lk=
zIOl)<-{X9b^L@YbU*lUy0b~Q+mvY3_4KHG^;VU4og|13eP<T?gp}E?k@lE{P(t=i_
zHBFcHXma+xfG<Cn$e+kewyx{gSSW$JziizzV{MIF5H`5+oz1&QKTjWB?%N>#y5H;p
zE7x4Zl{w4OUS_C9j7#g)=b7#$P|5il7D)2ZG+O3(q1xG#aZ13W>!zP}2wUhHG(c}w
zbn`<re)sd+HVL>b_3dq=1yPjPV>pF-p1H1O9O6J>N}(0oDy_e62>jxg<{$p|U5ZP_
zmudDxrBNR0Q($Q}^@e>Uoi+0YETZPLH!0D@`ek(Ay%pDPP_uwtNf?gJ>g_ONF`WTq
zW%+M!Iw;S-7qoV}{N}-BUSl4#XD{qeoB>>T+jQRhcU)M#0zJxLZS?4`_V@(Jp+_I%
zqAs?eQOo9<QMc-7WLX(c3Z}df*$<=cleym`uM}UbSelAP5elC7+1&ITO0~>ld)jFY
zG!fGtp}`aWrk8H`Eilk-Fnr^>K#v0}<#KFlI~RcLRsStsI6QMFs4IOjQN|~B;x-#&
ziJu1+tlufrq;L_dUtL9<skzgLS`KQ+At#&h)%Sir4q>uG6xP-C=IaVW^9itQzbn%M
z)gLl~&Xe&+r0L#;00Ds}Sp|?;dZ6HI9w6;|jZaV!q*=bv3_@4i5i@be!3<kp<c#7w
zi;C$2{u6%W(lqAWL1tL#fXXla+geK6WKO6tGJs)Uj>`}L4vVG%n9mj?VZp^S!lG#2
zAca|JdCU5dnQ2vI8Y$NmERUgPg<8MzlY(*aWZV);j%CNr?)Ay^N3~DZK-opXEjSoI
z(R_pX+}4@wCvsI1l-3GY6Bs*)Tp%@LBFnn~uxvaYBKeDC6b)&C?DpxZ>P%sr*;2JA
ztFIWrZ9xKiIxZygp5CW6)dEAJ-zI_;>iYZcmIVe91wIs6)L!%*iU=Fcj`Uaf={2WP
zBtEMh&nyhEeI3Onbn_q(<dAt{Y+z1><Fsr47aVgSgNw2U8;*eYnW@+snpgEjJd!B*
zL^c#jROFl^ZJ;Y%l}Pv|&GN{yK-BdQp%TP&y>MHbkrW2|%!#u&k72gB=IX)109@~b
zl+}}@8}%FQl7OV`!kYl@V1kv#P7zLt7*kW>AAL~Yis;<XHT=t?A=z1eZ|JEEfTXPs
z)g8tLaK_1l6l`7`I_g65peEE<2?QzYrf?)Xw40XjDWpvALW)?rNWVJ`>re65FM_A!
zG@@7MO(|Qs{K{IW$nX*=s`JRR1%IhQ-RyUnj|uqLdp=}0x=_GLciO|^grLWOelQ+e
zV;=e(fTHGlfcb1_XeJFg7OXCYPEK*1<lgD)Yq?Xj4Iwp&_IANP+I<W*Li|rDiR_qS
zF93W?=~?Q)FheE$To!=Nb{tix-e{N6iVLIQmNOJhLYL*Cnu2Pbi^FMB$V80@@G+)#
zGmq`Ah;iC3-{O!q3uD@@4FGbGE~9qS+jX-@7Vgo%ad6ydscXBd(hRbd-6DU=wi>!t
zcC;;19r+kfJ1)J3JIsSV#m%+WAa*0y*8IvK{Rhp(TgVQt0F&)D5bMTqY&xnHG2Khp
z5pDqeb(kZNW=*6tt9KDSFWpY+^dy^uwxzExBmbu=Nl6EJm6TaA_1yl~yZuDSEBNbW
z3GQyvVgcS1K?Nf=6iB{Lkzx3d)EF|8e!x<Z44ro_B-!aa8&=%NML!J2B0F?us~g_t
z$oNPJ*p8NZ7FzPL3iFtOkA;+Gl8(3CwDH?QPZ*Za6Cov7D<y;LFe(mEG69DvX#UB`
z3<8f{w457WRd66nxz0_x6ed@&nnWNw=1m*X@U>X#neKlQ)^D(-H4A)TYD)lr0-Ohh
zrfzFe4JQ&8uMnzB0&Q=kRC8EDW#DjG$<?CFUeY?dLf(iOa$$!!&rC|p9!cgeiH*JU
z*hK)j2}$?t;C}d=*y=3~>DU+Qq*VagB^77(W|8ncfiuD`hyw{L96FS#MKHyj(+Op}
z!NDls(K>;z5zkqj2ia-<$3eDkoU@Zr6J-3rQ~u$|p9x^DTv6hY=6~)5Y1$N8);S%d
z;e4^9N_Z2{5wdZ6AV8ou?t|10XXrz@zk4a{odymAI=ts39#TumI++%*^qg}Z-;V>b
z0>lwhJK4p=p44(w$2hrhHZ-3TU2=oh=)T+|-?3SW2p<5(*}v)F#45%8wdKG<#y#}y
z2MZ<VuGh|v`8f=3yC9ZWK;8+A%R|9C5WMqXtx)nw4|)iIia@FxNi{MHnAEX|cI6Za
z_f7n{Cc%B(K${?TI*lfhlVOJA;Ibtww|{kiiA6Ig-P~F&yo%bK9~TzYfe@$8Sfj`L
zd((zF2wH489h_OgUW!1v`(2qaT5I#)xhcRJljFV@WC%>|aE_3hdbY%;C3+Bz9u)SQ
zpdlGaSDnUh89&hqinclIrqX=sb$f*o_0sJ`9c!RWnCUKIkJHzU^6zFormeV0Sr_!a
z_-KGFUE4I<o{Y>ultBSy@wOS@dSA6)g~~&C#f;Br<810m8+-@H5>|Hm+Jh0bb<yAV
z)<Z9BJ=&}wCbz8QW{Qu^Ex9`)P+*O6os$&B*8n@r_?=rR+w@1*$0{_7ixxb#NuS0X
z!-pe^udMQJFRdd0fKJ0T(kUll7CVn9Jsh%Lp;*>ip}$b%i)9QeNhR#LwEjUntlbEt
z2lOF!7Y@X(qj$N`yPoom$8x_zH(oQF01El}@WSsBv#FHUGL~C{vC8?$+JMromGpZ>
zQFHjK4L`-prKdyFd-H{2)rn9D=gji(&we5v1>BBwvv^b!sG{BFXkGtc={A!&dPll1
zm8SKY;Ehqe%__utG6i4HQ3$t`Zl5d7sd^m$+ASlKP5Fjad&kSYPbreI#h8@GG4>?e
z7<Ww280u3_eKP%6hjsB~tfFqGILy@Zpd7E3eI0J;rj+;!1V>4={H>9}wl->w(hV`*
z4}`z}3X=ORtf~KzOZO6++xT+s>dUq5=doMVd(11P1}Hvq_$^E?@t*SqQ%B=>kc!ZT
zK~_X31RUydl$xnj_C3p2`c<Mf@L8Ju`va3>Bg2`WYF*Z1f@Tx>Bc|Eh(cX}lI93tS
zuKpXlSKE3$JUTx=n7TZ)OlmTh@>31$w=92h;`ZZRY_v|K2#-z*GS!D8z5^!11*Dr5
zXnQ9mHrBiQQICcCJ-_m#S}$ZV$SeW2!#|!_!fKgvsz1qRPW*}Rcox@Yt+3Xb^j#m^
zfv6uqI&1*IG5j<7BbfJ;yE~jj5A<SnYe&hYBGhpIg&|oa#V5@C!?sB!_)|RjbU1%n
zlxmT1*#-2uDuP9(iM_}&tsyA(d<S2x^E_6&8s^gNShQ`VF*xB(HVK5t+;^MDpWV`r
zWzQxaoJ+V+S?*9uOkkBfz@a7VEMEO{fXQ7Xz93Q@%`ryNv_bQ<`q;=-5$PW7J1cfp
zSmIMNy4$sPGw)~JEprPjGqr}&MIPNb?kRX`mRcqM=)mNkNr?~j>~Q5()lgmHl&RrM
zr8R9}{E!vx3>Gllbhfj<ZFzHJl|0JfWZ~jUCp6yh3AYLBj+W?8z9)_*HgKbnt%4)V
zkTfpVhkZAYEoqzgX}q0PwX0~^FQVrBo-v&37CoTpojlus2N?VGaKw|2U%NLoj!rId
zKTs(dUY%%~TAx%tF$2>yYxquJPJj+x?Coz-t-f~P#KLN;d{<G1cH?-}P+fp&%)>~#
zQ+LVC)le|3;dI5$DocI;^ovP-_nIz7yC0cX4$l@DJUmsG)JQdVV(Y>@PBMEwU@Hl4
z42wzL^{i1juIk$CDQSvS?9aa4@NC5NpQau~(%`&ryYK)r{AhZc39ec$U)gu|IQ_xR
M)pJX^OUTjx0+TocfB*mh

literal 0
HcmV?d00001

diff --git a/docs/images/white-logo.png b/docs/images/white-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..004fcf1aef5560cd406ca76cb1e388638ed61ef2
GIT binary patch
literal 94617
zcmZTwWmHt(*S<6&AR-|kAzgyBG)fK~Lr5wq-6^Fg2uL^53|-O<A|TQ*bR!|%-S55r
z{@>nN;}_Rr-*eB|XUFqAdxBM!W$|#xaR30ogULy$0{~Vt0H9}JV}k$lX-j_<0Q>=%
z)JwR>^!A*mzW$ldo}c&%L-<xhc+8}@QI~+@$cx*YmICJy-d?4cao3%1Lj7Sg%$A#@
zN*Z0SXL*CS=nah@)L>vg#eDoY@GWNG2k@V?4eF=KPv~+qPwCyB63|F&3-^VWDr+pf
zs4=rn;&E=VFdXa(5T6!{p0=1zAAH?1!#4r0=Kp_~KgeWH#lNkd{}yF-=j3Mh=h5l)
zVLH)nfmcCR?!4;6P|CurQ(eW8l!~nVUBT_2Kf}WX&OArRg`Yo>mxn!tTVZ}22{UVM
zjW>IzwKX-no=1Lej*gy^mwS|y!oqyK-sXrSsk8FaY=fX=y=m6dG0N|-I}xOKLUaB$
z*+x3gGrG0j;ox7w7Z@l2!0|;{zG1oApqn~WVaUf$`_<(FJv~`%9zxIe`Z9g~oo9Ds
z(%B}(9lIb#U|)*&vi%(n_hD+zdxUss$@3%kJNt`Y0(WZ~xKo@h2Y0d`=dT0KP1{Y%
z4_N#jHVW^I2ooN=TUSq?9d7+^AL{g3a#P-Omke~t_Y|4reAo&fD2>;Uq@x?*aaKV3
zS59o<q1V(56t#_i_KT39ahP9q!ZNp5n<KpyB@Itqr?M7uK~z>0mh!iLAGPZ1d;iuw
z>tL&Vx=Ng$5&$F|4ZkQi@i2;=9Bm}kt4yY@awcf+2=MdO?ugEh&G2yxiB;FtRqeXH
zzZOfkSMWNYBD{X7e7TlzYk=^}8yj;y>+73cTKpU|Hclt|?QEQX>VEI(FEbsRg@`bL
z>&`Nx&{o;x9GLw7-sNOy!=~1B>abO}&cYr(@}XvFzNKwGX{w&VGR~DIBmBd*s<%a)
zR?6T2XR$onB*iy91!v0lh9P6QqQ^z4!gv0$D1d(v3AKHlD2L!p8KH)fIJd?0qbHw<
z%}$hpl#d^zq@{lQ=H58F`(vEsfqlXez+_OFbeFv9QFn9hFg1UpG*yqmXrTL-(~Zg8
z+iYzBai@IvzqOeSz2luA<JmD{=a?z7wA{+4OixUS$E?2KApf{mKze)adpCZ49euTa
zup1>xJhr;=x<;EYdgM+fCeed!104V+M6PVE_c|HLsjB`Gx6qgT-lcd#uB)T3|K5jz
z|EIXb?t#}$W#v(Cm&$Q!eyOcXvNKM4#7yetM4tor*U;x9=UmEJPDpcgw+~t#mX?;b
z0ZP0zTUyuhLHf5OgV>s|L06(yf@Zc8zi3kcfXfI)=nAFl3N`8qEnn^rFXxdY#Lpq?
zSqT;{FB?=Ym2wueF2hW!FN4y#$;+57{(Huc&e!bm6#ez5W!j^o6o_Zt69W8A-nQ_m
z_zkMT@yYWJ<Za;J05ZYw#8g<IY>oYb@3RdoKq3=CaT1PxLwbl4Vzl+bEz88rY^+n>
zmTGfcfM4_`KvHt7S_wm@=%zdI@f=nG$$!t1%KFNFm2f8Tr0-iwa#})7@8A2zE787w
zmS!H-da|iwTIb8_Qp>4uYyf!5STZ}Fn|xQFQTKCrZbrPOe&g^c@nbI;Zn}}q?CgTa
z{u^DHfg`TQuroEy|E#M%3LEhZs0wMU&nYqXed`$Z&`$rS#QDWk{YBVmb}Ex?I1;Y)
z84Vzy*DX11-pHM`pWx$7P*(1Lenn8>RIlGs8Y9Ydgd?A|T*cxikAeEnssvGRaJ*hB
zLma34nuEfc@KN=Hwxt6vwB<*SM)<DC4<AKy-`*y)e!cQx#RvRDBh9~dZgEpp5Xa`G
zt#42`Hi|x}3;SM%ot|nmnV(<CrXt^asSJmYD#2O*TXZaKZ~Wa@`%WqrKfi#FcfTZa
z>o<9e&k-qP-^%g}isZY$-^R}Iq5u!KKCgFRMdKwUXLqTbUV0ZV20lg<*VIr8$0sIV
zRFY<8?`1@T(FptyutEWXwP@=Y`MS@$Ab{{02Zy~J+t1}C7eAR!Q~)lUJ!}&?wn<$>
z9J?AGmTnMh{t?A$@#LZ=oN`Yr&a%48@b@{j+RlFq#Ln&0@0w_6xN7tkqo&q;I*CfV
zFkbM7N8>`8n8gv6M4gw60=z<Qf4S0d4yUs<H}?&j5vH}YPCqp<V0xskB#wN?D}cQB
zpD~B}KG4z5PVr7LQNKD%8Z0R14fOYs#_cJMcWj7B<)8sXYb@CZUX~2CV}>^56zMv~
z3<CQUq*O~<hoL>s4q%q)2#x<tE$+PIP2Q?-zMme6*>F)4B3BN22(|G1oOS=RuOSfv
zv&u|hB3piHGt)cVNZmcaR`rattgcQJErCC#ywM^<yxsV!g;(v9@_*+{P>--LKFzAI
zK*W`K3!)9ApLvMf#?1LJRXE*GAKh@-%TxdW(}xLft`+or%gwI0>DlT((7YHP5r~em
zyvpQ_Nx(<@w=e=S?#d(TU5Xc?KbW)@Q%MO@zooq{DW11i8A=kDUIPIA^8CcaEA_AO
z`I#dYjP;$UhfqxDb=?j&#-#ga!v7MHd?eP?`X^&<$L;EZ5L17O#$#b|W4NQLFE2YQ
z%Py-3OgpTMGG}eP8oT$w_<@Usin5y}kw`Tk?tX$#R_T;J+v0Oo?ZPNU7$)Pcpzby9
zes~zFM6Bt`rxX<KLM1#eIz1xrLe$CJ=B=IGTU$@FG2#NhHFI;)oM(H8Rw!XEGrbr7
zriZVs1xAI#R5Nita%ZvLfrkJ`>zP%lg20*&Y?Cf-%=I$9CR}&pNq5xnL1o!lN>0wI
zQuXQh#YN}X#GPo@FQ!4*-EPTFYS<M8{@=J*?JjfO)Ce+M!IWp%G|b%WHG?lg<kL$h
z^}c!UJG@s?*?Tj%pHzM@aW%BGbSQ%m+mgS#m29_=5mGsJ86D-*<*wK^V&qaq%O3X7
zuv~39Uyb7n4?_QVjpyoQ<&}dd782%QIa+q10DkZZyXT3h>n$`5t{s&p;b;5^stwt^
zvE}T1=Q$N*1zVdTB}$MjD=B%Of4O*qzv1PUx-M*}U!$Ep=rpT@1g`&PTkob0WF4+S
zp0A}fG5bNn-`&4=@#M1R7ZYRN7J2d!6f+ep9HLnPd)Z}|`N&l5b100>fkj60!d~8j
zVdm=Un3ClW)rMU9`?Oq%CF#+OBWj%z?~3hhE>jrd7?LR+{p7Jw{jnb=L|-ga*h&jy
zDyOEc=-Wv=`Sy*YwIqXA6Urs2xK>f|Nk=@Ezz3X!^seQ5E-r4>kHN%5?<s+f*YJ*a
z<}l@b%gl^lVLA$_r{ZAWGfnu83QVzT|0|}{i|kHcBOeWgr!j)7-zHycRdYrmUT!@3
zygDe~NUB;babBmt`{P4=yDiL;%qW`;#lJ^{`qABmzAUWmv-zMWmp{%iK5qD~qT>75
zT}(AtQRCKwDi`(sKjkegf1b^1oDi}Rp%6c4GM#Rn6manJ4=2?{l5~=de+-hNArM52
zbup~+2@CM^H@mbAB^v4In`AvCI@>nuYt|5|@K<sHR-+j2cJ1GZUFxRnQn;`I1P3_^
zU}=|PbsO|6poFq`9T@H1IY19N-LCHFqIh9J_%m{#aBp`bJ?mrp;PL@xF+UThkAH~i
z8j09bC7aCl&lB}YQ=Pb>t0;u`@)J6Z>&pu+9LOlvKL>$j(PLb}CM>#b?ve{5L18XF
zNlnzBv*I<n(?ZkkdC9lQ_?Q4r?(n)j{~D2)IG3wk_zWq5CpmuAY0L3u>7BH|CuCgg
z#FGr;xSTxq??IXi{*%alPa|VtgViW4?<i#nAH-3PAP2`a0%j=EPOFbtHqp|W`uT()
zY33$9H273XnrT5r8x6paljoj$JIJY!k|I*uXN%)+>SpKL{-(w^0{<Sv<(R_oLeswb
z%S_fG<l$lNxJ^q~EUIyo*lBH*>nO4_*4oq4b>vO;ytFRLK~AF6ZdA>9ZY4{Q%LDo(
zYz7Op3umyfl|4b(eA;iKXZZSrBw<X)#Mp%zF@ho?CvLN0*A2!QU7Z!_`#*$5zuTq`
za+dPSTQH3XW)kHE%8sLb05A$w!OD)U-KseOfoeRobt1sY&R#Oo9IGO<F!HYNg1rEv
zBQDMCO3J_8i@5t;-!1dK&rJ))d@~42D#RHBE52&$A0CsnCBl&w<uf!OsiV{E*0-j4
zJ?@|~CUn*f(4Utb|8bFpY!(!DC%^Nz3vuw`<G*0RZ0dZR2;-R&hZ&=o&Diq#{@6J^
z-_SMg?&*I2=@@m1OLzOMJhk45QhaI#CjS&Gw9{$%HZZ{LZzB+8X<{;BWLPa8F}45@
zphL<1wdd#7G$S3|RT4Cs$K>B;@OOvECk-FH9iAE!eMubhQnxKK@m+n~C~6OV3BRu4
z>t$RR3M{~UJ0Ims=R4l{l>?8Y`hxv=dG&|e79}CcUT84}K$CB};N<lD6|!hrJWmq!
zhZ#3m)oxKg7V6zW_t!79rm!|1LC(u|Ni&O+@3%>?A034j(UYp?wtUFcaA9%uY?}A4
z;uD2oc03p3;!;{u7c1(&z(a<-VV<oN=-E3vI>cGD#cUl+PfttIQ&Hx*<C!A_=Gzp6
zAKiBB&T3G-kpLvH<1}}j<r?LOK0mE}Y&)H<;rL29k}Jwk;`I~h9F>vO4kjgintuPs
z0Y)zDTvavh{Lwo4c<+5T9*9sqXcPkK=$9>+1eRQW8QCnf+~^811N!^3&gFYNW~+OK
z1_nnC-v9y*q$!0$sWa&V%gC59t&HsHj@Y!cGcH10<^aeS4R}WBglqTjspByxi1j)O
zq{=_3bUtE3kZ9A6Y<k<++NRo90;ONNmgjl~*yR5<vig6ax81vxS3DHg)EaZYy7Aq`
z0f<a|Oh#ITJI|ek_*TA`-Ab@&{=$+1w1aH>#~28(Z7fp;DCGDv6d%QCRJyP_*3D6g
z7j&-54OaLVdzsq>Z=w+3^6(s`C4L&E9yUOcLRTt2eE?QyIVtzhBsTa3418^!eu)p&
zKU55wiNI4eSX%ljMRSc*JXJx4jpmitSI4@b^~9L<-my~3Hw8=4lP3H$E}vz#4N@5c
zBHNdc74M;r$VCq*Bx>earH*iULY*^*MxdlHGpsRaO}LvAL-)Ah{bgQ0tD~)rjTelI
zz;O9d%!mt}>on-M{-4l#XhpAvQadD_4($E~+DG*HB!H9fw5Rdcy+Q!~Ho@@jPVj8I
z|LDS7L<)t#aJ40{Sxrq%V0g}vPiEk2iK>#ZGf|wFQuK%Y-`^+2BuUlF1|H3I$q8mW
zfhv@BMO-gQpFwqn-rjHUd;Y4^)6+smm96E+P~{}V1^n3tqxJFV&~N&kC;roNJek$q
zxqg`=%kp@5>3@oO+e%98J><9vs7U9z0ykc5=1y$cGj8~E*Uj098w9_!&ks<xXk0z-
zo>wkJlXy|Dzbm1ib-TCT0}$C?o$gFbKj|!kSu7%3Q1T7d4t9qrg$Z|aua=$4o9l%V
zD=8zQ&1tF-C1o38o3&s8lUjxL$6}E4289x`oR@~CXY=!(gkboS9deJSLYMeLyg=vh
zyQ*5V*OW;jA}C*YKS(Tk%X_)ux})lc=Ss>Z8kC_zWeJRjK)3&yEwM}b7mt={+8v4W
zk}`XTcmW@xk1>q6;a|hkb65f9sF|H9WX@|}=~~PTY_5A`XZ(~lwo}I6DI`AW85%n7
zjOJcH*u||Qy6Aj=R6y=3$F({une}1l;OeHyLkjy__R1AK6*jd-{LxFHs5*WyYat$o
zXCd=0%<oH}XD?f<{fnf|XxO0%+3w=VY2Vn&V_;DU*~hQtvuu!)Tyd9br4}@PIv_)c
z_emy~?~ctS^|zy&u~pzG+8-VfZXp>a!ikm9V-c2cea4uZ@PpuPOI8$rId8Fr@lyJB
z?Tsbi72`{b+xecJ!XOe{fK-56s3kvG=^EP|PhZid_zxXCMCiLKJ%P|oKwi+gP?U7p
z#De1ChoO<={@URW9d0Y{w0U6RiUZL-q_1c3B;e{-PA__q>wf{$6J7no)|Ax5>5LuJ
zA35L)uPwX&qISS)>r`dfe9Osx!xfCVk~93S<^V<DFjjL%f&NBfeT<LN1^J;v3+&B_
zVBzdgBh<yjs56HrLHzFkd)_sr?c&qqR~7vAGc?dULz<&3_PDs7;9K$*tN+w1DJiLR
z4v|+>R2qzWCt)~M|5;_omUi&^dWm%d>lK*2(bpx6dBCz#A(}481^sIk8gVyP2IE?;
zg@ECg@Rk6M2aAQ$d-Av4$J@o<#&G~`6`>eL2$`5Q*p~sXHg%5BXghdw<qA<Qj`32c
zGDf5r!443O82A(})_Z^<6oKQFCsP^5D;s#38~=*%fkX+|5I2)6A^q}Z(CTO#s``wc
zXOjXeQRV{|eD35;9DMDEY=y5xan9h)QlQcAUMx<6Aw9lw7(nKTYu4V2R9PF}R=-gC
zqVzVaW@|^sq-<uC{Q2qW2BSyc&L0Yi`zxHv7oTzsY-0i!V**rG6JX!)X8<jXaaS@$
zrHBdwXb|L)vNG{Ey)H?=`CjmPC$j>tEJCs1fBO3l^$XqVPnVbqG=V5nPtUQlCHx(O
zSrnitJMsK@P(?XSFV_}TVx9e2i3e}_wD=0gr+%e`^bpkt&4zwF1(+ZA7XO@*3n{J`
zchV9FP1Q>;Ahy1g<&<Q{^A^Qa+4@|SKe9zUk)TgbHFA)amY(aF1AgdHM;kv9SFdah
zu9QNdQA9Ym7)>P|67R}I?dWI=Sd13R!94qw)$!05Hm4iD;Xj&EWW1t;qtdjd&9_kr
zg`dA5d6jznI=pdWd|Z?sw7s=Umbe%WEY=3hk@wduA>}D{9s)mAro(I!_;)aNm7{u7
zV(z%(GN|s~SFlEqV;^3Hg6B1d@%eqBVHP=Xfq{y0s-T4u@N~@$S<IpJ?TEt00w1_L
zu~Su#>Q6=a!B>6|*y>O(YLkrv;Fz#6m&7tMIOc_jKp2?@%4QbdH+#A%iT%kZ3=4Uc
z8TO0Ez!>nmH+I!K(vD8dQkDxedbNrF-QylGFOiH!RHXF&i!eGt+aZp8#k(LNLqAVe
z#-d7h=Y742G}T72I;(^zYoS$)93O#*0n=sp$m_)ek83y@O&J6XuJbQZkc;uWN*;R&
z-a-*BK|X~-l*N)+I~D)Ed<k@~r$Pq<!^4#dRWAY6mg*BcdzY*O<z2(5oLc*R-VN=D
z%10VJ;1*CN^sZ)CO3?aT=g|TeHa2!hd(8|)lR1_pN&0Z&(QC^wv0zO9P+^zz^|!l^
zCD4OIl)NLc=mCPz1?tHV75OWA_wwIS$#y=0D@8#rM2w&#1ROOT$edmysa1*n_0ep8
zeOu?=e8c;fJ6PA@^e2)!#uV^y*VEHmGy0<J?JtZ)fa12Te31!11^_PVX*Y)CJ5u+`
z-~0dIwf8j*h@@>reUy(h!e#r8LO6yKzS~k1nkc{9)!>)B1~T4IxtZLl_1YkhsT*+E
z2!A5#8`y}I;dIdbE8(3xKqF?5e4(~$74_E5_iao^k!=5MprSgSe)IUL$%zY5lbx;Y
zoTMgjxW2m~4oi4wWc}WP&XPo1)<XL}3#NZBX+p-;6ZeM_Ic^L&cgdZ`Kn7Lt<#tzn
zV}a3F%OxSQluBdG{4b2p;UqpmJBi@aLM9l()W{_EJw?(0N*Qmm*QcB@<_B_J^<eBv
ze%b~&m^CP$o;nMlz?m7Jp2$|c094cAk^|z72^zH>9mj()E+>&SMNDHq#<IUH_H#Q^
z8fA0)FCwA%YS2N7y?@O@3wr12$q63kJxu?idMwO=yTb&>)<FXd)hKNvrSn+$EC9G7
za})2P8dDn_OKTev6+P1#$9}}|m<duNVix<8lOH6gQA#)nDzF+M8o!i5%>-{KL%-=A
zVqtHMfdKeO1I3|Tc7J&g;h+HFxa%r@K(*FX@~=SsR>8#j<P?i~Db>~HHz)ALS2w{<
zbc5cb^5SzRUm+THX<O!>5f{<}GZ0jjPwsr%SLGK48w3bMEMx`;oZM01v=eIT5_)L<
zzat}UE-7}sH%*=6MPz@DnLwo#98G(7wr`s@72W>V!9$7t3vV%*d2~{2^cuN}7u>}d
z52ADdY_Z+v{x}_0Be#)mm_QVRpy2ZTS(GslR9fh>@xwF+t}$;2NZX-5e_TA?xX!vH
z>|0SA!yDR`vf~lkf$A?}Oo(?EDvU={cZ1ijRK){)X=>xOwfaTvObSm2QD;}eQmRXK
ztVeKvwl`Iid)Wbt#$a`=1iwe{1nMR?SeKx!r0?%ZuyhrZ(M6FE^BfShoV5i$h??;l
z4&q<~UlfrfZjM4DL3I>`3K#PY`p6P0WKsu$yw00gvl`|?px<}ivBIl~ir$q}UK!&;
ze6VmIR&i*yMl7Zb+A{<ZHhjk}6m*hw<4bK_GC-;n47K8{tecFxUpAv+<1ZYeOQ<T3
z?iWE8+bw?m+Ms#kj}@5?S8*XOKLOFLXj8Mw>ChHQbrcET`}cb}c7^<ZD4!lj4D|ps
z6?iG+g1wY#1`wV`t@%j`?f4~nI#f)@q3WmN7M&P21fL^_I}oqyopw4^qSXOxyw-)m
z6&(rFDlWhu(PVW;wHvZI?1jkw3@^g6U`I``s2x5>5yF~R0>d?aAx51L2+Vjj1WzK!
zjOkz3Ltadm0}$v6rS6K(egIH9f02v5x{n4l+0_mlQ_oV4y-m=%dmgM6@hf+n5WJj1
zP#@`n-}LRaZ6sv^OFt*LU_%fzC(|{c9A#?O1J<PNHGBYpS9f5_RsDSwRAi3X?MD(!
zz$4Y=$wKdNw_hivI%Sj1P7yg6=(p&}>s;oV(dIyl6cG~?8M^*OmDQcgx$8I~Y`(DQ
zxUP5Q3$i{a5*|8~1NM$gsOYhK?3{U@QGog1duQo)C)SN(JqGIDOpRB8a#dcD?-r5u
z`gYU?XbG?KD(7Bx0@}Y!d#-p5q`XN&S7ngJ-%;#Mc2ki_6^KW`&wzVx{WFwZ&Qyke
z0)TxD$n{($$vCsQ%a<pWT!=IDZ$`z%oM9JW&Zqv`X!;QTLBR~Fg*4IhlWy>^c3d8o
z_k+v>c$&jtAI#(V0Qgx{SG=jYE9dX8&!O!Py|QpuLqkx#Mu<|;SW5zZk*ss?A9;1W
zrpE2rpG@nI>)@$OUPAfgi#>e<{bfVa9a`nJ{7Lj|LA;LkX0H88+$c1CXI+KU^t<x@
z{x2vnfqmr)CmiECy%1YtE3aVsqIM7kU<}5bH_*E(XB5KZ7`yxxm{5pPic2ZwjVU>>
zL;qS3#G`Uy48SKNGbKq(cLs^)<Y9khrb&Utxeg}s+mDU8b&5$fI_kw#q-hH^QC5qo
zCB>x;>m+r3^Inv3X!>cm)@_n556Z!E?Y&%u6EEdEHpVz01DEfLg1epv<zw)Cj-UT2
z2H+t8F+R{OPt{Q5lwz7|8{pWCO4>Rn2e*$b6*XZ_59FlspDZ5o)>df_iFRl$jH=5;
z$30zmeX2ot59n#j5TK#S7ChUk;sk!=yqFppyqHJT)7Sm0|03=k$geOA|L80~B+y=x
zuzpWG1}+Q&6B~jizmi<}&<kEGz8=7W(E-f&1Lpnxoov7q?}Gwx#PzFPle?>MX-@FR
z#k_Hitg&ST&A^Jr*NN)%A@74faM(aBYpp*qKJsWriGJcM19}Gt=GoQ*5^o<LV@f?a
z=3u@N+_?`p2pXHji1$;%MI5J(#TlA6+omdiboTcRJR4?ks7DNA7Gl-8Afo^m{PJq*
z9U-acb}`SD1}GI+q64dMhbRbCU%veu2yRu~69t7{!&K!ns@<%m1COR+8r9(K*)03$
zcZ)l=w!@naW{M;;Yxy*bNT^9i@}ci}LNDj!ffw;LJW2{sWyEYoL5YjiWEyG#fCOt5
zX(bGIwFCGV{}cM=&7pDM;$SH>dkBR=r$p7hep^&J{E8SQ!5m7a69frWsr)SXWj)D(
zxY5`Ej<3KQaA_)2^SV6HOEMTg!Yjrl=nJ1jv@+Fi()hdsH%w0xE`UHjb;x04%rh^b
zU7Ukj@b$;WTRY-oD$(ssbiKD`>exWfFYpL6Hm7Bn{#g>CQh5WlgiZp)LC5beZcu&}
z5hAfH)bXxMc}y&rHt_4zi@nh~!ur(?MTG(<L3n*Ha%CTMPXREm3>c#TpG}}moBJRc
z2f0KXYtii5iXChGZChp~eL_T>zwX72uNdueAp!)tGNb+7$EU`eKiNIy4+E=u`XH=F
z$AAPbt`{1r75IjLL!4n4?2_Fb?wII&XvA2(IpkZlMG%bX+xzBsed>UJk*2yKr2-$y
zUf-(I#X89nd3s_ZW9J_=eKkr+RFr>)KwALqP~Yq|BO69XCQPv@ZnUr+x^Plxt*h(>
z-cg_xSF3lXpR7<hl%d`$k3jFOW9JdQ;4y?{M~VRiSON0@`1Qv&t0vy8D+)2O^=X&1
z8f%04l&lX6>pK+NIc$qop3U>X7`ncGOXYT+3r;!ALOy0?C^~H_=j#3j8sPYR9S{5h
zU*42;GWetj7d^H*<y(o-as6FQDh>n9I5f`rHlTid$~El7MvT$a4AtWepXx|R;>Tf*
z>s(w9fR6SIfgc$H0L{m+FqJ-M3*vU`#%OUF<FU-jqBU%AS1Lb-g!{jV(yCC`{4sO%
zU03rR@fcnK;zd=(j`RYfCqP35`XKlP9&+@X-r&1ybAhn+xm@u%zX1oeC1z>;ufNO}
zRFo)fPS>XPOqv)?V|LjGXfD|0WMTF0(JMnyjH?$nx6h)nfF<y1KnFzdN1vnC2;`oY
z@r%5%^n`Wgigm>dojB<J9n>7qR#9HQkyGej%L)>%nUY_ueM|!8NsJ-tQ;rJw0s;vB
zFYN(fAkS>2=@+He#qmabD?`cVA~WmN(_k5d-fIKr5j+A#^1LHV*8ArMd4V!A>-bAn
zHg?Y#Ix|gNU$jbZ0uuV*8AHeH;A?HY)g+VM__?w85Y|fEF)=o`Af5cM8$l_vj*iW5
z`TgT2sxRpbZ)pFUf%<f!pg_a2RzU)6RZdl6mJz$!nbxMJ20>Rlb6*crm*PhEjH}<n
zrRJ9EO43TrFQ*@NyjH)+I<^3li6bOWXuV*&G>6*0vOBV{DQYDUc%Zx4aH-KlWCMnG
z=?mux;9c&xyBd6bpDOyc5z71WcQ;VAgSblvTb4;khJat|PPM*4xh=@!=H>)eYnGm7
z{R}rp@@E_^K8y1IbD1B0)2(+BXzs69w<ttJ<#jumnt#WbOH~x7G|7VRRRhsAh4($$
zX$<3+?SumAnhcHniGq|tnS`%8R!$7&M^UQ1@$KuMf4kE@1pA!ymtZi&g&(ueu)#K7
zF9gq}o^B*2j-C~jh?$t+Q3tE=isp}4_-bFeyAs8%ZO=_iI()Bg&a3rvFn4pC_sO*2
zR>lA4Mj!UYi!o3?+~;(j|3Ps#YZu|?>N@9BE*>$l<#*&4_}c%+*!yQ38_TnnanHEM
zj_INc@sZmegkf@HlcTz?NF}~Md-lv;-Qb6PoaXp$F3*=Oor&&t#0%bk&g!U2xIwW7
z(k=~EI9`73ZB2bCAE{-!D0UOv6tavt?VuPX)7deb5E*-0avdFF01;BiO}7ml1~;cK
zPy_+L+KOH}I(iHHAYEs$v%5oGRA6scF5HX5De{G33(3y;PNV<s3D_|*yVc(E{1avH
zUVdxW6yV}&cp!g=>v*qWu#+k8E}g#l0?R8v+GL<x#rcJTLeJ?q<qL;>Is1jhq2t4z
zkf3La1O?z}V%3eX&U{Xor9e~MSHqBfc`*p%r5)?rzUDRnoH82x7sx@mK^EH=HXh--
zx9U%#&x&lt(j!ROKiN85y(&waS#bEyIHPsmq-Al-gITjmTr_s4mL+y{z;6B0+g8$f
zd2#4>{YjXT`27Mf$AN(WE|$?;QL#x*MJD?G`>LFz=a{dF-EEqm!l2uA9Ej{bQ{UXF
zpPW1cIfXmgF114!n6#4BQCrOoDOI4%_=Lc$2=2=gunY5zYb>cqO-<CLFIb8(-vM2V
zH7%Ql)Fk&N6#jUhqS)%u#kW3^7>`$omV%tfj;HViU8daJHAH1qj&teMg@R|6`v&!Q
zL4~v!tuG1|8Sh2rfo?M}I0VcS`18g%fVBP5`tYNG3+Yvm6X<moj^U<?!t^Yt=%q_#
zi-|Oywd0*}BZ|}1JjTOSsuQK63ZW_9NSfkf)tfpDWmA_cJV%heLw=QuHLviC#s})<
z^!(M$e(+5oET+U>$`VX04((g2v$w*X=YwDrD>O>`u>*5r4*UC00|d_&5R}XXFaDu~
z5xkWr+I+4`cp$LbYnUFv(gb=47{mT}{nj-!oEJg*HZ_B6<5Rx5!wIOWhDTo`cD^iu
z1bh6}<fAb+M5V2zrDuSq5<w@#K4*r+DF~H*h%J<)-$_GlDy?WxRymR6Ko&kJ#H|~$
zwkGFZ$6o4zVtdG{0Kb@Lc-2!K1gyVgr%Q+sskrcGrs%SnAk{@SYv8&$5UqqSG*n^B
z`{=)I!>;)JIj8?uu4I4w?5qA=_)$U{sP4!!j+F(uL+g)XN5Rn*$xHV+b?$!vLVsq8
z7|b=V<!hPg8R#8F!Vd&Pd(!FpzwoAT-4`rpc)m}8L?;mXSodN?+ZTdg=<&4M_a3C|
zQ9lu~9_aQHWMn+KffF0f#9ecln9tuo2@BF)TO&2V{lv45w@3(vpkSAIH|zInPv5_t
zI@;Lqq|WB<V6=_08({Hn$@6oFbe_l{YJ9}g^2(J}+t<-kjD^@};l~gQcwlstm69it
z%1zWL6Z-8zZjLaE+vqo*uo#>dMWot4*N$v=N($_KpD`Zn{ga@KeR8KYlX_J2o|)56
zWuQK(UX%3;m>lc_Uhe&_Y--vrEU*@ejJCUQbWulA!arPgc2U?3{;m=CTUkG#Dx2t?
z!1>fUTAxH*sMbbp<<@b-!a|%rv9+vkFGZBib*9Wp?Zj48Jf~FswBo((fW-#-5|opk
zb{-ZM+Ww}stb-#z^@nFOc@duEwq|=dj4gP(l08@@)n54u>NYI6pMw=Z>DwV;!ah#+
zl6dXy-kEyg)raPIuV_oqIhhOP3=9mM)t+MKBxJ|jh2X$BYG>Lv(TSfwcCusY|3dT+
z4cmNL3$pNPg?LfLrI|^TAJG57^qq%MY0WS)4r!Hzf&znvuX_i!Bu-u%nmg$;_j|WP
zdwc(R#TSquC<+xPm~7Z5;4`l#?)=4I=9}_qc}@z%{bHlv-dL^$?~d5K#;T{>5)phk
z#-a^27aZ!WVp>Nu(Z{Fhn|Yg01uVCqhuir2Mm>XLfSRwSmmgQh=0^OY5r484EN^a0
zZj^#fe{CpIXXz4Hk%!%ySMuHEb%nd1+1WK*!|4O&C8XXA>3KVYUGha|+^_ZXDwXJW
z`X$<KjCbkDH%hVv?7tbbzMT@p<tlb#_KHWT9;A|!lRX9B->x<&LI68>PG%V^|AiE*
zkbfQ2{?qG-$%NjBsR!0pf?ZtsTEg8Y)(_Dg^ro|V)n)TfS7TV4dE@x-$mp>Ma0BLz
zqqLSzAK>?!{v|T)csFvJf-cDc5rcnIJ{qYgDs!rNV&|40bYrk8CLwIc<?_#UqP~2&
z7_#A=m+GX0L#&Ou>ldk{sf!0AC>>_sb@ymH56Pf{(aa-TBQJ<aT~Y9XI;E<RlJQc>
z-<0bFEM+{E^P3bGcP@t2v2p|kw1%FE89ytrsYtUBFQu#Rpkh(R>Y)`R8$65M>ovP_
zMpu9<_W8i$xxp5LYgiiN>#td17|-YcSXYUSg{ulq&AERBBZifoV4ncpOWOv0F+%oq
z7w7o|IWofu0S7BnZKunweB3W`y1>Eaz>58@y^UQ$%}QRDU$2_#turAicHm3<)z=`g
zw_Q?DHU>gc2M|M~j>7=sSry>}YnRXRony?bC9^7gEHTabBJrO>%IdO&0(m8Ogg_Bl
zzT2me&^9`$d`QM1<e!MRcON{25gtX7Ul&L1*(Q&m_P+o-|8v!%vc+%j>vwD2VwgV$
z(^WvCE)))Yd^@B^27w;*x#qXq+QRO)C<ULev$A6LIA=8sR8E%UEx`<0K)>qA!GG$b
zxTV?Fl>mA?61RGpUFg&GR43Sw_edgq&T|ht<KC8wNQA8ZL$f|f*MJf41UGbt2aYy+
z`($6<23ZTz^iLk3(>mWjro4B_8Hq0O9M>zT>-y)C`Ri4&JS~eq`gYjQpy(BMMSfaw
zBFK@D{k=~DgJooU_8RjZ@i$(&Z}b5l9@BuLQ5@>LO9EJhb7%`}HMDyTOsUM-ka`rs
z?zB+(MA}RofkR-4cs9i2oZ9-BB0Vtzq4I-scWAz|>;bspdqZSol<7S^Eay2;ak=u+
z);D)})~cF#s=!5`HKOZLhEr@og_n4BF>1lzrUx<R`Ei0X2h5t`s@Ar9HVE*^P??u;
z*g5K%b@ljOd{DRX)suUniYH3XK7)O|P$3Y-!OD7j8j^e|5;0M<xw_!ndMDD#PeX&*
zy!vG50MlwKdDHdRwk(XC_A?{b!FWaCG`E)TvikP8*>_|457BskuV8uSJ*?L5;IlPN
zoUK{FXU7ci=Yo$O9~XEb^GX%D@|=)80#fwQv;W+^W3%Q6NOErcP#Xg(%`W0=Om@VG
z)9yrtTYprF)6ilz2UwdpkLVf9z%vwTeLlK8jke@<q%NFV7=>y75Kc-?Gsx79?JoOC
z8ZYN;zP(Kk3)F=`74=nYtilHmkHpqo<|R5qVafi=A6GLW_03OOh0ghD)943H!j@Og
zsa#j$2s(o?^}A=blylb={{D}TTf88ozHjP+Q-Mt%Mzr5(Ty6QFq`0`^6+oJ!FnIll
zRoZiUS~wz7xg4Yv2An=wm1pDr?1YE_94Y#LO;l&7<-7Af?0fND<)tw}Fdb6|Pyl$$
zPQr_#O$$<R@U5uua0!X+xj{~m`x_U0C@5U(K4zH8VJTyq{o>=Gq%E3uk&wzmohR+!
z!rMFZm)?^XlWvJPYH0@d3j8F6Iujt)9Q0*K_LJ4{ki!+P{{sG$_Ja!}FEJ-0#L3G!
z?30E4`X;Asx-K$20s+@iUW=O|AcSep$r|BWKP&d|ecJ#!WvC1Aa14BUH>gAk#7(N%
zGxFH44_^Ti_Ab^;#3qM5mw4yU?deO#W2inA5Ujq<3OQ#jJk5(V%~yf|p|LOrK>?md
zIbvGEFP9(4*9MRJ<*A7IPB4)<z7V+y6DIKP20JN1J{K?bSjxsp!3PA1F1Nf9yb%2;
z7PrjonM~#@u`kz1|NR-uJTqI~Vgfwy@c0-n?P;np=>Lg~-KrEU6L5i_g0CZ3KTU6(
zfVbL>OG#O2Fy@V?2MEO9)8Mr9S4dwyM}=XnoV;>DQeI$~;TQakoqaSt9l>{Cjq;Io
zMz2?~Q^2PKgoXSV`(uxYDos!>q?j1yxL&w;MVF#=Baw%gnwcU=f*5x%g*xv%B%?F=
z<?kd=Pk2COh+42J&wI5g9(Y5de2=wT<l<s)#j0PNOTonSWnh<S#llPEhoRt*kcNUf
zZ~M!?xxHl_Es@d24M9ft2;g7`Z!I#PA}$W9;TU1|w*obj7_ZnEM1=!27b58yl03TM
ziRb6%3v@|K3Sema$Se5_S8K}v&iAv#*xr_V44ZEY>gti5h><C~r)_NlLSkIf4WpKu
zvwb3=Y5x02#&36?=5BVHEIxm9w9jC^#1e1f_19GBJQ&j_)O5_hz?6K%VZcu&D_LZM
z2o)#Y!oyNf^(w{3JUDvXhqFQC?U0*0FA<$d(rKnyrap#U3kqzO;dG;YTPGD^mHzSZ
z2?8+t{qnh1FC~y`bxdK%c+zm(CvGW<9DX>^sRmK%-c5hpeDNgSluwU#(QbT@nZ_?K
zEy#J5*L%y{DwgqtQ%ZJ$3zWTom?-^SUDNU>n=rP^#<e3x`9S<H=t$B~kyc3l=kM8-
zpb%=I+4GfI<+#v-!kVX{=vYQ(uBmA*1%m~dQ4f)L%o>VccLQ9*f_mDy&QsGYukN)1
zG}jUuOQ{c^5BaoYZoKIoKpb-(grfB@^nWjzUzq%{rM(g|A9pEUfSxmEHXHQfql67|
zPZoS#s)(SmAXRkBH<2Nq$ccBSD5O7!!qQjkzM*3+K&XsMLGSPN^ViXM*axZS4T{#c
zJaiTV1D}=}N7D{{>h)bE7)CF-8mn*C_u06*?>e;j{B?>?jUSc0jVdUw-=QJS5b0$r
zqC&FNKzgxg+~M+O=Gczc@Y^Sv_xOZFz5n78bAa?*f9Y#(IY^k)Flq*=iuXGFJ^sb?
zifQ*}9Gs0S>v+hAb^2!h5mO=bCAX6rYH_5g@0wzaNC>oLYHrL7yJ#P6Xs2yX=Qh)8
z*zmcAk${i-M=SG5vUqu6z0a4=kE-$!C+0{C2%52$v)`w*+Y^y!7&QT9P1d~R_Ow&}
zlS|Ru;)Y;|ZE335Y@Y5+`Nol8lqYcaOq*CWspd30;HRI<I>qCuq{LI^R>lk}A<4h)
zp3g!>E{|uK<XS7X6}f$*Oha}cY6lj$9`2edq6j`*2YgR?zBQl3O_G@I*fUGQC*Fo-
z5ilCohalneA{kvZoir<ESB__`iQB=-L$UCvHwj%sRiCPV;DNt98GDV+LuwtcHT15>
zkk$odruSQEGnAoPZr_XKb+}vFHq(Xo{!0hPQi0Jowmt#bBpJ*QLeKihN*$6R_K-wW
z38f!n8U=Qqk|A@bpkgb=O5(=YSbc#y-Nu8xSC^nQFRQ`Z$j8~*U^(-2bNW}Vh(&?4
z#qY~D=koHsWqA}UdrVN}5ptZNzTlF7wYt92x|D!M8z44!Xks`_YlX=l;EYpMwktug
zLG%q`Q=@U!U_AQ;#>`4-&V%j+%K6=s=PQD&djI&{nE6E$Yv&W@l37xfEEM3&a|()Y
zVhrLLa%_Dz81J2oAWeeN{VyU(;~$v~$7s6-=2#*kz05or_&4;xlLZy7(=hH&KKQ>~
zy~9`ok#cCXaHi1}ry7jUPKnMtMoi6ZYbRc42nBCQ(JIFS01uh_Z9>(i1A?oj%QlAo
z@PJ_74ci(U@O>J`rKv(X@Ymm(0D8mMP{UK=ViZ_sZoZZP<CYqmMQXhymb8TC0l+8x
zgz%|Ck_WPrzv&>=o=dPw^6%`CsTYKg0Dn2e$i{qjY{V3#>6=h9_WRpO>3-A;cw{&H
z`m1F)ckU6e|M-QgSBOi9zV=!H8@4s%;;ey$YN@KB$v1dO@G6hMAX!;3zQBa(qc{%C
zW<pz(K*jf$H}&C5>keXHw~Oq>4i52m77i7Fy2qB)8&kmrnuZIboM09u3f3lZuDKzO
zW~upCw{lC-D+Qv)GP5y7(7n#UfrLE;?+zddFk^FDEeNQ=8al@3gol(sCHoJ)<>i?B
zncmn*i7AFX;G9DtD9!x4iB?Ahau4$?JJ@a3DGiVwF51m3I2h(5-c6(j>0Duf?;tEz
zwOO?=7tOX4&NAxXEo}^n&?lni7r8;~If}g;cJtM?AAE!#5|kd<g8hn<n70im<vP6I
z`zR-3P2UmFURquM)Vk9CwE-+EyyO}V_3MJ(!}977&$3`#Qtk1LsuiHWniUddjaUe_
zNbrTq>ZYoA1q?!kH<F>IqR=Opo(ur4#UXge(8B|Nv);2kJG+u!*0FDQ?$-l{&nW1U
zA#I1OWzL%<P_#g>DY)8dJnbf;U<rH&DU1vBnd5lx#jt)}-%Q3ADlk8Y1=Z8h^NUcf
zVK7*70_y{HTmYDV1&R4pxOOI8>QS{1BmaPtIUu|h)Th;T1_1$UA*hk<Q^70)X&U9%
zSs_H~rR>7h1%8U$o$*Pjch6yga;P5wy+(;)+`nKk5C5V#eJ@a+M8!C3RSQYsO;si!
z(a;f>s&}jeJ&Z#>dw7<hac2LBj<QPytV7<<JW!s$e|N>RY(a_>!Wu%T&V8Hq(hkV1
zpnK^jFq2X=0i|sg?X<9dCGia+ZH=Qp-0HY$>y=O3HL6t`LN){8g~YVkA)S>?6@O{#
z+bp2W($G;|(eRhC695(~MDM)&u#9Fin?d4f_V*Y-V0W(|m-@gf&k#94htPkmJ3T!k
zms>|dnxu&87#lmWone*fl5Jv<m#_7ObtL(YxKKv~!cW1dN}RAW7RllGkK_%3CMB@<
z-fTtL86J#UCJg-6>cfdie(UqqlsgF>`!htM!`Wj8_Rj3pN(eNMGEc2QL(o_SXy^p&
zkeLjObwRK&@(m=|FWlz|`>T~c*d?~c3fI?KrTNp-UVv)MV<Ak%&`E%@X7!2)BAwvu
zQuMYlN*JM?psF8MDuS?9_}O8~$@)GJ9U2`_4MXrA^)_u541yA7K4ggqT3%q69O!bI
z28hS<d0=gksrwYi0&Gg)&!p&fu3w#m<W-kshadN-K2To6LntVMqK<7-4A7K>4=9Jw
zDad%GLKZd=V`nx@R(Y3d8e$E~{G~%OU7)hBK<i6Zt^N0e!q4v@3^muQ(}ef0cRXaw
z^K(QD2Um49wKZ)U^m=e6j<)lJro#f2V*V2@WC=T@RkSVdsvpw9L&@0!i`SPqub{4d
zC-7+soor)rfnoVM1pTu`{EcsqqgPZ+aeM%+s=9~u^x#0o%xde~S(MFcQcAMn)6}J&
zDk1Rjr1gvz_SFjrf`{KV1^0Yb^>GUjV@uvmyN#jO{!iqQ=n=0yKG_CMEc$y%OYhtQ
zY^r0O%WqF&35kicb7Pbpt81u>m^xKi2a-O2fgp7CW`fV41U#zH3`y&&pewENvqR(c
zNaRZ|==Ae-Pi}L4nr;h1LAtD4D}Js~Lma#n)eSYfjG&E;Y%xuo;VOvdJ9$MEo>f7u
zUTqx3=oX{z`TU*~B;Ug)1aAZ&F_sn@=0jcPw;7!hf5J(x=Q%z;?t{?Khnh8YTn3?`
zX+!DHuXss!gQ*Hhv(|-%-BSvQ|EpWr9zYUc!e8`;pdmoDxOn!bjUn2YiM^7~vjQzD
z3z*qG@XmnR=^4-gs=j}(QvUpEs9S0#|IL>lpbHh~l&=W)`pP@4su|3@qkX$%X=C;5
zDLBOm0JJ|V2Y=mBS-damI_}#hFVIR`Gg%T>5$be>B!Vn~gpOzNScB4skc;Mg%yfaI
zeFa)5Ok*!n1tJYSU0l!Hqn;m_nohMU{@X06ugD%Bd_#<}qs%lZwwSJEGa_l#tt|>e
zLfjlKNWtgYlU?0h8C676mixEe49*ohpr&)nKE@gk&GJRFrB7Xa)>LPlKKpRwO${xO
z;Ps0cJp(r@jk`oRn@ZPksU5Pr@F|Us)h78fxH+ghX(@pii#o!?XiVjNV`hVe9~&rz
zn(R4oS4*%`Z^V0gmPftExQ|{!#-uW$LpCuD?~Oez%Q)vFED>SZ5WJHY!YE~1OWTV!
zX727-8D)<n^KPfhHbI`O%KvUY{F-W+0Tw%)64fEn*8B@HPOFljb4<7l!JHuHkV;wO
zofcn;Q>FB}#KMAA9sUzcBUwsMO_-+TxMJxEu)j~sW0sW>>Kndxb>v$yd#)!g%^+Fu
zPas#I0}YJOYl~g7cg-ObMIa;<K?<6ckP;H*7HYT7Ja00z_vdAU&<C7*#3R3cF|K(@
za;f)wQs=U+MnSFP26-*$&1+V_iz;%T23Q5E6Klh}RCA1{7956@omNepW4$9{gS$Yn
zy3~Isgn&zqYkNL}V_9l)1#6{!jPCJ3cFWQ&T0v7c>QQY>C24*)<Q8E1?kA3#fXbdi
zGI<6{SBba~2B>UU>B-9lY2==crL(JAISz2O{$GB%6>JhfBTvX;5h#&GD?3gdDfmf*
zWTHdtTK@0FZ;8oi?{CPh!BMO_+RSgJ0CO0xj#OMo`|`m#tfUDlZ{?D8z!@)&XnoKm
z@UWz+NhoMS^1y7B#0pl)-QUk?7p=<mPu2f16CKG#0yo{)9OE}_J`hsqB6rYSfxx${
ztV~`RlT+CO<?<>hEY%+-ryJ=rSQ-nCyB<F8hC&{}a8^w8?&66m24`JYqe_&yS>g1A
zj?}Bp6{mV1`p18Aq4-I@`W6gwr(qKf;Ak+GwzT2r_op&yW2(s^g*PnlJRNAB12i6;
z7641uK^V&X=L=1sjL*4=HpJF>q?5!CCoY4>FXU5*0>uA@JXD4zk5z-)YOAYVZ~G^v
z)!?U+rC*yaF#{73Se+nbn35~h*`{_cvn~E^37kUnPFaBl&c1laSl_lDgfNRm_sP<s
zr)TFMTM~YCh_0E+BMh(ywQ?uV1|?;dmGsFxAt{?CUd}yq55-5pF5|ofan!I!4`jbU
z+xY{7Jk0!C)zUrV&~SlSmE^dBn|Etmgsi#$0_WpD9fBi=??3|7r*Ufs)Gq2%dX@)Z
z#?rSNd-@j=DL|2hUfY*mNd)n4K=W1sChdw=7HnKOnc7Oz-9wZRd&)=1$_T>K!zkDk
zVKUB?n#>W<y`0}oJ_EDh+U9SCX_>UmKy|PR?8#y6eA++4SbeAf^%PaXS`>Pt&@?&F
zw7a@~F6*gDH1i?A))iDFfy$>D7Hn3Cy}l>&0vz7)iNT2ts_N~ZF*s`ah%|C^U2!em
zT6tSYA<resQ!AwzvfMX01yg5h1qres*f$-7yHfOh$h18HHoAu%(IklFW2hJF`=AA6
zBjAdVN?z{y&rC@Dii6t%PKix)me$J@HHWd$mw{T$2V;0Si(i=1y7#sIK_H;PWru%0
z4>Y~pippm4Fd)*VA$a3f`_XKbNK8e(b96>vQsLu6{Ls)|3iz9SK3=Lq-@L7s`i&)h
z`y`m&nZ_S%0iXEg`|xZXc9PyOa91Ir8A6F2Qi;(+cORIid6|BJUKaY(PikH!It~UZ
zX%s>C1ZPP>_mnv4rsH7QvEFl;Yg9gVDy{ANr#<}n&@N1=gaMu{5#R-lS@82hM6g_n
z&VaIFf8@U#<q@zmQ)|?_l{M+cxPJSIo^7IUdzO`jcm$&3=^tly;7EDO>5++pxYC{S
z#C)>e<IcEfZAhh5_~cIwlvMaavLPI!055Fdktij-GJA?Ul&%4L6K`Xycx@R+hCH*|
zPeg3mTFP&^S%_mQ5r@)*Usb2I-G9ieVl04q?!S!&S0L`%Sg#JwGV17N_dK+N(>@|N
zIBj^3)c{M;2@D+k`oGo2G<}SIXGqo=X9Q1E0co-9;H${09)hI}Y7tSXj}PS`J!e7F
zqV<a*qzlW0I05!hu^IgwPJz=WjreDGMewW_V15-v@VhAEh2h2sl|ys|Q$4iYeMSgd
z_cSBYR#{kl!J<_YH^xT|BaRqco1tySX23L9%@kPizEdx4b>U~!Rxl(ZnX$-s`J|wr
zC;Lp3IUJIRt5XO;YCc%14m9=mKZn3e=-pYXR-4o$FeEItsdnw>qt{e~>N#+8BaM6N
zgF<40K&W?B-8UesViR5(-(+<vV5+`@od7OCK$Cfho($CVfu^A$5kxp7VE~i;=f45A
zL7uim8lamss(zkHGQFmS5o`QOYgPm8s_NErriI)W1LbmcqYE?~TnBe+A>9hPN-EWK
zPk71uUEvuL%`?s$%@l2pcIIwTE5V?w_<O>?(DGvj?AXP+t+VT(`k$$@=U4r_F*zhv
z_Iiku7c`iXx%9EjZ~u5`^%~!>EW!NQo|I^Kn1qfFSO#XIb~-{8LIGY0IKrtJ%|x>C
z#O;4KO%f8gO~^QIAlcLDI(zs<M1<tkJD1O{$TD8ac{Gb*>Y1tPYn^PGoow=$*zB=Z
zLL_T}$0uD#%sa*u4vl`pY~MjdezZt=3YoC*f4O#%cGm8}n%8|+kagap*O@A=`AHoE
z=OP2OqjJwz5TK?z8@Un{opiClu~y5>QPQ(i*e&uf6XYohW%Ho{oB}bf?{rcg#ib?A
zf1BT!ul?2j@8tA5hE14+Jza@3%v_s4qqBXh!VuL<2`xZ03B{vJDnmgcziQFBelEd>
zaeIJ%nY7;N&{$aO6R0z;kLr1ZwMG=w_3LkL#Bs10B&_<E3>J;4KRKm(yO6>yw9gy~
zi@m{KV@<Be19b4P7{lKMMUAbY^7mU}M1AtgR?ZfCx_g&TF!Q}WMK^zsopVE{O>I@S
zk{sM|tK6bE`!~p}8j+uWJ_9at1pMIy!h2d`AaiPmWThH737iF$Hd@-<KMdhDTk^gU
zIc5WVae7c=#!8*(RMEJHuE~TCDWOIK(?TsC{*i0^67^q1zyg&5HwhT@H+Bf^i=|~e
zMfQjA5SBG6LR>*;W;*}5Cw-2Y@3p*dOv5k9Ree!UL9heQy?n?D0&c{`A3;(>MAo<+
z9MTGK-s?=EccR>YGOT~-`i3yyucGWkxw6MP!z{T_lZzmA`dvfn^9@I1d^68r`uMJ&
zI93~E7fs;euU<}T`iDFUs?5I@RHvXSvfi>IWKM&iHsrt1P5PFNS!s1lP4Qoo@@BQj
z_8kXZ$r8w(B+@oVN`jNLl*A;Ex;C%uSYQeoX9iV!q0HG~VM?515vq}xY9Lwv7(&o(
zJshfn5}_ewhJV$s!^4B%Tr6l$OQl3Bn=lBP7485_Vig*KMQoJcA0zq>fA_E`wj?i@
zfhwBRB4*ASQ)%Yo2WeDU(;eTzh$v&+F57U6P!;Ka7Q_bQgzl^Urz+h<ZCNhM7@pe?
z=%H`HQeY|?wFj(C7@D#9Srw?tS{klKw2vA`$N454h*!<31zTTY`Oku*JtSj{fl#AM
zNFl}p{@Md*7W(agfAt_R|G@>Hu_Gqg{DydgSQ6wM@Cn({dNzebH>98Ed^>89GQ&t;
z*lXQPC36Yv>#C1F6!NHR4&(p?A(553<<j${ZTHCO{U}ToSf+;vmA(HlR9yTJPE1PD
zTRKq_Nt(ha4k!3DZ+b%#Ogso8Gi1onH`7oFX@;?|zdkuTcFPax7xZDC;Ex29j9}2@
zMIUbJuqxsHEAA-_|B0`%5)l?8|GFK3)N%2R9%WhhQn!12LX067=ufuvS|T5QjC+EX
zg&?BA48!Ox%+v0<FLmuqzZwyD_I(LuI&gZbfSZe#zdAm0a({Du+v;hsu{@XQo#;KN
zLhuiLzDjg044R!XT9}1-b#l3QnMRL>FoB|Y`VHyta*tRDyr)f%?(l!@IfK94p;nsP
z1kRms4&9?Mipc2>p%v{ty+=r4i0t@3p02}@>No0Nqo|Bh5;Ef2D<gX*+-qlVB_p!;
zrh$-k?VY;z-drmoq0lumlI@a=?D;-lzxRFrf%AR7&p6LHpYu7NhXBQ%2l$DsQP84&
z>gohc=g-9-y)o)Ls<CD+=se@>d$kV(bp+zf2<1aZeEBF@Vxa4j_T3CSK>qRcwap-2
zJ??U>ysz)C?t=UL-pv`v5<-Yijb+bs8xkyr-+@g3Y9GCQjroz_1F32`*RHKU)mv>!
znO6*Kpl$@dS2-ni=1i27{x8;Ov!0wPwoNqtBVQTXPRmHk%YS$q;@Rn>+?j~Ue9l}s
zyA1IPg(8r?dOz%HH&_7b0fRZ;0OT|?GlomXEVEmVaVC|jS?Pu>jdKAyOpU~$5HEmJ
z`S3LxRaTh4iS8j{Qe%jeF)X~N(2!G=<N`(=-|T}zO`!;`NxdB*j{oKu=uzBV9*Jug
z{aV~mGx5l^>zTk}K-$in9bjW7UGL-fws7$mNomtQ{?Q+AqU!?@)pD5`$H#MDhVwN@
zUUut0g=?97oWH4!zL)~u5AVI5#K4+e85PSTjymujl0xfAX2?Yr=R!UkwUBy3`Da~9
zZM2!Hp=z6xqx>gQU-rJ00XMm(p#=b|#T6_P<v#u}QDW-yoE4c;1ehN{d>mGyl9Ih0
zZVkNH;@FQhs|2LODvz=!c{WQ)2;Q>Lj}<3|oE!&`uu1z_spoT2FBhvt58s1tspoya
zGP}Dy#`ez!It-Bngfyt78|;fjNZVO0SB~U_s+t6pR?<U1y1*7B2hVl(sZSy4p>M7$
zcGkg-u?QMlAsUB|KLk)pk+p^>7Q-YKm8wNVQb|{2NkFybI`)s?_U_Ac6~rHdJ~6==
zx20Ww$rGxWB)ysaWw)h_0kIiAQ#@C3tg~cHuT~g{V1w8y=NRKwfkaV2*ewX$`Q&l;
zt;(sNBkc&AnAGwHvK#|QOv&*k9<%Ite{`H?#Ol83eF~2+&(N`GL9crqu5os+?N+w%
zTY~QSHdU)a0`t6xkdOMq>vMy|#u*nDcONOTo=ew9t;TC>9x-E!dHGsO&V_n(8J_92
zvmyEF`W9U)J6<!Hi&CB$gzwTcINK()l~tj6&T%BM*SdX*J3uGmU0ce&-qo~p%cA41
zskd)aj*$Y;{xcy0X0>&+8p9Tf07GwatE5**sCFF5TPJT*KO=XEW2fuAS^3xBLJzo{
z$b(F+en#{KDSHLq#a7v8=YG&}opCKVVxizls@y81Min{&BGuGK$nK}zgVVsvE}Ytd
z4gHT?N0t-Is!!4Srb|mydcbyv9amt)RaABjOR?6Ay=L`uyuj-m#ZCJrBGY)TqN7uK
ziVB6Vf7-XEcSeA~{vUgfjtK72?PyZSa`2jgnVF~SWI>fk6Kz@qqU`9-_tA|wv)y}*
z<I#1|WzTeCPIyV9-my12{`s229X5pfC?N|)^JJXL{t!(Ztt**JSqmWEBg5^;aRq2E
z!pt^4|K7Y`|85nF^(~46Q_=pUA%3Sw!#C;F4NYZS+uYoH&FX3erT!mX*Xe%KI~l*r
zOSo;<g2V|uA0A=il(oW&CcX$!aM9!Hd2l*yAROegy*P?vV!yDzKJk3S0H7u7UgN4z
zTSbH7tC2+mZDWp}F1^QMy>Fw{59C?KcxD3GL)xmUN-pg=4c@D`N!?gi{usIXM0i;m
zVbR6h;{Qmz_8w3^l0gVT18!DCS~*bEN3JpjWNNsM6gJE`GhNZ6s$1&R+q#q}VB+W{
zi>r+cN1hP^$(`ETY{&O1PuN6b4CwBXv6<&wwSV?{NV4XMi|x<8pT8h`n>1pVa%Yx3
zADgn~^O=Kz*6`h%#iJ;ZhEo~;7#uf2jC^(aeG>BHNeKfm$iu@Yfuk4?AF1^aNrbm9
zjqWL9Im>E2!om{lUb76)D}bU3IN|34Xao9ry~kGM?~;?~;QB3qwQPzuFs*XkW?*X^
zF9C>=LXl!%h{EDlyFptIu21Ep)+dhG!ot{k7g22>t!&Zd@zi;Rf@369ma$^XUuReX
z@c<gF$;Yv^na`ykFbyWW3_ZH#6GzXi&;}0XT$v?IjpN*PB)VT-9@M-i(FFZ|+$Xh(
ziD_}?)Z&-wm}df4jCEoGCNp!{meSa2{qarYNOZJ5MjUxz_rzTCy*^d;z`$!b<q%u$
znHUF{()ljyRGvC=E&lEJz<k0Nq(O~*f6EUexr$pWyA<m`dAfUMOCc|Xmlx-62mzzk
zp0iYlqB?l0>v$@JV8Y;mZP|q)<mWdYVTIk{hNkY~)4Zt2^g>CKWJK*(r@y@?$`zxU
zMY}Jg(qu5N@@%Y^akt0G@<FrUtIlLwo)acp%5?Wq=E8|Ncg%@K`uF;HN673`Cx?Jc
zA_OO(oUbRAWeI|L6>xPhXKrjr&55gYDN+a=QHs7z=tjquXRUWo%*FPp&u{#4^-q71
z5%~alX;A(XX%@<>!sMVVAtyuZ*TMWOa*9b{M{%>01$}yxLoa!BZ^#2qCDPH)(fd~N
z$$|U*u`SJ!IDxa(Ugc^dhMZ?lxa>nH2Q<aznnXn<RgFfTTDbZqb=qls;P`h13msO*
zlFUD%f}QL4<edm(YH}Gn_&p2_O+DgFno|v`52ZO30t15>SH>g*EGBNAEGFuj1;De)
zUY4$`%gm@OzU3=_zte=)rCX&nwukFQwxyrY9#c@zGtNT4|5?xDw9?a&oZ6SUq2Ih&
zNDeikkUuo7=<33}Hy5#7NO7p9W^Q(6&xnR3RN}CY>&0_#_jkbdrnjVh*Ec7Yuk2EN
zXJQn^YSnJ~db!CZNHJhExI*W7dBN||*c_2pToMCkOh~=tKT{TU*E&gecg<HmDld2)
zAmk0%M~4<&j}O+kx&d2p@Ii&))>e{VA<dSWx_RqEqmhtdJN?PR{&@IZU{cng_Zx?h
zoAK8{+V<QbYJdlf<hFdQ4qup4yo2JD&(7G})hw~`+Gun<JL*M66TWwQBKRj)x0$^F
zAMnfg;`KZX0qz)QvaYQD{p=D45ioh(Qx!K#?05zI`oU5ecS*eUu7R=feyov649I69
zuRi`VWc_dbo}sq!55be&M2`yewit#;cz*8p=5<PDX`rY>ZmUa$3sFZEn*vIaou&PD
zTdX@U413DLF|tkYpXI855h!FeX64VG1cLXMW*^jMEWWVpEFO?!r0qGcY34N3SnW=3
zA6i2vP03uByJ*FR)Xnxk&T)z}bNF|7svlG<v*m=40A_<LZX_q1-Ku}hN!yHbZvrm+
z)MDV}zLWjtU46BZy19G=ui1vB(wIw;e4s<VdVQ#?ss7mL&nh!Hs0W99>Rpdrz+1Z;
z<_-bRSZ#F~Jd3Wxua!<#=S<S>-wD5%k=qs|h32z*nx;Fxr^bjf;gYg4ex1j0L#ETE
z=-cJ>RlTVx%82`UL4pZuzL@G|?&9~{w!a?|wWo6wi&MzwzU32RK5s$mmbN_|oq`)2
z1OM=)e2?wy!G-nrK5<708g8@&yaP%KEw2~s<V~Ns5rpfJhjrjsYQ3d6<pZ(2cLt<s
z|M}&ZjFn`3pfb2(g;XLKl-smc{KA@7aI3P>gxAwSvl4QYT6bA%kJk8FpUEh!LSFK@
zQH}JW{1kqXit0ODAgY+OvIiHW@?j)|@8*_K>dz4K_nZs$%~dqpRH|fmqJlmtvlo|s
zT)SgR=)`)R*qQ9z@926Dop_yH0c%Qs)U7b`?13PU4ZIGScz<X`(`xmd=1L?J!=YOS
zRZN$$R?6F0huVlWYA(Wg`(4q!*9J~G9aBj;&@qzZI(B^>$@_{HsrEf6h4Y4a8q3B!
zI??Y&L3izpu>MWe)bsQO$XN`+asJO8Plv4rUUr5d%REV9qBUaec2`z$5^8o^ML!$4
zRCGc>8`q)Cji&)h-K=?rq*gx^oSAiNqil8Fj)PR`GE%o~tEZ<AEp{T5De9B4^PgGA
z!(oL9RMxPal4syn45HT8*^|XAvixJhy<UELB9&qb15&G8L-N2Z^;c`DX|0kPA#c~e
z{XFAE6$L7UktxM4Z3+p9^V8nA;UaP&6(_6RFs(f~D1mE>HCn%ahr~-jRGX^$=eLe~
zQ>e7W{d}F*Cup871;cqMB9aXog#?e9!rHfvuhwSk;|>JeuC*#_jc6R1s-$%!cg*h4
zz128oPlRSwR<L2@*-F$PkS$wy!Ai-&&U-Fhs9>e`Okjkut<{YxOu@(|rn_%JO)lA{
zoco8`rf(j}+DDzRada{TqR8_b(BeU@Zk8<zshkZITqppheR80ecY34u)Yb~WM=$2@
zFSlv*ZRTe;wZRBgagE|}qlcfna*%o<?bNTp#lw=ldVO+maD^RQU)x0(1FfjK_)IB~
z-|=!nX<=}Yi(mI3Z4RZAuneLKXwHEuBoEr5q407l(fhHpi_;fb)31;lrdIN<3jGm(
zh26Wfk?S9qPU!gfuA(tXXmfp>9YRlU^yJ4DhxvyK1-pXV^`0axH+-Q!aLkCjuPDN<
zBe^HRO-7ed#+J+F$EY}Of2VNY)#8#ejSt1YYrQ`r{K1HXQAIp`eZ}giDD$>A-lbPW
zz;gTV|DCSa0#$QRatxak5B){la+G&73|Sx1>MU-sbyJJB75G3ttxMaqqCqYuox9es
zd~RF;40F{i(OT-jr|6-*V6|H$T-Ogx6^jrt>zj2yBJX55ml}ail&o$;CbT+{5rUf!
zav}h3xWQ68TO9QJAsA{~#%HG2Z`WEt^8aO(T}hlXxa^hwgZiwJ51gHPT81}~TD4HA
zMIPfK#U_CnXxV(Y&{RMHjkKtuvRy=#q~#udavvSz>?)85z=sR_BbPDSm$oA#)DBbL
zu9<3&S=x9cBxX7K1^46kV7CQ~xv%j`|8nI+j^u#=M;{?t*1f)GkG5J~E4;A!`Ps_%
zL0SvZ5tqEkH^pJn%=4LO;S&Syq$Wh0z$4Rtr{RS`9jolc1?cTdm}^k%P$XxMZ5)8>
zHh~WOGf9r_^hSZU-|wJMZv<L<Sp$+5YF~Mhyl+!%$Ohl>NUkil+F3Smm(C#DPC#_W
z7miuNGV)%3!c4}3RJuH98f#k{lxcT;GVY^VBRtWDfY?dvk#aA&zSREIS-loN^zUzO
z5)(F5Tdk1dZHB~SNHQ3j!QyLlb4>%z(aE+0iy>3_@$k1loW<z7xUVqGwFz-d^kY&B
zmHw|m;Lia*TWf`i{=Rv9N^2DsV~{PJ?v(Ee*(H9RBO>qg_Sthw`_P2q*AOp%<9-dq
z2{_%3d>e6|@pa8idrYUDlS4&ZJecg}F9;IW!RO0otm)5KKfZ0-J^DAinU(`LnyoE$
zG0;zg={X{uaT(T!)ExTc@f^#6TC~#RQF7GS(b*=ijaJ=-+8B|%b7rnwZrlnCqk3mw
zzv+~$NY=h|J%0^h=lvwi&AuDcF<ZSrDJ2hyzQTw(LVtl(kIq(5YRjzN8UDDUxvPQ}
z_O~>;)`nPJ6ybkR&2%)OV(e9=)hoWM>?LT*>W}1;(!69LnC>Pmr`6GMGH1aS-t7tT
zOUU3Ut*R^+X0KeBP3o)GA4OusP43>MXRVx_hZ2LrWb>}s(5nwh+B$GMl}1;k;pU*>
z&FZs0z`JdWWKFO?ThK!90ypkTc+wVjtAn<`eztr=>cERQj`u&a*zGiXR2dn-2g5!+
zwFE)t)xzX#Y5w&q4@%B^;xipelB&?mgeyX`J&UgYw8B4O{02PYv72+Aes|#vu0X)e
z^$X2V7P<(URKiR0PNBc9t5}+BGs8`#RQ1;6(ZZ6>JHZd-om$R#><oeeEWWf=8TIz|
z_5@|9-wb@GI4^}Zw}*0=xZzFgwAZXQFlq$&>5B~9L8(+zkX81Gi?#0tXBXKdo}e@O
z2xYLYf~*gCQ_}}<)8i4;OPlPdLn$+V%_R3XuxZwlTN8ajsz+TcyHZ*-bpu!Mbzloi
zu1y3S)M9NDEq?o@Iu{;=#nIa5Ro@`(D~_^)GWh!HeIZG4MT^?<qP%v*#3Eqox9Y2j
z834t!D!bme=<Dw%-(<I*T?;^)|DF+Jem0L5k~F2E4+y^+tR+dmp{QVG8m(^A9A*bi
zE+g&5<Yv7sI2efY^Z@%gV~y_emoNF&h^7<3ipkQ|CNrAU@T#!uosGn9f{M>!n$DBD
z&k;5V+k=TGkv9ovCuWAHew}Xjxx{F>K(pZa?qU{t)^@ehIpZ?o&dn%_9k6|*aMQp_
z>wf`uy)QYq&e=-Rs<7NiF<6(+VZ#K7mT`B_V><W)e>GM0WvxrZ{hP<DBVD;x^$+UV
zU%9nGyUU*TV#%~YWa&duPG+U6WPvF0%*~&qXI$L==iQ7~YjsZmyUDAkZis!1@1D8&
zSS!##X|?NtphP`FS&oJAfM7GKm}foT$o-gfBM<+==9LSZ@%-P92!KuKc7p3Q-RWij
zn7=<I_F(B{`B@?h9gFPP6^7UH%pK^g<Riwq!>%s%BD@@$!2RqdQIut`Plhsd;Z<;4
zcqvt1uz%oYbZC(4)fS&mb-AHU0!Lq=h;^5q{{GCOry+(_xdcYnt^&6hvaxKAPk8w7
z0pqaV*r+7#XGrC_N`6yv1Z2-y{=%LK)GviLqr;YrDj`aQeI)5+t|XglX&oI8rx0ml
zc7a91FD0+`2YqTZjBK#HWr-uYR2*H!pc$H6oAUb0o!$MF@lOA|+RgloQz(P^O?t;y
za3{2ZOn3MWvPE2nzDxyPIq^(5eS>v+Tl?Q%V)5xSFQ?5u<YR0czB|J@SGhEW#zdFy
z%s5IzdCN$;O-9yAR!GX`m}qZ9<V1w?7O?rLoPWo9h16v|QbY!^I`Y)tbz2~Ogx>h+
z&wWHa#jZf^sxMHJl|0ZN{B)?YjFX-KG-ENfiLS)7wDbEMT`xSc=@5AWj71|O56rC`
zo;|g++}_YG1%_qs{CAmvPJ7RI|1BU%BAoem)sba-n~S#`sprOfbTklE5dn7nt@p>y
z<oI^i=M2rgybG@bF4)=0qZi#F0YoG-Qx`{x2O1~=+x?wT*;Sfo{WyOQ#P{A~ZHi(Z
z09ewaN;_-059RIpLs;rXqjhzX0GB6>3~h?tMI}UD#HSoxyTc-x2O6A&cC-7(BB08~
z%bI5iNRL6#L3;Y?V%PI<3NJo`o6~W=h)Dz66G7gMs6A;mD_`|eh%M_XL05tNy-kG*
zTb71-hC`c}EU8ZBBRCu_FPMujCkXLh7OQ<<pMG4K$3`6t*`@h%;r>Outg=c8b)UE%
zZBt^4=zvC`IqS$aEe&;3Nr*pU(&nKUU8dB!`@QwFtkg`lMGI8xJ9v(_ASo$NkW#Mf
zdca>0Q?{drGn@orP<kO0dNJDaiiSC2996auA#>@(k756+44uC6nr2qxYlnBzQ!Jk6
zGvc1(VPZYEux}fDj|cWqnp5Atu5_}G;PY%Ap3shXMDbwQPiG$g1SW$o--q_V)_Rok
z0UNfQ42loodbCT+RQkvo{IN>HYSy~%-+TCktJ8Yt*0>x5psNJa1^9U<gdAPp$JZ0d
zk&_Ap6Ewlcfv1-mIJlOTF29~t=cEI+HSb+`DQR4L+x~=_C?#X-D&`9}MKP&=cmYZ2
z0<(qF6q}(M$WTZI!)x+$3cJ)XU2xMq1iNtYsg4b)E&)$`e|bH?x<+vC_BFSl(JEhz
z)?;P$FKr%vrwHUEj6h^;kuB8c1gK`Yxfuti{)>5ND8a$R?NvmEHYkFyAIUD<r)e6n
z3^b);dSC9D6HhdV3rjaX;o^*m3g@5J*oD>%|6<dwKI#8<E=Ku2I*bXeduq2Dof~g`
z2mx1vTIyfEuq7MlE+RS}1KY9oE|hmm4z673($moyk+~V+(4Tv*9@DMzg9$$6Sl_ng
zZM>d!dL>Bpq7+Zq0d0t3IVy%AKFarGxTNN8L<uHJL*0zEXS@3Lcw0_x2B2F~RTecr
zdh@*xy1y(V`#=l7f^wxU6)%|@;Xg#mr`q!}kFfco?)jYOH(ZO0U$o{W?LDjPq0Y{s
z1wR18e*(pDtNd*hE9k48`q0@oY80M}g1od*FVaM7Lf=pq<SpCM>Ppz?c?Y@?w2>+h
zQ|yD^ntbeCaCGVz!v@5l(X*JHkopcBh9-jV+e?vvd-D_P9k~9#Wv5$Tg3y3P99&V!
z_v_>dlrP3@<+Z&-3I#~@ryNdq4!^TeOFiVXS-O>GewrL_jxvAFC$Y2IHYYzaqWgff
zwEV2NOlCCjL(6=|PWj*GZrv}=tM$(l85~8=R?nMR%GtG#W?ob+C?L;Gu|YOkMT<m7
z3-5xWkgBI)r!Jx0A9lWwBg`qPlqJWBK(xjoQ7;<8`MaGz!K%uL0kq2*o0xgp@^C@n
zRbrxUlKU{s6e$6Ci9S9WnxLL?1^niSC+IVFzWgi8oV@w<p_Nz#9es?~d}4ofOCioj
z1Lux0bqB)HjLq2_D&CCS!LviQNzEI#lNqF)(X-wzN;U&r9Ute1fYt_C`54vUXL1+Z
zIgu?pXQp8_(5UA<J@?9MYHKQNJas;t#gO>fj+ARv+n?X2jz6IScf_+NWe+c|2Pw0`
zE~(Fg^bbrV%Bxt)BLHElO*LZC>!h>CnrEqN*4ee7;MEtleBPnN8adw;jSpRvfHJ0}
zTp53q)l~IcYr8Q4gs9h?3PwZPXTuK`cFv)k5(`3P*+GRbxl$DI&wU>rF-=(W@rh5k
ze^>^H%jXG9#{l`C^nbtu=r1h;b)01znlyFyNtNOvfs#5x+?p${*cGSZ6}S?95eygf
z9br0@Sl;qIV9s`%*0KA2@>_v|8_;21<=3Vpmu0mMm6W-nXA0d}9KQDR1ipF{X$#e?
zA69A;^%b?v{X3+j_Wl<lBDB-Aw7U7V)80(3hu(7n+>up>hVDC)YC!8hfuT$=b5(SR
z|ACam29TydIl0;jx^qpACkObrOS78pi;fQt8`*y6^R*4K-=0x?)VW>fbNxRTAm-Uz
znyP%=d}wQr0$Zd`ACoL{m$D)#Xvr9iu4L-NMg^u9KoQMh{pdiDKt;z}^FM$J3hWDo
z{{*`iPc+}~HRpI#>o1LAtFJvXpDGS|O9s*wM`dvtV{s7)o~9=nr<F-bpwpWYNFfDl
zSd~pL*sGdnc_5aPRhHvb%zvw_aR%_K_j*M`PPstEUTcD?kZ|ieA9q=t-Y!2)6sRQ~
zBKatuKM;h13xDrCZroQqO#D%4xrFFdSxsBLHD>rN*ZTlS)fh1G?A=ljHuq-EKv0{5
z@N{JOfo>-p?f=FRA10d;U)QUyR(~cBkjCb?%5ZAH`{kRvf9$g2+USq<ndd3Zr*R<a
z+gIw&_YW8RA`*5nAae4+;g{$l4LO&?ePr2*_`uHIb1@N>J}!DaLouq$VZ1*whrdG(
z2Ia$XWi|(m-cym7UdrHWzVY|2dVX6$3C5&e<S#!4V8>4xS%2(2ePQM@oci}nE`O-2
zZoyldH(A2@Y%aG^KJmeBc_0ftwXHW*;tuV_{ti&=X3H<UymbMQ)D)@cd(Cj5xMW`U
z9LdyXq{q``W|maFk{9EX7pv{#Vn5|Y-j1(Xm%I`(Wrh=PTAxoj_)L3XYL@LZ|9|)2
z8gwv04N!-dNnramhpm_&;Q3tsnReIJtx4+a+Ut%EQ1KxWEV*>vs_%5Q$<6&DS~{{^
zrjk;5@V310&{E7+H@Vh>$ox;Qs_&E2&)4G80)O7`NIQR~XEaO2M&jf2QN9r5HGF)b
z#GDV9&jrEK#Mg;sgVQ$A?{v9!^YX6}#WFKGy7ZL(ey+3Gp|RC>js&patB<;=&$x$-
z?tu2#r&9y>$?o}zHeoPJILRSDeu*|wW>)_Bpy!8u&d^nuBi$w@pM<5Ho|~(BT~idc
zvq)H&m|Y|FakTm-?Tgl!L_Iw@m!IS~t<^<9Aw(NUVgnd)Z?x?9A~b+{i`q=ZW{60|
zu1zvkm|`AK$+&U6Z_}Ds21db%=4*`qmh`q=g<1QgB4h<!-JwzA<&H=_U2JV=8~r@`
zpWDg&!pcfjNW4{fDbv?-VWL&hVsT%2?B`48uYj^Nzn}05{gG%zYt>SSX5(JF#VSL?
zpvJ=-G&5=UO_6_HdrqyJd)r_D1Z!kr^(969Rp1U_oF)Qak9engcAD@m!yG^y49~uj
z@)#JJ{-b|kE0dlYaNkgz&m>>4!0uS#VhYp&K1K`1V6{jYm|9aL@3z*%Nx>zf^0z&?
z<DQJX{Kt<abyei9U=A#~c+WYm+}8FC{1Feor7RJ&g*`}@I*vaR6fyTEs7gyWch=Jx
zTV_LBp7EQ4_Zu$#nQ=OBN*p2WqL1kw&>(+9fU|b+@%j04^oIu%bN))m>DE>dlU;xS
z6!0XP8I$5R@|Zfu{6BmQttsjNjk`4AiRKBv4qk5F`J?;Csx~oq2<P}wyHMl2F>)DE
z9=u<y|1;`x`_sCgf73J5_mBLY{O_)i6P977>B0861<~rdjf~dz*5c1Hq6uN2gsB1I
zuZ?xflJ>zAhn1cM&yamyUZT2NyQ>z3T*}CPq>y@sc;jnzac3`j{u4-DNz&Idh3nEC
zG#~<Bz6ct2?ul`1dr1{{D+xkI)N?_xBpI0$e39p|y;>a1Nz1=|J6YIFVmv7;rbObd
z|12qC+z@WNzRs(LR-4B>M-UI@Tume;K5gpz?285~tBvThTjQ@lygpXTkf}!9xOd(N
z%4;v5jPXJlm1g;ud52n^kb?u1vOl=@V&ZiU)ds%xhiONfIEr*gU7~YZE66i0jD*0p
z9?JNZhB+UKh$o;3-R$h|dbFAtqJVoVYJ1>0GQS0O>UAb;AFEWr@<2C8;4gxCcMjlS
z4|m@m*Co80+Q`8DWmx#GD%;ACH6&QgmAhEW63$_Gz6X`p5=x$3>=rZZZ7XO%;*b47
z*lGyZ4OEI2UJTWaJ{mB+`*b9+8e$XHYb65;Niwo51rQ-k;kVjHrv>kGk~aDT62Da_
z>iba{?(@R&@gr5$ZyP^Adh%4^$cSS!cF%I=)8W&=+pu=pHv|1<hLYen#uHMH-+&w+
znvLMj^}S7>H@_#u#bZ!9l_13(K<OM(YjMYfXh&a-?439CxD-TgeyjvOuOiRfOw9Bi
z5=6v?YYsvQ;xc*g0Z_KOtu5dh2sY9Tav2}?T+d(mOR{>V^iUsdYVe&=I<lFbAycWO
zsn<7-=c9r?Lm}elAzXh}HNZbXZaEFtwKuu8xV%p!{Fz6IKRl1Tdb?M-enCpHTZ_DH
zM#G6x)5;@&0{5r@ZS_-Hg%W?2@jHxnz|4@3qZk<zjtpX;BZ0m570;Y?I8?CW2fL^I
zD~u9qI}ZJFQ;8go4*b`+yw{dUbP9Y^00*_txw6$;4RMOlnuwkh-A#H5&NiS}aOnK)
zCLb|Zaouc6NLemf5B1>&OQi*>--s=TI2Rj{#?E;|lL3?<xFikCu2=GHb+`+_f-#Po
z+SO+{`A)&>eRzp(;-+VN(fz;NRoeT0xP;1FMA{R~q}qifpuH>NJhdjG5M9NJded8u
zSt^ja`%egP5WcN)*+7XCCP`dJZ;U0@V5_8Dq8WXYX$5jj3izuvTj_WW=PO&IA6>$!
zgXEP6V8qBHPN5$AaDyh#o1KfagS@yGn}SjVQo?>e|78?*4bo2B7Z7jv>3k&t;bTb3
zp|1AXd*Cn8H5uI<{2G)GNE=I9K~Pib&f{?>JEK|EqHD;#x#f-fLqhRP$7J_bN!=?2
z+3p!gZ8twJoe~_funy-83yzJ5Ry$Lj`4sY)_Xq3~h`<w2j;CTH_k>$ZD3ZgT`QN%x
zM&8Wy40Zl$L|;$Km&``F2(~d2!SR4=Lj%e7=;{51mZ+Jh!F!i~+xQakQV*5Lcu&~3
zW~vjxh||pfjsz_(6!L}w@!UaL&i(3@m3p`6lB=P?AgD*{HiwnMwIN}tEa(2jor;)S
z07|}=^p^#wNdc-PGbt64?adlh;UT#j1Htp;nve1>U9+8E5gkn{-Z0ot<Z@u173Il8
z@#W+`UKq%+J%MJRM8WmS#YysjNOVN*`-VSZz&>5Mdp7a12{;3Marlc6M40CnUWzH>
zk3?hBUw&8as|rZEdZ|Xux7O-!Z}UfVGwZXqd#BUx(y&j_k_?o)(c7ySCf-Wu4<>ZX
z9(RjXy;}Pt?S}$ifU4C!3FeCG?QL(|$~a%pG;C<ag5dUrZabudhtk<XLv<GShdLp9
z+YH*dvIo%qO~d59_On2V)?J2G_#lzEjTer#GCjGsV0V1wCwF>m89qGhTmmIRxGp!i
zt&%N!RVF?RKe<0e-QO4?V(A|aXXk>za5_~JdtL4<P}G+bxQD?;Ogt~5B$kO(>HFI|
z@#SF)|2%>FLqMcKE?Wu-Wr_A$-30cT{Y6b3qxo)RK)eui1PF)Lnc{jSYnY5JRcx_T
zFWve1bB(v@nRDi-MT2mXxHmLl_p&{%ls!Os?$}EH(rdB_`phtN0}odJh?VU;P;I)>
zh&K+Jn%Vr44|SoOH_}Th{`kRlNmBKW$B^g~qe+Pg<QPwVNqKc-Fbd;$xj$BbpU%O~
z$}b4-Vx8O{^3bFi{n6op;jAXAI+RMbtpB}sSA-D@-nenYD_NheXWo?<21+Kafwg?I
zE=7;*ZTk1T;&k|hvR8hy+_;1`w3lHt9orrmb$KVm-aYH=i%d-c6bT?w;td3f5NyNf
z+EaJB#B0BGv6VVqlwmh_L3MK_7WV$>n4`(xUJiEk`ET5?Co7~tSDZoSD&dlAqu7{n
zM*BDMaGfU=6bu7~ePf`OANX2`UAnU=3LPG18DRs}=q(>cVSJC&wcBB4DrqlwNKNh_
zs~66%nNq-nSf$10FM-<CYX`{ii41fy9&-TkZV*@NToyE1*gX<Pj5;Cs*#24k$5x3I
zs=R>01-hQ`mHNiHKP(j&_nRoRfQ>P?Yz7s4s1t``M|TyNCU_19-3C;ZTwH7kV4=T0
zt)*7E20qGtTY9nGAJkyEeHhrnw=dWPm_QZruvi^-rHP}Ygz(%&OC_G3TjYF`a_ecv
zlU#+CFcGE}8_v_eb#&Y@Kw$-@8Ar9h%D`DJiT##K0=5f*2-EZe7`Viw#Gt&E{My$a
zc_t|KwyD=)Oo%ZjIwz@~G25#~CMKS-0+rn5C0nkoPtby+NY<M7kiU(%TtN+ib{Ed0
z{|fAtFK`T}n!2S?>i`cSX{n?JlKkpL3ML@r(NLCu0r^W{y~TG(9=%ro&UTa`_NrB!
zfD6K=Bp$J)GfMv;PW`!puG;IkqRSPAZD&VK1(KuSTp)=q!Q?vOxj~Z~`-1D2VJ9^5
zPWFn1BXL4S3ic4I0BN^Eh>sU&-Up-%i4db}p}|{Q`zR8tR6&PqCR>ZIb(H6V;kPOj
zzcqrEo##lTl^Q&e^a)ql^s#AT|JhkrR?7Yl1w6(_ftAajjt78Dj;kR)tob(hirrw<
z%%&sw%q0cN0o3pyLV3W4;Yxxzh`N~3Yf;T+415Oc1yHFmAv|Y3@$XHz7B^YgkcvQ#
zLfz-8jmNXFI^_ukFHpG|O>sQEoOuiO3XzSfRPrUb0t+4k^|$XvMrK=@{13^A2jZ}U
z?4<?aOfR>&*oy|^%S2H9x8QWWsSx^RWf6P11lU&l&ejK}pOdF=&oKHWVTCC+vM`L(
z?j4lGx$D3*zXqLI40M#{o24#P5x^R5g#H>YIr@@h#HnaPU!Gk0Uf$CAxn&ArFCUaM
zVRsdQ(#1LWMw~h)qg9SgrNLjOs5vB5U2uQcho1HW>I>$ic;oF(J)cJEwDUFA)JDTr
zieQX4Gu7+4?r{kA&M$U7hkZ(ieq@5d#`|5w4darZ{tQS`>GHAej>oA;bECMDwd2Fq
zH$(>%YKDct*T>fkazdqG<gG|R*hwWOQvA4;1r%&Nis(P7lbSRL(UfYOUC*S1dH&9q
z3Bdg*#PyN!a>0VXKUs+?Z4hYtO6!4Novhb_P=0;kCVS#%K--uA4#S_{_dW9VRnGFF
zNEWM{k!eBaP&jbmO&hm*9yP>Dv(kvlc*pe;RcK?2i<bFJXvXp_1Cqe=8^$Mc*7vP)
zkHwm3VHKCawxv|a)g{%5YTzXyGiAzc*L}`+&fgPnuAnB*i^Eh3wh$yE!d*i{6_t>N
z&l|xj5y)FAdg^EM@SC%MDI^`fO2n9)+UHjM<BF|`2HtOL2pHn#=51;K?2$T9&Z(Qz
ze|%-;y<O)b<RxsKw;p^DxHv-Y(<u-wOgUlx-wze}a5|yR4#Rz78|*a(EmByp$x_)j
z2~_}03_ivCEj~xGwBeFR3wzRZ$M+eR=f<yq;(_Jmu&__xmZpf1cAKJi)$2}@Q)d{S
zG`QZ3bFqzyy=B#v_I*FDX0U=vUs40V>$AE5u@`n@4S@U7!uX8EhaoIB@1%FR+znw3
ztV~REe?hywIxjgaI1`%q)xXqta$P%tX6UH^2Ps*mx)*JD{LI2I$+C|VKA$vK@%w@~
zL#^9186UZ_0O4~3rMlUqQD0oYF=Z%@4{L-jXBt87Af^0E*Xz*hXHZk92`KGKfUw6n
z5s(a2IF(G2K@T06577T4BR998AF%M81BYqMiQDQ!D~Q?n5&0qvpCgn!Vr4549nz>P
zCyL0!r*x)x!4!&$Y)gAxDblLIy59EHJ~C$jlYI>VQ@wgvP~Zi)SKFWnr9cb6C|_or
z?1Ylk9ZV9c{E{QEeH=ZsxE)vZTScQ@O7^HzK<t5(lEBLutGaRNuQx<s35+d=V?KHH
zGW{vL^cWtP+A)L=b+hGBJwJuP#Q1l<c!IT+D5Q6xuD;qJNA{|#%ZkW0e&+9VlM{=n
z$o_U;B?B{0FZSoUS8UC1&eDQumF-R~_Z4Tt9>QOU3B1{1uIcXp)l-HpUoJWqmF`RL
z#VW%&82%lO&s~Et%77CbJ@pyoUZi9K2$?_7IzDi<K&-wt{KY?XCLJQmwd!AF7Tl`+
z0aU=-?zDi?<J3=4$gzkhQr>P@!oAa9^-EOUgARDl6)luUy`FEtV7d3fupd2A42)Hh
zn4_Vm%Vx~&1@A;kD_|GKuz^J(?ha37Ma4ZshS~EW77fR|LbP*TP0b&8;-~Mas$%;f
z?c%{cfUz%b|H*LENSM9mZUQUP)6~gAsu020!@<1w%{m_yGV+7s%67ES-2rCX?Z^jt
zTUP70Zzbx*$zK9b&k1Z^W2zQAK1Hi@Kk(?rB3UbZSQf)P+{s|dR|tj6%$mrhj;Gv?
zXVk!ia01l6KdEld%t#C-YYR@OX}7U@t(M%JGDN{i;I#3z_RLD?QJJ7g5L~Nc6>r}W
z?Rk8g<62g4+80X-w%hR|N7s7@>lBM<1KIF3l^L%$VCw2x<5B|#F@F1hjd2**oBYUk
zewIESBTCnZV1xv~^XorUp3pC3bkT*Pd#y!;(@%LbNFD`M+vTT}=}6V{SP$a8!g)kN
zS<D8RA)3LP9HWCj*{weVOQ-|I`60IafXwJ?vIc(7D9+oLZSpl?vYTMy)$i}!1pTJN
zBv*7V8*g%c1kno-ZUO`PCCPD*)#abL-Q&1MX2wd<w^bKyr*-8IiFp74ap>Rb(^Hwq
z=s*cms$fl~XYXbb>i`>wF$J7{HVBK=R<O8Ah!2QMu@KXRf>lOauRjJcHtNxg4S2P~
zZUgjo;u1LczFQo!+un?<VTIp}4J)mfONBY@!8BuMHf9jtzxjoN;SwJ$>;!yk!h_|2
zpid(18JEvXPKtw<wIfHw9Emfzkf;qyTgsiGQ}l~90oSW%Av^3!zWkX992-#ZfMq2E
z_+O-3@HZ&iU8l=b1HhQ_Ds6*ki<i@s-wFoy@QXbMJDQFF_7I#;PbT1K96gI}=tH-D
zLhr!Z?hRjXX|TqYtn)*laTs8w0tOOX%@E=U#R<8%@9ub_lx3-LxI+f;hK&c-7RC<V
zNHVFto$zST1&=UMJ%3VH%Wy~;XotU{kazksyfFMtAQ7Gy-h(rw;N%NX{33x&IyoZZ
zHDNNHtgmSJ!=%t#SW>3KXw^H{MOtZTN#!4|gWoG|pmlgxB8xzC$LG`Vj)f(9))Z`V
zxjWvp8>wlSZv+-F*{|U6t0(H*RnG;odr}DIob4*g<nsi}o`D3%fN*yQbCpS3vpl`Q
z!LQ?@9NN+R#lPdxs(0;i<b*LGI&W&MZ9(-D$Z}w#jq-%n+J;>4*saTd?Zg6zWC-+D
zF#)fe3Epiyy^#nnOK_i5LKOP<?~(1qa;6e-L+m7tZ^wwSy<8|fM)uD7KeM8H;mE~o
zHP-;qOgUfvRtBL85Lx|tpN=?KE1F)$WzM$x&{LcjW=Mxn4KVO+3KhNvyADVTU)#aM
zaRsdWBcmeLD9uArpl4i&N}im5`o2LP%Ff|PLso6j?4U*s)s5k*cQ17<&afrQKDV@{
z3ViC}Fs;Uh|Nc!#7fXzz`AJajBz~;JZ@S+Vw_(9gK*B?&#<RYw6Q2T6c98|DuN451
zgo35*%x$?FG1l+X((I3h`vJ{pv}!n&FrYmq8<dsyIKXcbm%e&UDKq<#1E##`8=!wv
zyE-d(2>;1%QoySV{S_;3sk&_r9)_B;S3iV+ROE++WNpn11jh3(#Nf2m0usK5W?HOm
z-=<!bqj+65Kip-!4N4x7k{XxazX4PR`HPUr2u9M32TS`rNb4F`$Da2Adfn@sp916N
zK$oe6j6eA>M-qc7%k1OgK4r1hitbz7ixaqXWOt0ajAe-iDOn4e;(BBaGZc*8$>Jf1
zodjixdKu|6jg=bM9d81d5U5rxV8Q*79YHa4K^<~m1~s2d@FpHMilPVA-TLMY5h9`L
z0vl2@<0^iUVagSI;N1rq_B;rH*w^tjkvCyqJ!L#g^U>BzQu4`{K7FEvy}ttJHdJm&
z>k>K%DG;o}lp~>pS`ZO?P>rZsm<KFqw6fUYp8O1x)i#+kB2g5A@6Z&Q?NZ4<{r4-E
z>I6b(U<*3_1p;AY*MeV)z+`vt_`VJso9J%*C6SzDb<B-KnL9p3isMiNKYzWH)5^_=
zr!(zFrutuSQ4>Xr)@Z5`Ebq(w_-rTLKo#Pj4Xg@u#EID5zw;N}fqy`Ut#btlmnaOj
z3OtD`(C=-2s2dJJH%JOhz-|<euok>6nQ1qh#dN!;GEp&(bFrjko24WJN{o<+qA0=b
z85K@EU9vW>M7`lhkV1GS$tQ@%Q+nb*(@L~b1`AXxA8WI62$)v!BZL(|Te&A8tN3G4
z=P*RZe^~DXdA(abT);mh(hs9}4<F&87#IzE!IZd&W=d1ATn4?Y%yGd-Kd*9S8G4C&
z^O8PM8l_WjyV%IZ_)i@n3ZA;E`oH@Cs^SC_p8xjk__3(Dx+<jO33ornUoi3n57%(P
zBTI_Zpdb)!zl;{NMaGK)hRax-vaCdj&)#{U&t5OZH0dW#AIV=)EkqP&;n7#$R8|!+
zJJiU-f+qm9F$H=)GIWws5X*aL!_t^o`ol!JGMPu11raGh2@Onw8$`KGST}(Xcwqb@
z2TTm!yHkDj*U+yYKRef)VRao0#3oVE8i)6$ZxPEEQa3i%$iaeX_<`{vvM~m96=6U@
zrq%q(f<po1?xettj6P$=q0DWq9K>;2{ePwsS+wfhS^}2)QLJ+G&jAe$PBAD9B0Xbh
zch^q>>KESl+{T;Y@Gswp#W}7kT9DedeK^H~4TGR|;dXrN_6<%I)$X*(Uc|~MDQQe}
z9Q`4LG9#1!J4U>V2qo{>s?2}hk|bt?Kc@Z4(jVc^LR~I)5c6u9{FC)1d|G{N!G9>+
zd)Yg0-yx4g`b)vWQp-EBw}Z^CfOm@<yuBFTUkYA|JNcdbvzC6A*|0aRbqa3Pi-cMs
zdh7Tg<b;Dl$=b19AIWk(5M4Tu4pLzPtk5-><D5}>19)8avD!YN5VwWXXB+5<4ucX|
zf@WYtYt|~oP25x(#JSgEZmVt~kV317J)4gQm+JeXw9CvKldT`XOJaz)JL8S8VECBc
zb|%!Dfnf?xKXrVvN&0;F8sDSVNWK&p%n0mw<pW*!ljH(keyha=8TE%E8&8mnZfM28
zpFUkOaMNCn@}k-}fyH;xYO3*7>!6zG9)2tQ>GS9A36Jo-6Cs9UVy%)I;Me?CMDw*?
z`?Hwnt|}`JsEuWy$i`xH7bbfRcvlYlD?E8iqw%_Ew|~CJ{h2Hew*90zSLwjWFBsCj
z3Cs=*8odVr?=M~IvT6<{{EY#0k+vxr=bUU)b-d=RVXE!*u-=t~U_~8zTT$f~1hD7e
z9I@x-Z%kdMWX*yI>$oXN+#g#l=5hed_y5yN+4&%h)K2=Dam<LE6vu5S`gZ12Pi`<K
z!W_5L=Y)-)b^$d$Z9#W6SUIZopr4DKCr1UJ(?)r~FD~gaY>)y#`O3<9yZJgP@5viI
zFs5+#o8*TOe?IcW3@16Mf=Q@{sErQ29O62s6daQP`ATEQGKT^RU=jizT>3Vqeu~Q>
zsI~6z=AZ%|!rb4+nxO_uhnE-ux-Ym(!9jfh0ORpbnt+dX^`^FB+4>9k&eDa`iae?M
z_lFO~yZC_KshGu~7boMjbr*bL_Q%#0@C68Bqqy><>D$tueGxh*KHww%L=e8=$3<?S
zhyNfjOz#DbDRQ@-fHH9~4Eab-hk`!#>YY#N@xL}vXNUf0q~&9@-s>_k-SePI>ZNin
zX;yw-d;aqQZTZ<i>k+xEGdSodAlhT1lj?op9{ST?tgVPE8ZFf8JNdqK=Wq)0?;S&=
zy8=D<>;#8Q_ZcPMPR4*rBop4(dmK{B0i<d?o&d|vZNi^bN=siK%a>FWA=I(l>pc-)
zzh=}X%EMFc%|}MYch^a5#5}NJw&A;(Swft4iiMD&`;{;6HoD+>XYx8FTl0SN?>2tm
zNSv-&sVSQSxpuEVF@ln}Gh_D}0QvD;L%H_k)APFKge=`V>8Wn_O9#z7S2V4re_%d-
zr(>It=+9i25|ILo&Q;e&0+JCtz)X(b?(m=nzXfTqq1^=e97?vap(kx(A_zTaNeAJX
zekU`l)bC48$cd%gyd@b`y8}9y>?GvkjR6s4;P#5FH_#2$-@l7Ek-#v%52daC2Hw!U
zU9%bN0u{-;{(cTg3(fmblJR;#0r%bf0D^2n+yZ1E_!d3<O=h5<#}{i|evm7aVe4pH
zE(7o^88In0tAOd*J>bYB?-R;9J@NbSK{e=6VmK0Nfq6J{mm_ZGU}3=uMJcJjM3sqF
z7xMw#T`X4V`np3;;12-eq6Mc2#zF~ouHYxC+ers0B*X+}<zDl-D-ALqkMZz_)}u~u
zb?_F108NEE)Y%5?#U)~()r>AzBv6iKRjWr}j}XL95DR6PcBm~gDUm^2Q^zo{rf~NU
z5Nf0_j|I_za{##X?cLbk|CyR&Lo7$-+WeGJQeI$_I)IzD4|zA&h7WTryX$*#aZEP%
zfOm(qm@nhF%_y!gHV`=fo8H3~QGseU?@$Qdx)FGCaE<KFd2ksKF*_7jhYc;}>&iXC
zrjBFvC+l7>9y62Qk#>NtXS=S=Kh^wgYz|FXwj2koJB!}Og@QbQ*Ez(S+^6K)K1lmi
z%-z<pI3L>yT`!Nsom9oaYXM*RSf=-GU@0Y$g<><T9=(Q8LrvB9`Abjvo#~}uHw+xQ
zG<LI_ywxXCQT-&(`#|Wu3MIn1LwK(Wo$SSsk*|nB`F`WkBu>!w=OsT23zUqUM^U=_
zj~KuVHvnb2AcRef{usjx1{!MPgu38+>i}L=BQsSs^ylxZQ1k$bf47n0&G;`r>7po2
z#51?(QTf~ei;6@~XK-{JvD@B|H&$AHOmRgPUPyhI9cT7+*IUxx|MK(BA9<s~7+S{b
zuYVp%8QpxSFp<}syFT2Lg5GgD=N3O&*Rd3pN*P{{7*9TUYP;UYY3B+W81I@Gdo>(#
z;sbx;xx+6P_5iAC#DBXC<f=OF_FR>Y>8522=<WH+dqBa_)Cfw^{}7RPusl97aR}H4
zC^u~Y-EUAXnD>le)w)OOK){sr`qPyf04dVD-b+E3`m1OCT}2M?9?YJdraI+bb&<l}
z-h0fC46;(LSJcrFxeJ>Ajkb?}UcL&3Kn9g7wH@Z->L}rvV?N_aATdJA2U_XY-o{e;
zXWIDsA+lZ5(lnCdtI|OY*qoIoXBm(R5zMe!$Y&ZGJ*NFmrW!1c6s%(p=v~HH%N96&
zv0ff~j?_$ZZ*>EiXX?GK&&H$UH*h3d&s(;*LRb<xu*tKI_37*H!G-qu2b=W?*9dFY
z5Y#aAFN%|Vj0Ht@$O5+s3U$Af-JWsEjLpwzgp{p3-I@!zLVun8YeC-#rUAsI$*U24
zf!?;@shF4%*lw(6&2)0?Cd`zCIPT;_)g7Z739delfzxT`cQ2?0cCWE$hFe=-{;-kX
z*0<gRZyPk3kaU1une(sar+<@s7GLL_vuFz#L#R?W8zQV(bU?zLiOFJPezw9D-NwV=
z=Y})f8;HBbe}N@2;XRkrGn-9r^7WO-eMvJ-cYPA%-;$=+i1DWJ<{38c!(5FG4c*cO
z|5*gJ#)za{_r>1E*`_w0yEl~e2=ntl;BqL{NCafeSHg(9sVTX0ozEboG_y@*;w;hf
zYjJVDQ-ozmbjR$%qSB>Qfsz<h6|Dr+pR4RGM*vGeSy%ekfNT#7INU3H!712k`$~5%
z#;+3^ZLTl(2pSz(CpA1g*zOETt6RyrV;LodIo7wDUt9IqV2+70)v3r8sC@|{zVfg~
z<;``*zu-C~!=3P4aQ5%XxakFo<F01vWBSQrA1;Cik@DiIXpN1GJW;5@cu)R&QLq|b
z@R~(=$tvO-P(G8)WVjwSu-sNONqfwJxpf^L&f3>D=v$%9#Z}C!Qg)hu!A>iBl?FtM
z>r({WvI`0&tg|y)s=o5xA!)%Ad!$J7OQ9<~AF7LiL0sf*4+GmKk~c-cDBNGj5pwAC
zLq1i@GXT^isjl3RZ*Pytjzz#`JMD#MOm(ylU%6*4al+pG+U_mlgPauR=JhwT(K7?L
z+s0b~=`a6T{5J-4+Iy=XKduC&psY`SRxa&D?|Kj!EAsDLuCucB=~5dB?*dO2A(ot=
zc0*>$ZH#BRM`H3rc`nZ09VPf<F>IV1`p?ltpXWV`K?r#R-~R^U%p$0}Md=hTX9zp-
z11W-kYt;EqC;tR#o$}H4NZ^Wdi2H3x-8arVV3Qr6jW4wEl#8PPM9`q958RNwqM2NH
zNYTw0h{fxE7CO1UltP{w^-hgDzGQIzu<UbyQ1Ndm^q(lu*5Un&DH!VSLf?P|u1$Cx
z$798QL#4iA!s{kIOD53<1h<+#Q47i_q_^vZO^0+PBC%p$b*^tVLHTAHx6flX4KLCP
z7IAr}-@Z(HEP*M18R?B5|0G8&^VDB-y}Ujl(;d}`EgPh577|dPNz}f;W&J*0ph(0m
z+pEl5;M-*b_WglD0nb#<dRL1gxh}t#%pR!Uf{L_50kBKl<rQ75!sVDV1A60Ec<I_^
zKIpVEaL5|y0f{QP<`wR*)R>xpQzHx14~&)zyi#bW5mz>-(#JWaL6a!x9JtBEacqih
z5$w4x4}t#Sgu&^N|LbT#)>8j<gg{e$<C9OI1VNQ~=R4{FteLYQcC5%MQ7Ph?g+*XY
z5uR}QpxI+NqNgjQCK@V}h4DIB256oZ<PuMP#-9~&b(#e#s7VcXRmwJ>6kBi?^0!uP
zkyPOzDss@E!F#d>;$a7Dv;l-1kAJ@&YwqjWUXK$BRz+7oC%9`DnqB~I9qJo5`e=WA
z62743O(B~3PZ<g&x9$K|)wO;5s@xok*Rte%I>e7Alw)-`FWQ=V1B<JVx%nEeyw9m@
zj1|KF)Nch~p+acax8=hc|5CQl4oKCXm%3BQUhc9Ab9>I!a0A3;k!s3*8OnHdF%ZS=
zw<6Sr#Hk?(Rffa-gpn^#04+pPY3yb<0A;MS3Nv2KZEwU^&A2w2NNe5jg&22W$rf04
zM~}YTp4`65_Z?s2@nci3glPOf2Xe({nfAz6w3T#{w~&c2iEfCEv1tvpq30ZRV#k7V
z_%Z}jQ%w&pX)($`Fo(OO%K`(p8e3v7ZuPH(LT{k_(Q4+SH(A~DPbULlng+g@^_L*2
znFp@~(dg4ZS!0@43qrEtd44i8F;wGfUjx*dvQAc;=H#n*3+?}XZ2PK85OR0xi3wb-
zdr}4Q@<cT+;~3{X_ZILAND6iOCor$8<IiVWWDjGIk5+2E+=b&nnU_9uI`9H%Y|n{%
zDvco!wgLV0YWuJ{Tc|D4mf5?7P<!d04iV%2>x-tGmm)rQ-V6TfkcVxp2nzh7E=$dT
z?lQb>SIkt#G7lrF5M20Pv>Z)~w{7>YW3T%{7d`NE*Ttbm8su`YUrQ@YpXK+Lch<$x
z(RlXDUtav4yTe0Ro(6Ptr)X{b$rJIu{<lKbdDgt;nlCLXsr28hM+P^)x!2ZT9k7gZ
zpG!?`sZthCWR{v@wW^;2PuBS~Fj%~leexQPA1wOL@KUxth})Ndw5&;P@C=~Ci9nan
zM{St#CbsWLV@R4Yj@~X0y-ZzjRaOk*91@6V>lr31T#B#)MAa_mZyz|Ampe*YPqrg_
z_kQ3yfrxaRhIr!8ly4R1l;CZMO-u2x9CB84;N>z)VVkx#P+|-M?^|_IUOR}&ySYy1
zPW0rOxEU_%y~n4Gee-EQ#@XxwVp+rgKK60U<}66(y#Y{FG{{;rH5^L$w%Vsr<RYHw
z9Y{%cu7EAf0BoRI=K+HsIjhNthbtE}muT=b8FYSMfC9CPy}w;(G1cePntdakjM>K+
z{E92b^CU4pgzxi<wP3uQ?oOr>$X&FNRZ!FOO=d@cM<*L)rd&nEh55ht_HkVwZ%_`q
zIRr(2q!pQMuH<WFr?wqZ&!~vP!oUX^Xf8;Tk}%EW7cIwi&|`qgO&*B0{Flyx!u$_3
z*kHmr=O@2Kd6=8QM%q&$_b#~1C<^f=FAINcES<lj%YGYot;M-72fPs*j{0_)FG}^t
zZ07?vAIHoD&Tjku!$+daky$jp*gg|?ahPUX4fmwYq=b0-l%vRUFta_{da=rwbkiE5
zIzKEXcJd+Wb1NidZ20dB&w?@z%L^Y?BFtApv@Z`0IgnSZZmZN!kPXgu>go<@swgLF
z8_%Rrm;JmT@e;l<lY87%4Zbr79+%#YyEwnSoXf%TLrF>ck~)%`tRPmZ#d3a5=8)P5
z(!M0SdC}Wqp9Hi-BJaOE@NbQB?#*@&q%Y=eOEw#IbGTvf&~8*4ts@2`(yC|EN&!^F
z4`&3=G4ugp1Q=irbxr^O;gx#+*rI5$TSwfP4!ScDk;LYJPp4mi&nWcY-xMF)pNnxm
z=C*eG`+627gKL)5%b;TWtoG<pC*W|2y_99Ne<3@emrnR*6ncx?lnnMcZ07?+pgV*F
zOMbD2=>bewW`xv42|SN+jfcsE=vS)wd;H+Rrw}`Eykz)W^M-b~1xH~?I7#w}i*y!{
z7K!P{{_I@d^8VWT3d-_mqZ?6|&q@NH>w?}ObO)a7L2o~wua<9RvWmcPf13HW8z+r7
zX{P#le-vq&Uqjrer1-sEK^^c&>&1>v-vw8)L?U}qPR@@X&R?^3bP0=j+Fs`-{&W}K
z0vX3wUfO0!c=7P?Ntof`pkS)&-~0|d82rK`5I9@IH9zipgvD@PHe>EHN>TV9n!dsz
z>gW0U5CKt26zOgdknWH^q`Q$0X^xasLMiEPjxGsBkdQ{YJES@CLkkkWJ-*NL2i(rR
zcV}lOUh|rFk6ME~&CKQ)q2hQx_v;$~C$CwaH@xHUBCKnw3EBJob?!Lgv&tQrk&^H1
zrOa@g_C2!balN7zz$sK8=YB)x9~L2y>6`szKnIQ3u<Bk`eKvHCZrm|UL1FqgaPU-z
zjuH=)k^qK78|d49E=d<Yj=>4=_#G_^Hj2g(9;1_;7f3*%e3`3=u@lt-7cZ}$cUB^9
zMZQvn42&Q0Yf#=K5Emy3%WWfgJ3|>P?#~ugOWmOikb2YdVpKRt7-CR`*GfpQXZ1#!
zZeQ7s*|)5pNWu|TwyH!xw@0od3V?i+C0fyKF&E#R`<_i7jc^;-Q^IReAbf8?91N;<
zM|-COFF7h->n1hjSr=;uHy?dw{@#m43$@iIp`;@EpA5ib=%E(7N<^HVGWHiW%c#8O
zTG<0eUX)%UcQNZfbf&F}Oigyszd;se%)6vm$vi=8Nw1ubo{CVZ#p23;u391TfQyb?
zlc{|!3-vSZ_~UlD!n3yzOE5a`yHCDqg_V(pm&m&SB!^P=ZYGk`qwJ-4E&XA@$lydr
zn!)qec8TMY<MYJqdZkYG)zz!HlSc{{n2jV5iTjQfWctgJknj@?XpE@UWN6p!sD9RC
zgSwJi*HjqZiE3tcudJnDmRG(eTo>8<R+m<9KImXs{<R4nW`=AGYE1Rni{fqxTW3My
zjKIerv%KYApQ>i{_$bg(Ar{F<=I`&~a>dxjB&m5MPm|zoOg1PhrWP<?wYj9YiT^JJ
zr+)rf4ojDso>4Y@vV71e)x<PpgPvSXf>49fRtICOj0{06Be4D{5r?hfaOeT#k!Y>p
zMH}+eK`ZKV^rO$H=qLY5q=QXP25Us+F5hL3BOZh6x+J%X;_^S!(X%oaDqE^fwid6E
z{4I_5`%XM4HzBkeQ?3+|SWx2)WaN{3hIJ2ePsFJRI{8S5umUBS*p}N(db5WH8vVat
zl;WCh9WPu9ZB+TazaXKY-4C3(HyPih2#GJW!0P%pt}l@#!!p)Z<Ru^Pnkf3w#E^Q*
z@|UakceH+mbuqGvm56iJPXLH7(orBE{7o#siH%K;d!|i)eu^d58eo3k#qRwmI}EON
z6d;Xwm%abiTf`Ql^WKH|TCwZ~+@!m2q{J*5WQCC#xbN7kk%`ap@@tq-$NaY0PA#&W
zB46eDf-rgNTUIVIBgsm>bK5`a1h9=uJ<C?e=jvX;Li2`SnQLU{uHx~5%A`8edj|tu
zLql3bpwPYRXRiY=wQ4{Nl3+o<e`fpdIu9!=2T0oGye~<f?w^fR82c-AU{vmGV|&Sj
z4+*@o05EWGS393*R-S|r0HKd&k(zN9G7{@Eo=3L#(vho%<<+E-Gy<g1Tj8;nm*V+c
zU7Uh`m*G=f-Hs3LAzIQG>Q#VgrXQ{=h)5C{q!_jwtiAKp7N`qXU@^&wK!F7Rtg6?i
zL;%$2a3aaEc#q;O9s&B`Jf)Mx8@{O8b@KH{2?-hC?2{L`Ap;<(IhxeI=RMusp@l8#
zJn471?>#9fdbGCwW%p3i1uw*45_1uIa0OcuF<^;@VxeO78zzyaP-3OT1PKp(r9;I+
zT}PLHkQ-wDriR|VpY0o5yMDrst-@%^3YtW3kYxWm$zHGK1xMV=H&bT6=jxX>Om>d@
z@g(j0UA1&3OD=Z3um8iK`zyHh?{W$uq~-2<V6DB8Y@m8h+L-L0m^9s3Y__rY&c5&I
zH;=hF6&}uxotpW5&k;c4rf=Cl5YYcy!!OgYnmReDV?PY~qVq1+SS?;<p^I0<)g_Jv
z<Fvr+(BCnz8i8#;H+CHU1!gDL*nbuy&`NrqmZEmK|8?fD$PJ-mFL@<bVzv>fVweWx
zfU?%jz*iqD>n*_tIFOttM;`y0EA}%n8hqBQpmN-?Oplx#21#iSR%?V@mlYFHuhfm^
zor4d$3i-e4X}M!Nj+KzRV`CWQO=#bxws8*>H^G<9U~D(}af#1x!a|xjtyx%nuxraI
z3H{w>w*fJ^X!WeUCk0>@k8fc@x7W@PJlln1wujGE|GVilGz7Ei*fa%m#NGelk{5hL
zeu=iC;?6v@$U_m#|M{$L;NL1f5ZMPJiI-d6Pu}{Qnnu}aM=xfb1={e&uQA_HaF=-)
zZTy!A@ILIRiiJ9d;v=gocF}{|;-UhI;Z!emjG-u;gyTCq`Z13&PHh9sxwp=~BCr<{
zz-(wL%t>^$p|hkRQA@rJz<2*bu4k+@^kW!niPc7e)>K!xHh1QtC}WD=S$TOS`ZnOk
zY<{CO=x=WA>4c%<u}};s7Yv|y!Rr?oUItRCm_IYKbK6n;gl5L(qzKK&Nq-P44OT?a
zX$tS1?|s>BE)+rAP<a)9Ja1dwoE%*c@N>X6yC^M@TY%@~!aNfoP6`{>gne!JmNA3|
z!IKH^I0*uTe8iRi%`g=SA2QNmw1eR+M~<s(g+aM1P!_V0Dlm!FUx+w;2|RiV!?$FZ
zlQ@WRH=nAK^Jj|=1Mnv4%f}Gov(gHK`Xzjv6Ojh>2SGWiTRv~LT)4`16x^*^vyp<L
zxLNOFH#P{wb$kqm8**1L@ljVSwvrj2IdRU~SB4ckOSDFNdVCrAJ#&igm{gaG?f?k8
z^+w){x|~S+Cl|60kC${FNe=0h*lna_4!xHyNxW|F%jV246_b8iXpRDr-efNE;v(Dh
zhg2&2yiHcgkP-k~j<uZzB644{_wpK1{Dl3ioYNe;3;CUEL3=AsjQakF8yh%Ewt<}M
zQoEhnZOv61fsvZ*QtjwEwU-JNr)Syw=CYHtehtCV-~%%IHyWEOZls^-_#2+(jx7#3
z#e-_z)isIJ-6z|hf@eya0y$2!ggwdIR`wvQU}gV(WTak7ZadVZvi&Uy$;Q%))#qgW
z;mlMhQJ}npco|*_UQIXsl(3&SL6GHk9W`0)Hfw|~1d{*Nax(zt?!eaj7{W2V=yt_}
z8T8779&S%RwJPYk_ZM19I?`H#Af_abQgZrZ1<fv9jnvz>u@_P=pVqe%8`JK>>SKNW
zxMIAZ)9jnRQ+`b%?P57WuJY>s`TJC*Gx=<v0s|CCWN~RFXJR7c_N`IfP~)Qqg0R23
ztko~R@UpE{l{iY=y?8<B{UBb+N#X?{qvxj6A_Xblq%(avZf-Z<AZaVY9)`_r)m2a%
zpe{8KEX>QB-fosvU<LL7dX_;>L;}|UB3Kp^|CxdzmZEak^$!iYi{#OR@scQ<LR3RJ
z3^Vd-P&fh0o)1s@Qs7H46LpYIOZZe@jx2(%wRA4jOen!C`g^vBvO6ndzs7OO(mRW{
zHh)F9OR~sR5Et8;5C|=Is-nT%7f*64Ey(X%R5o|`gT{K%w(}ROFSE!oe`n`5qHum~
z_*KYHm2AW}pB<~YKe8s6SE77@kt%qpS3V>M{ywx$FgvF)aeQuSH0OdOHk$7(!zAtE
zb`kjV|CQ<hO6@z=3rZJnE5|4vi3>8lto=^Cmro+zh_R63VHknkmr#E4B*K5J6nkuT
z#-}WM?&>3sm9oD<y<>C80bQ0!cXvxxdRSkoiSEdmQiFx{(tL`{S)`I-qhj&{$e#=Q
z)JrElJw5EN3a{7^^%1l7{%p2^mF^xFSoqe}KSV7#HTkH}<A1}1|0gP|{n!wQa&vo9
z24sy^AH5mKXo8czfibuM*p{<$-iK2|QUcz8F9&jb!Y?L7<idcEF9%YNh`odTw*_wv
zl|9>@(V;YMUSPCK>mi3@c&g3@5@ju?{&j350jH3WwP@=7sm?BJNvwhd2arB%S%J~6
z7zo8xJMks&a26e9pTaH5Q+-l!v*Ljed%pQh7!#l$)YCFDXDLH7-$97_g+G+2S7bO5
z?bLm#^?vsYkRV_`w8t?z3oiEh=Gm3kwi<1Q-esd;zu@G)|1)leR<E)(&c?VOWCu;w
zC9WHL;v;cI({q2QY0d@)2dhRhA&?(@Dz7h}m6JsFfGD8Ye_PuyZtW*nf7pRLAfpex
zGd9!Y+yutQ*NoCYZo6y4SUor5TGy=1;jW>tRvSeepA54iF|oy;_i$sujbO3?euMHC
z_t>P=e_~cDqTkLi$YG2SNF@g?<6X9{AkmlK7R?bmVeI7gjt(^KlA<Bc3QJL{6SO86
zMi!CZkd%;g$@F<L6yR#AjCVFqXWLM$6pc@S9tg$#^~%=~Tsd<$0>OR#odkMq5e1^3
z9>xHH@G;Pq{i!Xdi0q2nyI$55gV}<|kE(rj#$Z}kMGMueq(WR*+7npwm~>b)&*w>;
z=8WC_3yi-nTL$#?zmONuem)#XZF^d3B#3al_~=vi8ELewl*!*2JH=Fjwy`MFwRzpX
zi-TpU$&cxoszw>~XYoLNz!1bt2N*xt8hYmrBVn!u8Iw_;<{A6%!l}%c1wwAO@s4yY
zn$`y%U}2={_>^HHY*35yFXasgi~tgvbZg+qH#ISs6YGm%M!{;X@MzLRD`U&5?li)B
z5n?$1YveyB@@Q}oFtg&0m*eyuY#hW#i!Xhc+3%>i>07tA*ZD`HIxixbS6%}NQd=C6
z+a(lal?!31yl3#AhPb1EkZLAlRrGznuF@wCBCJY{{Sk6GtJfk&1U<hGZXHWW@P=1c
z<C1ZD3i)$_?=KYpV4W#QHW!`wAog}dyA@q%QPK$?J+%2@fw;4?v0M2|V+UBE7wzoC
z^xH}$eO1y20$zWU(!u%m{S42@MSx3mIj<DuC|Hu(F{TEA&17{vcFOg865O*>JGSXQ
zkp0fqi_=lLOLc=$uL<~h{GrjR%JBMmW86H^j%2>(E{q;JSi)(13W4xDAx#qNlj_;M
zgQ61HcHeb--k0t0HJ6_^+Tf4lE+Q=iG*RnpmQIJXMuh&0?KfpbhVd6x^8U;?7qwvh
z-a!tP!kt77UH!8sQx`udthH}xVYCp)`eoFQuRjK+nbD@Emb@bs!Ycn0eB+{MoMxPt
z2i%Mpm;mxb=?g8I(%0=es@IGL^(&rPM{o5H#5BQ8%osFQ4G@yuPYIK+pR$+;iZ&Oi
zAaZfI7SK%IexG=1Y|<*p2pWXNaKg64&Qm&h#aqA1CQ6BuGIJ)?KQnOID=Gb*54NZ?
zMPmsX22@g2p9*hXrxd-syd1qwpEgW?{#^>SH>j(>TI}&E_TBJmZpopr%ei!Z&sJLy
z?S{G)wk-)l%zhA)@oE!)5PL<m8T5Kv{{Gf#lW`1eF_zd#i2TGKyCuBW9a})6g%fY=
z@QQ$-SvG=~OIUb#_K<6LUszP}f-|f7^P3aRR#!vz>3#jGAaLu%P)qTV1_4G5HfkF1
z0(?#kP07p4JIHCzeFFFb=%uyEG<m2B=?pf9x1GUbtPsIjbWMwx3~kC2y({b@S&49e
zY(KP-KsVwS$vCW$20deCWG(t@@=XL}72wAoEg8nk5a0`#YP!9@EmJ<Kox@Yfpx=1P
zLe}^SWYLr?y1stj#8w>*OsP2zZ{X}J<i~poD8C()umwilcZ#R%Xp!%pm2A+i%!jio
zgh=-@0`p6r$tp4g8!g*#t8nYKniZ7%Sv<gEP(dIG@tXtx9<t&bSu{RbD|XzLWO}~Z
zT}UOQ4D&>aIOpf{9NPefhbFhE=#C6idwFLrZF2}-Q6l~eRhP@aWXql>KW^z1JIotX
zmU*nG1AGOTZp_R5W(PDa%*tYblh(^zY$h)k>QpzHo{_MWBK%Y)V3?JctpS#2kBnp+
zxnG`oasQGNa|-?EVr2<;ZFl#jWWoYq!LULIb-TOxy2gSYv3|GKnnsehp%bRxHkV{B
zP{7LU$-C#y0t5X?4-jIL{0f#*C#w}x7f*G9_;k&lEh_-aw(8aa&L9@)iqN*r{b6Pb
zkbLv4P3g&{<yPVhSo~X&kBK0&s&eDc|0uutJWH8X>p|weGeL`RFB41IEkPNs%fJBJ
z-(owPEWz1JhgBAI#JCqYU<SlVGE9)KIY^!){RfXq_@w8trb&^u9nEa&1)r6)|FFaS
z*#(SjtwxvJgchyO7U>{$c@GbA{1dCq$3djv2;o8?v1?~OAIl{=smS9MWu#8_QX7On
zmr<$A4GbN1a#1m9z(h<o-j0)gVhZbjCKW!pb#}$$R_ST0<-o&Db0<|c_R#@ISnVh2
zYvghFHjX%1np_Nsn^g-tg%I9<!S6oiOCeS~&hjdghT{nhm#X~ITw5@)fS^+gD{Ma6
zQw^Mfhn_~OR5G||pWxP>bW8OuL&@deep%HnmV~4U@H_i|nvI#>p85M=5q+$K4gR`>
z)NMEInj~#_>j|fDw|@+n?nJAnYj|FR|5WOfeYdB?#zud9Wy&~@B^0nZK4&4p)6jDF
zdujyCG}Rb@v-#5L`DK0RqkNZ3aUCR)0v6BeYg8A)Rz5rRj7Q&qTW+?fyg6YL?d>cF
z4*|H;<jAAwKTZ(oR*;SnExxYFRvR6ui;Y-|kk-P&)b43j2OkkC$FBT8J#{#233ZJt
zZ^>F3FPf-CE91Rjx03XC`Ki$=S@c@l@%I<`kFKS5=Zv<tEhiDI*=E`kE6(eFpQ1rW
zx)2z)gvEP?!Bt{qleSFx=VxM`J*alHB!;7RKF2~wOae`MT0fp~RS&)aL~L*mw)NzM
zTIQlaWQ>I1d6il&qM4Vo0{)wR+F{H1mNGYMEaBsjDFh!Fq*YX2<0#CEe<SSCRF-NN
zTKH7MMRgF;Oac~lT|<F7yb{j5DAvQckHyfuE4-UC*dp$}*EO}LbD+=eVLkjnMv(g<
zzUWE_!2?$7vEXvhGub--u!N0;4I->uz2Soy7fMcokFd5JV5Pf|<`a3Us{Koi-Bx4e
zVhFb%c2jMAJ9dG3F*-V)cTgcLW7uBjZ+7)uvak-f>=&DQSMOhu?l^CHwI~*W+hxSq
zs7!9DmFEPU?l+oTJgj_RjZRIhTL~&@8B{X`#lgQ~$YYgY8<sP;P30-8s=Bk!*5{=X
zjUC47tpc4Nj4-06-b{__mnEvoF1C~0`YG08yCpcrpu<Cgbj+wSOgD8q9rR5`SdOsk
zC{v4<qj8Fg)=GfIK}W>zqJ9u47hCR5Rn&v`@<GKdYP9J$yI)AVZYAOWB4XDOd_i5m
z)jw`^>dlW*9K1ZRl?Sy?y~loxTLPL*bldTS$<O|_``c81a5bm-8b6f~fyTY}#WoU(
zAGg9dMv-=BVj^I3f$6ihNz<Z#70Jo6?~mrB(d6XeE!=Uv|6Iqg>Be$3H+`u$XMP;N
z=?jn!1KUCh`WC}=Gq(v%MuG~-?QGvs6`B=0iD)W-zx^2f;{q9S)3to8ZmXbmSK)o7
z0R`RH!@!q(b#*K>I_VZZ^db4@D_55fFs7aj*Tu@sYX-rZ<+hi_9Tr^8X*fU)We+%h
zEaKJ(jq;ZgrO`K&D@u2%YU}+>2U>UnQyj=1Swa4Bs~X({hS42iKM!Y#s7vehjjbV8
zza+3YD|;DVJkG}YX0o5$;AO>}L2J6+r+bW0BN!+#hyUndd$~GT!Ga%|UilQ>reS!5
zMS%UO=iuD;%e|+A*5A+SuU^59=%<X$@(g3WFqJj-fARCiA5cghTpCSb$cMQiLmzE7
zf4QD+ff{)<%fxS-Fp$`-E2#as^|0*uO<!;CUrNxdY3uKAn)oT4nzib$Nr{bw2!_Gj
z4#N40AUWk2rIaYIcy>BPrF7D|eoGow3o|j-z{zLlKq#6BJ+ACN#C0x@k^~g?es)6+
z0s|AJ$1$;8?);g+y>j@CG^0R_YlFg)6oFK{uUNn*AZ2jlG8>rYtbXp=H!uP6WsBMZ
zacKgn=cAa2jGqN41q8hFG=hib&yv}>caD*->1(;R$qZ3`9$AG1bFS3y#hg{lIKvo3
zH@zT3cs`~Dv<OVLbr)tOxangp|NC4EOX=}RarLV`c3hQd$b-C}i1fitvvE>MWE>S|
z?~aXwjeGL`^)lQo9l`J;ZMCMk1THN|eDHw-tc)})#5cY3)6PuEl@B0+eBg>Nn2eNw
zag%bzZ@;EK2;tYZ_XNgF*Q-oDkdgAqIh{!T;6TF?o~&E{=!>|DN_l^hdB@>ZUsE*s
zY0pN?N~<vXODE8Ch6CnBlyFwXYmB=^`mfUib$YD>6gB;77%Rj4Tb>F4?3jS@b<j=?
zGEHu(tcggnXNyXATyEjD#a5qaIC)PZ;QD^QhnnhT%v$<ccFl+#yrEmX<IrD+urt6O
zqo--EJUxABBMS%f=I|B)%yGZ8c-GpqD^CS<#NA1vNx6lGhdWYd0ZTSgIc47S6XAGO
z?{t^jtjR6i9`*hVnm!tvvI{)3VeYwOA%30#@1-A=vtTahSRNLF<OSlg4x}6sV!t#^
zeUC<O1U*`F8_pYI1K~17=}YfRTi*Zyd*^x6&s2chX>)%!7a#su@!0d?p2Uhh&88q@
znB5^Ep&*XxG{kuDx>AaZmAT^kxQsK1u9Rdzj~Ie|S}HbUxKPTWAkt@jc7K*KHyr}W
zF=B|feZu;}kA<!3hME9t(B)^ulC;R|DSD2QIB)7fVeRMKeO+r(0_<4bc<um+nn?nj
zFoHYj?_H~_Lh!)g;Dj&)&5x{1%yX647XV|!TPW))=IthaESZZZ2L<b+`a+e9aNTtF
z{Ni>(Hh(Ol;o_@s79V})gY?zFEkvN6&!l=jAK<W%&{XSJ)Q5CjztRE_ou!`%8C&<+
zr9P43$L{h@&A}bMHm{ipWqW9R1|YN)-bFrFKM{0*{CGKSn$%(=PrR!Mfz9T+rQ;jp
z6;4g`*aa0EPjNZ5mT=qAOkj3$T1G~S2c(8J<?9<krs-K?##-gUZG2=+)8^(2Z3M+k
z@zL)RdiDHB`4+Ujfxdv?r(Z-o9Y?3PX^<jj{&w=P65cQ~m)-JBJ{dfEuH_%;^|%H>
zjs?P(N1;Ou(Un=Z6f7ip%uFQ;G>bdxS4v%z-*~frB<r25oa+PX>{6=$bAl4JXg2OU
zw%C*&S_ks8NDqr6dJzcZbWM7?B){DFwCF2*r(ctUhq3DGm0PDq3ghIZ8pb0F&zci%
z7@x~&me~8G(oh=@2Fq(fgm!Y=mQOlJf^xSX_d65%g&YJ$-8)&leasaz@4`Dp*xA{<
ziT8VvDpBwe90cy<H*7v_jw=n-uUoZ1ikuJ0M=$XACEl~VyGR_L?R42(xTG#6q0u+g
zKaY2IpEb(5VB)MlxXzO!HoAo3J{uAIs`h1mzdnv+<20LCB>$A`7!s?%ZyLekFNpze
z8l?zYqPW#ro_Iq@L4eAcq+57ISqoI83lAp@sMEumPT4qBq=%wDiKq73R7MO_C;3#f
z3E!=M%WDJh!L`ax|B6~oLD~3wa~m^ulDxs}9T}^=f|3vNS|g&s2w~J0ts8)C+6wXh
z2LY$RTvF_v;T0alT?TR4tJ7V2qXVWqo(?=n#C|IJv*Q>KQ)jvhGz-#idI0kqHJUgb
zv^jMH!(J%Pms6>Wqu4-3;E5Tn(L<HAk**d-X^kQ(Ti{6+zmL(-^2Hk(3Y-dkas>+}
z-Nos%9*7Rwb2;ReqTH0tdVY<IW=JY1u;fU@Rzt>M%sMIp<pUqTM3!HVaUb7CMF){u
zF703QA=ILaa;`Dyx18MF*?uv}Y0J3#iDUxGx*K`V4gVB^$lIBHnW`cn<UPyIE$-3t
z9u=j+pCB^3gLCjpycEmkkhYZ4l#3=mq}$k0aPhLZDNhmYIN_Al^0%tJ{075XC@#th
ze^35SYNIZD+fl>r02!i1etq0Lg#i3nD3Cz^nSDLnuOCLUL2zbJY;2>fcezCQRK?}`
z>e2{TbuzG}i(XI+%KuE|6_I{XBXud9hkwhdr2PABj?|FgVn7c47qyKQMw_11F)pVk
ztQOwhT~!lJ-e81B?<2XXCwfPtfVpgh5b0lPb6!bpNX9?zE4|J13O9fMVLxA!H^(VV
ze=d4#uoKh^^spp#@6&P#W$(;f?PP}p6L0+@OPjzWnw4Ylwl=!Xy)K?+gUMY{S7#W(
zF3VqYPHA&Af)qfh%?ZqE4HHw@E&9=OIq=(Qut}}u+Pe<EE$WJ6P3kLnvjrvnCv-*`
z6ttPoaJ==9#;WL-Re{y!P2_WCMr2|sA%#DCn9>YJ%gV-fXaoa3`)QaK)`cL7-t#0)
zztm6Rw8E`>t;JyBICbu<{P?4XbUFRJmbM!>>Xqzaw1-lz0|j-azij#fq<&d&xplwf
zV-uRYDx!l54$94yu4i#afR~w;R1ZvRFb9@tg!<>AKL#tYALhdkrYwYM2|Btrf;24A
zamQ%_r6ePuw$?LG1wO0s6zR|W=lHepoR_RG(VU&Nba#zd$s3UUq9gEs=;f+@;wy^*
z-4vD$TV-GCb_gTwEdZ^dO&*vDmLrZ#AZT-4)igD&7P;m^1-rT^8S{`?bVFq=)T@NF
ztP`!qlo|N&v<3oicH(q^1*!vvlz9toy4Y;DqseL*llT05zm4}p&+o<>0~*hj@K?nA
zE;Yyv2q_Re5qn((u0+7t;sJ)<?`?otJ|#<hqQt_)bo1&d0hrY`3<Y0O6x6l?1wzaQ
zm=ED&)HQu+H{Ntccj<g>Z)57AmPuKuckhHAI%=2F{?ma&1zpLX9_2{{8k0a*oV_yH
zfs%?rcVB69U%5K|xyA#__Z=r((?2EX>7ALO2g_$~dG2psYtq{L^w9go*@gA4R-_)%
zB6e!PdwFWLIkE>^>R{^Q;Nv^0fIV7x8P9xFv6shEgjC_mhMIY|18Zqo&}(haVFXy>
z{Q8i_ax$`|j`C1Q5$J1%cYzaa-m0#?{*l^b;4RGK>~yrP)4JNyH{LF6+v|<45oj!s
z;pYy>iVJ5XmhnD1r(Rz_x$J-|5a*k()rd+M>uZq?ev;KrDq80h0&c;TCIE8slo9*Q
zB5zM$2p_3}+UUE_#RA|(<e!9OR?m<f7Q83^$V<Prr70pk?Q<&4YO6C00H|Yw119&H
zuV!q%_G}!6-dj+AH-M&IaD$;48Y(ACJld;g(&`#=09q{kp(YEaGWi@0XqK(HuDN>B
znlCkZaya%gi@f^hsmSywo)F-U?sFCSW!3F^vTcI^J2Izf=bW-Phg*Vu7OmigdI6b%
z)vdvL3ZpG*=4fOFGG2pWfGbh<t@(tCmBeq>w)%!U@yQ@fo*8E<aLFbE#Y9@Uj}~EU
zYrV`&{Y5*b4}Dh+H!$qEBE*_gy}3c+D0Ecg?X$s6pHG#LhE4|EyEIK^WW4upa3~g3
z@gTIsdY4^^Dx>7!Zd8q1V_@ixZuh&*4+O|;NY+kGH*he=fl;$6z$%G>PS)CD?wFmq
zP+CpV$eg0XJ-p94!)=>W$Abd~+Qvux#G>9Vr+9yFDmkn%LeaqxRAe;E85axiW{yRG
z=rYFynWHbaIhDE+t#RL-GAK5*d6B(@-+z!0NvSazcs^@SOqp*^{Kj(_!O21?8?(ah
z71vp2?cw2X$$c_4=bsll8b5ux5}^Tm*y{kZH%o#sgC4SAAc-AxB>_p?e%@BGmEb5^
zptw(JOGj}5tz@BHuB}+MxU?pkPoH2>CsYe{&ePV;CpFp<S+ej4a^CW#o4i?_{FdsS
zZlbGezP_&2P){8e4Qa64NPx$%Z|GJucrFfH2YWvg&qMkt2teYuO$v^Kn4;l_#H8f-
ziyv+D2}x7u#^7dre^_>d*_e0~+_A!{DIRGCtZM8;86&swq1%Fus)@SYW)YZ9W-xIc
z`~~#&cmb>ZW3~b6*+60Tkd~E~_g@qYgb}B#T`QLmR+7wpadN>aV8X|dysMu}1-#<%
zM)=AmeGERC(_=+E{KZ7(ILwY;l_gcN&&$tcf=JB@cssFf4I+jS?3`d#CdFUR$7UDj
zt7pAur)Ls69?1?JA3wej1Bcykz1ml#JGuSlHDc)ju!K_q9&ZDS!_EEtGL;A<I?neh
zI0`g~b?%G7D3O0=$v<CIoP5@ql+R{qjlHx3w(M8&?;EO}nq*~2L8KvBHlt;qE(kX4
zJ&X$rIk-8VPK->bOY;LuwJh}0=Sy|zXmSG9#c+wCjsARfJe#!E%T|B?X;e+V9MRFy
zqr+S&;`GJT6U#VAK42+7jrTcQ=r!oR4;)gO0A~;G7+OvOXsj|*FSNPyJ+s;j32UZd
zUEKGN0b_FlTi9N*d+ULZ$>?h1G#>dL-h8H<$C4Cm(SuuTFY$f|_e)L5TW1-|$yR#I
zSK(<lQCe_g(IK+oP|6z2S~c3Abps1>2+(LRseUC6dfY62M6|f(yTu_BkhFw?Ag!PX
zDj^bgf0;{rFr*zk)f+~5R9?>xe=gNcOZ!3rDs~RP2iPMEg>y?995`$P)jApA0SOaj
z$nox`v?p}U%sn>0-}ua*AT!{Nkc4~Xmrrv|!>ylQ+Rh*Y#d-5}nys0mN-H5i$$gcC
ztifpWBH!*4`}6W)e68y83UB0Ikq`IKH-8*@`1`-!?T4QOV*&OkYhL^J>eyK5P(o#C
ziHb$tIxjbOz3f$P-Q?sqh^<EV-rjXz)KJd?m{bkE1*su9AllAx(sGX~DYrZA+C4)9
zhhnU$xj_1vRb>I93h?j+XpQ(_z>&B#&09K92*Qo`J+ogooXcH_Rg+aP9%Pd<kQYyw
z0*du|E}`20V{4Jg_BR8fZ@rjd9lL-u1aj(RcXcenO6o^UL?WiLAqg_8ULI*0cS(Kd
z699eD7$5zRLg9m&L&V~ZyLwetc}857iBt54HY%sJ{+DdDhc08d1(uu71HRNT_pJ2!
zdF8vs#>Nj5?>?Ofu=)=R*eb}4xmLb7@RA)g*<sYrAG_4PdDU=f`Lo1c!bsSI{tkQb
z5eFdwfjb5wP)&YoC{)rEG*y2;f2K5@mW?c0$U^-Y;`fz-80hY2cmFQd!pfDLclmCk
zpyK)KlT7ry#xa`^5ObBZ!hZF*jO6C?lI4xS<P#&Laz53o#>#4aC1Z)YgN%;`hdG?5
zXl~^d4aXRvk0RFx8rodqs-i(r|L)sn;k|PZ*M!U{PSAd6T?70P#K<_`2}S|1mOrxb
zM=>H4!FB>!-D;v&wJk0FGCtKoJ0a|_3*a|>U*)A{AyrlB2uh-b(KO+|Q|KNBLONH5
zzR+B<IO04fXx_AQ8y|mv^_-Tjsuor1Bb*}EweF@9Q@toMDvQ*CE7f?=MrLRmyxVbr
z8|4=Ij!m2Is^&)>8Qe9O6vQ9)Lywpk*g;i{AJ6;exZ&MvjP}U{%?Zs|d?F|ec1$YY
z;!}A>tP3ouMeurJyvfze5;?fQqPIA;dmq%*qIJ#3jp|HSmc=#vO<5N8B`}Q!pqG^p
z+(s2^okPJ=!mG>b45JuH`z{T=d0ho})Y$tROCxTjrPt}|OK8w2KzFz<d{ht;`Wf9c
zmLcyH$Srg{ADiMu`B@I$*)xAg@7~8;Rvyv3M22*z&EYgXj$nx0F$!d)9+}Dnc0POI
z`q-kBurc<nyMNeBcn^3KiXEw36&ZGoKmlU-<WHJpZj>MUGd!q+pT<*!P7lDN{7Kvl
zu79>s|9#VPKkCyH^pEAD1W0e^ayRO3XO6^V;8P4T6MzpkZRs#G?Yn$Wjby+80GSkh
z$R!;;I={d(;M99r;#AZg)JsG{(I7qDCMzw|wfx5HEuAo1(nXx_*$>0Yc@r^4hkeF0
zB4Y2%9RwxS{-?iJC)XiQ$BH5)sPI~*X5KU>s)c8irrkj4D1a-(x>U;_t`#MwS1~nT
z{C4|sHGzh|iww&oHj~rv(v`Xp4j;=@#x1rwYQCP4(UVwz_jNCY){EmyU62;y;yUg-
zPw0w)N$Z;e2YIZB3^>0Rligyi@N2n9)%BTu!Hal6R0j(%3Ctgc^&YmKcjN>z9O+?l
z8UauV00vm@FJvAc!blfBh41)X(qYJgz7v<=)3W^9pY>}SCvC;O975EWuj8WSBchai
zSrHn_07tA+$#;${rEyBeR)aDK)jm*xblTeOabR6akUky()?#Y5i7tJM*_>(hi8N16
z%yM^H>vNow5j@9%&h?3xh@errqMxmjSCcEiDdNbCfO)QnbFm!9QBW~#s78Q<e!Qe5
z7`2z(H234*jepBqd}@qzgMKKup;vq$SC|1dtidfJKpsuXQ`zIp{izA3mgZr9K|9Lj
zjaARVaPXx9`V1KgUnIwqk{(b$xLg(C;Uj0Zl3wRUvgfqtCILMPh30a>Rh(PKQr={X
zTEl1<kxwub10vCS?`e;2pHXZkvNDVx9x_52)l}6JrGvYk<AhC@I7=88?qlMHNj5D6
z4Ms$`HGQOOvl+@DCZoRD`R{r1-9`K?5~#yXb6h%Oa7eeJx?k_>5)$&9rAJfqG%fjy
zx0>Er6;W#Me;5K%AphJ<3bF&1TKOuqwNH#$h#H^2`|kJoQAEGp@YPE#oZhvDlwjPN
zm8kSYqzgaxFu%I6@h%=5QP~!3I^yIP=><SIDTBU5feHM2;j<gKsvt65U?R4ObjpZR
zdu_x=7iIgv<>5d?umNYRtfXL{N(;-#XQ$-H^i$KI0456YS*b)+{=>`6q>HN?6pts)
z<8#sO9<fYBN}8Gz<n}*GJGM?j;DYk~1AdhG)K#iXojQp*LOx}#AY7bi^=<mtMukd2
zO{|9|@(bLaXd|KqfwpkjR&{RI7AS#KJzzfj@%beS%dK%K*^G!r<i<XDY83f{$fl;6
zsMXPE!Tcq|9Ms|tyTRtNQY&#elHc|gF#9A6DF=;l?o;iMfkC$N7FhZIdB#8D#NI!}
zpoVd(<l_}Z5Y-|IEQ12QR6R&AMm{xnv21+8RpR>A4FEVAKsQ37Q<{`^Yh;w4DB{ED
z^91dJ7;t|GwQu*p2*ilU;HJ`dq~Y>>6WV(7F;XOnCu7y@!0cE`)2t!E3}Eyf(!(b+
zm&rE)V~XBsa>Cf^b0%aG(EJsA{BHWDDh!-*$AU;tcDFo5K_PSl+o^XbQRDAR%#Wj;
zJ&dhU;Ecd+s5)hKl$A8LN<TTFBejc&ese1f8in46ZkcmL^Wx&lC_DPkdddU8=}OaR
z{;fH0z7rDP!b05mqJI98Lt4*X@UmdO81{B8D?;h-yX-G2X;Q=;wE55ASh96ZP53#e
z(iEgieXjrpNS?PYFp|~!E-0yqut)D|osU*B0Qi<VJua`V7}>nC=dEs8ONkrr)Ad7U
zzyR(x?PJ@2Wpw;<rwdNhE9Ye#IxP!J84JS=Ufc0;c($|@EAX=i;uS0bWOq>BJR>RT
zf?bxDOSY$*Bi0Ta0%B~!a;iWGw8N9Y<EVr2RM?(yF!QbnvXKAyzTB-(ff?rAM%ouq
z3-^!fY_swIws>6+r=$^p{k5U}9ICxnVar6F*cam%FK=$BHJ#FDBQ1-(8pz?0R~p96
z9MOr9x094MjyY-6!5uw9=%4Gh#b-LepEm4>o`E}6RGnPo(&X3GIO3Lke0q89Pr`P3
z_a_dCcO=#~{Vvoh&5}slydlcxg5aWkO3atOuZ*NAYk~g+HI4A6Qtgiaii&L>wWY<S
zO2WI6bqr$_zo7=a<P+QIvG<~l`)i07S$gBO#ViClRn+H5Q7oK?a@R@vd`-1rDavaU
z%UZ^a<>cpYl>}2VN0JHsNgeJnOmU;)t>RymWu%DIhSSC0lt;P5vm;fXh2pQMTlk50
zBkBZ|-%jeob{qSW$^hD%k+Z^q>knV(q~84)E#8xTnU6<2>5ef5<^B(Y6k0XpOz4|i
zUc>$!08zBSgzb-~*~m~BJmcT5<Bll{gcd0i_%evtAa)3Z@OTG{EY|y75**c0ywFpa
zfC>kxl+0v{6%f4`|EWQSKnsReTu_&n#BFLSaGyo=-=58-m7AC6sw=#7{`Yzev$+<;
z>WqVb#6oP}9D&jH$N-K%E?bqU&fmq}taL@fEvWA4ko<#B!8LtzMB1-bUv;I3t7u6v
zNp;Y=NzW7I4Kh;}t(xvp#(fu-lkK+JMpunL{hE3@Li{;+R8eX8<p@fS&Ue@aE|jy5
zftqt)Z46V?z{p^2o07=bAKDclpFZts!9s>pbpf)Q@v&O}>B+tb#E0LuKb9p6f@JfB
z1-c&hi*(Kt0gjpnzPFEL&#u{bQH?>k#~AoRphn~_Otakvq`y33{kJE_IXMF)!*hAZ
z1W$Y$uzj?bXVewqOf8Tg0ELZy;4>8P|61Gkh!%cG6#*iGi|X^|Z~h$(X=w5VKdTqs
zzoTF3HXR;N%HJ{N`3xPZc-faj58!@V@(hs-LPD3=a7rIgi}k)DPovM|S5e5-5oY^-
z5obm;*${NHMVt5yAd^xTu4@jtcOZQIEB`GpPU|q|kl({r8>z_<&&oRI1>jMw4)d$x
z(i<I2pb9cbN2zZyXY0p}88WIkJWvTfLdo+ml^af|KM5`kD{}}%MP+4({Hw^)+>!$M
zs0C=YxDx;x*#PMBlUm5z{5{bBZCu6QyCd_GwTz4#HE6UhQpSfg@Wg^z2;ugnq9^(y
z&dWv%Sq6uOj807Oy#OMj1`qtxP9@9WC!0{_(_+Mbqf&H4vI!s<3Vy*Q03OV(^90`r
zViadKB*-Bogr35fFov~$L?J{<*ByKCTj#>tbhdvaBqhF|?0PEKTfI$Rzo0^l)Hn<H
zhSas&y!?I|CNF*}EkwSdGe77=(>%h0X!4GGELu}&aZQUE`qb9pL|&*{M(E$Xnakqf
z9>j||eb8eIBs=90k1mBhZ^D0Dw1lyQeKi|6AI5iIgL+up5l-TcT5P<y357{<yks7d
zlV^(zb^DdW2$HpmcDe3B5-}~0jWDaKPX1%WVn(JN>oNvGFf$ri{$ZF)15!S<@Kak`
z+dEfY)p`ggT73gA>$ICV(pt`N=U<8cr(YH|i{3Rwhh!z8S#_RSJG9NO((?Bizr_1*
zca<!0Z$a7WD*tJkh}(u_!7_Kuv9Y8`h{>}jq-2|oO}>K5I)$vC>Y+yVfJ3kEcKIRs
z#%*0hwm{0uNYqcNbI}W4{{XJC8VlLh^Hskh^m4=Vq4QJTE-6|ymJ2tfbJ?up0H-3O
z?dT#>5;8?EY$(oHF%lo#Stkc&kCdI0m|8oWL?+Ck(R-e+J_d3k@nbGuwCs_YJcTgo
z8E)4Ah4m=go#TP~H;Ni<WaUdY8(M)D8l1={X>}lqVepmy;ieqVDa};IsSf;w{>2_n
z|IIE;Ydg3O{m(6GWUpEO-@>d~VNOBbwIQ}E5^l^-tQ|(D1llaC?*zQy;dWuvon2kc
z(Y>TPS`HnY>JZV{?`*eH$<~`qa6+H0lS?T&64`OjtA$sHu&D~S&6hBX!QHhcuI&fb
z^6kY6{qOpvd%rFp;_6KE%^+2FfQ2gh9{W~6w8md)TXZ(4DS~Bwbv*ERl)sWk$C#Zt
za0=>#CQy59wA(cFAP8Q#<(mlWkOx%)-*Cb-epeUY&^k#D<?~bAIQ{L{Rvt&(bT4El
z{7RiP>qKxtDb(76z&B|Y?evY1Pj1nnA};H5bAicuarwy()ji^dBkAQC`|~}lI7me}
zKuCe9#7|;1KW(0-21U@3$+i=Q=3wXv(lf&ed}0#~h?MMdF_5t&{u5e2jfxqb_71Us
z*ckee9hrIN#@?1gR?eoHmZ-{}t;s76T|Y|1mE!EuT~a=cP1yV%i*8fOpE_`npmiWD
zEks?jzd6Al>p}E;ePRQ|Yitp7S^ufUJ#PLKUEdluA-T)IuEZ9nO%!|DC6w=5anQa!
z6U^OnVrfM_!l&YLiK~}N)DPnQ$3TR>p56w6!Vs$90*0yAQ8Bi{NVB=Zo=)ru>q1ve
z>6ATR)BFz84v{n+Ite}aY85&q$mMD-&l0&!tkM2aw*UPrB17@9DYfha4{>=k$ed~I
z?12cs^Q}l3{+bJ*FH?B%Rz8GYi?|LVZ;v?O!AJSFCog|HusT-rg|1y5iRK%_&3~1O
zzubq8U1ztx`d5TGWC_dUhk%SvuGSdu9WtL3t4XA0-vq$qLw5jP*xLBL%?gR1;)U!W
z(Lp`}WSeq7P%6qR(c~dm??CN>tq$e-qPw2EUxoz_iuoIXdw!nXEOGT#+Ll;QWen{t
z9iW;<0h>0bp{FA$naiI#+w~L5QD^7j(e_5cR1;Cz<TQfj52%vux;0cU%_;t()5!V!
zffrqzG7H7HG>FnKI0aV^4h&R|J^n9mAupUo9i>2&{MiX3HU=&woy)5lL_c>K43!A#
zC*?-|JM2Z5!Cr<8=Hk7s1Cy*}G_NWR<Xna%iswJMrbg`IB3<rU0B}^J4s=C=!2h<V
zRbSrRzJdm>=xJoM7LxxdKp!?q;YuH@q9>0rFf?4)WhuQNsD_~WZ#B#Ww-$2$V#4>B
z2Qy`JW$qtn)onGV=VofyO5tx5FCmyAYKdA?-6Lp~%_#m?dw(EXgAV{v*s)k0Ao7<D
zdtF%M#rQdJMf6N_Vb=!3t08f6@()hLjX(YaL3v!Y=gHF+aWDViCTbnL%ai&g@3oDo
zU)%Wo1zqY$S?&|sWbh<g4Fc6yCeoW+@`=v=5rqBUEjQ{Gyf&<a>`!+=<Dyd>mo$G+
z=hjJBz2l<Kliv_y=goyb0uCq~gg9YUos0zm(ZO$P^Wx)|RgJ$@1uNnF*~!a~UzVs3
zRKo(dFy6=JH?qNo?wOC4p?0bic$y0c-j_icBO{d#2b}`5Nd?5$0WPi`X+ISnR1SgA
zZFX+SJ7y>-xv!7?k{AKG4Jb+V7SCb(V~2b$;Sc#~kR=DDK{?!5ia%Fy45@9BSK*O+
z?RQjXBlsl@PzKn~O=ZO!GUm{!Yb&|-B6*}NCvRl0OQOzU1UEoBscQW?oY_AY24ETi
zKKuX+OG{n}$-v~8tekw_Kl)(eS!jSA*P@cXGaD3fz;T*MOhnK5s~c)E`4!}XMqj^u
zI5zwHS|ThdMe(~ZkasQY|AaX-2@ExJkHgG2A2;v^q@1@Ol`1SthW0KrOkdF;gY?+%
z(LVmrH9LR+2gJ93EO$uLFGeYx+5B4rMER&U4B%)S^bS+>g#rN$O*Qyb^uIRYGj1Lu
zN^hS7ypVFNk4+nRA5}V}E`T3&4cy&Pm!>k{`fSgfYHKq+*FO~J_PW=3BxZyFBbHwH
zWNB)4@_pp`ntmupq;kxQKLjZr`pb$DzhpDSxV>VzZIG#yuO0#8VoNiq>z6C+%@s1%
zK~JA2CG;SrRYzCG)8YF}kIuRW^GLCJ6gA%RmjsViBgpl@n>ztAgR!Xw|H+i%=JgH?
z{aXO!L3Efsp;IQdm7cLAe^`Lh{~08;m-q6!3GdqU4WA(DkM8XJ7v5hsjtUZG&mqSO
zp6|2Z{l6ZquBtD~ujZnGk;$!8u_Hghi|rI=Wz&U>wx|;UP^Nj3wmE@Qh|eD?^u*9d
zD#<Q5OMc5;XL3&kQ0P*RMMeqv)~(?oP%5drR&HNZJm5F;aBNFYNV~Khqpi#o=Dw8!
zMWT8DI*rg2$;s&Iq8BH}kgY~ugEQ6iQwX|k@DfxG`)GsSrVUwX`}}a`bSlnSpvm8K
zeN|d!P%HvjMVZ880|hb>hDqknT~UvlN7mr~&f$-KL`zWha#$^V)o3mX%X>CPN%z`p
z#<Y6b1SAjY>grbW8-sd3^Uk+OV|;kJ_s(WcYBhHU`-7@YCY|K-v5&oQ61#rpg=aD(
zD16P|S}@uDxb%I}`4;y#DHt^4cVGekA@jvZo#yM$G--_DK_PwXxtU^1JX0QT<cInq
zeXW@e8h{@+PC39)DW92|X^<a>;vT7Dte->L_Q-7TcK~!Xw-8xkqI;TWW4r&y(5YDA
zYAz57^XGYB@3TADz8Y5#I(y=aa*lhD(Gm+$_<qAotvJnO8VpDDcgG-!ka#<xM_|;I
zrTyOSr3i`R)KPqqkH=n(sB~UkKfnQg{ssqwK>j$>s=RnG7aO<glY)art7~v_Y))Ak
zyYwG*2%e0->_I?`U9qk2>KF|aZ0?I7;0PdZzNVTHW%ka1zc@iu`U>zm^g%YU`fUuy
zuB6!5(&G0Scq@(RFKmH{F^`0E6hT9>^o;nSa7L{;yv&&Ex5}oUy|>##Y$+U3>HrOf
z(<etXT7fZ-yv$B1Hjm^jQ8->+%+go-NmUI!86}o`xo&QVzQlqJ0uz<xR0><#g{0Iw
zwNf&j6G^|Og3@z|W8~>0g4ECXc@OCweqo1yhWZKbqq;tR_;DA<GiYs=Jn0`)cU@XW
zW^rYJ`Dz$sl!mH*V{eDS$O}KdhCxg8Oz8JjKc0q=;y)S%*5DN)RNq6N+=(FslD;In
zdht(c%ti1YZk^Y{rOcN(V1J7J*Q!DA#R0&|41VNPcz+xmnE>5v2xa}e6TROrs~5K4
z{>|Ias<v-;9SOcK+#+;waj62l#o^K4Z*9|94;hu%D&#<l`GF>Bj!MNoqw>fol@KBY
zdklv+gOVbZE(mXMHYoS?7&foGb$pyeppuh3u6Csf5;1!Yf-Mcurx995?1+4kSvq46
z`fi-Hl>AmlE}zhX;<u8c^n&u6zGNuPSLpDeqA$P0Lj_XO?2LJb{_8|ol1RzCw6f>E
zzmBo#Y&78u1Hukd;{%8^e)gU(sS!?|Fuwqg?A%k^g2Zn)V;H0B>xbUaFez-gIiVdW
z73fT=RK7Z11sR9Cg<qE^$oLis%PkTRp`>D)yRVHP*ba~=TBOfj{it*ofe;52*y*s+
zi_=&84`aFNzy4X&Xs!}5tzQd(It9f35`S*4>}{>y_>U39(mR0v_{HoxU(y<*vOCw~
zZr9?1eWpy@yxO_i00r=`n3*fXpp??Jw46s`V0UH!DvLS@9MTLKVkWbzz;bzHB;?7U
zT(mY}vbL!C@PEF5#D7sajYjH98gN3*UZkge(KaL^PmgJND`_biac{xQg3=c)B2+H%
z_8;2m>FVm1RXQ+zna{j(N7&otuPX~B(+aU)9@dD`x5n}b>F7*fYksV@+)BRb1t~%j
z*>*2Q;fjnek8<x{ayUO_p!||9oj2a(Tv~E^-KXNWujEzGW==ytJP3O01%Ne5R~a7f
z-fy*qr}-t7XRHP!E=e*tkS6a9yiW&(jf$N{RD{vu4P#NE^^5Buh|{yz{H{*`;Yu7z
zDw(aYfAn`S+0w@^H-51hL{sWq_~k=~_9|bSWrk<tZf`di5zEdN-Y?yw2IbhJRoE5y
zu~TfDG`-LK=OcJE^lHW9pK>O3IPCA2OH(x-{eBYxCyyQTuGyj~`B)5))VMLO(&`59
zw>aZ4KpUt#^a5W;TL*Pa_5kQ&8?r!y>}{2yPgJo6HMlr%{aXjEerj|!rGn;0WPc18
zuh^mis{4yGF!&FUPCG;*OhAaslv#_jz4+_TrAuXHU}WBRM&E>~2M!zulDo+q!|Wa&
zXBi26Xa)6V<6{c}MVo>vV_Rqr%F|n-G8-y~74z9_H;dhjg;q$kCjZ=5wST1Pq{jL>
zV_OwO1Z&W*mMtNZkEFHL^&J=ypAw$Sc{~OmQv({&;AF8083(sCzfr;Nx5$&W1xYyj
z0a(#1kO$)86XRraNb>Z!@TmLl&cj1#TUJ^jzFk}@8e^!beN%=+(m|a-jP$~nQ*`_U
z7g4!@%LovXM`K9*NXxFJ)YWp+X?ARMPt2_!h&N1<Z*P!zhk`qCW~qN9>8|?G-={N0
zCZ`2o@%Z`!r`8HI=Q<4TVk@LyFBpWV1xx0-$ItrW>gY&VHQ#K>+Hj5>nz8#@T3XTz
z@Q84E=ABGz=O&r^f!vYY<8T&MHxWxg;#o8g#Fvi!>O!k^hxdr=$ny4e!n=RhdB-&$
z@{UEvC=uD>puKi{a#7gB-^;?(-;@&%D?}IenomwxXt+gPoV}`a*a{X|kXqYJ{liH6
zA1WPrEIzW!18kVt!1q?FjZe=J^&BN&ztAB}jDnMA*p=mh50H-|ybB^>fo$bL*3_ES
z#rc3!ys`3l&D%fu3`Lt3Z?><`E(R`To2$AFG5~Xut5h|wcBQ4|o$h8)@R7;{QSELk
zq#ZQWLO~-)&^#=dgap=r9{djs<KM&$)_Pf-U#WM4M*m?YnMW0H-$RNxoC54D%2Zkh
zyv)-}m9c2~SBD<{>76J5{sUR(=jPsezu?%KSjLh=h48glVt)t$D7c`r{rP8=@BL3S
zR6xAzZ!hxGQ&_Ci?qMF6gNj#5f|M<oyJZQ-&SNbrU0ac7QWlboB&`Ov0|L2(UijAU
zD_p&=ES7kfus6G#w+{)t{?PWvXCiv>aM?zjefej0Jq`9IvV5pbgO_^x2NxO^hmSu_
zL2rv^r1;_NBb;1;l&sPDbKU>`B4B+?>6v`~2@e5XQWY4$hC*UuVdr_w-N(O45j_m?
zXY5Pod|4?!CRA!jf{KNrJuhNhnSR^zwI;#a9s%G>gfvrMrj9+0?fw7r1``k1T<Oth
z2IAt5==L!n>(ma0PRogZCkId0GOlYRWk+-i3)wkp@q>!(OJ<iDH&nwxVJ4P~sH=CI
zXv;@RjUi&gF%BJh5HVlG@pQjLEBmABs7s)Mab#t6)Q}(E)tKKI`Q{^(Ko?}wzJth5
z4X(S)#7EL}erlhBrI<zitbOE(BlGeahop9L6M&(mWWHCEURFW2U2a1eltj9@F>yuG
z2Z4j}=cW12)U%op>1n)Y1d)Z+pw;RtP>OcDhcs!asRlF~s*<L*lN|Cyku;|DC){uf
z1%Uhsabp0k6bghZu9DpFH42~`AuG)%NBOncX)qqZD#x*D?_?gXB>z4R{3*?*qHf9d
z+~92sv1b@-F%;3XXR6_oX=jlC_n*Kl#Ww27tUz>KP^bf&Da;0O{`it_OIh$=b%)WP
zx0+FwzMwx3tn{3K;6fH3r=g;<!X=9zOYZ6+FCuIqDJl5|{seT;K&Zg%F-pLxRquB8
zkcVazG*MPyLipGxQ{(CH7}O@nSDaJYcvF@S<gc@VNzF@5ZQ#Yn5zG{r9ha+l%M%qA
zy+?Z!W8fgAL63NVyj8ulz|n>1C`*{n2}NfYh@$*DW3FDg$!i}gRg|64CBdbzwI+D*
zbaIOFCGAQ~yl^W|xJ8?dhrW7?;uUp$=lZ~x7<S+c04|sQ0p?o@9VLm6io#$B--!jv
zpSgsE|B_M$H>X1pU7<8a?~%TUCH;fZy_y*cnw1z0`@EY9x+k)<6;J<W;s_#9n7{A;
z(?U~R-`t`hCknQk72$1~HX5XAAn9P}lQf62%le*KT~t@9#%XrBBvsxUjpQ3TGS^1{
zNI>^kw#(&dj7Hbe%|9rCvmde#695E%O_JH}+pOAQZvO&_)wQ~pkiSxV?>%JUS6@$M
zRX~$iA_Xc!V05wV@k5$E)`i;SU@08yA?&CaCZfqUsfs}uO7BL!Fuu54Y2Yp^dxcME
zGz!Fvo=}!u*`?qij0Ty>_0=bY_;Yj}ct|%AZoSz1Y`q@Uv3rKD7bGEFxE&k-zVu_q
z#%F4^SEcZ}y~8mys<5}OdUd!1qiz|7IsV}op+f$1ee&dqaWwNoShrojZ{#@|M5j_$
zqgH)ly8{Wgq$gT;aH2ImL!stxRx12I_WtrM>gRhL#}^e$K)ORZq@<QcX%UbHDUk*d
z=?(+wE@|oRu3c0*UAmWUmd=IU?*sAqdjI}}-;K|?!F2)iI5TtR)SQ`fh69LC8h%SA
zCZf8c#>ZSbQ3KM4F}gCUicX&f-4f_92M+$OQL6d)(o)jcK@*A?en<iNd|}l*AX!H5
zJvts%snNQgK7lpd#QRHuJbBGAqj#m9nyYO5zAl*qH$>)MeO*uxoLI-I*A-|&-XFU2
zzE3%1rNs#w)Ee?@VUNhs;ljwl|Bh3Sb<JEYu)WMq#o*2~2r5vq$spn4;6Nr~n*;_a
zUN98l2D0=g9unT~><5du`Fv*hxvreDy^%{XZ@$l}Jl}x`DRsQ02h9f`IgDHoDZacQ
zsTaN_Oj0AZko9yAL~4si0J!G2OO6&sj<)T%**hX5m(PgVaRa+dE9Yc>+4G9FuWT^f
z{|5J}u(%?b1qoh9{OA;JeFz=gUCU(weJnczHj8H#rNMr*PZdtqENwxdm4TDgcF5eZ
zi@obhE9P=uO~WZF6`Owfz=7-27>D;-)j}&v+4p3DyCA+?xY<kQgs~bOkqq-4`jixF
zbzl(bx#9jpUp2}PhH4nn!#<a$xEwfsT`w~J#9g0P!QSD9Umwt!%X{4yV77SrLMKrO
zQz4r&S?04J{QCSIhF4xdQM;vGDta9z0(N{nfYaT%P78XguV6I^U$MS-PhPmw+_t~>
zd=B&#I2{<TvkgI)$0I*#tH2-gGS<31w7C6TAL=8HplZ$t><3Qq529)3UBiJWa~}I!
zUQQ(g!za&M!+QHT`G%i^TE7n&q|rDs-nnyfSvtGBXwC?NJ>}%YRN`56wQjk~e4Y0?
zi9dZE;?bgbJUMjm0QdFcx0>2?O9rvlUGU7gsuSjWS$F5ukUJQHoJ>D2o(tatk*XxI
zuPKy%_QTMzO^kpYfC3i}R&;lH2c^*kh8}wvzdPR~^7Hru-h>v}V*}tG%2hU%V9&z9
z75N5+5A)v}o|x~yO|D)(#J}?%hYN(^S5fcqAglfY18eal)_mv!v~Hm7x|`o^+GwD1
zC3t;1_i~<i81;oCPsdo&>H7TR$xc1q5Wn4ZK2;?3{OK>_vCs890Jpz#@av~Yuji9u
z#sHZ_LW<ksaJhdh8RUWWi2Xi{jtB}Q0c9#0z4ln@CVCzPTgbg1f|fV>;qA@id}ssi
zZju*Zp#HSZ?}2AA1T**lM0qpZooHUHv>rId0{v8QWgALKqj4C${pgzSU4Y}PAeVcR
zc0dfd>1f6`M{q7)h(w#kYl>3#8Q?Cx+^kRyz@f2a;%}vSIrwx!!L>DPqG1?FxVt+c
zI;^~v4CFn~a&9bmh4k+a>hFWTgaijeU7h<WGC6Mjd1&Kt0uB1(YeJv~X@4I~Pv6u!
zP<Tsr;eZhReZ(YdJ27n+h>Dm&f4gq`NX%kT0PifFRSVI6*$+|-aUujgRsmB&DyQT3
zSxcQjsIoOzCWr{>ql46!pd==-3X<gSC-*aaoFa_gyfr_zb9ZMn1@8R(4!$M3Uq9=^
zo(}GmO}q|8VefUGVTXrVi;cmazw=8@h|#{Fq{0NX;XnE|Mu4v-(WQygN^{m9{#C{P
z5Z_Ph`lj=BT0?_niy)Kuid0`I$~Hm~#mau4w7+Y8;?YLu@!1u|obsL0cR;o`zQHYu
zsMw@qP5j$H@%5id8@7@lKT^P*o_GgrleNL1G8SRZ4fy04)(?JWmE#iy31yj`7T|rL
zu)azk>_<2%m7o3ah~hPpH$e4i*Fi@4hkHH1!$_1)_w^&30y=<L!V?}pQR_|I>OZ=`
zO*|m^3V46^#IvCiqdwQo=EBY@5mcR-UoEU~1flpV>y#TuOv?`s0SE9xRtp!1vd#KP
z7=XrOc38c?RfEcaV_hIq`o6vjdh+MPY|O|(-rTQu&#$mS7cS;+E!zN&=+MM&{l+ly
zY{@beG_u;&=R3mUEeNfriz6FPpE%3rD!2BFa&Ljqrh>-tiHJJCJa6Uy!}w8bY`Kpn
zl2FpHQ@Bxi$N(gn4qWhkI{y-D{+sS_WwccWXyh@F=hnS}xEnU&n4>~mT3TA+o=x8!
z{(fNp+X6qOsG5vm>u7OliNE~)kG4Rutb}#qdh(5J<GFXYmYKavfC?u2je?-{&}sDx
zsnT~Kf&SG#2iQvtX*KlZCk!CI*M#SZ7`U_bTf<M8c(TD?OY44Xks(pc+bdcs4DI3J
z;X(JgR_Emeja3-OM}ENU4MgHglC1)DTY%g|NgBW&cvOlV((AW?X84-ep?<XwXz^2k
z;G2NQAji{^fjs<bj$ZZm#?GM2xg_9nE$@8XGEw{v?UUA;D}k{C%tp*orfGFzsh6M?
zK59#=%wdpUEyvTR9wlRa5-Ww6k^+fB{zTQ<pqKl|+Y3}p(dcg<kcHZ|vyI2`ljrUd
zni)zs+9-iS!ZWGPDHWF?s=b$gw+&BPkH>u$oFU~Q+Qio;Fc#Dk6;8IbBO&;_4g+Mn
zxg#>oer#Q;15`YV(^Hd5#-yz)Eroo_&(9ZGuY{6NB%krHNqI&ORiVFZ-a&ouU+{^=
z`IHbNE+HrE7naz}*YaY#wHJ6Hvn&cn(tYSEa3fKd%iu1MHRz@?dZ?cRVqxn~jFD=>
zq#f?xW8YUeG5Vuxq-%TiQ@BuCq^7ZV@zS#p-_2}DeSE7qCoq8wxWU6n)rvLljl@CZ
z+03t0I=obqzx%l0xcEG+TXDF^i5m3U2smMJt#_bV-Mm9fhi^-^Uu_7OJm9RtCO8~;
zYW8@O8gQ<#@7&s^E7(5h+wS2^-Wkl7pPy><R8G$|na^=JP)uheYwgfc=S}}%GoO<k
z(ESQ1R1kwh>)=C1f%Fi7U`QI|d8pt5{u(->MFh9(uoy=MPSF!7*^uL}_U7e7|D%-n
z=@+;;R-cp!U*@T^EE7&i1xOCRxbHZ`Ai4Z_@XPz&Xb$&ii_QbW>7Z1w%l5?n(}-wB
z-Dr-<%BQ{Y#qQK&$1V>T7$YZO<#k6$vBA^5yA>@pryk?T4L#46E%PRP?(E!GgAf%t
z+>i7JV-mGIJWa2eyzOIh&3&ZX9;L_G2q@$E?+v|5O}k>%{j%2R`s=Hp4%yxi!&pf1
zPe*<}0cTw@?xUfhN<(c8H7)vw7>`O2X=z=3hDUy>_ecen@=ULaehKcWF&?z{2{ok0
zi<J%jwh<6}>hbO3iHV8l>P&lGuy}pi-LF=HjN!B~&*kff{!CbDwjOWn?8Hf(LplZQ
z^h`8c_h!ct6Acy#ukLX3B_->5Kty~xcBel184J1`gsL!^r{1~*=a^X(<|_BQXBE4f
zKtF1yLjODs{?^eLre_{3T+eeChf0JkB(mIjdN|?@-bZic^a4?K&pk19^8xodO^n~{
zt{a;{m3Xc5!d^$x=VGU?E?ApzB1JJ1?+>H%^E&H>K9ST~u58-%#BvQv#qj!!c9VZ8
zYFvG{RNdFm*tB5wJ-%i>!i)fah<6nV5BA%ta%)d2>!oJktE+a=!;7S38t6iO85rQ4
z6$jmZx}U=9x>1PS;gfVAh76lGmy|*vQjJ)UwV|BGj!^gBIW{SrP=7@&ZzT=v<~A$F
zVT%<nxvxK4*Aa;Q*RKtC>hR|;a`N)v+lt`~Pv6uE4+s01daNcMH%1Q)D=&daX-PQs
z-;;`PY$a@SOGd-*<hHEtReT;E5-7Lc`L^2=e47is9&`)F|8YPgtwbd`5``0mdE26Q
zEValq0k-oN74=)|*39?Kq&M`ovJGt{G>9g<%j9A#dGV0=GL*SpSqvw}hcofD&EvhK
zFoJCs$(Oomb@mN}I9bE~NmCbn=e@qVOq7&CI6n{wYN#o$pL+wlH_vUXpY>$CbH(cR
zP81SCOSmO>>UknWFWgF>K5NuW6EU)2lsq8kHQ%H-#HHbiD*=_Nn3y;s`?hCXCl&l+
zV}<OxwR0Ru#qi~%*PiO5FemNyl+wh}x9Jca2Bk%IsiM5oN&=5EW7>0wD*M+*rpCrh
zFk8bE)2q%%%%Wkoh(#h--TRT3t9=Gu0lIJy7w3M?S-`k$lJOcy%`mf<o@ZFaIv~mx
zAVSmd&@)4>E$mcGMJ**F_i?+Gq%d`9+(!^y$N0;{P+nm%)N;67G04pw-+;Tadp*|8
zD>^>jB}NleurQF4qW!_!dK_!=;k<t;^kaqbWpzW{6ptUC$>mvJI){Y1E_?g$u3^~Z
zsE8Q-8kbq)LdB`1PX>#Z6*)P@H18UxOANNun`*1gXm8o{qvG>j!mGW5Vx21c;`h&l
z#VTyqgxNuADvPMR@^uaWr&xQ%r9eiefA1m0Gyo)9+}9AooV0t7zVo*YO+U<^yZPC(
zXNCsaM(`)(zRk`Qb$x^!+>eCVEMN&{KVUf!NQTVvZxEr%(6F6yD9$@41yL?C3GpQ*
zEl_qTkkvHj3u#;p4#f(cLM9fCU&y7qG3@sZm4ZUu;8YS<w|A(hd^`gPU5+NYE8B{n
zlW_=T=k&Yj+1Zt~dSUSM*C-7?qsqARyC5g0MoxfSY?Vv*TvrwMw#gvm3(_<Ww$i$g
z)hR6=`Y7?x0iAjAtDPwkn^cLMf<lBzW$@g#3B+AE<2aa|KIO`Sj<p4;DSCR!?Y0$E
zp<WRyid!w^UB$)l`Ow11_~{)Hbuw6wpzZAA;Zbq20ktP5hIqKQne8=7`<^wD;$qMb
z9)+H}R@c-Z@maWs(tjUw8CINd>e7&ou5!IOkL18m%kry#zcRI7spX&;8u_>cZ-pq%
z*@_?+9USPl97*~G27_&YgH_)yRBGY|xsmFuSg>(*ab`(PZUpnvQOlOLD;`1&eRE)z
z&)&98wye#M&CJY<cO8MW!_oy##~K?i1g38@<hA#X6_fIs_i<EeT7$icf0*)hZq4|!
zQxjrFdJS0&pqWKByIgWIDn#}%@4|3y+srKY!Q+i(15##)&{A!`y9BK|w$a`hxnmV;
zl0722PMfC614DIP+aRvDu*&AUl>HC8v+A>pH#53<;fx|V@gj~6hLbZxQ~XnlHKnMR
z)60pIi$u{nR_BSmF5^))o5c;`m0zA8^r0@7D*L)>UEvv2bX2kllU0s(>|poJYPk%_
zLRJX_`zK<KFuSg05Z7WxHyIR2bTzcu@>_7^MxRYqR}6oMiBbb6C?_7DKva*C4}<wB
zn2;k+&b=*uRiB<5fmgg38UdBg`pbClFL$`s*_YF68X5U6FE4|2AIk1m{rPe(htvB_
zvQoszz|l<2;{<8?!EcMt;^zV1^u0$Viq6NjF?nWa|3`e!UR?`3y_h)#AS%G)Z<~m3
zgwai=$ND0Ou9&na<P#Y7mlTPFk|g@+&{v9DrO3*AcdrGY#cQ<DKBxhn1pQ<>G%_+H
zWPw<OMi*chehVV7XfCPG-Y&Mq#L`}wER4U)+;^5;%zMz+_2$f#p8vzRotIam3aOgP
zyH!Vn**KS`-7foOx1YvQ*itbP1bJ*-!t{#9_Ew4OSUxOk5veZIF(NKhd|3FT${auq
z%wAv&+PY+KL1yM$m&s#e0u~KFCE@k@2HL}wtLWsXyp=0YbzFAkgQqt)L&7$658)dz
z{v-T8Q!{#=o=DN36c|&}A|68r2ZoG=#+I+XCmoACprx17c6CL^vZ@=hSAL>l<lxwH
z-V%79Has)5*}%eWI-sRFZZ^>COwQ8!HYuuM{sVOWcdu(kZtYcu0<So8Q7Cmoua-rg
z$IQv`ar=?35PaY2*FDym>_L?JsdE9BBVtichWAlPs89%$0htYHqXx5j4<Kdu_M&&w
z^URuEPa(IPW~FX_$;mvJX)oZlKy#6iybYWYG5$s2f|zUSB)&6V25_6_MIT`96=VU^
zx#K0QX;RmmS;=Yp>&R%I^;cJP)yIZkN)M9j+$Qs+feKx6b?-ejh+o>0={{U}J^ziN
z!@!hF$Hzj!%3U-4cZ?s#$ISBjkLE6jCQ}_hV+VBo#;(xEb;}%%`-U^9+j49)q=LtT
zrZ`Yi8u2%g4(^VKUqrYUM{k#t()f4noQty48X9`NgK)l0hUcB`B!mHrIhf4rx=%$%
zN_r1|xf(k@kXXmJ<6z*O{OF<nu2}b{OOvM6e!YG3NkUqMSMq}wmP$&tF}4p3e@u9<
zckKslRG}miKks&Tb-6j4n5fIKwe9BgI&;MEI{1v{VbL2co>iZO4;YHL9&BxIZ}LuK
zM|Ym&rMt_Tzocqu@xJ1%BEGEX!o*rh^RQm!lBnF@XLNSfp7JgrbX$1g+LqIJaU#=u
z0Evr_KZ$w9EE)Y0Fwhl%U30GGoM}Gl%v>o-n01Ap33fkfj!a2O(X+PU5@c|sEYqnn
zu2gv-o4{kzF{7rT|HhbE#c*(2Lg!$#x;mY>BvRje(CFaDqU-@s$+<X5n13ydj+pcT
zoIDv70<eVH$f#g-Z>!{@;eIz&6Habe>XA4ZKCM5)Dv_W7zw1;FsV#YOlCWb!sd5u9
z^IF_946b&_Z8=wFJ<4$-D@$Ifd$M)g{)!R+A5NKAs8DN@lZ)gj51!Yre_iJHd3mzS
zD2y~MUIr}RWYb%Pxix84Zha;Tv#ZPBHiG?yr3JPpjI5*vZ>Fa_X(p?kjo-ZK01jCE
z2n9YY7DKtjHFFP>@pg5dt4_8R=+abgHsG-zP&WwbzH^`b#xd+gC;8&dn<*tSAw`Hs
zPDRCUWeNRM5FX(3i5<=c@uDLFzmD+uyjdmT95Xy%+++AN2@JyH%EUyPF;f3@azldG
z0##YDR%BD!HNx$nsi9?%Bw&JIHWTy1GyfH<>#L!!re#)SVk#!NvFYj7|LxogIM6hS
zJ9Owzt6LOoYHSLyjsI|-7#y;(@o;V-24vXPMkYk#1ymIjA%MRgPk1)rk3i)M`!4iM
zh3Tz^C8r${!|oQ?c#M7a%@@^k)|G?*+1%OL8I*8XT&_+OT6MXtz-6!YcHkFL`k;hY
z=8vkXDiz{@5iM=s95MUCFKg|ftkyc3q=S=Y{$zn^l)Tw=`kdo(25S|nE!g}AV<Q{Q
zbfaVY>kdan8@=7HR=Viz*}H~?0Zjd8HEr8dOa6?E1_ra#eb|!rt1pynXG_J90{#64
zC@Xrkx69{)K?G=cXo?J+g<V3u1SAf;J2>S@?dgRqtst;KDJ`bG8Nn#9zBW#C7bB(E
zfEOT({X7_OO*i1x?$f#ZOL-_<-A8W;U-khUiK>`slM<h%V?B7BV{=|ugM00^zQ^R9
zz&C)CSX*!1<;_K2AWeQoYpUBpuTHexIzJ^`ef;1tpqJa1au~Gj-%G8Zb}Ek;H9Dh#
zH`u@zZlBBbhNrTWvON`c=CO}UFL+-psyF&9x@@SD_ZW_J2Yg3xvKwyg&WxkwZxfaG
zx)*y>=i2bBySe73=$*D8-Z>_Rw@0geeL@eR<vzplVdruxDG&{9c$%9|AuVbM!r}y&
z;6rKS?nM3w(OR$7?Q?W&eEhMnDrTtkQl|xKySbgcGvz6(*!b|UNsJ$Zx=Z6C@V8!Z
zMm>x@?-&bHw8>(Z;50+`nWWkDfLQV>r=eF-T+c_H^7VxX0Y1K3Y$yFPof_llcfbRg
z2V{aK9m!QyB<MLntkK5DQ%a{RC7wrm$<%Q1HP7(@1Ee5>@;B0g@sm_fEhD6EooHO*
z*`#*KtkdA<cK7t}aWO@X4@i%PI+UAiCwpod5;(`}Jgo2j&dNO*iW}Xcp@@l3IAznl
z??+?hpfxrq(QIz=;hl2jPRv5|+3NO^ig*i$m<bA5@-kW`^AI_|uyigsbrlo1WpP3+
z{EVLWlzvVLNV1c+B_ks%8!#-tbR66sgu`cM7FnD~+j8@lFx&I0Ryk3bsv4k~$m)P0
zv{P@42+pJy*@K`Li@@m9)409Eg=QIA8Xjt2F2tzpOuhEbs4Xok+r=!JpPilcCbB59
zrZ#M{I>|oL-90P?k}F%g;=rt??ZD1rAhir~Mo&!y8dqKSap)}l0#5}WqO)^yW*L5i
zxM@2=$sBt>=dkZ`NvPYyTzVxp0Un$_I8&!EH|4xEV8;eV?icm$vbs-CyLgKG*wo(2
zU!8xU-Py_IWM?wn7c2(coHu<8!ZPsixae<C)Sflc^KAGj&=+R;{{4G+{du>)Py>74
z7ohS4=&gpE<w2ioi6PY8WAyxCjquL}-Gr^p>3H#Gm$~ouyl@Uh5chk0%)QW*nKB@x
zr8T=AswWEpVn>iXz%25bocu!DtO9AtAkbx-3Sd(_)($kcav6kwP6HNROvcnnlpTTK
zVqsx3C_h^$%gZrqQDy?sZZND`XNRSqko3|RLQ$JaZz6U)o!EsmeLiR@BfeMPANFnE
zyvFHAV|RHLD#-Ds0b$emAUL9?w#M1>SC>3&4hE~T?MzbwHsYwXI2_5BbJ_hyM|-!K
zAB3=9T!a>rb>pY+798;M_iEd9rSN#p*#-MtBXm1wQtG`}T5;d9NWbQFKw++xE2%wK
zS9csov;>^=8J+Dxl@gz=)Mz~e(QjjMEY*%ihzi$Tys%Bp`lAkP0_=SE3o0uC84@tQ
zw%pf=#vsrm2(mNG)3GC^-DnDm-ka;ljmH_(RluU6N)_u2C!sQESdBt=b$2(kzr=j2
zL6$7OM&jt8J=0_}_~{GaP=#+P%#pEsw=<e)7LAKFI+?Ftszi|Sb|?Y)vLFycko~aZ
zTr`ix0#vMWBgok-kDXI|8n2XeU_SN2y#etOsjjj+Ddeb(umGZLcC`;M=7p}^!&EW5
zNw`?8^IGshPt~ZHm>8n(o6e$`geU5<onzXibRezni1)$Fbr+Eyhz5%x6(t}XQoy0-
zx@wSLP;yutmoQA|eDP{!l7CBZFo}<K=}L<PH1i{9_?eFlF!%BC_Y=(pi~5@0i<Y)^
z<XkGiMn)ym6B(tXQrvA=zFoRM{LGHX>KZ?HrBYhjaax~y2&CC#HmeAiMoiTQ&`0dB
zhKE7J7=R}B2qz&-SMG~S=c7l`*TH>|?8W3DQt6<6murnYV32eg2MlbPD3y)f=EH{_
zr}u-nA6_>$HhK^o4xdtY!E08d`qha!-W+!yogezj9$ohe8jKS#z9@S&_}#ZNzC=V@
zJ59v*2~XB!%vjXbWqm<ILsouvvuXb~jzr+?5Q%ueFCk~g07dtGJ(}DFp7a`EerC>9
z@A)%RGtp+uZm!vTEsda^aV4RYkI&`w<Ro{wU*68n$XC(EM#aiqW_DoK^WpdhxA$9_
zIYq0CJ_7~AYpC-HD_!XFFi=SW1j2gp?sDO5!%>{u2C-Q7bkLK*b$Y-8CzVaaTWCMD
zvP?x+bn@XepgXQK*NQ0WcHPW(Kerb#DJO~}xx%XN_~ETXkR4E~q3Y1-$~6w;$WXwz
zuhsEI7<~3@eQX=JN@Cb_Iv-`B3`D54Qc4O7itH?vouZjbPfo&%P9MyA!<$MsRc0hF
z>)GuYkf$hQTe`}nSWQg=1%B#8dtOh^g9nPi1n9ZiJQuObg^ChKtz}!Ux3Gie!Tv#m
z{ff|SGichiy+|j%o=oH`1dZSoM@;S@>TJ_FB9}(o<sEv`ag;v@XAyx&6Ay5}32SRU
zVb>;~R*p;M1WX+ITRU!9ljnAIF<g5F>lz0LL<$O07a9h(h&n*P%*d$mo$XjI$8_3E
zl>~HMV<WLKX-bibqr}#`z~kB4eA>n2G<<Fj=2>x~wiWa%`cMVoW{&RRr$_+&zl(lW
zGDkEY2glNJ=3k)!foK(Ge2_b3@_ocKKv+iVVL~bD5{Q~HiJp%jh>*C{?!r8t7hcEy
zirCm;J3;PCLCOcxs`U~wQ{4n*y!P)b7oCl+FgyU?P=s@2WQ?(~>Xb^f+3|2JkGNE)
zYGLbPeCZ_|NXLUSlHW`QB%9IP-08atV|HowoDMgj@!i~LaowJCoR>JI0!LS%=NF2<
z1cY;ldKJIDax4Q(j0zE9{5A@usZp7Crg0v$3tT_SkxNISX+-QDrXA6jpDwdP2z*@^
zryOa0rv?l>cYWSXm#T<CyphQ963@joFQ6RN|AYTWf&WK=|No(Y6z2*2_+kQC<J!S%
z1m!q^U%|j1cbVUzThc=>?R*!eoYzH8+cK(o?7{Y8vF<y<!cPRlmEY`NZB1lrs&en_
zCwNh%SDqk!PrB+S$58|HCKd)rSN!pxcM(Vw6pDrn8hR=PAW)Lq=#H|^+Op=!yno7+
z`-L>>yI{wHLY>S)sBh@6;$7+P%WW3DMsek`DQcoE+_r{(8P%(i$@=;=HGT0RQtb8}
zm_x0IaM_WZk!yA_VijcxognEanzhd<=ipou)W0I*GDPYQin%-+D0XM+i5J6ff9SAi
zI`*CAyN?_t&FR8K`iYk6wHpZlw>;g@hsH5j%6hG`lP<IHj|k;ARG7SJ!7)`4vfZC~
z?ah@8Mns3nuo<sl`gkxc0@yTOb6}fitXo-<@~PY`43R%KhrhzkC9SG#obtVbK3rL!
zIshudiZkbHLD{_ayJ9U_f|(9*q^|*`xUB>gI_SJ|N%_8SXaCH?I+oLbBralE?)aq2
z{#;(YI&C)y!r8uIIy9Wb67AZ)@;l7lM^8qhc$y?9B)+}754pG}<%@srI!9M|gVPUh
zY07I`>ePoRJT&n!^AJr?r5UDbO${d}4I+5#P`FY~f6dKVdMBea-{Vp(mQ&1UhgZcZ
zgxNf57qux;eD7vpv>R=o0_LchbJ0?SE7@|BJ^l8m?&0y(m#+NBMRyKG4Y04q-_hgI
z2k9uZ^}&LC3C>+1Lob0^RM&u|v^<Ln20NYJU7Wvt+P-gPlj$X+pg%E58J2TpZh2TK
z(x%6TEbCBLPtkQ`3$7fKMcp<E%7b2VvICWquc7{f{rg{@S+q+C8{XPMTh8FdETwUC
zq2C{!zA-PBIV@FxqoT-=(EX@367FKPn{Vcs-*syHUQ7WAQ8BA>lS5gmEmtr32#+^r
znA|PC8HM#<e4Ya%b(B*2d_)guE@efpj*TjlZix2wYY3H9S<n&zS~%FTvdp=ksnNny
zgh-8y?9G6SQ8GaqIF**i$WRb`(^YmUAQ{O^tztA0Sp*hx-I>2tuQW{f;*wkX*EjCj
zJ>3ZlJ|?n%=BPmFHUGQvA5|DCzykY%0N;JhpZUnJsZzZ;{|%j6(kRF_M%a;Yx1$4r
zuGbv9>A=sJ5V_mH5w4PoXT}~O)6ZKXT)!Y}{#h_RsD97Mk#KO9IskH<7+9TbN_6uD
zskFV@Wk9Cs&uAOo5WOM~4K8Dl^T@G*o}PaquB`FYmMP^;LpL&fgFO3rNQ9j6>L$2p
zL4SngXmk17lg&GJY+E72?s<z7BLVL^Nr+l+NHd=kxP*K4CMAWJe*jpB+9bnKIr&>b
zx6Xo&#46BRXzlo$`T4B{_Pe$Shl?IHu;|wF7S;*MPGhD5yH4I#b~@`ctFRbHfzCP4
zIj%1^c)8iy7j}JEl+8H;9V4`*T@|6hblE>pkif&~!lm^Q5i=lb{TgJeCwzfI!h2s_
z<u;<}?ax1s*L+Z|YA{}Q^3%303HfYgLXRHM?g7ejTtn!+3W=Q(RXz(@ja_hFGKFkV
z<L3dEzBiQTCLf|OZ+ey&syLl<?FiZ+Q>|FguTI$-@5aumK143g)q=%sy`-m<p3&c6
zQ{V^>zq(>Es1~-y9g#DN$fVi3O>)ZDQBi>ARKJ;aqz0XDpInw3iokwh!@R2D6Ak>_
z`$?wT+`@$Onx3i34We&Kl+>rm_SXAT^=cEj(RcL|1}*{%OQ`JkM2upUZiYqr>{>OD
zU=CYIujFo8ij`$i)bn^73=%{11{fP5f{Dl1J7!=5{v+s8#E1-Y15LdqKq8}J1GT2&
zo@X121N5ezDe%b8HDJA>Bts^GYut?Vg(kDIC`dKLZ1IS;RG1;A^vIi$fBe1J<?72G
z>?qK&LSH!3`bQ+yRi5ca3(q&Ug;%GC(wjgjiEMha3YsORtot^xzRBr1xBc{lKH<I5
zmV23t6JJkdH-_Z0Y6|6Yu;m}59^+~1iO``b>|%3nrgioN&q}bp;=WNxupC>~adY?w
z+J+-%F}*W!9+NMj|E6>*gQ~A<>n_Fw);GD3Jn|^1$HQdYz%ClNZF&u|4PYL`VAlJM
z3`>?x-XaQlvLJoU*p?T>f43wc(wxQhY>_1=L$m5}mNbllf{JP>fq(y!Sv(UoqL5>b
z2-)1h22{3i)2CS1cdPJTpyJ#$(CaTt92Ke7ZU<SG?WjMwEgL&r<l24k@1Gi!7bj&h
z`^}wM1;r|Ig2H<P^&pVFyn^&|4Q@IE;N7F?8%l(7+dFOVb|&(l!-h*~u|nV5jz)p|
zU#$Kc1O^@YCp2`}y&d+(OiPekn8CqdAvEZAg8W1C7B1y7a)PyV9Ws)%Igg#fsU#8$
ztvQ-bbFV*IH@La?7T4RLp;Z)$Sx{|^N2K0`wS;iDTeDFoN#G_c<!UW{SzmYv+9U{_
zyW}7@f|w+dsX~ts17-UF__%b<p8#pPYnHs7U2bP-4sVohsr*0=8`6-RZo5yyi8ntW
zf;Or27TdlGPQ>5L+b{{xRbNyaN@*`V2%A9o&Ra{4K8PG<*a4BNoRK!V6%q&u>^=9l
zHyz@d$o=<?4&^IPl~@i5YjeR?U-d}$PDRD+Ad~L9HMig-s)v2UQ4*`f(|@;Jpw=on
z-x<A3ulAF5EA5F}ZcqFZg}BmQZG{uzPCk6;6s=vFZuanI_OexARR6f_^Nwaq76fb(
zd(VWBYvOQ;VADS}0=xI&mi2nD`a={f{)TZwnW9{g?3rL@ktxojLQ{<9J8J?)moSCn
zkza$j$cOLQ%ECTxpojnQO{kN-(@?5vRg;2+V5@VzSN)cMjJ5GpQ7O|1WZ5n53NHbN
zviTy((4y(zSdzft1=mb3O;x8cc0&yPvf9nS7Ne%~fEb(6lVgR`cgRL$mcy{99?f5p
zaN|n@Y%Oht2)8U<hidI1w$z$$)f)y4^WbE+>;}ZVxAQa_f~=QzAXvIverw&B-t0nf
zJW5iZRbvH<^d9j3`qp90`)7RzKCDUXo0;58b?-y|;+8B7l(O<Aj7u)eDq-qFV3E=?
zJLZZ@OpZ|rB?^~`^X!VCbyB|XVNC-?I{}C+UhFy(lsOOHflU{HF}eTr#FzT|4DA#v
zw!EK)Qw$C~QEBR~1qw6+zz_qd!B-<RyF-)M-12N=G+sW7N`#T>ny!v2v7G0w)69RH
zanCHC)w{}_7iO+EXVPMFe=kg9K|VhSt4@|}!yVNcCTF(r?Q;1WQv*E;07r>GArJP<
zsuIsEQ+)p5Ew{mhJL>Lzux}p+{bqn-AF~8E%EGqfFXq<Qfxnj|2uD>6)IQxJeNltl
z@`(&|&AwU=L}DO4kxMg6MSaMd^~O?MUTc09T%|3iXa=2}1xd|5@@`%^S7?CRnWBD(
z*|w<GE{acc-V8VrpaDFjDw#8B7MuGOxuQsV`gel%g{b11Le}v9vmYF!f7`h=WWF_*
z<%>H`1e%3T6?&$nrz8)Ch6@p3=a4L(#nw#&H=Y6T+ae0+yfRPmt$dSnpZ2~J|B-}*
zLOQ(BW#n@2>I#qKbSLCj_4s7kP2&VQ<!lL3C9@WD*V_z1kTf@+O!4n0;ejaFG1JlM
zNvD5aT?e3Zt2J*}jf;V9CzmDZRNiTXl^cUW`=_7}*h(-?Fs$d4j%V=lsF0`D_U~xt
z8y4rQje>)Z<E|0s(J0TzQD4Y9)wShsouSggd#UWLQF*otf7?n@rXL{kr^X0VwKd{E
z(OOeVgDP|T1Zb6!?GLX~yu}M^Myorzg?!(M{MB22FxK!_mnHS(RWbpBlF_|QS40vi
zZ4qJUi+nB*-@!NnvkKoKJ=>kXxVb&r7Aor6{i$|@n=#Z{=gMX;e|2BJG){G0gC3pA
z=?gnCoaD943EX&i^m>#jmxqAY6oX^ur@`eRan+6{qjL7na;ZIixUq$ZsM3o^{Yl*W
zi@G)N@wrf0Xs~nKHEMZOYTe~}o6lJWI&e<eZpe3hc#I-XJFMdPFXdXh@N+`yHukXO
zd62so`^+u?hcc&gcmdRSLX|L;<@A$z_Qn88ZiZyV*hP#TKA-~?m>(LH`Rp?oRqRV2
z9lKTe#EunquzWujue(`}$fS367yb73D(Xir`JSNcXb8g1Do7mgJY<hg9#Fx#GJ)SI
z6OSH#xUp!oHPRcEqYtP+tocn1=p1IG^a64wUR@YsB<*V?-H%AUR)%#q5+8X9Fx9y1
z)qN>ocB-8@kS)cFC>M2&Vu>G1NX8o2X=g)!2*GaRG*Em90C_{z$V93gl2HMWnyQWF
zU>GA>Jw%IfKz5CBeP=raAY7x_--dq6grn12eFs?bs!A)Vf)I?96n+7ZDJL(e#w<sR
zDr8gS!*wM<AjIS@y<e>t=7K42j4iXnWk(MdMx|%w8H^%5oCKWO3m9D+!)`DxkmM2f
zt2Kk<jh#D_j8Ntuxpz!py70Uuq%gobvi2uNO{xD{5||a$vc2K{;UPjVyhS%<liu>C
z=pt+7y%C@GiS%J2!jf$(uw&@NlEpfh-9OCU-p)B?fITcT<=2`4a}|#4&th*0C!&EF
zBFtfGUn}hn-a&L#A~O97xklVxFw+CBS=Wy(srNcA45^B!mF+JL&zFFC9v>ge=_!Fv
z(qmtHmixRF`1%EXP64y;j@+f-@FD3(sn^|j%iKqq4pJHKFvpLa<(&8#gImO4I&;*=
zm`e5=Z*51m#VJOoRXQ3vaimx1RXR3C-BoMf8OL(;hDOWa%5-1a$*B&kEt#G`rJt|L
zWx63~WV^SGLO#3ODR0z7`L1zPtW877<(SaMl<60VEZ^O=Q~JmqkJowwfn}0C|2>`g
z?l%k!EuphMH3(;Cp3W?3T$|kQ;{IywqKT_NFL9V-6!<MVetmr3TPkT#Kip(^ZtLWR
zW4|eDd;sUj^QZ-n8Q|@ZAhU8RMcxcL1LTa)=PC|UJYP|5+I7>Pxq79sJAtpM@-)IR
zBByim_*8nO(Kk??U4jskeeON~qxr_ED}TYZPfZep0SGAl0Zj_29CJxvjBe9X-{!Er
z&vYDM3l*7#Zm$A7dz+$F#p|R-)wg*}1o=##Rg|DJui4<bDlnh|f09^?QL3fLtF;*5
z0pdH}Sjt5M@hVwrw4Uw;BiHA^RR|c1UIq9iu}XNQnNes}kp!hh0`$3b-k&K&r)U}!
zA|UhQn3%maY$$)m?di3f-8+d`-z7pfI}vT2V0-z=PAO@}DET<?i;GmX7VmB)tj9y0
z*5xTl(N$_d!9M^VrLpKi42|EFhm527ml}6o`0}N11bxe_&F9LG=#?wVazS_3*KZ|)
zp|(mXo=!lG0OUD~=UHuFvv%NsYBQ(n>~SvmBO2bhP@$^|wy@Lq&`7BLz%#3X&MELv
zsz*yy-0i2EsCW11G7)TiDGai(=nAiD-@URbO91lH0C+nuV?1WWF5jH;Mpi`{5Maxv
zRw0T3oHEDZmEh9}2)N4QcTM7W`ys^s_+pwR&9lgI$*gRA*67U0eh-Dre1ATdFEQt}
zBku{WvD}!)nv2?1u0JWE0@R9%k*jZt?>nV!d8EPyP}~~;EG<4lAR(`J-aX7cRr?}y
zU&C{RrYwS;xp3(qDzkp?h(PuDtT}&TFV3c_{Ls;m^)qR0P19151XTdUQI628B&-M9
zVyUNFJas<nPj^be7n=8XA?FR21>3{>VziyUN1c-#iUe|9iY9-%<L1tEnv{asyC02E
zH0oVsHDt1HhL6eh59gKjcZs(M?*h?==muA5So3ry-6=oamsq`C5!5-q{ob5N*853b
zn8s@I)2!U})cvrG`{iOr7coVjMoX4F{f??nWY3c-)PToD0C*G%hF&>2@youXPPlAI
zoZP9w<FN3|s;FO@Oq>iD>}YS1%kn^WfKPQiG>Xw{;M7xrbb%~$gI)BPt!iuo%YZF}
z)OJ+3RnByHZ*=geYeEIb;I%DsTrUfuQxv}Y>5@syQ6)v!9U6P1MY&V}TR4?JsYzgf
ztuRA4P7G6<Bua=Fkvk3tII*0!N1HQvvHi5Opglbh5bYC%UlBS>o>0^rxaO@oU)&am
zMghNba`$}G^P9kTmznd9{8>+h&Qp*Lbb>f<)%Q)~Uy1dja4p&MM(p1n7tRgv>Tvay
z)|N8ji>(HBTqIej^^JV7a)|-E-mt2z-C$l^biB$vEXxuapS|5or;VSMECRPhNBOm-
zx6jtnsV``IpoekxC$L*o@Gn0AM?ZFX?uq7K-=Z}vM7?)6G{mzotIQJ=F~1XRDKt)X
z+)0sXKE45Na<_|>Xl4i|nIkb%L<tuj_;iTiN;QwUdZ9|}oh~;mS=8!ZX#xx%AQ;$_
zQ0#r8M<5Kjn-K=(4_@<8EBrSP5;J!w$r=ruoa8h$BDb>C#<41W8Ur<>JJnCr0((6|
zeB8;^nR9tiUyn@8pK4@a6P%@5v5}ac{mNjtB?7q^R{fqxQG*nA^2z(Yxx?|BMv}Rb
z$pC3i@J0KQv*)~C<KMCv5t_Gf2Cp_FH_<*%mCezLgl4`B!E1Aysh{vFI}Uf78N<Vk
z@cJ#Bc5;I&SJtBG-NKbF64pO#j_;S8-Pm5xZw?%v9l=b|GL|=ka!zA%M^=kUZvdmh
ztTInYc6b-&o->~JjIcA!0$ua3Tabj|_SNdz;!J$4jlW&=@V=E^G`nRjx|2)JL_zOp
z>x?>j(e>vHG`jFFvx4U3La2-`&shw#GM7XYsK^Al&Oe)<!l8hRTMFLv3gpusX$Sl$
zI)lIK18R*R?#z1{9NxPb(!KiUHvHv)Ur=>&=DXR_b?eaeoky5^PyW0aCH0@Ai2;gl
zU&FkAJM8{a)>UTsZZ?|-9GSR`lVn1`n^n>%apB>mBc%%v4Hfv0mq8Lw4?4v^mh34x
zOgNr;MoU<pz>)0$59BTB?Ni(!jDAj;{H!;0m*EebqT<v>Fi-Z+_SHc^*1kqU`0m2@
zbMI9L%JluFf6@rLlq574cP`oM-?J)0D3tt|L^T+N_Xbcnd$If6ctouqL$2dJoZHQr
zk>F6yH6w+VR`<oKvarn^B4J2C!<hki$u%2z=-?V;o4RNYRpnA}vmEu5bIj*~7>jDf
zhxG7W<1rmIBFw5e=C~V5aVN=a49&u(Gkn05Jz5`>cIH`=MBsHy(ULZrCWOE>L#G?R
zztxg(8gj4-I1!p)O00HAUNs57aOKPKzl@N|(7wCakRJOlm_}-w34~`JeEU5weE|&(
z1qnY}1&S5S2{K2^bgqPhYnGJ@ZWzZ8Mt3rY9I)u*<;@NcgE}wYfg!k{9OS{tSw@|%
zYD7@Q1Yh0Yo9Vyh3+$2W={uo*G24Gd&lPy^!B<m%MjMfTnEkLejm3ypE9qZDh7cea
z%Q|H}ayQ_mls&QwJ9kK?H}mkNsHd0TEjIuwyI_C(zhDGu&|=UaM1VXPNr)BD<)6AH
z=OVe{yVVQRhmm-TiEo<@Ps2zo>Yj$lHz{oXhd&7L{U3am%6>NsiK2Pk1ib__2V!JD
zwYYtE0Fpli5q~gj$awXSzW8lHM-2}?NoAX&nqhbvBI4+={8^*2C6S=x<D-9@ka77h
zH_Mh?33fa6<XgsxTG~MKdE8>(J<)ET>{MPqQ+Bu#yHag(wY%P9Zan_m+)smuBW^a>
z_lu!^Xcx_CJd8xY{g7BL{p=;`Y&)d>+GvxZnOK1bE&=e<AmDE*B)Y=V)pOom$1W$}
zMezdW#n~%Qe!mH!qX1}UmxBMA;;p!g5FxR2cTkNmD$@Y!v%_`kb)x&MPJGWZ&%B)u
znzH5pA_YYo5L&3HE>W1qQH0;C{$k`U$44kA2MyniW%Ch?*J!UGqlsm^p@h7a{qj#-
zIlF*^xwpbKmId;Pcl73V%7QmjnJJyqKEEj<&jO$B%KT&CZYE%XWvWxuzf!)!<lV)$
z8pLi?4@r==@b*1&`F6`KcmoKc^e9#RuRQ}N)uu)tg>+{JoUI4t`DdqTjV808nfb!w
zjy&6@)ow`P&Q=!pj%Fs=4LKHwN2e(W_pub@4ASo*RX^2j!F|Lw!)pLi8+*_GCH1w-
zLw9pZ>$iZPH?F}phaKIEmH-}vXEyU*@f7{i_L!fE!9<_awYi}qXwn4Vj;SH$dpCd8
zva-1Y^A{dr^N;s4?{h}w*AsCTe-5?`d64-dKQL3E@;)KopCe^1nO&sXsEwwp^Un0?
z$sr%DFkOp=>-d2?)bPs4u#92kJQaSJa+m@yYnA!xt-q(6m!1*7Q}fD;xj{!`le1Lg
zXY|8B>zjoDeufHaipIzde+cD+7|4IcX1r%J4#@~i587Sc^-(OfZt96g2j<^MGtj!#
zO?6|a|7f#Aex)!@dgAr%3e!n_{}!hfb^p8^?a?A%CDR*z2im?Z-uUy2#PUyARCEqn
z`71Uv=^^4W=py+=Fbt`j8nV-LS!jT^$o!}IfDcS$0#+rYOg=o4zNPlFc{s3q0c&|+
zYcRfOrdxH5m1!BLh=*6I@)cdr4Ql{jJXT@zaKprI;F+&>4=jzsGW*%5QfTFv@wxP8
z*<DM&yrFSg)tViz7_JvU;~RL)#pd>rEUcdAPi4*Lb#mK}#NvD97s>B}zun8%AP9Lm
z+aAaE#zQ;`=f4m9V6Rcl=X~=WlKmlN_y+s;{(PxJ#puU9m$`i9m1lbBIWOo;Jf82=
zE*RwU-#4JpuMeJ{4!ea^S-xg7bl`vymC@E1N+^ZjP6fUJt0<PSjp-}2{U52ovA%FB
zzUjq2IHMU*Y-v5%;z!Rjg&Hn9<3$nduQSH{=H{eOp{Rf7E`VIds6x!Bm1@CTUB`I3
zCPd|C5&h~DisK?2;jiwsk3^-GWMX<fzuAregYqL#Tlf-URobq5MKLNprh{cWFzcI#
z%8hiV;TxKt+s$9D9xYnlr+Iw!zZsly6Nz6ED%F75_4Xe`@sE9KI=rY_sXl&0?W}w#
zQi8ZD)%PZ1|6g;E+{T~JYgXCqx+pPi0^KFN=2bCxnXP&&E8=2x&hCHhvYCmveB!X)
z=$Ac-FRt?m?;;<h<*Yw-X`skll@PB#{XcH7l3`SY=h_p?DJKWyCk09lBzYI4toSfN
zhR^195z*E}Tut9c|A#lyP~&34ldo?v-^!6ym0$H|igUlN_4I6Cn`_dcuxO#rxw+O&
zs1^7`(&NuU-UF-XcGYu76#`8Hs*$*&akg!f#bi(DZ|kW>Wr5y;;+v2d(AsY#XS3#*
zuXC{ttc(03CBayT|D-&GWcEj7a;f0|&xmQ;3*2pRl`6m+CBgFX3euXHcTVS$xnhf&
zRd_t$f998=MN_4fD-!RV|2OJv9Ovb;4gYq9rD+anjZDmX=MF-l6K(8k8dJ!*B^eYN
zii8mTZy6&mmkR@jKq2GabAunAWa9JxVNcWJ^tI>{{gSpS7!GWPDtBiyhWyoa8UNQs
zx13PbVC?vFIJ@D4HMpz>qeJU%%L?-*>mfTioz8wn%wSgZuvXb(Cptdv|2h(lwK+%4
z&$BNM@lGT2(8?N&9)Bzh9OJjg%$XqeFAM|Zuqj9?-~6u^{Pdpq!OWjT%q?*~bZok}
zjN%mvfkZ}`TYM1vcX;r5*qY44fp`D6TntQ_qNfaDC19(8r%ajAwitwBU`5DDzECc1
z%J%wUaHyg#|NoE&$vBt2&&wc+`1Bg8aRJVI!n{H^!GCz`SgYwSGbHh%L*b78^J@vo
z!z}ms-&ag&Np+ODK|~SkemiQ2bW~E{%Q63Q<BI}o4`ywQy!tH)DdZ62;~4th!e+*`
z^3VT$D38-)u!pHx+Mw01XQ*NEyh4A}<yf#`d25et{!!1?-gjR_qp~w`e1X~4mhj~f
zc2A-=6WZhcWs?i#cBVVg-EeQ}OjaUd>7Oliy#_R@eA2H?@-5O8OA7_!#E^r<wEy*k
zAHvg|+u@onXmf6CXR5*Rsho>V+pKC+K%BP7>;by*{*lP(DAtB<`}2N9e`)o?r@^-c
zz2#>8KQKXfF0%%kZd-e81$_$p@QnQ?9t<#QP)17ouqnJn7sZL5=x>wB9=H^qj7N!}
z7w_*S2Z$XNEM_c6F-ohmafEJfq-!lr2M}TpoptQVNbxvR_L0dyGJ41VpKj$A*Jv^S
z=Kl2D?bPLkxA7<x^%&ZE=L#`dXC&>&rtGll6%zQeT}JI<{l$5cNwCa)htSX_h&qu?
zsp<c4JofFWNGTZGp&;6fc;%+jYUz_uhN6P@fIB7UW_hjT+q3dUAJZkNxo1!|AN%$W
zlT%)@1s2$azAhIuog@22brYWl2o{=zBXPwmWP5yHsD8cBQuSvubXl7`PlqKb{W(1w
zPEwr~o>Bos=fns}#t+rY^i!WX4uj3^^OT>HC-1eI_x1e8*>BfPYhG#n?(jbl#z)^;
z3zR6VWae7arU<An7pn=t8p&VMWb<BB$YeDjR)S@kZQ2F1lGB~>c%V3;<boyK0#?AC
z#D74egsI4-=J^4VnX#PwvKU?+Z1gd7DQltMJV`lg*;)Rs-4!P+R{5a?e7kqK`aJPW
z_A(dxo9CKy-nXCX8vlpqk=k*uU=g%C?#SD3j7sE;zmr>8*x`yVS+-#5M}+*#&h{$X
zi?z|p5?L5+m|a^!*=$y0SO`NegVujn!DwgmEr04(?z(Fm+wtXWqEE!`o;i2Y8qOu3
z>mHB7jL1upoX@4zg}E4}3D^nOgAz~qZtt5?!iEx!vWJM^rvHurK_Io%9&OYMWxbYn
ztfIhe%N1Ln4REItA_Z+j-5&;Hed8nni$#Q3?Q%#&<?(~T`~4$=9m~|15#$1#rWgNd
z?#Pz_i3PUcsL~^$v_|t;QJ-^g$Lq<1&bws{9bI>Meh;BU2I!Oa?(aZPc&&Zvr2opI
ziTIU4`4OGgO{fzHcItMYwAJ-{xIRts!H(0>VM|0CWYQ{EjFht`U=6W2(`?d5@BQ@G
z<lcP(n2z9YI<%yES4zsG&0Z8m|C#Q{N1?;7G?7!@2a~f_MoXuz=Rtwsc1<~DL8UC!
zLik(8=shEn@lVN+tkM^P1aMN4sQIXkT}G1fi~rUpNR~0eOW~wNgz&yJ>n2U!e(G9K
zIJhkV8dFcMncmG6_Y@K?|4WXmd`COIw4*NguQ<7-2GBKZHEGniFtOjb+`xU6sJ;S3
z<M?X#c!$R6{oV__0;dIyOfy3Jct_;;y=>LZqA)gOtqOtC*;%_*^RnUL!x&PU#J80G
zEvkn_4VC8>RS*6X%q9N<gt5amTyZ3nZtej`9lmtdNO?h;{I5U6DfTlBO>=@b3*&y#
zRMwNR$<M13^lv(T72M#_mVJ!eMmg|Ki`hwDU?yHi+D>=a9T>}Gn!Xf+@p{OBut_kv
zzzW+Rdc;M?S0!JO%Hj@fm*RhpJE+xiV=v1{`<m;YBvEInR{4;@_<oTVPrsG{g{i^B
zB%VZbU$!R*p2{9;1>6+?5#uq1=jDtyE6T(x6u<m8j@H+S>a)jX5^Wl;lnq-RLB)6-
zStjWLAaZ}yD!1y_D6Uq6@l=WOd((i-yr4{8tRCIk8<sFJ`%j3Kr7;yb=SvY4g`>Ea
zF$m}quk<9h$+N97#}!+8AK5IcsxbLq>%^J+j2i8ZTr7)O`(bU5KVptnJEy*n=heyh
zZ*{*Ejt@jPK|<&*NQ<V=Krn&6iKhl0)AN3;vVAAZEz<alRkVj|sE`W^sa0)J$xJWR
z)x!5$E1SK#|DlNVG4))W-t1#vE=Aan80gC^WAiH87*0N)4>c#PWX}C8BB99e#3#g|
zSJR@WqRiprV)E7P`wZJ*NkBy_4)KV%|D22hMXg>_{`dMUWnV<1nLiIMJb4g6Ru%qK
z<P&dURzF1$U1<NJXiCK^$O((9H$6rtGzZl|tyu>B@_!hlRt7I$D(i_c4=I<+)5`MU
z@Va>K;N7wy?1{H{EJNCa*=ToCHyX92#wWi-5yVO!TEGkK0?&OT`gemB)Ge3uFt5;R
zOBhrCdGK7&Gf!fID4|f&frcxaJN=f69BeDIr_OZuO`2W{zLL<?<l25+uI;7k|J7Xd
zF&VBb=Ap95%D)woe5ZaqrRy;6%Hx#qJ@Ailn*;32DLzluAA=zkLgP!~_j6R^U2vk6
zQac6|$#cAJt0MLD9;0%He=JUGpYJx=4p5a(WncPT)tnO+o=96gr>{9P2JeHKG6X{~
zHzZ`t<BG3l*H-h|!IV|Icj7-%d#FUj0S+O$iNAtCOM~E4b*03?9{5I<W$LS^F@bYW
zI^23|l^4yvhWadJU_$AFxp_kB)-!S(1Z9b^D@db6n{gt@d3jB%QhM0_?Roqvat<tf
z81qWfiqvBc<Tb+uX{=L7`b3pVUw-z=_5gmo{S;)-Hd%#EXnZjH%8UN|Wb@;zfkkr7
z;!8&Mn{6Wqv?wPNGN_*HT=e1!FBqoqlsp)(Un=x`Mx+dI&H6$$jvGZY?-4*FuPF=6
zP>VrwiK3fzIjF0`E&_+6A(H4{%nbC~;+0k5NsZ?yd^vkPg^f9HN=*9X@e*{gLGbQf
zX&ySpkk!XB@+p|9zUa||>aRkXcNF@^5&XMxtlwS9i~h41;%V24ezsjR_*-JIV!^Ol
zmfBYMJ36nxt=1?rW=mO??I0^ORr-_QNSzSjt)!}vs9|nEtDwGR&%qd7y%Vg*2F=X=
z?Os}u8r4T$HQQ6!e(drbLNYSH)nL)cppz%Xcb8&s`w9|d(2v#@1+lzX<or0T9<ov+
z*RVxVP|<ML<a#se-eFe!;h#Wm$o~_9|Bt7u4v4CI+80r=fENWtNdZB+I~D0tQW~YZ
zge4>_5Ckdd66su}VM#$cq;m=BT6$^t&P9LU{Zlz{&&)jYOq{(c3hYudud+V*)2%2i
z{C6PvoXj1eFI^WD+9Si_X@m3ZeWSsw=h?neiTU2cn`xWD{V!fu3<L2;c8bSq{6l~0
zfo!YY_1PSYX{$b-8OzOECz5)!rXl%sM$#?l|I{#4H4?=4H}6zBrb)Ut<z5pow)rS4
z2zYI9?A=10jPIlWbTRE3g^p9oswd*%EP>h;Wi=Nv1M>$r9IN|ltZ0p-v!*+BXs)!D
zOc73C72H?v167m{l%mVbR|cVQr`6xK5-2oCz0x5^r?iI7Cp!6?edSP9s_J0=LLrl1
zxvS9jg^Qh6BH47GT)cm9yV~XOu2mb0>Q@;+V7`!GrTZPJ6--0CA~pU+e$-*HnI)RY
zT1m_yn-x}IaKqJPph(EC+z)%UWIyZjA3yDK=6)KkbB!$VefL`u82zDk4Wd5<_GuzM
z{wl%iVo37#*u2;O&O6|-fAVQ;C1E7<y>GH1gn@o(Ue4ZiOn3k26pHSyPJLzY>-<p`
zeC6>L1I|j2bN`0shqu-6T=kibsy-2FAOdJJ6O8<yxfxZ(?!6K&bY<#q7DWsENKzHf
zH6>linXC4AYj!b+@REGAxctTYF5!>rt2{{@ngIV^>N}(S=sc74HE!2AIQ3o2|M0yj
z&|L*#Z01)*K=?~Lp~{;g@*34KC9^rHb;nqf3>|IHBza$#ZWsOAP@StUhB~hI*G#7P
zMxbiK%n1Jrive_9BR^4&{@+XfM_8ysA1}#2-WNR0S7mMJ8Bf9!R1$?)P`Q#oWHsC`
z3-%Ntx%rl1&Mqi+PYPN>e34O4y!0!lrTmM{zd4M`)vGbLom>2vr8sZaV8327^A3;X
z3F6hl4$EIKe=kqv8Fb~b6~o8sA~sE#f=>bVX(iwJb3U)yz%gpxze%Q^yxLz%2B0h3
z^WP<xAhQl#CIc)YFY84?Z6&@&W7m}@?|N&5&jPPJUS<fu?^AiUdmY)gfB7<q{zvvO
zPrLqDn*7rzs8G~9K#<3{pWuy~g`4vOX6u-hr%`gtOn(;tgjtCHR=#+@`eswTuupbP
zB_#6$lG!Jx<gGcXlE0(;K=R*imL#PVx}&}J%r5Cax|aSiw?L1K+2*1(*IxG-3-aCm
zT{h#XlGT9pC;#=bTRt~ee71di#b_oz+urDRoz6xv=xgAX1c*-yz5{#yWXlLfad+PP
z`t16}rnjhiOGTEVQR(ku%$n7rZZA3g(vfUAUi@6c{yfT*Qr8QjP;4z>3w8cSlRa;g
zzKs@)?v`yk{F6Q%{|HNFj@=AR1(`?I2V+I|F_BTOBelFrqJn{f3k;8VE|egnh(xL1
zJO_ELL;gaNtH1XzixuKfhQWeICQ3E^+fw+uyr|Y3ZSkSJHAgf<Q|@%4?SV+H{d;S^
zJwij$RgD+Jfww0WFXG5V$R(Nj9mY%AoYpmey!dUIO(<`9pqAeH-#h`o1WKNjteh#P
zlFby9Rerj<{;Xi~Egpt0)Nib4LqXK^K1s(h9nnSd<fnPyYIt)^PJMuVM$MZD{yM_Q
zT&LYRlYh2r^e4*-O*IE71k2+WWHVmsS^a9gMhPr+^5knm1`(1X_<OH#{MENw_`cx@
zJbNivytwDY{~p*0={E}jGjCCyB5$_4|8f|lo;f-$A1XgFli)vVY-;2|HBe?R|0>CA
z63Acr{7&qTRm?cP>R_G^wTEwr0^7RM84JP-m*-!vsPB^(36%oFiv+60O^tk2@2a1X
zi0xD5wF%^}dGUL9+f2Q517C6dhDU1kjnQr2%zcz*+~-128jje;23lV=KWCtpHvZq?
zG-MW<pK0q~;@hr#Wc2e0jr(F)f3+WEJxpAh924(|eeV^?A!{)9bfWFSy}>Z@+&m%m
z^Ef@`@Urv>gaBDHkIox~|2UAtOAt+W_s42weGif5ziD1MX5q$PU7}y8_%gD|y_3Is
zjLU6~&2JY+8moWjmS~-9xbjjeBD+?wLw~Z)f@~@!rn22iqhel%>mQ-n2vErqnc*r~
zm}g!Mcq;MaF)u1O=_86Q>*qmqk!rKiT6Bk?eu{UTa>GFEI-Q4a4_$KNP;x$?@!-rq
z4srJ#A$+$#Q2%|?-hh!sOiPz$3q{7$kMC{VWF%GFu{zr3rw^E2gSP5Y{OxH5rN3?+
zECf(eQ_5v+oLcu!k^`{xz5K5knL{0xn9%koi&wPMWE1xhigV1#CIg=xm9t)Z6K?V;
z;+QK6Mp-@~{15r0crJ%~pcLiy9geUhaR0Rg?;|^;5eUb0nn%}KWeE&qo=R<d|6Hc<
zKQ@}|lc~d3LpL=%A>g=uHQQ~IrDEmX_%41>SXK{&w0L&HjA#c)o%h#c`#v$d;h5!t
zW_60>k1JuNj-{^}!+vQKGQP&_PVV&URJVo(nfRToKyn+&;Nkm2Ua_ekaY9xB&$r91
zrS8Q4D%Y{^S|nS7Joc}Xl%NS6;2I$xb<ikbyq)sdpN?GYT9bOkp_t~jz<h8oLlQZ8
zR%7Vyz$HP7+oT~EBgOX&`?XdU3ha#%_EE=HBPDVm$_lvgSG9dNO%miS47$zr`eahc
zT079gnX9OpjvUGb^4`+iH&bMnXK>$uN+Y$C@20%!7*b3>f1Si>h@YeDLf2PvZOswN
z+V_h8ruso0KX-$->LAPg-u(s@Su4(1D(hmKb`w(-2{y)<1Gxi~98JTtWq{>+=bf9P
zb#4rKKs9p9+PZ;8UA*E+v)sY1dca*vL-zMQjd;|H_eDx<yyR;5_)84Zq-%wlb~QaB
z5tHe88&}(y5BBsGs0q{>;!A)Wp2=A^?5Jr}WA&w8^VGZvxQXA~L7Nejno+*;k2pzw
zEo`o_GRQU8L*k{inUo2lDI&?WBioWrEj14>&c_5UVE>C~P%pF~2*Xu;wbfR$EwjwH
zGE+`QjZ<T^bB@6c0)c_6|6Vp#J;^avsIZ8{;Syuo{keM+P1(gKN-s!QE5inopo0w2
zF$Fz>Fd~#_`lA_HHyS+I_ZR8g=>}>FrF(wYo!&IwB9ncOCyHz^_WluH<aST{uUS%`
zWLXW6z)Wqpz44}MbWgO!7&?z)D5*I|#kVTLWd?BP|Dq-5Tx6v_!7_QGU^asAR<rdS
zC0-=~-@v%Q`8mg`$ZlX-rdB!QFT~3#H7)t%_&5g~S_u<>dU{K8neg=eIA^5z?!#R1
zH(S3`F0FJ*v-xEpm4!Br*8dZf_(osy6OUyJArpd5#i4e5fB17*ASQJyQk+5euVCo-
zXTFI4PcF~XG#bYACz0dAwMw^TzbBYX&TxgSHvQ(Q>67n=0+NOc&60#SzH6jNbWbH-
z6mh@_V7T|WRl`;bWQE3Y|FXwWa&_#mR;Tq^P~VB~POhc=Zu~@_-%@5M{!JGCxyelu
zWgN<kKfefX3Q82xRg72gw^&|>nJ7Np;ZRu9oqASbzAU39DHHZ{@bGO+0hp<Vc$EE^
zvWr#5W01`l*XI-y8W?>ndiVaLZS~evm0P(DQ`RBpIRHTkt_PK@T8Y^?yu!o|K(#|z
zeokZotk<Y^jWUUSLjPBPNX41-1qMVCy9LtOZ@-AUVmZG4xowrTzc!3@C5X|)|6-Re
zzCHh~?~*17p?W9BeBUn14!)0e9;?l%Wi;{*`_<1M`h+lQI_5BkJZG}F-))*E{_klv
zCbwz6HnbhI-9qd?l)b;kfC^DYc<Q_ravNiB{qJg0E$rsB9;k&#&H>XoV>P_*<ZGh*
znk*wZXSBq=W#J>^YU%+#U8*m07N9_ptY<{pf1?+pS@n|TYcBJ57y*}lb>TBlRq({4
zuQFB>ngx3qK2eHc7b{rSF%?@vS0+<(#-2XvhqA+=J%cli5{%7xL?mk#CZPz@Qy~0^
z9N>yw{Tre=yaWl`4>O-xGfOYNe$GQz(e|$Gbi2ePh_20c*ZxbqjH|IlAZ1Nl7LF<_
z(QS5jSp(1asG2wG`&XQeC{Sb`{Z;OfTTuy;et*w(zmegUz)Z7~iT2z&!BdF~%Fp%4
z6E^HdZPW&N&BFx4A2tJjpLRi%$K9{ZeOLi(GVZ@UeL)RdVZvB^?xKUvS^m(QLB<t9
zGZjopC%mzLH7f1;437w)C+V0!@*k>s-ukBSRN;1I$w!Y%UzYosptb*dJz)ApmR?CX
z*rpgK@W;zcTTH{u^tEq@jVa%Gmp>{&qJ=m9@P7#U%K}vcKwS7Vf6Oo}b41Ga7O8Tr
zr&0BA{(un2$|sX>x=tSupfiN}w~XD^s81YMBTSQW8s|7sk7V(BR6h~(l9O{6KP~I8
zh%`*}<mdmse5<TRZUKi%1@|&J<kz=EY2)he#i@~(pui`$r8k_kMw{WEHUCTh$&FAu
zIj$8yWb2Pir8i0So+1|BxY^9Wj`SzfGxAqpoaFlJIc1+PJ@*LHuH{%J{c(kt!sy8f
zCaa^*Ko`N=D&%=D_Cf3ROKkFKNEN}K!!+KFud^$mTc^hqKv{?0$0EAPE0`V!UbJ|P
zyYzEkXmnp5d>B<eO3vi*xm|G(eMWb7^6+zvD(_7tJ67h_GF$bZv~n<pGvsQTGyP#`
zRMFYSgfS(vGraUI_9;(r{A|Tf%(w{LGWA-LKW#YbhXS1AZ>2S)p*_bY-ydlJlXIdd
z$Yw2<(r;gF%$~MQn786N(J9riT-Y^_uvC3$j{V~Par6F0shnV$p;9A6s+ct5e40ES
z><ws5@ADQ4O+?QNjoQ~mn<c!le@o**O;bF3Ajyj=fBb^bJPLR7Hojaz;McA7L)yCx
zzqZV~M13TYW*^D5y`J3gC8Y0x+5f<GWXsA&*!nS4APs34ubVGC`D`R`J>veknbtjB
zgfnp~*x;?=9nMbtAni>%ho7j;#Fw`5r|w)T*XDZzGYuKK{Ig6(oM<lB$uOv`?Dq8+
zA8-IB=ysOd<DdwtyC8F`{&`N3>u<e?qs1!LY1PhdhFB0Xp4=eV0lyC(vxHIa%C|)&
zG#>uvwnh}$A(;3PXJb>Yq{S(Jd>5yt<>H1RD8Fo*x=y7>*_@XmBs`uSv?aIKApAiD
zC&^vshDFh;jw#0j+>oJ{pC<R58eDI&W|&Z+{}auW<OSyAD4w-S<djm1MUh-5q(pQ`
zviK5y@_V_QYpb<Aufg=(2`BazEOKAsT%ysW{Ze-mcb|xMn@SwgZsk2ATd~E!ER!Ys
zR$0qXXXYfd1>dX9%|okiZI!!v;LSI}ZLo=x>f5C{mpp&X^81E>xVkg-cYJAq8XQzT
zJ=dl1yxTFTsq6D3<^W#~k_e679-^PkJlu}48d}$^@91k$whVuVQaHSNdOu6AI>G{n
zBM@%_;J!5><Lz5&laSx|MSg?u;Am68IJg+kr@Z=nZ>GhGny7O8oljH1wVu#^;}tFJ
zszU2i%P*g{*HJO#A{WDa)g31J14yA%g-YE5A+=qyz4pnwYQr+yWOW;q<0tywE+*z6
zh|mZ(y{S!degs#uHY4-*Yjj*~!!y%EA}HQGVN8??#<`hY#*~vF90jwE7EQ~jc-y<k
z!vB;9H?RsWWbz+xLz@aUcy{|Bl`-1MZUrogbm?6cvNNA=MKjV|PulFfvCAmP%3bhN
zW;TfKsx|ThFD^Ra20UlDzH4oi$Y-^(gA6U{<<TlzU3|fr@V-o`EpeOs+a-zP2#4vP
zo`CMoe|iczx|j2Re#ZS-jam1UmW$>5AZYVO?(R7a<t68K9n-+cMFI($p+*{2dza^e
zh>i!I>5da!6?3{<quPWFYG=}-Jr|5t!+$u=x*N~iNj1Dv0w9RfD9J+(LVN`!-J$H+
zF!nIpb0ZLV<ke*+s4-w|-ZOjoW+jTX$j>ez$?Ev-o+}x?y^Lmlso{wfmv-F3=2j#!
zRt7OMLlGzb4hRn`C%D&TpX;uh|CWvO0G}EIJZwU#2gtx?f%0i<<@re$=Qn7xMrZ(^
zwO!0J)6e7g)VI-`hiA<*t+)B|Sz9tj6@%6a?=hO+#YlRwgh%8hm+GURT=U&j>N?mP
zXF`e|pZ4<;qM;^<y1VM;1}Qm1Xs(Sy@eix#0gCKWTzt>0EBP>kp?|aoS!hrROY|47
z+~Px?<Uy~VZ}^77ksX)0YZoR@@GoCg`3Z0lQ<Dg`ekwN#a`aY1HTRQgGros3@%#R`
z<K!QE@!Tz>DSCBc_aDqh8a53WHW9Tz;k8TE=1nj1MUTi#1YT25Qh8fZT%V-_@m(ud
z0GQ3O)nlEiHhYjlX`bQ%PYq5`rjflY=z+)?+xK<4^ZHHDd3r~7QAkIsDcx%9AmfnC
zllZ!tEN-}t&BnE-Gw&jw50egl%wFx8>t#57YvX?weimQm^21E|+s+SDa2SoUqX&fO
zuW%;f6%@lEvwqROqvI(Ixqok`(H9%I9@8P{BqGRU)BO;`%m*ksm3Vd3>G#s(F`hz7
zF(>w6pLVTTOVg2rkB-p@^BTiT+~RWJgM10Iw&d;;8-uP=k{)L@_E1a~eK`Y-mV3m#
zN$+s_^RUaP!`c{R;#g${mECm?1q#Szr~ME-S#Mm}cuj>OUC_uD@BQKGl$Ub~X2y4@
zI?LOI&rbaVh@pVk#y#}0mesI&ny;FoH?C{~@-i;x_KL?0^HD>HccRTXp&`}4&wD-B
zZ90jPOo}py8<&XVscH~wMU$#+_G*=YO0&u1gjdK#rdK~)#r%wG{Tc0{faDH1Rk*9^
zd3l}h#TJ>w+W<ej_$gKt-;zU9NbBgi-rX9ku!&NG^{%LO&Bcv4wd+!vMv<`9#29M{
zrnub$&EFD8+B@;gZLe(q;WAx$JDG&)1MDA}_2_Mfr;qMLOhPwNSM6RW+7olMakJ5S
z!meH7-cV5xJp!cVms`5{;>T||Lrd)fah034A+Bc_okCi_l4y026QS#i#)BjXcU;-F
z*_yfJt}nLk8E>nbmAtkKA?h&kKcc-C5vybQZ39}ZR<Vlbm-l>$^Y!Og1!YRes5B9d
zA1-uJv;UH)9QyE0m4|0ICfD0BbI^O`71sm5>ayZBj45X#1W$iRm+aCo)PHD@c#M9x
zmke?^p(6IeO`Mu9K$X`DXb9+1YFUPlBQ%XS=a1=~_;uGN;iSz1JZPQpv1}4w_I%`R
zZJ%v^6U88lWI=(2Ojv^XqGQcp_<j3j_wi15tX*cYj5oh-;#0dzU0A0Iup3_k0S}i5
zJSm+KYYq_IK%sTS_^$puiX3|FHe4Tr;lmhWi=|&V5ZuZlMc1h9{`8!e!`ZhOpTnn4
z4?hJFK-Q~~TU(>4AQ-0Rod~(?6kFSl1gJIuzzqftEIc_!7jNcU_e`%TF$}4w9mHVi
z=3gC-M3<wELQ9p-L}H0kCq9ku>P2pbNj`yRj*Rdb>~J=nH0G}TChR)N52an%mfdN<
zw`zN><4<)Wq<vlo|D&gS&uvK6c;4AbgO9nNYFdi8?mLL`EYq-}YomMqRH4s^qP?;g
z-%J*kD*K|UaMFHBKiyxT%5~Ao{R?uYpw16E87>=Sl*Y?^(`AhqIR{arkGr(m^x1z#
z3<;~$s)aY~=G1vwcEC@-U{R^znGf>5N$o}G6Ae}8EdRn~`F?AP%^tEWxj%byz`vZo
zjX#m{6Zq6GJ`F-#_;$HkAZ;s8d2mzsd}i|OTO_Pv-Bn_3<<f2C%7KrrLaF%;<khIL
znoQNfSRc6zDZM?`8J(em$DjGc!@^~vZ$5x}?TxeCtkU&JUR;Vfz8q@yvnC6KC@}Q2
zB_Bj`w$^pQXG}e}@(6V4<mj9TgX}0rW;v~*Bko6Y5Rn%R+LQ?esmZifl15astQW-2
z6HV+>&#<jyaZjYz{U73lCXqEp`3R{!XgARKP2%aZ9KS~aS?+1_3E*RLN^?zz=z&9Q
zB7on3dTB)r<VoSs5QM-yndR9B5b3A5ww@(Bd)?=k5R=N-UojY4;9xs1vx~Lt|3__)
z34U?~;tR|ptI3#0w9l>c(NkN##`WDSG$Z~H^e5Dj<uK*JokCss9b|_`KM!z8!Hhez
zT$Hss@Zv)ZM0(^`_Dlg=(yWfE&jDp+Wxl2ujLQROWv#l_Q|z<2vf^9!A&29PFgTK%
z@pYd1^|6T`0&x#H_a_;Ok&*dC1SsPbI>QUZgx*sIj4_^S@gCLkWxa9RYevUp6HUdo
zeNp$ckw;wGcV`OsK!PB-1o3wF`SFJR$N!-Htj?L=#}&)=Hynrfp@jFGqSFQITp?2Y
z8B8Fbx=I7j`$s3URa>O<cw=xMie|KfZcP||k}r@)ZeflHxp<mf#Pi0UH(WS&u<d2%
zwaK9of~IEpLjRV?U77Cn9_@MILdu7xrge8ii^`i4DjyoSatg!w2H*Qb#%=S-`G;B<
zO&R5a*S2<2lEfwuopg0W7Lm*`rv}oHRhvHS2WP>NG1etHI`=JOHQ{z~<EyDbs+;#A
zjxU`ilbt^4l|zIrlN2DM0ZDHe?57;nUystO!@vxGYFKo<sr4CPzK<~+>`$Sag#|>5
zoEdVTOsbd23;F3yx>?G7!m0=cXZ$s4Vw7G%bq@TIqWt>b3NH8`gf`6bLqVS%$x|Fz
zUL4iG%kf$hBViRyPK4u7+3Cu_PN$raDZ8=A?3z*6528c{K@goorf&0c9ok<gXp|$C
z{8nX1sf{&v$X3(Q;}g!g$s>|)xR7*Z1+j=*x=>-_wem)=LSvYtP0G;pGthdp%+IQ^
z6lh<#0v3Sebi{w;AItFCdukW7nSD6?d4mv=P4X_|99at&+C~c%JJ8>yxK)#BHi<Re
zzNcB$y$^kTxoZYi`17M@c7j*or1KGAQbrwyJn!b8`8S1u?+skpGlTU!K!f%Ns42Kd
zhB>B(IhGJfUVy@p(B`R0SuOWB$?fFu-OPyA4cSmHSA6RoNsqS2qlg)Gc;b=~n;7pv
zo4a?NG~UM^U-or;O~i{i6s{q%E7_odB^u;H@m{zbCk=zQ7mgCk0FrqK>WMA;vRNl(
zE}0P@Jf83fd^hk+3;(4;bQj{FXZNZ-OpuSN7TRzih6PCfod{E~t}5eN3W9zO5URL7
z1hX2wFChR#``$RDTKU=GRi$u0`#_C4<BEOFBdpBNwPsI1bjNpDMpA?P5Na8^x@JCs
zi;(Y+abH(`M9n=ulI&VJ;MFBAe7yJ)L{F5~@9(fqS=)k%ry6#HKo3>Ng6T}fh?_To
zC!+-<y9Q_p!vQKC^SG?g{)|-^=ca22o6gSXDuSrBXA^vkX9Z&)Z$PBTV2fsrGu;wo
zKjW;R-Ew@ZJtP|{?WUe&7A>@WP5o^C=FI6MS2nOpno{RCni<vY)3vUjTnFToQVql`
zP?}bQ@XgRl1>CmU$)5$j?<a~(W79B_I8w(f=+wB0l3U<-h~ibT$r-t{&6eK07OzD?
zAs@QAm%i7~oVvg&=${C4H96e~fm1i9%zT4WHgSet9NBfPvp3|6)*(5^u}Y)fyGyIY
zvisG?zkkL*FK_0=Y_pZ0t%Kdiv~)7=6=*LrZNwN7_3mHxo%OiS7x+#(?Dxal_oO7_
z=hR*K!0dGD=z72}t%l3NXE|q^c*P-z0#zn_J8adH=?m|+o-00G=cz$a%@^L+37|L=
za18=I#a19Bd1cY_dYAvhe&IbRe7pzsQ+WGRN9z4{t<!`=I6-1;pex|*F$S`5btGw^
zg2S+kAe?RXRkK3(q^){-H?qA=8{Kv`OU?$;J4ii@|0%?={^`kOh_2VH<Yc*TU}OHa
z)Vm*h>)^g|T4VdG-z4hxrk_?lCp0=M$ux?mSX{-xA~#U3MxZrGEKgl+z6g|gL_llX
z#|syrgyXs67L&a?;KK70#!e&kFUcLSJgq!_hS?J9s;k9&h64puT7te@1r2tyw#mCQ
zxi*mOrkQ|D8empaPj=tTgwP{~5Fo3y{YC@|+BgxO3a|X+g<Ii5Bzz<M@ZhT`Dncs1
z-m{A0C;`NA@N_lq0DlWtwKe9exnNB^ymIsnXkvEJcg4>2f@h$|1avm>xJttzuh$v7
z`!ODzFcorgnzLJcHhe1uAWkagRjv5Q+RDeA#c7hl(^p(5g7CxG6eEmOpr7`{WuMG1
zh;DXR02#q73kB=hoB3SZNp}GNP<u%=aBka4&wQ3XnxFs`GA+=XV4Mlk$g)w7cf+rD
zm<!BkfA%cHF}iVtmZ3)-Eq}`ybCA#;a`;86I-~t(qYwF`E+or6J@g~wYl8lbojkt2
z`vpsW^f(Mzg9FXCSM}ULTprLJu)6)!+7P7$*RK;n_-^!eVp2itwVDgE6K=Y!86~)M
z^f+*nfDkf1b~-*aL3~#!6fKd7?K>kw-Bew^+fb7kQX)n@6~wqOaXsJ)B#RBsUwo50
zH#}tOo!@e28uAVCoF?=PPVMy^0G(_g?bPAfkbnELGmr}D8ma=g);VUM(>KCpvE!G0
zuX>z_a*d!T=}Isby-D$GFESsuiF(eCpE|o!<RK(?ud@>oL80>T<Mm@mReMu$z@mL$
ze7g7&mtCIH<&IWd=f-kL5vb!cp_oA%y#MtMQ12wf3pS^pk$gP!?(s~+W2o*4qSD3Y
z9E_?5nO4@>j29laiAD5R6&n(XD@<x&B08Ozh;X3n@{vf^qO9EC?EvkKb~-nV6i*2z
z>#jeEAlDYwI6IUSO4u|8;TZ+!HB7^zcDJZv)y6)bcn)awi3yZYOdtFQ-7J}=z{;K4
zWpg97KpLu3+3$<D@_9*P)SZL#km^^v9W@O^9m!t}=aQzY{O2t3L7WSb#{0QZGa348
z6>Le5?Ad6coA5gRaNs)vn$5D_1&97tYl^UkN&H|clTk`rC5|f*&RZ31IfRiEo11XP
zLy`6VxtrlupZxp?H;ylw2z&*PEk3#DxKy-87M+d*)C-!SzxO$|?<w%Hplu>XO|^+4
zdYlRvdDBt#u)ybWHv-F!4vr97agU+W&8iEK?3On|9ki-w95xn>awN_KhlzFbyO1&U
zdY^de&@z2LCh38orP8Z9K0@&QfCq*$UjVW~=X+LNui|UJJHP#YQ?Dm1QOTGL_=7&t
z=VLdHUIKe5DmC;H621?9(c2v4?%Fk4U+FH*5W-vTBKuRroCyf6;;yC?V3`n|-Zagh
zPoTTE#WFVnRK;OFUq~`(jt8RZ^LF6;%E!U6-Qc+EY;5p6CC7{Kp{1Qs(#R_8M<y-X
z(A^B~VT!P*?k7^)QSB?TlOq4&%PXz({dX1Iy$yEUK1<9AH$^i2z6HCqP;z!&8T!WH
z3!s=chnLY<Awv#&%-ytDpF6z)9cik4gD&J!1du@Q5@nvg^gB*od(o^s>#mp0PjtlD
zNA?6dJy-iQeALthool4%AV{qIkzM@hL4E6b+(TGtzgPy6NjarHw<GSf4Ke)rnGlkA
zTlFrAEx}`z)M*BnFEf8aWbVQ0oGCH1L3Dz7vsMohPG~<|I9ukbns!p8K3$cZzP1s^
zIZd$`CQsQ)eG}mE1WVaT!vb*eP@1V)70AGBf~6(MC)r~MFGE2EeO@Mo!Ym~iku<n8
zgt<oU-j(y(TV*uka_Y4Hkri1cxY*=ZYN>-v&WPJZ^)~~>r|t}73agXh|K)sJW#%dl
z<V(9A1eyp!l&s2DN1v#XLH|u^6=ij#Bs7(^eepVyTCJ*c?0x}UxxA=pN^vLQNiZix
z)o$jK3y_f;nZ^9hSw`X9`ok#`aKcbSkDMd8WZ_Pn>quv9Y<9Wt4>%W(J0e2qwyTcK
zRN|CQ{+3p_P*WCA7SAB5H0+7XsOO2+NZ6YYH)UpRR~4PfIsMJmu_ri?(JWcEOVim?
z^opR<5Ntwqt=D+NB-BqazT^045EX>N>SC{x(>4&DYr!eAg#*!JPuLLkchs?~;<=a-
z_xUfbdnsFQL~~_u%%Ap9<J&@Y7ptVD@IqMZ+E}!@^e2tWE{n};chzL_+B!?wryGux
zdBp*i6XY$4-m>p|wcko{4a)_uY(c8#)Kr|n$!o6I4f29i!t!X~jK`HOL8Ok7M-9!N
zQ8{b#-nYPoUEjM<s6?V2MJ~H5Ny$nbzPJekp7K^+*?PfQwk)-m_-971<2~?p)HU%d
z80*?^hrtKH4M7}!H1+kV{YUY7%WT<E#*=ouree9EJ0lmc6;SYPQ@aYKwF<`oo_p|2
z9d29Z+!hohSmhRv<0=>fJ$S_Uo4i~QbwwO#u<x%-1xdD3QDISze)FFUhRS1A&(5UT
zKt`MtrG!QM2pfVQ|72Qx3FPG)kbS#VB#^KFP870}RZAnj@|t{qDYIIzy=Y3#0+K(T
zPP3gjNe`mNnasX6pO_Ke?DI9p#fN9T+pfrtJA`aK*D@N}ko(l9v1*JM+*xx&2<nKh
zvMmjs#{1MqKpY+BGDk@@#fns3yf|y9PlRUxq`r?}DlxAIYQlNHA3W(q^1!N1jbp9Y
zQ-9PHEUX*cDgiP{LIm?!E=SU!`8_m8Q$GdN2HGO<p~h*7rQhM#H7X9B25eu~breb0
z@NN}^`2?$p1ikL?yaiDwPDlmCy%;OtBN5%uO(OOs5;3Gq*j8|-Sc(?^NxAg<8#Cz1
zt=qS&8arLnixf@DmLLSC3(>heW8&I)xfI+oIj7}g9Fp*hcm7!=tF9pznSe&FkGXQ_
z!t<`#t5+m+s#ZvwKiy$RJqP{v>S*ij{;D-o7xETW&>k?po4AEIB;MkP1R8V1P69kQ
z9=56AC&3!(fXe+FB)uu3b0nWcbGoDOAkunbdI%3v9KQ@-m&ws9c~lU{0q-PDQnWpR
zCInEL_+Tf{@HcV=q>VJ&3zX)=s(Duy;`(MmSiE3)RpN0~88J&mU5A3SH`mq|uXO@$
zL`BY8vyw@(TQV@7i|csOO22Ey3dX??jjB-8JxtbBm`^B>Q1KA`BK<DhI9Ux&<^k$K
z@6A1dB}~>@>K&S04}`TH5_^8-dNVQhUUNPksK#)|D>jLi!d|fQgk-?(_45I1vn-o~
zkS`!>FQSbjFzqQb5$+6E?sD{;^WE=BZKJGBCX4hF52TzZ?Ltv0<_<Se;@>PDHVK0w
zh4Gf}8DJcqt`P*|8<I(?z5=4_lsa7EYpQ{n4?x@QS(G6a6#6`V3w9GuyY#SMt6N;Q
z2#cYq$$DFT|3Ii}iwD(VR^fQ;0h*ylX5m{yE@XGI59i`FPCJktGaoJEa9dS7P)`8|
zc~LNVsH8AZwZ^+G8H4%Ou$*tD0qPebN<RfOXl|NZ02c7xU74RA<@wU;b*>`b!l`fO
zJ?gIR*5LKx3?(s6`YK#e)mGZ}gE>GQQG&H6?8!YTQr+!Clpuu&L5i}RT`^lc3?2IQ
zZ_ICoxSP8J@(b$4{oWg2S5f@Ao9G2RhECAyY&$2Ov-$&>V>DqY(uu?1*2RxOQQAB|
z)6?iSM2-$&)YRtttk9c&<VV=7+^<hSCB%KN1X!dG!sxr>T1Z@`*oHDdeJ(LQD)$-!
z1*|AZp}`)0QlKxV+hA9cd)T2>A43T#{`ztW@9`GoOE;30>7!E`w9v2i#~j`$otEu-
zd6Roqx4<v@hoI9yIgtzzOD4mJxT6)@%miA^&2FJ%#OyteIJbvQQ^O3Z4~Lk#%R8!6
zVi;d3Hg3C(92aSTO9Dl5`W1&v&V`jPW*!58vNm8h8n;D<MdV`MsupRZwfgM5sb4l$
zZq~~V-+J~%&KiPx4`YX6FSjDtR&zp=RN%|`+Lb-&tgX)3?Qk|asW6nFqsG^e5(?EL
zD+QshhLOAMN$@$Dk%-eG2vKfp>{!xD&9>mVb3!3@uxeM7g2}PsCJU98te!FYJQBlm
z8btdwxT%se#g2z9xOQ~chtlRdRjej|Tzu2XqI4>Hzep!zgC|b5`&U%!{JPUCoza9C
z1L3~olVwAnmSd&h$)WwkHO~nO8+pP;U!v<xGPkAmNM%mQ9RFA@MXt*_kCr!#mfx)V
z$edJy14-y5X-TSXdwwYF+NTovg=2i2MBSeD#@zd?PWa{FY;3p;W;z-VqT8F-KVCes
z5+8<nCU82$w>xOeOujGK9e?oZskg+Q*3YBd$zS^qCG3cfzV|sp_SsY>Eh15Aqc&Yh
zi{0f#2Nt+zsiz%s2e*!S&BQXB%94+V&pLW)!HphqZ0*8gGH1%!^jWYBS-Y8YMb#$m
z*_kM-*L>}#1AFcb`&T=YD~nHxH`gtWr7rXspVc&-?8uy<LAv4QsUs)T!DwoZyL)tA
zQRcJGi%r>f-WEMny-Y(qwxyf7xR9zjt+?Bf#xmQ|xrT$_4T^aPkc_rICa#Q99i&UM
z^)AflF(b#GhVe0G)^esL9GGvz1MMZ*WA>PNZL^<!^@n*P{1{b{mIxrd914Y3G~>{9
zPx_nli!!roIYsGz23g-CU_DXsc7Y_U>@i1Xh8dr$__oWHV1tJrUrq<WY*vG_y^S+U
z^<3y9<%}+@{2^gBl#fSM<r;d#8<InzV)4gsD#X=ibWOJq%`lxjfBrOPmFx~&Hu2n&
z(>7O3xp|dNLUddMqwwi?W_XBAn||{XE=YD3O@f<j+mtC598Iv4;D>`;hQ6}1_Iv;2
zY{XhCo`n$3RdrnU*HiqKVV?otbYk`CWG8@R*Mr5avFD(jG=C1-@Yp&zQr=?UK8sfh
zShVZhg!=;xY2ei+dD%%aUW;AxO#dTeH#Kw_np(v51$PZK^1P*MK7T)OS?*!ih=u-k
z7D$W=+Z75AGiwyE^<bF2B{Ya+e|zkCa*O9C70R|{X5{e39{?@f&+^Cd`osPOF{w1K
zmD4no)1;NF==-;gfLfm-aTSvrkTc!+c&%#QTAk?4MWpkB?rp%0(N)Cw^7+E6pe=XX
z8W(aX#KT?jIZizouxbIV6Yx6#du?%yK-YZEYNPa&8C+U;%6Tz7trT5~(k1d)&Um;m
z{T17FaI=;N5IuK^mZXzf^|BvNF(BUyJQw`PTFNk>P}f9ro*z`fF#yS9>VV~u58K{R
zg$=q*@5_dW)ap<A4#2%9(xrx<gG+{>uD%B@Mo}E~^8UXR!u3|mTkW(y=n6X9^A_Nw
z(OjW>L4mST(rla0kqA*QcDPi_1wor`7Q=ie+w)ol=wIIdQ<~8Jj#dn1wo9h|0paQA
zWvbA|k`>k>@duf#2~O^9F&lha>bs*{-liavdIJ4;amd&fD=bqTY4HE!c|I$<$~36T
zD1XA9PBW+<`4VSoM~fXkm7kci<*6c@SnUDgXh(vtL_Zf(B#-l{)<KlU#IyhZ`>RW@
zwSmNd*$L%Z^}%B%Pl;;-*<(e*YD|U{i5sq~gp8hpzm9(bia8|t3&g@<Xq^;`kN>k4
z#k`sI<<B1;_?SN_v7Y=5JfLbTu4*2i*9K;t>9$-xxfxH@SdsCl&$iFjb-)>k2uZce
zl5*QLK+{A32kg1Q<LhWXF|hXKFg^{7%SIyNkhv33`_&0A%|fa2<*p}VbaR!hD#nX>
z-vtMXS;Py5uOt2{VxDt(-+{EOI0C)`evIe#TQNrVijlbr#VhidmCLHt1n|A3evSVW
zD-txfop5SFIxS%5cZ$mKhb>I4l&z=GtR4ArThvvDzcVzp_q5t&vZm$S;cEvMMsl1a
z;`)=fF%=31GRw0?9}NrFm!5&@KD-Ute!Nf$t=ESB+=Z779>0X?F#H%beoh9eyq#+_
zK|8volKkxgUYd4ig}Zh9$U|ikwEqPmj-w0S+7J{z{mA5Kz>sJC1jBg!oWOw5zArc#
zP@ZXniLNA_wNX}Np&2go2}d=V&*@y8bXzFYrg3X$qc1_!Bb4%disDj&&I>K><stu*
zM8fZ$R*c2dLS5!BE;D6W1vr)lh6T?{Xic5;cvwb~sv-<YKnBJ~qP6T8b#Ia>qL%sp
zwf8fpl@!J=)ZJ;ShAdN64)-h2zx1TSr){$pad!;ow7{B?l$v=%UfLx{8;!cV8Z0dI
z|Js9lTQ(6cWDy}=B_~YUVk(7--<&Q_J*TMH>A_Q-XIpP7+d7Z}$2H&|wdUhf8F;(k
zsn#2r6Qw_xzi8`A{8#c;-*SA4o*da9acXcuRNCTp;=f~Wx_5`ofo9QILqOACx%rNq
zfE@nvuWOe)Vfqa}vJaY7Ts_BrG8r6)yPmd>s5e3h-wj^>RlU>WA+_aatySz>pDsY5
zc7)u*K4(KY9{1Ihb^oWmzI5iwu6wdr(ZoWKk$}nNr5kl}D~%+%u5@0f&iwDyi>IuQ
z;{e0mmJHs_R0Bz}6DLXx9GAln^;L559*XM<DW@^_CRv{icC4$eUEr7<-G~}VR@HjM
zk-eRQ6wP@n<<pJ?EONr9<$p(y<o@5$OI#2V>RGe<BIGpAWUy7tcf50hNf+|dC+tEk
zu(?yT#uMU-a+0uBCK!Ua`t?pjSJz}xKHNArN%4$_Wn1~qcE~^N1vaGYN|oJBs+6=9
zSuyH0aF!AXKIq{xHJ@)AxF5mIE-k6rn(8yJ1^6?A&*BKj3GrNK^|O58H7EWX-clVG
z|F$02?F$NxpfzT-=Hd{=Go#yCIyj^*Yy1l}>#<b5bgAD}m^_^rYe8X$^i=XU0Q|3o
znb@|!<rDZwjBWrd=Tn|KI$J}#$0WJ9vpWb-vpxNx!=C3NSh`RwGd7x}x>KlnL+TAg
z^PXF({%P^YN4YjHNgfhs(~uJJON=<advSFHlwR+K*O^SxkC_y%gSM{@y4Y5_*aON5
zhG6=S*Z&KTZC!BI@2;%~-*eygT%TO`uIWZ|xaj8~D_WL_zZ-UY-kA`t^k)lg{fSyf
z;Nkd2YuyN5_IYJxcV;#yil#n?o$tw!T{@)&6Orj5BJr(;9>~6jMzzVCny;q^Mg&0n
zs4kVTaQNs^vJ)78qD!ts?x3j|@;rt@x3c3DRzJ5eY|?;!oXS|Co5K9rhAtz!a9iuG
zjljf}!EtZ3kc7GFeFkH+C^Qwx9G)aHrxfcorf(Tj%A3#pcl^FSwqx1Opg)#GrL!}Q
z`B1?00zr#A#?Kry8G2~TyRm!PWPsmnBrkuPz5H#vXz`8v(lE>4otITdpgTX6nT`gR
zne}JO2tT_(FnqA~W#zQy`8$vBxp%kImYZndrR(mfq>7&m_D^hE#Le48pPLPVdwNlr
z?Fu5ZGIQLappSOyYr+^?72;KhHowBv^~i=Ov%_?x(*orCPWMS<G(}jeVKq%KH(6ha
z+PT^<o?v4Ks<|z-3m<G_Drq%Ln*~@e5R7Wu{<>q3*tA3;YR0NBXrsNfzS@NYp>wlx
zY7WoRuy5{L>eopAogfmt_XLlRd6d|e4ZXpscjjY>GJ)hoCv<d?t=FER4A_MRNjq;9
zjxR=EFS2)%7Z<5G)8R5Q@B#~a{NF`uiK`PlNI^9u>i(RmjNqjUl>-&4IYib)xz$I=
z>|AC|3pZRyH23#C;VG5E4a`xWfNlH;?Cm8&)P&kC^asN#lY?4kk>u;ec#BaB-__1$
z-v6mjz}R%(u*bKDzRKJ&xP_MxIY4{cY+(?+T|ft8oiD~DSsP8!+EfwzYi!kNcv{)j
z*Uk%DxiQg$_72wPH2LAj5B>JM_C2u1zH4<1Bj3=UZ>djoZk<zK$GCG*j?%hTRHWf;
z3X{{sc#A{}`4yW!X_l@sW%`B+ghZ^KRrDJCluLFvP<0VCndfvxb~Qq?)P6bquhc$z
z-9!sVP~_`t3%<6a*K^J2yZ5y@@kdw1t|4ldWj#HllZkg8%?N$nyJJRjr$&so%!hj=
z$u9JKv;n8*O>}x$_kfBW>x8t{!L)H=7bJ?carreBi*~AJeNc7hZ1pbU3M9busrX0o
zfj<isk03?7Q0KX(8<YZlvn6vi#UNx%I}R8GKHzx#a$hcWK~+xwjA!vMDhI!%`*5(W
z{c}q{(jaPpRx8cLGWr})Hoir6-5e#W4BY-Of{Roc_=R*_zOWO=-EWQ*OBu^Y36F(e
z68HEGh`yWmCSTzsm3fnompH4!m`~*K;5o&_stPgh&*fn#S_d`8ie{%7xUk>E9V;*F
zv^n=#^6L%d4^HckMN~|pIuilS)c-IZWUbO3ZYUCAYc0$RDh!bC&m?U$*}^O0h06nm
zZpmuIUx$F@-xVkx%WGIu(vRKFXRicVdiIR3xlF?J*Vm5?;#PD%WtKgFr9Sn0<M;_e
z##u`fKR!C(Omn{RqCi@g?82mAk#1i58h&D|SNj3x3RKt5h-ot1!oZexFT;lOoRoO{
z5DmZ#nzoK+l5uU%zsX)a^2nsEyYJ3cxzT)`@UU{cuzaSXWWND(8LB&F*`X&`jF?kV
zmT#U{KG&MXOIT%Bd+naEk+M^ohNJ2}#w!jj$sYzM%2vM?bO&?Caql*XyD&hILH1i@
zPIp-B;Xr$#({p{D+Xy+BT1ybBkG9+EmoO`|o12W{Q#t>^`95@a@hxhBvUu0MGbS?j
zbiKLqIt1b6?2|cT9b-2QCsmx+G|vgeVg^?E)%s`>&j61J24S!0KJrYNA2OI4ckU|l
zr~0z%@hfyByK++&0nW&X<ZT2}RM18IZp7f6Fz5?|ps(@6K;utim9*XVPGUE*`GtQ$
z`xNGh+%>K%IQqE?gmeQF&PWwX=qrl&JuqUEuDW($rY^1}fA?O8W8<(s;*Y?{mgZTh
zpj9qs7M`IJpF>q2xw|&Csznni@XXdGN?o<)y%ugJ3qcYHRsxw_aiJnS1H+CpJL^SI
zl?0;K`aZ2M|B7GPo_V5?Z}Ss_P%Pwj*F2utKl-sKa&@#irSd+v-LavVE##Y|N~fuR
z9L2J~sXtO|<h)s2ajw8sJD2w+0x;N&t~^o^=7DI#sf!nk#1qYx4|-!qDi0&In-Mlk
z@@SPLo?0^KE5n_jTVh8^uoiHt<n0hwf^G}&`LR>{^<D#y?VtMEoECQUK1&g;FZ_jV
zA-79ioC{t)>ObZ&AzF#ir$N2RC02`ViWQsdUZAP4I@=*Z;Hyg17p?Ss@4x0Gf~>Db
zd_$$CGg~u7oAnN8WmK&`%)AC6H%3g|M~JldXYNWB9nOtDMJFur>#wO@f)>{<&GsYp
z^hDAPJaqIgfZIX7lGW4tqh$O;E@pGzf5m#A3;@NnVz>g~O^-WaC{)ba0}Jkm&Y+5;
z?A=Nk0r>97U4Y1~KA31E({e9ubrY)~*Dcn<VdMNd1b)&6sL6O-UUK<;HROr3U*dtk
z@-?WkKGt+Ma=krV#w??Hsf_Ar)Zk`@pswm(Uwy1g`&BVP2qI|DQVZ!SUO~3Dy>R)}
zw{~+1oYYRKAHotjR>_j>W2R<?b~R@@tQiS_B=|*<3EoS&T)WH*=JP%i;Ui_DHAj_m
z(~4)KW!wkM3+c<w&HG;<XutE)+*Hxo*BISW*YTV`*@$yP^3ZwbnfwHy+bd8l*k@nE
zPuq2n?0O28bGXtPQxwwP5szoq8RKH9Kl%U%l%6EY?A`7JVCGP_(9X5HPyLd1Yu7el
zAZg$_TrIop+$F!=<!ToJAHdWUf4Ps^H`Jd5@uCPgAofn}RojZ?-l)$@{{ADzpB|pC
z?v0&WH1-?oCsbjEldYN83AVRk)O8j7b={|^KyUl8L@4?D#0@wIF$g=?HVR$U)kg}R
zJ;0Tea>LVN<8O!^<)h4fwF;Cz-JJsevg!{`%6_D(ylB`u3Y$Qy;+aYTGq{aF=6h4;
zXIT|<KG)~@f;@_{oMBx}@BQaM>A<GHGInYlX<T?6aIWFC6B}%6B>e2dk#mwOTx*Bc
zssjtWuKnN-CCb$3>M~E7%ZjFB4_^|*!+&0vGBh<I+*9pkY#v3J-CAULte$g7Zn*$=
z6YP+>Z++o6J@lDK(4dXVbbpq4KH~mwu)xVZ^HTFA+6e9gg=7FGM6NCH0wK{UR9^b@
z`i^p%H<C0&=Gfu$`n^py?#WPDmN%aCAS9^05yyPw5*%Jt>nt&z{jofIARhl*<mBI<
z-kY%9)z{V?2py#o4d0Be8ne3t{#3xk^pCHY)V;4?u7$#KS`-UjtBx24-Ui#$)vscZ
z=q_H)O4~kRAp_tK+7OA||8-04s4mpT&CI!!AGBaW5P6;-VkuuQzdgb)TeoPc>)G9t
zZu6LKIAGnNNh>@P=2|Zh?h|m91TLCM^-}m0_>ZI7`fBi*Io<3Ybi!T!Gaj&lIRb8M
z`A%iBxQT3!xz5&cOeG$n<cuJ;#4UmyjDdFps<_OmV5K9jtt8fcyY7bg46ADj7y}`{
zt9$=x?5Lb;<>?w%P5bYhhIk|1d9FV}c+M2$k(W|O6x48Oco`UHg7^Y*2u<5E_DK}P
zrRo^X@hfKeYol&&{1BdMh2B4#fTMP!*Y6p!1EB=;m8=a`{bJ;J%s^^%y0P;)z&ObA
zmhQ!NqN9oj5N49QfgNY{bwS6oRAanwKhzF2;J7pq$m8cQk2ws84^)2#1Ke+2vWfIE
zgAx`cKJ_xQ)5OT^s;`ECA-Vd4K~VJ*>0KYKd9;i9J#)JjY_Pu6@}rvohZY0yG1a%w
zWBe|rYvmfT9&7wug~>cHUe={hiwm7<NG+#)@wSL5WzBClz716GH|;&J%=5_JaTh|Z
z+xBJQ^DqskrtLn7SFGMdY4dw~xfaXAo)53=M|HOi#ujDn%&$21w5qzz#tz<!cl?dz
zZ9m0|)5)UM%@NDE3N#C_x+!12Dh1Ebs0Xc;n`CO+iOpO&tI25<Ksb<FE7xZ4UM6-z
zrkBUln3Ea#r7#rkoyN-im4dOkre?p{R&;F~Y^r3imKxQLncv>`TaGGb3#J3R-UtUO
zN>*7|nsdKokB~DS4jp~p!Ty|Et)POB*`HO`Q|;VPzN;8}CXbBkMnt8rX^VQ8S=phu
z227D9x$xP49g~IecQ+110`)y39FESTWH7y%dJ4d0;+lrIsr7Afp$BROD5iIZRrOu4
zLikeBYAjTx$l8BVB~Ry(VH~)B6_{6b?vHAfa8KP{&B<6lOR~a^Bs^}6;c0Kz6?ljN
zZ9})4x!L$D<0x_Mh+t=-jth8TB7hMCJDs0|K2?nKmWjvxSV*>FgGB}TgCBC5-KRNu
zCjX|G--RUmKRIxsiw41K3k(&)aft3Y1MCwQ*uZlRtC|4O0ZT|4v`spzH@!YSGsW!r
zn>TRB_Z8B?_Tvx=^eC>%#j=+Jyv_LTt0w)OCH1PaT~`ixsSV+@t%l~?*<q?4X%(*4
zVf0}@6uu{u!`|NEo-)>jwrgFmO~9v0ax!7&4<8%EuI87x?|;|1{zI&fxhc@kG}CNY
zELG!vi0lluYSZi&qow^5{Gu~#l}vLCRlf*8d<@L;#ogT>WtoRL%z<=nmPtl3pUww8
zH9i_Lb1GX+YOVg09V->?xiey4(f|+eeaE7bxPzsMRF%*CqRN!tPFIfu{oa^}m}RSG
zwLA?;X0)15X+8_1IG_HN^Ih<PPVTu}L-zUq?6gZ#V-y|&*+|&i*qrHvdph^(p?DSA
z8PX27x--B#kKTuukRXg^IILndJ|g6}1)2a11~w)bT2J)yb#vU?#W$pd;lF_v=ePii
zzQbJ~EzZf?`Dv`ThXtN^&&EbvycIps9~sOWUpQ-S%(c1oiEFt(Rbw9><?vDA*O6gz
z+x5frd8|wk(A7>CeOM&qJK&h;(L4wl&EV%rFtiMBt0)2dW^#kaO_edFo2s5vsH9=0
zr!C_KzLXwzt&Sf~%55Z`d0BqM1;BT2%yYS2HNPU2ccjX~dQg4P1hZF@^kd;H7Tg*G
z&oDdJpVd9HrlFch(~zMw@3zunek%aL8(a4##s*<*IArl~c$M+mRHE&OJar3JA&B5(
z&_SbPcEws-9=T>>uycHomztK44h<0jREK;}uE6^;TXVe9!<<i12h57!nHS$ym2<w_
zBA@E%n<2ABnXZ;b9E4dbdz4vURidT-y&@nlf_m__mu(FCBVA_r%}xnr%x%ta7{#Yq
zbIjmXzsj^`70z%U<no*Uni{bzuvTa`1M2QO(R;3fD{+aIF@<cOC_QMp2?W?lybSYc
z&Ufn(`K5LtD~Rz(cK*g|4(7}3qoQPb00O@@^H!CCMx?{5KqL#dxOOYq)3@>vS*|ej
z_)4la>Fq4UdL7}{#^KlW*noxJjr=|>(H@VFnEz#~Eo|q#Oj*O;XSWzn?piK?8{Xm6
zrCFKgTBdhrOKFPx9r@ZjzgKDSCkh+k!MHsecJ{K%47RO>4D)95{58ovrc_J=<~i!{
zNZ;uD4PD0#B1Z=ynb?}<!WX?c#cb=cGR|~AaUg>yl1D=~$GZnqLEa$UQd4bnFfned
zK+$yMM~=$*Xk6+!DmP=lWDiYxZ|r9lkM9|>@5|UCui!y$Dd0?{N2`pqIQ>0O37NS|
z&wNFC7Ho6m&j;GkNs1j7s2jRSMTw|JW{i;aX-;a>#eh|PC&qt!r(E0vVP-E!5o4~O
zihL&pzxmGx>l&=*roAI^*Qpo9bsVHJH^MHG@IX8tUe80L0j1t&lQ$AJkUD5Kf$+b5
z6|+THBS`|o8}$2=X~#%&EYOozM}AnKD*TyQy7Ig2g^!H6j<95^E-6}HU=)WOhF{#>
zDYG9omp;exeiym-xDa0YG<xE<MpcU0uPG^*<*6I|W+$xOv(WgP5Uedz-|_NFqHr*{
zeY&5LM^^hV-nuNKI$ME;9CDKjUcD1ntzS7xCRAi;r!W|llsJlq=_<As56=;k$!UUD
zg@)I|8wk49&i0ekch6p1)$j}C`Xgm$cCdeqqPAjM-@{X}{g0}Lr}eUTCC4psggw)t
zw~$KGjvdLl3P5=JIqe4Vmi#+P=!QLDJ_jQLW#F1bVy&WsoF8soO2jyuJ`f|xu0%Fl
z3}PWM)?q1@aoss62X+|%>eFREM62p`>$$2dQzj)J%IWsnXbM0(fwQhFy(WEC`r6pW
zQN>CtH)*fc${S*HJ2wu;__N-^W1+<oRRdS`Chz5S_%I7?e#h9v6f*%7D)dr|HW7ec
z4PD%uF93S=(7SAfk}_#Ix1goP`AquXuLGU20xlDglKGmtp?m*z(!sGx(SD|jWz0lU
z)UU7`c)qxiQ+A8;C$qNNAi-pXapN);Kd^USPODW0fRsaWz6H0dFsgA+b7z`PAZimM
z8*<ddP4#u6ir1C>_%q90zl2Xygik{oZv)moqiZ8Qz4;ZibiK^^hU_{IueKK+xAthe
zb+g90dL{RgX{%G6&*|W6(jvFs_OY*>YdRcheu}<TWM<>V*EMqgE`e_&*17frtAgq=
z8=KcFC3=1R*k=o`Q}@y2TlKYy1j2d`U}J{<ucd2`N;*x$&g`CAPp$qjYaY~c)YNfi
zib?TqdM3vl#i9@+R*4<2qocA&c?ZlXn?=n#<PDluvBGqcbjurE4MatB5OhUMO+`e!
zpaOE4A3DGPzjNO6z0Y~x=Y8Jq_kCs(#Cd{FQM*yfXRIx;IdzxufTD=(YMrXMJG{r3
zKKb^O<-c<k3fms?|Ly|<wZ7&JjXSL*GP9xKIrO+cuQVSmZql6%wUTwg2h-l7L@nCl
zV6rNDen=5wbMc&A!CJ%g3<Qhx3iy9z$gU{<b&@hXM9Onl*-NPa!n8G}P6FVS7@!op
z#070<nYabz_0V1Z9y~HomuQYNv$z_Y$8S|Ec6UJ{Q1mFL#HO`h_uS=-4g^|vj6Gpm
zZ}t*e=_=i299<cAwIZ;~1xxzRg~+?Z9q&Z|Gu*l5V+MZwK{8PeiNNxw2Dee`|6M6z
zt9n2i6~!J4!LBA9yu~!BZlJha0y@tXM~6W9#8+g{Tr=XDTO%@D*6Dp+Q8iNqcx3u8
zMeM*1qiybjL$h~L^^6@n_h(LFo{|H2JW#-qAfDadTtMfTYOe{5B>`Jx#LnIi12I01
z<A%7)SITB6l<w1ExPlWC>!+VgHh1RDHylR=K6I#J$21C-B=r?Z1m8D-8JR^5s?%)Z
zeq1jdOd<&C5|f*_DA^cxG=H8uq{BGBvvq#=iN!^@|72IXsGrqIG87N>>x*KC+jQ$s
ziLdsTnh`DCjI;jky6Up{w=z19gYR#AngEL*?8J9ua2Tl#J&|y`S?80T-r&^;6OuQJ
zKi1|8IVAzRcM&T6xguKrdACQ6n;lNNPY-}&X9fZWuC>{+J&&z=YJwnmH~wAZd`IT=
zYskot02Az_MoTq?$+-XE?t8mDEB*;ji{8s@&bb_I!$>#5tYbm&Y9G=WZ(e}%1a$TG
zL7>aunhN3Kqbfu9Jx~9+lCO%tn-`Y_QQR<%w2wcpj6?8wb@J|$12@y@qb5{Uj9$Ca
z?-$utTRyn8#^aP3kmnl=?V$WY8AxSGqHONkC4Afmn3>OC6V@k5<tuW71D=gX9h=Sz
zrPNruEsE2#Go!pFAT2jgp@1bwjLV2Aw95|TuErK+ioi)fQfClPiMqM3Z4tHIch-2*
z_Ayl;5sh+&?lTg8FeiM;qW~J}a#8;Bt)sr0UQ@D5wBl1CQyJ5@o!~-JN@9Lm$d$5m
zC_b&FcK+XAxUy`kN<ICvTv_%QDi=dT^d`h!XDeGCD1{*6R8Z1#P=EU~##Pk8PA^m7
zfH4}mEo1Xb+R+WSvq(<Gq#f4R_5p#+_d_s!ljkI)-T4Wx%i5d|AKS`m<~Vadyma}E
zPU;k9F>d69dV$52MY3(wuIhnFmN=JL3_dtayyq)@;fU|o2m<gLOjGab-<Y2tWZ+J9
zwLK~I5NRFkzOZ1KAa=9o|1!?LIwU_XQLdHv8aEKz_S9q%m_v4`AA>NR>a8=wE8jrx
zm7;Tx1VhnCV3JXRlBN!+N$6^v^#!i@$d_bq@9LS^Z-8t@;#M@E{LRB23r$(Iz~Qd_
zue|_KbG#}Uqh&gx{g(Wx2?mLG^Ulp4ma4*)jL_5xSS+G$3=$!^G~@yvK04Ep5?XOp
zA=d4=#yF42EW+g04Y&J<qBYg_>nF)|ooBX%OjhD*VXKXw8`Pfpy##h5LQ#eto>pRL
zk3<AWl-~HI$(RuCS5z~z+?xTKes3$;CcN&3ICNxWeO#NQ2GRMyu-f>`_(O@m=LCg+
z%n9P%E3>>1Wi)@JrOH4?*=?XJo@zbOcdC9-5spVw-}-|6lF{0=R?s*Ng~1Npf>N7T
z#y$Cj_l(48SNe$fNYOu}J!8=p=Nq?5B_6-Q*gjS*L<p==Z3rOF(F1q;^nWq_`Cw&%
z-Z3~x+g+m9`FrRGKJx%>g>+x)g2k^{wsCv?u_mthVyp{5!S|H2zJ9#JFwSE#2<6}A
zC8u4h)N<ux-}IfaO~Q^WPNe~IkWZ=cCo|K6lW=KLagCyW-md_e7l+)K#72uWygfnh
z!za(ZCZ07VCr09w6IV`+)CoKRH$MeOq8fBhe-F$i;iORM%{nZ>#RKcxu1=5Wn}d0%
zQ-@Oy(l<L={W!2aOk*VA53!BUk7{Ny$B<|68UQ@Y+@yFlcgbpN^bXzY{_}A25AYNM
z-*a;{+GDdpsoS)XC=DfnyRYVKgvwtLhOODYwjV%QAJo#^C^Td*0W+_KX-Y{3aTzi|
zsZ=q4;!E@B@)smN*hom4LFnp>tFLdM@)_!UGJiSP)tWw8ZrOM#zX(QCFTGp(XE)I7
h_a_5Est~}zy=2sKoNxx{G=cw1LN0#ScJ5z=e*jZv9Ekt`

literal 0
HcmV?d00001

diff --git a/docs/index.md b/docs/index.md
index fbb33c51af..4129e67ee0 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,39 +1,3 @@
-# Amazon EKS Blueprints for Terraform
-
-![GitHub](https://img.shields.io/github/license/aws-ia/terraform-aws-eks-blueprints)
-
-Welcome to Amazon EKS Blueprints for Terraform!
-
-This repository contains a collection of Terraform modules that aim to make it easier and faster for customers to adopt [Amazon EKS](https://aws.amazon.com/eks/).
-
-## What is EKS Blueprints
-
-EKS Blueprints helps you compose complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads. With EKS Blueprints, you describe the configuration for the desired state of your EKS environment, such as the control plane, worker nodes, and Kubernetes add-ons, as an IaC blueprint. Once a blueprint is configured, you can use it to stamp out consistent environments across multiple AWS accounts and Regions using continuous deployment automation.
-
-You can use EKS Blueprints to easily bootstrap an EKS cluster with Amazon EKS add-ons as well as a wide range of popular open-source add-ons, including Prometheus, Karpenter, Nginx, Traefik, AWS Load Balancer Controller, Fluent Bit, Keda, ArgoCD, and more. EKS Blueprints also helps you implement relevant security controls needed to operate workloads from multiple teams in the same cluster.
-
-## Examples
-
-To view a library of examples for how you can leverage `terraform-aws-eks-blueprints`, please see our [examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples).
-
-## Workshop
-We maintain a hands-on self-paced workshop, the [EKS Blueprints for Terraform workshop](https://catalog.workshops.aws/eks-blueprints-terraform/en-US) helps you with foundational setup of your EKS cluster, and it gradually adds complexity via existing and new modules.
-
-![EKS Blueprints for Terraform](https://static.us-east-1.prod.workshops.aws/public/6ad9b13b-df6a-4609-a586-fd2b7f25863c/static/eks_cluster_1.svg)
-
-
-## Motivation
-
-Kubernetes is a powerful and extensible container orchestration technology that allows you to deploy and manage containerized applications at scale. The extensible nature of Kubernetes also allows you to use a wide range of popular open-source tools, commonly referred to as add-ons, in Kubernetes clusters. With such a large number of tooling and design choices available however, building a tailored EKS cluster that meets your application’s specific needs can take a significant amount of time. It involves integrating a wide range of open-source tools and AWS services and requires deep expertise in AWS and Kubernetes.
-
-AWS customers have asked for examples that demonstrate how to integrate the landscape of Kubernetes tools and make it easy for them to provision complete, batteries-included EKS clusters that meet specific application requirements. EKS Blueprints was built to address this customer need. You can use EKS Blueprints to configure and deploy purpose built EKS clusters, and start onboarding workloads in days, rather than months.
-
-## What can I do with this Solution?
-
-Customers can use this solution to easily architect and deploy complete, opinionated EKS clusters. Specifically, customers can leverage the eks-blueprints module to:
-
-- Deploy Well-Architected EKS clusters across any number of accounts and regions.
-- Manage cluster configuration, including add-ons that run in each cluster, from a single Git repository.
-- Define teams, namespaces, and their associated access permissions for your clusters.
-- Leverage GitOps-based workflows for onboarding and managing workloads for your teams.
-- Create Continuous Delivery (CD) pipelines that are responsible for deploying your infrastructure.
+{%
+   include-markdown "../README.md"
+%}
diff --git a/docs/internal/.pages b/docs/internal/.pages
deleted file mode 100644
index e2d5ae9127..0000000000
--- a/docs/internal/.pages
+++ /dev/null
@@ -1 +0,0 @@
-hide: true
diff --git a/docs/modules/emr-on-eks.md b/docs/modules/emr-on-eks.md
deleted file mode 100644
index e323b3a77e..0000000000
--- a/docs/modules/emr-on-eks.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# EMR on EKS
-
-EMR on EKS is a deployment option in EMR that allows you to automate the provisioning and management of open-source big data frameworks on EKS.
-This module deploys the necessary resources to run EMR Spark Jobs on EKS Cluster.
-
-- Create a new Namespace to run Spark workloads
-- Create K8s Role and Role Binding to allow the username `emr-containers` on a given namespace(`spark`)
-- Create RBAC permissions and adding EMR on EKS service-linked role into aws-auth configmap
-- Enables IAM Roles for Service Account (IRSA)
-- Update trust relationship for job execution role
-
-## Usage
-
-[EMR on EKS](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/emr-on-eks) can be deployed by enabling the module via the following.
-
-Checkout this [Blog](https://aws.amazon.com/blogs/mt/monitoring-amazon-emr-on-eks-with-amazon-managed-prometheus-and-amazon-managed-grafana/) to setup Observability for EMR on EKS Spark Jobs
-
-```hcl
-    #---------------------------------------
-    # ENABLE EMR ON EKS
-    #---------------------------------------
-    enable_emr_on_eks = true
-    emr_on_eks_teams = {
-      emr-team-a = {
-        namespace               = "emr-data-team-a"
-        job_execution_role      = "emr-eks-data-team-a"
-        additional_iam_policies = ["<ENTER-IAM-POLICY-ARN>"]
-      }
-      emr-team-b = {
-        namespace               = "emr-data-team-b"
-        job_execution_role      = "emr-eks-data-team-b"
-        additional_iam_policies = ["<ENTER-IAM-POLICY-ARN>"]
-      }
-    }
-```
-
-Once deployed, you can create Virtual EMR Cluster and execute Spark jobs. See the [document](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-registration.html) below for more details.
diff --git a/docs/teams.md b/docs/teams.md
deleted file mode 100644
index 739d3ca8d8..0000000000
--- a/docs/teams.md
+++ /dev/null
@@ -1,118 +0,0 @@
-# Teams
-
-## Introduction
-
-EKS Blueprints provides support for onboarding and managing teams and easily configuring cluster access. We currently support two `Team` types: `application_teams` and `platform_teams`.
-
-`Application Teams` represent teams managing workloads running in cluster namespaces and `Platform Teams` represents platform administrators who have admin access (masters group) to clusters.
-
-You can reference the [aws-eks-teams](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/aws-eks-teams) module to create your own team implementations.
-
-### ApplicationTeam
-
-To create an `application_team` for your cluster, you will need to supply a team name, with the options to pass map of labels, map of resource quotas, existing IAM entities (user/roles), and a directory where you may optionally place any policy definitions and generic manifests for the team. These manifests will be applied by EKS Blueprints and will be outside of the team control.
-
-**NOTE:** When the manifests are applied, namespaces are not checked. Therefore, you are responsible for namespace settings in the yaml files.
-
-> As of today (2020-05-01), resource `kubernetes_manifest` can only be used (`terraform plan/apply...`) only after the cluster has been created and the cluster API can be accessed. Read ["Before you use this resource"](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest#before-you-use-this-resource) section for more information.
-
-To overcome this limitation, you can add/enable `manifests_dir` after you applied and created the cluster first. We are working on a better solution for this.
-
-#### Application Team Example
-
-```hcl
-  # EKS Application Teams
-
-  application_teams = {
-    # First Team
-    team-blue = {
-      "labels" = {
-        "appName"     = "example",
-        "projectName" = "example",
-        "environment" = "example",
-        "domain"      = "example",
-        "uuid"        = "example",
-      }
-      "quota" = {
-        "requests.cpu"    = "1000m",
-        "requests.memory" = "4Gi",
-        "limits.cpu"      = "2000m",
-        "limits.memory"   = "8Gi",
-        "pods"            = "10",
-        "secrets"         = "10",
-        "services"        = "10"
-      }
-      manifests_dir = "./manifests"
-      # Belows are examples of IAM users and roles
-      users = [
-        "arn:aws:iam::123456789012:user/blue-team-user",
-        "arn:aws:iam::123456789012:role/blue-team-sso-iam-role"
-      ]
-    }
-
-    # Second Team
-    team-red = {
-      "labels" = {
-        "appName"     = "example2",
-        "projectName" = "example2",
-      }
-      "quota" = {
-        "requests.cpu"    = "2000m",
-        "requests.memory" = "8Gi",
-        "limits.cpu"      = "4000m",
-        "limits.memory"   = "16Gi",
-        "pods"            = "20",
-        "secrets"         = "20",
-        "services"        = "20"
-      }
-      manifests_dir = "./manifests2"
-      users = [
-
-        "arn:aws:iam::123456789012:role/other-sso-iam-role"
-      ]
-    }
-  }
-```
-
-EKS Blueprints will do the following for every provided team:
-
-- Create a namespace
-- Register quotas
-- Register IAM users for cross-account access
-- Create a shared role for cluster access. Alternatively, an existing role can be supplied.
-- Register provided users/roles in the `aws-auth` configmap for `kubectl` and console access to the cluster and namespace.
-- (Optionally) read all additional manifests (e.g., network policies, OPA policies, others) stored in a provided directory, and apply them.
-
-### PlatformTeam
-
-To create an `Platform Team` for your cluster, simply use `platform_teams`. You will need to supply a team name and and all users/roles.
-
-#### Platform Team Example
-
-```hcl
-  platform_teams = {
-    admin-team-name-example = {
-      users = [
-        "arn:aws:iam::123456789012:user/admin-user",
-        "arn:aws:iam::123456789012:role/org-admin-role"
-      ]
-    }
-  }
-```
-
-`Platform Team` does the following:
-
-- Registers IAM users for admin access to the cluster (`kubectl` and console).
-- Registers an existing role (or create a new role) for cluster access with trust relationship with the provided/created role.
-
-## Cluster Access (`kubectl`)
-
-The output will contain the IAM roles for every application(`application_teams_iam_role_arn`) or platform team(`platform_teams_iam_role_arn`).
-
-To update your kubeconfig, you can run the following command:
-
-```
-aws eks update-kubeconfig --name ${eks_cluster_id} --region ${AWS_REGION} --role-arn ${TEAM_ROLE_ARN}
-```
-
-Make sure to replace the `${eks_cluster_id}`, `${AWS_REGION}` and `${TEAM_ROLE_ARN}` with the actual values.
diff --git a/mkdocs.yml b/mkdocs.yml
index db75cd711f..2e751bfc61 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -1,25 +1,65 @@
 site_name: Amazon EKS Blueprints for Terraform
-repo_name: "aws-ia/terraform-aws-eks-blueprints"
-repo_url: "https://github.com/aws-ia/terraform-aws-eks-blueprints"
-edit_uri: "edit/main/docs/"
-docs_dir: "docs"
+docs_dir: 'docs/'
+copyright: 'Copyright &copy; Amazon 2023'
+site_author: 'AWS'
+site_url: 'https://aws-ia.github.io/terraform-aws-eks-blueprints/'
+repo_name: 'terraform-aws-eks-blueprints'
+repo_url: 'https://github.com/aws-ia/terraform-aws-eks-blueprints'
+
 theme:
   name: material
+  logo: images/white-logo.png
+  favicon: images/colored-logo.png
+  font:
+    text: ember
+  palette:
+    primary: orange
+    accent: orange
+  icon:
+    repo: fontawesome/brands/github
+    admonition:
+      note: octicons/tag-16
+      abstract: octicons/checklist-16
+      info: octicons/info-16
+      tip: octicons/squirrel-16
+      success: octicons/check-16
+      question: octicons/question-16
+      warning: octicons/alert-16
+      failure: octicons/x-circle-16
+      danger: octicons/zap-16
+      bug: octicons/bug-16
+      example: octicons/beaker-16
+      quote: octicons/quote-16
   features:
-    - tabs
-markdown_extensions:
-  - def_list
-  - pymdownx.highlight
-  - pymdownx.superfences
-  - pymdownx.inlinehilite
-  - pymdownx.tasklist:
-      custom_checkbox: true
-  - toc:
-      permalink: true
+    - navigation.tabs.sticky
+  highlightjs: true
+  hljs_languages:
+    - yaml
+    - json
+
 plugins:
-  - search
-  - awesome-pages
   - include-markdown
+  - search:
+      lang:
+        - en
+  - awesome-pages
+
 extra:
   version:
     provider: mike
+
+markdown_extensions:
+  - admonition
+  - codehilite
+  - footnotes
+  - pymdownx.critic
+  - pymdownx.details
+  - pymdownx.highlight:
+      anchor_linenums: true
+      line_spans: __span
+      pygments_lang_class: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets
+  - pymdownx.superfences
+  - toc:
+      permalink: true

From 7aea5098f45fc43dda621796dd290194bcc9fcec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Allamand?= <sallaman@amazon.com>
Date: Sat, 3 Jun 2023 01:37:22 +0200
Subject: [PATCH 28/31] fix: Update blue/green example docs (#1625)

---
 examples/blue-green-upgrade/README.md | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/examples/blue-green-upgrade/README.md b/examples/blue-green-upgrade/README.md
index 5f59f62ff7..a8e570c023 100644
--- a/examples/blue-green-upgrade/README.md
+++ b/examples/blue-green-upgrade/README.md
@@ -4,6 +4,8 @@ This directory provides a solution based on [EKS Blueprint for Terraform](https:
 
 We are leveraging [the existing EKS Blueprints Workloads GitHub repository sample](https://github.com/aws-samples/eks-blueprints-workloads) to deploy our GitOps [ArgoCD](https://aws-ia.github.io/terraform-aws-eks-blueprints/add-ons/argocd/) applications, which are defined as helm charts. We are leveraging [ArgoCD Apps of apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern where an ArgoCD Application can also reference other Helm charts to deploy.
 
+> You can also find more informations in the [associated blog post](https://aws.amazon.com/blogs/containers/blue-green-or-canary-amazon-eks-clusters-migration-for-stateless-argocd-workloads/)
+
 ## Table of content
 
 - [Blue/Green or Canary Amazon EKS clusters migration for stateless ArgoCD workloads](#bluegreen-or-canary-amazon-eks-clusters-migration-for-stateless-argocd-workloads)
@@ -168,7 +170,6 @@ Note it will allow the role associated to the parameter **eks_admin_role_name**
 
 You can also connect with the user who created the EKS cluster without specifying the `--role-arn` parameter
 
-
 Next, you can interact with the cluster and see the deployment
 
 ```bash
@@ -338,7 +339,7 @@ In this sample, we uses a simple terraform variable to control the weight for al
 
 > This section, can be executed in either eks-blue or eks-green folders, or in both if you want to delete both clusters.
 
-In order to properly destroy the Cluster, we need first to remove the ArgoCD workloads, while keeping the ArgoCD addons.
+In order to properly destroy the Cluster, we need first to remove the ArgoCD workloads, while keeping the ArgoCD addons. We will also need to remove our Karpenter provisioners, and any other objects you created outside of Terraform that needs to be cleaned before destroying the terraform stack.
 
 Why doing this? When we remove an ingress object, we want the associated Kubernetes add-ons like aws load balancer controller and External DNS to correctly free the associated AWS resources. If we directly ask terraform to destroy everything, it can remove first theses controllers without allowing them the time to remove associated aws resources that will still existing in AWS, preventing us to completely delete our cluster.
 
@@ -350,13 +351,22 @@ Why doing this? When we remove an ingress object, we want the associated Kuberne
 
 #### Manual
 
-1. Delete Workloads App of App
+1. If also deployed, delete your Karpenter provisioners
+
+this is safe to delete if no addons are deployed on Karpenter, which is the case here.
+If not we should separate the team-platform deployments which installed Karpenter provisioners in a separate ArgoCD Application to avoid any conflicts.
+
+```bash
+kubectl delete provisioners.karpenter.sh --all
+```
+
+2. Delete Workloads App of App
 
 ```bash
 kubectl delete application workloads -n argocd
 ```
 
-2. If also deployed, delete ecsdemo App of App
+3. If also deployed, delete ecsdemo App of App
 
 ```bash
 kubectl delete application ecsdemo -n argocd
@@ -366,11 +376,11 @@ Once every workload applications as been freed on AWS side, (this can take some
 
 > Note: it can take time to deregister all load balancers, verify that you don't have any more AWS resources created by EKS prior to start destroying EKS with terraform.
 
-3. Destroy terraform resources
+4. Destroy terraform resources
 
 ```bash
-terraform apply -destroy -target="module.kubernetes_addons" -auto-approve
-terraform apply -destroy -target="module.eks_blueprints" -auto-approve
+terraform apply -destroy -target="module.eks_cluster.module.kubernetes_addons" -auto-approve
+terraform apply -destroy -target="module.eks_cluster.module.eks" -auto-approve
 terraform apply -destroy -auto-approve
 ```
 

From 84093862e4add4976c6396d4aa471f52c2892c01 Mon Sep 17 00:00:00 2001
From: Rodrigo Bersa <rodrigo.bersa@gmail.com>
Date: Fri, 2 Jun 2023 17:28:59 -0700
Subject: [PATCH 29/31] refactor: Refactor AppMesh-mTLS example. (#1627)

---
 examples/appmesh-mtls/README.md               | 246 +++++++++++++++++-
 examples/appmesh-mtls/main.tf                 |   4 +-
 .../do-not-use/docs/aws-fsx-csi-driver.md     |  57 ++++
 3 files changed, 291 insertions(+), 16 deletions(-)
 create mode 100644 examples/do-not-use/docs/aws-fsx-csi-driver.md

diff --git a/examples/appmesh-mtls/README.md b/examples/appmesh-mtls/README.md
index 0af6fdcf33..1c66cf41a9 100644
--- a/examples/appmesh-mtls/README.md
+++ b/examples/appmesh-mtls/README.md
@@ -1,6 +1,6 @@
-# EKS Cluster w/ AppMesh mTLS
+# EKS Cluster with AppMesh mTLS
 
-This example shows how to provision an EKS cluster with AppMesh mTLS enabled.
+This examples demonstrates how to deploy an Amazon EKS cluster with AppMesh mTLS enabled.
 
 ## Prerequisites:
 
@@ -16,6 +16,8 @@ To provision this example:
 
 ```sh
 terraform init
+terraform apply -target module.vpc
+terraform apply -target module.eks -target module.eks_blueprints_addons
 terraform apply
 ```
 
@@ -26,36 +28,252 @@ Enter `yes` at command prompt to apply
 
 The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the deployment.
 
-1. Run `update-kubeconfig` command:
+1. Check the Terraform provided Output, to update your `kubeconfig`
+
+```hcl
+Apply complete! Resources: 63 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+configure_kubectl = "aws eks --region us-west-2 update-kubeconfig <CLUSTER_NAME>"
+```
+
+This example deploys the folowing Kubernetes resources:
+* The `appmesh-controller` in the `appmesh-system` Namespace.
+* The `cert-manager` resources on `cert-manager` Namespace.
+* The `aws-privateca-issuer` on `kube-system` Namespace.
+* A Cluster Issuer `appmesh-mtls`.
+* A Certificate `example`.
+* A Secret named `example-clusterissuer` in the `default` Namespace, generated by `aws-privateca-issuer` tied to the `example` Certificate.
+
+2. List the created Resources.
+
+```sh
+kubectl get pods -A  
+NAMESPACE          NAME                                       READY   STATUS    RESTARTS   AGE
+amazon-guardduty   aws-guardduty-agent-54tlt                  1/1     Running   0          4h42m
+amazon-guardduty   aws-guardduty-agent-tl574                  1/1     Running   0          4h42m
+appmesh-system     appmesh-controller-7c98b87bdc-q6226        1/1     Running   0          4h44m
+cert-manager       cert-manager-87f5555f-tcxj7                1/1     Running   0          4h43m
+cert-manager       cert-manager-cainjector-8448ff8ddb-wwjsc   1/1     Running   0          4h43m
+cert-manager       cert-manager-webhook-5468b675b-fvdwk       1/1     Running   0          4h43m
+kube-system        aws-node-rf4wg                             1/1     Running   0          4h43m
+kube-system        aws-node-skkwh                             1/1     Running   0          4h43m
+kube-system        aws-privateca-issuer-b6fb8c5bd-hh8q4       1/1     Running   0          4h44m
+kube-system        coredns-5f9f955df6-qhr6p                   1/1     Running   0          4h44m
+kube-system        coredns-5f9f955df6-tw8r7                   1/1     Running   0          4h44m
+kube-system        kube-proxy-q72l9                           1/1     Running   0          4h43m
+kube-system        kube-proxy-w54pc                           1/1     Running   0          4h43m
+```
+
+```sh
+kubectl get awspcaclusterissuers.awspca.cert-manager.io
+NAME           AGE
+appmesh-mtls   4h42m
+```
+
+```sh
+kubectl get certificate  
+NAME      READY   SECRET                  AGE
+example   True    example-clusterissuer   4h12m
+```
+
+```sh
+kubectl describe secret example-clusterissuer
+Name:         example-clusterissuer
+Namespace:    default
+Labels:       controller.cert-manager.io/fao=true
+Annotations:  cert-manager.io/alt-names:
+              cert-manager.io/certificate-name: example
+              cert-manager.io/common-name: example.com
+              cert-manager.io/ip-sans:
+              cert-manager.io/issuer-group: awspca.cert-manager.io
+              cert-manager.io/issuer-kind: AWSPCAClusterIssuer
+              cert-manager.io/issuer-name: appmesh-mtls
+              cert-manager.io/uri-sans:
+
+Type:  kubernetes.io/tls
+
+Data
+====
+ca.crt:   1785 bytes
+tls.crt:  1517 bytes
+tls.key:  1675 bytes
+```
+
+
+3. Create the AWS App Mesh Resources on your Amazon EKS Cluster. Full documentation can be found [here](https://docs.aws.amazon.com/app-mesh/latest/userguide/getting-started-kubernetes.html#configure-app-mesh).
+
+   1.  Annotate the `default` Namespace to allow Side Car Injection.
 
 ```sh
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+kubectl label namespaces default appmesh.k8s.aws/sidecarInjectorWebhook=enabled
+namespace/default labeled
 ```
 
-2. List the nodes running currently
+  2. Create the Mesh.
 
 ```sh
-kubectl get nodes
+cat <<EOF | kubectl apply -f -
+apiVersion: appmesh.k8s.aws/v1beta2
+kind: Mesh
+metadata:
+  name: appmesh-example
+spec:
+  namespaceSelector:
+    matchLabels:
+      kubernetes.io/metadata.name: default
+EOF
+mesh.appmesh.k8s.aws/appmesh-example created
+```
 
-# Output should look like below
-NAME                                        STATUS                        ROLES    AGE     VERSION
-ip-10-0-30-125.us-west-2.compute.internal   Ready                         <none>   2m19s   v1.22.9-eks-810597c
+  3. Create a Virtual Node.
+
+```sh
+cat <<EOF | kubectl apply -f -  
+apiVersion: appmesh.k8s.aws/v1beta2
+kind: VirtualNode
+metadata:
+  name: appmesh-example-vn
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app: appmesh-example
+  listeners:
+    - portMapping:
+        port: 80
+        protocol: http
+  backendDefaults:
+    clientPolicy:
+      tls:
+        certificate:
+          sds:
+            secretName: example-clusterissuer
+        enforce: true
+        ports: []
+        validation:
+          trust:
+            acm:
+              certificateAuthorityARNs:
+              - arn:aws:acm-pca:us-west-2:978045894046:certificate-authority/4386d166-4d68-4347-b940-4324ac493d65
+  serviceDiscovery:
+    dns:
+      hostname: appmesh-example-svc.default.svc.cluster.local
+EOF
 ```
 
-3. List out the pods running currently:
+  4. Create a Virtual Router.
 
 ```sh
-kubectl get pods -A
+cat <<EOF | kubectl apply -f -  
+apiVersion: appmesh.k8s.aws/v1beta2
+kind: VirtualRouter
+metadata:
+  namespace: default
+  name: appmesh-example-vr
+spec:
+  listeners:
+    - portMapping:
+        port: 80
+        protocol: http
+  routes:
+    - name: appmesh-example-route
+      httpRoute:
+        match:
+          prefix: /
+        action:
+          weightedTargets:
+            - virtualNodeRef:
+                name: appmesh-example-vn
+              weight: 1
+EOF
+```
 
-# TODO
+  5. Create a Virtual Service.
+
+```sh
+cat <<EOF | kubectl apply -f -  
+apiVersion: appmesh.k8s.aws/v1beta2
+kind: VirtualService
+metadata:
+  name: appmesh-example-vs
+  namespace: default
+spec:
+  awsName: appmesh-example-svc.default.svc.cluster.local
+  provider:
+    virtualRouter:
+      virtualRouterRef:
+        name: appmesh-example-vr
+EOF
 ```
 
+  6. Create a Deployment and a Service in the `default` Namespace.
+
+```sh
+cat <<EOF | kubectl apply -f -  
+apiVersion: v1
+kind: Service
+metadata:
+  name: appmesh-example-svc
+  namespace: default
+  labels:
+    app: appmesh-example
+spec:
+  selector:
+    app: appmesh-example
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: appmesh-example-app
+  namespace: default
+  labels:
+    app: appmesh-example
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: appmesh-example
+  template:
+    metadata:
+      labels:
+        app: appmesh-example
+    spec:
+      serviceAccountName: appmesh-example-sa
+      containers:
+      - name: nginx
+        image: nginx:1.19.0
+        ports:
+        - containerPort: 80
+EOF
+```
+
+  7. Validate if the Pods are in `Running` state with 2 Containers, being one of them the injected sidecar from AppMesh.
+
+```sh
+kubectl get pods
+NAME                                   READY   STATUS    RESTARTS   AGE
+appmesh-example-app-6946cdbdf6-gnxww   2/2     Running   0          54s
+appmesh-example-app-6946cdbdf6-nx9tg   2/2     Running   0          54s
+```
+
+
 ## Destroy
 
 To teardown and remove the resources created in this example:
 
 ```sh
-terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
-terraform destroy -target="module.eks_blueprints" -auto-approve
+kubectl delete deployments appmesh-example-app; kubectl delete service appmesh-example-svc
+kubectl delete virtualservices.appmesh.k8s.aws appmesh-example-vs
+kubectl delete virtualrouters.appmesh.k8s.aws appmesh-example-vr
+kubectl delete virtualnodes.appmesh.k8s.aws appmesh-example-vn  
+kubectl delete meshes.appmesh.k8s.aws appmesh-example
+terraform destroy -target="module.appmesh_addon" -auto-approve
+terraform destroy -target="module.eks_blueprints_addons" -auto-approve
 terraform destroy -auto-approve
 ```
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 67bd07a23d..667fca2aa1 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -128,7 +128,7 @@ module "appmesh_addon" {
   version = "1.0.0"
 
   chart            = "appmesh-controller"
-  chart_version    = "1.7.0"
+  chart_version    = "1.11.0"
   repository       = "https://aws.github.io/eks-charts"
   description      = "AWS App Mesh Helm Chart"
   namespace        = "appmesh-system"
@@ -146,7 +146,7 @@ module "appmesh_addon" {
   # IAM role for service account (IRSA)
   create_role             = true
   role_name               = "appmesh-controller-"
-  source_policy_documents = data.aws_iam_policy_document.appmesh.json
+  source_policy_documents = [data.aws_iam_policy_document.appmesh.json]
 
   oidc_providers = {
     this = {
diff --git a/examples/do-not-use/docs/aws-fsx-csi-driver.md b/examples/do-not-use/docs/aws-fsx-csi-driver.md
new file mode 100644
index 0000000000..e947792ac0
--- /dev/null
+++ b/examples/do-not-use/docs/aws-fsx-csi-driver.md
@@ -0,0 +1,57 @@
+# Amazon FSx for Lustre CSI Driver
+
+This add-on deploys the [Amazon FSx for Lustre CSI Driver](https://docs.aws.amazon.com/eks/latest/userguide/fsx-csi.html) in to an Amazon EKS Cluster.
+
+## Usage
+
+The [Amazon FSx for Lustre CSI Driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-fsx-csi-driver) can be deployed by enabling the add-on via the following.
+
+```hcl
+  enable_aws_fsx_csi_driver = true
+```
+
+You can optionally customize the Helm chart deployment using a configuration like the following.
+
+```hcl
+  enable_aws_fsx_csi_driver = true
+  aws_fsx_csi_driver = {
+    namespace     = "aws-fsx-csi-driver"
+    chart_version = "1.5.1"
+    role_policies = <ADDITIONAL_IAM_POLICY_ARN>
+  }
+```
+
+You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/values.yaml)
+
+Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace.
+
+```sh
+$ kubectl get deployment fsx-csi-controller -n kube-system
+
+NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
+fsx-csi-controller   2/2     2            2           4m29s
+```
+
+```sh
+$ kubectl get daemonset fsx-csi-node -n kube-system
+
+NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
+fsx-csi-node   3         3         3       3            3           kubernetes.io/os=linux   4m32s
+```
+
+### GitOps Configuration
+
+`ArgoCD` with `App of Apps` GitOps enabled for this Add-on by enabling the following variable
+
+```hcl
+argocd_manage_add_ons = true
+```
+
+The following is configured to ArgoCD App of Apps for this Add-on.
+
+```hcl
+  argocd_gitops_config = {
+    enable             = true
+    serviceAccountName = local.service_account
+  }
+```

From f6d7063b8ae5728a81c6606d81247b26a4043068 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Sat, 3 Jun 2023 08:54:54 -0400
Subject: [PATCH 30/31] fix: Remove Terraform module code from project (#1628)

---
 aws-auth-configmap.tf                         |    34 -
 data.tf                                       |   137 -
 docs/extensibility.md                         |   277 -
 eks-worker.tf                                 |    44 -
 examples/agones-game-controller/main.tf       |     2 +-
 examples/appmesh-mtls/main.tf                 |     2 +-
 .../do-not-use/docs/aws-fsx-csi-driver.md     |    57 -
 examples/eks-efa/.gitignore                   |     6 -
 examples/eks-efa/README.md                    |   659 -
 examples/eks-efa/main.tf                      |   261 -
 examples/eks-efa/outputs.tf                   |     9 -
 examples/eks-efa/providers.tf                 |    26 -
 examples/eks-efa/variables.tf                 |    17 -
 examples/elastic-fabric-adapter/README.md     |   245 +
 examples/elastic-fabric-adapter/main.tf       |   272 +
 examples/elastic-fabric-adapter/outputs.tf    |     4 +
 examples/elastic-fabric-adapter/variables.tf  |     1 +
 examples/elastic-fabric-adapter/versions.tf   |    29 +
 examples/external-secrets/main.tf             |     2 +-
 examples/fargate-serverless/main.tf           |     2 +-
 examples/karpenter/main.tf                    |     2 +-
 examples/stateful/main.tf                     |     2 +-
 examples/tls-with-aws-pca-issuer/main.tf      |     2 +-
 locals.tf                                     |   148 -
 main.tf                                       |   133 -
 modules/aws-eks-fargate-profiles/README.md    |    51 -
 modules/aws-eks-fargate-profiles/main.tf      |   103 -
 modules/aws-eks-fargate-profiles/outputs.tf   |    14 -
 modules/aws-eks-fargate-profiles/variables.tf |    16 -
 modules/aws-eks-fargate-profiles/versions.tf  |    10 -
 modules/aws-eks-managed-node-groups/README.md |    65 -
 modules/aws-eks-managed-node-groups/data.tf   |    14 -
 modules/aws-eks-managed-node-groups/iam.tf    |    31 -
 modules/aws-eks-managed-node-groups/locals.tf |   119 -
 modules/aws-eks-managed-node-groups/main.tf   |    84 -
 .../managed-launch-templates.tf               |    71 -
 .../aws-eks-managed-node-groups/outputs.tf    |    49 -
 .../templates/userdata-amazonlinux2eks.tpl    |    44 -
 .../templates/userdata-bottlerocket.tpl       |     6 -
 .../aws-eks-managed-node-groups/variables.tf  |    34 -
 .../aws-eks-managed-node-groups/versions.tf   |    10 -
 .../README.md                                 |    63 -
 .../aws-eks-self-managed-node-groups/data.tf  |    40 -
 .../aws-eks-self-managed-node-groups/iam.tf   |    47 -
 .../locals.tf                                 |    89 -
 .../aws-eks-self-managed-node-groups/main.tf  |    69 -
 .../outputs.tf                                |    44 -
 .../self-managed-launch-templates.tf          |    44 -
 .../variables.tf                              |    33 -
 .../versions.tf                               |    10 -
 modules/aws-eks-teams/README.md               |   181 -
 modules/aws-eks-teams/data.tf                 |    35 -
 modules/aws-eks-teams/locals.tf               |    12 -
 modules/aws-eks-teams/main.tf                 |   212 -
 modules/aws-eks-teams/outputs.tf              |    41 -
 modules/aws-eks-teams/variables.tf            |    34 -
 modules/aws-eks-teams/versions.tf             |    18 -
 modules/aws-kms/README.md                     |    60 -
 modules/aws-kms/main.tf                       |    14 -
 modules/aws-kms/outputs.tf                    |     9 -
 modules/aws-kms/variables.tf                  |    31 -
 modules/aws-kms/versions.tf                   |    10 -
 modules/emr-on-eks/README.md                  |    55 -
 modules/emr-on-eks/data.tf                    |    14 -
 modules/emr-on-eks/locals.tf                  |    15 -
 modules/emr-on-eks/main.tf                    |   125 -
 modules/emr-on-eks/outputs.tf                 |     9 -
 modules/emr-on-eks/variables.tf               |    27 -
 modules/emr-on-eks/versions.tf                |    18 -
 modules/irsa/README.md                        |    75 -
 modules/irsa/main.tf                          |    91 -
 modules/irsa/outputs.tf                       |    19 -
 modules/irsa/variables.tf                     |    73 -
 modules/irsa/versions.tf                      |    14 -
 modules/kubernetes-addons/README.md           |   411 -
 .../adot-collector-haproxy/README.md          |    54 -
 .../adot-collector-haproxy/main.tf            |    63 -
 .../otel-config/Chart.yaml                    |     6 -
 .../otel-config/templates/clusterrole.yaml    |    29 -
 .../templates/clusterrolebinding.yaml         |    12 -
 .../templates/opentelemetrycollector.yaml     |    67 -
 .../otel-config/values.yaml                   |     7 -
 .../adot-collector-haproxy/outputs.tf         |    19 -
 .../adot-collector-haproxy/variables.tf       |    34 -
 .../adot-collector-haproxy/versions.tf        |    14 -
 .../adot-collector-java/README.md             |    54 -
 .../adot-collector-java/main.tf               |    63 -
 .../otel-config/Chart.yaml                    |     6 -
 .../otel-config/templates/clusterrole.yaml    |    29 -
 .../templates/clusterrolebinding.yaml         |    12 -
 .../templates/opentelemetrycollector.yaml     |    67 -
 .../otel-config/values.yaml                   |     7 -
 .../adot-collector-java/outputs.tf            |    19 -
 .../adot-collector-java/variables.tf          |    34 -
 .../adot-collector-java/versions.tf           |    14 -
 .../adot-collector-memcached/README.md        |    54 -
 .../adot-collector-memcached/main.tf          |    63 -
 .../otel-config/Chart.yaml                    |     6 -
 .../otel-config/templates/clusterrole.yaml    |    29 -
 .../templates/clusterrolebinding.yaml         |    12 -
 .../templates/opentelemetrycollector.yaml     |    67 -
 .../otel-config/values.yaml                   |     7 -
 .../adot-collector-memcached/outputs.tf       |    19 -
 .../adot-collector-memcached/variables.tf     |    34 -
 .../adot-collector-memcached/versions.tf      |    14 -
 .../adot-collector-nginx/README.md            |    54 -
 .../adot-collector-nginx/main.tf              |    63 -
 .../otel-config/Chart.yaml                    |     6 -
 .../otel-config/templates/clusterrole.yaml    |    29 -
 .../templates/clusterrolebinding.yaml         |    12 -
 .../templates/opentelemetrycollector.yaml     |    67 -
 .../otel-config/values.yaml                   |     7 -
 .../adot-collector-nginx/outputs.tf           |    19 -
 .../adot-collector-nginx/variables.tf         |    34 -
 .../adot-collector-nginx/versions.tf          |    14 -
 modules/kubernetes-addons/agones/README.md    |    70 -
 modules/kubernetes-addons/agones/data.tf      |     3 -
 modules/kubernetes-addons/agones/locals.tf    |    28 -
 modules/kubernetes-addons/agones/main.tf      |    27 -
 modules/kubernetes-addons/agones/outputs.tf   |    24 -
 modules/kubernetes-addons/agones/values.yaml  |    15 -
 modules/kubernetes-addons/agones/variables.tf |    31 -
 modules/kubernetes-addons/agones/versions.tf  |    14 -
 modules/kubernetes-addons/airflow/README.md   |    43 -
 modules/kubernetes-addons/airflow/main.tf     |    27 -
 modules/kubernetes-addons/airflow/outputs.tf  |    19 -
 modules/kubernetes-addons/airflow/values.yaml |    31 -
 .../kubernetes-addons/airflow/variables.tf    |    22 -
 modules/kubernetes-addons/airflow/versions.tf |    14 -
 modules/kubernetes-addons/app-2048/README.md  |     3 -
 modules/kubernetes-addons/app-2048/main.tf    |   102 -
 modules/kubernetes-addons/app-2048/outputs.tf |     0
 .../kubernetes-addons/app-2048/variables.tf   |     0
 .../kubernetes-addons/app-2048/versions.tf    |    10 -
 .../appmesh-controller/README.md              |    48 -
 .../appmesh-controller/data.tf                |   115 -
 .../appmesh-controller/main.tf                |    53 -
 .../appmesh-controller/outputs.tf             |    19 -
 .../appmesh-controller/variables.tf           |    34 -
 .../appmesh-controller/versions.tf            |    10 -
 .../kubernetes-addons/argo-rollouts/README.md |    52 -
 .../kubernetes-addons/argo-rollouts/locals.tf |    22 -
 .../kubernetes-addons/argo-rollouts/main.tf   |    16 -
 .../argo-rollouts/outputs.tf                  |    24 -
 .../argo-rollouts/variables.tf                |    26 -
 .../argo-rollouts/versions.tf                 |    10 -
 .../argo-workflows/README.md                  |    51 -
 .../kubernetes-addons/argo-workflows/main.tf  |    34 -
 .../argo-workflows/outputs.tf                 |    24 -
 .../argo-workflows/variables.tf               |    28 -
 .../argo-workflows/versions.tf                |    14 -
 modules/kubernetes-addons/argocd/README.md    |    63 -
 .../argocd/argocd-application/helm/Chart.yaml |     6 -
 .../helm/templates/application.yaml           |    39 -
 .../argocd-application/helm/values.yaml       |    31 -
 .../kubectl/application.yaml.tftpl            |    37 -
 modules/kubernetes-addons/argocd/data.tf      |    13 -
 modules/kubernetes-addons/argocd/locals.tf    |    41 -
 modules/kubernetes-addons/argocd/main.tf      |   137 -
 modules/kubernetes-addons/argocd/outputs.tf   |    19 -
 modules/kubernetes-addons/argocd/values.yaml  |    20 -
 modules/kubernetes-addons/argocd/variables.tf |    32 -
 modules/kubernetes-addons/argocd/versions.tf  |    22 -
 .../aws-cloudwatch-metrics/README.md          |    47 -
 .../aws-cloudwatch-metrics/locals.tf          |    50 -
 .../aws-cloudwatch-metrics/main.tf            |     8 -
 .../aws-cloudwatch-metrics/outputs.tf         |    24 -
 .../aws-cloudwatch-metrics/values.yaml        |     1 -
 .../aws-cloudwatch-metrics/variables.tf       |    34 -
 .../aws-cloudwatch-metrics/versions.tf        |    18 -
 .../kubernetes-addons/aws-coredns/README.md   |   117 -
 modules/kubernetes-addons/aws-coredns/main.tf |   206 -
 .../kubernetes-addons/aws-coredns/outputs.tf  |    19 -
 .../aws-coredns/variables.tf                  |    62 -
 .../kubernetes-addons/aws-coredns/versions.tf |    18 -
 .../aws-ebs-csi-driver/README.md              |    85 -
 .../aws-ebs-csi-driver/data.tf                |   160 -
 .../aws-ebs-csi-driver/main.tf                |   105 -
 .../aws-ebs-csi-driver/outputs.tf             |    19 -
 .../aws-ebs-csi-driver/variables.tf           |    40 -
 .../aws-ebs-csi-driver/versions.tf            |    10 -
 .../aws-efs-csi-driver/README.md              |    48 -
 .../aws-efs-csi-driver/data.tf                |    95 -
 .../aws-efs-csi-driver/main.tf                |    60 -
 .../aws-efs-csi-driver/outputs.tf             |    27 -
 .../aws-efs-csi-driver/variables.tf           |    34 -
 .../aws-efs-csi-driver/versions.tf            |    10 -
 .../aws-for-fluentbit/README.md               |    64 -
 .../aws-for-fluentbit/data.tf                 |    65 -
 .../aws-for-fluentbit/locals.tf               |    53 -
 .../aws-for-fluentbit/main.tf                 |    32 -
 .../aws-for-fluentbit/outputs.tf              |    34 -
 .../aws-for-fluentbit/values.yaml             |     8 -
 .../aws-for-fluentbit/variables.tf            |    58 -
 .../aws-for-fluentbit/versions.tf             |    10 -
 .../aws-fsx-csi-driver/README.md              |    48 -
 .../aws-fsx-csi-driver/data.tf                |    59 -
 .../aws-fsx-csi-driver/locals.tf              |    51 -
 .../aws-fsx-csi-driver/main.tf                |    21 -
 .../aws-fsx-csi-driver/outputs.tf             |    24 -
 .../aws-fsx-csi-driver/variables.tf           |    34 -
 .../aws-fsx-csi-driver/versions.tf            |    10 -
 .../aws-kube-proxy/README.md                  |    41 -
 .../kubernetes-addons/aws-kube-proxy/main.tf  |    24 -
 .../aws-kube-proxy/outputs.tf                 |     0
 .../aws-kube-proxy/variables.tf               |    20 -
 .../aws-kube-proxy/versions.tf                |    10 -
 .../aws-load-balancer-controller/README.md    |   115 -
 .../aws-load-balancer-controller/data.tf      |   313 -
 .../aws-load-balancer-controller/locals.tf    |    54 -
 .../aws-load-balancer-controller/main.tf      |    15 -
 .../aws-load-balancer-controller/outputs.tf   |    34 -
 .../aws-load-balancer-controller/values.yaml  |     4 -
 .../aws-load-balancer-controller/variables.tf |    29 -
 .../aws-load-balancer-controller/versions.tf  |    10 -
 .../aws-node-termination-handler/README.md    |    61 -
 .../aws-node-termination-handler/data.tf      |    43 -
 .../aws-node-termination-handler/locals.tf    |    88 -
 .../aws-node-termination-handler/main.tf      |    65 -
 .../aws-node-termination-handler/outputs.tf   |    24 -
 .../aws-node-termination-handler/values.yaml  |     5 -
 .../aws-node-termination-handler/variables.tf |    39 -
 .../aws-node-termination-handler/versions.tf  |    10 -
 .../aws-privateca-issuer/README.md            |    57 -
 .../aws-privateca-issuer/data.tf              |    11 -
 .../aws-privateca-issuer/locals.tf            |    44 -
 .../aws-privateca-issuer/main.tf              |    15 -
 .../aws-privateca-issuer/outputs.tf           |    24 -
 .../aws-privateca-issuer/variables.tf         |    39 -
 .../aws-privateca-issuer/versions.tf          |    10 -
 .../kubernetes-addons/aws-vpc-cni/README.md   |    49 -
 modules/kubernetes-addons/aws-vpc-cni/main.tf |    82 -
 .../kubernetes-addons/aws-vpc-cni/outputs.tf  |     9 -
 .../aws-vpc-cni/variables.tf                  |    28 -
 .../kubernetes-addons/aws-vpc-cni/versions.tf |    10 -
 modules/kubernetes-addons/calico/README.md    |    44 -
 modules/kubernetes-addons/calico/main.tf      |    25 -
 modules/kubernetes-addons/calico/outputs.tf   |    24 -
 modules/kubernetes-addons/calico/variables.tf |    28 -
 modules/kubernetes-addons/calico/versions.tf  |     3 -
 .../cert-manager-csi-driver/README.md         |    39 -
 .../cert-manager-csi-driver/main.tf           |    19 -
 .../cert-manager-csi-driver/outputs.tf        |    24 -
 .../cert-manager-csi-driver/variables.tf      |    28 -
 .../cert-manager-csi-driver/versions.tf       |     3 -
 .../cert-manager-istio-csr/README.md          |    45 -
 .../cert-manager-istio-csr/main.tf            |    17 -
 .../cert-manager-istio-csr/outputs.tf         |    24 -
 .../cert-manager-istio-csr/variables.tf       |    28 -
 .../cert-manager-istio-csr/versions.tf        |     3 -
 .../kubernetes-addons/cert-manager/README.md  |    74 -
 .../cert-manager/cert-manager-ca/Chart.yaml   |     6 -
 .../templates/certificate.yaml                |    21 -
 .../templates/clusterissuers.yaml             |    14 -
 .../cert-manager/cert-manager-ca/values.yaml  |    13 -
 .../cert-manager-letsencrypt/Chart.yaml       |     6 -
 .../templates/clusterissuer-production.yaml   |    27 -
 .../templates/clusterissuer-staging.yaml      |    27 -
 .../cert-manager-letsencrypt/values.yaml      |     6 -
 .../kubernetes-addons/cert-manager/data.tf    |    32 -
 .../kubernetes-addons/cert-manager/locals.tf  |    51 -
 .../kubernetes-addons/cert-manager/main.tf    |    48 -
 .../kubernetes-addons/cert-manager/outputs.tf |    29 -
 .../cert-manager/values.yaml                  |     4 -
 .../cert-manager/variables.tf                 |    58 -
 .../cert-manager/versions.tf                  |    14 -
 .../kubernetes-addons/chaos-mesh/README.md    |    44 -
 modules/kubernetes-addons/chaos-mesh/main.tf  |    20 -
 .../kubernetes-addons/chaos-mesh/outputs.tf   |    24 -
 .../kubernetes-addons/chaos-mesh/variables.tf |    26 -
 .../kubernetes-addons/chaos-mesh/versions.tf  |     3 -
 modules/kubernetes-addons/cilium/README.md    |    44 -
 modules/kubernetes-addons/cilium/main.tf      |    35 -
 modules/kubernetes-addons/cilium/outputs.tf   |    19 -
 modules/kubernetes-addons/cilium/variables.tf |    32 -
 modules/kubernetes-addons/cilium/versions.tf  |     3 -
 .../cluster-autoscaler/README.md              |    47 -
 .../cluster-autoscaler/data.tf                |    65 -
 .../cluster-autoscaler/main.tf                |    58 -
 .../cluster-autoscaler/outputs.tf             |    22 -
 .../cluster-autoscaler/values.yaml            |    17 -
 .../cluster-autoscaler/variables.tf           |    33 -
 .../cluster-autoscaler/versions.tf            |    10 -
 .../cluster-proportional-autoscaler/README.md |    45 -
 .../cluster-proportional-autoscaler/main.tf   |    22 -
 .../outputs.tf                                |    24 -
 .../values.yaml                               |    39 -
 .../variables.tf                              |    26 -
 .../versions.tf                               |     3 -
 modules/kubernetes-addons/consul/README.md    |    39 -
 modules/kubernetes-addons/consul/locals.tf    |    20 -
 modules/kubernetes-addons/consul/main.tf      |     6 -
 modules/kubernetes-addons/consul/outputs.tf   |     4 -
 modules/kubernetes-addons/consul/values.yaml  |     5 -
 modules/kubernetes-addons/consul/variables.tf |    28 -
 modules/kubernetes-addons/consul/versions.tf  |     3 -
 .../kubernetes-addons/crossplane/README.md    |   110 -
 .../aws-provider/aws-controller-config.yaml   |    12 -
 .../aws-provider/aws-provider-config.yaml     |     8 -
 .../crossplane/aws-provider/aws-provider.yaml |     9 -
 .../jet-aws-controller-config.yaml            |    12 -
 .../aws-provider/jet-aws-provider-config.yaml |     8 -
 .../aws-provider/jet-aws-provider.yaml        |     9 -
 .../upbound-aws-controller-config.yaml        |    13 -
 .../upbound-aws-provider-config.yaml          |     9 -
 .../aws-provider/upbound-aws-provider.yaml    |    10 -
 modules/kubernetes-addons/crossplane/data.tf  |    24 -
 .../helm-provider/helm-controller-config.yaml |     6 -
 .../helm-provider-clusterrolebinding.yaml     |    12 -
 .../helm-provider/helm-provider-config.yaml   |     9 -
 .../helm-provider/helm-provider.yaml          |     9 -
 ...ernetes-controller-clusterrolebinding.yaml |    12 -
 .../kubernetes-controller-config.yaml         |     6 -
 .../kubernetes-provider-config.yaml           |     8 -
 .../kubernetes-provider.yaml                  |     9 -
 .../kubernetes-addons/crossplane/locals.tf    |    66 -
 modules/kubernetes-addons/crossplane/main.tf  |   311 -
 .../kubernetes-addons/crossplane/outputs.tf   |    19 -
 .../kubernetes-addons/crossplane/variables.tf |    51 -
 .../kubernetes-addons/crossplane/versions.tf  |    22 -
 .../csi-secrets-store-provider-aws/README.md  |    50 -
 .../csi-secrets-store-provider-aws/main.tf    |    25 -
 .../csi-secrets-store-provider-aws/outputs.tf |    24 -
 .../variables.tf                              |    28 -
 .../versions.tf                               |    10 -
 modules/kubernetes-addons/data.tf             |    17 -
 .../datadog-operator/README.md                |    47 -
 .../datadog-operator/main.tf                  |    24 -
 .../datadog-operator/outputs.tf               |    24 -
 .../datadog-operator/variables.tf             |    26 -
 .../datadog-operator/versions.tf              |     3 -
 .../kubernetes-addons/emr-on-eks/README.md    |    83 -
 modules/kubernetes-addons/emr-on-eks/main.tf  |   255 -
 .../kubernetes-addons/emr-on-eks/outputs.tf   |    46 -
 .../kubernetes-addons/emr-on-eks/variables.tf |   127 -
 .../kubernetes-addons/emr-on-eks/versions.tf  |    14 -
 .../kubernetes-addons/external-dns/README.md  |    58 -
 .../kubernetes-addons/external-dns/data.tf    |    19 -
 .../kubernetes-addons/external-dns/main.tf    |    80 -
 .../kubernetes-addons/external-dns/outputs.tf |    24 -
 .../external-dns/variables.tf                 |    51 -
 .../external-dns/versions.tf                  |    10 -
 .../external-secrets/README.md                |    52 -
 .../external-secrets/data.tf                  |    22 -
 .../external-secrets/locals.tf                |    58 -
 .../external-secrets/main.tf                  |    15 -
 .../external-secrets/outputs.tf               |    24 -
 .../external-secrets/variables.tf             |    46 -
 .../external-secrets/versions.tf              |    10 -
 .../fargate-fluentbit/README.md               |    98 -
 .../fargate-fluentbit/locals.tf               |    42 -
 .../fargate-fluentbit/main.tf                 |    27 -
 .../fargate-fluentbit/outputs.tf              |     0
 .../fargate-fluentbit/variables.tf            |    20 -
 .../fargate-fluentbit/versions.tf             |    10 -
 .../kubernetes-addons/gatekeeper/README.md    |    45 -
 modules/kubernetes-addons/gatekeeper/main.tf  |    32 -
 .../kubernetes-addons/gatekeeper/outputs.tf   |    24 -
 .../kubernetes-addons/gatekeeper/variables.tf |    28 -
 .../kubernetes-addons/gatekeeper/versions.tf  |     3 -
 modules/kubernetes-addons/grafana/README.md   |    50 -
 modules/kubernetes-addons/grafana/data.tf     |    87 -
 modules/kubernetes-addons/grafana/locals.tf   |    49 -
 modules/kubernetes-addons/grafana/main.tf     |    15 -
 modules/kubernetes-addons/grafana/outputs.tf  |    24 -
 modules/kubernetes-addons/grafana/values.yaml |    59 -
 .../kubernetes-addons/grafana/variables.tf    |    34 -
 modules/kubernetes-addons/grafana/versions.tf |    10 -
 .../kubernetes-addons/helm-addon/README.md    |    57 -
 modules/kubernetes-addons/helm-addon/main.tf  |    81 -
 .../kubernetes-addons/helm-addon/outputs.tf   |    24 -
 .../kubernetes-addons/helm-addon/variables.tf |    39 -
 .../kubernetes-addons/helm-addon/versions.tf  |    10 -
 .../kubernetes-addons/ingress-nginx/README.md |    51 -
 .../kubernetes-addons/ingress-nginx/main.tf   |    31 -
 .../ingress-nginx/outputs.tf                  |    24 -
 .../ingress-nginx/variables.tf                |    26 -
 .../ingress-nginx/versions.tf                 |    10 -
 modules/kubernetes-addons/karpenter/README.md |    69 -
 modules/kubernetes-addons/karpenter/data.tf   |   117 -
 modules/kubernetes-addons/karpenter/locals.tf |    97 -
 modules/kubernetes-addons/karpenter/main.tf   |    55 -
 .../kubernetes-addons/karpenter/outputs.tf    |    44 -
 .../kubernetes-addons/karpenter/variables.tf  |    81 -
 .../kubernetes-addons/karpenter/versions.tf   |    10 -
 modules/kubernetes-addons/keda/README.md      |    64 -
 modules/kubernetes-addons/keda/data.tf        |    43 -
 modules/kubernetes-addons/keda/locals.tf      |    42 -
 modules/kubernetes-addons/keda/main.tf        |    16 -
 modules/kubernetes-addons/keda/outputs.tf     |    24 -
 modules/kubernetes-addons/keda/values.yaml    |    10 -
 modules/kubernetes-addons/keda/variables.tf   |    34 -
 modules/kubernetes-addons/keda/versions.tf    |    10 -
 .../kube-prometheus-stack/README.md           |     7 -
 .../kube-prometheus-stack/main.tf             |    36 -
 .../kube-prometheus-stack/outputs.tf          |    24 -
 .../kube-prometheus-stack/values.yaml         |    29 -
 .../kube-prometheus-stack/variables.tf        |    28 -
 .../kube-prometheus-stack/versions.tf         |    10 -
 .../kube-state-metrics/README.md              |    41 -
 .../kube-state-metrics/main.tf                |    24 -
 .../kube-state-metrics/outputs.tf             |    24 -
 .../kube-state-metrics/variables.tf           |    26 -
 .../kube-state-metrics/versions.tf            |     3 -
 modules/kubernetes-addons/kubecost/README.md  |    44 -
 modules/kubernetes-addons/kubecost/main.tf    |    21 -
 modules/kubernetes-addons/kubecost/outputs.tf |    24 -
 .../kubernetes-addons/kubecost/values.yaml    |    31 -
 .../kubernetes-addons/kubecost/variables.tf   |    28 -
 .../kubernetes-addons/kubecost/versions.tf    |     3 -
 .../kuberay-operator/README.md                |    46 -
 .../kuberay-operator-config/Chart.yaml        |     7 -
 .../kuberay-operator-config/README.md         |    46 -
 .../crds/ray.io_rayclusters.yaml              | 11026 ---------------
 .../crds/ray.io_rayjobs.yaml                  | 11723 ---------------
 .../crds/ray.io_rayservices.yaml              | 11755 ----------------
 .../templates/_helpers.tpl                    |    56 -
 .../templates/deployment.yaml                 |    68 -
 .../templates/leader-role.yaml                |    35 -
 .../templates/leader-rolebinding.yaml         |    16 -
 .../templates/role.yaml                       |   236 -
 .../templates/rolebinding.yaml                |    16 -
 .../templates/service.yaml                    |    16 -
 .../templates/serviceaccount.yaml             |     8 -
 .../kuberay-operator-config/values.yaml       |    57 -
 .../kuberay-operator/main.tf                  |    28 -
 .../kuberay-operator/outputs.tf               |    19 -
 .../kuberay-operator/variables.tf             |    22 -
 .../kuberay-operator/versions.tf              |    10 -
 .../kubernetes-dashboard/README.md            |    52 -
 .../kubernetes-dashboard/locals.tf            |    22 -
 .../kubernetes-dashboard/main.tf              |    20 -
 .../kubernetes-dashboard/outputs.tf           |    24 -
 .../kubernetes-dashboard/variables.tf         |    26 -
 .../kubernetes-dashboard/versions.tf          |    10 -
 modules/kubernetes-addons/kyverno/README.md   |    53 -
 modules/kubernetes-addons/kyverno/main.tf     |    75 -
 modules/kubernetes-addons/kyverno/outputs.tf  |    19 -
 .../kubernetes-addons/kyverno/variables.tf    |    50 -
 modules/kubernetes-addons/kyverno/versions.tf |     3 -
 .../local-volume-provisioner/README.md        |    41 -
 .../local-static-provisioner/Chart.yaml       |    16 -
 .../templates/NOTES.txt                       |     1 -
 .../templates/_helpers.tpl                    |    42 -
 .../templates/configmap.yaml                  |    59 -
 .../templates/daemonset_linux.yaml            |   113 -
 .../templates/daemonset_windows.yaml          |   143 -
 .../templates/psp.yaml                        |    38 -
 .../templates/rbac.yaml                       |   125 -
 .../templates/serviceaccount.yaml             |    12 -
 .../templates/servicemonitor.yaml             |    53 -
 .../templates/storageclass.yaml               |    27 -
 .../local-static-provisioner/values.yaml      |   195 -
 .../local-volume-provisioner/locals.tf        |    15 -
 .../local-volume-provisioner/main.tf          |     5 -
 .../local-volume-provisioner/outputs.tf       |    19 -
 .../local-volume-provisioner/variables.tf     |    20 -
 .../local-volume-provisioner/versions.tf      |     3 -
 modules/kubernetes-addons/locals.tf           |   110 -
 modules/kubernetes-addons/main.tf             |   817 --
 .../metrics-server/README.md                  |    46 -
 .../metrics-server/locals.tf                  |    22 -
 .../kubernetes-addons/metrics-server/main.tf  |    17 -
 .../metrics-server/outputs.tf                 |    24 -
 .../metrics-server/variables.tf               |    26 -
 .../metrics-server/versions.tf                |    10 -
 .../nvidia-device-plugin/README.md            |    49 -
 .../nvidia-device-plugin/locals.tf            |    23 -
 .../nvidia-device-plugin/main.tf              |     6 -
 .../nvidia-device-plugin/outputs.tf           |    24 -
 .../nvidia-device-plugin/variables.tf         |    28 -
 .../nvidia-device-plugin/versions.tf          |     3 -
 modules/kubernetes-addons/ondat/README.md     |    79 -
 modules/kubernetes-addons/ondat/main.tf       |   179 -
 modules/kubernetes-addons/ondat/outputs.tf    |     4 -
 modules/kubernetes-addons/ondat/values.yaml   |    25 -
 modules/kubernetes-addons/ondat/variables.tf  |    72 -
 modules/kubernetes-addons/ondat/versions.tf   |    10 -
 .../opentelemetry-operator/README.md          |    77 -
 .../opentelemetry-operator/locals.tf          |    24 -
 .../opentelemetry-operator/main.tf            |   318 -
 .../opentelemetry-operator/outputs.tf         |    19 -
 .../opentelemetry-operator/variables.tf       |    40 -
 .../opentelemetry-operator/versions.tf        |    14 -
 modules/kubernetes-addons/outputs.tf          |   319 -
 .../kubernetes-addons/prometheus/README.md    |    94 -
 modules/kubernetes-addons/prometheus/data.tf  |    41 -
 modules/kubernetes-addons/prometheus/main.tf  |   130 -
 .../kubernetes-addons/prometheus/outputs.tf   |    27 -
 .../kubernetes-addons/prometheus/values.yaml  |    57 -
 .../kubernetes-addons/prometheus/variables.tf |    40 -
 .../kubernetes-addons/prometheus/versions.tf  |    14 -
 modules/kubernetes-addons/promtail/README.md  |    44 -
 modules/kubernetes-addons/promtail/main.tf    |    20 -
 modules/kubernetes-addons/promtail/outputs.tf |    24 -
 .../kubernetes-addons/promtail/variables.tf   |    28 -
 .../kubernetes-addons/promtail/versions.tf    |     3 -
 modules/kubernetes-addons/reloader/README.md  |    43 -
 modules/kubernetes-addons/reloader/main.tf    |    29 -
 modules/kubernetes-addons/reloader/outputs.tf |    24 -
 .../kubernetes-addons/reloader/variables.tf   |    28 -
 .../kubernetes-addons/reloader/versions.tf    |     3 -
 .../secrets-store-csi-driver/README.md        |    54 -
 .../secrets-store-csi-driver/locals.tf        |    22 -
 .../secrets-store-csi-driver/main.tf          |    18 -
 .../secrets-store-csi-driver/outputs.tf       |    24 -
 .../secrets-store-csi-driver/variables.tf     |    28 -
 .../secrets-store-csi-driver/versions.tf      |    10 -
 .../smb-csi-driver/README.md                  |    44 -
 .../kubernetes-addons/smb-csi-driver/main.tf  |    19 -
 .../smb-csi-driver/outputs.tf                 |    24 -
 .../smb-csi-driver/variables.tf               |    26 -
 .../smb-csi-driver/versions.tf                |     3 -
 .../spark-history-server/README.md            |    45 -
 .../spark-history-server/locals.tf            |    46 -
 .../spark-history-server/main.tf              |     8 -
 .../spark-history-server/outputs.tf           |    24 -
 .../spark-history-server/values.yaml          |     5 -
 .../spark-history-server/variables.tf         |    38 -
 .../spark-history-server/versions.tf          |     3 -
 .../spark-k8s-operator/README.md              |    49 -
 .../spark-k8s-operator/main.tf                |    32 -
 .../spark-k8s-operator/outputs.tf             |    24 -
 .../spark-k8s-operator/variables.tf           |    26 -
 .../spark-k8s-operator/versions.tf            |    10 -
 .../strimzi-kafka-operator/README.md          |    42 -
 .../strimzi-kafka-operator/main.tf            |    24 -
 .../strimzi-kafka-operator/outputs.tf         |    24 -
 .../strimzi-kafka-operator/values.yaml        |     9 -
 .../strimzi-kafka-operator/variables.tf       |    28 -
 .../strimzi-kafka-operator/versions.tf        |     3 -
 .../kubernetes-addons/tetrate-istio/README.md |    57 -
 .../kubernetes-addons/tetrate-istio/locals.tf |    71 -
 .../tetrate-istio/locals_tid.tf               |    20 -
 .../kubernetes-addons/tetrate-istio/main.tf   |    45 -
 .../tetrate-istio/outputs.tf                  |     4 -
 .../tetrate-istio/variables.tf                |    70 -
 .../tetrate-istio/versions.tf                 |     3 -
 modules/kubernetes-addons/thanos/README.md    |     5 -
 modules/kubernetes-addons/thanos/locals.tf    |    41 -
 modules/kubernetes-addons/thanos/main.tf      |    16 -
 modules/kubernetes-addons/thanos/outputs.tf   |    24 -
 modules/kubernetes-addons/thanos/variables.tf |    34 -
 modules/kubernetes-addons/thanos/versions.tf  |    10 -
 modules/kubernetes-addons/traefik/README.md   |    50 -
 modules/kubernetes-addons/traefik/main.tf     |    33 -
 modules/kubernetes-addons/traefik/outputs.tf  |    24 -
 .../kubernetes-addons/traefik/variables.tf    |    26 -
 modules/kubernetes-addons/traefik/versions.tf |    10 -
 modules/kubernetes-addons/variables.tf        |  1485 --
 modules/kubernetes-addons/velero/README.md    |   183 -
 modules/kubernetes-addons/velero/data.tf      |    41 -
 modules/kubernetes-addons/velero/main.tf      |    64 -
 modules/kubernetes-addons/velero/outputs.tf   |    24 -
 modules/kubernetes-addons/velero/values.yaml  |    17 -
 modules/kubernetes-addons/velero/variables.tf |    40 -
 modules/kubernetes-addons/velero/versions.tf  |    10 -
 modules/kubernetes-addons/versions.tf         |    14 -
 modules/kubernetes-addons/vpa/README.md       |    55 -
 modules/kubernetes-addons/vpa/main.tf         |    32 -
 modules/kubernetes-addons/vpa/outputs.tf      |    24 -
 modules/kubernetes-addons/vpa/variables.tf    |    26 -
 modules/kubernetes-addons/vpa/versions.tf     |    10 -
 modules/kubernetes-addons/yunikorn/README.md  |    54 -
 modules/kubernetes-addons/yunikorn/locals.tf  |    23 -
 modules/kubernetes-addons/yunikorn/main.tf    |    16 -
 modules/kubernetes-addons/yunikorn/outputs.tf |    24 -
 .../kubernetes-addons/yunikorn/values.yaml    |    11 -
 .../kubernetes-addons/yunikorn/variables.tf   |    28 -
 .../kubernetes-addons/yunikorn/versions.tf    |    10 -
 modules/launch-templates/README.md            |   138 -
 modules/launch-templates/main.tf              |   123 -
 modules/launch-templates/outputs.tf           |    29 -
 .../templates/userdata-amazonlinux2eks.tpl    |    44 -
 .../templates/userdata-bottlerocket.tpl       |     6 -
 .../templates/userdata-windows.tpl            |    28 -
 modules/launch-templates/variables.tf         |    15 -
 modules/launch-templates/versions.tf          |    10 -
 outputs.tf                                    |   203 -
 variables.tf                                  |   436 -
 versions.tf                                   |    34 -
 581 files changed, 558 insertions(+), 60303 deletions(-)
 delete mode 100644 aws-auth-configmap.tf
 delete mode 100644 data.tf
 delete mode 100644 docs/extensibility.md
 delete mode 100644 eks-worker.tf
 delete mode 100644 examples/do-not-use/docs/aws-fsx-csi-driver.md
 delete mode 100644 examples/eks-efa/.gitignore
 delete mode 100644 examples/eks-efa/README.md
 delete mode 100644 examples/eks-efa/main.tf
 delete mode 100644 examples/eks-efa/outputs.tf
 delete mode 100644 examples/eks-efa/providers.tf
 delete mode 100644 examples/eks-efa/variables.tf
 create mode 100644 examples/elastic-fabric-adapter/README.md
 create mode 100644 examples/elastic-fabric-adapter/main.tf
 create mode 100644 examples/elastic-fabric-adapter/outputs.tf
 create mode 100644 examples/elastic-fabric-adapter/variables.tf
 create mode 100644 examples/elastic-fabric-adapter/versions.tf
 delete mode 100644 locals.tf
 delete mode 100644 main.tf
 delete mode 100644 modules/aws-eks-fargate-profiles/README.md
 delete mode 100644 modules/aws-eks-fargate-profiles/main.tf
 delete mode 100644 modules/aws-eks-fargate-profiles/outputs.tf
 delete mode 100644 modules/aws-eks-fargate-profiles/variables.tf
 delete mode 100644 modules/aws-eks-fargate-profiles/versions.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/README.md
 delete mode 100644 modules/aws-eks-managed-node-groups/data.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/iam.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/locals.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/main.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/managed-launch-templates.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/outputs.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/templates/userdata-amazonlinux2eks.tpl
 delete mode 100644 modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl
 delete mode 100644 modules/aws-eks-managed-node-groups/variables.tf
 delete mode 100644 modules/aws-eks-managed-node-groups/versions.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/README.md
 delete mode 100644 modules/aws-eks-self-managed-node-groups/data.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/iam.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/locals.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/main.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/outputs.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/variables.tf
 delete mode 100644 modules/aws-eks-self-managed-node-groups/versions.tf
 delete mode 100644 modules/aws-eks-teams/README.md
 delete mode 100644 modules/aws-eks-teams/data.tf
 delete mode 100644 modules/aws-eks-teams/locals.tf
 delete mode 100644 modules/aws-eks-teams/main.tf
 delete mode 100644 modules/aws-eks-teams/outputs.tf
 delete mode 100644 modules/aws-eks-teams/variables.tf
 delete mode 100644 modules/aws-eks-teams/versions.tf
 delete mode 100644 modules/aws-kms/README.md
 delete mode 100644 modules/aws-kms/main.tf
 delete mode 100644 modules/aws-kms/outputs.tf
 delete mode 100644 modules/aws-kms/variables.tf
 delete mode 100644 modules/aws-kms/versions.tf
 delete mode 100644 modules/emr-on-eks/README.md
 delete mode 100644 modules/emr-on-eks/data.tf
 delete mode 100644 modules/emr-on-eks/locals.tf
 delete mode 100644 modules/emr-on-eks/main.tf
 delete mode 100644 modules/emr-on-eks/outputs.tf
 delete mode 100644 modules/emr-on-eks/variables.tf
 delete mode 100644 modules/emr-on-eks/versions.tf
 delete mode 100644 modules/irsa/README.md
 delete mode 100644 modules/irsa/main.tf
 delete mode 100644 modules/irsa/outputs.tf
 delete mode 100644 modules/irsa/variables.tf
 delete mode 100644 modules/irsa/versions.tf
 delete mode 100644 modules/kubernetes-addons/README.md
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/README.md
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/main.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/otel-config/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrole.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/opentelemetrycollector.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/otel-config/values.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/outputs.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/variables.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-haproxy/versions.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/README.md
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/main.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/otel-config/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrole.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/otel-config/templates/opentelemetrycollector.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/otel-config/values.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/outputs.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/variables.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-java/versions.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/README.md
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/main.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/otel-config/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrole.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/opentelemetrycollector.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/otel-config/values.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/outputs.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/variables.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-memcached/versions.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/README.md
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/main.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/otel-config/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrole.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/opentelemetrycollector.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/otel-config/values.yaml
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/outputs.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/variables.tf
 delete mode 100644 modules/kubernetes-addons/adot-collector-nginx/versions.tf
 delete mode 100644 modules/kubernetes-addons/agones/README.md
 delete mode 100644 modules/kubernetes-addons/agones/data.tf
 delete mode 100644 modules/kubernetes-addons/agones/locals.tf
 delete mode 100644 modules/kubernetes-addons/agones/main.tf
 delete mode 100644 modules/kubernetes-addons/agones/outputs.tf
 delete mode 100644 modules/kubernetes-addons/agones/values.yaml
 delete mode 100644 modules/kubernetes-addons/agones/variables.tf
 delete mode 100644 modules/kubernetes-addons/agones/versions.tf
 delete mode 100644 modules/kubernetes-addons/airflow/README.md
 delete mode 100644 modules/kubernetes-addons/airflow/main.tf
 delete mode 100644 modules/kubernetes-addons/airflow/outputs.tf
 delete mode 100644 modules/kubernetes-addons/airflow/values.yaml
 delete mode 100644 modules/kubernetes-addons/airflow/variables.tf
 delete mode 100644 modules/kubernetes-addons/airflow/versions.tf
 delete mode 100644 modules/kubernetes-addons/app-2048/README.md
 delete mode 100644 modules/kubernetes-addons/app-2048/main.tf
 delete mode 100644 modules/kubernetes-addons/app-2048/outputs.tf
 delete mode 100644 modules/kubernetes-addons/app-2048/variables.tf
 delete mode 100644 modules/kubernetes-addons/app-2048/versions.tf
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/README.md
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/data.tf
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/main.tf
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/outputs.tf
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/variables.tf
 delete mode 100644 modules/kubernetes-addons/appmesh-controller/versions.tf
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/README.md
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/locals.tf
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/main.tf
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/outputs.tf
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/variables.tf
 delete mode 100644 modules/kubernetes-addons/argo-rollouts/versions.tf
 delete mode 100644 modules/kubernetes-addons/argo-workflows/README.md
 delete mode 100644 modules/kubernetes-addons/argo-workflows/main.tf
 delete mode 100644 modules/kubernetes-addons/argo-workflows/outputs.tf
 delete mode 100644 modules/kubernetes-addons/argo-workflows/variables.tf
 delete mode 100644 modules/kubernetes-addons/argo-workflows/versions.tf
 delete mode 100644 modules/kubernetes-addons/argocd/README.md
 delete mode 100644 modules/kubernetes-addons/argocd/argocd-application/helm/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/argocd/argocd-application/helm/templates/application.yaml
 delete mode 100644 modules/kubernetes-addons/argocd/argocd-application/helm/values.yaml
 delete mode 100644 modules/kubernetes-addons/argocd/argocd-application/kubectl/application.yaml.tftpl
 delete mode 100644 modules/kubernetes-addons/argocd/data.tf
 delete mode 100644 modules/kubernetes-addons/argocd/locals.tf
 delete mode 100644 modules/kubernetes-addons/argocd/main.tf
 delete mode 100644 modules/kubernetes-addons/argocd/outputs.tf
 delete mode 100644 modules/kubernetes-addons/argocd/values.yaml
 delete mode 100644 modules/kubernetes-addons/argocd/variables.tf
 delete mode 100644 modules/kubernetes-addons/argocd/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/README.md
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/values.yaml
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-cloudwatch-metrics/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-coredns/README.md
 delete mode 100644 modules/kubernetes-addons/aws-coredns/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-coredns/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-coredns/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-coredns/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-ebs-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-efs-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/README.md
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/values.yaml
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-for-fluentbit/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-fsx-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-kube-proxy/README.md
 delete mode 100644 modules/kubernetes-addons/aws-kube-proxy/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-kube-proxy/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-kube-proxy/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-kube-proxy/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/README.md
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/values.yaml
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-load-balancer-controller/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/README.md
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/values.yaml
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-node-termination-handler/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/README.md
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/data.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/locals.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-privateca-issuer/versions.tf
 delete mode 100644 modules/kubernetes-addons/aws-vpc-cni/README.md
 delete mode 100644 modules/kubernetes-addons/aws-vpc-cni/main.tf
 delete mode 100644 modules/kubernetes-addons/aws-vpc-cni/outputs.tf
 delete mode 100644 modules/kubernetes-addons/aws-vpc-cni/variables.tf
 delete mode 100644 modules/kubernetes-addons/aws-vpc-cni/versions.tf
 delete mode 100644 modules/kubernetes-addons/calico/README.md
 delete mode 100644 modules/kubernetes-addons/calico/main.tf
 delete mode 100644 modules/kubernetes-addons/calico/outputs.tf
 delete mode 100644 modules/kubernetes-addons/calico/variables.tf
 delete mode 100644 modules/kubernetes-addons/calico/versions.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/cert-manager-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-istio-csr/README.md
 delete mode 100644 modules/kubernetes-addons/cert-manager-istio-csr/main.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-istio-csr/variables.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager-istio-csr/versions.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/README.md
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-ca/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/certificate.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/clusterissuers.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-ca/values.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-production.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-staging.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/values.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/data.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/locals.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/main.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/values.yaml
 delete mode 100644 modules/kubernetes-addons/cert-manager/variables.tf
 delete mode 100644 modules/kubernetes-addons/cert-manager/versions.tf
 delete mode 100644 modules/kubernetes-addons/chaos-mesh/README.md
 delete mode 100644 modules/kubernetes-addons/chaos-mesh/main.tf
 delete mode 100644 modules/kubernetes-addons/chaos-mesh/outputs.tf
 delete mode 100644 modules/kubernetes-addons/chaos-mesh/variables.tf
 delete mode 100644 modules/kubernetes-addons/chaos-mesh/versions.tf
 delete mode 100644 modules/kubernetes-addons/cilium/README.md
 delete mode 100644 modules/kubernetes-addons/cilium/main.tf
 delete mode 100644 modules/kubernetes-addons/cilium/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cilium/variables.tf
 delete mode 100644 modules/kubernetes-addons/cilium/versions.tf
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/README.md
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/data.tf
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/main.tf
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/values.yaml
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/variables.tf
 delete mode 100644 modules/kubernetes-addons/cluster-autoscaler/versions.tf
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/variables.tf
 delete mode 100644 modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
 delete mode 100644 modules/kubernetes-addons/consul/README.md
 delete mode 100644 modules/kubernetes-addons/consul/locals.tf
 delete mode 100644 modules/kubernetes-addons/consul/main.tf
 delete mode 100644 modules/kubernetes-addons/consul/outputs.tf
 delete mode 100644 modules/kubernetes-addons/consul/values.yaml
 delete mode 100644 modules/kubernetes-addons/consul/variables.tf
 delete mode 100644 modules/kubernetes-addons/consul/versions.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/README.md
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/aws-controller-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/aws-provider-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/aws-provider.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/jet-aws-controller-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-controller-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/data.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/helm-provider/helm-controller-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/helm-provider/helm-provider-clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/helm-provider/helm-provider-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/helm-provider/helm-provider.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider-config.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider.yaml
 delete mode 100644 modules/kubernetes-addons/crossplane/locals.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/main.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/outputs.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/variables.tf
 delete mode 100644 modules/kubernetes-addons/crossplane/versions.tf
 delete mode 100644 modules/kubernetes-addons/csi-secrets-store-provider-aws/README.md
 delete mode 100644 modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf
 delete mode 100644 modules/kubernetes-addons/csi-secrets-store-provider-aws/outputs.tf
 delete mode 100644 modules/kubernetes-addons/csi-secrets-store-provider-aws/variables.tf
 delete mode 100644 modules/kubernetes-addons/csi-secrets-store-provider-aws/versions.tf
 delete mode 100644 modules/kubernetes-addons/data.tf
 delete mode 100644 modules/kubernetes-addons/datadog-operator/README.md
 delete mode 100644 modules/kubernetes-addons/datadog-operator/main.tf
 delete mode 100644 modules/kubernetes-addons/datadog-operator/outputs.tf
 delete mode 100644 modules/kubernetes-addons/datadog-operator/variables.tf
 delete mode 100644 modules/kubernetes-addons/datadog-operator/versions.tf
 delete mode 100644 modules/kubernetes-addons/emr-on-eks/README.md
 delete mode 100644 modules/kubernetes-addons/emr-on-eks/main.tf
 delete mode 100644 modules/kubernetes-addons/emr-on-eks/outputs.tf
 delete mode 100644 modules/kubernetes-addons/emr-on-eks/variables.tf
 delete mode 100644 modules/kubernetes-addons/emr-on-eks/versions.tf
 delete mode 100644 modules/kubernetes-addons/external-dns/README.md
 delete mode 100644 modules/kubernetes-addons/external-dns/data.tf
 delete mode 100644 modules/kubernetes-addons/external-dns/main.tf
 delete mode 100644 modules/kubernetes-addons/external-dns/outputs.tf
 delete mode 100644 modules/kubernetes-addons/external-dns/variables.tf
 delete mode 100644 modules/kubernetes-addons/external-dns/versions.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/README.md
 delete mode 100644 modules/kubernetes-addons/external-secrets/data.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/locals.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/main.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/outputs.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/variables.tf
 delete mode 100644 modules/kubernetes-addons/external-secrets/versions.tf
 delete mode 100644 modules/kubernetes-addons/fargate-fluentbit/README.md
 delete mode 100644 modules/kubernetes-addons/fargate-fluentbit/locals.tf
 delete mode 100755 modules/kubernetes-addons/fargate-fluentbit/main.tf
 delete mode 100644 modules/kubernetes-addons/fargate-fluentbit/outputs.tf
 delete mode 100644 modules/kubernetes-addons/fargate-fluentbit/variables.tf
 delete mode 100644 modules/kubernetes-addons/fargate-fluentbit/versions.tf
 delete mode 100644 modules/kubernetes-addons/gatekeeper/README.md
 delete mode 100644 modules/kubernetes-addons/gatekeeper/main.tf
 delete mode 100644 modules/kubernetes-addons/gatekeeper/outputs.tf
 delete mode 100644 modules/kubernetes-addons/gatekeeper/variables.tf
 delete mode 100644 modules/kubernetes-addons/gatekeeper/versions.tf
 delete mode 100644 modules/kubernetes-addons/grafana/README.md
 delete mode 100644 modules/kubernetes-addons/grafana/data.tf
 delete mode 100644 modules/kubernetes-addons/grafana/locals.tf
 delete mode 100644 modules/kubernetes-addons/grafana/main.tf
 delete mode 100644 modules/kubernetes-addons/grafana/outputs.tf
 delete mode 100644 modules/kubernetes-addons/grafana/values.yaml
 delete mode 100644 modules/kubernetes-addons/grafana/variables.tf
 delete mode 100644 modules/kubernetes-addons/grafana/versions.tf
 delete mode 100644 modules/kubernetes-addons/helm-addon/README.md
 delete mode 100644 modules/kubernetes-addons/helm-addon/main.tf
 delete mode 100644 modules/kubernetes-addons/helm-addon/outputs.tf
 delete mode 100644 modules/kubernetes-addons/helm-addon/variables.tf
 delete mode 100644 modules/kubernetes-addons/helm-addon/versions.tf
 delete mode 100644 modules/kubernetes-addons/ingress-nginx/README.md
 delete mode 100644 modules/kubernetes-addons/ingress-nginx/main.tf
 delete mode 100644 modules/kubernetes-addons/ingress-nginx/outputs.tf
 delete mode 100644 modules/kubernetes-addons/ingress-nginx/variables.tf
 delete mode 100644 modules/kubernetes-addons/ingress-nginx/versions.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/README.md
 delete mode 100644 modules/kubernetes-addons/karpenter/data.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/locals.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/main.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/outputs.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/variables.tf
 delete mode 100644 modules/kubernetes-addons/karpenter/versions.tf
 delete mode 100644 modules/kubernetes-addons/keda/README.md
 delete mode 100644 modules/kubernetes-addons/keda/data.tf
 delete mode 100644 modules/kubernetes-addons/keda/locals.tf
 delete mode 100644 modules/kubernetes-addons/keda/main.tf
 delete mode 100644 modules/kubernetes-addons/keda/outputs.tf
 delete mode 100644 modules/kubernetes-addons/keda/values.yaml
 delete mode 100644 modules/kubernetes-addons/keda/variables.tf
 delete mode 100644 modules/kubernetes-addons/keda/versions.tf
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/README.md
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/main.tf
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/values.yaml
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/variables.tf
 delete mode 100644 modules/kubernetes-addons/kube-prometheus-stack/versions.tf
 delete mode 100644 modules/kubernetes-addons/kube-state-metrics/README.md
 delete mode 100644 modules/kubernetes-addons/kube-state-metrics/main.tf
 delete mode 100644 modules/kubernetes-addons/kube-state-metrics/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kube-state-metrics/variables.tf
 delete mode 100644 modules/kubernetes-addons/kube-state-metrics/versions.tf
 delete mode 100644 modules/kubernetes-addons/kubecost/README.md
 delete mode 100644 modules/kubernetes-addons/kubecost/main.tf
 delete mode 100644 modules/kubernetes-addons/kubecost/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kubecost/values.yaml
 delete mode 100644 modules/kubernetes-addons/kubecost/variables.tf
 delete mode 100644 modules/kubernetes-addons/kubecost/versions.tf
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/README.md
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/README.md
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayclusters.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayjobs.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayservices.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/_helpers.tpl
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/deployment.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-role.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-rolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/role.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/rolebinding.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/service.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/serviceaccount.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/values.yaml
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/main.tf
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/variables.tf
 delete mode 100644 modules/kubernetes-addons/kuberay-operator/versions.tf
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/README.md
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/locals.tf
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/main.tf
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/variables.tf
 delete mode 100644 modules/kubernetes-addons/kubernetes-dashboard/versions.tf
 delete mode 100644 modules/kubernetes-addons/kyverno/README.md
 delete mode 100644 modules/kubernetes-addons/kyverno/main.tf
 delete mode 100644 modules/kubernetes-addons/kyverno/outputs.tf
 delete mode 100644 modules/kubernetes-addons/kyverno/variables.tf
 delete mode 100644 modules/kubernetes-addons/kyverno/versions.tf
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/README.md
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/Chart.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/NOTES.txt
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/_helpers.tpl
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/configmap.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_linux.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_windows.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/psp.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/rbac.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/serviceaccount.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/servicemonitor.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/storageclass.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/values.yaml
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/locals.tf
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/main.tf
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/outputs.tf
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/variables.tf
 delete mode 100644 modules/kubernetes-addons/local-volume-provisioner/versions.tf
 delete mode 100644 modules/kubernetes-addons/locals.tf
 delete mode 100644 modules/kubernetes-addons/main.tf
 delete mode 100644 modules/kubernetes-addons/metrics-server/README.md
 delete mode 100644 modules/kubernetes-addons/metrics-server/locals.tf
 delete mode 100644 modules/kubernetes-addons/metrics-server/main.tf
 delete mode 100644 modules/kubernetes-addons/metrics-server/outputs.tf
 delete mode 100644 modules/kubernetes-addons/metrics-server/variables.tf
 delete mode 100644 modules/kubernetes-addons/metrics-server/versions.tf
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/README.md
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/locals.tf
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/main.tf
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/outputs.tf
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/variables.tf
 delete mode 100644 modules/kubernetes-addons/nvidia-device-plugin/versions.tf
 delete mode 100644 modules/kubernetes-addons/ondat/README.md
 delete mode 100644 modules/kubernetes-addons/ondat/main.tf
 delete mode 100644 modules/kubernetes-addons/ondat/outputs.tf
 delete mode 100644 modules/kubernetes-addons/ondat/values.yaml
 delete mode 100644 modules/kubernetes-addons/ondat/variables.tf
 delete mode 100644 modules/kubernetes-addons/ondat/versions.tf
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/README.md
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/locals.tf
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/main.tf
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/outputs.tf
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/variables.tf
 delete mode 100644 modules/kubernetes-addons/opentelemetry-operator/versions.tf
 delete mode 100644 modules/kubernetes-addons/outputs.tf
 delete mode 100644 modules/kubernetes-addons/prometheus/README.md
 delete mode 100644 modules/kubernetes-addons/prometheus/data.tf
 delete mode 100644 modules/kubernetes-addons/prometheus/main.tf
 delete mode 100644 modules/kubernetes-addons/prometheus/outputs.tf
 delete mode 100644 modules/kubernetes-addons/prometheus/values.yaml
 delete mode 100644 modules/kubernetes-addons/prometheus/variables.tf
 delete mode 100644 modules/kubernetes-addons/prometheus/versions.tf
 delete mode 100644 modules/kubernetes-addons/promtail/README.md
 delete mode 100644 modules/kubernetes-addons/promtail/main.tf
 delete mode 100644 modules/kubernetes-addons/promtail/outputs.tf
 delete mode 100644 modules/kubernetes-addons/promtail/variables.tf
 delete mode 100644 modules/kubernetes-addons/promtail/versions.tf
 delete mode 100644 modules/kubernetes-addons/reloader/README.md
 delete mode 100644 modules/kubernetes-addons/reloader/main.tf
 delete mode 100644 modules/kubernetes-addons/reloader/outputs.tf
 delete mode 100644 modules/kubernetes-addons/reloader/variables.tf
 delete mode 100644 modules/kubernetes-addons/reloader/versions.tf
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/locals.tf
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/secrets-store-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/smb-csi-driver/README.md
 delete mode 100644 modules/kubernetes-addons/smb-csi-driver/main.tf
 delete mode 100644 modules/kubernetes-addons/smb-csi-driver/outputs.tf
 delete mode 100644 modules/kubernetes-addons/smb-csi-driver/variables.tf
 delete mode 100644 modules/kubernetes-addons/smb-csi-driver/versions.tf
 delete mode 100644 modules/kubernetes-addons/spark-history-server/README.md
 delete mode 100644 modules/kubernetes-addons/spark-history-server/locals.tf
 delete mode 100644 modules/kubernetes-addons/spark-history-server/main.tf
 delete mode 100644 modules/kubernetes-addons/spark-history-server/outputs.tf
 delete mode 100644 modules/kubernetes-addons/spark-history-server/values.yaml
 delete mode 100644 modules/kubernetes-addons/spark-history-server/variables.tf
 delete mode 100644 modules/kubernetes-addons/spark-history-server/versions.tf
 delete mode 100644 modules/kubernetes-addons/spark-k8s-operator/README.md
 delete mode 100644 modules/kubernetes-addons/spark-k8s-operator/main.tf
 delete mode 100644 modules/kubernetes-addons/spark-k8s-operator/outputs.tf
 delete mode 100644 modules/kubernetes-addons/spark-k8s-operator/variables.tf
 delete mode 100644 modules/kubernetes-addons/spark-k8s-operator/versions.tf
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/README.md
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/main.tf
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/outputs.tf
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/values.yaml
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/variables.tf
 delete mode 100644 modules/kubernetes-addons/strimzi-kafka-operator/versions.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/README.md
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/locals.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/locals_tid.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/main.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/outputs.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/variables.tf
 delete mode 100644 modules/kubernetes-addons/tetrate-istio/versions.tf
 delete mode 100644 modules/kubernetes-addons/thanos/README.md
 delete mode 100644 modules/kubernetes-addons/thanos/locals.tf
 delete mode 100644 modules/kubernetes-addons/thanos/main.tf
 delete mode 100644 modules/kubernetes-addons/thanos/outputs.tf
 delete mode 100644 modules/kubernetes-addons/thanos/variables.tf
 delete mode 100644 modules/kubernetes-addons/thanos/versions.tf
 delete mode 100644 modules/kubernetes-addons/traefik/README.md
 delete mode 100644 modules/kubernetes-addons/traefik/main.tf
 delete mode 100644 modules/kubernetes-addons/traefik/outputs.tf
 delete mode 100644 modules/kubernetes-addons/traefik/variables.tf
 delete mode 100644 modules/kubernetes-addons/traefik/versions.tf
 delete mode 100644 modules/kubernetes-addons/variables.tf
 delete mode 100644 modules/kubernetes-addons/velero/README.md
 delete mode 100644 modules/kubernetes-addons/velero/data.tf
 delete mode 100644 modules/kubernetes-addons/velero/main.tf
 delete mode 100644 modules/kubernetes-addons/velero/outputs.tf
 delete mode 100644 modules/kubernetes-addons/velero/values.yaml
 delete mode 100644 modules/kubernetes-addons/velero/variables.tf
 delete mode 100644 modules/kubernetes-addons/velero/versions.tf
 delete mode 100644 modules/kubernetes-addons/versions.tf
 delete mode 100644 modules/kubernetes-addons/vpa/README.md
 delete mode 100644 modules/kubernetes-addons/vpa/main.tf
 delete mode 100644 modules/kubernetes-addons/vpa/outputs.tf
 delete mode 100644 modules/kubernetes-addons/vpa/variables.tf
 delete mode 100644 modules/kubernetes-addons/vpa/versions.tf
 delete mode 100644 modules/kubernetes-addons/yunikorn/README.md
 delete mode 100644 modules/kubernetes-addons/yunikorn/locals.tf
 delete mode 100644 modules/kubernetes-addons/yunikorn/main.tf
 delete mode 100644 modules/kubernetes-addons/yunikorn/outputs.tf
 delete mode 100644 modules/kubernetes-addons/yunikorn/values.yaml
 delete mode 100644 modules/kubernetes-addons/yunikorn/variables.tf
 delete mode 100644 modules/kubernetes-addons/yunikorn/versions.tf
 delete mode 100644 modules/launch-templates/README.md
 delete mode 100644 modules/launch-templates/main.tf
 delete mode 100644 modules/launch-templates/outputs.tf
 delete mode 100644 modules/launch-templates/templates/userdata-amazonlinux2eks.tpl
 delete mode 100644 modules/launch-templates/templates/userdata-bottlerocket.tpl
 delete mode 100644 modules/launch-templates/templates/userdata-windows.tpl
 delete mode 100644 modules/launch-templates/variables.tf
 delete mode 100644 modules/launch-templates/versions.tf
 delete mode 100644 outputs.tf
 delete mode 100644 variables.tf
 delete mode 100644 versions.tf

diff --git a/aws-auth-configmap.tf b/aws-auth-configmap.tf
deleted file mode 100644
index bd924e676b..0000000000
--- a/aws-auth-configmap.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-resource "kubernetes_config_map" "aws_auth" {
-  count = var.create_eks ? 1 : 0
-
-  metadata {
-    name      = "aws-auth"
-    namespace = "kube-system"
-    labels = merge(
-      {
-        "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints"
-        "app.kubernetes.io/created-by" = "terraform-aws-eks-blueprints"
-      },
-      var.aws_auth_additional_labels
-    )
-  }
-
-  data = {
-    mapRoles = yamlencode(
-      distinct(concat(
-        local.managed_node_group_aws_auth_config_map,
-        local.self_managed_node_group_aws_auth_config_map,
-        local.windows_node_group_aws_auth_config_map,
-        local.fargate_profiles_aws_auth_config_map,
-        local.emr_on_eks_config_map,
-        local.application_teams_config_map,
-        local.platform_teams_config_map,
-        var.map_roles,
-      ))
-    )
-    mapUsers    = yamlencode(var.map_users)
-    mapAccounts = yamlencode(var.map_accounts)
-  }
-
-  depends_on = [module.aws_eks.cluster_id, data.http.eks_cluster_readiness[0]]
-}
diff --git a/data.tf b/data.tf
deleted file mode 100644
index ef7a17bc74..0000000000
--- a/data.tf
+++ /dev/null
@@ -1,137 +0,0 @@
-data "aws_partition" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
-data "aws_eks_cluster" "cluster" {
-  count = var.create_eks ? 1 : 0
-  name  = module.aws_eks.cluster_id
-}
-
-data "http" "eks_cluster_readiness" {
-  count = var.create_eks ? 1 : 0
-
-  url            = join("/", [data.aws_eks_cluster.cluster[0].endpoint, "healthz"])
-  ca_certificate = base64decode(data.aws_eks_cluster.cluster[0].certificate_authority[0].data)
-  timeout        = var.eks_readiness_timeout
-}
-
-data "aws_iam_session_context" "current" {
-  arn = data.aws_caller_identity.current.arn
-}
-
-data "aws_iam_policy_document" "eks_key" {
-  statement {
-    sid    = "Allow access for all principals in the account that are authorized"
-    effect = "Allow"
-    actions = [
-      "kms:CreateGrant",
-      "kms:Decrypt",
-      "kms:DescribeKey",
-      "kms:Encrypt",
-      "kms:GenerateDataKey*",
-      "kms:ReEncrypt*",
-    ]
-    resources = ["*"]
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:root"
-      ]
-    }
-
-    condition {
-      test     = "StringEquals"
-      variable = "kms:CallerAccount"
-      values   = [local.context.aws_caller_identity_account_id]
-    }
-
-    condition {
-      test     = "StringEquals"
-      variable = "kms:ViaService"
-      values   = ["eks.${local.context.aws_region_name}.amazonaws.com"]
-    }
-  }
-
-  statement {
-    sid    = "Allow direct access to key metadata to the account"
-    effect = "Allow"
-    actions = [
-      "kms:Describe*",
-      "kms:Get*",
-      "kms:List*",
-      "kms:RevokeGrant",
-    ]
-    resources = ["*"]
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:root"
-      ]
-    }
-  }
-
-  statement {
-    sid    = "Allow access for Key Administrators"
-    effect = "Allow"
-    actions = [
-      "kms:*"
-    ]
-    resources = ["*"]
-
-    principals {
-      type = "AWS"
-      identifiers = concat(
-        var.cluster_kms_key_additional_admin_arns,
-        [data.aws_iam_session_context.current.issuer_arn]
-      )
-    }
-  }
-
-  statement {
-    sid    = "Allow use of the key"
-    effect = "Allow"
-    actions = [
-      "kms:Decrypt",
-      "kms:DescribeKey",
-      "kms:Encrypt",
-      "kms:GenerateDataKey*",
-      "kms:ReEncrypt*",
-    ]
-    resources = ["*"]
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        local.cluster_iam_role_pathed_arn
-      ]
-    }
-  }
-
-  # Permission to allow AWS services that are integrated with AWS KMS to use the CMK,
-  # particularly services that use grants.
-  statement {
-    sid    = "Allow attachment of persistent resources"
-    effect = "Allow"
-    actions = [
-      "kms:CreateGrant",
-      "kms:ListGrants",
-      "kms:RevokeGrant",
-    ]
-    resources = ["*"]
-
-    principals {
-      type = "AWS"
-      identifiers = [
-        local.cluster_iam_role_pathed_arn
-      ]
-    }
-
-    condition {
-      test     = "Bool"
-      variable = "kms:GrantIsForAWSResource"
-      values   = ["true"]
-    }
-  }
-}
diff --git a/docs/extensibility.md b/docs/extensibility.md
deleted file mode 100644
index 1e0b91a797..0000000000
--- a/docs/extensibility.md
+++ /dev/null
@@ -1,277 +0,0 @@
-# Extensibility
-
-This guide provides an overview of extensibility options focusing on add-on extensions as the primary mechanism for the partners and customers.
-
-## Overview
-
-EKS Blueprints framework is designed to be extensible. In the context of this guide, extensibility refers to the ability of customers and partners to both add new capabilities to the framework or platforms as well as customize existing behavior, including the ability to modify or override existing behavior.
-
-As of this writing, the primary means by which customers and partners can extend the EKS Blueprints for Terraform framework is by implementing new add-ons which could be leveraged exactly the same way as the core add-ons (supplied by the framework).
-
-### Add-on Extensions
-
-#### Helm Add-ons
-
-Helm add-ons are the most common case that generally combines provisioning of a helm chart as well as supporting infrastructure such as wiring of proper IAM policies for the Kubernetes service account, provisioning or configuring other AWS resources (VPC, subnets, node groups).
-
-In order to simplify the add-on creation, we have provided a helper module called [`helm-addon`](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/helm-addon/README.md) for convenience.
-
-#### Non-helm Add-ons
-
-Add-ons that don't leverage helm but require to install arbitrary Kubernetes manifests will not be able to leverage the benefits provided by the [`helm-addon`](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/helm-addon/README.md) however, they are still relatively easy to implement and would follow a similar pattern. Such addons should leverage the [kubectl provider](https://registry.terraform.io/providers/gavinbunney/kubectl).
-
-### Public Add-ons
-
-The life-cycle of a public add-on should be decoupled from the life-cycle of the core framework repository. When decoupled, extensions can be released at any arbitrary cadence specific to the extension, enabling better agility when it comes to new features or bug fixes. The owner of such public add-on is ultimately responsible for the quality and maintenance of the add-on.
-
-In order to enable this model the following workflow outline steps required to create and release a public add-on:
-
-1. Public add-on are created in a separate repository. Public GitHub repository is preferred as it aligns with the open-source spirit of the framework and enables external reviews/feedback.
-2. Add-ons are released and consumed as distinct public Terraform modules.
-3. Public add-ons are expected to have sufficient documentation to allow customers to consume them independently. Documentation can reside in GitHub or external resources referenced in the documentation bundled with the extension.
-4. Public add-ons are expected to be tested and validated against released EKS Blueprints versions, e.g. with a CI/CD pipeline or GitHub Actions.
-
-### Partner Add-ons
-
-Partner extensions (APN Partner) are expected to comply with the public extension workflow and additional items required to ensure proper validation and documentation support for a partner extension.
-
-We expect 2 PRs to be created for every Partner Add-On.
-
-1. A PR against the main [EKS Blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints) repository that contains the following:
-   1. Update [kubernetes-addons/main.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/main.tf) to add a module invocation of the remote terraform module for the add-on.
-   2. Documentation to update the [Add-Ons](./add-ons/index.md) section. Example of add-on documentation can be found here along with the list of other add-ons.
-2. A second PR against the [EKS Blueprints Add-Ons](https://github.com/aws-samples/eks-blueprints-add-ons) repository to create an ArgoCD application for your add-on. See example of other add-ons that shows what should be added. Add-ons that do not provide GitOps support are not expected to create this PR.
-
-### Private Add-ons
-
-There are two ways in which a customer can implement fully private add-ons:
-
-1. Add-ons specific to a customer instance of EKS Blueprints can be implemented inline with the blueprint in the same codebase. Such extensions are scoped to the customer base. Forking the repo however has disadvantages when it comes to ongoing feature releases and bug fixes which will have to be manually ported to your fork.
-2. We recommend, you implement a separate repository for your private add-on while still using the upstream framework. This gives you the advantage of keeping up with ongoing feature releases and bug fixes while keeping your add-on private.
-
-The following example shows you can leverage EKS Blueprints to provide your own helm add-on.
-
-```hcl
-#---------------------------------------------------------------
-# AWS VPC CNI Metrics Helper
-# This is using local helm chart
-#---------------------------------------------------------------
-
-data "aws_partition" "current" {}
-
-data "aws_caller_identity" "current" {}
-
-
-locals {
-  cni_metrics_name = "cni-metrics-helper"
-
-  default_helm_values = [templatefile("${path.module}/helm-values/cni-metrics-helper-values.yaml", {
-    eks_cluster_id = var.eks_cluster_id,
-    image          = "602401143452.dkr.ecr.${var.region}.amazonaws.com/cni-metrics-helper:v1.10.3",
-    sa-name        = local.cni_metrics_name
-   oidc_url        = "oidc.eks.eu-west-1.amazonaws.com/id/E6CASOMETHING55B9D01F7"
-  })]
-
-  addon_context = {
-    aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
-    aws_caller_identity_arn        = data.aws_caller_identity.current.arn
-    aws_eks_cluster_endpoint       = data.aws_eks_cluster.cluster.endpoint
-    aws_partition_id               = data.aws_partition.current.partition
-    aws_region_name                = var.region
-    eks_cluster_id                 = var.eks_cluster_id
-    eks_oidc_issuer_url            = local.oidc_url
-    eks_oidc_provider_arn          = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_url}"
-    tags                           = {}
-  }
-
-  helm_config = {
-    name        = local.cni_metrics_name
-    description = "CNI Metrics Helper Helm Chart"
-    timeout     = "300"
-    chart       = "${path.module}/local-helm-charts/cni-metrics-helper"
-    version     = "0.1.7"
-    repository  = null
-    namespace   = "kube-system"
-    lint        = false
-    values      = local.default_helm_values
-  }
-
-  irsa_config = {
-    kubernetes_namespace              = "kube-system"
-    kubernetes_service_account        = local.cni_metrics_name
-    create_kubernetes_namespace       = false
-    create_kubernetes_service_account = true
-    irsa_iam_policies                 = [aws_iam_policy.cni_metrics.arn]
-  }
-}
-
-module "helm_addon" {
-  source      = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon"
-  helm_config = local.helm_config
-  irsa_config = local.irsa_config
-  addon_context = local.addon_context
-}
-
-resource "aws_iam_policy" "cni_metrics" {
-  name        = "${var.eks_cluster_id}-cni-metrics"
-  description = "IAM policy for EKS CNI Metrics helper"
-  path        = "/"
-  policy      = data.aws_iam_policy_document.cni_metrics.json
-
-  tags = var.tags
-}
-
-data "aws_iam_policy_document" "cni_metrics" {
-  statement {
-    sid = "CNIMetrics"
-    actions = [
-      "cloudwatch:PutMetricData"
-    ]
-    resources = ["*"]
-  }
-}
-```
-
-### Secrets Handling
-
-We expect that certain add-ons will need to provide access to sensitive values to their helm chart configuration such as password, license keys, API keys, etc. We recommend that you ask customers to store such secrets in an external secret store such as AWS Secrets Manager or AWS Systems Manager Parameter Store and use the [AWS Secrets and Configuration Provider (ASCP)](https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html) to mount the secrets as files or environment variables in the pods of your add-on. We are actively working on providing a native add-on for ASCP as of this writing which you will be able to leverage for your add-on.
-
-## Example Public Add-On
-
-[Kube-state-metrics-addon](https://registry.terraform.io/modules/askulkarni2/kube-state-metrics-addon/eksblueprints/latest) extension contains a sample implementation of the [`kube-state-metrics`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) that demonstrates how to write a public add-on that lives outside of the core repo.
-
-### Add-On Repo
-
-We recommend the use of pattern `terraform-eksblueprints-<addon_name>` as the name of the repo so that you are able to easily publish the module to Terraform [registry](https://registry.terraform.io/). See [kube-state-metrics](https://github.com/askulkarni2/terraform-eksblueprints-kube-state-metrics-addon) for an example.
-
-### Add-On Code
-
-We recommend your add-on code follow Terraform standards for best practices for organizing your code, such as..
-
-```sh
-.
-├── CODE_OF_CONDUCT.md
-├── CONTRIBUTING.md
-├── LICENSE
-├── README.md
-├── blueprints
-│   ├── README.md
-│   ├── addons
-│   │   ├── README.md
-│   │   ├── addons.tfbackend
-│   │   ├── backend.tf
-│   │   ├── data.tf
-│   │   ├── main.tf
-│   │   ├── providers.tf
-│   │   └── variables.tf
-│   ├── eks
-│   │   ├── README.md
-│   │   ├── backend.tf
-│   │   ├── data.tf
-│   │   ├── eks.tfbackend
-│   │   ├── main.tf
-│   │   ├── outputs.tf
-│   │   ├── providers.tf
-│   │   └── variables.tf
-│   ├── vars
-│   │   └── config.tfvars
-│   └── vpc
-│       ├── README.md
-│       ├── backend.tf
-│       ├── data.tf
-│       ├── locals.tf
-│       ├── main.tf
-│       ├── outputs.tf
-│       ├── providers.tf
-│       ├── variables.tf
-│       └── vpc.tfbackend
-├── locals.tf
-├── main.tf
-├── outputs.tf
-├── values.yaml
-└── variables.tf
-```
-
-In the above code tree,
-
-- The root directory contains your add-on code.
-- The blueprints code contains the code that demonstrates how customers can use your add-on with the EKS Blueprints framework. Here, we highly recommend that you show the true value add of your add-on through the pattern. Customers will benefit the most where the example shows how they can integrate their workload with your add-on.
-
-If your add-on can be deployed via helm chart, we recommend the use of the [helm-addon](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/helm-addon) as shown below.
-
-**Note**: Use the latest published module in the source version.
-
-> main.tf
-
-```hcl
-module "helm_addon" {
-  source               = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon?ref=v3.5.0"
-  manage_via_gitops    = var.manage_via_gitops
-
-  ### The following values are defined in locals.tf
-  set_values           = local.set_values
-  set_sensitive_values = local.set_sensitive_values
-  helm_config          = local.helm_config
-  addon_context        = var.addon_context
-}
-```
-
-### Core Repo Changes
-
-Once you have tested your add-on locally against your fork of the core repo, please open a PR that contains the following:
-
-> Update to [`kubernetes-addons/main.tf`](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/main.tf) with a code block that invokes your add-on. E.g.
-
-```hcl
-module "kube_state_metrics" {
-  count                     = var.enable_kube_state_metrics ? 1 : 0
-  source                    = "askulkarni2/kube-state-metrics-addon/eksblueprints"
-  version                   = "0.0.2"
-  helm_config               = var.kube_state_metrics_helm_config
-  addon_context             = local.addon_context
-  manage_via_gitops         = var.argocd_manage_add_ons
-}
-```
-
-> Update to [`kubernetes-addons/variables.tf`](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/variables.tf) to accept parameters for your add-on. E.g.
-
-```hcl
-#-----------Kube State Metrics ADDON-------------
-variable "enable_kube_state_metrics" {
-  type        = bool
-  default     = false
-  description = "Enable Kube State Metrics add-on"
-}
-
-variable "kube_state_metrics_helm_config" {
-  type        = any
-  default     = {}
-  description = "Kube State Metrics Helm Chart config"
-}
-```
-
-- Add documentation under add-on [`docs`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/docs/add-ons/) that gives an overview of your add-on and points the customer to the actual documentation which would live in your add-on repo.
-
-### GitOps
-
-If your add-on can be managed via ArgoCD GitOps, then
-
-- Provide the `argo_gitops_config` as an output of your add-on module as shown [here](https://github.com/askulkarni2/terraform-eksblueprints-kube-state-metrics-addon/blob/main/outputs.tf).
-
-> outputs.tf
-
-```hcl
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-```
-
-- In the PR against the core repo, update [`kubernetes-addons/locals.tf`](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/modules/kubernetes-addons/locals.tf) to provide the add-on module output `argocd_gitops_config` to the `argocd_add_on_config` as shown for others.
-
-- Open a PR against the [eks-blueprints-addons](https://github.com/aws-samples/eks-blueprints-add-ons) repo with the following changes:
-
-  - Create a wrapper Helm chart for your add-on similar to [kube-state-metrics](https://github.com/aws-samples/eks-blueprints-add-ons/tree/main/add-ons/kube-state-metrics)
-    - Create a [`Chart.yaml`](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/add-ons/kube-state-metrics/Chart.yaml) which points to the location of your actual helm chart.
-    - Create a [`values.yaml`](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/add-ons/kube-state-metrics/values.yaml) which contains a default best-practice configuration for your add-on.
-  - Create an ArgoCD application [template](https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/templates/kube-state-metrics.yaml) which is applied if `enable_<add_on> = true` is used by the customer in the consumer module. This also used to parameterize your add-ons helm chart wrapper with values that will be passed over from Terraform to Helm using the [GitOps bridge](./add-ons/index.md#gitops-bridge).
diff --git a/eks-worker.tf b/eks-worker.tf
deleted file mode 100644
index ec9a5146ef..0000000000
--- a/eks-worker.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-# ---------------------------------------------------------------------------------------------------------------------
-# MANAGED NODE GROUPS
-# ---------------------------------------------------------------------------------------------------------------------
-
-module "aws_eks_managed_node_groups" {
-  source = "./modules/aws-eks-managed-node-groups"
-
-  for_each = var.managed_node_groups
-
-  managed_ng = each.value
-  context    = local.node_group_context
-
-  depends_on = [kubernetes_config_map.aws_auth]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# SELF MANAGED NODE GROUPS
-# ---------------------------------------------------------------------------------------------------------------------
-
-module "aws_eks_self_managed_node_groups" {
-  source = "./modules/aws-eks-self-managed-node-groups"
-
-  for_each = var.self_managed_node_groups
-
-  self_managed_ng = each.value
-  context         = local.node_group_context
-
-  depends_on = [kubernetes_config_map.aws_auth]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# FARGATE PROFILES
-# ---------------------------------------------------------------------------------------------------------------------
-
-module "aws_eks_fargate_profiles" {
-  source = "./modules/aws-eks-fargate-profiles"
-
-  for_each = var.fargate_profiles
-
-  fargate_profile = each.value
-  context         = local.fargate_context
-
-  depends_on = [kubernetes_config_map.aws_auth]
-}
diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 6e8c36fdda..92fbdf4fe8 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -96,7 +96,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index 667fca2aa1..ce69ceaeef 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -95,7 +95,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/do-not-use/docs/aws-fsx-csi-driver.md b/examples/do-not-use/docs/aws-fsx-csi-driver.md
deleted file mode 100644
index e947792ac0..0000000000
--- a/examples/do-not-use/docs/aws-fsx-csi-driver.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# Amazon FSx for Lustre CSI Driver
-
-This add-on deploys the [Amazon FSx for Lustre CSI Driver](https://docs.aws.amazon.com/eks/latest/userguide/fsx-csi.html) in to an Amazon EKS Cluster.
-
-## Usage
-
-The [Amazon FSx for Lustre CSI Driver](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/modules/kubernetes-addons/aws-fsx-csi-driver) can be deployed by enabling the add-on via the following.
-
-```hcl
-  enable_aws_fsx_csi_driver = true
-```
-
-You can optionally customize the Helm chart deployment using a configuration like the following.
-
-```hcl
-  enable_aws_fsx_csi_driver = true
-  aws_fsx_csi_driver = {
-    namespace     = "aws-fsx-csi-driver"
-    chart_version = "1.5.1"
-    role_policies = <ADDITIONAL_IAM_POLICY_ARN>
-  }
-```
-
-You can find all available Helm Chart parameter values [here](https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/values.yaml)
-
-Once deployed, you will be able to see a number of supporting resources in the `kube-system` namespace.
-
-```sh
-$ kubectl get deployment fsx-csi-controller -n kube-system
-
-NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
-fsx-csi-controller   2/2     2            2           4m29s
-```
-
-```sh
-$ kubectl get daemonset fsx-csi-node -n kube-system
-
-NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
-fsx-csi-node   3         3         3       3            3           kubernetes.io/os=linux   4m32s
-```
-
-### GitOps Configuration
-
-`ArgoCD` with `App of Apps` GitOps enabled for this Add-on by enabling the following variable
-
-```hcl
-argocd_manage_add_ons = true
-```
-
-The following is configured to ArgoCD App of Apps for this Add-on.
-
-```hcl
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-```
diff --git a/examples/eks-efa/.gitignore b/examples/eks-efa/.gitignore
deleted file mode 100644
index 55e2910e38..0000000000
--- a/examples/eks-efa/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-tfplan
-*.tfstate
-*.backup
-TODO*.*
-.terraform
-*.hcl
diff --git a/examples/eks-efa/README.md b/examples/eks-efa/README.md
deleted file mode 100644
index de6a0ddc9d..0000000000
--- a/examples/eks-efa/README.md
+++ /dev/null
@@ -1,659 +0,0 @@
-# EKS Blueprint Example with Elastic Fabric Adapter
-
-## Table of Contents
-
-- [EKS Blueprint Example with Elastic Fabric Adapter](#eks-blueprint-example-with-elastic-fabric-adapter)
-  - [Table of Contents](#table-of-contents)
-  - [Elastic Fabric Adapter Overview](#elastic-fabric-adapter-overview)
-  - [Setup Details](#setup-details)
-- [Terraform Doc](#terraform-doc)
-  - [Requirements](#requirements)
-  - [Providers](#providers)
-  - [Modules](#modules)
-  - [Resources](#resources)
-  - [Inputs](#inputs)
-  - [Outputs](#outputs)
-- [Example Walkthrough](#example-walkthrough)
-  - [1. Clone Repository](#1-clone-repository)
-  - [2. Configure Terraform Plan](#2-configure-terraform-plan)
-  - [3. Initialize Terraform Plan](#3-initialize-terraform-plan)
-  - [4. Create Terraform Plan](#4-create-terraform-plan)
-  - [5. Apply Terraform Plan](#5-apply-terraform-plan)
-  - [6. Connect to EKS](#6-connect-to-eks)
-  - [7. Deploy Kubeflow MPI Operator](#7-deploy-kubeflow-mpi-operator)
-  - [8. Test EFA](#8-test-efa)
-    - [8.1. EFA Info Test](#81-efa-info-test)
-    - [8.2. EFA NCCL Test](#82-efa-nccl-test)
-  - [9. Cleanup](#9-cleanup)
-- [Conclusion](#conclusion)
-
-## Elastic Fabric Adapter Overview
-
-[Elastic Fabric Adapter (EFA)](https://aws.amazon.com/hpc/efa/) is a network interface supported by [some Amazon EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html#efa-instance-types) that provides high-performance network communications at scale on AWS. Commonly, high-performance computing, simulation, and large AI model training jobs require EFA, in order to minimize the time to job completion. This example provides a blueprint for deploying an [Amazon EKS](https://aws.amazon.com/eks/) cluster with EFA-enabled nodes, which can be used to run such jobs.
-
-## Setup Details
-
-There are three requirements that need to be satisfied, in order for EFA to work:
-
-1. The EC2 instance type must support EFA and the EFA adapter must be enabled.
-2. The EFA software must be installed
-3. The security group attached to the EC2 instance must allow all incoming and outgoing traffic to itself
-
-In the provided Terraform EKS Blueprint example here, these requirements are satisfied automatically.  
-
-# Terraform Doc
-
-The main Terraform doc [main.tf](main.tf) contains local variables, local data, vpc and eks definitions, device plugins, and addons.
-
-## Requirements
-
-Requirements are specified in the [providers.tf](providers.tf) file. This file is used to install all needed providers when `terraform init` is executed.
-
-## Providers
-
-Providers are defined in [main.tf](main.tf#L3). They include `aws`, `kubernetes`, `helm`, and `kubectl`.
-
-## Modules
-
-The following modules are included in the template:
-
-1. [vpc](main.tf#L240) - defines the VPC which will be used to host the EKS cluster
-
-2. [eks](main.tf#L92) - defines the EKS cluster
-   The EKS cluster contains a managed nodedgroup called `sys` for running system pods,
-   and an unmanaged nodegroup called `efa` which has the necessary configuration to enable EFA on the nodes in that group.
-
-3. [eks_blueprints_kubernetes_addons](main.tf#L220) - defines EKS cluster addons to be deployed
-
-
-## Resources
-
-The [resources section of main.tf](main.tf#69) creates a placement group, deploys the [EFA](https://github.com/aws-samples/aws-efa-eks) and [NVIDIA](https://github.com/NVIDIA/k8s-device-plugin) device plugins.
-
-## Inputs
-
-There are no required user-inputs.
-The template comes with default inputs which create an EKS cluster called `eks-efa` in region `us-east-1`.
-These settings can be adjusted in the [variables.tf](variables.tf) file.
-
-## Outputs
-
-When the `terraform apply` completes successfully, the EKS cluster id, and the command to connect to the cluster are provided as outputs as described in [outputs.tf](outputs.tf).
-
-# Example Walkthrough
-
-## 1. Clone Repository
-
-```bash
-git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
-cd terraform-aws-eks-bluerpints/examples/eks-efa
-```
-
-## 2. Configure Terraform Plan
-
-Edit [variables.tf](variables.tf) and the [locals section of main.tf](main.tf#L54) as needed.
-
-## 3. Initialize Terraform Plan
-
-```bash
-terraform init
-```
-
-<details>
-<summary>Output:</summary>
-Initializing the backend...
-Initializing modules...
-Downloading registry.terraform.io/terraform-aws-modules/eks/aws 19.13.1 for eks...
-- eks in .terraform/modules/eks
-- eks.eks_managed_node_group in .terraform/modules/eks/modules/eks-managed-node-group
-- eks.eks_managed_node_group.user_data in .terraform/modules/eks/modules/_user_data
-- eks.fargate_profile in .terraform/modules/eks/modules/fargate-profile
-Downloading registry.terraform.io/terraform-aws-modules/kms/aws 1.1.0 for eks.kms...
-- eks.kms in .terraform/modules/eks.kms
-- eks.self_managed_node_group in .terraform/modules/eks/modules/self-managed-node-group
-- eks.self_managed_node_group.user_data in .terraform/modules/eks/modules/_user_data
-- eks_blueprints_kubernetes_addons in ../../modules/kubernetes-addons
-- eks_blueprints_kubernetes_addons.adot_collector_haproxy in ../../modules/kubernetes-addons/adot-collector-haproxy
-- eks_blueprints_kubernetes_addons.adot_collector_haproxy.helm_addon in ../../modules/kubernetes-addons/helm-addon
-- eks_blueprints_kubernetes_addons.adot_collector_haproxy.helm_addon.irsa in ../../modules/irsa
-- eks_blueprints_kubernetes_addons.adot_collector_java in ../../modules/kubernetes-addons/adot-collector-java
-- eks_blueprints_kubernetes_addons.adot_collector_java.helm_addon in ../../modules/kubernetes-addons/helm-addon
-- ...
-- eks_blueprints_kubernetes_addons.opentelemetry_operator in ../../modules/kubernetes-addons/opentelemetry-operator
-- eks_blueprints_kubernetes_addons.opentelemetry_operator.cert_manager in ../../modules/kubernetes-addons/cert-manager
-- eks_blueprints_kubernetes_addons.opentelemetry_operator.cert_manager.helm_addon in ../../modules/kubernetes-addons/helm-addon
-- eks_blueprints_kubernetes_addons.opentelemetry_operator.cert_manager.helm_addon.irsa in ../../modules/irsa
-- eks_blueprints_kubernetes_addons.opentelemetry_operator.helm_addon in ../../modules/kubernetes-addons/helm-addon
-- eks_blueprints_kubernetes_addons.opentelemetry_operator.helm_addon.irsa in ../../modules/irsa
-Downloading registry.terraform.io/portworx/portworx-addon/eksblueprints 0.0.6 for eks_blueprints_kubernetes_addons.portworx...
-- eks_blueprints_kubernetes_addons.portworx in .terraform/modules/eks_blueprints_kubernetes_addons.portworx
-Downloading git::https://github.com/aws-ia/terraform-aws-eks-blueprints.git for eks_blueprints_kubernetes_addons.portworx.helm_addon...
-- eks_blueprints_kubernetes_addons.portworx.helm_addon in .terraform/modules/eks_blueprints_kubernetes_addons.portworx.helm_addon/modules/kubernetes-addons/helm-addon
-- eks_blueprints_kubernetes_addons.portworx.helm_addon.irsa in .terraform/modules/eks_blueprints_kubernetes_addons.portworx.helm_addon/modules/irsa
-- eks_blueprints_kubernetes_addons.prometheus in ../../modules/kubernetes-addons/prometheus
--...
-- eks_blueprints_kubernetes_addons.yunikorn.helm_addon in ../../modules/kubernetes-addons/helm-addon
-- eks_blueprints_kubernetes_addons.yunikorn.helm_addon.irsa in ../../modules/irsa
-Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 4.0.1 for vpc...
-- vpc in .terraform/modules/vpc
-
-Initializing provider plugins...
-- Finding latest version of hashicorp/random...
-- Finding hashicorp/kubernetes versions matching ">= 2.6.1, >= 2.10.0, >= 2.16.1"...
-- Finding latest version of hashicorp/http...
-- Finding hashicorp/helm versions matching ">= 2.4.1, >= 2.5.1, >= 2.8.0"...
-- Finding gavinbunney/kubectl versions matching ">= 1.14.0"...
-- Finding hashicorp/aws versions matching ">= 3.72.0, >= 4.10.0, >= 4.13.0, >= 4.35.0, >= 4.47.0, >= 4.57.0"...
-- Finding hashicorp/time versions matching ">= 0.7.0, >= 0.8.0, >= 0.9.0"...
-- Finding hashicorp/null versions matching ">= 3.0.0"...
-- Finding hashicorp/tls versions matching ">= 3.0.0"...
-- Finding hashicorp/cloudinit versions matching ">= 2.0.0"...
-- Installing hashicorp/helm v2.9.0...
-- Installed hashicorp/helm v2.9.0 (signed by HashiCorp)
-- Installing gavinbunney/kubectl v1.14.0...
-- Installed gavinbunney/kubectl v1.14.0 (self-signed, key ID AD64217B5ADD572F)
-- Installing hashicorp/tls v4.0.4...
-- Installed hashicorp/tls v4.0.4 (signed by HashiCorp)
-- Installing hashicorp/cloudinit v2.3.2...
-- Installed hashicorp/cloudinit v2.3.2 (signed by HashiCorp)
-- Installing hashicorp/random v3.5.1...
-- Installed hashicorp/random v3.5.1 (signed by HashiCorp)
-- Installing hashicorp/http v3.3.0...
-- Installed hashicorp/http v3.3.0 (signed by HashiCorp)
-- Installing hashicorp/time v0.9.1...
-- Installed hashicorp/time v0.9.1 (signed by HashiCorp)
-- Installing hashicorp/null v3.2.1...
-- Installed hashicorp/null v3.2.1 (signed by HashiCorp)
-- Installing hashicorp/kubernetes v2.20.0...
-- Installed hashicorp/kubernetes v2.20.0 (signed by HashiCorp)
-- Installing hashicorp/aws v4.66.1...
-- Installed hashicorp/aws v4.66.1 (signed by HashiCorp)
-
-Partner and community providers are signed by their developers.
-If you'd like to know more about provider signing, you can read about it here:
-https://www.terraform.io/docs/cli/plugins/signing.html
-
-Terraform has created a lock file .terraform.lock.hcl to record the provider
-selections it made above. Include this file in your version control repository
-so that Terraform can guarantee to make the same selections by default when
-you run "terraform init" in the future.
-
-Terraform has been successfully initialized!
-
-You may now begin working with Terraform. Try running "terraform plan" to see
-any changes that are required for your infrastructure. All Terraform commands
-should now work.
-
-If you ever set or change modules or backend configuration for Terraform,
-rerun this command to reinitialize your working directory. If you forget, other
-commands will detect it and remind you to do so if necessary.
-</details>
-
-## 4. Create Terraform Plan
-
-```bash
-terraform plan -out tfplan
-```
-
-<details>
-<summary>Output:</summary>
-
-```text
-...
-# module.vpc.aws_vpc.this[0] will be created
-  + resource "aws_vpc" "this" {
-      + arn                                  = (known after apply)
-      + cidr_block                           = "10.11.0.0/16"
-      + default_network_acl_id               = (known after apply)
-      + default_route_table_id               = (known after apply)
-      + default_security_group_id            = (known after apply)
-...
-
-Plan: 80 to add, 0 to change, 0 to destroy.
-
-Changes to Outputs:
-  + configure_kubectl = "aws eks update-kubeconfig --region us-east-1 --name eks-efa"
-  + eks_cluster_id    = (known after apply)
-
-───────────────────────────────────────────────────────────────────────────────
-
-Saved the plan to: tfplan
-
-To perform exactly these actions, run the following command to apply:
-    terraform apply "tfplan"
-```
-</details>
-
-## 5. Apply Terraform Plan
-
-```bash
-terraform apply tfplan
-```
-
-<details>
-
-<summary>Output:</summary>
-
-```text
-aws_placement_group.efa_pg: Creating...
-module.eks.aws_cloudwatch_log_group.this[0]: Creating...
-module.vpc.aws_vpc.this[0]: Creating...
-module.eks.module.eks_managed_node_group["sys"].aws_iam_role.this[0]: Creating...
-module.vpc.aws_eip.nat[0]: Creating...
-module.eks.aws_iam_role.this[0]: Creating...
-...
-module.eks.aws_eks_cluster.this[0]: Still creating... [1m40s elapsed]
-module.eks.aws_eks_cluster.this[0]: Still creating... [1m50s elapsed]
-module.eks.aws_eks_cluster.this[0]: Still creating... [2m0s elapsed]
-...
-module.eks.aws_eks_addon.this["kube-proxy"]: Still creating... [30s elapsed]
-module.eks_blueprints_kubernetes_addons.module.aws_fsx_csi_driver[0].module.helm_addon.helm_release.addon[0]: Still creating... [20s elapsed]
-module.eks_blueprints_kubernetes_addons.module.aws_efs_csi_driver[0].module.helm_addon.helm_release.addon[0]: Still creating... [20s elapsed]
-module.eks.aws_eks_addon.this["vpc-cni"]: Creation complete after 35s [id=eks-efa:vpc-cni]
-module.eks.aws_eks_addon.this["kube-proxy"]: Creation complete after 35s [id=eks-efa:kube-proxy]
-module.eks_blueprints_kubernetes_addons.module.aws_fsx_csi_driver[0].module.helm_addon.helm_release.addon[0]: Still creating... [30s elapsed]
-module.eks_blueprints_kubernetes_addons.module.aws_efs_csi_driver[0].module.helm_addon.helm_release.addon[0]: Still creating... [30s elapsed]
-module.eks_blueprints_kubernetes_addons.module.aws_efs_csi_driver[0].module.helm_addon.helm_release.addon[0]: Creation complete after 36s [id=aws-efs-csi-driver]
-module.eks_blueprints_kubernetes_addons.module.aws_fsx_csi_driver[0].module.helm_addon.helm_release.addon[0]: Creation complete after 36s [id=aws-fsx-csi-driver]
-╷
-│ Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above
-│
-│   with module.eks_blueprints_kubernetes_addons.module.aws_efs_csi_driver[0].module.helm_addon.module.irsa[0].kubernetes_service_account_v1.irsa[0],
-│   on ../../modules/irsa/main.tf line 37, in resource "kubernetes_service_account_v1" "irsa":
-│   37: resource "kubernetes_service_account_v1" "irsa" {
-│
-│ Starting from version 1.24.0 Kubernetes does not automatically generate a token for service accounts, in this case, "default_secret_name" will be empty
-│
-│ (and one more similar warning elsewhere)
-╵
-
-Apply complete! Resources: 80 added, 0 changed, 0 destroyed.
-
-Outputs:
-
-configure_kubectl = "aws eks update-kubeconfig --region us-east-1 --name eks-efa"
-
-```
-</details>
-
-> **_Note:_** If the plan apply operation fails, you can repeat `terraform plan -out tfplan` and `terraform apply tfplan`
-
-It takes about 15 minutes to create the cluster.
-
-## 6. Connect to EKS
-
-Copy the value of the `configure_kubectl` output and execute it in your shell to connect to your EKS cluster.
-
-```bash
-aws eks update-kubeconfig --region us-east-1 --name eks-efa
-```
-
-Output:
-```text
-Updated context arn:aws:eks:us-east-1:xxxxxxxxxxxx:cluster/eks-efa in /root/.kube/config
-```
-
-Allow 5 minutes after the plan is applied for the EFA nodes to finish initializing and join the EKS cluster, then execute:
-
-```bash
-kubectl get nodes
-kubectl get nodes -o yaml | grep instance-type | grep node | grep -v f:
-```
-
-Your nodes and node types will be listed:
-
-```text
-# kubectl get nodes
-NAME                           STATUS   ROLES    AGE    VERSION
-ip-10-11-10-103.ec2.internal   Ready    <none>   4m1s   v1.25.7-eks-a59e1f0
-ip-10-11-19-28.ec2.internal    Ready    <none>   11m    v1.25.7-eks-a59e1f0
-ip-10-11-2-151.ec2.internal    Ready    <none>   11m    v1.25.7-eks-a59e1f0
-ip-10-11-2-18.ec2.internal     Ready    <none>   5m1s   v1.25.7-eks-a59e1f0
-# kubectl get nodes -o yaml | grep instance-type | grep node | grep -v f:
-      node.kubernetes.io/instance-type: g4dn.metal
-      node.kubernetes.io/instance-type: m5.large
-      node.kubernetes.io/instance-type: m5.large
-      node.kubernetes.io/instance-type: g4dn.metal
-```
-
-You should see two EFA-enabled (in this example `g4dn.metal`) nodes in the list.
-This verifies that you are connected to your EKS cluster and it is configured with EFA nodes.
-
-## 7. Deploy Kubeflow MPI Operator
-
-Kubeflow MPI Operator is required for running MPIJobs on EKS. We will use an MPIJob to test EFA.
-To deploy the MPI operator execute the following:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/kubeflow/mpi-operator/v0.3.0/deploy/v2beta1/mpi-operator.yaml
-```
-
-Output:
-
-```text
-namespace/mpi-operator created
-customresourcedefinition.apiextensions.k8s.io/mpijobs.kubeflow.org created
-serviceaccount/mpi-operator created
-clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-admin created
-clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-edit created
-clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-view created
-clusterrole.rbac.authorization.k8s.io/mpi-operator created
-clusterrolebinding.rbac.authorization.k8s.io/mpi-operator created
-deployment.apps/mpi-operator created
-```
-
-In addition to deploying the operator, please apply a patch to the mpi-operator clusterrole
-to allow the mpi-operator service account access to `leases` resources in the `coordination.k8s.io` apiGroup.
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/kubeflow/mpi-operator/clusterrole-mpi-operator.yaml
-```
-
-Output:
-
-```text
-clusterrole.rbac.authorization.k8s.io/mpi-operator configured
-```
-
-## 8. Test EFA
-
-We will run two tests. The first one will show the presence of EFA adapters on our EFA-enabled nodes. The second will test EFA performance.
-
-### 8.1. EFA Info Test
-
-To run the EFA info test, execute the following commands:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/efa-device-plugin/test-efa.yaml
-```
-
-Output:
-
-```text
-mpijob.kubeflow.org/efa-info-test created
-```
-
-```bash
-kubectl get pods
-```
-
-Output:
-
-```text
-NAME                           READY   STATUS      RESTARTS   AGE
-efa-info-test-launcher-hckkj   0/1     Completed   2          37s
-efa-info-test-worker-0         1/1     Running     0          38s
-efa-info-test-worker-1         1/1     Running     0          38s
-```
-
-Once the test launcher pod enters status `Running` or `Completed`, see the test logs using the command below:
-
-```bash
-kubectl logs -f $(kubectl get pods | grep launcher | cut -d ' ' -f 1)
-```
-
-Output:
-
-```text
-Warning: Permanently added 'efa-info-test-worker-1.efa-info-test-worker.default.svc,10.11.13.224' (ECDSA) to the list of known hosts.
-Warning: Permanently added 'efa-info-test-worker-0.efa-info-test-worker.default.svc,10.11.4.63' (ECDSA) to the list of known hosts.
-[1,1]<stdout>:provider: efa
-[1,1]<stdout>:    fabric: efa
-[1,1]<stdout>:    domain: rdmap197s0-rdm
-[1,1]<stdout>:    version: 116.10
-[1,1]<stdout>:    type: FI_EP_RDM
-[1,1]<stdout>:    protocol: FI_PROTO_EFA
-[1,0]<stdout>:provider: efa
-[1,0]<stdout>:    fabric: efa
-[1,0]<stdout>:    domain: rdmap197s0-rdm
-[1,0]<stdout>:    version: 116.10
-[1,0]<stdout>:    type: FI_EP_RDM
-[1,0]<stdout>:    protocol: FI_PROTO_EFA
-```
-
-This result shows that two EFA adapters are available (one for each worker pod).
-
-Lastly, delete the test job:
-
-```bash
-kubectl delete mpijob efa-info-test
-```
-
-Output:
-
-```text
-mpijob.kubeflow.org "efa-info-test" deleted
-```
-
-### 8.2. EFA NCCL Test
-
-To run the EFA NCCL test please execute the following kubectl command:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/efa-device-plugin/test-nccl-efa.yaml
-```
-
-Output:
-
-```text
-mpijob.kubeflow.org/test-nccl-efa created
-```
-
-Then display the pods in the current namespace:
-
-```bash
-kubectl get pods
-```
-
-Output:
-
-```text
-NAME                           READY   STATUS    RESTARTS      AGE
-test-nccl-efa-launcher-tx47t   1/1     Running   2 (31s ago)   33s
-test-nccl-efa-worker-0         1/1     Running   0             33s
-test-nccl-efa-worker-1         1/1     Running   0             33s
-```
-
-Once the launcher pod enters `Running` or `Completed` state, execute the following to see the test logs:
-
-```bash
-kubectl logs -f $(kubectl get pods | grep launcher | cut -d ' ' -f 1)
-```
-
-<details>
-
-<summary>Output:</summary>
-
-```text
-Warning: Permanently added 'test-nccl-efa-worker-1.test-nccl-efa-worker.default.svc,10.11.5.31' (ECDSA) to the list of known hosts.
-Warning: Permanently added 'test-nccl-efa-worker-0.test-nccl-efa-worker.default.svc,10.11.13.106' (ECDSA) to the list of known hosts.
-[1,0]<stdout>:# nThread 1 nGpus 1 minBytes 1 maxBytes 1073741824 step: 2(factor) warmup iters: 5 iters: 100 agg iters: 1 validation: 1 graph: 0
-[1,0]<stdout>:#
-[1,0]<stdout>:# Using devices
-[1,0]<stdout>:#  Rank  0 Group  0 Pid     21 on test-nccl-efa-worker-0 device  0 [0x35] Tesla T4
-[1,0]<stdout>:#  Rank  1 Group  0 Pid     21 on test-nccl-efa-worker-1 device  0 [0xf5] Tesla T4
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO Bootstrap : Using eth0:10.11.13.106<0>
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/Plugin: Failed to find ncclCollNetPlugin_v5 symbol.
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/Plugin: Failed to find ncclCollNetPlugin_v4 symbol.
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Using aws-ofi-nccl 1.5.0aws
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Configuring AWS-specific options
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Setting NCCL_PROTO to "simple"
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Setting FI_EFA_FORK_SAFE environment variable to 1
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Selected Provider is efa (found 1 nics)
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO Using network AWS Libfabric
-[1,0]<stdout>:NCCL version 2.12.7+cuda11.4
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO Bootstrap : Using eth0:10.11.5.31<0>
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/Plugin: Failed to find ncclCollNetPlugin_v5 symbol.
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/Plugin: Failed to find ncclCollNetPlugin_v4 symbol.
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/OFI Using aws-ofi-nccl 1.5.0aws
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/OFI Configuring AWS-specific options
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/OFI Setting NCCL_PROTO to "simple"
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/OFI Setting FI_EFA_FORK_SAFE environment variable to 1
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO NET/OFI Selected Provider is efa (found 1 nics)
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO Using network AWS Libfabric
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Setting affinity for GPU 0 to ff,ffff0000,00ffffff
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Setting affinity for GPU 0 to ffffff00,0000ffff,ff000000
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Trees [0] -1/-1/-1->1->0 [1] 0/-1/-1->1->-1
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 00/02 :    0   1
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 01/02 :    0   1
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Trees [0] 1/-1/-1->0->-1 [1] -1/-1/-1->0->1
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO NCCL_SHM_DISABLE set by environment to 0.
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO NCCL_SHM_DISABLE set by environment to 0.
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Channel 00/0 : 0[35000] -> 1[f5000] [receive] via NET/AWS Libfabric/0
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 00/0 : 1[f5000] -> 0[35000] [receive] via NET/AWS Libfabric/0
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Channel 01/0 : 0[35000] -> 1[f5000] [receive] via NET/AWS Libfabric/0
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 01/0 : 1[f5000] -> 0[35000] [receive] via NET/AWS Libfabric/0
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Channel 00/0 : 1[f5000] -> 0[35000] [send] via NET/AWS Libfabric/0
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 00/0 : 0[35000] -> 1[f5000] [send] via NET/AWS Libfabric/0
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Channel 01/0 : 1[f5000] -> 0[35000] [send] via NET/AWS Libfabric/0
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Channel 01/0 : 0[35000] -> 1[f5000] [send] via NET/AWS Libfabric/0
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Connected all rings
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO Connected all trees
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO threadThresholds 8/8/64 | 16/8/64 | 8/8/512
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO 2 coll channels, 2 p2p channels, 2 p2p channels per peer
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Connected all rings
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO Connected all trees
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO threadThresholds 8/8/64 | 16/8/64 | 8/8/512
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO 2 coll channels, 2 p2p channels, 2 p2p channels per peer
-[1,1]<stdout>:test-nccl-efa-worker-1:21:26 [0] NCCL INFO comm 0x7f9c0c000f60 rank 1 nranks 2 cudaDev 0 busId f5000 - Init COMPLETE
-[1,0]<stdout>:test-nccl-efa-worker-0:21:27 [0] NCCL INFO comm 0x7fde98000f60 rank 0 nranks 2 cudaDev 0 busId 35000 - Init COMPLETE
-[1,0]<stdout>:#
-[1,0]<stdout>:#                                                              out-of-place                       in-place  
-[1,0]<stdout>:#       size         count      type   redop    root     time   algbw   busbw #wrong     time   algbw   busbw #wrong
-[1,0]<stdout>:#        (B)    (elements)                               (us)  (GB/s)  (GB/s)            (us)  (GB/s)  (GB/s)  
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO Launch mode Parallel
-[1,0]<stdout>:           0             0     float     sum      -1     6.36    0.00    0.00      0     6.40    0.00    0.00      0
-[1,0]<stdout>:           0             0     float     sum      -1     6.43    0.00    0.00      0     6.35    0.00    0.00      0
-[1,0]<stdout>:           4             1     float     sum      -1    65.70    0.00    0.00      0    64.84    0.00    0.00      0
-[1,0]<stdout>:           8             2     float     sum      -1    64.88    0.00    0.00      0    64.18    0.00    0.00      0
-[1,0]<stdout>:          16             4     float     sum      -1    64.33    0.00    0.00      0    65.02    0.00    0.00      0
-[1,0]<stdout>:          32             8     float     sum      -1    65.95    0.00    0.00      0    64.78    0.00    0.00      0
-[1,0]<stdout>:          64            16     float     sum      -1    65.19    0.00    0.00      0    64.66    0.00    0.00      0
-[1,0]<stdout>:         128            32     float     sum      -1    65.30    0.00    0.00      0    64.76    0.00    0.00      0
-[1,0]<stdout>:         256            64     float     sum      -1    65.30    0.00    0.00      0    64.90    0.00    0.00      0
-[1,0]<stdout>:         512           128     float     sum      -1    65.71    0.01    0.01      0    64.75    0.01    0.01      0
-[1,0]<stdout>:        1024           256     float     sum      -1    67.15    0.02    0.02      0    66.82    0.02    0.02      0
-[1,0]<stdout>:        2048           512     float     sum      -1    68.22    0.03    0.03      0    67.55    0.03    0.03      0
-[1,0]<stdout>:        4096          1024     float     sum      -1    70.65    0.06    0.06      0    71.20    0.06    0.06      0
-[1,0]<stdout>:        8192          2048     float     sum      -1    76.15    0.11    0.11      0    75.36    0.11    0.11      0
-[1,0]<stdout>:       16384          4096     float     sum      -1    87.65    0.19    0.19      0    87.87    0.19    0.19      0
-[1,0]<stdout>:       32768          8192     float     sum      -1    98.94    0.33    0.33      0    98.14    0.33    0.33      0
-[1,0]<stdout>:       65536         16384     float     sum      -1    115.8    0.57    0.57      0    115.7    0.57    0.57      0
-[1,0]<stdout>:      131072         32768     float     sum      -1    149.3    0.88    0.88      0    148.7    0.88    0.88      0
-[1,0]<stdout>:      262144         65536     float     sum      -1    195.0    1.34    1.34      0    194.0    1.35    1.35      0
-[1,0]<stdout>:      524288        131072     float     sum      -1    296.9    1.77    1.77      0    291.1    1.80    1.80      0
-[1,0]<stdout>:     1048576        262144     float     sum      -1    583.4    1.80    1.80      0    579.6    1.81    1.81      0
-[1,0]<stdout>:     2097152        524288     float     sum      -1    983.3    2.13    2.13      0    973.9    2.15    2.15      0
-[1,0]<stdout>:     4194304       1048576     float     sum      -1   1745.4    2.40    2.40      0   1673.2    2.51    2.51      0
-[1,0]<stdout>:     8388608       2097152     float     sum      -1   3116.1    2.69    2.69      0   3092.6    2.71    2.71      0
-[1,0]<stdout>:    16777216       4194304     float     sum      -1   5966.3    2.81    2.81      0   6008.9    2.79    2.79      0
-[1,0]<stdout>:    33554432       8388608     float     sum      -1    11390    2.95    2.95      0    11419    2.94    2.94      0
-[1,0]<stdout>:    67108864      16777216     float     sum      -1    21934    3.06    3.06      0    21930    3.06    3.06      0
-[1,0]<stdout>:   134217728      33554432     float     sum      -1    43014    3.12    3.12      0    42619    3.15    3.15      0
-[1,0]<stdout>:   268435456      67108864     float     sum      -1    85119    3.15    3.15      0    85743    3.13    3.13      0
-[1,0]<stdout>:   536870912     134217728     float     sum      -1   171351    3.13    3.13      0   171823    3.12    3.12      0
-[1,0]<stdout>:  1073741824     268435456     float     sum      -1   344981    3.11    3.11      0   344454    3.12    3.12      0
-[1,1]<stdout>:test-nccl-efa-worker-1:21:21 [0] NCCL INFO comm 0x7f9c0c000f60 rank 1 nranks 2 cudaDev 0 busId f5000 - Destroy COMPLETE
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO comm 0x7fde98000f60 rank 0 nranks 2 cudaDev 0 busId 35000 - Destroy COMPLETE
-[1,0]<stdout>:# Out of bounds values : 0 OK
-[1,0]<stdout>:# Avg bus bandwidth    : 1.15327
-[1,0]<stdout>:#
-[1,0]<stdout>:
-```
-</details>
-
-
-The following section from the beginning of the log, indicates that the test is being performed using EFA:
-
-```text
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Selected Provider is efa (found 1 nics)
-[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO Using network AWS Libfabric
-[1,0]<stdout>:NCCL version 2.12.7+cuda11.4
-```
-
-Columns 8 and 12 in the output table show the in-place and out-of-place bus bandwidth calculated for the data size listed in column 1. In this case it is 3.13 and 3.12 GB/s respectively.
-Your actual results may be slightly different. The calculated average bus bandwidth is displayed at the bottom of the log when the test finishes after it reaches the max data size,
-specified in the mpijob manifest. In this result the average bus bandwidth is 1.15 GB/s.
-
-```
-[1,0]<stdout>:#       size         count      type   redop    root     time   algbw   busbw #wrong     time   algbw   busbw #wrong
-[1,0]<stdout>:#        (B)    (elements)                               (us)  (GB/s)  (GB/s)            (us)  (GB/s)  (GB/s)  
-...
-[1,0]<stdout>:      262144         65536     float     sum      -1    195.0    1.34    1.34      0    194.0    1.35    1.35      0
-[1,0]<stdout>:      524288        131072     float     sum      -1    296.9    1.77    1.77      0    291.1    1.80    1.80      0
-[1,0]<stdout>:     1048576        262144     float     sum      -1    583.4    1.80    1.80      0    579.6    1.81    1.81      0
-[1,0]<stdout>:     2097152        524288     float     sum      -1    983.3    2.13    2.13      0    973.9    2.15    2.15      0
-[1,0]<stdout>:     4194304       1048576     float     sum      -1   1745.4    2.40    2.40      0   1673.2    2.51    2.51      0
-...
-[1,0]<stdout>:# Avg bus bandwidth    : 1.15327
-```
-
-Finally, delete the test mpi job:
-
-```bash
-kubectl delete mpijob test-nccl-efa
-```
-
-Output:
-
-```text
-mpijob.kubeflow.org "test-nccl-efa" deleted
-```
-
-## 9. Cleanup
-
-```bash
-terraform destroy
-```
-
-<details>
-<summary>Output:</summary>
-
-```text
-...
- # module.eks.module.self_managed_node_group["efa"].aws_iam_role.this[0] will be destroyed
-...
-
-Plan: 0 to add, 0 to change, 80 to destroy.
-
-Changes to Outputs:
-  - configure_kubectl = "aws eks update-kubeconfig --region us-east-1 --name eks-efa" -> null
-
-Do you really want to destroy all resources?
-  Terraform will destroy all your managed infrastructure, as shown above.
-  There is no undo. Only 'yes' will be accepted to confirm.
-
-  Enter a value: yes
-  ...
-  module.eks.aws_iam_role.this[0]: Destruction complete after 1s
-module.eks.aws_security_group_rule.node["ingress_self_coredns_udp"]: Destruction complete after 2s
-module.eks.aws_security_group_rule.node["ingress_cluster_9443_webhook"]: Destruction complete after 3s
-module.eks.aws_security_group_rule.node["ingress_cluster_443"]: Destruction complete after 3s
-module.eks.aws_security_group_rule.node["egress_all"]: Destruction complete after 2s
-module.eks.aws_security_group_rule.node["egress_self_all"]: Destruction complete after 3s
-module.eks.aws_security_group_rule.node["ingress_nodes_ephemeral"]: Destruction complete after 3s
-module.eks.aws_security_group_rule.node["ingress_cluster_8443_webhook"]: Destruction complete after 3s
-module.eks.aws_security_group_rule.node["ingress_self_coredns_tcp"]: Destruction complete after 4s
-module.eks.aws_security_group.cluster[0]: Destroying... [id=sg-05516650e2f2ed6c1]
-module.eks.aws_security_group.node[0]: Destroying... [id=sg-0e421877145f36d48]
-module.eks.aws_security_group.cluster[0]: Destruction complete after 1s
-module.eks.aws_security_group.node[0]: Destruction complete after 1s
-module.vpc.aws_vpc.this[0]: Destroying... [id=vpc-04677b1ab4eac3ca7]
-module.vpc.aws_vpc.this[0]: Destruction complete after 0s
-╷
-│ Warning: EC2 Default Network ACL (acl-0932148c7d86482e0) not deleted, removing from state
-╵
-
-Destroy complete! Resources: 80 destroyed.
-```
-
-</details>
-
-The cleanup process takes about 15 minutes.
-
-# Conclusion
-
-With this example, we have demonstrated how AWS EKS Blueprints can be used to create an EKS cluster with an
-EFA-enabled nodegroup. Futhermore, we have shown how to run MPI Jobs to validate that EFA works and check its performance.
-Use this example as a starting point to bootstrap your own infrastructure-as-code terraform projects that require use
-of high-performance networking on AWS with Elastic Fabric Adapter.
diff --git a/examples/eks-efa/main.tf b/examples/eks-efa/main.tf
deleted file mode 100644
index 3fe9178e9c..0000000000
--- a/examples/eks-efa/main.tf
+++ /dev/null
@@ -1,261 +0,0 @@
-# Providers
-
-provider "aws" {
-  region = var.aws_region
-}
-
-provider "kubernetes" {
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
-}
-
-provider "helm" {
-  kubernetes {
-    host                   = module.eks.cluster_endpoint
-    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-    token                  = data.aws_eks_cluster_auth.this.token
-  }
-}
-
-provider "kubectl" {
-  apply_retry_count      = 10
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
-  token                  = data.aws_eks_cluster_auth.this.token
-}
-
-# Data
-
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
-data "aws_availability_zones" "available" {}
-
-data "http" "efa_device_plugin_yaml" {
-  url = "https://raw.githubusercontent.com/aws-samples/aws-efa-eks/main/manifest/efa-k8s-device-plugin.yml"
-}
-
-data "aws_ami" "eks_gpu_node" {
-  most_recent = true
-  owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["amazon-eks-gpu-node-${local.cluster_version}-*"]
-  }
-}
-
-# Local config
-
-locals {
-  name            = var.cluster_name
-  cluster_version = "1.25"
-
-  vpc_cidr = "10.11.0.0/16"
-  azs      = slice(data.aws_availability_zones.available.names, 0, 2)
-
-  tags = {
-    Blueprint  = local.name
-    GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
-  }
-
-}
-
-# Resources
-
-resource "aws_placement_group" "efa_pg" {
-  name     = "efa_pg"
-  strategy = "cluster"
-}
-
-resource "kubectl_manifest" "efa_device_plugin" {
-  yaml_body = <<YAML
-${data.http.efa_device_plugin_yaml.response_body}
-YAML
-}
-
-resource "helm_release" "k8s_device_plugin" {
-  name       = "k8s-device-plugin"
-  repository = "https://nvidia.github.io/k8s-device-plugin"
-  chart      = "nvidia-device-plugin"
-  version    = "0.14.0"
-  namespace  = "kube-system"
-}
-
-# Upstream Terraform Modules
-
-module "eks" {
-  source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.12"
-
-  cluster_name                   = local.name
-  cluster_version                = local.cluster_version
-  cluster_endpoint_public_access = true
-  cluster_enabled_log_types      = var.cluster_enabled_log_types
-
-  cluster_addons = {
-    coredns = {
-      most_recent = true
-    }
-    kube-proxy = {
-      most_recent = true
-    }
-    vpc-cni = {
-      most_recent = true
-    }
-  }
-
-  vpc_id     = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnets
-
-  eks_managed_node_group_defaults = {
-    iam_role_additional_policies = {
-      AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-    }
-  }
-
-  eks_managed_node_groups = {
-    sys = {
-      instance_types = ["m5.large"]
-      min_size       = 1
-      max_size       = 5
-      desired_size   = 2
-    }
-  }
-
-  create_aws_auth_configmap = false
-  manage_aws_auth_configmap = true
-
-  # Extend node-to-node security group rules
-  node_security_group_additional_rules = {
-    ingress_self_all = {
-      description = "Node to node all ingress traffic"
-      protocol    = "-1"
-      from_port   = 0
-      to_port     = 0
-      type        = "ingress"
-      self        = true
-    }
-    egress_self_all = {
-      description = "Node to node all egress traffic"
-      protocol    = "-1"
-      from_port   = 0
-      to_port     = 0
-      type        = "egress"
-      self        = true
-    }
-  }
-
-
-  self_managed_node_group_defaults = {
-    iam_role_additional_policies = {
-      AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-    }
-    placement = {
-      group_name = aws_placement_group.efa_pg.name
-    }
-  }
-
-  self_managed_node_groups = {
-    efa = {
-      min_size     = 2
-      max_size     = 8
-      desired_size = 2
-
-      #instance_type = "c5n.9xlarge"
-      instance_type = "g4dn.metal"
-      ami_id        = data.aws_ami.eks_gpu_node.id
-
-      ebs_optimized     = true
-      enable_monitoring = true
-
-      block_device_mappings = {
-        xvda = {
-          device_name = "/dev/xvda"
-          ebs = {
-            volume_size           = 40
-            volume_type           = "gp3"
-            iops                  = 3000
-            throughput            = 150
-            encrypted             = true
-            delete_on_termination = true
-          }
-        }
-      }
-
-      subnet_ids = [module.vpc.private_subnets[0]]
-
-      network_interfaces = [
-        {
-          description                 = "EFA interface"
-          delete_on_termination       = true
-          device_index                = 0
-          associate_public_ip_address = false
-          interface_type              = "efa"
-        }
-      ]
-
-      post_bootstrap_user_data = <<-EOT
-        # Install EFA
-        curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz
-        tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer
-        ./efa_installer.sh -y
-        fi_info -p efa -t FI_EP_RDM
-        # Disable ptrace
-        sysctl -w kernel.yama.ptrace_scope=0
-      EOT
-
-    }
-  }
-
-  tags = local.tags
-}
-
-# Blueprints modules
-
-module "eks_blueprints_kubernetes_addons" {
-  source = "../../modules/kubernetes-addons"
-
-  eks_cluster_id       = module.eks.cluster_name
-  eks_cluster_endpoint = module.eks.cluster_endpoint
-  eks_oidc_provider    = module.eks.oidc_provider
-  eks_cluster_version  = module.eks.cluster_version
-
-  # Wait on the node group(s) before provisioning addons
-  data_plane_wait_arn = join(",", [for group in module.eks.eks_managed_node_groups : group.node_group_arn])
-
-  enable_amazon_eks_aws_ebs_csi_driver = false
-  enable_aws_efs_csi_driver            = true
-  enable_aws_fsx_csi_driver            = true
-
-  tags = local.tags
-}
-
-# Supporting modules
-
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
-
-  name = local.name
-  cidr = local.vpc_cidr
-
-  azs             = local.azs
-  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
-  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
-
-  enable_nat_gateway = true
-  single_nat_gateway = true
-
-  public_subnet_tags = {
-    "kubernetes.io/role/elb" = 1
-  }
-
-  private_subnet_tags = {
-    "kubernetes.io/role/internal-elb" = 1
-  }
-
-  tags = local.tags
-}
diff --git a/examples/eks-efa/outputs.tf b/examples/eks-efa/outputs.tf
deleted file mode 100644
index 8789d9fbb7..0000000000
--- a/examples/eks-efa/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "eks_cluster_id" {
-  description = "The name of the EKS cluster."
-  value       = module.eks.cluster_id
-}
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = "aws eks update-kubeconfig --region ${var.aws_region} --name ${module.eks.cluster_name}"
-}
diff --git a/examples/eks-efa/providers.tf b/examples/eks-efa/providers.tf
deleted file mode 100644
index 3b49335875..0000000000
--- a/examples/eks-efa/providers.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-terraform {
-  required_version = ">= 1.0.1"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.47"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.16.1"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.8.0"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
-    http = {
-      source  = "hashicorp/http"
-      version = ">= 2.2.0"
-    }
-  }
-}
diff --git a/examples/eks-efa/variables.tf b/examples/eks-efa/variables.tf
deleted file mode 100644
index 1c9a332f2e..0000000000
--- a/examples/eks-efa/variables.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-variable "aws_region" {
-  description = "AWS Region"
-  type        = string
-  default     = "us-east-1"
-}
-
-variable "cluster_name" {
-  description = "EKS Cluster Name"
-  type        = string
-  default     = "eks-efa"
-}
-
-variable "cluster_enabled_log_types" {
-  description = "EKS Cluster Control Plane Logging"
-  type        = list(any)
-  default     = ["api", "authenticator", "audit", "scheduler", "controllerManager"]
-}
diff --git a/examples/elastic-fabric-adapter/README.md b/examples/elastic-fabric-adapter/README.md
new file mode 100644
index 0000000000..a2ee664fbd
--- /dev/null
+++ b/examples/elastic-fabric-adapter/README.md
@@ -0,0 +1,245 @@
+# EKS Cluster w/ Elastic Fabric Adapter
+
+This example shows how to provision an Amazon EKS Cluster with an EFA-enabled nodegroup.
+
+## Prerequisites:
+
+Ensure that you have the following tools installed locally:
+
+1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
+2. [kubectl](https://Kubernetes.io/docs/tasks/tools/)
+3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
+
+## Deploy
+
+To provision this example:
+
+```sh
+terraform init
+terraform apply
+
+```
+
+Enter `yes` at command prompt to apply
+
+## Validate
+
+1. Run `update-kubeconfig` command, using the Terraform provided Output, replace with your `$AWS_REGION` and your `$CLUSTER_NAME` variables.
+
+```sh
+aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
+```
+
+2. Test by listing Nodes in in the Cluster, you should see Fargate instances as your Cluster Nodes.
+
+```sh
+kubectl get nodes
+kubectl get nodes -o yaml | grep instance-type | grep node | grep -v f:
+```
+
+Your nodes and node types will be listed:
+
+```text
+# kubectl get nodes
+NAME                           STATUS   ROLES    AGE    VERSION
+ip-10-11-10-103.ec2.internal   Ready    <none>   4m1s   v1.25.7-eks-a59e1f0
+ip-10-11-19-28.ec2.internal    Ready    <none>   11m    v1.25.7-eks-a59e1f0
+ip-10-11-2-151.ec2.internal    Ready    <none>   11m    v1.25.7-eks-a59e1f0
+ip-10-11-2-18.ec2.internal     Ready    <none>   5m1s   v1.25.7-eks-a59e1f0
+# kubectl get nodes -o yaml | grep instance-type | grep node | grep -v f:
+      node.kubernetes.io/instance-type: g5.8xlarge
+      node.kubernetes.io/instance-type: m5.large
+      node.kubernetes.io/instance-type: m5.large
+      node.kubernetes.io/instance-type: g5.8xlarge
+```
+
+You should see two EFA-enabled (in this example `g5.8xlarge`) nodes in the list.
+This verifies that you are connected to your EKS cluster and it is configured with EFA nodes.
+
+3. Deploy Kubeflow MPI Operator
+
+Kubeflow MPI Operator is required for running MPIJobs on EKS. We will use an MPIJob to test EFA.
+To deploy the MPI operator execute the following:
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/kubeflow/mpi-operator/v0.3.0/deploy/v2beta1/mpi-operator.yaml
+```
+
+Output:
+
+```text
+namespace/mpi-operator created
+customresourcedefinition.apiextensions.k8s.io/mpijobs.kubeflow.org created
+serviceaccount/mpi-operator created
+clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-admin created
+clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-edit created
+clusterrole.rbac.authorization.k8s.io/kubeflow-mpijobs-view created
+clusterrole.rbac.authorization.k8s.io/mpi-operator created
+clusterrolebinding.rbac.authorization.k8s.io/mpi-operator created
+deployment.apps/mpi-operator created
+```
+
+In addition to deploying the operator, please apply a patch to the mpi-operator clusterrole
+to allow the mpi-operator service account access to `leases` resources in the `coordination.k8s.io` apiGroup.
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/kubeflow/mpi-operator/clusterrole-mpi-operator.yaml
+```
+
+Output:
+
+```text
+clusterrole.rbac.authorization.k8s.io/mpi-operator configured
+```
+
+4. Test EFA
+
+We will run two tests. The first one will show the presence of EFA adapters on our EFA-enabled nodes. The second will test EFA performance.
+
+5. EFA Info Test
+
+To run the EFA info test, execute the following commands:
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/efa-device-plugin/test-efa.yaml
+```
+
+Output:
+
+```text
+mpijob.kubeflow.org/efa-info-test created
+```
+
+```sh
+kubectl get pods
+```
+
+Output:
+
+```text
+NAME                           READY   STATUS      RESTARTS   AGE
+efa-info-test-launcher-hckkj   0/1     Completed   2          37s
+efa-info-test-worker-0         1/1     Running     0          38s
+efa-info-test-worker-1         1/1     Running     0          38s
+```
+
+Once the test launcher pod enters status `Running` or `Completed`, see the test logs using the command below:
+
+```sh
+kubectl logs -f $(kubectl get pods | grep launcher | cut -d ' ' -f 1)
+```
+
+Output:
+
+```text
+Warning: Permanently added 'efa-info-test-worker-1.efa-info-test-worker.default.svc,10.11.13.224' (ECDSA) to the list of known hosts.
+Warning: Permanently added 'efa-info-test-worker-0.efa-info-test-worker.default.svc,10.11.4.63' (ECDSA) to the list of known hosts.
+[1,1]<stdout>:provider: efa
+[1,1]<stdout>:    fabric: efa
+[1,1]<stdout>:    domain: rdmap197s0-rdm
+[1,1]<stdout>:    version: 116.10
+[1,1]<stdout>:    type: FI_EP_RDM
+[1,1]<stdout>:    protocol: FI_PROTO_EFA
+[1,0]<stdout>:provider: efa
+[1,0]<stdout>:    fabric: efa
+[1,0]<stdout>:    domain: rdmap197s0-rdm
+[1,0]<stdout>:    version: 116.10
+[1,0]<stdout>:    type: FI_EP_RDM
+[1,0]<stdout>:    protocol: FI_PROTO_EFA
+```
+
+This result shows that two EFA adapters are available (one for each worker pod).
+
+Lastly, delete the test job:
+
+```sh
+kubectl delete mpijob efa-info-test
+```
+
+Output:
+
+```text
+mpijob.kubeflow.org "efa-info-test" deleted
+```
+
+6. EFA NCCL Test
+
+To run the EFA NCCL test please execute the following kubectl command:
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/aws-samples/aws-do-eks/main/Container-Root/eks/deployment/efa-device-plugin/test-nccl-efa.yaml
+```
+
+Output:
+
+```text
+mpijob.kubeflow.org/test-nccl-efa created
+```
+
+Then display the pods in the current namespace:
+
+```sh
+kubectl get pods
+```
+
+Output:
+
+```text
+NAME                           READY   STATUS    RESTARTS      AGE
+test-nccl-efa-launcher-tx47t   1/1     Running   2 (31s ago)   33s
+test-nccl-efa-worker-0         1/1     Running   0             33s
+test-nccl-efa-worker-1         1/1     Running   0             33s
+```
+
+Once the launcher pod enters `Running` or `Completed` state, execute the following to see the test logs:
+
+```sh
+kubectl logs -f $(kubectl get pods | grep launcher | cut -d ' ' -f 1)
+```
+
+The following section from the beginning of the log, indicates that the test is being performed using EFA:
+
+```text
+[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO NET/OFI Selected Provider is efa (found 1 nics)
+[1,0]<stdout>:test-nccl-efa-worker-0:21:21 [0] NCCL INFO Using network AWS Libfabric
+[1,0]<stdout>:NCCL version 2.12.7+cuda11.4
+```
+
+Columns 8 and 12 in the output table show the in-place and out-of-place bus bandwidth calculated for the data size listed in column 1. In this case it is 3.13 and 3.12 GB/s respectively.
+Your actual results may be slightly different. The calculated average bus bandwidth is displayed at the bottom of the log when the test finishes after it reaches the max data size,
+specified in the mpijob manifest. In this result the average bus bandwidth is 1.15 GB/s.
+
+```
+[1,0]<stdout>:#       size         count      type   redop    root     time   algbw   busbw #wrong     time   algbw   busbw #wrong
+[1,0]<stdout>:#        (B)    (elements)                               (us)  (GB/s)  (GB/s)            (us)  (GB/s)  (GB/s)
+...
+[1,0]<stdout>:      262144         65536     float     sum      -1    195.0    1.34    1.34      0    194.0    1.35    1.35      0
+[1,0]<stdout>:      524288        131072     float     sum      -1    296.9    1.77    1.77      0    291.1    1.80    1.80      0
+[1,0]<stdout>:     1048576        262144     float     sum      -1    583.4    1.80    1.80      0    579.6    1.81    1.81      0
+[1,0]<stdout>:     2097152        524288     float     sum      -1    983.3    2.13    2.13      0    973.9    2.15    2.15      0
+[1,0]<stdout>:     4194304       1048576     float     sum      -1   1745.4    2.40    2.40      0   1673.2    2.51    2.51      0
+...
+[1,0]<stdout>:# Avg bus bandwidth    : 1.15327
+```
+
+Finally, delete the test mpi job:
+
+```sh
+kubectl delete mpijob test-nccl-efa
+```
+
+Output:
+
+```text
+mpijob.kubeflow.org "test-nccl-efa" deleted
+```
+
+## Destroy
+
+To teardown and remove the resources created in this example:
+
+```sh
+terraform destroy -target module.eks_blueprints_addons -auto-approve
+terraform destroy -target module.eks -auto-approve
+terraform destroy -auto-approve
+```
diff --git a/examples/elastic-fabric-adapter/main.tf b/examples/elastic-fabric-adapter/main.tf
new file mode 100644
index 0000000000..0efc8a859f
--- /dev/null
+++ b/examples/elastic-fabric-adapter/main.tf
@@ -0,0 +1,272 @@
+provider "aws" {
+  region = local.region
+}
+
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.eks.cluster_endpoint
+    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      # This requires the awscli to be installed locally where Terraform is executed
+      args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+    }
+  }
+}
+
+provider "kubectl" {
+  apply_retry_count      = 5
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  load_config_file       = false
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  name   = basename(path.cwd)
+  region = "us-west-2"
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    Blueprint  = local.name
+    GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints"
+  }
+}
+
+################################################################################
+# Cluster
+################################################################################
+
+#tfsec:ignore:aws-eks-enable-control-plane-logging
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 19.13"
+
+  cluster_name                   = local.name
+  cluster_version                = "1.27"
+  cluster_endpoint_public_access = true
+
+  cluster_addons = {
+    coredns    = {}
+    kube-proxy = {}
+    vpc-cni    = {}
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  # Extend node-to-node security group rules
+  node_security_group_additional_rules = {
+    ingress_self_all = {
+      description = "Node to node all ingress traffic"
+      protocol    = "-1"
+      from_port   = 0
+      to_port     = 0
+      type        = "ingress"
+      self        = true
+    }
+    egress_self_all = {
+      description = "Node to node all egress traffic"
+      protocol    = "-1"
+      from_port   = 0
+      to_port     = 0
+      type        = "egress"
+      self        = true
+    }
+  }
+
+  eks_managed_node_groups = {
+    # For running services that do not require GPUs
+    default = {
+      instance_types = ["m5.large"]
+
+      min_size     = 1
+      max_size     = 5
+      desired_size = 2
+    }
+
+    efa = {
+      ami_type       = "AL2_x86_64_GPU"
+      instance_types = ["g5.8xlarge"]
+
+      min_size     = 1
+      max_size     = 3
+      desired_size = 1
+
+      subnet_ids = slice(module.vpc.private_subnets, 0, 1)
+
+      network_interfaces = [
+        {
+          description                 = "EFA interface"
+          delete_on_termination       = true
+          device_index                = 0
+          associate_public_ip_address = false
+          interface_type              = "efa"
+        }
+      ]
+
+      placement = {
+        group_name = aws_placement_group.efa.name
+      }
+
+      pre_bootstrap_user_data = <<-EOT
+        # Install EFA
+        curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz
+        tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer
+        ./efa_installer.sh -y --minimal
+        fi_info -p efa -t FI_EP_RDM
+
+        # Disable ptrace
+        sysctl -w kernel.yama.ptrace_scope=0
+      EOT
+
+      taints = {
+        dedicated = {
+          key    = "nvidia.com/gpu"
+          value  = "true"
+          effect = "NO_SCHEDULE"
+        }
+      }
+    }
+  }
+
+  tags = local.tags
+}
+
+################################################################################
+# EKS Blueprints Addons
+################################################################################
+
+module "eks_blueprints_addons" {
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "0.2.0"
+
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider_arn = module.eks.oidc_provider_arn
+
+  # We want to wait for the Fargate profiles to be deployed first
+  create_delay_dependencies = [for group in module.eks.eks_managed_node_groups : group.node_group_arn]
+
+  enable_aws_efs_csi_driver    = true
+  enable_aws_fsx_csi_driver    = true
+  enable_kube_prometheus_stack = true
+  kube_prometheus_stack = {
+    values = [
+      <<-EOT
+        prometheus:
+          prometheusSpec:
+            serviceMonitorSelectorNilUsesHelmValues: false
+      EOT
+    ]
+  }
+  enable_metrics_server = true
+
+  helm_releases = {
+    prometheus-adapter = {
+      description      = "A Helm chart for k8s prometheus adapter"
+      namespace        = "prometheus-adapter"
+      create_namespace = true
+      chart            = "prometheus-adapter"
+      chart_version    = "4.2.0"
+      repository       = "https://prometheus-community.github.io/helm-charts"
+      values = [
+        <<-EOT
+          replicas: 2
+          podDisruptionBudget:
+            enabled: true
+        EOT
+      ]
+    }
+    gpu-operator = {
+      description      = "A Helm chart for NVIDIA GPU operator"
+      namespace        = "gpu-operator"
+      create_namespace = true
+      chart            = "gpu-operator"
+      chart_version    = "v23.3.2"
+      repository       = "https://nvidia.github.io/gpu-operator"
+      values = [
+        <<-EOT
+          operator:
+            defaultRuntime: containerd
+        EOT
+      ]
+    }
+  }
+
+  tags = local.tags
+}
+
+################################################################################
+# Amazon Elastic Fabric Adapter (EFA)
+################################################################################
+
+data "http" "efa_device_plugin_yaml" {
+  url = "https://raw.githubusercontent.com/aws-samples/aws-efa-eks/main/manifest/efa-k8s-device-plugin.yml"
+}
+
+resource "kubectl_manifest" "efa_device_plugin" {
+  yaml_body = <<-YAML
+    ${data.http.efa_device_plugin_yaml.response_body}
+  YAML
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 4.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  public_subnet_tags = {
+    "kubernetes.io/role/elb" = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/role/internal-elb" = 1
+  }
+
+  tags = local.tags
+}
+
+# Group instances within clustered placement group so they are in close proximity
+resource "aws_placement_group" "efa" {
+  name     = local.name
+  strategy = "cluster"
+}
diff --git a/examples/elastic-fabric-adapter/outputs.tf b/examples/elastic-fabric-adapter/outputs.tf
new file mode 100644
index 0000000000..a43b620e9b
--- /dev/null
+++ b/examples/elastic-fabric-adapter/outputs.tf
@@ -0,0 +1,4 @@
+output "configure_kubectl" {
+  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = "aws eks update-kubeconfig --region ${local.region} --name ${module.eks.cluster_name}"
+}
diff --git a/examples/elastic-fabric-adapter/variables.tf b/examples/elastic-fabric-adapter/variables.tf
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/examples/elastic-fabric-adapter/variables.tf
@@ -0,0 +1 @@
+
diff --git a/examples/elastic-fabric-adapter/versions.tf b/examples/elastic-fabric-adapter/versions.tf
new file mode 100644
index 0000000000..7754959fca
--- /dev/null
+++ b/examples/elastic-fabric-adapter/versions.tf
@@ -0,0 +1,29 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.47, <5.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.4.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14"
+    }
+  }
+
+  # ##  Used for end-to-end testing on project; update to suit your needs
+  # backend "s3" {
+  #   bucket = "terraform-ssp-github-actions-state"
+  #   region = "us-west-2"
+  #   key    = "e2e/elastic-fabric-adapter/terraform.tfstate"
+  # }
+}
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 4d9c7c7a4c..7b4d40c167 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -99,7 +99,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index f0de755990..0f0d460678 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -93,7 +93,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 5c1283b01a..809f39f119 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -128,7 +128,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 60dc7e9dc9..2d24118fcd 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -195,7 +195,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index 6f3a4c237e..c416a7123f 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -93,7 +93,7 @@ module "eks" {
 
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
-  version = "0.1.0"
+  version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
   cluster_endpoint  = module.eks.cluster_endpoint
diff --git a/locals.tf b/locals.tf
deleted file mode 100644
index 2a6745a4fb..0000000000
--- a/locals.tf
+++ /dev/null
@@ -1,148 +0,0 @@
-locals {
-
-  context = {
-    # Data resources
-    aws_region_name = data.aws_region.current.name
-    # aws_caller_identity
-    aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
-    aws_caller_identity_arn        = data.aws_iam_session_context.current.issuer_arn
-    # aws_partition
-    aws_partition_id         = data.aws_partition.current.id
-    aws_partition_dns_suffix = data.aws_partition.current.dns_suffix
-  }
-
-  eks_cluster_id     = module.aws_eks.cluster_id
-  cluster_ca_base64  = module.aws_eks.cluster_certificate_authority_data
-  cluster_endpoint   = module.aws_eks.cluster_endpoint
-  vpc_id             = var.vpc_id
-  private_subnet_ids = var.private_subnet_ids
-  public_subnet_ids  = var.public_subnet_ids
-
-  enable_workers            = length(var.self_managed_node_groups) > 0 || length(var.managed_node_groups) > 0 ? true : false
-  worker_security_group_ids = local.enable_workers ? compact(flatten([[module.aws_eks.node_security_group_id], var.worker_additional_security_group_ids])) : []
-
-  node_group_context = {
-    # EKS Cluster Config
-    eks_cluster_id    = local.eks_cluster_id
-    cluster_ca_base64 = local.cluster_ca_base64
-    cluster_endpoint  = local.cluster_endpoint
-    cluster_version   = var.cluster_version
-    # VPC Config
-    vpc_id             = local.vpc_id
-    private_subnet_ids = local.private_subnet_ids
-    public_subnet_ids  = local.public_subnet_ids
-
-    # Worker Security Group
-    worker_security_group_ids = local.worker_security_group_ids
-
-    # Data sources
-    aws_partition_dns_suffix = local.context.aws_partition_dns_suffix
-    aws_partition_id         = local.context.aws_partition_id
-
-    iam_role_path                 = var.iam_role_path
-    iam_role_permissions_boundary = var.iam_role_permissions_boundary
-
-    # Service IPv4/IPv6 CIDR range
-    service_ipv6_cidr = var.cluster_service_ipv6_cidr
-    service_ipv4_cidr = var.cluster_service_ipv4_cidr
-
-    tags = var.tags
-  }
-
-  fargate_context = {
-    eks_cluster_id                = local.eks_cluster_id
-    aws_partition_id              = local.context.aws_partition_id
-    iam_role_path                 = var.iam_role_path
-    iam_role_permissions_boundary = var.iam_role_permissions_boundary
-    tags                          = var.tags
-  }
-
-  # Managed node IAM Roles for aws-auth
-  managed_node_group_aws_auth_config_map = length(var.managed_node_groups) > 0 == true ? [
-    for key, node in var.managed_node_groups : {
-      rolearn : try(node.iam_role_arn, "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${module.aws_eks.cluster_id}-${node.node_group_name}")
-      username : "system:node:{{EC2PrivateDNSName}}"
-      groups : [
-        "system:bootstrappers",
-        "system:nodes"
-      ]
-    }
-  ] : []
-
-  # Self Managed node IAM Roles for aws-auth
-  self_managed_node_group_aws_auth_config_map = length(var.self_managed_node_groups) > 0 ? [
-    for key, node in var.self_managed_node_groups : {
-      rolearn : try(node.iam_role_arn, "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${module.aws_eks.cluster_id}-${node.node_group_name}")
-      username : "system:node:{{EC2PrivateDNSName}}"
-      groups : [
-        "system:bootstrappers",
-        "system:nodes"
-      ]
-    } if node.launch_template_os != "windows"
-  ] : []
-
-  # Self Managed Windows node IAM Roles for aws-auth
-  windows_node_group_aws_auth_config_map = length(var.self_managed_node_groups) > 0 && var.enable_windows_support ? [
-    for key, node in var.self_managed_node_groups : {
-      rolearn : "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${module.aws_eks.cluster_id}-${node.node_group_name}"
-      username : "system:node:{{EC2PrivateDNSName}}"
-      groups : [
-        "system:bootstrappers",
-        "system:nodes",
-        "eks:kube-proxy-windows"
-      ]
-    } if node.launch_template_os == "windows"
-  ] : []
-
-  # Fargate node IAM Roles for aws-auth
-  fargate_profiles_aws_auth_config_map = length(var.fargate_profiles) > 0 ? [
-    for key, node in var.fargate_profiles : {
-      rolearn : try(node.iam_role_arn, "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${module.aws_eks.cluster_id}-${node.fargate_profile_name}")
-      username : "system:node:{{SessionName}}"
-      groups : [
-        "system:bootstrappers",
-        "system:nodes",
-        "system:node-proxier"
-      ]
-    }
-  ] : []
-
-  # EMR on EKS IAM Roles for aws-auth
-  emr_on_eks_config_map = var.enable_emr_on_eks == true ? [
-    {
-      rolearn : "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/AWSServiceRoleForAmazonEMRContainers"
-      username : "emr-containers"
-      groups : []
-    }
-  ] : []
-
-  # Teams
-  partition  = local.context.aws_partition_id
-  account_id = local.context.aws_caller_identity_account_id
-
-  # TODO - move this into `aws-eks-teams` to avoid getting out of sync
-  platform_teams_config_map = length(var.platform_teams) > 0 ? [
-    for platform_team_name, platform_team_data in var.platform_teams : {
-      rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${platform_team_name}-access"
-      username : platform_team_name
-      groups : [
-        "system:masters"
-      ]
-    }
-  ] : []
-
-  # TODO - move this into `aws-eks-teams` to avoid getting out of sync
-  application_teams_config_map = length(var.application_teams) > 0 ? [
-    for team_name, team_data in var.application_teams : {
-      rolearn : "arn:${local.partition}:iam::${local.account_id}:role/${module.aws_eks.cluster_id}-${team_name}-access"
-      username : team_name
-      groups : [
-        "${team_name}-group"
-      ]
-    }
-  ] : []
-
-  cluster_iam_role_name        = var.iam_role_name == null ? "${var.cluster_name}-cluster-role" : var.iam_role_name
-  cluster_iam_role_pathed_name = var.iam_role_path == null ? local.cluster_iam_role_name : "${trimprefix(var.iam_role_path, "/")}${local.cluster_iam_role_name}"
-  cluster_iam_role_pathed_arn  = var.create_iam_role ? "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${local.cluster_iam_role_pathed_name}" : var.iam_role_arn
-}
diff --git a/main.tf b/main.tf
deleted file mode 100644
index 0db4bca1bd..0000000000
--- a/main.tf
+++ /dev/null
@@ -1,133 +0,0 @@
-locals {
-  cluster_encryption_config = length(var.cluster_encryption_config) > 0 ? var.cluster_encryption_config : [
-    {
-      provider_key_arn = try(module.kms[0].key_arn, var.cluster_kms_key_arn)
-      resources        = ["secrets"]
-    }
-  ]
-}
-
-module "kms" {
-  count  = var.create_eks && var.cluster_kms_key_arn == null && var.enable_cluster_encryption ? 1 : 0
-  source = "./modules/aws-kms"
-
-  alias                   = "alias/${var.cluster_name}"
-  description             = "${var.cluster_name} EKS cluster secret encryption key"
-  policy                  = data.aws_iam_policy_document.eks_key.json
-  deletion_window_in_days = var.cluster_kms_key_deletion_window_in_days
-  tags                    = var.tags
-}
-
-module "aws_eks" {
-  source  = "terraform-aws-modules/eks/aws"
-  version = "v18.29.1"
-
-  create = var.create_eks
-
-  cluster_name     = var.cluster_name
-  cluster_version  = var.cluster_version
-  cluster_timeouts = var.cluster_timeouts
-
-  create_iam_role               = var.create_iam_role
-  iam_role_arn                  = var.iam_role_arn
-  iam_role_use_name_prefix      = false
-  iam_role_name                 = local.cluster_iam_role_name
-  iam_role_path                 = var.iam_role_path
-  iam_role_description          = var.iam_role_description
-  iam_role_permissions_boundary = var.iam_role_permissions_boundary
-  iam_role_additional_policies  = var.iam_role_additional_policies
-
-  subnet_ids                           = var.private_subnet_ids
-  control_plane_subnet_ids             = var.control_plane_subnet_ids
-  cluster_endpoint_private_access      = var.cluster_endpoint_private_access
-  cluster_endpoint_public_access       = var.cluster_endpoint_public_access
-  cluster_endpoint_public_access_cidrs = var.cluster_endpoint_public_access_cidrs
-  cluster_ip_family                    = var.cluster_ip_family
-  cluster_service_ipv4_cidr            = var.cluster_service_ipv4_cidr
-
-  vpc_id                                     = var.vpc_id
-  create_cluster_security_group              = var.create_cluster_security_group
-  cluster_security_group_id                  = var.cluster_security_group_id
-  cluster_security_group_name                = var.cluster_security_group_name
-  cluster_security_group_use_name_prefix     = var.cluster_security_group_use_name_prefix
-  cluster_security_group_description         = var.cluster_security_group_description
-  cluster_additional_security_group_ids      = var.cluster_additional_security_group_ids
-  cluster_security_group_additional_rules    = var.cluster_security_group_additional_rules
-  cluster_security_group_tags                = var.cluster_security_group_tags
-  create_cluster_primary_security_group_tags = var.create_cluster_primary_security_group_tags
-
-  create_node_security_group           = var.create_node_security_group
-  node_security_group_name             = var.node_security_group_name
-  node_security_group_use_name_prefix  = var.node_security_group_use_name_prefix
-  node_security_group_description      = var.node_security_group_description
-  node_security_group_additional_rules = var.node_security_group_additional_rules
-  node_security_group_tags             = var.node_security_group_tags
-
-  enable_irsa              = var.enable_irsa
-  openid_connect_audiences = var.openid_connect_audiences
-  custom_oidc_thumbprints  = var.custom_oidc_thumbprints
-
-  create_cloudwatch_log_group            = var.create_cloudwatch_log_group
-  cluster_enabled_log_types              = var.cluster_enabled_log_types
-  cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
-  cloudwatch_log_group_kms_key_id        = var.cloudwatch_log_group_kms_key_id
-
-  attach_cluster_encryption_policy = false
-  cluster_encryption_config        = var.enable_cluster_encryption ? local.cluster_encryption_config : []
-  cluster_identity_providers       = var.cluster_identity_providers
-
-  tags = var.tags
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Amazon EMR on EKS Virtual Clusters
-# ---------------------------------------------------------------------------------------------------------------------
-module "emr_on_eks" {
-  source = "./modules/emr-on-eks"
-
-  for_each = { for key, value in var.emr_on_eks_teams : key => value
-    if var.enable_emr_on_eks && length(var.emr_on_eks_teams) > 0
-  }
-
-  emr_on_eks_teams              = each.value
-  eks_cluster_id                = module.aws_eks.cluster_id
-  iam_role_permissions_boundary = var.iam_role_permissions_boundary
-  tags                          = var.tags
-
-  depends_on = [kubernetes_config_map.aws_auth]
-}
-
-resource "kubernetes_config_map" "amazon_vpc_cni" {
-  count = var.enable_windows_support ? 1 : 0
-  metadata {
-    name      = "amazon-vpc-cni"
-    namespace = "kube-system"
-  }
-
-  data = {
-    "enable-windows-ipam" = var.enable_windows_support ? "true" : "false"
-  }
-
-  depends_on = [
-    module.aws_eks.cluster_id,
-    data.http.eks_cluster_readiness[0]
-  ]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Teams
-# ---------------------------------------------------------------------------------------------------------------------
-module "aws_eks_teams" {
-  count  = length(var.application_teams) > 0 || length(var.platform_teams) > 0 ? 1 : 0
-  source = "./modules/aws-eks-teams"
-
-  application_teams             = var.application_teams
-  platform_teams                = var.platform_teams
-  iam_role_permissions_boundary = var.iam_role_permissions_boundary
-  eks_cluster_id                = module.aws_eks.cluster_id
-  tags                          = var.tags
-
-  depends_on = [
-    data.http.eks_cluster_readiness[0]
-  ]
-}
diff --git a/modules/aws-eks-fargate-profiles/README.md b/modules/aws-eks-fargate-profiles/README.md
deleted file mode 100644
index 32b6aba0fa..0000000000
--- a/modules/aws-eks-fargate-profiles/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Fargate Profiles
-
-# Introduction
-
-The Fargate profile allows you to declare which pods run on Fargate for Amazon EKS Cluster. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_fargate_profile.eks_fargate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | resource |
-| [aws_iam_policy.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.fargate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.fargate_pod_execution_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_policy_document.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.fargate_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_context"></a> [context](#input\_context) | Input configuration for Fargate | <pre>object({<br>    eks_cluster_id                = string<br>    aws_partition_id              = string<br>    iam_role_path                 = string<br>    iam_role_permissions_boundary = string<br>    tags                          = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_fargate_profile"></a> [fargate\_profile](#input\_fargate\_profile) | Map of maps of `eks_node_groups` to create | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_eks_fargate_profile_arn"></a> [eks\_fargate\_profile\_arn](#output\_eks\_fargate\_profile\_arn) | Amazon Resource Name (ARN) of the EKS Fargate Profile |
-| <a name="output_eks_fargate_profile_id"></a> [eks\_fargate\_profile\_id](#output\_eks\_fargate\_profile\_id) | EKS Cluster name and EKS Fargate Profile name separated by a colon |
-| <a name="output_eks_fargate_profile_role_name"></a> [eks\_fargate\_profile\_role\_name](#output\_eks\_fargate\_profile\_role\_name) | Name of the EKS Fargate Profile IAM role |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws-eks-fargate-profiles/main.tf b/modules/aws-eks-fargate-profiles/main.tf
deleted file mode 100644
index 250cbb3381..0000000000
--- a/modules/aws-eks-fargate-profiles/main.tf
+++ /dev/null
@@ -1,103 +0,0 @@
-locals {
-  create_iam_role = try(var.fargate_profile.create_iam_role, true)
-}
-
-resource "aws_eks_fargate_profile" "eks_fargate" {
-  cluster_name           = var.context.eks_cluster_id
-  fargate_profile_name   = var.fargate_profile.fargate_profile_name
-  pod_execution_role_arn = local.create_iam_role ? aws_iam_role.fargate[0].arn : var.fargate_profile.iam_role_arn
-  subnet_ids             = var.fargate_profile.subnet_ids
-
-  tags = merge(
-    {
-      "kubernetes.io/cluster/${var.context.eks_cluster_id}" = "owned"
-      "k8s.io/cluster/${var.context.eks_cluster_id}"        = "owned"
-    },
-    var.context.tags,
-    try(var.fargate_profile.additional_tags, {}),
-  )
-
-  dynamic "selector" {
-    for_each = toset(var.fargate_profile.fargate_profile_namespaces)
-    content {
-      namespace = selector.value.namespace
-      labels    = try(selector.value.k8s_labels, null)
-    }
-  }
-
-  depends_on = [
-    aws_iam_role_policy_attachment.fargate_pod_execution_role_policy,
-  ]
-}
-
-data "aws_iam_policy_document" "fargate_assume_role_policy" {
-  count = local.create_iam_role ? 1 : 0
-
-  statement {
-    sid = "EKSFargateAssumeRole"
-
-    actions = [
-      "sts:AssumeRole",
-    ]
-    principals {
-      type        = "Service"
-      identifiers = ["eks-fargate-pods.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "fargate" {
-  count = local.create_iam_role ? 1 : 0
-
-  name                  = "${var.context.eks_cluster_id}-${var.fargate_profile.fargate_profile_name}"
-  description           = "EKS Fargate IAM Role"
-  assume_role_policy    = data.aws_iam_policy_document.fargate_assume_role_policy[0].json
-  path                  = var.context.iam_role_path
-  permissions_boundary  = var.context.iam_role_permissions_boundary
-  force_detach_policies = true
-  tags                  = var.context.tags
-}
-
-resource "aws_iam_role_policy_attachment" "fargate_pod_execution_role_policy" {
-  for_each = { for k, v in toset(concat(
-    ["arn:${var.context.aws_partition_id}:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"],
-    try(var.fargate_profile.additional_iam_policies, []))) : k => v if local.create_iam_role
-  }
-
-  policy_arn = each.key
-  role       = aws_iam_role.fargate[0].name
-}
-
-data "aws_iam_policy_document" "cwlogs" {
-  count = local.create_iam_role ? 1 : 0
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:DescribeLogStreams",
-      "logs:PutLogEvents",
-    ]
-  }
-}
-
-resource "aws_iam_policy" "cwlogs" {
-  count = local.create_iam_role ? 1 : 0
-
-  name        = "${var.context.eks_cluster_id}-${var.fargate_profile["fargate_profile_name"]}-cwlogs"
-  description = "Allow fargate profiles to write logs to CloudWatch"
-  path        = var.context.iam_role_path
-  policy      = data.aws_iam_policy_document.cwlogs[0].json
-  tags        = var.context.tags
-}
-
-resource "aws_iam_role_policy_attachment" "cwlogs" {
-  count = local.create_iam_role ? 1 : 0
-
-  policy_arn = aws_iam_policy.cwlogs[0].arn
-  role       = aws_iam_role.fargate[0].name
-}
diff --git a/modules/aws-eks-fargate-profiles/outputs.tf b/modules/aws-eks-fargate-profiles/outputs.tf
deleted file mode 100644
index 3e11a9f6b0..0000000000
--- a/modules/aws-eks-fargate-profiles/outputs.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-output "eks_fargate_profile_arn" {
-  description = "Amazon Resource Name (ARN) of the EKS Fargate Profile"
-  value       = aws_eks_fargate_profile.eks_fargate.arn
-}
-
-output "eks_fargate_profile_role_name" {
-  description = "Name of the EKS Fargate Profile IAM role"
-  value       = try(aws_iam_role.fargate[0].name, null)
-}
-
-output "eks_fargate_profile_id" {
-  description = "EKS Cluster name and EKS Fargate Profile name separated by a colon"
-  value       = aws_eks_fargate_profile.eks_fargate.id
-}
diff --git a/modules/aws-eks-fargate-profiles/variables.tf b/modules/aws-eks-fargate-profiles/variables.tf
deleted file mode 100644
index 382c437162..0000000000
--- a/modules/aws-eks-fargate-profiles/variables.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-variable "fargate_profile" {
-  description = "Map of maps of `eks_node_groups` to create"
-  type        = any
-  default     = {}
-}
-
-variable "context" {
-  description = "Input configuration for Fargate"
-  type = object({
-    eks_cluster_id                = string
-    aws_partition_id              = string
-    iam_role_path                 = string
-    iam_role_permissions_boundary = string
-    tags                          = map(string)
-  })
-}
diff --git a/modules/aws-eks-fargate-profiles/versions.tf b/modules/aws-eks-fargate-profiles/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/aws-eks-fargate-profiles/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/aws-eks-managed-node-groups/README.md b/modules/aws-eks-managed-node-groups/README.md
deleted file mode 100644
index f3e160c773..0000000000
--- a/modules/aws-eks-managed-node-groups/README.md
+++ /dev/null
@@ -1,65 +0,0 @@
-# AWS Managed Node Groups
-
-## Introduction
-
-Amazon EKS Managed Node Groups lets you create, update, scale, and terminate worker nodes for your EKS cluster. All managed nodes are provisioned as part of an Amazon EC2 Auto Scaling group that's managed for you by Amazon EKS. Moreover, all resources including Amazon EC2 instances and Auto Scaling groups run within your AWS account. By default, instances in a managed node group use the latest version of the Amazon EKS optimized Amazon Linux 2 AMI for its cluster's Kubernetes version
-
-This module allows you to create ON-DEMAND, SPOT and BOTTLEROCKET(with custom ami) managed nodegroups. You can instantiate the module once with map of node group values to create multiple node groups.
-
-_NOTE_:
-
-- You can't create managed nodes in an AWS Region where you have AWS Outposts, AWS Wavelength, or AWS Local Zones enabled.
-- You can create self-managed nodes in an AWS Region where you have AWS Outposts, AWS Wavelength, or AWS Local Zones enabled
-- You should not set to true both `create_launch_template` and `remote_access` or you'll end-up with new managed nodegroups that won't be able to join the cluster.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_node_group.managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource |
-| [aws_iam_instance_profile.managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_role.managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_launch_template.managed_node_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
-| [aws_iam_policy_document.managed_ng_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_context"></a> [context](#input\_context) | Input configuration for the Node groups | <pre>object({<br>    # EKS Cluster Config<br>    eks_cluster_id    = string<br>    cluster_ca_base64 = string<br>    cluster_endpoint  = string<br>    cluster_version   = string<br>    # VPC Config<br>    vpc_id             = string<br>    private_subnet_ids = list(string)<br>    public_subnet_ids  = list(string)<br>    # Security Groups<br>    worker_security_group_ids = list(string)<br><br>    # Data sources<br>    aws_partition_dns_suffix = string<br>    aws_partition_id         = string<br>    #IAM<br>    iam_role_path                 = string<br>    iam_role_permissions_boundary = string<br>    # Tags<br>    tags = map(string)<br>    # Service IPV4/IPV6 CIDR<br>    service_ipv6_cidr = string<br>    service_ipv4_cidr = string<br>  })</pre> | n/a | yes |
-| <a name="input_managed_ng"></a> [managed\_ng](#input\_managed\_ng) | Map of maps of `eks_node_groups` to create | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_managed_nodegroup_arn"></a> [managed\_nodegroup\_arn](#output\_managed\_nodegroup\_arn) | EKS Managed node group id |
-| <a name="output_managed_nodegroup_iam_instance_profile_arn"></a> [managed\_nodegroup\_iam\_instance\_profile\_arn](#output\_managed\_nodegroup\_iam\_instance\_profile\_arn) | IAM instance profile arn for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_iam_instance_profile_id"></a> [managed\_nodegroup\_iam\_instance\_profile\_id](#output\_managed\_nodegroup\_iam\_instance\_profile\_id) | IAM instance profile id for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_iam_role_arn"></a> [managed\_nodegroup\_iam\_role\_arn](#output\_managed\_nodegroup\_iam\_role\_arn) | IAM role ARN for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_iam_role_name"></a> [managed\_nodegroup\_iam\_role\_name](#output\_managed\_nodegroup\_iam\_role\_name) | IAM role name for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_id"></a> [managed\_nodegroup\_id](#output\_managed\_nodegroup\_id) | EKS Managed node group id |
-| <a name="output_managed_nodegroup_launch_template_arn"></a> [managed\_nodegroup\_launch\_template\_arn](#output\_managed\_nodegroup\_launch\_template\_arn) | Launch Template ARN for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_launch_template_id"></a> [managed\_nodegroup\_launch\_template\_id](#output\_managed\_nodegroup\_launch\_template\_id) | Launch Template ID for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_launch_template_latest_version"></a> [managed\_nodegroup\_launch\_template\_latest\_version](#output\_managed\_nodegroup\_launch\_template\_latest\_version) | Launch Template version for EKS Managed Node Group |
-| <a name="output_managed_nodegroup_status"></a> [managed\_nodegroup\_status](#output\_managed\_nodegroup\_status) | EKS Managed Node Group status |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws-eks-managed-node-groups/data.tf b/modules/aws-eks-managed-node-groups/data.tf
deleted file mode 100644
index e0ee8c60b4..0000000000
--- a/modules/aws-eks-managed-node-groups/data.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-data "aws_iam_policy_document" "managed_ng_assume_role_policy" {
-  statement {
-    sid = "EKSWorkerAssumeRole"
-
-    actions = [
-      "sts:AssumeRole",
-    ]
-
-    principals {
-      type        = "Service"
-      identifiers = [local.ec2_principal]
-    }
-  }
-}
diff --git a/modules/aws-eks-managed-node-groups/iam.tf b/modules/aws-eks-managed-node-groups/iam.tf
deleted file mode 100644
index 95c5dfccbc..0000000000
--- a/modules/aws-eks-managed-node-groups/iam.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-resource "aws_iam_role" "managed_ng" {
-  count = local.managed_node_group["create_iam_role"] ? 1 : 0
-
-  name                  = "${var.context.eks_cluster_id}-${local.managed_node_group["node_group_name"]}"
-  description           = "EKS Managed Node group IAM Role"
-  assume_role_policy    = data.aws_iam_policy_document.managed_ng_assume_role_policy.json
-  path                  = var.context.iam_role_path
-  permissions_boundary  = var.context.iam_role_permissions_boundary
-  force_detach_policies = true
-  tags                  = var.context.tags
-}
-
-resource "aws_iam_instance_profile" "managed_ng" {
-  count = local.managed_node_group["create_iam_role"] ? 1 : 0
-
-  name = "${var.context.eks_cluster_id}-${local.managed_node_group["node_group_name"]}"
-  role = aws_iam_role.managed_ng[0].name
-
-  path = var.context.iam_role_path
-  tags = var.context.tags
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_iam_role_policy_attachment" "managed_ng" {
-  for_each   = local.eks_worker_policies
-  policy_arn = each.key
-  role       = aws_iam_role.managed_ng[0].id
-}
diff --git a/modules/aws-eks-managed-node-groups/locals.tf b/modules/aws-eks-managed-node-groups/locals.tf
deleted file mode 100644
index 91b55ccdf1..0000000000
--- a/modules/aws-eks-managed-node-groups/locals.tf
+++ /dev/null
@@ -1,119 +0,0 @@
-locals {
-  default_managed_ng = {
-    node_group_name          = "m5_on_demand" # Max node group length is 40 characters; including the node_group_name_prefix random id it's 63
-    enable_node_group_prefix = true
-    instance_types           = ["m5.large"]
-    capacity_type            = "ON_DEMAND"  # ON_DEMAND, SPOT
-    ami_type                 = "AL2_x86_64" # AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64, BOTTLEROCKET_x86_64, BOTTLEROCKET_ARM_64
-    subnet_type              = "private"
-    subnet_ids               = []
-
-    # IAM Roles for Nodegroup
-    create_iam_role = true
-    iam_role_arn    = null # iam_role_arn will be used if create_iam_role=false
-
-    # Scaling Config
-    desired_size = 3
-    max_size     = 3
-    min_size     = 1
-    disk_size    = 50 # disk_size will be ignored when using Launch Templates
-
-    # Upgrade Config
-    update_config = [{
-      max_unavailable            = 1
-      max_unavailable_percentage = null
-    }]
-
-    release_version      = ""
-    force_update_version = null
-
-    update_default_version = true
-
-    k8s_labels           = {}
-    k8s_taints           = []
-    additional_tags      = {}
-    launch_template_tags = {}
-
-    remote_access           = false
-    ec2_ssh_key             = null
-    ssh_security_group_id   = null
-    additional_iam_policies = []
-
-    timeouts = [{
-      create = "30m"
-      update = "2h"
-      delete = "30m"
-    }]
-
-    # The following defaults used only when you enable Launch Templates e.g., create_launch_template=true
-    # LAUNCH TEMPLATES
-    custom_ami_id          = ""
-    create_launch_template = false
-    enable_monitoring      = true
-    launch_template_os     = "amazonlinux2eks" # amazonlinux2eks/bottlerocket # Used to identify the launch template
-    pre_userdata           = ""
-    post_userdata          = ""
-    kubelet_extra_args     = ""
-    bootstrap_extra_args   = ""
-    public_ip              = false
-
-    # EBS Block Device config only used with Launch Templates
-    block_device_mappings = [{
-      device_name           = "/dev/xvda"
-      volume_type           = "gp3" # The volume type. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp3).
-      volume_size           = 100
-      delete_on_termination = true
-      encrypted             = true
-      kms_key_id            = ""
-      iops                  = 3000
-      throughput            = 125
-    }]
-
-    format_mount_nvme_disk = false
-  }
-
-  managed_node_group = merge(
-    local.default_managed_ng,
-    var.managed_ng
-  )
-
-  policy_arn_prefix = "arn:${var.context.aws_partition_id}:iam::aws:policy"
-  ec2_principal     = "ec2.${var.context.aws_partition_dns_suffix}"
-
-  userdata_params = {
-    eks_cluster_id         = var.context.eks_cluster_id
-    cluster_ca_base64      = var.context.cluster_ca_base64
-    cluster_endpoint       = var.context.cluster_endpoint
-    custom_ami_id          = local.managed_node_group["custom_ami_id"]
-    pre_userdata           = local.managed_node_group["pre_userdata"]         # Applied to all launch templates
-    bootstrap_extra_args   = local.managed_node_group["bootstrap_extra_args"] # used only when custom_ami_id specified e.g., bootstrap_extra_args="--use-max-pods false --container-runtime containerd"
-    post_userdata          = local.managed_node_group["post_userdata"]        # used only when custom_ami_id specified
-    kubelet_extra_args     = local.managed_node_group["kubelet_extra_args"]   # used only when custom_ami_id specified e.g., kubelet_extra_args="--node-labels=arch=x86,WorkerType=SPOT --max-pods=50 --register-with-taints=spot=true:NoSchedule"  # Equivalent to k8s_labels used in managed node groups
-    service_ipv6_cidr      = var.context.service_ipv6_cidr == null ? "" : var.context.service_ipv6_cidr
-    service_ipv4_cidr      = var.context.service_ipv4_cidr == null ? "" : var.context.service_ipv4_cidr
-    format_mount_nvme_disk = local.managed_node_group["format_mount_nvme_disk"]
-  }
-
-  userdata_base64 = base64encode(
-    templatefile("${path.module}/templates/userdata-${local.managed_node_group["launch_template_os"]}.tpl", local.userdata_params)
-  )
-
-  eks_worker_policies = { for k, v in toset(concat([
-    "${local.policy_arn_prefix}/AmazonEKSWorkerNodePolicy",
-    "${local.policy_arn_prefix}/AmazonEKS_CNI_Policy",
-    "${local.policy_arn_prefix}/AmazonEC2ContainerRegistryReadOnly",
-    "${local.policy_arn_prefix}/AmazonSSMManagedInstanceCore"],
-    local.managed_node_group["additional_iam_policies"
-  ])) : k => v if local.managed_node_group["create_iam_role"] }
-
-  common_tags = merge(
-    var.context.tags,
-    local.managed_node_group["additional_tags"],
-    {
-      Name                                                      = "${var.context.eks_cluster_id}-${local.managed_node_group["node_group_name"]}"
-      "kubernetes.io/cluster/${var.context.eks_cluster_id}"     = "owned"
-      "k8s.io/cluster-autoscaler/${var.context.eks_cluster_id}" = "owned"
-      "k8s.io/cluster-autoscaler/enabled"                       = "TRUE"
-      "managed-by"                                              = "terraform-aws-eks-blueprints"
-  })
-}
diff --git a/modules/aws-eks-managed-node-groups/main.tf b/modules/aws-eks-managed-node-groups/main.tf
deleted file mode 100644
index 82ddfa85a6..0000000000
--- a/modules/aws-eks-managed-node-groups/main.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-resource "aws_eks_node_group" "managed_ng" {
-
-  cluster_name           = var.context.eks_cluster_id
-  node_group_name        = local.managed_node_group["enable_node_group_prefix"] == false ? local.managed_node_group["node_group_name"] : null
-  node_group_name_prefix = local.managed_node_group["enable_node_group_prefix"] == true ? format("%s-", local.managed_node_group["node_group_name"]) : null
-
-  node_role_arn   = local.managed_node_group["create_iam_role"] == true ? aws_iam_role.managed_ng[0].arn : local.managed_node_group["iam_role_arn"]
-  subnet_ids      = length(local.managed_node_group["subnet_ids"]) == 0 ? (local.managed_node_group["subnet_type"] == "public" ? var.context.public_subnet_ids : var.context.private_subnet_ids) : local.managed_node_group["subnet_ids"]
-  release_version = try(local.managed_node_group["release_version"], "") == "" || local.managed_node_group["custom_ami_id"] != "" ? null : local.managed_node_group["release_version"]
-
-  ami_type             = local.managed_node_group["custom_ami_id"] != "" ? null : local.managed_node_group["ami_type"]
-  capacity_type        = local.managed_node_group["capacity_type"]
-  disk_size            = local.managed_node_group["create_launch_template"] == true ? null : local.managed_node_group["disk_size"]
-  instance_types       = local.managed_node_group["instance_types"]
-  force_update_version = local.managed_node_group["force_update_version"]
-  version              = local.managed_node_group["custom_ami_id"] != "" ? null : var.context.cluster_version
-
-  scaling_config {
-    desired_size = local.managed_node_group["desired_size"]
-    max_size     = local.managed_node_group["max_size"]
-    min_size     = local.managed_node_group["min_size"]
-  }
-
-  dynamic "update_config" {
-    for_each = local.managed_node_group["update_config"]
-    content {
-      max_unavailable            = try(update_config.value["max_unavailable"], null)
-      max_unavailable_percentage = try(update_config.value["max_unavailable_percentage"], null)
-    }
-  }
-
-  lifecycle {
-    create_before_destroy = true
-    ignore_changes        = [scaling_config[0].desired_size]
-  }
-
-  dynamic "launch_template" {
-    for_each = local.managed_node_group["create_launch_template"] == true ? [{
-      id      = aws_launch_template.managed_node_groups[0].id
-      version = aws_launch_template.managed_node_groups[0].default_version
-    }] : []
-    content {
-      id      = launch_template.value["id"]
-      version = launch_template.value["version"]
-    }
-  }
-
-  dynamic "remote_access" {
-    for_each = local.managed_node_group["remote_access"] == true ? [1] : []
-    content {
-      ec2_ssh_key               = local.managed_node_group["ec2_ssh_key"]
-      source_security_group_ids = local.managed_node_group["ssh_security_group_id"]
-    }
-  }
-
-  dynamic "taint" {
-    for_each = local.managed_node_group["k8s_taints"]
-    content {
-      key    = taint.value["key"]
-      value  = taint.value["value"]
-      effect = taint.value["effect"]
-    }
-  }
-
-  labels = local.managed_node_group["k8s_labels"]
-
-  tags = local.common_tags
-
-  dynamic "timeouts" {
-    for_each = local.managed_node_group["timeouts"]
-    content {
-      create = timeouts.value["create"]
-      update = timeouts.value["update"]
-      delete = timeouts.value["delete"]
-    }
-  }
-
-  depends_on = [
-    aws_iam_role.managed_ng,
-    aws_iam_instance_profile.managed_ng,
-    aws_iam_role_policy_attachment.managed_ng
-  ]
-
-}
diff --git a/modules/aws-eks-managed-node-groups/managed-launch-templates.tf b/modules/aws-eks-managed-node-groups/managed-launch-templates.tf
deleted file mode 100644
index 65f1ee222c..0000000000
--- a/modules/aws-eks-managed-node-groups/managed-launch-templates.tf
+++ /dev/null
@@ -1,71 +0,0 @@
-resource "aws_launch_template" "managed_node_groups" {
-  count = local.managed_node_group["create_launch_template"] == true ? 1 : 0
-
-  name                   = "${var.context.eks_cluster_id}-${local.managed_node_group["node_group_name"]}"
-  description            = "Launch Template for EKS Managed Node Groups"
-  update_default_version = local.managed_node_group["update_default_version"]
-
-  user_data = local.userdata_base64
-
-  dynamic "block_device_mappings" {
-    for_each = local.managed_node_group["block_device_mappings"]
-
-    content {
-      device_name = try(block_device_mappings.value.device_name, null)
-
-      ebs {
-        delete_on_termination = try(block_device_mappings.value.delete_on_termination, true)
-        encrypted             = try(block_device_mappings.value.encrypted, true)
-        kms_key_id            = try(block_device_mappings.value.kms_key_id, null)
-        volume_size           = try(block_device_mappings.value.volume_size, null)
-        volume_type           = try(block_device_mappings.value.volume_type, null)
-        iops                  = try(block_device_mappings.value.iops, null)
-        throughput            = try(block_device_mappings.value.throughput, null)
-      }
-    }
-  }
-
-  ebs_optimized = true
-
-  image_id = local.managed_node_group["custom_ami_id"]
-
-  monitoring {
-    enabled = local.managed_node_group["enable_monitoring"]
-  }
-
-  dynamic "metadata_options" {
-    for_each = try(var.managed_ng.enable_metadata_options, true) ? [1] : []
-
-    content {
-      http_endpoint               = try(var.managed_ng.http_endpoint, "enabled")
-      http_tokens                 = try(var.managed_ng.http_tokens, "required") #tfsec:ignore:aws-autoscaling-enforce-http-token-imds
-      http_put_response_hop_limit = try(var.managed_ng.http_put_response_hop_limit, 2)
-      http_protocol_ipv6          = try(var.managed_ng.http_protocol_ipv6, null)
-      instance_metadata_tags      = try(var.managed_ng.instance_metadata_tags, null)
-    }
-  }
-
-  dynamic "tag_specifications" {
-    for_each = toset(["instance", "volume", "network-interface"])
-    content {
-      resource_type = tag_specifications.key
-      tags          = merge(local.common_tags, local.managed_node_group["launch_template_tags"])
-    }
-  }
-
-  network_interfaces {
-    associate_public_ip_address = local.managed_node_group["public_ip"]
-    security_groups             = var.context.worker_security_group_ids
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  tags = var.context.tags
-
-  depends_on = [
-    aws_iam_role.managed_ng,
-    aws_iam_role_policy_attachment.managed_ng
-  ]
-}
diff --git a/modules/aws-eks-managed-node-groups/outputs.tf b/modules/aws-eks-managed-node-groups/outputs.tf
deleted file mode 100644
index 0cb40657bc..0000000000
--- a/modules/aws-eks-managed-node-groups/outputs.tf
+++ /dev/null
@@ -1,49 +0,0 @@
-output "managed_nodegroup_id" {
-  description = "EKS Managed node group id"
-  value       = aws_eks_node_group.managed_ng[*].id
-}
-
-output "managed_nodegroup_arn" {
-  description = "EKS Managed node group id"
-  value       = aws_eks_node_group.managed_ng[*].arn
-}
-
-output "managed_nodegroup_status" {
-  description = "EKS Managed Node Group status"
-  value       = aws_eks_node_group.managed_ng[*].status
-}
-
-output "managed_nodegroup_iam_role_arn" {
-  description = "IAM role ARN for EKS Managed Node Group"
-  value       = aws_iam_role.managed_ng[*].arn
-}
-
-output "managed_nodegroup_iam_role_name" {
-  description = "IAM role name for EKS Managed Node Group"
-  value       = aws_iam_role.managed_ng[*].name
-}
-
-output "managed_nodegroup_iam_instance_profile_id" {
-  description = "IAM instance profile id for EKS Managed Node Group"
-  value       = aws_iam_instance_profile.managed_ng[*].id
-}
-
-output "managed_nodegroup_iam_instance_profile_arn" {
-  description = "IAM instance profile arn for EKS Managed Node Group"
-  value       = aws_iam_instance_profile.managed_ng[*].arn
-}
-
-output "managed_nodegroup_launch_template_id" {
-  description = "Launch Template ID for EKS Managed Node Group"
-  value       = aws_launch_template.managed_node_groups[*].id
-}
-
-output "managed_nodegroup_launch_template_arn" {
-  description = "Launch Template ARN for EKS Managed Node Group"
-  value       = aws_launch_template.managed_node_groups[*].arn
-}
-
-output "managed_nodegroup_launch_template_latest_version" {
-  description = "Launch Template version for EKS Managed Node Group"
-  value       = aws_launch_template.managed_node_groups[*].default_version
-}
diff --git a/modules/aws-eks-managed-node-groups/templates/userdata-amazonlinux2eks.tpl b/modules/aws-eks-managed-node-groups/templates/userdata-amazonlinux2eks.tpl
deleted file mode 100644
index b8f31891f1..0000000000
--- a/modules/aws-eks-managed-node-groups/templates/userdata-amazonlinux2eks.tpl
+++ /dev/null
@@ -1,44 +0,0 @@
-MIME-Version: 1.0
-Content-Type: multipart/mixed; boundary="//"
-
---//
-Content-Type: text/x-shellscript; charset="us-ascii"
-#!/bin/bash
-set -ex
-
-%{ if length(pre_userdata) > 0 ~}
-# User-supplied pre userdata
-${pre_userdata}
-%{ endif ~}
-%{ if format_mount_nvme_disk ~}
-echo "Format and Mount NVMe Disks if available"
-IDX=1
-DEVICES=$(lsblk -o NAME,TYPE -dsn | awk '/disk/ {print $1}')
-
-for DEV in $DEVICES
-do
-  mkfs.xfs /dev/$${DEV}
-  mkdir -p /local$${IDX}
-
-  echo /dev/$${DEV} /local$${IDX} xfs defaults,noatime 1 2 >> /etc/fstab
-
-  IDX=$(($${IDX} + 1))
-done
-mount -a
-%{ endif ~}
-%{ if length(service_ipv4_cidr) > 0 ~}
-export SERVICE_IPV4_CIDR=${service_ipv4_cidr}
-%{ endif ~}
-%{ if length(service_ipv6_cidr) > 0 ~}
-export SERVICE_IPV6_CIDR=${service_ipv6_cidr}
-%{ endif ~}
-%{ if length(custom_ami_id) > 0 ~}
-B64_CLUSTER_CA=${cluster_ca_base64}
-API_SERVER_URL=${cluster_endpoint}
-/etc/eks/bootstrap.sh ${eks_cluster_id} --kubelet-extra-args "${kubelet_extra_args}" ${bootstrap_extra_args}
-%{ endif ~}
-%{ if length(post_userdata) > 0 ~}
-# User-supplied post userdata
-${post_userdata}
-%{ endif ~}
---//--
diff --git a/modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl b/modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl
deleted file mode 100644
index 4db54603c9..0000000000
--- a/modules/aws-eks-managed-node-groups/templates/userdata-bottlerocket.tpl
+++ /dev/null
@@ -1,6 +0,0 @@
-${pre_userdata}
-[settings.kubernetes]
-api-server = "${cluster_endpoint}"
-cluster-certificate = "${cluster_ca_base64}"
-cluster-name = "${eks_cluster_id}"
-${post_userdata}
diff --git a/modules/aws-eks-managed-node-groups/variables.tf b/modules/aws-eks-managed-node-groups/variables.tf
deleted file mode 100644
index 6e25832711..0000000000
--- a/modules/aws-eks-managed-node-groups/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "managed_ng" {
-  description = "Map of maps of `eks_node_groups` to create"
-  type        = any
-  default     = {}
-}
-
-variable "context" {
-  description = "Input configuration for the Node groups"
-  type = object({
-    # EKS Cluster Config
-    eks_cluster_id    = string
-    cluster_ca_base64 = string
-    cluster_endpoint  = string
-    cluster_version   = string
-    # VPC Config
-    vpc_id             = string
-    private_subnet_ids = list(string)
-    public_subnet_ids  = list(string)
-    # Security Groups
-    worker_security_group_ids = list(string)
-
-    # Data sources
-    aws_partition_dns_suffix = string
-    aws_partition_id         = string
-    #IAM
-    iam_role_path                 = string
-    iam_role_permissions_boundary = string
-    # Tags
-    tags = map(string)
-    # Service IPV4/IPV6 CIDR
-    service_ipv6_cidr = string
-    service_ipv4_cidr = string
-  })
-}
diff --git a/modules/aws-eks-managed-node-groups/versions.tf b/modules/aws-eks-managed-node-groups/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/aws-eks-managed-node-groups/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/aws-eks-self-managed-node-groups/README.md b/modules/aws-eks-self-managed-node-groups/README.md
deleted file mode 100644
index 22cb182d6f..0000000000
--- a/modules/aws-eks-self-managed-node-groups/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# AWS Self-Managed Node Groups
-
-# Introduction
-
-Amazon EKS Self Managed Node Groups lets you create, update, scale, and terminate worker nodes for your EKS cluster. All Self managed nodes are provisioned as part of an Amazon EC2 Auto Scaling group that's managed for you by this module. Moreover, all resources including Amazon EC2 instances and Auto Scaling groups run within your AWS account.
-
-This module allows you to create on-demand or spot self managed Linux or Windows nodegroups. You can instantiate the module once with map of node group values to create multiple self managed node groups. By default, the module uses the latest available version of Amazon-provided EKS-optimized AMIs for Amazon Linux 2, Bottlerocket, or Windows 2019 Server Core operating systems. You can override the image via the custom_ami_id input variable.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_launch_template_self_managed_ng"></a> [launch\_template\_self\_managed\_ng](#module\_launch\_template\_self\_managed\_ng) | ../launch-templates | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_autoscaling_group.self_managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
-| [aws_iam_instance_profile.self_managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_policy.eks_windows_cni](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.self_managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.eks_windows_cni](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.self_managed_ng](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_ami.predefined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
-| [aws_iam_policy_document.eks_windows_cni](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.self_managed_ng_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_context"></a> [context](#input\_context) | Input configuration for the Node groups | <pre>object({<br>    # EKS Cluster Config<br>    eks_cluster_id    = string<br>    cluster_ca_base64 = string<br>    cluster_endpoint  = string<br>    cluster_version   = string<br>    # VPC Config<br>    vpc_id             = string<br>    private_subnet_ids = list(string)<br>    public_subnet_ids  = list(string)<br>    # Security Groups<br>    worker_security_group_ids = list(string)<br>    # Data sources<br>    aws_partition_dns_suffix = string<br>    aws_partition_id         = string<br><br>    iam_role_path                 = string<br>    iam_role_permissions_boundary = string<br>    # Tags<br>    tags = map(string)<br>    # Service IPV4/IPV6 CIDR<br>    service_ipv6_cidr = string<br>    service_ipv4_cidr = string<br>  })</pre> | n/a | yes |
-| <a name="input_self_managed_ng"></a> [self\_managed\_ng](#input\_self\_managed\_ng) | Map of maps of `eks_self_managed_node_groups` to create | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_launch_template_arn"></a> [launch\_template\_arn](#output\_launch\_template\_arn) | Launch Template ARNs for EKS Self Managed Node Group |
-| <a name="output_launch_template_ids"></a> [launch\_template\_ids](#output\_launch\_template\_ids) | Launch Template IDs for EKS Self Managed Node Group |
-| <a name="output_launch_template_latest_versions"></a> [launch\_template\_latest\_versions](#output\_launch\_template\_latest\_versions) | Launch Template latest versions for EKS Self Managed Node Group |
-| <a name="output_self_managed_asg_names"></a> [self\_managed\_asg\_names](#output\_self\_managed\_asg\_names) | Self managed group ASG names |
-| <a name="output_self_managed_iam_role_name"></a> [self\_managed\_iam\_role\_name](#output\_self\_managed\_iam\_role\_name) | Self managed groups IAM role names |
-| <a name="output_self_managed_nodegroup_iam_instance_profile_arn"></a> [self\_managed\_nodegroup\_iam\_instance\_profile\_arn](#output\_self\_managed\_nodegroup\_iam\_instance\_profile\_arn) | IAM Instance Profile and for EKS Self Managed Node Group |
-| <a name="output_self_managed_nodegroup_iam_instance_profile_id"></a> [self\_managed\_nodegroup\_iam\_instance\_profile\_id](#output\_self\_managed\_nodegroup\_iam\_instance\_profile\_id) | IAM Instance Profile ID for EKS Self Managed Node Group |
-| <a name="output_self_managed_nodegroup_iam_role_arns"></a> [self\_managed\_nodegroup\_iam\_role\_arns](#output\_self\_managed\_nodegroup\_iam\_role\_arns) | Self managed groups IAM role arns |
-| <a name="output_self_managed_nodegroup_name"></a> [self\_managed\_nodegroup\_name](#output\_self\_managed\_nodegroup\_name) | EKS Self Managed node group id |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws-eks-self-managed-node-groups/data.tf b/modules/aws-eks-self-managed-node-groups/data.tf
deleted file mode 100644
index 889673afcc..0000000000
--- a/modules/aws-eks-self-managed-node-groups/data.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-data "aws_iam_policy_document" "self_managed_ng_assume_role_policy" {
-  statement {
-    sid = "EKSWorkerAssumeRole"
-
-    actions = [
-      "sts:AssumeRole",
-    ]
-
-    principals {
-      type        = "Service"
-      identifiers = [local.ec2_principal]
-    }
-  }
-}
-
-# Default AWS-provided EKS optimized AMIs
-data "aws_ami" "predefined" {
-  for_each    = local.predefined_ami_names
-  most_recent = true
-  owners      = ["amazon"]
-  filter {
-    name   = "name"
-    values = [each.value]
-  }
-}
-
-data "aws_iam_policy_document" "eks_windows_cni" {
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeInstances",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DescribeTags",
-    ]
-  }
-}
diff --git a/modules/aws-eks-self-managed-node-groups/iam.tf b/modules/aws-eks-self-managed-node-groups/iam.tf
deleted file mode 100644
index 671c299488..0000000000
--- a/modules/aws-eks-self-managed-node-groups/iam.tf
+++ /dev/null
@@ -1,47 +0,0 @@
-resource "aws_iam_role" "self_managed_ng" {
-  count = local.self_managed_node_group["create_iam_role"] ? 1 : 0
-
-  name                  = "${var.context.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}"
-  description           = "EKS Self Managed Node group IAM Role"
-  assume_role_policy    = data.aws_iam_policy_document.self_managed_ng_assume_role_policy.json
-  path                  = var.context.iam_role_path
-  permissions_boundary  = var.context.iam_role_permissions_boundary
-  force_detach_policies = true
-  tags                  = var.context.tags
-}
-
-resource "aws_iam_instance_profile" "self_managed_ng" {
-  count = local.self_managed_node_group["create_iam_role"] ? 1 : 0
-
-  name = "${var.context.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}"
-  role = aws_iam_role.self_managed_ng[0].name
-
-  path = var.context.iam_role_path
-  tags = var.context.tags
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_iam_role_policy_attachment" "self_managed_ng" {
-  for_each   = local.eks_worker_policies
-  policy_arn = each.key
-  role       = aws_iam_role.self_managed_ng[0].name
-}
-
-# Windows nodes only need read-only access to EC2
-resource "aws_iam_policy" "eks_windows_cni" {
-  count       = local.self_managed_node_group["create_iam_role"] && local.enable_windows_support ? 1 : 0
-  name        = "${var.context.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}-cni-policy"
-  description = "EKS Windows CNI policy"
-  path        = var.context.iam_role_path
-  policy      = data.aws_iam_policy_document.eks_windows_cni.json
-  tags        = var.context.tags
-}
-
-resource "aws_iam_role_policy_attachment" "eks_windows_cni" {
-  count      = local.self_managed_node_group["create_iam_role"] && local.enable_windows_support ? 1 : 0
-  policy_arn = aws_iam_policy.eks_windows_cni[0].arn
-  role       = aws_iam_role.self_managed_ng[0].name
-}
diff --git a/modules/aws-eks-self-managed-node-groups/locals.tf b/modules/aws-eks-self-managed-node-groups/locals.tf
deleted file mode 100644
index 69951f4cac..0000000000
--- a/modules/aws-eks-self-managed-node-groups/locals.tf
+++ /dev/null
@@ -1,89 +0,0 @@
-locals {
-  lt_self_managed_group_map_key = "self-managed-node-group"
-
-  default_self_managed_ng = {
-    node_group_name = "m4_on_demand"
-    instance_type   = "m4.large"
-    instance_types  = ["m4.large"]
-
-    # LAUNCH TEMPLATES
-    custom_ami_id            = ""          # Bring your own custom AMI generated by Packer/ImageBuilder/Puppet etc.
-    capacity_type            = "on_demand" # on_demand, spot
-    capacity_rebalance       = false
-    spot_allocation_strategy = "capacity-optimized-prioritized"
-    launch_template_os       = "amazonlinux2eks" # amazonlinux2eks/bottlerocket/windows # Used to identify the launch template
-    windows_server_version   = "2019"
-    pre_userdata             = ""
-    post_userdata            = ""
-    kubelet_extra_args       = ""
-    bootstrap_extra_args     = ""
-    enable_monitoring        = false
-    public_ip                = false
-
-    # IAM Roles for Nodegroup
-    create_iam_role           = true
-    iam_role_arn              = null # iam_role_arn will be used if create_iam_role=false
-    iam_instance_profile_name = null # iam_instance_profile_name for Launch templates; if create_iam_role=false
-
-    format_mount_nvme_disk = false
-    block_device_mappings = [
-      {
-        device_name = "/dev/xvda"
-        volume_type = "gp3"
-        volume_size = 50
-      }
-    ]
-
-    # AUTOSCALING
-    max_size                = 3
-    min_size                = 1
-    subnet_type             = "private"
-    subnet_ids              = []
-    additional_tags         = {}
-    additional_iam_policies = []
-  }
-
-  needs_mixed_instances_policy = length(local.self_managed_node_group["instance_types"]) > 1 ? true : false
-
-  self_managed_node_group = merge(
-    local.default_self_managed_ng,
-    var.self_managed_ng
-  )
-
-  enable_windows_support = local.self_managed_node_group["launch_template_os"] == "windows"
-  windows_server_version = local.self_managed_node_group["windows_server_version"]
-
-  predefined_ami_names = {
-    amazonlinux2eks = "amazon-eks-node-${var.context.cluster_version}-*"
-    bottlerocket    = "bottlerocket-aws-k8s-${var.context.cluster_version}-x86_64-*"
-    windows         = "Windows_Server-${local.windows_server_version}-English-Core-EKS_Optimized-${var.context.cluster_version}-*"
-  }
-
-  predefined_ami_types  = keys(local.predefined_ami_names)
-  default_custom_ami_id = contains(local.predefined_ami_types, local.self_managed_node_group["launch_template_os"]) ? data.aws_ami.predefined[local.self_managed_node_group["launch_template_os"]].id : ""
-  custom_ami_id         = local.self_managed_node_group["custom_ami_id"] == "" ? local.default_custom_ami_id : local.self_managed_node_group["custom_ami_id"]
-
-  policy_arn_prefix = "arn:${var.context.aws_partition_id}:iam::aws:policy"
-  ec2_principal     = "ec2.${var.context.aws_partition_dns_suffix}"
-
-  eks_worker_policies = { for k, v in toset(concat([
-    "${local.policy_arn_prefix}/AmazonEKSWorkerNodePolicy",
-    "${local.policy_arn_prefix}/AmazonEKS_CNI_Policy",
-    "${local.policy_arn_prefix}/AmazonEC2ContainerRegistryReadOnly",
-    "${local.policy_arn_prefix}/AmazonSSMManagedInstanceCore"],
-    local.self_managed_node_group["additional_iam_policies"
-  ])) : k => v if local.self_managed_node_group["create_iam_role"] }
-
-  common_tags = merge(
-    var.context.tags,
-    local.self_managed_node_group["additional_tags"],
-    {
-      Name                                                             = "${local.self_managed_node_group["node_group_name"]}-${var.context.eks_cluster_id}"
-      "kubernetes.io/cluster/${var.context.eks_cluster_id}"            = "owned"
-      "k8s.io/cluster-autoscaler/${var.context.eks_cluster_id}"        = "owned"
-      "k8s.io/cluster-autoscaler/enabled"                              = "TRUE"
-      "k8s.io/cluster-autoscaler/node-template/label/eks/capacityType" = local.self_managed_node_group["capacity_type"]
-      "k8s.io/cluster-autoscaler/node-template/label/eks/nodegroup"    = local.self_managed_node_group["node_group_name"]
-      "managed-by"                                                     = "terraform-aws-eks-blueprints"
-  })
-}
diff --git a/modules/aws-eks-self-managed-node-groups/main.tf b/modules/aws-eks-self-managed-node-groups/main.tf
deleted file mode 100644
index 02476d964a..0000000000
--- a/modules/aws-eks-self-managed-node-groups/main.tf
+++ /dev/null
@@ -1,69 +0,0 @@
-resource "aws_autoscaling_group" "self_managed_ng" {
-  name = "${var.context.eks_cluster_id}-${local.self_managed_node_group["node_group_name"]}"
-
-  max_size            = local.self_managed_node_group["max_size"]
-  min_size            = local.self_managed_node_group["min_size"]
-  vpc_zone_identifier = length(local.self_managed_node_group["subnet_ids"]) == 0 ? (local.self_managed_node_group["subnet_type"] == "public" ? var.context.public_subnet_ids : var.context.private_subnet_ids) : local.self_managed_node_group["subnet_ids"]
-
-  capacity_rebalance = local.self_managed_node_group["capacity_rebalance"]
-  target_group_arns  = try(local.self_managed_node_group["target_group_arns"], null)
-
-  dynamic "launch_template" {
-    for_each = !local.needs_mixed_instances_policy ? [1] : []
-
-    content {
-      id      = module.launch_template_self_managed_ng.launch_template_id[local.lt_self_managed_group_map_key]
-      version = module.launch_template_self_managed_ng.launch_template_latest_version[local.lt_self_managed_group_map_key]
-    }
-  }
-
-  dynamic "mixed_instances_policy" {
-    for_each = local.needs_mixed_instances_policy ? [1] : []
-
-    content {
-      instances_distribution {
-        on_demand_base_capacity                  = 0
-        on_demand_percentage_above_base_capacity = local.self_managed_node_group["capacity_type"] == "spot" ? 0 : 100
-        spot_allocation_strategy                 = local.self_managed_node_group["spot_allocation_strategy"]
-      }
-
-      launch_template {
-        launch_template_specification {
-          launch_template_id = module.launch_template_self_managed_ng.launch_template_id[local.lt_self_managed_group_map_key]
-          version            = module.launch_template_self_managed_ng.launch_template_latest_version[local.lt_self_managed_group_map_key]
-        }
-
-        dynamic "override" {
-          for_each = [
-            for x in local.self_managed_node_group["instance_types"] : x
-            if length(local.self_managed_node_group["instance_types"]) > 1
-          ]
-
-          content {
-            instance_type = override.value
-          }
-        }
-      }
-    }
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  dynamic "tag" {
-    for_each = local.common_tags
-
-    content {
-      key                 = tag.key
-      value               = tag.value
-      propagate_at_launch = true
-    }
-  }
-
-  depends_on = [
-    aws_iam_role.self_managed_ng,
-    aws_iam_instance_profile.self_managed_ng,
-    aws_iam_role_policy_attachment.self_managed_ng
-  ]
-}
diff --git a/modules/aws-eks-self-managed-node-groups/outputs.tf b/modules/aws-eks-self-managed-node-groups/outputs.tf
deleted file mode 100644
index be0a7828e6..0000000000
--- a/modules/aws-eks-self-managed-node-groups/outputs.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-output "self_managed_nodegroup_name" {
-  description = "EKS Self Managed node group id"
-  value       = local.self_managed_node_group["node_group_name"][*]
-}
-
-output "self_managed_nodegroup_iam_role_arns" {
-  description = "Self managed groups IAM role arns"
-  value       = aws_iam_role.self_managed_ng[*].arn
-}
-
-output "self_managed_iam_role_name" {
-  description = "Self managed groups IAM role names"
-  value       = aws_iam_role.self_managed_ng[*].name
-}
-
-output "self_managed_asg_names" {
-  description = "Self managed group ASG names"
-  value       = aws_autoscaling_group.self_managed_ng[*].name
-}
-
-output "launch_template_latest_versions" {
-  description = "Launch Template latest versions for EKS Self Managed Node Group"
-  value       = module.launch_template_self_managed_ng.launch_template_latest_version
-}
-
-output "launch_template_ids" {
-  description = "Launch Template IDs for EKS Self Managed Node Group"
-  value       = module.launch_template_self_managed_ng.launch_template_id
-}
-
-output "launch_template_arn" {
-  description = "Launch Template ARNs for EKS Self Managed Node Group"
-  value       = module.launch_template_self_managed_ng.launch_template_arn
-}
-
-output "self_managed_nodegroup_iam_instance_profile_id" {
-  description = "IAM Instance Profile ID for EKS Self Managed Node Group"
-  value       = aws_iam_instance_profile.self_managed_ng[*].id
-}
-
-output "self_managed_nodegroup_iam_instance_profile_arn" {
-  description = "IAM Instance Profile and for EKS Self Managed Node Group"
-  value       = aws_iam_instance_profile.self_managed_ng[*].arn
-}
diff --git a/modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf b/modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf
deleted file mode 100644
index fcb746f835..0000000000
--- a/modules/aws-eks-self-managed-node-groups/self-managed-launch-templates.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-module "launch_template_self_managed_ng" {
-  source = "../launch-templates"
-
-  eks_cluster_id = var.context.eks_cluster_id
-  launch_template_config = {
-    (local.lt_self_managed_group_map_key) = {
-      ami                    = local.custom_ami_id
-      launch_template_os     = local.self_managed_node_group["launch_template_os"]
-      launch_template_prefix = local.self_managed_node_group["node_group_name"]
-      instance_type          = local.self_managed_node_group["instance_type"]
-      capacity_type          = local.self_managed_node_group["capacity_type"] == "spot" ? "spot" : local.self_managed_node_group["capacity_type"]
-      iam_instance_profile   = local.self_managed_node_group["iam_instance_profile_name"] == null ? aws_iam_instance_profile.self_managed_ng[0].name : local.self_managed_node_group["iam_instance_profile_name"]
-
-      pre_userdata         = local.self_managed_node_group["pre_userdata"]
-      bootstrap_extra_args = local.self_managed_node_group["bootstrap_extra_args"]
-      post_userdata        = local.self_managed_node_group["post_userdata"]
-      kubelet_extra_args   = local.self_managed_node_group["kubelet_extra_args"]
-      monitoring           = local.self_managed_node_group["enable_monitoring"]
-
-      enable_metadata_options     = try(var.self_managed_ng.enable_metadata_options, true)
-      http_endpoint               = try(var.self_managed_ng.http_endpoint, "enabled")
-      http_tokens                 = try(var.self_managed_ng.http_tokens, "required")
-      http_put_response_hop_limit = try(var.self_managed_ng.http_put_response_hop_limit, 2)
-      http_protocol_ipv6          = try(var.self_managed_ng.http_protocol_ipv6, null)
-      instance_metadata_tags      = try(var.self_managed_ng.instance_metadata_tags, null)
-      placement                   = try(var.self_managed_ng.placement, null)
-
-      service_ipv6_cidr = var.context.service_ipv6_cidr
-      service_ipv4_cidr = var.context.service_ipv4_cidr
-
-      block_device_mappings  = local.self_managed_node_group["block_device_mappings"]
-      format_mount_nvme_disk = local.self_managed_node_group["format_mount_nvme_disk"]
-
-      network_interfaces = [
-        {
-          public_ip       = local.self_managed_node_group["public_ip"]
-          security_groups = var.context.worker_security_group_ids
-        }
-      ]
-    }
-  }
-
-  tags = local.common_tags
-}
diff --git a/modules/aws-eks-self-managed-node-groups/variables.tf b/modules/aws-eks-self-managed-node-groups/variables.tf
deleted file mode 100644
index 671358a656..0000000000
--- a/modules/aws-eks-self-managed-node-groups/variables.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-variable "self_managed_ng" {
-  description = "Map of maps of `eks_self_managed_node_groups` to create"
-  type        = any
-  default     = {}
-}
-
-variable "context" {
-  description = "Input configuration for the Node groups"
-  type = object({
-    # EKS Cluster Config
-    eks_cluster_id    = string
-    cluster_ca_base64 = string
-    cluster_endpoint  = string
-    cluster_version   = string
-    # VPC Config
-    vpc_id             = string
-    private_subnet_ids = list(string)
-    public_subnet_ids  = list(string)
-    # Security Groups
-    worker_security_group_ids = list(string)
-    # Data sources
-    aws_partition_dns_suffix = string
-    aws_partition_id         = string
-
-    iam_role_path                 = string
-    iam_role_permissions_boundary = string
-    # Tags
-    tags = map(string)
-    # Service IPV4/IPV6 CIDR
-    service_ipv6_cidr = string
-    service_ipv4_cidr = string
-  })
-}
diff --git a/modules/aws-eks-self-managed-node-groups/versions.tf b/modules/aws-eks-self-managed-node-groups/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/aws-eks-self-managed-node-groups/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/aws-eks-teams/README.md b/modules/aws-eks-teams/README.md
deleted file mode 100644
index 2b362d5509..0000000000
--- a/modules/aws-eks-teams/README.md
+++ /dev/null
@@ -1,181 +0,0 @@
-# Teams
-
-## Introduction
-
-The `eks-blueprints` framework provides support for onboarding and managing teams and easily configuring cluster access. We currently support two "`Team`" types: `application_teams` and `platform_teams`.
-`Application Teams` represent teams managing workloads running in cluster namespaces and `Platform Teams` represents platform administrators who have admin access (masters group) to clusters.
-
-### ApplicationTeam
-
-To create an `application_team` for your cluster, you will need to supply a team name, with the options to pass map of labels, map of resource quotas, existing IAM entities (user/roles), and a directory where you may optionally place any policy definitions and generic manifests for the team.
-These manifests will be applied by the platform and will be outside of the team control
-
-**NOTE:** When the manifests are applied, namespaces are not checked. Therefore, you are responsible for namespace settings in the yaml files.
-> As of today (2020-05-01), resource `kubernetes_manifest` can only be used (`terraform plan/apply...`) only after the cluster has been created and the cluster API can be accessed. Read ["Before you use this resource"](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest#before-you-use-this-resource) section for more information.
-To overcome this limitation, you can add/enable `manifests_dir` after you applied and created the cluster first. We are working on a better solution for this.
-
-#### Application Team Example
-
-```hcl
-  # EKS Application Teams
-
-  application_teams = {
-    # First Team
-    team-blue = {
-      "labels" = {
-        "appName"     = "example",
-        "projectName" = "example",
-        "environment" = "example",
-        "domain"      = "example",
-        "uuid"        = "example",
-      }
-      "quota" = {
-        "requests.cpu"    = "1000m",
-        "requests.memory" = "4Gi",
-        "limits.cpu"      = "2000m",
-        "limits.memory"   = "8Gi",
-        "pods"            = "10",
-        "secrets"         = "10",
-        "services"        = "10"
-      }
-      manifests_dir = "./manifests"
-      # Belows are examples of IAM users and roles
-      users = [
-        "arn:aws:iam::123456789012:user/blue-team-user",
-        "arn:aws:iam::123456789012:role/blue-team-sso-iam-role"
-      ]
-    }
-
-    # Second Team
-    team-red = {
-      "labels" = {
-        "appName"     = "example2",
-        "projectName" = "example2",
-      }
-      "quota" = {
-        "requests.cpu"    = "2000m",
-        "requests.memory" = "8Gi",
-        "limits.cpu"      = "4000m",
-        "limits.memory"   = "16Gi",
-        "pods"            = "20",
-        "secrets"         = "20",
-        "services"        = "20"
-      }
-      manifests_dir = "./manifests2"
-      users = [
-
-        "arn:aws:iam::123456789012:role/other-sso-iam-role"
-      ]
-    }
-  }
-```
-
-The `application_teams` will do the following for every provided team:
-
-- Create a namespace
-- Register quotas
-- Register IAM users for cross-account access
-- Create a shared role for cluster access. Alternatively, an existing role can be supplied.
-- Register provided users/role in the `aws-auth` configmap for `kubectl` and console access to the cluster and namespace.
-- (Optionally) read all additional manifests (e.g., network policies, OPA policies, others) stored in a provided directory, and applies them.
-
-### PlatformTeam
-
-To create an `Platform Team` for your cluster, simply use `platform_teams`. You will need to supply a team name and and all users/roles.
-
-#### Platform Team Example
-
-```hcl
-  platform_teams = {
-    admin-team-name-example = {
-      users = [
-        "arn:aws:iam::123456789012:user/admin-user",
-        "arn:aws:iam::123456789012:role/org-admin-role"
-      ]
-    }
-  }
-```
-
-`Platform Team` does the following:
-
-- Registers IAM users for admin access to the cluster (`kubectl` and console)
-- Registers an existing role (or create a new role) for cluster access with trust relationship with the provided/created role
-
-## Cluster Access (`kubectl`)
-
-The output will contain the IAM roles for every application(`application_teams_iam_role_arn`) or platform team(`platform_teams_iam_role_arn`).
-
-To update your kubeconfig, you can run the following command:
-
-```
-aws eks update-kubeconfig --name ${eks_cluster_id} --region ${AWS_REGION} --role-arn ${TEAM_ROLE_ARN}
-```
-
-Make sure to replace the `${eks_cluster_id}`, `${AWS_REGION}` and `${TEAM_ROLE_ARN}` with the actual values.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 1.14 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.platform_team_eks_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.platform_team](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.team_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.team_sa_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [kubectl_manifest.team](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubernetes_cluster_role.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role_binding.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
-| [kubernetes_namespace.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_resource_quota.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/resource_quota) | resource |
-| [kubernetes_role.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_service_account.team](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_iam_policy_document.platform_team_eks_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_application_teams"></a> [application\_teams](#input\_application\_teams) | Map of maps of teams to create | `any` | `{}` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster name | `string` | n/a | yes |
-| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
-| <a name="input_path"></a> [path](#input\_path) | Path in which to create the platform\_team\_eks\_access policy | `string` | `"/"` | no |
-| <a name="input_platform_teams"></a> [platform\_teams](#input\_platform\_teams) | Map of maps of teams to create | `any` | `{}` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_application_teams_configure_kubectl"></a> [application\_teams\_configure\_kubectl](#output\_application\_teams\_configure\_kubectl) | Configure kubectl for each Application Teams: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig |
-| <a name="output_application_teams_iam_role_arn"></a> [application\_teams\_iam\_role\_arn](#output\_application\_teams\_iam\_role\_arn) | IAM role ARN for Teams |
-| <a name="output_platform_teams_configure_kubectl"></a> [platform\_teams\_configure\_kubectl](#output\_platform\_teams\_configure\_kubectl) | Configure kubectl for each Platform Team: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig |
-| <a name="output_platform_teams_iam_role_arn"></a> [platform\_teams\_iam\_role\_arn](#output\_platform\_teams\_iam\_role\_arn) | IAM role ARN for Platform Teams |
-| <a name="output_team_sa_irsa_iam_role"></a> [team\_sa\_irsa\_iam\_role](#output\_team\_sa\_irsa\_iam\_role) | IAM role name for Teams EKS Service Account (IRSA) |
-| <a name="output_team_sa_irsa_iam_role_arn"></a> [team\_sa\_irsa\_iam\_role\_arn](#output\_team\_sa\_irsa\_iam\_role\_arn) | IAM role ARN for Teams EKS Service Account (IRSA) |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws-eks-teams/data.tf b/modules/aws-eks-teams/data.tf
deleted file mode 100644
index b0ae48a189..0000000000
--- a/modules/aws-eks-teams/data.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
-data "aws_eks_cluster" "eks_cluster" {
-  name = var.eks_cluster_id
-}
-
-data "aws_partition" "current" {}
-
-data "aws_iam_policy_document" "platform_team_eks_access" {
-  count = length(var.platform_teams) > 0 ? 1 : 0
-  statement {
-    sid = "AllowPlatformTeamEKSAccess"
-    actions = [
-      "eks:AccessKubernetesApi",
-      "eks:DescribeCluster",
-      "eks:DescribeNodegroup",
-      "eks:ListClusters",
-      "eks:ListFargateProfiles",
-      "eks:ListNodegroups",
-      "eks:ListUpdates",
-      "ssm:GetParameter",
-    ]
-    resources = [
-      data.aws_eks_cluster.eks_cluster.arn
-    ]
-  }
-
-  statement {
-    sid       = "AllowListClusters"
-    actions   = ["eks:ListClusters"]
-    resources = ["*"]
-  }
-}
diff --git a/modules/aws-eks-teams/locals.tf b/modules/aws-eks-teams/locals.tf
deleted file mode 100644
index 6b51b3d7a9..0000000000
--- a/modules/aws-eks-teams/locals.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-locals {
-  partition             = data.aws_partition.current.partition
-  account_id            = data.aws_caller_identity.current.account_id
-  eks_oidc_issuer_url   = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "")
-  eks_oidc_provider_arn = "arn:${local.partition}:iam::${local.account_id}:oidc-provider/${local.eks_oidc_issuer_url}"
-
-  team_manifests = flatten([
-    for team_name, team_data in var.application_teams :
-    try(fileset(path.root, "${team_data.manifests_dir}/*"), [])
-  ])
-
-}
diff --git a/modules/aws-eks-teams/main.tf b/modules/aws-eks-teams/main.tf
deleted file mode 100644
index 62ad234c4e..0000000000
--- a/modules/aws-eks-teams/main.tf
+++ /dev/null
@@ -1,212 +0,0 @@
-# ---------------------------------------------------------------------------------------------------------------------
-# Namespace
-# ---------------------------------------------------------------------------------------------------------------------
-resource "kubernetes_namespace" "team" {
-  for_each = var.application_teams
-  metadata {
-    name   = each.key
-    labels = try(each.value["labels"], {})
-  }
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Quotas
-# ---------------------------------------------------------------------------------------------------------------------
-resource "kubernetes_resource_quota" "this" {
-  for_each = { for team_name, team_data in var.application_teams : team_name => team_data if lookup(team_data, "quota", "") != "" }
-
-  metadata {
-    name      = "quotas"
-    namespace = kubernetes_namespace.team[each.key].metadata[0].name
-  }
-
-  spec {
-    hard = try(each.value.quota, {})
-  }
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# IAM / RBAC
-# ---------------------------------------------------------------------------------------------------------------------
-resource "aws_iam_role" "team_access" {
-  for_each = { for team_name, team_data in var.application_teams : team_name => team_data if lookup(team_data, "users", "") != "" }
-
-  name                 = "${var.eks_cluster_id}-${each.key}-access"
-  permissions_boundary = var.iam_role_permissions_boundary
-
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "AWS" : each.value.users
-        },
-        "Action" : "sts:AssumeRole"
-      }
-    ]
-  })
-
-  tags = var.tags
-}
-
-resource "kubernetes_cluster_role" "team" {
-  for_each = var.application_teams
-  metadata {
-    name = "${each.key}-team-cluster-role"
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["namespaces", "nodes"]
-    verbs      = ["get", "list", "watch"]
-  }
-}
-
-resource "kubernetes_cluster_role_binding" "team" {
-  for_each = var.application_teams
-  metadata {
-    name = "${each.key}-team-cluster-role-binding"
-  }
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = "${each.key}-team-cluster-role"
-  }
-  subject {
-    kind      = "Group"
-    name      = "${each.key}-group"
-    api_group = "rbac.authorization.k8s.io"
-  }
-}
-
-resource "kubernetes_role" "team" {
-  for_each = var.application_teams
-  metadata {
-    name      = "${each.key}-role"
-    namespace = kubernetes_namespace.team[each.key].metadata[0].name
-  }
-  rule {
-    api_groups = ["*"]
-    resources  = ["configmaps", "pods", "podtemplates", "secrets", "serviceaccounts", "services", "deployments", "horizontalpodautoscalers", "networkpolicies", "statefulsets", "replicasets"]
-    verbs      = ["get", "list", "watch"]
-  }
-  rule {
-    api_groups = ["*"]
-    resources  = ["resourcequotas"]
-    verbs      = ["get", "list", "watch"]
-  }
-}
-
-resource "kubernetes_role_binding" "team" {
-  for_each = var.application_teams
-  metadata {
-    name      = "${each.key}-role-binding"
-    namespace = kubernetes_namespace.team[each.key].metadata[0].name
-  }
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "Role"
-    name      = "${each.key}-role"
-  }
-  subject {
-    kind      = "Group"
-    name      = "${each.key}-group"
-    api_group = "rbac.authorization.k8s.io"
-    namespace = kubernetes_namespace.team[each.key].metadata[0].name
-  }
-}
-
-resource "aws_iam_role" "team_sa_irsa" {
-  for_each = var.application_teams
-
-  name                 = "${var.eks_cluster_id}-${each.key}-sa-role"
-  permissions_boundary = var.iam_role_permissions_boundary
-
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Federated" : local.eks_oidc_provider_arn
-        },
-        "Action" : "sts:AssumeRoleWithWebIdentity",
-        "Condition" : {
-          "StringEquals" : {
-            "${local.eks_oidc_issuer_url}:sub" : "system:serviceaccount:${each.key}:${format("%s-sa", each.key)}",
-            "${local.eks_oidc_issuer_url}:aud" : "sts.amazonaws.com"
-          }
-        }
-      }
-    ]
-  })
-
-  tags = var.tags
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Kubernetes Team Service Account
-# ---------------------------------------------------------------------------------------------------------------------
-
-resource "kubernetes_service_account" "team" {
-  for_each = var.application_teams
-  metadata {
-    name        = format("%s-sa", each.key)
-    namespace   = kubernetes_namespace.team[each.key].metadata[0].name
-    annotations = { "eks.amazonaws.com/role-arn" : aws_iam_role.team_sa_irsa[each.key].arn }
-  }
-  automount_service_account_token = true
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Kubernetes Manifests
-# ---------------------------------------------------------------------------------------------------------------------
-
-resource "kubectl_manifest" "team" {
-  for_each  = { for manifest in local.team_manifests : manifest => file(manifest) }
-  yaml_body = each.value
-  depends_on = [
-    kubernetes_namespace.team
-  ]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Platform Team
-# ---------------------------------------------------------------------------------------------------------------------
-
-resource "aws_iam_role" "platform_team" {
-  for_each = var.platform_teams
-
-  name                 = "${var.eks_cluster_id}-${each.key}-access"
-  permissions_boundary = var.iam_role_permissions_boundary
-  managed_policy_arns  = [aws_iam_policy.platform_team_eks_access[0].arn]
-
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "AWS" : each.value.users
-        },
-        "Action" : "sts:AssumeRole"
-      }
-    ]
-  })
-
-  tags = var.tags
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Platform Team EKS access IAM policy
-# ---------------------------------------------------------------------------------------------------------------------
-
-resource "aws_iam_policy" "platform_team_eks_access" {
-  count       = length(var.platform_teams) > 0 ? 1 : 0
-  name        = "${var.eks_cluster_id}-PlatformTeamEKSAccess"
-  path        = var.path
-  description = "Platform Team EKS Console Access"
-  policy      = data.aws_iam_policy_document.platform_team_eks_access[0].json
-  tags        = var.tags
-}
diff --git a/modules/aws-eks-teams/outputs.tf b/modules/aws-eks-teams/outputs.tf
deleted file mode 100644
index 7d03c032f8..0000000000
--- a/modules/aws-eks-teams/outputs.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-output "platform_teams_iam_role_arn" {
-  description = "IAM role ARN for Platform Teams"
-  value = tomap({
-    for k, v in aws_iam_role.platform_team : k => v.arn
-  })
-}
-
-output "application_teams_iam_role_arn" {
-  description = "IAM role ARN for Teams"
-  value = tomap({
-    for k, v in aws_iam_role.team_access : k => v.arn
-  })
-}
-
-output "team_sa_irsa_iam_role" {
-  description = "IAM role name for Teams EKS Service Account (IRSA)"
-  value = tomap({
-    for k, v in aws_iam_role.team_sa_irsa : k => v.name
-  })
-}
-
-output "team_sa_irsa_iam_role_arn" {
-  description = "IAM role ARN for Teams EKS Service Account (IRSA)"
-  value = tomap({
-    for k, v in aws_iam_role.team_sa_irsa : k => v.arn
-  })
-}
-
-output "platform_teams_configure_kubectl" {
-  description = "Configure kubectl for each Platform Team: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value = tomap({
-    for k, v in aws_iam_role.platform_team : k => "aws eks --region ${data.aws_region.current.id} update-kubeconfig --name ${data.aws_eks_cluster.eks_cluster.name}  --role-arn ${v.arn}"
-  })
-}
-
-output "application_teams_configure_kubectl" {
-  description = "Configure kubectl for each Application Teams: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value = tomap({
-    for k, v in aws_iam_role.team_access : k => "aws eks --region ${data.aws_region.current.id} update-kubeconfig --name ${data.aws_eks_cluster.eks_cluster.name}  --role-arn ${v.arn}"
-  })
-}
diff --git a/modules/aws-eks-teams/variables.tf b/modules/aws-eks-teams/variables.tf
deleted file mode 100644
index cc4af44feb..0000000000
--- a/modules/aws-eks-teams/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "application_teams" {
-  description = "Map of maps of teams to create"
-  type        = any
-  default     = {}
-}
-
-variable "platform_teams" {
-  description = "Map of maps of teams to create"
-  type        = any
-  default     = {}
-}
-
-variable "tags" {
-  description = "A map of tags to add to all resources"
-  type        = map(string)
-  default     = {}
-}
-
-variable "eks_cluster_id" {
-  description = "EKS Cluster name"
-  type        = string
-}
-
-variable "iam_role_permissions_boundary" {
-  description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
-  type        = string
-  default     = null
-}
-
-variable "path" {
-  description = "Path in which to create the platform_team_eks_access policy"
-  type        = string
-  default     = "/"
-}
diff --git a/modules/aws-eks-teams/versions.tf b/modules/aws-eks-teams/versions.tf
deleted file mode 100644
index c91b6fba83..0000000000
--- a/modules/aws-eks-teams/versions.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
-  }
-}
diff --git a/modules/aws-kms/README.md b/modules/aws-kms/README.md
deleted file mode 100644
index 959c58fdc2..0000000000
--- a/modules/aws-kms/README.md
+++ /dev/null
@@ -1,60 +0,0 @@
-# AWS KMS module
-
-Terraform module that creates an AWS KMS key and assigns it an alias, policy, and tags.
-
-## Usage
-
-```terraform
-module "kms" {
-  source = "./modules/aws-kms"
-
-  alias                   = "alias/example"
-  description             = "Example encryption key"
-  policy                  = data.aws_iam_policy_document.key.json
-  tags                    = local.tags
-}
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
-| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_alias"></a> [alias](#input\_alias) | The display name of the alias. The name must start with the word 'alias' followed by a forward slash (alias/) | `string` | n/a | yes |
-| <a name="input_deletion_window_in_days"></a> [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30 | `number` | `30` | no |
-| <a name="input_description"></a> [description](#input\_description) | The description of the key | `string` | n/a | yes |
-| <a name="input_enable_key_rotation"></a> [enable\_key\_rotation](#input\_enable\_key\_rotation) | Specifies whether annual key rotation is enabled | `bool` | `true` | no |
-| <a name="input_policy"></a> [policy](#input\_policy) | A valid KMS key policy JSON document. Although this is a key policy, not an IAM policy, an aws\_iam\_policy\_document, in the form that designates a principal, can be used | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the object | `map(string)` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_key_arn"></a> [key\_arn](#output\_key\_arn) | The Amazon Resource Name (ARN) of the key. |
-| <a name="output_key_id"></a> [key\_id](#output\_key\_id) | The globally unique identifier for the key. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws-kms/main.tf b/modules/aws-kms/main.tf
deleted file mode 100644
index f8159c41c5..0000000000
--- a/modules/aws-kms/main.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Create a KMS customer managed key
-resource "aws_kms_key" "this" {
-  description             = var.description
-  policy                  = var.policy
-  enable_key_rotation     = var.enable_key_rotation
-  deletion_window_in_days = var.deletion_window_in_days
-  tags                    = var.tags
-}
-
-# Assign an alias to the key
-resource "aws_kms_alias" "this" {
-  name          = var.alias
-  target_key_id = aws_kms_key.this.key_id
-}
diff --git a/modules/aws-kms/outputs.tf b/modules/aws-kms/outputs.tf
deleted file mode 100644
index 38870be2e4..0000000000
--- a/modules/aws-kms/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "key_id" {
-  description = "The globally unique identifier for the key."
-  value       = aws_kms_key.this.key_id
-}
-
-output "key_arn" {
-  description = "The Amazon Resource Name (ARN) of the key."
-  value       = aws_kms_key.this.arn
-}
diff --git a/modules/aws-kms/variables.tf b/modules/aws-kms/variables.tf
deleted file mode 100644
index cc036cc81e..0000000000
--- a/modules/aws-kms/variables.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-variable "policy" {
-  description = "A valid KMS key policy JSON document. Although this is a key policy, not an IAM policy, an aws_iam_policy_document, in the form that designates a principal, can be used"
-  type        = string
-}
-
-variable "description" {
-  description = "The description of the key"
-  type        = string
-}
-
-variable "alias" {
-  description = "The display name of the alias. The name must start with the word 'alias' followed by a forward slash (alias/)"
-  type        = string
-}
-
-variable "enable_key_rotation" {
-  description = "Specifies whether annual key rotation is enabled"
-  type        = bool
-  default     = true
-}
-
-variable "deletion_window_in_days" {
-  description = "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30"
-  type        = number
-  default     = 30
-}
-
-variable "tags" {
-  description = "A map of tags to assign to the object"
-  type        = map(string)
-}
diff --git a/modules/aws-kms/versions.tf b/modules/aws-kms/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/aws-kms/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/emr-on-eks/README.md b/modules/emr-on-eks/README.md
deleted file mode 100644
index ab0223b4c4..0000000000
--- a/modules/emr-on-eks/README.md
+++ /dev/null
@@ -1,55 +0,0 @@
-# EMR on EKS Module
-Amazon EMR on EKS provides a deployment option for Amazon EMR that allows you to run open-source big data frameworks on Amazon Elastic Kubernetes Service (Amazon EKS). With this deployment option, you can focus on running analytics workloads while Amazon EMR on EKS builds, configures, and manages containers for open-source applications.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 3.1 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_role.emr_on_eks_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [kubernetes_namespace.spark](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_role.emr_containers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.emr_containers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [null_resource.update_trust_policy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [aws_iam_policy_document.emr_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes |
-| <a name="input_emr_on_eks_teams"></a> [emr\_on\_eks\_teams](#input\_emr\_on\_eks\_teams) | EMR on EKS Teams configuration | `any` | `{}` | no |
-| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `"/"` | no |
-| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Common Tags for AWS resources | `map(string)` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_emr_on_eks_role_arn"></a> [emr\_on\_eks\_role\_arn](#output\_emr\_on\_eks\_role\_arn) | IAM execution role ARN for EMR on EKS |
-| <a name="output_emr_on_eks_role_id"></a> [emr\_on\_eks\_role\_id](#output\_emr\_on\_eks\_role\_id) | IAM execution role ID for EMR on EKS |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/emr-on-eks/data.tf b/modules/emr-on-eks/data.tf
deleted file mode 100644
index 6e329fa3e2..0000000000
--- a/modules/emr-on-eks/data.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-data "aws_region" "current" {}
-
-data "aws_iam_policy_document" "emr_assume_role" {
-  statement {
-    sid     = ""
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["elasticmapreduce.amazonaws.com"]
-    }
-  }
-}
diff --git a/modules/emr-on-eks/locals.tf b/modules/emr-on-eks/locals.tf
deleted file mode 100644
index 848d623a1d..0000000000
--- a/modules/emr-on-eks/locals.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-locals {
-
-  default_emr_eks_team = {
-    namespace               = "emr-on-eks-spark"
-    job_execution_role      = "emr-on-eks-job-role"
-    additional_iam_policies = []
-  }
-
-  emr_on_eks_team = merge(
-    local.default_emr_eks_team,
-    var.emr_on_eks_teams
-  )
-
-  emr_service_name = "emr-containers"
-}
diff --git a/modules/emr-on-eks/main.tf b/modules/emr-on-eks/main.tf
deleted file mode 100644
index 89c762a247..0000000000
--- a/modules/emr-on-eks/main.tf
+++ /dev/null
@@ -1,125 +0,0 @@
-resource "kubernetes_namespace" "spark" {
-  metadata {
-    annotations = {
-      name = local.emr_on_eks_team["namespace"]
-    }
-
-    labels = {
-      job-type = "spark"
-    }
-
-    name = local.emr_on_eks_team["namespace"]
-  }
-}
-
-resource "kubernetes_role" "emr_containers" {
-  metadata {
-    name      = local.emr_service_name
-    namespace = kubernetes_namespace.spark.id
-  }
-
-  rule {
-    verbs      = ["get"]
-    api_groups = [""]
-    resources  = ["namespaces"]
-  }
-
-  rule {
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "deletecollection", "annotate", "patch", "label"]
-    api_groups = [""]
-    resources  = ["serviceaccounts", "services", "configmaps", "events", "pods", "pods/log"]
-  }
-
-  rule {
-    verbs      = ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
-    api_groups = [""]
-    resources  = ["persistentvolumeclaims"]
-  }
-
-  rule {
-    verbs      = ["create", "patch", "delete", "watch"]
-    api_groups = [""]
-    resources  = ["secrets"]
-  }
-
-  rule {
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-    api_groups = ["apps"]
-    resources  = ["statefulsets", "deployments"]
-  }
-
-  rule {
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-    api_groups = ["batch"]
-    resources  = ["jobs"]
-  }
-
-  rule {
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-    api_groups = ["extensions"]
-    resources  = ["ingresses"]
-  }
-
-  rule {
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "deletecollection", "annotate", "patch", "label"]
-    api_groups = ["rbac.authorization.k8s.io"]
-    resources  = ["roles", "rolebindings"]
-  }
-}
-
-resource "kubernetes_role_binding" "emr_containers" {
-  metadata {
-    name      = local.emr_service_name
-    namespace = kubernetes_namespace.spark.id
-  }
-
-  subject {
-    kind = "User"
-    name = local.emr_service_name
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "Role"
-    name      = local.emr_service_name
-  }
-}
-
-resource "aws_iam_role" "emr_on_eks_execution" {
-  name                  = format("%s-%s", var.eks_cluster_id, local.emr_on_eks_team["job_execution_role"])
-  assume_role_policy    = data.aws_iam_policy_document.emr_assume_role.json
-  force_detach_policies = true
-  path                  = var.iam_role_path
-  permissions_boundary  = var.iam_role_permissions_boundary
-  tags                  = var.tags
-}
-
-resource "aws_iam_role_policy_attachment" "custom" {
-  count = length(local.emr_on_eks_team["additional_iam_policies"])
-
-  role       = aws_iam_role.emr_on_eks_execution.name
-  policy_arn = local.emr_on_eks_team["additional_iam_policies"][count.index]
-}
-
-# TODO Replace this resource once the provider is available for aws emr-containers
-resource "null_resource" "update_trust_policy" {
-  provisioner "local-exec" {
-    interpreter = ["/bin/sh", "-c"]
-    environment = {
-      AWS_DEFAULT_REGION = data.aws_region.current.id
-    }
-    command = <<EOF
-set -e
-
-aws emr-containers update-role-trust-policy \
---cluster-name ${var.eks_cluster_id} \
---namespace ${kubernetes_namespace.spark.id} \
---role-name ${aws_iam_role.emr_on_eks_execution.id}
-
-EOF
-  }
-  triggers = {
-    always_run = timestamp()
-  }
-  depends_on = [kubernetes_namespace.spark, aws_iam_role.emr_on_eks_execution]
-}
diff --git a/modules/emr-on-eks/outputs.tf b/modules/emr-on-eks/outputs.tf
deleted file mode 100644
index bf410209b6..0000000000
--- a/modules/emr-on-eks/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "emr_on_eks_role_arn" {
-  description = "IAM execution role ARN for EMR on EKS"
-  value       = aws_iam_role.emr_on_eks_execution[*].arn
-}
-
-output "emr_on_eks_role_id" {
-  description = "IAM execution role ID for EMR on EKS"
-  value       = aws_iam_role.emr_on_eks_execution[*].id
-}
diff --git a/modules/emr-on-eks/variables.tf b/modules/emr-on-eks/variables.tf
deleted file mode 100644
index 61cfb788c9..0000000000
--- a/modules/emr-on-eks/variables.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-variable "eks_cluster_id" {
-  description = "EKS Cluster ID"
-  type        = string
-}
-
-variable "tags" {
-  description = "Common Tags for AWS resources"
-  type        = map(string)
-}
-
-variable "emr_on_eks_teams" {
-  description = "EMR on EKS Teams configuration"
-  type        = any
-  default     = {}
-}
-
-variable "iam_role_path" {
-  description = "IAM role path"
-  type        = string
-  default     = "/"
-}
-
-variable "iam_role_permissions_boundary" {
-  description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
-  type        = string
-  default     = null
-}
diff --git a/modules/emr-on-eks/versions.tf b/modules/emr-on-eks/versions.tf
deleted file mode 100644
index 8620e6f3c4..0000000000
--- a/modules/emr-on-eks/versions.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 3.1"
-    }
-  }
-}
diff --git a/modules/irsa/README.md b/modules/irsa/README.md
deleted file mode 100644
index f3a3d49e0c..0000000000
--- a/modules/irsa/README.md
+++ /dev/null
@@ -1,75 +0,0 @@
-# IRSA (IAM roles for Kubernetes Service Accounts)
-
-This Terraform module creates the following resources
-
-1.  Kubernetes Namespace for Kubernetes Addon
-2.  Service Account for Kubernetes Addon
-3.  IAM Role for Service Account with OIDC assume role policy
-4.  Creates default policy required for Addon
-5.  Attaches the additional IAM policies provided by consumer module
-
-## Learn more
-
-## Blogs
-
-- [Introducing fine-grained IAM roles for service accounts](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/)
-- [Cross account IAM roles for Kubernetes service accounts](https://aws.amazon.com/blogs/containers/cross-account-iam-roles-for-kubernetes-service-accounts/)
-- [Enabling cross-account access to Amazon EKS cluster resources](https://aws.amazon.com/blogs/containers/enabling-cross-account-access-to-amazon-eks-cluster-resources/)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_role.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [kubernetes_namespace_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_secret_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-| [kubernetes_service_account_v1.irsa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_create_kubernetes_namespace"></a> [create\_kubernetes\_namespace](#input\_create\_kubernetes\_namespace) | Should the module create the namespace | `bool` | `true` | no |
-| <a name="input_create_kubernetes_service_account"></a> [create\_kubernetes\_service\_account](#input\_create\_kubernetes\_service\_account) | Should the module create the Service Account | `bool` | `true` | no |
-| <a name="input_create_service_account_secret_token"></a> [create\_service\_account\_secret\_token](#input\_create\_service\_account\_secret\_token) | Should the module create a secret for the service account (from k8s version 1.24 service account doesn't automatically create secret of the token) | `bool` | `false` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes |
-| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | EKS OIDC Provider ARN e.g., arn:aws:iam::<ACCOUNT-ID>:oidc-provider/<var.eks\_oidc\_provider> | `string` | n/a | yes |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `""` | no |
-| <a name="input_irsa_iam_policies"></a> [irsa\_iam\_policies](#input\_irsa\_iam\_policies) | IAM Policies for IRSA IAM role | `list(string)` | `[]` | no |
-| <a name="input_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
-| <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | Kubernetes Namespace name | `string` | n/a | yes |
-| <a name="input_kubernetes_service_account"></a> [kubernetes\_service\_account](#input\_kubernetes\_service\_account) | Kubernetes Service Account Name | `string` | n/a | yes |
-| <a name="input_kubernetes_svc_image_pull_secrets"></a> [kubernetes\_svc\_image\_pull\_secrets](#input\_kubernetes\_svc\_image\_pull\_secrets) | list(string) of kubernetes imagePullSecrets | `list(string)` | `[]` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_iam_role_arn"></a> [irsa\_iam\_role\_arn](#output\_irsa\_iam\_role\_arn) | IAM role ARN for your service account |
-| <a name="output_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#output\_irsa\_iam\_role\_name) | IAM role name for your service account |
-| <a name="output_namespace"></a> [namespace](#output\_namespace) | IRSA Namespace |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | IRSA Service Account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/irsa/main.tf b/modules/irsa/main.tf
deleted file mode 100644
index f7f2ed785a..0000000000
--- a/modules/irsa/main.tf
+++ /dev/null
@@ -1,91 +0,0 @@
-locals {
-  eks_oidc_issuer_url = replace(var.eks_oidc_provider_arn, "/^(.*provider/)/", "")
-}
-
-resource "kubernetes_namespace_v1" "irsa" {
-  count = var.create_kubernetes_namespace && var.kubernetes_namespace != "kube-system" ? 1 : 0
-  metadata {
-    name = var.kubernetes_namespace
-  }
-
-  timeouts {
-    delete = "15m"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      metadata[0].labels,
-      metadata[0].annotations,
-    ]
-  }
-}
-
-resource "kubernetes_secret_v1" "irsa" {
-  count = var.create_kubernetes_service_account && var.create_service_account_secret_token ? 1 : 0
-  metadata {
-    name      = format("%s-token-secret", try(kubernetes_service_account_v1.irsa[0].metadata[0].name, var.kubernetes_service_account))
-    namespace = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    annotations = {
-      "kubernetes.io/service-account.name"      = try(kubernetes_service_account_v1.irsa[0].metadata[0].name, var.kubernetes_service_account)
-      "kubernetes.io/service-account.namespace" = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    }
-  }
-
-  type = "kubernetes.io/service-account-token"
-}
-
-resource "kubernetes_service_account_v1" "irsa" {
-  count = var.create_kubernetes_service_account ? 1 : 0
-  metadata {
-    name        = var.kubernetes_service_account
-    namespace   = try(kubernetes_namespace_v1.irsa[0].metadata[0].name, var.kubernetes_namespace)
-    annotations = var.irsa_iam_policies != null ? { "eks.amazonaws.com/role-arn" : aws_iam_role.irsa[0].arn } : null
-  }
-
-  dynamic "image_pull_secret" {
-    for_each = var.kubernetes_svc_image_pull_secrets != null ? var.kubernetes_svc_image_pull_secrets : []
-    content {
-      name = image_pull_secret.value
-    }
-  }
-
-  automount_service_account_token = true
-}
-
-# NOTE: Don't change the condition from StringLike to StringEquals. We are using wild characters for service account hence StringLike is required.
-resource "aws_iam_role" "irsa" {
-  count = var.irsa_iam_policies != null ? 1 : 0
-
-  name        = try(coalesce(var.irsa_iam_role_name, format("%s-%s-%s", var.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")), null)
-  description = "AWS IAM Role for the Kubernetes service account ${var.kubernetes_service_account}."
-  assume_role_policy = jsonencode({
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Federated" : var.eks_oidc_provider_arn
-        },
-        "Action" : "sts:AssumeRoleWithWebIdentity",
-        "Condition" : {
-          "StringLike" : {
-            "${local.eks_oidc_issuer_url}:sub" : "system:serviceaccount:${var.kubernetes_namespace}:${var.kubernetes_service_account}",
-            "${local.eks_oidc_issuer_url}:aud" : "sts.amazonaws.com"
-          }
-        }
-      }
-    ]
-  })
-  path                  = var.irsa_iam_role_path
-  force_detach_policies = true
-  permissions_boundary  = var.irsa_iam_permissions_boundary
-
-  tags = var.tags
-}
-
-resource "aws_iam_role_policy_attachment" "irsa" {
-  count = var.irsa_iam_policies != null ? length(var.irsa_iam_policies) : 0
-
-  policy_arn = var.irsa_iam_policies[count.index]
-  role       = aws_iam_role.irsa[0].name
-}
diff --git a/modules/irsa/outputs.tf b/modules/irsa/outputs.tf
deleted file mode 100644
index 9311a6c055..0000000000
--- a/modules/irsa/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "irsa_iam_role_arn" {
-  description = "IAM role ARN for your service account"
-  value       = try(aws_iam_role.irsa[0].arn, null)
-}
-
-output "irsa_iam_role_name" {
-  description = "IAM role name for your service account"
-  value       = try(aws_iam_role.irsa[0].name, null)
-}
-
-output "namespace" {
-  description = "IRSA Namespace"
-  value       = try(kubernetes_namespace_v1.irsa[0].id, var.kubernetes_namespace)
-}
-
-output "service_account" {
-  description = "IRSA Service Account"
-  value       = try(kubernetes_service_account_v1.irsa[0].id, var.kubernetes_service_account)
-}
diff --git a/modules/irsa/variables.tf b/modules/irsa/variables.tf
deleted file mode 100644
index 60bf1fe823..0000000000
--- a/modules/irsa/variables.tf
+++ /dev/null
@@ -1,73 +0,0 @@
-variable "kubernetes_namespace" {
-  description = "Kubernetes Namespace name"
-  type        = string
-}
-
-variable "create_kubernetes_namespace" {
-  description = "Should the module create the namespace"
-  type        = bool
-  default     = true
-}
-
-variable "create_kubernetes_service_account" {
-  description = "Should the module create the Service Account"
-  type        = bool
-  default     = true
-}
-
-variable "create_service_account_secret_token" {
-  description = "Should the module create a secret for the service account (from k8s version 1.24 service account doesn't automatically create secret of the token)"
-  type        = bool
-  default     = false
-}
-
-variable "kubernetes_service_account" {
-  description = "Kubernetes Service Account Name"
-  type        = string
-}
-
-variable "kubernetes_svc_image_pull_secrets" {
-  description = "list(string) of kubernetes imagePullSecrets"
-  type        = list(string)
-  default     = []
-}
-
-variable "irsa_iam_policies" {
-  type        = list(string)
-  description = "IAM Policies for IRSA IAM role"
-  default     = []
-}
-
-variable "irsa_iam_role_name" {
-  type        = string
-  description = "IAM role name for IRSA"
-  default     = ""
-}
-
-variable "irsa_iam_role_path" {
-  description = "IAM role path for IRSA roles"
-  type        = string
-  default     = "/"
-}
-
-variable "irsa_iam_permissions_boundary" {
-  description = "IAM permissions boundary for IRSA roles"
-  type        = string
-  default     = ""
-}
-
-variable "eks_oidc_provider_arn" {
-  description = "EKS OIDC Provider ARN e.g., arn:aws:iam::<ACCOUNT-ID>:oidc-provider/<var.eks_oidc_provider>"
-  type        = string
-}
-
-variable "eks_cluster_id" {
-  description = "EKS Cluster ID"
-  type        = string
-}
-
-variable "tags" {
-  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
-  type        = map(string)
-  default     = {}
-}
diff --git a/modules/irsa/versions.tf b/modules/irsa/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/irsa/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/README.md b/modules/kubernetes-addons/README.md
deleted file mode 100644
index 58cdcff208..0000000000
--- a/modules/kubernetes-addons/README.md
+++ /dev/null
@@ -1,411 +0,0 @@
-# Kubernetes Addons
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.8 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_time"></a> [time](#provider\_time) | >= 0.8 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_adot_collector_haproxy"></a> [adot\_collector\_haproxy](#module\_adot\_collector\_haproxy) | ./adot-collector-haproxy | n/a |
-| <a name="module_adot_collector_java"></a> [adot\_collector\_java](#module\_adot\_collector\_java) | ./adot-collector-java | n/a |
-| <a name="module_adot_collector_memcached"></a> [adot\_collector\_memcached](#module\_adot\_collector\_memcached) | ./adot-collector-memcached | n/a |
-| <a name="module_adot_collector_nginx"></a> [adot\_collector\_nginx](#module\_adot\_collector\_nginx) | ./adot-collector-nginx | n/a |
-| <a name="module_agones"></a> [agones](#module\_agones) | ./agones | n/a |
-| <a name="module_airflow"></a> [airflow](#module\_airflow) | ./airflow | n/a |
-| <a name="module_app_2048"></a> [app\_2048](#module\_app\_2048) | ./app-2048 | n/a |
-| <a name="module_appmesh_controller"></a> [appmesh\_controller](#module\_appmesh\_controller) | ./appmesh-controller | n/a |
-| <a name="module_argo_rollouts"></a> [argo\_rollouts](#module\_argo\_rollouts) | ./argo-rollouts | n/a |
-| <a name="module_argo_workflows"></a> [argo\_workflows](#module\_argo\_workflows) | ./argo-workflows | n/a |
-| <a name="module_argocd"></a> [argocd](#module\_argocd) | ./argocd | n/a |
-| <a name="module_aws_cloudwatch_metrics"></a> [aws\_cloudwatch\_metrics](#module\_aws\_cloudwatch\_metrics) | ./aws-cloudwatch-metrics | n/a |
-| <a name="module_aws_coredns"></a> [aws\_coredns](#module\_aws\_coredns) | ./aws-coredns | n/a |
-| <a name="module_aws_ebs_csi_driver"></a> [aws\_ebs\_csi\_driver](#module\_aws\_ebs\_csi\_driver) | ./aws-ebs-csi-driver | n/a |
-| <a name="module_aws_efs_csi_driver"></a> [aws\_efs\_csi\_driver](#module\_aws\_efs\_csi\_driver) | ./aws-efs-csi-driver | n/a |
-| <a name="module_aws_for_fluent_bit"></a> [aws\_for\_fluent\_bit](#module\_aws\_for\_fluent\_bit) | ./aws-for-fluentbit | n/a |
-| <a name="module_aws_fsx_csi_driver"></a> [aws\_fsx\_csi\_driver](#module\_aws\_fsx\_csi\_driver) | ./aws-fsx-csi-driver | n/a |
-| <a name="module_aws_kube_proxy"></a> [aws\_kube\_proxy](#module\_aws\_kube\_proxy) | ./aws-kube-proxy | n/a |
-| <a name="module_aws_load_balancer_controller"></a> [aws\_load\_balancer\_controller](#module\_aws\_load\_balancer\_controller) | ./aws-load-balancer-controller | n/a |
-| <a name="module_aws_node_termination_handler"></a> [aws\_node\_termination\_handler](#module\_aws\_node\_termination\_handler) | ./aws-node-termination-handler | n/a |
-| <a name="module_aws_privateca_issuer"></a> [aws\_privateca\_issuer](#module\_aws\_privateca\_issuer) | ./aws-privateca-issuer | n/a |
-| <a name="module_aws_vpc_cni"></a> [aws\_vpc\_cni](#module\_aws\_vpc\_cni) | ./aws-vpc-cni | n/a |
-| <a name="module_calico"></a> [calico](#module\_calico) | ./calico | n/a |
-| <a name="module_cert_manager"></a> [cert\_manager](#module\_cert\_manager) | ./cert-manager | n/a |
-| <a name="module_cert_manager_csi_driver"></a> [cert\_manager\_csi\_driver](#module\_cert\_manager\_csi\_driver) | ./cert-manager-csi-driver | n/a |
-| <a name="module_cert_manager_istio_csr"></a> [cert\_manager\_istio\_csr](#module\_cert\_manager\_istio\_csr) | ./cert-manager-istio-csr | n/a |
-| <a name="module_chaos_mesh"></a> [chaos\_mesh](#module\_chaos\_mesh) | ./chaos-mesh | n/a |
-| <a name="module_cilium"></a> [cilium](#module\_cilium) | ./cilium | n/a |
-| <a name="module_cluster_autoscaler"></a> [cluster\_autoscaler](#module\_cluster\_autoscaler) | ./cluster-autoscaler | n/a |
-| <a name="module_consul"></a> [consul](#module\_consul) | ./consul | n/a |
-| <a name="module_coredns_autoscaler"></a> [coredns\_autoscaler](#module\_coredns\_autoscaler) | ./cluster-proportional-autoscaler | n/a |
-| <a name="module_crossplane"></a> [crossplane](#module\_crossplane) | ./crossplane | n/a |
-| <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./csi-secrets-store-provider-aws | n/a |
-| <a name="module_datadog_operator"></a> [datadog\_operator](#module\_datadog\_operator) | ./datadog-operator | n/a |
-| <a name="module_emr_on_eks"></a> [emr\_on\_eks](#module\_emr\_on\_eks) | ./emr-on-eks | n/a |
-| <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./external-dns | n/a |
-| <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./external-secrets | n/a |
-| <a name="module_fargate_fluentbit"></a> [fargate\_fluentbit](#module\_fargate\_fluentbit) | ./fargate-fluentbit | n/a |
-| <a name="module_gatekeeper"></a> [gatekeeper](#module\_gatekeeper) | ./gatekeeper | n/a |
-| <a name="module_grafana"></a> [grafana](#module\_grafana) | ./grafana | n/a |
-| <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | ./ingress-nginx | n/a |
-| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | ./karpenter | n/a |
-| <a name="module_keda"></a> [keda](#module\_keda) | ./keda | n/a |
-| <a name="module_kube_prometheus_stack"></a> [kube\_prometheus\_stack](#module\_kube\_prometheus\_stack) | ./kube-prometheus-stack | n/a |
-| <a name="module_kube_state_metrics"></a> [kube\_state\_metrics](#module\_kube\_state\_metrics) | ./kube-state-metrics | n/a |
-| <a name="module_kubecost"></a> [kubecost](#module\_kubecost) | ./kubecost | n/a |
-| <a name="module_kuberay_operator"></a> [kuberay\_operator](#module\_kuberay\_operator) | ./kuberay-operator | n/a |
-| <a name="module_kubernetes_dashboard"></a> [kubernetes\_dashboard](#module\_kubernetes\_dashboard) | ./kubernetes-dashboard | n/a |
-| <a name="module_kyverno"></a> [kyverno](#module\_kyverno) | ./kyverno | n/a |
-| <a name="module_local_volume_provisioner"></a> [local\_volume\_provisioner](#module\_local\_volume\_provisioner) | ./local-volume-provisioner | n/a |
-| <a name="module_metrics_server"></a> [metrics\_server](#module\_metrics\_server) | ./metrics-server | n/a |
-| <a name="module_nvidia_device_plugin"></a> [nvidia\_device\_plugin](#module\_nvidia\_device\_plugin) | ./nvidia-device-plugin | n/a |
-| <a name="module_ondat"></a> [ondat](#module\_ondat) | ./ondat | n/a |
-| <a name="module_opentelemetry_operator"></a> [opentelemetry\_operator](#module\_opentelemetry\_operator) | ./opentelemetry-operator | n/a |
-| <a name="module_portworx"></a> [portworx](#module\_portworx) | portworx/portworx-addon/eksblueprints | 0.0.6 |
-| <a name="module_prometheus"></a> [prometheus](#module\_prometheus) | ./prometheus | n/a |
-| <a name="module_promtail"></a> [promtail](#module\_promtail) | ./promtail | n/a |
-| <a name="module_reloader"></a> [reloader](#module\_reloader) | ./reloader | n/a |
-| <a name="module_secrets_store_csi_driver"></a> [secrets\_store\_csi\_driver](#module\_secrets\_store\_csi\_driver) | ./secrets-store-csi-driver | n/a |
-| <a name="module_smb_csi_driver"></a> [smb\_csi\_driver](#module\_smb\_csi\_driver) | ./smb-csi-driver | n/a |
-| <a name="module_spark_history_server"></a> [spark\_history\_server](#module\_spark\_history\_server) | ./spark-history-server | n/a |
-| <a name="module_spark_k8s_operator"></a> [spark\_k8s\_operator](#module\_spark\_k8s\_operator) | ./spark-k8s-operator | n/a |
-| <a name="module_strimzi_kafka_operator"></a> [strimzi\_kafka\_operator](#module\_strimzi\_kafka\_operator) | ./strimzi-kafka-operator | n/a |
-| <a name="module_sysdig_agent"></a> [sysdig\_agent](#module\_sysdig\_agent) | sysdiglabs/sysdig-addon/eksblueprints | 0.0.3 |
-| <a name="module_tetrate_istio"></a> [tetrate\_istio](#module\_tetrate\_istio) | ./tetrate-istio | n/a |
-| <a name="module_thanos"></a> [thanos](#module\_thanos) | ./thanos | n/a |
-| <a name="module_traefik"></a> [traefik](#module\_traefik) | ./traefik | n/a |
-| <a name="module_vault"></a> [vault](#module\_vault) | hashicorp/hashicorp-vault-eks-addon/aws | 1.0.0-rc2 |
-| <a name="module_velero"></a> [velero](#module\_velero) | ./velero | n/a |
-| <a name="module_vpa"></a> [vpa](#module\_vpa) | ./vpa | n/a |
-| <a name="module_yunikorn"></a> [yunikorn](#module\_yunikorn) | ./yunikorn | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [time_sleep.dataplane](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_adot_collector_haproxy_helm_config"></a> [adot\_collector\_haproxy\_helm\_config](#input\_adot\_collector\_haproxy\_helm\_config) | ADOT Collector HAProxy Helm Chart config | `any` | `{}` | no |
-| <a name="input_adot_collector_java_helm_config"></a> [adot\_collector\_java\_helm\_config](#input\_adot\_collector\_java\_helm\_config) | ADOT Collector Java Helm Chart config | `any` | `{}` | no |
-| <a name="input_adot_collector_memcached_helm_config"></a> [adot\_collector\_memcached\_helm\_config](#input\_adot\_collector\_memcached\_helm\_config) | ADOT Collector Memcached Helm Chart config | `any` | `{}` | no |
-| <a name="input_adot_collector_nginx_helm_config"></a> [adot\_collector\_nginx\_helm\_config](#input\_adot\_collector\_nginx\_helm\_config) | ADOT Collector Nginx Helm Chart config | `any` | `{}` | no |
-| <a name="input_agones_helm_config"></a> [agones\_helm\_config](#input\_agones\_helm\_config) | Agones GameServer Helm Chart config | `any` | `{}` | no |
-| <a name="input_airflow_helm_config"></a> [airflow\_helm\_config](#input\_airflow\_helm\_config) | Apache Airflow v2 Helm Chart config | `any` | `{}` | no |
-| <a name="input_amazon_eks_adot_config"></a> [amazon\_eks\_adot\_config](#input\_amazon\_eks\_adot\_config) | Configuration for Amazon EKS ADOT add-on | `any` | `{}` | no |
-| <a name="input_amazon_eks_aws_ebs_csi_driver_config"></a> [amazon\_eks\_aws\_ebs\_csi\_driver\_config](#input\_amazon\_eks\_aws\_ebs\_csi\_driver\_config) | configMap for AWS EBS CSI Driver add-on | `any` | `{}` | no |
-| <a name="input_amazon_eks_coredns_config"></a> [amazon\_eks\_coredns\_config](#input\_amazon\_eks\_coredns\_config) | Configuration for Amazon CoreDNS EKS add-on | `any` | `{}` | no |
-| <a name="input_amazon_eks_kube_proxy_config"></a> [amazon\_eks\_kube\_proxy\_config](#input\_amazon\_eks\_kube\_proxy\_config) | ConfigMap for Amazon EKS Kube-Proxy add-on | `any` | `{}` | no |
-| <a name="input_amazon_eks_vpc_cni_config"></a> [amazon\_eks\_vpc\_cni\_config](#input\_amazon\_eks\_vpc\_cni\_config) | ConfigMap of Amazon EKS VPC CNI add-on | `any` | `{}` | no |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | AWS Managed Prometheus WorkSpace Endpoint | `string` | `null` | no |
-| <a name="input_amazon_prometheus_workspace_region"></a> [amazon\_prometheus\_workspace\_region](#input\_amazon\_prometheus\_workspace\_region) | AWS Managed Prometheus WorkSpace Region | `string` | `null` | no |
-| <a name="input_appmesh_helm_config"></a> [appmesh\_helm\_config](#input\_appmesh\_helm\_config) | AppMesh Helm Chart config | `any` | `{}` | no |
-| <a name="input_appmesh_irsa_policies"></a> [appmesh\_irsa\_policies](#input\_appmesh\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_argo_rollouts_helm_config"></a> [argo\_rollouts\_helm\_config](#input\_argo\_rollouts\_helm\_config) | Argo Rollouts Helm Chart config | `any` | `null` | no |
-| <a name="input_argo_workflows_helm_config"></a> [argo\_workflows\_helm\_config](#input\_argo\_workflows\_helm\_config) | Argo workflows Helm Chart config | `any` | `null` | no |
-| <a name="input_argocd_applications"></a> [argocd\_applications](#input\_argocd\_applications) | Argo CD Applications config to bootstrap the cluster | `any` | `{}` | no |
-| <a name="input_argocd_helm_config"></a> [argocd\_helm\_config](#input\_argocd\_helm\_config) | Argo CD Kubernetes add-on config | `any` | `{}` | no |
-| <a name="input_argocd_manage_add_ons"></a> [argocd\_manage\_add\_ons](#input\_argocd\_manage\_add\_ons) | Enable managing add-on configuration via ArgoCD App of Apps | `bool` | `false` | no |
-| <a name="input_auto_scaling_group_names"></a> [auto\_scaling\_group\_names](#input\_auto\_scaling\_group\_names) | List of self-managed node groups autoscaling group names | `list(string)` | `[]` | no |
-| <a name="input_aws_cloudwatch_metrics_helm_config"></a> [aws\_cloudwatch\_metrics\_helm\_config](#input\_aws\_cloudwatch\_metrics\_helm\_config) | AWS CloudWatch Metrics Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_cloudwatch_metrics_irsa_policies"></a> [aws\_cloudwatch\_metrics\_irsa\_policies](#input\_aws\_cloudwatch\_metrics\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_aws_efs_csi_driver_helm_config"></a> [aws\_efs\_csi\_driver\_helm\_config](#input\_aws\_efs\_csi\_driver\_helm\_config) | AWS EFS CSI driver Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_efs_csi_driver_irsa_policies"></a> [aws\_efs\_csi\_driver\_irsa\_policies](#input\_aws\_efs\_csi\_driver\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_aws_for_fluentbit_create_cw_log_group"></a> [aws\_for\_fluentbit\_create\_cw\_log\_group](#input\_aws\_for\_fluentbit\_create\_cw\_log\_group) | Set to false to use existing CloudWatch log group supplied via the cw\_log\_group\_name variable. | `bool` | `true` | no |
-| <a name="input_aws_for_fluentbit_cw_log_group_kms_key_arn"></a> [aws\_for\_fluentbit\_cw\_log\_group\_kms\_key\_arn](#input\_aws\_for\_fluentbit\_cw\_log\_group\_kms\_key\_arn) | FluentBit CloudWatch Log group KMS Key | `string` | `null` | no |
-| <a name="input_aws_for_fluentbit_cw_log_group_name"></a> [aws\_for\_fluentbit\_cw\_log\_group\_name](#input\_aws\_for\_fluentbit\_cw\_log\_group\_name) | FluentBit CloudWatch Log group name | `string` | `null` | no |
-| <a name="input_aws_for_fluentbit_cw_log_group_retention"></a> [aws\_for\_fluentbit\_cw\_log\_group\_retention](#input\_aws\_for\_fluentbit\_cw\_log\_group\_retention) | FluentBit CloudWatch Log group retention period | `number` | `90` | no |
-| <a name="input_aws_for_fluentbit_helm_config"></a> [aws\_for\_fluentbit\_helm\_config](#input\_aws\_for\_fluentbit\_helm\_config) | AWS for FluentBit Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_for_fluentbit_irsa_policies"></a> [aws\_for\_fluentbit\_irsa\_policies](#input\_aws\_for\_fluentbit\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_aws_fsx_csi_driver_helm_config"></a> [aws\_fsx\_csi\_driver\_helm\_config](#input\_aws\_fsx\_csi\_driver\_helm\_config) | AWS FSx CSI driver Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_fsx_csi_driver_irsa_policies"></a> [aws\_fsx\_csi\_driver\_irsa\_policies](#input\_aws\_fsx\_csi\_driver\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_aws_load_balancer_controller_helm_config"></a> [aws\_load\_balancer\_controller\_helm\_config](#input\_aws\_load\_balancer\_controller\_helm\_config) | AWS Load Balancer Controller Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_node_termination_handler_helm_config"></a> [aws\_node\_termination\_handler\_helm\_config](#input\_aws\_node\_termination\_handler\_helm\_config) | AWS Node Termination Handler Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_node_termination_handler_irsa_policies"></a> [aws\_node\_termination\_handler\_irsa\_policies](#input\_aws\_node\_termination\_handler\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_aws_privateca_acmca_arn"></a> [aws\_privateca\_acmca\_arn](#input\_aws\_privateca\_acmca\_arn) | ARN of AWS ACM PCA | `string` | `""` | no |
-| <a name="input_aws_privateca_issuer_helm_config"></a> [aws\_privateca\_issuer\_helm\_config](#input\_aws\_privateca\_issuer\_helm\_config) | PCA Issuer Helm Chart config | `any` | `{}` | no |
-| <a name="input_aws_privateca_issuer_irsa_policies"></a> [aws\_privateca\_issuer\_irsa\_policies](#input\_aws\_privateca\_issuer\_irsa\_policies) | IAM policy ARNs for AWS ACM PCA IRSA | `list(string)` | `[]` | no |
-| <a name="input_calico_helm_config"></a> [calico\_helm\_config](#input\_calico\_helm\_config) | Calico add-on config | `any` | `{}` | no |
-| <a name="input_cert_manager_csi_driver_helm_config"></a> [cert\_manager\_csi\_driver\_helm\_config](#input\_cert\_manager\_csi\_driver\_helm\_config) | Cert Manager CSI Driver Helm Chart config | `any` | `{}` | no |
-| <a name="input_cert_manager_domain_names"></a> [cert\_manager\_domain\_names](#input\_cert\_manager\_domain\_names) | Domain names of the Route53 hosted zone to use with cert-manager | `list(string)` | `[]` | no |
-| <a name="input_cert_manager_helm_config"></a> [cert\_manager\_helm\_config](#input\_cert\_manager\_helm\_config) | Cert Manager Helm Chart config | `any` | `{}` | no |
-| <a name="input_cert_manager_install_letsencrypt_issuers"></a> [cert\_manager\_install\_letsencrypt\_issuers](#input\_cert\_manager\_install\_letsencrypt\_issuers) | Install Let's Encrypt Cluster Issuers | `bool` | `true` | no |
-| <a name="input_cert_manager_irsa_policies"></a> [cert\_manager\_irsa\_policies](#input\_cert\_manager\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_cert_manager_istio_csr_helm_config"></a> [cert\_manager\_istio\_csr\_helm\_config](#input\_cert\_manager\_istio\_csr\_helm\_config) | Cert Manager Istio CSR Helm Chart config | `any` | `{}` | no |
-| <a name="input_cert_manager_kubernetes_svc_image_pull_secrets"></a> [cert\_manager\_kubernetes\_svc\_image\_pull\_secrets](#input\_cert\_manager\_kubernetes\_svc\_image\_pull\_secrets) | list(string) of kubernetes imagePullSecrets | `list(string)` | `[]` | no |
-| <a name="input_cert_manager_letsencrypt_email"></a> [cert\_manager\_letsencrypt\_email](#input\_cert\_manager\_letsencrypt\_email) | Email address for expiration emails from Let's Encrypt | `string` | `""` | no |
-| <a name="input_chaos_mesh_helm_config"></a> [chaos\_mesh\_helm\_config](#input\_chaos\_mesh\_helm\_config) | Chaos Mesh Helm Chart config | `any` | `{}` | no |
-| <a name="input_cilium_enable_wireguard"></a> [cilium\_enable\_wireguard](#input\_cilium\_enable\_wireguard) | Enable wireguard encryption | `bool` | `false` | no |
-| <a name="input_cilium_helm_config"></a> [cilium\_helm\_config](#input\_cilium\_helm\_config) | Cilium Helm Chart config | `any` | `{}` | no |
-| <a name="input_cluster_autoscaler_helm_config"></a> [cluster\_autoscaler\_helm\_config](#input\_cluster\_autoscaler\_helm\_config) | Cluster Autoscaler Helm Chart config | `any` | `{}` | no |
-| <a name="input_consul_helm_config"></a> [consul\_helm\_config](#input\_consul\_helm\_config) | Consul Helm Chart config | `any` | `{}` | no |
-| <a name="input_coredns_autoscaler_helm_config"></a> [coredns\_autoscaler\_helm\_config](#input\_coredns\_autoscaler\_helm\_config) | CoreDNS Autoscaler Helm Chart config | `any` | `{}` | no |
-| <a name="input_coredns_cluster_proportional_autoscaler_helm_config"></a> [coredns\_cluster\_proportional\_autoscaler\_helm\_config](#input\_coredns\_cluster\_proportional\_autoscaler\_helm\_config) | Helm provider config for the CoreDNS cluster-proportional-autoscaler | `any` | `{}` | no |
-| <a name="input_crossplane_aws_provider"></a> [crossplane\_aws\_provider](#input\_crossplane\_aws\_provider) | AWS Provider config for Crossplane | `any` | <pre>{<br>  "enable": false<br>}</pre> | no |
-| <a name="input_crossplane_helm_config"></a> [crossplane\_helm\_config](#input\_crossplane\_helm\_config) | Crossplane Helm Chart config | `any` | `null` | no |
-| <a name="input_crossplane_helm_provider"></a> [crossplane\_helm\_provider](#input\_crossplane\_helm\_provider) | Helm Provider config for Crossplane | `any` | <pre>{<br>  "enable": false<br>}</pre> | no |
-| <a name="input_crossplane_jet_aws_provider"></a> [crossplane\_jet\_aws\_provider](#input\_crossplane\_jet\_aws\_provider) | AWS Provider Jet AWS config for Crossplane | <pre>object({<br>    enable                   = bool<br>    provider_aws_version     = string<br>    additional_irsa_policies = list(string)<br>  })</pre> | <pre>{<br>  "additional_irsa_policies": [],<br>  "enable": false,<br>  "provider_aws_version": "v0.24.1"<br>}</pre> | no |
-| <a name="input_crossplane_kubernetes_provider"></a> [crossplane\_kubernetes\_provider](#input\_crossplane\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | `any` | <pre>{<br>  "enable": false<br>}</pre> | no |
-| <a name="input_crossplane_upbound_aws_provider"></a> [crossplane\_upbound\_aws\_provider](#input\_crossplane\_upbound\_aws\_provider) | AWS Upbound Provider config for Crossplane | `any` | <pre>{<br>  "enable": false<br>}</pre> | no |
-| <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
-| <a name="input_custom_image_registry_uri"></a> [custom\_image\_registry\_uri](#input\_custom\_image\_registry\_uri) | Custom image registry URI map of `{region = dkr.endpoint }` | `map(string)` | `{}` | no |
-| <a name="input_data_plane_wait_arn"></a> [data\_plane\_wait\_arn](#input\_data\_plane\_wait\_arn) | Addon deployment will not proceed until this value is known. Set to node group/Fargate profile ARN to wait for data plane to be ready before provisioning addons | `string` | `""` | no |
-| <a name="input_datadog_operator_helm_config"></a> [datadog\_operator\_helm\_config](#input\_datadog\_operator\_helm\_config) | Datadog Operator Helm Chart config | `any` | `{}` | no |
-| <a name="input_eks_cluster_domain"></a> [eks\_cluster\_domain](#input\_eks\_cluster\_domain) | The domain for the EKS cluster | `string` | `""` | no |
-| <a name="input_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#input\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server | `string` | `null` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
-| <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | The Kubernetes version for the cluster | `string` | `null` | no |
-| <a name="input_eks_oidc_provider"></a> [eks\_oidc\_provider](#input\_eks\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | `string` | `null` | no |
-| <a name="input_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#input\_eks\_oidc\_provider\_arn) | The OpenID Connect identity provider ARN | `string` | `null` | no |
-| <a name="input_eks_worker_security_group_id"></a> [eks\_worker\_security\_group\_id](#input\_eks\_worker\_security\_group\_id) | EKS Worker Security group Id created by EKS module | `string` | `""` | no |
-| <a name="input_emr_on_eks_config"></a> [emr\_on\_eks\_config](#input\_emr\_on\_eks\_config) | EMR on EKS Helm configuration values | `any` | `{}` | no |
-| <a name="input_enable_adot_collector_haproxy"></a> [enable\_adot\_collector\_haproxy](#input\_enable\_adot\_collector\_haproxy) | Enable metrics for HAProxy workloads | `bool` | `false` | no |
-| <a name="input_enable_adot_collector_java"></a> [enable\_adot\_collector\_java](#input\_enable\_adot\_collector\_java) | Enable metrics for JMX workloads | `bool` | `false` | no |
-| <a name="input_enable_adot_collector_memcached"></a> [enable\_adot\_collector\_memcached](#input\_enable\_adot\_collector\_memcached) | Enable metrics for Memcached workloads | `bool` | `false` | no |
-| <a name="input_enable_adot_collector_nginx"></a> [enable\_adot\_collector\_nginx](#input\_enable\_adot\_collector\_nginx) | Enable metrics for Nginx workloads | `bool` | `false` | no |
-| <a name="input_enable_agones"></a> [enable\_agones](#input\_enable\_agones) | Enable Agones GamServer add-on | `bool` | `false` | no |
-| <a name="input_enable_airflow"></a> [enable\_airflow](#input\_enable\_airflow) | Enable Airflow add-on | `bool` | `false` | no |
-| <a name="input_enable_amazon_eks_adot"></a> [enable\_amazon\_eks\_adot](#input\_enable\_amazon\_eks\_adot) | Enable Amazon EKS ADOT addon | `bool` | `false` | no |
-| <a name="input_enable_amazon_eks_aws_ebs_csi_driver"></a> [enable\_amazon\_eks\_aws\_ebs\_csi\_driver](#input\_enable\_amazon\_eks\_aws\_ebs\_csi\_driver) | Enable EKS Managed AWS EBS CSI Driver add-on; enable\_amazon\_eks\_aws\_ebs\_csi\_driver and enable\_self\_managed\_aws\_ebs\_csi\_driver are mutually exclusive | `bool` | `false` | no |
-| <a name="input_enable_amazon_eks_coredns"></a> [enable\_amazon\_eks\_coredns](#input\_enable\_amazon\_eks\_coredns) | Enable Amazon EKS CoreDNS add-on | `bool` | `false` | no |
-| <a name="input_enable_amazon_eks_kube_proxy"></a> [enable\_amazon\_eks\_kube\_proxy](#input\_enable\_amazon\_eks\_kube\_proxy) | Enable Kube Proxy add-on | `bool` | `false` | no |
-| <a name="input_enable_amazon_eks_vpc_cni"></a> [enable\_amazon\_eks\_vpc\_cni](#input\_enable\_amazon\_eks\_vpc\_cni) | Enable VPC CNI add-on | `bool` | `false` | no |
-| <a name="input_enable_amazon_prometheus"></a> [enable\_amazon\_prometheus](#input\_enable\_amazon\_prometheus) | Enable AWS Managed Prometheus service | `bool` | `false` | no |
-| <a name="input_enable_app_2048"></a> [enable\_app\_2048](#input\_enable\_app\_2048) | Enable sample app 2048 | `bool` | `false` | no |
-| <a name="input_enable_appmesh_controller"></a> [enable\_appmesh\_controller](#input\_enable\_appmesh\_controller) | Enable AppMesh add-on | `bool` | `false` | no |
-| <a name="input_enable_argo_rollouts"></a> [enable\_argo\_rollouts](#input\_enable\_argo\_rollouts) | Enable Argo Rollouts add-on | `bool` | `false` | no |
-| <a name="input_enable_argo_workflows"></a> [enable\_argo\_workflows](#input\_enable\_argo\_workflows) | Enable Argo workflows add-on | `bool` | `false` | no |
-| <a name="input_enable_argocd"></a> [enable\_argocd](#input\_enable\_argocd) | Enable Argo CD Kubernetes add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_cloudwatch_metrics"></a> [enable\_aws\_cloudwatch\_metrics](#input\_enable\_aws\_cloudwatch\_metrics) | Enable AWS CloudWatch Metrics add-on for Container Insights | `bool` | `false` | no |
-| <a name="input_enable_aws_efs_csi_driver"></a> [enable\_aws\_efs\_csi\_driver](#input\_enable\_aws\_efs\_csi\_driver) | Enable AWS EFS CSI driver add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_for_fluentbit"></a> [enable\_aws\_for\_fluentbit](#input\_enable\_aws\_for\_fluentbit) | Enable AWS for FluentBit add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_fsx_csi_driver"></a> [enable\_aws\_fsx\_csi\_driver](#input\_enable\_aws\_fsx\_csi\_driver) | Enable AWS FSx CSI driver add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_load_balancer_controller"></a> [enable\_aws\_load\_balancer\_controller](#input\_enable\_aws\_load\_balancer\_controller) | Enable AWS Load Balancer Controller add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_node_termination_handler"></a> [enable\_aws\_node\_termination\_handler](#input\_enable\_aws\_node\_termination\_handler) | Enable AWS Node Termination Handler add-on | `bool` | `false` | no |
-| <a name="input_enable_aws_privateca_issuer"></a> [enable\_aws\_privateca\_issuer](#input\_enable\_aws\_privateca\_issuer) | Enable PCA Issuer | `bool` | `false` | no |
-| <a name="input_enable_calico"></a> [enable\_calico](#input\_enable\_calico) | Enable Calico add-on | `bool` | `false` | no |
-| <a name="input_enable_cert_manager"></a> [enable\_cert\_manager](#input\_enable\_cert\_manager) | Enable Cert Manager add-on | `bool` | `false` | no |
-| <a name="input_enable_cert_manager_csi_driver"></a> [enable\_cert\_manager\_csi\_driver](#input\_enable\_cert\_manager\_csi\_driver) | Enable Cert Manager CSI Driver add-on | `bool` | `false` | no |
-| <a name="input_enable_cert_manager_istio_csr"></a> [enable\_cert\_manager\_istio\_csr](#input\_enable\_cert\_manager\_istio\_csr) | Enable Cert Manager istio-csr add-on | `bool` | `false` | no |
-| <a name="input_enable_chaos_mesh"></a> [enable\_chaos\_mesh](#input\_enable\_chaos\_mesh) | Enable Chaos Mesh add-on | `bool` | `false` | no |
-| <a name="input_enable_cilium"></a> [enable\_cilium](#input\_enable\_cilium) | Enable Cilium add-on | `bool` | `false` | no |
-| <a name="input_enable_cluster_autoscaler"></a> [enable\_cluster\_autoscaler](#input\_enable\_cluster\_autoscaler) | Enable Cluster autoscaler add-on | `bool` | `false` | no |
-| <a name="input_enable_consul"></a> [enable\_consul](#input\_enable\_consul) | Enable consul add-on | `bool` | `false` | no |
-| <a name="input_enable_coredns_autoscaler"></a> [enable\_coredns\_autoscaler](#input\_enable\_coredns\_autoscaler) | Enable CoreDNS autoscaler add-on | `bool` | `false` | no |
-| <a name="input_enable_coredns_cluster_proportional_autoscaler"></a> [enable\_coredns\_cluster\_proportional\_autoscaler](#input\_enable\_coredns\_cluster\_proportional\_autoscaler) | Enable cluster-proportional-autoscaler for CoreDNS | `bool` | `true` | no |
-| <a name="input_enable_crossplane"></a> [enable\_crossplane](#input\_enable\_crossplane) | Enable Crossplane add-on | `bool` | `false` | no |
-| <a name="input_enable_datadog_operator"></a> [enable\_datadog\_operator](#input\_enable\_datadog\_operator) | Enable Datadog Operator add-on | `bool` | `false` | no |
-| <a name="input_enable_emr_on_eks"></a> [enable\_emr\_on\_eks](#input\_enable\_emr\_on\_eks) | Enable EMR on EKS add-on | `bool` | `false` | no |
-| <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | External DNS add-on | `bool` | `false` | no |
-| <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |
-| <a name="input_enable_fargate_fluentbit"></a> [enable\_fargate\_fluentbit](#input\_enable\_fargate\_fluentbit) | Enable Fargate FluentBit add-on | `bool` | `false` | no |
-| <a name="input_enable_gatekeeper"></a> [enable\_gatekeeper](#input\_enable\_gatekeeper) | Enable Gatekeeper add-on | `bool` | `false` | no |
-| <a name="input_enable_grafana"></a> [enable\_grafana](#input\_enable\_grafana) | Enable Grafana add-on | `bool` | `false` | no |
-| <a name="input_enable_ingress_nginx"></a> [enable\_ingress\_nginx](#input\_enable\_ingress\_nginx) | Enable Ingress Nginx add-on | `bool` | `false` | no |
-| <a name="input_enable_ipv6"></a> [enable\_ipv6](#input\_enable\_ipv6) | Enable Ipv6 network. Attaches new VPC CNI policy to the IRSA role | `bool` | `false` | no |
-| <a name="input_enable_karpenter"></a> [enable\_karpenter](#input\_enable\_karpenter) | Enable Karpenter autoscaler add-on | `bool` | `false` | no |
-| <a name="input_enable_keda"></a> [enable\_keda](#input\_enable\_keda) | Enable KEDA Event-based autoscaler add-on | `bool` | `false` | no |
-| <a name="input_enable_kube_prometheus_stack"></a> [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Community kube-prometheus-stack add-on | `bool` | `false` | no |
-| <a name="input_enable_kube_state_metrics"></a> [enable\_kube\_state\_metrics](#input\_enable\_kube\_state\_metrics) | Enable Kube State Metrics add-on | `bool` | `false` | no |
-| <a name="input_enable_kubecost"></a> [enable\_kubecost](#input\_enable\_kubecost) | Enable Kubecost add-on | `bool` | `false` | no |
-| <a name="input_enable_kuberay_operator"></a> [enable\_kuberay\_operator](#input\_enable\_kuberay\_operator) | Enable KubeRay Operator add-on | `bool` | `false` | no |
-| <a name="input_enable_kubernetes_dashboard"></a> [enable\_kubernetes\_dashboard](#input\_enable\_kubernetes\_dashboard) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
-| <a name="input_enable_kyverno"></a> [enable\_kyverno](#input\_enable\_kyverno) | Enable Kyverno add-on | `bool` | `false` | no |
-| <a name="input_enable_kyverno_policies"></a> [enable\_kyverno\_policies](#input\_enable\_kyverno\_policies) | Enable Kyverno policies. Requires `enable_kyverno` to be `true` | `bool` | `false` | no |
-| <a name="input_enable_kyverno_policy_reporter"></a> [enable\_kyverno\_policy\_reporter](#input\_enable\_kyverno\_policy\_reporter) | Enable Kyverno UI. Requires `enable_kyverno` to be `true` | `bool` | `false` | no |
-| <a name="input_enable_local_volume_provisioner"></a> [enable\_local\_volume\_provisioner](#input\_enable\_local\_volume\_provisioner) | Enable Local volume provisioner add-on | `bool` | `false` | no |
-| <a name="input_enable_metrics_server"></a> [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no |
-| <a name="input_enable_nvidia_device_plugin"></a> [enable\_nvidia\_device\_plugin](#input\_enable\_nvidia\_device\_plugin) | Enable NVIDIA device plugin add-on | `bool` | `false` | no |
-| <a name="input_enable_ondat"></a> [enable\_ondat](#input\_enable\_ondat) | Enable Ondat add-on | `bool` | `false` | no |
-| <a name="input_enable_opentelemetry_operator"></a> [enable\_opentelemetry\_operator](#input\_enable\_opentelemetry\_operator) | Enable opentelemetry operator add-on | `bool` | `false` | no |
-| <a name="input_enable_portworx"></a> [enable\_portworx](#input\_enable\_portworx) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
-| <a name="input_enable_prometheus"></a> [enable\_prometheus](#input\_enable\_prometheus) | Enable Community Prometheus add-on | `bool` | `false` | no |
-| <a name="input_enable_promtail"></a> [enable\_promtail](#input\_enable\_promtail) | Enable Promtail add-on | `bool` | `false` | no |
-| <a name="input_enable_reloader"></a> [enable\_reloader](#input\_enable\_reloader) | Enable Reloader add-on | `bool` | `false` | no |
-| <a name="input_enable_secrets_store_csi_driver"></a> [enable\_secrets\_store\_csi\_driver](#input\_enable\_secrets\_store\_csi\_driver) | Enable CSI Secrets Store Provider | `bool` | `false` | no |
-| <a name="input_enable_secrets_store_csi_driver_provider_aws"></a> [enable\_secrets\_store\_csi\_driver\_provider\_aws](#input\_enable\_secrets\_store\_csi\_driver\_provider\_aws) | Enable AWS CSI Secrets Store Provider | `bool` | `false` | no |
-| <a name="input_enable_self_managed_aws_ebs_csi_driver"></a> [enable\_self\_managed\_aws\_ebs\_csi\_driver](#input\_enable\_self\_managed\_aws\_ebs\_csi\_driver) | Enable self-managed aws-ebs-csi-driver add-on; enable\_self\_managed\_aws\_ebs\_csi\_driver and enable\_amazon\_eks\_aws\_ebs\_csi\_driver are mutually exclusive | `bool` | `false` | no |
-| <a name="input_enable_self_managed_coredns"></a> [enable\_self\_managed\_coredns](#input\_enable\_self\_managed\_coredns) | Enable self-managed CoreDNS add-on | `bool` | `false` | no |
-| <a name="input_enable_smb_csi_driver"></a> [enable\_smb\_csi\_driver](#input\_enable\_smb\_csi\_driver) | Enable SMB CSI driver add-on | `bool` | `false` | no |
-| <a name="input_enable_spark_history_server"></a> [enable\_spark\_history\_server](#input\_enable\_spark\_history\_server) | Enable Spark History Server add-on | `bool` | `false` | no |
-| <a name="input_enable_spark_k8s_operator"></a> [enable\_spark\_k8s\_operator](#input\_enable\_spark\_k8s\_operator) | Enable Spark on K8s Operator add-on | `bool` | `false` | no |
-| <a name="input_enable_strimzi_kafka_operator"></a> [enable\_strimzi\_kafka\_operator](#input\_enable\_strimzi\_kafka\_operator) | Enable Kafka add-on | `bool` | `false` | no |
-| <a name="input_enable_sysdig_agent"></a> [enable\_sysdig\_agent](#input\_enable\_sysdig\_agent) | Enable Sysdig Agent add-on | `bool` | `false` | no |
-| <a name="input_enable_tetrate_istio"></a> [enable\_tetrate\_istio](#input\_enable\_tetrate\_istio) | Enable Tetrate Istio add-on | `bool` | `false` | no |
-| <a name="input_enable_thanos"></a> [enable\_thanos](#input\_enable\_thanos) | Enable Thanos add-on | `bool` | `false` | no |
-| <a name="input_enable_traefik"></a> [enable\_traefik](#input\_enable\_traefik) | Enable Traefik add-on | `bool` | `false` | no |
-| <a name="input_enable_vault"></a> [enable\_vault](#input\_enable\_vault) | Enable HashiCorp Vault add-on | `bool` | `false` | no |
-| <a name="input_enable_velero"></a> [enable\_velero](#input\_enable\_velero) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
-| <a name="input_enable_vpa"></a> [enable\_vpa](#input\_enable\_vpa) | Enable Vertical Pod Autoscaler add-on | `bool` | `false` | no |
-| <a name="input_enable_yunikorn"></a> [enable\_yunikorn](#input\_enable\_yunikorn) | Enable Apache YuniKorn K8s scheduler add-on | `bool` | `false` | no |
-| <a name="input_external_dns_helm_config"></a> [external\_dns\_helm\_config](#input\_external\_dns\_helm\_config) | External DNS Helm Chart config | `any` | `{}` | no |
-| <a name="input_external_dns_irsa_policies"></a> [external\_dns\_irsa\_policies](#input\_external\_dns\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_external_dns_private_zone"></a> [external\_dns\_private\_zone](#input\_external\_dns\_private\_zone) | Determines if referenced Route53 zone is private. | `bool` | `false` | no |
-| <a name="input_external_dns_route53_zone_arns"></a> [external\_dns\_route53\_zone\_arns](#input\_external\_dns\_route53\_zone\_arns) | List of Route53 zones ARNs which external-dns will have access to create/manage records | `list(string)` | `[]` | no |
-| <a name="input_external_secrets_helm_config"></a> [external\_secrets\_helm\_config](#input\_external\_secrets\_helm\_config) | External Secrets operator Helm Chart config | `any` | `{}` | no |
-| <a name="input_external_secrets_irsa_policies"></a> [external\_secrets\_irsa\_policies](#input\_external\_secrets\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_external_secrets_secrets_manager_arns"></a> [external\_secrets\_secrets\_manager\_arns](#input\_external\_secrets\_secrets\_manager\_arns) | List of Secrets Manager ARNs that contain secrets to mount using External Secrets | `list(string)` | <pre>[<br>  "arn:aws:secretsmanager:*:*:secret:*"<br>]</pre> | no |
-| <a name="input_external_secrets_ssm_parameter_arns"></a> [external\_secrets\_ssm\_parameter\_arns](#input\_external\_secrets\_ssm\_parameter\_arns) | List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets | `list(string)` | <pre>[<br>  "arn:aws:ssm:*:*:parameter/*"<br>]</pre> | no |
-| <a name="input_fargate_fluentbit_addon_config"></a> [fargate\_fluentbit\_addon\_config](#input\_fargate\_fluentbit\_addon\_config) | Fargate fluentbit add-on config | `any` | `{}` | no |
-| <a name="input_gatekeeper_helm_config"></a> [gatekeeper\_helm\_config](#input\_gatekeeper\_helm\_config) | Gatekeeper Helm Chart config | `any` | `{}` | no |
-| <a name="input_grafana_helm_config"></a> [grafana\_helm\_config](#input\_grafana\_helm\_config) | Kubernetes Grafana Helm Chart config | `any` | `null` | no |
-| <a name="input_grafana_irsa_policies"></a> [grafana\_irsa\_policies](#input\_grafana\_irsa\_policies) | IAM policy ARNs for grafana IRSA | `list(string)` | `[]` | no |
-| <a name="input_ingress_nginx_helm_config"></a> [ingress\_nginx\_helm\_config](#input\_ingress\_nginx\_helm\_config) | Ingress Nginx Helm Chart config | `any` | `{}` | no |
-| <a name="input_irsa_iam_permissions_boundary"></a> [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `""` | no |
-| <a name="input_irsa_iam_role_path"></a> [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no |
-| <a name="input_karpenter_enable_spot_termination_handling"></a> [karpenter\_enable\_spot\_termination\_handling](#input\_karpenter\_enable\_spot\_termination\_handling) | Determines whether to enable native spot termination handling | `bool` | `false` | no |
-| <a name="input_karpenter_event_rule_name_prefix"></a> [karpenter\_event\_rule\_name\_prefix](#input\_karpenter\_event\_rule\_name\_prefix) | Prefix used for karpenter event bridge rules | `string` | `""` | no |
-| <a name="input_karpenter_helm_config"></a> [karpenter\_helm\_config](#input\_karpenter\_helm\_config) | Karpenter autoscaler add-on config | `any` | `{}` | no |
-| <a name="input_karpenter_irsa_policies"></a> [karpenter\_irsa\_policies](#input\_karpenter\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_karpenter_node_iam_instance_profile"></a> [karpenter\_node\_iam\_instance\_profile](#input\_karpenter\_node\_iam\_instance\_profile) | Karpenter Node IAM Instance profile id | `string` | `""` | no |
-| <a name="input_keda_helm_config"></a> [keda\_helm\_config](#input\_keda\_helm\_config) | KEDA Event-based autoscaler add-on config | `any` | `{}` | no |
-| <a name="input_keda_irsa_policies"></a> [keda\_irsa\_policies](#input\_keda\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_kube_prometheus_stack_helm_config"></a> [kube\_prometheus\_stack\_helm\_config](#input\_kube\_prometheus\_stack\_helm\_config) | Community kube-prometheus-stack Helm Chart config | `any` | `{}` | no |
-| <a name="input_kube_state_metrics_helm_config"></a> [kube\_state\_metrics\_helm\_config](#input\_kube\_state\_metrics\_helm\_config) | Kube State Metrics Helm Chart config | `any` | `{}` | no |
-| <a name="input_kubecost_helm_config"></a> [kubecost\_helm\_config](#input\_kubecost\_helm\_config) | Kubecost Helm Chart config | `any` | `{}` | no |
-| <a name="input_kuberay_operator_helm_config"></a> [kuberay\_operator\_helm\_config](#input\_kuberay\_operator\_helm\_config) | KubeRay Operator Helm Chart config | `any` | `{}` | no |
-| <a name="input_kubernetes_dashboard_helm_config"></a> [kubernetes\_dashboard\_helm\_config](#input\_kubernetes\_dashboard\_helm\_config) | Kubernetes Dashboard Helm Chart config | `any` | `null` | no |
-| <a name="input_kyverno_helm_config"></a> [kyverno\_helm\_config](#input\_kyverno\_helm\_config) | Kyverno Helm Chart config | `any` | `{}` | no |
-| <a name="input_kyverno_policies_helm_config"></a> [kyverno\_policies\_helm\_config](#input\_kyverno\_policies\_helm\_config) | Kyverno policies Helm Chart config | `any` | `{}` | no |
-| <a name="input_kyverno_policy_reporter_helm_config"></a> [kyverno\_policy\_reporter\_helm\_config](#input\_kyverno\_policy\_reporter\_helm\_config) | Kyverno UI Helm Chart config | `any` | `{}` | no |
-| <a name="input_local_volume_provisioner_helm_config"></a> [local\_volume\_provisioner\_helm\_config](#input\_local\_volume\_provisioner\_helm\_config) | Local volume provisioner Helm Chart config | `any` | `{}` | no |
-| <a name="input_metrics_server_helm_config"></a> [metrics\_server\_helm\_config](#input\_metrics\_server\_helm\_config) | Metrics Server Helm Chart config | `any` | `{}` | no |
-| <a name="input_nvidia_device_plugin_helm_config"></a> [nvidia\_device\_plugin\_helm\_config](#input\_nvidia\_device\_plugin\_helm\_config) | NVIDIA device plugin Helm Chart config | `any` | `{}` | no |
-| <a name="input_ondat_admin_password"></a> [ondat\_admin\_password](#input\_ondat\_admin\_password) | Password for Ondat admin user | `string` | `"storageos"` | no |
-| <a name="input_ondat_admin_username"></a> [ondat\_admin\_username](#input\_ondat\_admin\_username) | Username for Ondat admin user | `string` | `"storageos"` | no |
-| <a name="input_ondat_create_cluster"></a> [ondat\_create\_cluster](#input\_ondat\_create\_cluster) | Create cluster resources | `bool` | `true` | no |
-| <a name="input_ondat_etcd_ca"></a> [ondat\_etcd\_ca](#input\_ondat\_etcd\_ca) | CA content for Ondat etcd | `string` | `null` | no |
-| <a name="input_ondat_etcd_cert"></a> [ondat\_etcd\_cert](#input\_ondat\_etcd\_cert) | Certificate content for Ondat etcd | `string` | `null` | no |
-| <a name="input_ondat_etcd_endpoints"></a> [ondat\_etcd\_endpoints](#input\_ondat\_etcd\_endpoints) | List of etcd endpoints for Ondat | `list(string)` | `[]` | no |
-| <a name="input_ondat_etcd_key"></a> [ondat\_etcd\_key](#input\_ondat\_etcd\_key) | Private key content for Ondat etcd | `string` | `null` | no |
-| <a name="input_ondat_helm_config"></a> [ondat\_helm\_config](#input\_ondat\_helm\_config) | Ondat Helm Chart config | `any` | `{}` | no |
-| <a name="input_ondat_irsa_policies"></a> [ondat\_irsa\_policies](#input\_ondat\_irsa\_policies) | IAM policy ARNs for Ondat IRSA | `list(string)` | `[]` | no |
-| <a name="input_opentelemetry_operator_helm_config"></a> [opentelemetry\_operator\_helm\_config](#input\_opentelemetry\_operator\_helm\_config) | Opentelemetry Operator Helm Chart config | `any` | `{}` | no |
-| <a name="input_portworx_helm_config"></a> [portworx\_helm\_config](#input\_portworx\_helm\_config) | Kubernetes Portworx Helm Chart config | `any` | `null` | no |
-| <a name="input_prometheus_helm_config"></a> [prometheus\_helm\_config](#input\_prometheus\_helm\_config) | Community Prometheus Helm Chart config | `any` | `{}` | no |
-| <a name="input_promtail_helm_config"></a> [promtail\_helm\_config](#input\_promtail\_helm\_config) | Promtail Helm Chart config | `any` | `{}` | no |
-| <a name="input_reloader_helm_config"></a> [reloader\_helm\_config](#input\_reloader\_helm\_config) | Reloader Helm Chart config | `any` | `{}` | no |
-| <a name="input_remove_default_coredns_deployment"></a> [remove\_default\_coredns\_deployment](#input\_remove\_default\_coredns\_deployment) | Determines whether the default deployment of CoreDNS is removed and ownership of kube-dns passed to Helm | `bool` | `false` | no |
-| <a name="input_secrets_store_csi_driver_helm_config"></a> [secrets\_store\_csi\_driver\_helm\_config](#input\_secrets\_store\_csi\_driver\_helm\_config) | CSI Secrets Store Provider Helm Configurations | `any` | `null` | no |
-| <a name="input_self_managed_aws_ebs_csi_driver_helm_config"></a> [self\_managed\_aws\_ebs\_csi\_driver\_helm\_config](#input\_self\_managed\_aws\_ebs\_csi\_driver\_helm\_config) | Self-managed aws-ebs-csi-driver Helm chart config | `any` | `{}` | no |
-| <a name="input_self_managed_coredns_helm_config"></a> [self\_managed\_coredns\_helm\_config](#input\_self\_managed\_coredns\_helm\_config) | Self-managed CoreDNS Helm chart config | `any` | `{}` | no |
-| <a name="input_smb_csi_driver_helm_config"></a> [smb\_csi\_driver\_helm\_config](#input\_smb\_csi\_driver\_helm\_config) | SMB CSI driver Helm Chart config | `any` | `{}` | no |
-| <a name="input_spark_history_server_helm_config"></a> [spark\_history\_server\_helm\_config](#input\_spark\_history\_server\_helm\_config) | Spark History Server Helm Chart config | `any` | `{}` | no |
-| <a name="input_spark_history_server_irsa_policies"></a> [spark\_history\_server\_irsa\_policies](#input\_spark\_history\_server\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_spark_history_server_s3a_path"></a> [spark\_history\_server\_s3a\_path](#input\_spark\_history\_server\_s3a\_path) | s3a path with prefix for Spark history server e.g., s3a://<bucket\_name>/<spark\_event\_logs> | `string` | `""` | no |
-| <a name="input_spark_k8s_operator_helm_config"></a> [spark\_k8s\_operator\_helm\_config](#input\_spark\_k8s\_operator\_helm\_config) | Spark on K8s Operator Helm Chart config | `any` | `{}` | no |
-| <a name="input_sqs_queue_kms_data_key_reuse_period_seconds"></a> [sqs\_queue\_kms\_data\_key\_reuse\_period\_seconds](#input\_sqs\_queue\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again | `number` | `null` | no |
-| <a name="input_sqs_queue_kms_master_key_id"></a> [sqs\_queue\_kms\_master\_key\_id](#input\_sqs\_queue\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | `string` | `null` | no |
-| <a name="input_sqs_queue_managed_sse_enabled"></a> [sqs\_queue\_managed\_sse\_enabled](#input\_sqs\_queue\_managed\_sse\_enabled) | Enable server-side encryption (SSE) for a SQS queue | `bool` | `true` | no |
-| <a name="input_strimzi_kafka_operator_helm_config"></a> [strimzi\_kafka\_operator\_helm\_config](#input\_strimzi\_kafka\_operator\_helm\_config) | Kafka Strimzi Helm Chart config | `any` | `{}` | no |
-| <a name="input_sysdig_agent_helm_config"></a> [sysdig\_agent\_helm\_config](#input\_sysdig\_agent\_helm\_config) | Sysdig Helm Chart config | `any` | `{}` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
-| <a name="input_tetrate_istio_base_helm_config"></a> [tetrate\_istio\_base\_helm\_config](#input\_tetrate\_istio\_base\_helm\_config) | Istio `base` Helm Chart config | `any` | `{}` | no |
-| <a name="input_tetrate_istio_cni_helm_config"></a> [tetrate\_istio\_cni\_helm\_config](#input\_tetrate\_istio\_cni\_helm\_config) | Istio `cni` Helm Chart config | `any` | `{}` | no |
-| <a name="input_tetrate_istio_distribution"></a> [tetrate\_istio\_distribution](#input\_tetrate\_istio\_distribution) | Istio distribution | `string` | `"TID"` | no |
-| <a name="input_tetrate_istio_gateway_helm_config"></a> [tetrate\_istio\_gateway\_helm\_config](#input\_tetrate\_istio\_gateway\_helm\_config) | Istio `gateway` Helm Chart config | `any` | `{}` | no |
-| <a name="input_tetrate_istio_install_base"></a> [tetrate\_istio\_install\_base](#input\_tetrate\_istio\_install\_base) | Install Istio `base` Helm Chart | `bool` | `true` | no |
-| <a name="input_tetrate_istio_install_cni"></a> [tetrate\_istio\_install\_cni](#input\_tetrate\_istio\_install\_cni) | Install Istio `cni` Helm Chart | `bool` | `true` | no |
-| <a name="input_tetrate_istio_install_gateway"></a> [tetrate\_istio\_install\_gateway](#input\_tetrate\_istio\_install\_gateway) | Install Istio `gateway` Helm Chart | `bool` | `true` | no |
-| <a name="input_tetrate_istio_install_istiod"></a> [tetrate\_istio\_install\_istiod](#input\_tetrate\_istio\_install\_istiod) | Install Istio `istiod` Helm Chart | `bool` | `true` | no |
-| <a name="input_tetrate_istio_istiod_helm_config"></a> [tetrate\_istio\_istiod\_helm\_config](#input\_tetrate\_istio\_istiod\_helm\_config) | Istio `istiod` Helm Chart config | `any` | `{}` | no |
-| <a name="input_tetrate_istio_version"></a> [tetrate\_istio\_version](#input\_tetrate\_istio\_version) | Istio version | `string` | `""` | no |
-| <a name="input_thanos_helm_config"></a> [thanos\_helm\_config](#input\_thanos\_helm\_config) | Thanos Helm Chart config | `any` | `{}` | no |
-| <a name="input_thanos_irsa_policies"></a> [thanos\_irsa\_policies](#input\_thanos\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_traefik_helm_config"></a> [traefik\_helm\_config](#input\_traefik\_helm\_config) | Traefik Helm Chart config | `any` | `{}` | no |
-| <a name="input_vault_helm_config"></a> [vault\_helm\_config](#input\_vault\_helm\_config) | HashiCorp Vault Helm Chart config | `any` | `null` | no |
-| <a name="input_velero_backup_s3_bucket"></a> [velero\_backup\_s3\_bucket](#input\_velero\_backup\_s3\_bucket) | Bucket name for velero bucket | `string` | `""` | no |
-| <a name="input_velero_helm_config"></a> [velero\_helm\_config](#input\_velero\_helm\_config) | Kubernetes Velero Helm Chart config | `any` | `null` | no |
-| <a name="input_velero_irsa_policies"></a> [velero\_irsa\_policies](#input\_velero\_irsa\_policies) | IAM policy ARNs for velero IRSA | `list(string)` | `[]` | no |
-| <a name="input_vpa_helm_config"></a> [vpa\_helm\_config](#input\_vpa\_helm\_config) | VPA Helm Chart config | `any` | `null` | no |
-| <a name="input_yunikorn_helm_config"></a> [yunikorn\_helm\_config](#input\_yunikorn\_helm\_config) | YuniKorn Helm Chart config | `any` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_adot_collector_haproxy"></a> [adot\_collector\_haproxy](#output\_adot\_collector\_haproxy) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_adot_collector_java"></a> [adot\_collector\_java](#output\_adot\_collector\_java) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_adot_collector_memcached"></a> [adot\_collector\_memcached](#output\_adot\_collector\_memcached) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_adot_collector_nginx"></a> [adot\_collector\_nginx](#output\_adot\_collector\_nginx) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_agones"></a> [agones](#output\_agones) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_airflow"></a> [airflow](#output\_airflow) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_appmesh_controller"></a> [appmesh\_controller](#output\_appmesh\_controller) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_argo_rollouts"></a> [argo\_rollouts](#output\_argo\_rollouts) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_argo_workflows"></a> [argo\_workflows](#output\_argo\_workflows) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_argocd"></a> [argocd](#output\_argocd) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_cloudwatch_metrics"></a> [aws\_cloudwatch\_metrics](#output\_aws\_cloudwatch\_metrics) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_coredns"></a> [aws\_coredns](#output\_aws\_coredns) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_ebs_csi_driver"></a> [aws\_ebs\_csi\_driver](#output\_aws\_ebs\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_efs_csi_driver"></a> [aws\_efs\_csi\_driver](#output\_aws\_efs\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_for_fluent_bit"></a> [aws\_for\_fluent\_bit](#output\_aws\_for\_fluent\_bit) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_fsx_csi_driver"></a> [aws\_fsx\_csi\_driver](#output\_aws\_fsx\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_kube_proxy"></a> [aws\_kube\_proxy](#output\_aws\_kube\_proxy) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_load_balancer_controller"></a> [aws\_load\_balancer\_controller](#output\_aws\_load\_balancer\_controller) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_node_termination_handler"></a> [aws\_node\_termination\_handler](#output\_aws\_node\_termination\_handler) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_privateca_issuer"></a> [aws\_privateca\_issuer](#output\_aws\_privateca\_issuer) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_aws_vpc_cni"></a> [aws\_vpc\_cni](#output\_aws\_vpc\_cni) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_calico"></a> [calico](#output\_calico) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_cert_manager"></a> [cert\_manager](#output\_cert\_manager) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_cert_manager_csi_driver"></a> [cert\_manager\_csi\_driver](#output\_cert\_manager\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_cert_manager_istio_csr"></a> [cert\_manager\_istio\_csr](#output\_cert\_manager\_istio\_csr) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_chaos_mesh"></a> [chaos\_mesh](#output\_chaos\_mesh) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_cilium"></a> [cilium](#output\_cilium) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_cluster_autoscaler"></a> [cluster\_autoscaler](#output\_cluster\_autoscaler) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_coredns_autoscaler"></a> [coredns\_autoscaler](#output\_coredns\_autoscaler) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_crossplane"></a> [crossplane](#output\_crossplane) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#output\_csi\_secrets\_store\_provider\_aws) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_datadog_operator"></a> [datadog\_operator](#output\_datadog\_operator) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_emr_on_eks"></a> [emr\_on\_eks](#output\_emr\_on\_eks) | EMR on EKS |
-| <a name="output_external_dns"></a> [external\_dns](#output\_external\_dns) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_external_secrets"></a> [external\_secrets](#output\_external\_secrets) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_fargate_fluentbit"></a> [fargate\_fluentbit](#output\_fargate\_fluentbit) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_gatekeeper"></a> [gatekeeper](#output\_gatekeeper) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_grafana"></a> [grafana](#output\_grafana) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_ingress_nginx"></a> [ingress\_nginx](#output\_ingress\_nginx) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_karpenter"></a> [karpenter](#output\_karpenter) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_keda"></a> [keda](#output\_keda) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kube_prometheus_stack"></a> [kube\_prometheus\_stack](#output\_kube\_prometheus\_stack) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kube_state_metrics"></a> [kube\_state\_metrics](#output\_kube\_state\_metrics) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kubecost"></a> [kubecost](#output\_kubecost) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kuberay_operator"></a> [kuberay\_operator](#output\_kuberay\_operator) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kubernetes_dashboard"></a> [kubernetes\_dashboard](#output\_kubernetes\_dashboard) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_kyverno"></a> [kyverno](#output\_kyverno) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_local_volume_provisioner"></a> [local\_volume\_provisioner](#output\_local\_volume\_provisioner) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_metrics_server"></a> [metrics\_server](#output\_metrics\_server) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_nvidia_device_plugin"></a> [nvidia\_device\_plugin](#output\_nvidia\_device\_plugin) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_opentelemetry_operator"></a> [opentelemetry\_operator](#output\_opentelemetry\_operator) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_prometheus"></a> [prometheus](#output\_prometheus) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_promtail"></a> [promtail](#output\_promtail) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_reloader"></a> [reloader](#output\_reloader) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_secrets_store_csi_driver"></a> [secrets\_store\_csi\_driver](#output\_secrets\_store\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_smb_csi_driver"></a> [smb\_csi\_driver](#output\_smb\_csi\_driver) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_spark_history_server"></a> [spark\_history\_server](#output\_spark\_history\_server) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_spark_k8s_operator"></a> [spark\_k8s\_operator](#output\_spark\_k8s\_operator) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_strimzi_kafka_operator"></a> [strimzi\_kafka\_operator](#output\_strimzi\_kafka\_operator) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_thanos"></a> [thanos](#output\_thanos) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_traefik"></a> [traefik](#output\_traefik) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_velero"></a> [velero](#output\_velero) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_vpa"></a> [vpa](#output\_vpa) | Map of attributes of the Helm release and IRSA created |
-| <a name="output_yunikorn"></a> [yunikorn](#output\_yunikorn) | Map of attributes of the Helm release and IRSA created |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/README.md b/modules/kubernetes-addons/adot-collector-haproxy/README.md
deleted file mode 100644
index 0b9aa1e8a0..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Observability Pattern for HAProxy
-
-This module provides an automated experience around Observability for HAProxy workloads.
-It provides the following resources:
-
-- AWS Distro For OpenTelemetry Operator and Collector
-- AWS Managed Grafana Dashboard and data source
-- Alerts and recording rules with AWS Managed Service for Prometheus
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_permissions_boundary  = string<br>    irsa_iam_role_path             = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus Workspace Endpoint | `string` | `null` | no |
-| <a name="input_amazon_prometheus_workspace_region"></a> [amazon\_prometheus\_workspace\_region](#input\_amazon\_prometheus\_workspace\_region) | Amazon Managed Prometheus Workspace's Region | `string` | `null` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/main.tf b/modules/kubernetes-addons/adot-collector-haproxy/main.tf
deleted file mode 100644
index ed22358185..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/main.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-locals {
-  name      = "adot-collector-haproxy"
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-data "aws_partition" "current" {}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = "${path.module}/otel-config"
-      version     = "0.2.0"
-      namespace   = local.namespace
-      description = "ADOT helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "ampurl"
-      value = "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write"
-    },
-    {
-      name  = "region"
-      value = var.amazon_prometheus_workspace_region
-    },
-    {
-      name  = "prometheusMetricsEndpoint"
-      value = "metrics"
-    },
-    {
-      name  = "prometheusMetricsPort"
-      value = 8888
-    },
-    {
-      name  = "scrapeInterval"
-      value = "15s"
-    },
-    {
-      name  = "scrapeTimeout"
-      value = "10s"
-    },
-    {
-      name  = "scrapeSampleLimit"
-      value = 1000
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config["create_namespace"], true)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    irsa_iam_policies                   = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"]
-  }
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/Chart.yaml b/modules/kubernetes-addons/adot-collector-haproxy/otel-config/Chart.yaml
deleted file mode 100644
index 94c1fbd304..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: opentelemetry
-description: A Helm chart to install otel operator
-type: application
-version: 0.2.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrole.yaml b/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrole.yaml
deleted file mode 100644
index 4bb1fb762d..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrole.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: otel-prometheus-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-      - nodes/proxy
-      - services
-      - endpoints
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - nonResourceURLs:
-      - /metrics
-    verbs:
-      - get
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrolebinding.yaml b/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrolebinding.yaml
deleted file mode 100644
index cc270735e7..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: otel-prometheus-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: otel-prometheus-role
-subjects:
-  - kind: ServiceAccount
-    name: adot-collector-haproxy
-    namespace: adot-collector-haproxy
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/opentelemetrycollector.yaml b/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/opentelemetrycollector.yaml
deleted file mode 100644
index 7889a4bbd4..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/templates/opentelemetrycollector.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: opentelemetry.io/v1alpha1
-kind: OpenTelemetryCollector
-metadata:
-  name: adot
-spec:
-  image: public.ecr.aws/aws-observability/aws-otel-collector:latest
-  mode: deployment
-  serviceAccount: adot-collector-haproxy
-  config: |
-    receivers:
-      prometheus:
-        config:
-          global:
-            scrape_interval: {{ .Values.scrapeInterval }}
-            scrape_timeout: {{ .Values.scrapeTimeout }}
-
-          scrape_configs:
-            - job_name: 'kubernetes-pod-haproxy'
-              sample_limit: {{ .Values.scrapeSampleLimit }}
-              metrics_path: /{{ .Values.prometheusMetricsEndpoint }}
-              kubernetes_sd_configs:
-                - role: pod
-              relabel_configs:
-                - source_labels: [ __address__ ]
-                  action: keep
-                  regex: '.*:9404$'
-                - action: labelmap
-                  regex: __meta_kubernetes_pod_label_(.+)
-                - action: replace
-                  source_labels: [ __meta_kubernetes_namespace ]
-                  target_label: Namespace
-                - source_labels: [ __meta_kubernetes_pod_name ]
-                  action: replace
-                  target_label: pod_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_container_name ]
-                  target_label: container_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_controller_kind ]
-                  target_label: pod_controller_kind
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_phase ]
-                  target_label: pod_controller_phase
-              metric_relabel_configs:
-                - source_labels: [ __name__ ]
-                  regex: 'jvm_gc_collection_seconds.*'
-                  action: drop
-    exporters:
-      awsprometheusremotewrite:
-        endpoint: {{ .Values.ampurl }}
-        aws_auth:
-          region: {{ .Values.region }}
-          service: "aps"
-      logging:
-        loglevel: info
-    extensions:
-      health_check:
-      pprof:
-        endpoint: :1888
-      zpages:
-        endpoint: :55679
-    service:
-      extensions: [pprof, zpages, health_check]
-      pipelines:
-        metrics:
-          receivers: [prometheus]
-          exporters: [logging, awsprometheusremotewrite]
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/values.yaml b/modules/kubernetes-addons/adot-collector-haproxy/otel-config/values.yaml
deleted file mode 100644
index f3517b2282..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/otel-config/values.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-ampurl: ${amp_url}
-region: ${region}
-prometheusMetricsEndpoint: ${prometheus_metrics_endpoint}
-prometheusMetricsPort: ${prometheus_metrics_port}
-scrapeInterval: ${scrape_interval}
-scrapeTimeout: ${scrape_timeout}
-scrapeSampleLimit: ${scrape_sample_limit}
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/outputs.tf b/modules/kubernetes-addons/adot-collector-haproxy/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/variables.tf b/modules/kubernetes-addons/adot-collector-haproxy/variables.tf
deleted file mode 100644
index b7d13c3825..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for Prometheus"
-  type        = any
-  default     = {}
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "Amazon Managed Prometheus Workspace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "amazon_prometheus_workspace_region" {
-  description = "Amazon Managed Prometheus Workspace's Region"
-  type        = string
-  default     = null
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_permissions_boundary  = string
-    irsa_iam_role_path             = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/adot-collector-haproxy/versions.tf b/modules/kubernetes-addons/adot-collector-haproxy/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/adot-collector-haproxy/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/adot-collector-java/README.md b/modules/kubernetes-addons/adot-collector-java/README.md
deleted file mode 100644
index 737955cd73..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Observability Pattern for Java/JMX
-
-This module provides an automated experience around Observability for Nginx workloads.
-It provides the following resources:
-
-- AWS Distro For OpenTelemetry Operator and Collector
-- AWS Managed Grafana Dashboard and data source
-- Alerts and recording rules with AWS Managed Service for Prometheus
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_permissions_boundary  = string<br>    irsa_iam_role_path             = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus Workspace Endpoint | `string` | `null` | no |
-| <a name="input_amazon_prometheus_workspace_region"></a> [amazon\_prometheus\_workspace\_region](#input\_amazon\_prometheus\_workspace\_region) | Amazon Managed Prometheus Workspace's Region | `string` | `null` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/adot-collector-java/main.tf b/modules/kubernetes-addons/adot-collector-java/main.tf
deleted file mode 100644
index 796052c3a3..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/main.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-locals {
-  name      = "adot-collector-java"
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-data "aws_partition" "current" {}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = "${path.module}/otel-config"
-      version     = "0.2.0"
-      namespace   = local.namespace
-      description = "ADOT helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "ampurl"
-      value = "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write"
-    },
-    {
-      name  = "region"
-      value = var.amazon_prometheus_workspace_region
-    },
-    {
-      name  = "prometheusMetricsEndpoint"
-      value = "metrics"
-    },
-    {
-      name  = "prometheusMetricsPort"
-      value = 8888
-    },
-    {
-      name  = "scrapeInterval"
-      value = "15s"
-    },
-    {
-      name  = "scrapeTimeout"
-      value = "10s"
-    },
-    {
-      name  = "scrapeSampleLimit"
-      value = 1000
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config["create_namespace"], true)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    irsa_iam_policies                   = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"]
-  }
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/adot-collector-java/otel-config/Chart.yaml b/modules/kubernetes-addons/adot-collector-java/otel-config/Chart.yaml
deleted file mode 100644
index 94c1fbd304..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/otel-config/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: opentelemetry
-description: A Helm chart to install otel operator
-type: application
-version: 0.2.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrole.yaml b/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrole.yaml
deleted file mode 100644
index 4bb1fb762d..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrole.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: otel-prometheus-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-      - nodes/proxy
-      - services
-      - endpoints
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - nonResourceURLs:
-      - /metrics
-    verbs:
-      - get
diff --git a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrolebinding.yaml b/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrolebinding.yaml
deleted file mode 100644
index 8e1cd8c557..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: otel-prometheus-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: otel-prometheus-role
-subjects:
-  - kind: ServiceAccount
-    name: adot-collector-java
-    namespace: adot-collector-java
diff --git a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/opentelemetrycollector.yaml b/modules/kubernetes-addons/adot-collector-java/otel-config/templates/opentelemetrycollector.yaml
deleted file mode 100644
index 1f933f8ab0..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/otel-config/templates/opentelemetrycollector.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: opentelemetry.io/v1alpha1
-kind: OpenTelemetryCollector
-metadata:
-  name: adot
-spec:
-  image: public.ecr.aws/aws-observability/aws-otel-collector:latest
-  mode: deployment
-  serviceAccount: adot-collector-java
-  config: |
-    receivers:
-      prometheus:
-        config:
-          global:
-            scrape_interval: {{ .Values.scrapeInterval }}
-            scrape_timeout: {{ .Values.scrapeTimeout }}
-
-          scrape_configs:
-            - job_name: 'kubernetes-pod-jmx'
-              sample_limit: {{ .Values.scrapeSampleLimit }}
-              metrics_path: /{{ .Values.prometheusMetricsEndpoint }}
-              kubernetes_sd_configs:
-                - role: pod
-              relabel_configs:
-                - source_labels: [ __address__ ]
-                  action: keep
-                  regex: '.*:9404$'
-                - action: labelmap
-                  regex: __meta_kubernetes_pod_label_(.+)
-                - action: replace
-                  source_labels: [ __meta_kubernetes_namespace ]
-                  target_label: Namespace
-                - source_labels: [ __meta_kubernetes_pod_name ]
-                  action: replace
-                  target_label: pod_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_container_name ]
-                  target_label: container_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_controller_kind ]
-                  target_label: pod_controller_kind
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_phase ]
-                  target_label: pod_controller_phase
-              metric_relabel_configs:
-                - source_labels: [ __name__ ]
-                  regex: 'jvm_gc_collection_seconds.*'
-                  action: drop
-    exporters:
-      awsprometheusremotewrite:
-        endpoint: {{ .Values.ampurl }}
-        aws_auth:
-          region: {{ .Values.region }}
-          service: "aps"
-      logging:
-        loglevel: info
-    extensions:
-      health_check:
-      pprof:
-        endpoint: :1888
-      zpages:
-        endpoint: :55679
-    service:
-      extensions: [pprof, zpages, health_check]
-      pipelines:
-        metrics:
-          receivers: [prometheus]
-          exporters: [logging, awsprometheusremotewrite]
diff --git a/modules/kubernetes-addons/adot-collector-java/otel-config/values.yaml b/modules/kubernetes-addons/adot-collector-java/otel-config/values.yaml
deleted file mode 100644
index f3517b2282..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/otel-config/values.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-ampurl: ${amp_url}
-region: ${region}
-prometheusMetricsEndpoint: ${prometheus_metrics_endpoint}
-prometheusMetricsPort: ${prometheus_metrics_port}
-scrapeInterval: ${scrape_interval}
-scrapeTimeout: ${scrape_timeout}
-scrapeSampleLimit: ${scrape_sample_limit}
diff --git a/modules/kubernetes-addons/adot-collector-java/outputs.tf b/modules/kubernetes-addons/adot-collector-java/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/adot-collector-java/variables.tf b/modules/kubernetes-addons/adot-collector-java/variables.tf
deleted file mode 100644
index b7d13c3825..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for Prometheus"
-  type        = any
-  default     = {}
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "Amazon Managed Prometheus Workspace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "amazon_prometheus_workspace_region" {
-  description = "Amazon Managed Prometheus Workspace's Region"
-  type        = string
-  default     = null
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_permissions_boundary  = string
-    irsa_iam_role_path             = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/adot-collector-java/versions.tf b/modules/kubernetes-addons/adot-collector-java/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/adot-collector-java/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/adot-collector-memcached/README.md b/modules/kubernetes-addons/adot-collector-memcached/README.md
deleted file mode 100644
index 0ba268fd59..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Observability Pattern for Memcached
-
-This module provides an automated experience around Observability for Memcached workloads.
-It provides the following resources:
-
-- AWS Distro For OpenTelemetry Operator and Collector
-- AWS Managed Grafana Dashboard and data source
-- Alerts and recording rules with AWS Managed Service for Prometheus
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_permissions_boundary  = string<br>    irsa_iam_role_path             = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus Workspace Endpoint | `string` | `null` | no |
-| <a name="input_amazon_prometheus_workspace_region"></a> [amazon\_prometheus\_workspace\_region](#input\_amazon\_prometheus\_workspace\_region) | Amazon Managed Prometheus Workspace's Region | `string` | `null` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/adot-collector-memcached/main.tf b/modules/kubernetes-addons/adot-collector-memcached/main.tf
deleted file mode 100644
index f2c69071d4..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/main.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-locals {
-  name      = "adot-collector-memcached"
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-data "aws_partition" "current" {}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = "${path.module}/otel-config"
-      version     = "0.2.0"
-      namespace   = local.namespace
-      description = "ADOT helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "ampurl"
-      value = "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write"
-    },
-    {
-      name  = "region"
-      value = var.amazon_prometheus_workspace_region
-    },
-    {
-      name  = "prometheusMetricsEndpoint"
-      value = "metrics"
-    },
-    {
-      name  = "prometheusMetricsPort"
-      value = 8888
-    },
-    {
-      name  = "scrapeInterval"
-      value = "15s"
-    },
-    {
-      name  = "scrapeTimeout"
-      value = "10s"
-    },
-    {
-      name  = "scrapeSampleLimit"
-      value = 1000
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config["create_namespace"], true)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    irsa_iam_policies                   = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"]
-  }
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/adot-collector-memcached/otel-config/Chart.yaml b/modules/kubernetes-addons/adot-collector-memcached/otel-config/Chart.yaml
deleted file mode 100644
index 94c1fbd304..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/otel-config/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: opentelemetry
-description: A Helm chart to install otel operator
-type: application
-version: 0.2.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrole.yaml b/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrole.yaml
deleted file mode 100644
index 4bb1fb762d..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrole.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: otel-prometheus-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-      - nodes/proxy
-      - services
-      - endpoints
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - nonResourceURLs:
-      - /metrics
-    verbs:
-      - get
diff --git a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrolebinding.yaml b/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrolebinding.yaml
deleted file mode 100644
index b6ef18a9fe..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: otel-prometheus-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: otel-prometheus-role
-subjects:
-  - kind: ServiceAccount
-    name: adot-collector-memcached
-    namespace: adot-collector-memcached
diff --git a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/opentelemetrycollector.yaml b/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/opentelemetrycollector.yaml
deleted file mode 100644
index ae2b36d63d..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/otel-config/templates/opentelemetrycollector.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: opentelemetry.io/v1alpha1
-kind: OpenTelemetryCollector
-metadata:
-  name: adot
-spec:
-  image: public.ecr.aws/aws-observability/aws-otel-collector:latest
-  mode: deployment
-  serviceAccount: adot-collector-memcached
-  config: |
-    receivers:
-      prometheus:
-        config:
-          global:
-            scrape_interval: {{ .Values.scrapeInterval }}
-            scrape_timeout: {{ .Values.scrapeTimeout }}
-
-          scrape_configs:
-            - job_name: 'kubernetes-pod-memcached'
-              sample_limit: {{ .Values.scrapeSampleLimit }}
-              metrics_path: /{{ .Values.prometheusMetricsEndpoint }}
-              kubernetes_sd_configs:
-                - role: pod
-              relabel_configs:
-                - source_labels: [ __address__ ]
-                  action: keep
-                  regex: '.*:9404$'
-                - action: labelmap
-                  regex: __meta_kubernetes_pod_label_(.+)
-                - action: replace
-                  source_labels: [ __meta_kubernetes_namespace ]
-                  target_label: Namespace
-                - source_labels: [ __meta_kubernetes_pod_name ]
-                  action: replace
-                  target_label: pod_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_container_name ]
-                  target_label: container_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_controller_kind ]
-                  target_label: pod_controller_kind
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_phase ]
-                  target_label: pod_controller_phase
-              metric_relabel_configs:
-                - source_labels: [ __name__ ]
-                  regex: 'jvm_gc_collection_seconds.*'
-                  action: drop
-    exporters:
-      awsprometheusremotewrite:
-        endpoint: {{ .Values.ampurl }}
-        aws_auth:
-          region: {{ .Values.region }}
-          service: "aps"
-      logging:
-        loglevel: info
-    extensions:
-      health_check:
-      pprof:
-        endpoint: :1888
-      zpages:
-        endpoint: :55679
-    service:
-      extensions: [pprof, zpages, health_check]
-      pipelines:
-        metrics:
-          receivers: [prometheus]
-          exporters: [logging, awsprometheusremotewrite]
diff --git a/modules/kubernetes-addons/adot-collector-memcached/otel-config/values.yaml b/modules/kubernetes-addons/adot-collector-memcached/otel-config/values.yaml
deleted file mode 100644
index f3517b2282..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/otel-config/values.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-ampurl: ${amp_url}
-region: ${region}
-prometheusMetricsEndpoint: ${prometheus_metrics_endpoint}
-prometheusMetricsPort: ${prometheus_metrics_port}
-scrapeInterval: ${scrape_interval}
-scrapeTimeout: ${scrape_timeout}
-scrapeSampleLimit: ${scrape_sample_limit}
diff --git a/modules/kubernetes-addons/adot-collector-memcached/outputs.tf b/modules/kubernetes-addons/adot-collector-memcached/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/adot-collector-memcached/variables.tf b/modules/kubernetes-addons/adot-collector-memcached/variables.tf
deleted file mode 100644
index b7d13c3825..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for Prometheus"
-  type        = any
-  default     = {}
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "Amazon Managed Prometheus Workspace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "amazon_prometheus_workspace_region" {
-  description = "Amazon Managed Prometheus Workspace's Region"
-  type        = string
-  default     = null
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_permissions_boundary  = string
-    irsa_iam_role_path             = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/adot-collector-memcached/versions.tf b/modules/kubernetes-addons/adot-collector-memcached/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/adot-collector-memcached/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/adot-collector-nginx/README.md b/modules/kubernetes-addons/adot-collector-nginx/README.md
deleted file mode 100644
index f8d8ecbb0a..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Observability Pattern for Nginx
-
-This module provides an automated experience around Observability for Nginx workloads.
-It provides the following resources:
-
-- AWS Distro For OpenTelemetry Operator and Collector
-- AWS Managed Grafana Dashboard and data source
-- Alerts and recording rules with AWS Managed Service for Prometheus
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_permissions_boundary  = string<br>    irsa_iam_role_path             = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus Workspace Endpoint | `string` | `null` | no |
-| <a name="input_amazon_prometheus_workspace_region"></a> [amazon\_prometheus\_workspace\_region](#input\_amazon\_prometheus\_workspace\_region) | Amazon Managed Prometheus Workspace's Region | `string` | `null` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/adot-collector-nginx/main.tf b/modules/kubernetes-addons/adot-collector-nginx/main.tf
deleted file mode 100644
index 3bcc018e00..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/main.tf
+++ /dev/null
@@ -1,63 +0,0 @@
-locals {
-  name      = "adot-collector-nginx"
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-data "aws_partition" "current" {}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = "${path.module}/otel-config"
-      version     = "0.2.0"
-      namespace   = local.namespace
-      description = "ADOT helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "ampurl"
-      value = "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write"
-    },
-    {
-      name  = "region"
-      value = var.amazon_prometheus_workspace_region
-    },
-    {
-      name  = "prometheusMetricsEndpoint"
-      value = "metrics"
-    },
-    {
-      name  = "prometheusMetricsPort"
-      value = 8888
-    },
-    {
-      name  = "scrapeInterval"
-      value = "15s"
-    },
-    {
-      name  = "scrapeTimeout"
-      value = "10s"
-    },
-    {
-      name  = "scrapeSampleLimit"
-      value = 1000
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config["create_namespace"], true)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    irsa_iam_policies                   = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"]
-  }
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/adot-collector-nginx/otel-config/Chart.yaml b/modules/kubernetes-addons/adot-collector-nginx/otel-config/Chart.yaml
deleted file mode 100644
index 94c1fbd304..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/otel-config/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: opentelemetry
-description: A Helm chart to install otel operator
-type: application
-version: 0.2.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrole.yaml b/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrole.yaml
deleted file mode 100644
index 4bb1fb762d..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrole.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: otel-prometheus-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-      - nodes/proxy
-      - services
-      - endpoints
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - nonResourceURLs:
-      - /metrics
-    verbs:
-      - get
diff --git a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrolebinding.yaml b/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrolebinding.yaml
deleted file mode 100644
index 7bd8168b2d..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: otel-prometheus-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: otel-prometheus-role
-subjects:
-  - kind: ServiceAccount
-    name: adot-collector-nginx
-    namespace: adot-collector-nginx
diff --git a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/opentelemetrycollector.yaml b/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/opentelemetrycollector.yaml
deleted file mode 100644
index aaefbdd0be..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/otel-config/templates/opentelemetrycollector.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: opentelemetry.io/v1alpha1
-kind: OpenTelemetryCollector
-metadata:
-  name: adot
-spec:
-  image: public.ecr.aws/aws-observability/aws-otel-collector:latest
-  mode: deployment
-  serviceAccount: adot-collector-nginx
-  config: |
-    receivers:
-      prometheus:
-        config:
-          global:
-            scrape_interval: {{ .Values.scrapeInterval }}
-            scrape_timeout: {{ .Values.scrapeTimeout }}
-
-          scrape_configs:
-            - job_name: 'kubernetes-pod-nginx'
-              sample_limit: {{ .Values.scrapeSampleLimit }}
-              metrics_path: /{{ .Values.prometheusMetricsEndpoint }}
-              kubernetes_sd_configs:
-                - role: pod
-              relabel_configs:
-                - source_labels: [ __address__ ]
-                  action: keep
-                  regex: '.*:9404$'
-                - action: labelmap
-                  regex: __meta_kubernetes_pod_label_(.+)
-                - action: replace
-                  source_labels: [ __meta_kubernetes_namespace ]
-                  target_label: Namespace
-                - source_labels: [ __meta_kubernetes_pod_name ]
-                  action: replace
-                  target_label: pod_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_container_name ]
-                  target_label: container_name
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_controller_kind ]
-                  target_label: pod_controller_kind
-                - action: replace
-                  source_labels: [ __meta_kubernetes_pod_phase ]
-                  target_label: pod_controller_phase
-              metric_relabel_configs:
-                - source_labels: [ __name__ ]
-                  regex: 'jvm_gc_collection_seconds.*'
-                  action: drop
-    exporters:
-      awsprometheusremotewrite:
-        endpoint: {{ .Values.ampurl }}
-        aws_auth:
-          region: {{ .Values.region }}
-          service: "aps"
-      logging:
-        loglevel: info
-    extensions:
-      health_check:
-      pprof:
-        endpoint: :1888
-      zpages:
-        endpoint: :55679
-    service:
-      extensions: [pprof, zpages, health_check]
-      pipelines:
-        metrics:
-          receivers: [prometheus]
-          exporters: [logging, awsprometheusremotewrite]
diff --git a/modules/kubernetes-addons/adot-collector-nginx/otel-config/values.yaml b/modules/kubernetes-addons/adot-collector-nginx/otel-config/values.yaml
deleted file mode 100644
index f3517b2282..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/otel-config/values.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-ampurl: ${amp_url}
-region: ${region}
-prometheusMetricsEndpoint: ${prometheus_metrics_endpoint}
-prometheusMetricsPort: ${prometheus_metrics_port}
-scrapeInterval: ${scrape_interval}
-scrapeTimeout: ${scrape_timeout}
-scrapeSampleLimit: ${scrape_sample_limit}
diff --git a/modules/kubernetes-addons/adot-collector-nginx/outputs.tf b/modules/kubernetes-addons/adot-collector-nginx/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/adot-collector-nginx/variables.tf b/modules/kubernetes-addons/adot-collector-nginx/variables.tf
deleted file mode 100644
index b7d13c3825..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for Prometheus"
-  type        = any
-  default     = {}
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "Amazon Managed Prometheus Workspace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "amazon_prometheus_workspace_region" {
-  description = "Amazon Managed Prometheus Workspace's Region"
-  type        = string
-  default     = null
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_permissions_boundary  = string
-    irsa_iam_role_path             = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/adot-collector-nginx/versions.tf b/modules/kubernetes-addons/adot-collector-nginx/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/adot-collector-nginx/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/agones/README.md b/modules/kubernetes-addons/agones/README.md
deleted file mode 100644
index e1fc1ed5c0..0000000000
--- a/modules/kubernetes-addons/agones/README.md
+++ /dev/null
@@ -1,70 +0,0 @@
-# Agones Helm Chart
-
-## Agones
-
-Agones is an Open source Kubernetes Controller with custom resource definitions and is used to create, run, manage and scale dedicated game server processes within Kubernetes clusters using standard Kubernetes tooling and APIs. This model also allows any matchmaker to interact directly with Agones via the Kubernetes API to provision a dedicated game server
-
-## GameLift
-
-Amazon GameLift enables developers to deploy, operate, and scale dedicated, low-cost servers in the cloud for session-based, multiplayer games. Built on AWS global computing infrastructure, GameLift helps deliver high-performance, high-reliability, low-cost game servers while dynamically scaling your resource usage to meet worldwide player demand.
-
-https://github.com/googleforgames/agones/tree/main/install/helm/agones
-https://artifacthub.io/packages/helm/agones/agones
-
-### Docker Images
-
-```
-gcr.io/agones-images/agones-controller:1.15.0-rc
-gcr.io/agones-images/agones-ping:1.15.0-rc
-gcr.io/agones-images/agones-allocator:1.15.0-rc
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_security_group_rule.agones_sg_ingress_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [aws_security_group.eks_worker_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_eks_worker_security_group_id"></a> [eks\_worker\_security\_group\_id](#input\_eks\_worker\_security\_group\_id) | EKS Worker Security Group ID | `string` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Agones GameServer | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/agones/data.tf b/modules/kubernetes-addons/agones/data.tf
deleted file mode 100644
index 3d19d003e4..0000000000
--- a/modules/kubernetes-addons/agones/data.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-data "aws_security_group" "eks_worker_group" {
-  id = var.eks_worker_security_group_id
-}
diff --git a/modules/kubernetes-addons/agones/locals.tf b/modules/kubernetes-addons/agones/locals.tf
deleted file mode 100644
index a6b732cbb0..0000000000
--- a/modules/kubernetes-addons/agones/locals.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-locals {
-  name      = "agones"
-  namespace = "agones-system"
-
-  # https://github.com/googleforgames/agones/blob/main/install/helm/agones/Chart.yaml
-  default_helm_config = {
-    name               = local.name
-    chart              = local.name
-    repository         = "https://agones.dev/chart/stable"
-    version            = "1.27.0"
-    namespace          = local.namespace
-    description        = "Agones Gaming Server Helm Chart deployment configuration"
-    values             = local.default_helm_values
-    gameserver_minport = 7000
-    gameserver_maxport = 8000
-  }
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {})]
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/agones/main.tf b/modules/kubernetes-addons/agones/main.tf
deleted file mode 100644
index 43db28f9be..0000000000
--- a/modules/kubernetes-addons/agones/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
-
-resource "aws_security_group_rule" "agones_sg_ingress_rule" {
-  description       = "Allow UDP ingress from internet"
-  type              = "ingress"
-  from_port         = local.helm_config["gameserver_minport"]
-  to_port           = local.helm_config["gameserver_maxport"]
-  protocol          = "udp"
-  cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-ingress-sgr
-  ipv6_cidr_blocks  = ["::/0"]      #tfsec:ignore:aws-vpc-no-public-ingress-sgr
-  security_group_id = data.aws_security_group.eks_worker_group.id
-}
diff --git a/modules/kubernetes-addons/agones/outputs.tf b/modules/kubernetes-addons/agones/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/agones/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/agones/values.yaml b/modules/kubernetes-addons/agones/values.yaml
deleted file mode 100644
index 372053fb3c..0000000000
--- a/modules/kubernetes-addons/agones/values.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-agones:
-  ping:
-    http:
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-internal: "false"
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
-    udp:
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-internal: "false"
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
-  allocator:
-    http:
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-internal: "false"
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
diff --git a/modules/kubernetes-addons/agones/variables.tf b/modules/kubernetes-addons/agones/variables.tf
deleted file mode 100644
index 04783569fd..0000000000
--- a/modules/kubernetes-addons/agones/variables.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Agones GameServer"
-  type        = any
-  default     = {}
-}
-
-variable "eks_worker_security_group_id" {
-  description = "EKS Worker Security Group ID"
-  type        = string
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/agones/versions.tf b/modules/kubernetes-addons/agones/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/agones/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/airflow/README.md b/modules/kubernetes-addons/airflow/README.md
deleted file mode 100644
index d152552258..0000000000
--- a/modules/kubernetes-addons/airflow/README.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Apache Airflow v2 Helm Chart
-
-Checkout the docs for more details [docs](../../../docs/add-ons/airflow.md)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the airflow. | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/airflow/main.tf b/modules/kubernetes-addons/airflow/main.tf
deleted file mode 100644
index 4da9e1f6f2..0000000000
--- a/modules/kubernetes-addons/airflow/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-locals {
-  name = "airflow"
-
-  # https://github.com/apache/airflow/blob/main/chart/Chart.yaml
-  default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://airflow.apache.org"
-    version          = "1.7.0"
-    namespace        = local.name
-    create_namespace = true
-    values           = [templatefile("${path.module}/values.yaml", {})]
-    description      = "Apache Airflow v2 Helm chart deployment configuration"
-  }
-
-  helm_config = merge(local.default_helm_config, var.helm_config)
-}
-
-#-------------------------------------------------
-# Apache Airflow Helm Add-on
-#-------------------------------------------------
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/airflow/outputs.tf b/modules/kubernetes-addons/airflow/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/airflow/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/airflow/values.yaml b/modules/kubernetes-addons/airflow/values.yaml
deleted file mode 100644
index 25dea2e5ec..0000000000
--- a/modules/kubernetes-addons/airflow/values.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-securityContext:
-  fsGroup: 65534
-
-executor: "KubernetesExecutor"
-
-workers:
-  replicas: 0
-
-postgresql:
-  enabled: true
-
-scheduler:
-  replicas: 1
-  waitForMigrations:
-    enabled: false
-
-webserver:
-  replicas: 1
-  waitForMigrations:
-    enabled: false
-
-migrateDatabaseJob:
-  enabled: true
-
-triggerer:
-  enabled: true
-  waitForMigrations:
-    enabled: false
-
-redis:
-  enabled: false
diff --git a/modules/kubernetes-addons/airflow/variables.tf b/modules/kubernetes-addons/airflow/variables.tf
deleted file mode 100644
index 323de94894..0000000000
--- a/modules/kubernetes-addons/airflow/variables.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the airflow."
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/airflow/versions.tf b/modules/kubernetes-addons/airflow/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/airflow/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/app-2048/README.md b/modules/kubernetes-addons/app-2048/README.md
deleted file mode 100644
index e0c5b910bf..0000000000
--- a/modules/kubernetes-addons/app-2048/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# App [2048](https://play2048.co/)
-
-Sample application for demonstrating and testing Kubernetes.
diff --git a/modules/kubernetes-addons/app-2048/main.tf b/modules/kubernetes-addons/app-2048/main.tf
deleted file mode 100644
index e5b3337328..0000000000
--- a/modules/kubernetes-addons/app-2048/main.tf
+++ /dev/null
@@ -1,102 +0,0 @@
-locals {
-  name = "app-2048"
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  metadata {
-    name = local.name
-  }
-}
-
-resource "kubernetes_deployment_v1" "this" {
-  metadata {
-    name      = local.name
-    namespace = kubernetes_namespace_v1.this.metadata[0].name
-  }
-
-  spec {
-    replicas = 3
-
-    selector {
-      match_labels = {
-        "app.kubernetes.io/name" = local.name
-      }
-    }
-
-    template {
-      metadata {
-        labels = {
-          "app.kubernetes.io/name" = local.name
-        }
-      }
-
-      spec {
-        container {
-          image = "public.ecr.aws/l6m2t8p7/docker-2048:latest"
-          # image_pull_policy = "Always"
-          name = local.name
-
-          port {
-            container_port = 80
-          }
-        }
-      }
-    }
-  }
-}
-
-resource "kubernetes_service_v1" "this" {
-  metadata {
-    name      = local.name
-    namespace = kubernetes_namespace_v1.this.metadata[0].name
-  }
-
-  spec {
-    selector = {
-      "app.kubernetes.io/name" = local.name
-    }
-
-
-    port {
-      port        = 80
-      target_port = 80
-      protocol    = "TCP"
-    }
-
-    type = "NodePort"
-  }
-}
-
-resource "kubernetes_ingress_v1" "this" {
-  metadata {
-    name      = local.name
-    namespace = kubernetes_namespace_v1.this.metadata[0].name
-
-    annotations = {
-      "alb.ingress.kubernetes.io/scheme"      = "internet-facing"
-      "alb.ingress.kubernetes.io/target-type" = "ip"
-    }
-  }
-
-  spec {
-    ingress_class_name = "alb"
-
-    rule {
-      http {
-        path {
-          path      = "/"
-          path_type = "Prefix"
-
-          backend {
-            service {
-              name = local.name
-              port {
-                number = 80
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/app-2048/outputs.tf b/modules/kubernetes-addons/app-2048/outputs.tf
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/modules/kubernetes-addons/app-2048/variables.tf b/modules/kubernetes-addons/app-2048/variables.tf
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/modules/kubernetes-addons/app-2048/versions.tf b/modules/kubernetes-addons/app-2048/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/app-2048/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/appmesh-controller/README.md b/modules/kubernetes-addons/appmesh-controller/README.md
deleted file mode 100644
index 6ca58cf407..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/README.md
+++ /dev/null
@@ -1,48 +0,0 @@
-# AppMesh Controller
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Karpenter | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/appmesh-controller/data.tf b/modules/kubernetes-addons/appmesh-controller/data.tf
deleted file mode 100644
index f1d410a4ab..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/data.tf
+++ /dev/null
@@ -1,115 +0,0 @@
-data "aws_iam_policy_document" "this" {
-  statement {
-    sid       = "AllowAppMesh"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:appmesh:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:mesh/*"]
-
-    actions = [
-      "appmesh:ListVirtualRouters",
-      "appmesh:ListVirtualServices",
-      "appmesh:ListRoutes",
-      "appmesh:ListGatewayRoutes",
-      "appmesh:ListMeshes",
-      "appmesh:ListVirtualNodes",
-      "appmesh:ListVirtualGateways",
-      "appmesh:DescribeMesh",
-      "appmesh:DescribeVirtualRouter",
-      "appmesh:DescribeRoute",
-      "appmesh:DescribeVirtualNode",
-      "appmesh:DescribeVirtualGateway",
-      "appmesh:DescribeGatewayRoute",
-      "appmesh:DescribeVirtualService",
-      "appmesh:CreateMesh",
-      "appmesh:CreateVirtualRouter",
-      "appmesh:CreateVirtualGateway",
-      "appmesh:CreateVirtualService",
-      "appmesh:CreateGatewayRoute",
-      "appmesh:CreateRoute",
-      "appmesh:CreateVirtualNode",
-      "appmesh:UpdateMesh",
-      "appmesh:UpdateRoute",
-      "appmesh:UpdateVirtualGateway",
-      "appmesh:UpdateVirtualRouter",
-      "appmesh:UpdateGatewayRoute",
-      "appmesh:UpdateVirtualService",
-      "appmesh:UpdateVirtualNode",
-      "appmesh:DeleteMesh",
-      "appmesh:DeleteRoute",
-      "appmesh:DeleteVirtualRouter",
-      "appmesh:DeleteGatewayRoute",
-      "appmesh:DeleteVirtualService",
-      "appmesh:DeleteVirtualNode",
-      "appmesh:DeleteVirtualGateway"
-    ]
-  }
-
-  statement {
-    sid       = "CreateServiceLinkedRole"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:iam::${var.addon_context.aws_caller_identity_account_id}:role/aws-service-role/appmesh.${local.dns_suffix}/AWSServiceRoleForAppMesh"]
-    actions   = ["iam:CreateServiceLinkedRole"]
-
-    condition {
-      test     = "StringLike"
-      variable = "iam:AWSServiceName"
-      values   = ["appmesh.${local.dns_suffix}"]
-    }
-  }
-
-  statement {
-    sid       = "AllowACMAccess"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:acm:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:certificate/*"]
-    actions = [
-      "acm:ListCertificates",
-      "acm:DescribeCertificate",
-    ]
-  }
-
-  statement {
-    sid       = "AllowACMPCAAccess"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:acm-pca:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:certificate-authority/*"]
-    actions = [
-      "acm-pca:DescribeCertificateAuthority",
-      "acm-pca:ListCertificateAuthorities"
-    ]
-  }
-
-  statement {
-    sid    = "AllowServiceDiscovery"
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:servicediscovery:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:namespace/*",
-      "arn:${var.addon_context.aws_partition_id}:servicediscovery:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:service/*"
-    ]
-    actions = [
-      "servicediscovery:CreateService",
-      "servicediscovery:DeleteService",
-      "servicediscovery:GetService",
-      "servicediscovery:GetInstance",
-      "servicediscovery:RegisterInstance",
-      "servicediscovery:DeregisterInstance",
-      "servicediscovery:ListInstances",
-      "servicediscovery:ListNamespaces",
-      "servicediscovery:ListServices",
-      "servicediscovery:GetInstancesHealthStatus",
-      "servicediscovery:UpdateInstanceCustomHealthStatus",
-      "servicediscovery:GetOperation"
-    ]
-  }
-
-  statement {
-    sid    = "AllowRoute53"
-    effect = "Allow"
-    resources = [
-    "arn:${var.addon_context.aws_partition_id}:route53:::*"]
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:GetHealthCheck",
-      "route53:CreateHealthCheck",
-      "route53:UpdateHealthCheck",
-      "route53:DeleteHealthCheck"
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/appmesh-controller/main.tf b/modules/kubernetes-addons/appmesh-controller/main.tf
deleted file mode 100644
index b68cf5a2c7..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/main.tf
+++ /dev/null
@@ -1,53 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "appmesh-controller")
-  namespace = try(var.helm_config.namespace, "appmesh-system")
-
-  dns_suffix = data.aws_partition.current.dns_suffix
-}
-
-data "aws_partition" "current" {}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://aws.github.io/eks-charts"
-      version     = "1.7.0"
-      namespace   = local.namespace
-      description = "AWS App Mesh Helm Chart"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.name
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = true
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    irsa_iam_policies                   = concat([aws_iam_policy.this.arn], var.irsa_policies)
-  }
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "this" {
-  name        = "${var.addon_context.eks_cluster_id}-appmesh"
-  description = "IAM Policy for App Mesh"
-  policy      = data.aws_iam_policy_document.this.json
-}
diff --git a/modules/kubernetes-addons/appmesh-controller/outputs.tf b/modules/kubernetes-addons/appmesh-controller/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/appmesh-controller/variables.tf b/modules/kubernetes-addons/appmesh-controller/variables.tf
deleted file mode 100644
index 5846ed3a5a..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "helm_config" {
-  description = "Helm provider config for the Karpenter"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
diff --git a/modules/kubernetes-addons/appmesh-controller/versions.tf b/modules/kubernetes-addons/appmesh-controller/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/appmesh-controller/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/argo-rollouts/README.md b/modules/kubernetes-addons/argo-rollouts/README.md
deleted file mode 100644
index e6a27fff54..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/README.md
+++ /dev/null
@@ -1,52 +0,0 @@
-# Argo Rollouts
-
-## Introduction
-
-[Argo Rollouts](https://argoproj.github.io/argo-rollouts/) is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes.
-
-Argo Rollouts (optionally) integrates with ingress controllers and service meshes, leveraging their traffic shaping abilities to gradually shift traffic to the new version during an update. Additionally, Rollouts can query and interpret metrics from various providers to verify key KPIs and drive automated promotion or rollback during an update.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Argo Rollouts | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/argo-rollouts/locals.tf b/modules/kubernetes-addons/argo-rollouts/locals.tf
deleted file mode 100644
index 45c50891b4..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/locals.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-locals {
-  name = "argo-rollouts"
-
-  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://argoproj.github.io/argo-helm"
-    version     = "2.21.1"
-    namespace   = local.name
-    description = "Argo Rollouts AddOn Helm Chart"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/argo-rollouts/main.tf b/modules/kubernetes-addons/argo-rollouts/main.tf
deleted file mode 100644
index dc13a29d51..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/main.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
diff --git a/modules/kubernetes-addons/argo-rollouts/outputs.tf b/modules/kubernetes-addons/argo-rollouts/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/argo-rollouts/variables.tf b/modules/kubernetes-addons/argo-rollouts/variables.tf
deleted file mode 100644
index b94e941826..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the Argo Rollouts"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/argo-rollouts/versions.tf b/modules/kubernetes-addons/argo-rollouts/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/argo-rollouts/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/argo-workflows/README.md b/modules/kubernetes-addons/argo-workflows/README.md
deleted file mode 100644
index 7d049d0ae0..0000000000
--- a/modules/kubernetes-addons/argo-workflows/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Argo Workflows
-
-## Introduction
-
-[Argo Workflows](https://argoproj.github.io/argo-workflows/) is an event-driven workflow automation framework for Kubernetes which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc. on events from a variety of sources like webhooks, S3, schedules, messaging queues, gcp pubsub, sns, sqs, etc.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the argo workflows. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/argo-workflows/main.tf b/modules/kubernetes-addons/argo-workflows/main.tf
deleted file mode 100644
index 1a7ee88c8c..0000000000
--- a/modules/kubernetes-addons/argo-workflows/main.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-locals {
-  name = "argo-workflows"
-
-  # https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
-  default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://argoproj.github.io/argo-helm"
-    version          = "v0.20.1"
-    namespace        = local.name
-    create_namespace = true
-    description      = "Argo events Helm chart deployment configuration"
-  }
-
-  helm_config = merge(local.default_helm_config, var.helm_config)
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
diff --git a/modules/kubernetes-addons/argo-workflows/outputs.tf b/modules/kubernetes-addons/argo-workflows/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/argo-workflows/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/argo-workflows/variables.tf b/modules/kubernetes-addons/argo-workflows/variables.tf
deleted file mode 100644
index b825fcb8a9..0000000000
--- a/modules/kubernetes-addons/argo-workflows/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the argo workflows."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/argo-workflows/versions.tf b/modules/kubernetes-addons/argo-workflows/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/argo-workflows/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/argocd/README.md b/modules/kubernetes-addons/argocd/README.md
deleted file mode 100644
index 257d278523..0000000000
--- a/modules/kubernetes-addons/argocd/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# ArgoCD Deployment Guide
-
-# Introduction
-
-Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
-
-Application definitions, configurations, and environments should be declarative and version controlled. Application deployment and lifecycle management should be automated, auditable, and easy to understand.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.4.1 |
-| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 1.14 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [helm_release.argocd_application](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubectl_manifest.argocd_kustomize_application](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_secret.argocd_gitops](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [aws_secretsmanager_secret.ssh_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
-| [aws_secretsmanager_secret_version.ssh_key_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Configuration for managing add-ons via ArgoCD | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_applications"></a> [applications](#input\_applications) | ArgoCD Application config used to bootstrap a cluster. | `any` | `{}` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | ArgoCD Helm Chart Config values | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/argocd/argocd-application/helm/Chart.yaml b/modules/kubernetes-addons/argocd/argocd-application/helm/Chart.yaml
deleted file mode 100644
index 2153fde9e3..0000000000
--- a/modules/kubernetes-addons/argocd/argocd-application/helm/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: argo-application
-description: A Helm chart that installs an ArgoCD Application resource.
-type: application
-version: 0.1.0
-appVersion: 0.1.0
diff --git a/modules/kubernetes-addons/argocd/argocd-application/helm/templates/application.yaml b/modules/kubernetes-addons/argocd/argocd-application/helm/templates/application.yaml
deleted file mode 100644
index 586a3e1ba5..0000000000
--- a/modules/kubernetes-addons/argocd/argocd-application/helm/templates/application.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: {{ .Values.name }}
-  namespace: {{ .Values.namespace }}
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: {{ .Values.project }}
-  source:
-    repoURL: {{ .Values.source.repoUrl }}
-    targetRevision: {{ .Values.source.targetRevision }}
-    path: {{ .Values.source.path }}
-    helm:
-      values: {{ toYaml .Values.source.helm.values | toString | indent 6 }}
-  destination:
-    server: {{ .Values.destination.server }}
-    namespace: {{ .Values.namespace }}
-  syncPolicy:
-    automated:
-      allowEmpty: false
-      prune: true
-      selfHeal: true
-    retry:
-      backoff:
-        duration: "10s"
-        factor: 2
-        maxDuration: "3m"
-      limit: 10
-    syncOptions:
-      - "Validate=false" # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default )
-      - "CreateNamespace=true" # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
-      - "PrunePropagationPolicy=foreground" # Supported policies are background, foreground and orphan.
-      - "PruneLast=true" # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
-      - "RespectIgnoreDifferences=true" # Respect ignored fields from '.Values.ignoreDifferences'
-  {{- with .Values.ignoreDifferences }}
-  ignoreDifferences:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
diff --git a/modules/kubernetes-addons/argocd/argocd-application/helm/values.yaml b/modules/kubernetes-addons/argocd/argocd-application/helm/values.yaml
deleted file mode 100644
index 222da6dc7f..0000000000
--- a/modules/kubernetes-addons/argocd/argocd-application/helm/values.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Application Name
-name: ""
-
-# The ArgoCD Project the Application belongs to.
-project: "default"
-
-# Source config for the Application
-source:
-
-  # Git Repo the Application points to.
-  repoUrl: ""
-
-  # Target revision for the repo.
-  targetRevision: "HEAD"
-
-  # Path in the repo Argo should look for manifests.
-  path: ""
-
-  # Helm configuration.
-  helm :
-    values: ""
-
-# Destination cluster.
-destination:
-  server: "https://kubernetes.default.svc"
-
-ignoreDifferences:
-#  - group: argoproj.io
-#    kind: Application
-#    jsonPointers:
-#      - /spec/syncPolicy
diff --git a/modules/kubernetes-addons/argocd/argocd-application/kubectl/application.yaml.tftpl b/modules/kubernetes-addons/argocd/argocd-application/kubectl/application.yaml.tftpl
deleted file mode 100644
index 8dedc11643..0000000000
--- a/modules/kubernetes-addons/argocd/argocd-application/kubectl/application.yaml.tftpl
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: ${name}
-  namespace: ${namespace}
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: ${project}
-  source:
-    repoURL: ${sourceRepoUrl}
-    targetRevision: ${sourceTargetRevision}
-    path: ${sourcePath}
-  destination:
-    server: ${destinationServer}
-    namespace: ${namespace}
-  syncPolicy:
-    automated:
-      allowEmpty: false
-      prune: true
-      selfHeal: true
-    retry:
-      backoff:
-        duration: "10s"
-        factor: 2
-        maxDuration: "3m"
-      limit: 10
-    syncOptions:
-      - "Validate=false" # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default )
-      - "CreateNamespace=true" # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
-      - "PrunePropagationPolicy=foreground" # Supported policies are background, foreground and orphan.
-      - "PruneLast=true" # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
-      - "RespectIgnoreDifferences=true" # Respect ignored fields from '.Values.ignoreDifferences'
-  %{ if length(ignoreDifferences)>0 }
-  ignoreDifferences:
-${join("\n", formatlist("    %s", split("\n", yamlencode(ignoreDifferences))))}
-  %{ endif }
diff --git a/modules/kubernetes-addons/argocd/data.tf b/modules/kubernetes-addons/argocd/data.tf
deleted file mode 100644
index bd0e4666e4..0000000000
--- a/modules/kubernetes-addons/argocd/data.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-# ---------------------------------------------------------------------------------------------------------------------
-# SSH Key
-# ---------------------------------------------------------------------------------------------------------------------
-
-data "aws_secretsmanager_secret" "ssh_key" {
-  for_each = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null }
-  name     = each.value.ssh_key_secret_name
-}
-
-data "aws_secretsmanager_secret_version" "ssh_key_version" {
-  for_each  = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null }
-  secret_id = data.aws_secretsmanager_secret.ssh_key[each.key].id
-}
diff --git a/modules/kubernetes-addons/argocd/locals.tf b/modules/kubernetes-addons/argocd/locals.tf
deleted file mode 100644
index ac0326b106..0000000000
--- a/modules/kubernetes-addons/argocd/locals.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-locals {
-  default_helm_values = [file("${path.module}/values.yaml")]
-
-  name      = "argo-cd"
-  namespace = "argocd"
-
-  # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/Chart.yaml
-  default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://argoproj.github.io/argo-helm"
-    version          = "5.13.8"
-    namespace        = local.namespace
-    create_namespace = true
-    values           = local.default_helm_values
-    description      = "The ArgoCD Helm Chart deployment configuration"
-    wait             = false
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_argocd_application = {
-    namespace          = local.helm_config["namespace"]
-    target_revision    = "HEAD"
-    destination        = "https://kubernetes.default.svc"
-    project            = "default"
-    values             = {}
-    type               = "helm"
-    add_on_application = false
-  }
-
-  global_application_values = {
-    region      = var.addon_context.aws_region_name
-    account     = var.addon_context.aws_caller_identity_account_id
-    clusterName = var.addon_context.eks_cluster_id
-  }
-
-}
diff --git a/modules/kubernetes-addons/argocd/main.tf b/modules/kubernetes-addons/argocd/main.tf
deleted file mode 100644
index c159edbd57..0000000000
--- a/modules/kubernetes-addons/argocd/main.tf
+++ /dev/null
@@ -1,137 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# ArgoCD App of Apps Bootstrapping (Helm)
-# ---------------------------------------------------------------------------------------------------------------------
-resource "helm_release" "argocd_application" {
-  for_each = { for k, v in var.applications : k => merge(local.default_argocd_application, v) if merge(local.default_argocd_application, v).type == "helm" }
-
-  name      = each.key
-  chart     = "${path.module}/argocd-application/helm"
-  version   = "1.0.0"
-  namespace = local.helm_config["namespace"]
-
-  # Application Meta.
-  set {
-    name  = "name"
-    value = each.key
-    type  = "string"
-  }
-
-  set {
-    name  = "project"
-    value = each.value.project
-    type  = "string"
-  }
-
-  # Source Config.
-  set {
-    name  = "source.repoUrl"
-    value = each.value.repo_url
-    type  = "string"
-  }
-
-  set {
-    name  = "source.targetRevision"
-    value = each.value.target_revision
-    type  = "string"
-  }
-
-  set {
-    name  = "source.path"
-    value = each.value.path
-    type  = "string"
-  }
-
-  set {
-    name  = "source.helm.releaseName"
-    value = each.key
-    type  = "string"
-  }
-
-  set {
-    name = "source.helm.values"
-    value = yamlencode(merge(
-      { repoUrl = each.value.repo_url },
-      each.value.values,
-      local.global_application_values,
-      each.value.add_on_application ? var.addon_config : {}
-    ))
-    type = "auto"
-  }
-
-  # Destination Config.
-  set {
-    name  = "destination.server"
-    value = each.value.destination
-    type  = "string"
-  }
-
-  values = [
-    # Application ignoreDifferences
-    yamlencode({
-      "ignoreDifferences" = lookup(each.value, "ignoreDifferences", [])
-    })
-  ]
-
-  depends_on = [module.helm_addon]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# ArgoCD App of Apps Bootstrapping (Kustomize)
-# ---------------------------------------------------------------------------------------------------------------------
-resource "kubectl_manifest" "argocd_kustomize_application" {
-  for_each = { for k, v in var.applications : k => merge(local.default_argocd_application, v) if merge(local.default_argocd_application, v).type == "kustomize" }
-
-  yaml_body = templatefile("${path.module}/argocd-application/kubectl/application.yaml.tftpl",
-    {
-      name                 = each.key
-      namespace            = each.value.namespace
-      project              = each.value.project
-      sourceRepoUrl        = each.value.repo_url
-      sourceTargetRevision = each.value.target_revision
-      sourcePath           = each.value.path
-      destinationServer    = each.value.destination
-      ignoreDifferences    = lookup(each.value, "ignoreDifferences", [])
-    }
-  )
-
-  depends_on = [module.helm_addon]
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# Private Repo Access
-# ---------------------------------------------------------------------------------------------------------------------
-
-resource "kubernetes_secret" "argocd_gitops" {
-  for_each = { for k, v in var.applications : k => v if try(v.ssh_key_secret_name, null) != null }
-
-  metadata {
-    name      = "${each.key}-repo-secret"
-    namespace = local.helm_config["namespace"]
-    labels    = { "argocd.argoproj.io/secret-type" : "repository" }
-  }
-
-  data = {
-    insecure      = lookup(each.value, "insecure", false)
-    sshPrivateKey = data.aws_secretsmanager_secret_version.ssh_key_version[each.key].secret_string
-    type          = "git"
-    url           = each.value.repo_url
-  }
-
-  depends_on = [module.helm_addon]
-}
diff --git a/modules/kubernetes-addons/argocd/outputs.tf b/modules/kubernetes-addons/argocd/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/argocd/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/argocd/values.yaml b/modules/kubernetes-addons/argocd/values.yaml
deleted file mode 100644
index bd0f5c6bdd..0000000000
--- a/modules/kubernetes-addons/argocd/values.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-redis-ha:
-  enabled: true
-
-controller:
-  enableStatefulSet: true
-
-server:
-  autoscaling:
-    enabled: true
-    minReplicas: 2
-
-repoServer:
-  autoscaling:
-    enabled: true
-    minReplicas: 2
-
-configs:
-  cm:
-    #use annotation for tracking but keep labels for compatibility with other tools
-    application.resourceTrackingMethod: annotation+label
diff --git a/modules/kubernetes-addons/argocd/variables.tf b/modules/kubernetes-addons/argocd/variables.tf
deleted file mode 100644
index 107a816813..0000000000
--- a/modules/kubernetes-addons/argocd/variables.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-variable "helm_config" {
-  description = "ArgoCD Helm Chart Config values"
-  type        = any
-  default     = {}
-}
-
-variable "applications" {
-  description = "ArgoCD Application config used to bootstrap a cluster."
-  type        = any
-  default     = {}
-}
-
-variable "addon_config" {
-  description = "Configuration for managing add-ons via ArgoCD"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/argocd/versions.tf b/modules/kubernetes-addons/argocd/versions.tf
deleted file mode 100644
index 41659b9847..0000000000
--- a/modules/kubernetes-addons/argocd/versions.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/README.md b/modules/kubernetes-addons/aws-cloudwatch-metrics/README.md
deleted file mode 100644
index e7da6eadd3..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/README.md
+++ /dev/null
@@ -1,47 +0,0 @@
-# AWS CloudWatch Metrics
-
-This add-on configures [AWS CloudWatch Agent](https://github.com/aws/eks-charts/tree/master/stable/aws-cloudwatch-metrics) used for CloudWatch [Container Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContainerInsights.html). Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config aws-cloudwatch-metrics. | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
deleted file mode 100644
index d4856e4fb9..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-locals {
-  name            = "aws-cloudwatch-metrics"
-  namespace       = "amazon-cloudwatch"
-  service_account = try(var.helm_config.service_account, "cloudwatch-agent")
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-cloudwatch-metrics/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://aws.github.io/eks-charts"
-    version     = "0.0.7"
-    namespace   = local.namespace
-    values      = local.default_helm_values
-    description = "aws-cloudwatch-metrics Helm Chart deployment configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    eks_cluster_id = var.addon_context.eks_cluster_id
-  })]
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    irsa_iam_policies                   = concat(["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/CloudWatchAgentServerPolicy"], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/main.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/main.tf
deleted file mode 100644
index 2e4e463761..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/main.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/outputs.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/values.yaml b/modules/kubernetes-addons/aws-cloudwatch-metrics/values.yaml
deleted file mode 100644
index bd8e751b1a..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/values.yaml
+++ /dev/null
@@ -1 +0,0 @@
-clusterName: ${eks_cluster_id}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/variables.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/variables.tf
deleted file mode 100644
index f0e5ca748b..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config aws-cloudwatch-metrics."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/versions.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/versions.tf
deleted file mode 100644
index 9ac174272e..0000000000
--- a/modules/kubernetes-addons/aws-cloudwatch-metrics/versions.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-coredns/README.md b/modules/kubernetes-addons/aws-coredns/README.md
deleted file mode 100644
index b6c4ed2415..0000000000
--- a/modules/kubernetes-addons/aws-coredns/README.md
+++ /dev/null
@@ -1,117 +0,0 @@
-# [CoreDNS](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html)
-
-This addons supports managing CoreDNS through either the EKS managed addon or a self-managed addon via Helm.
-
-## EKS Managed CoreDNS Addon
-
-To enable and modify the EKS managed addon for CoreDNS, you can reference the following configuration and tailor to suit:
-
-```hcl
-  enable_amazon_eks_coredns = true
-  amazon_eks_coredns_config = {
-    most_recent        = true
-    kubernetes_version = "1.21"
-    resolve_conflicts  = "OVERWRITE"
-    ...
-  }
-```
-
-## Self Managed CoreDNS Addon
-
-⚠️ Note: The EKS service by default provides and manages a CoreDNS deployment on clusters created after 1.18. In order to utilize the self-managed addon without conflicting with the EKS API that by default manages the addon, users will need to update the existing CoreDNS resources. Those changes that are required before deploying the addon are listed below. This change will result in downtime due to the deletion of the existing CoreDNS deployment.
-
-```sh
-kubectl --namespace kube-system delete deployment coredns
-kubectl --namespace kube-system annotate --overwrite service kube-dns meta.helm.sh/release-name=coredns
-kubectl --namespace kube-system annotate --overwrite service kube-dns meta.helm.sh/release-namespace=kube-system
-kubectl --namespace kube-system label --overwrite service kube-dns app.kubernetes.io/managed-by=Helm
-```
-
-See the [`fargate-serverless`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/fargate-serverless) example where the self-managed CoreDNS addon is used to provision CoreDNS on a serverless cluster (data plane).
-
-To provision the self managed addon for CoreDNS, you can reference the following configuration and tailor to suit:
-
-```hcl
-  enable_self_managed_coredns = true
-  self_managed_coredns_helm_config = {
-    compute_type       = "fargate"
-    kubernetes_version = "1.22"
-  }
-```
-
-## Removing Default CoreDNS Deployment
-
-Setting `remove_default_coredns_deployment = true` will remove the default CoreDNS deployment provided by EKS and update the labels and and annotations for kube-dns to allow Helm to manage it. These changes will allow for CoreDNS to be deployed via a Helm chart into a cluster either through self-managed addon (`enable_self_managed_coredns = true`) or some other means (i.e. - GitOps approach).
-
-```hcl
-  remove_default_coredns_deployment = true
-```
-
-# CoreDNS [Cluster Proportional Autoscaler](https://github.com/kubernetes-sigs/cluster-proportional-autoscaler)
-
-By default, EKS provisions CoreDNS with a replica count of 2. As the cluster size increases and more traffic is flowing through the cluster, it is recommended to scale CoreDNS to meet this demand. The cluster proportional autoscaler is recommended to scale the CoreDNS deployment and therefore is provided by default when enabling CoreDNS through EKS Blueprints (either using EKS managed addon for CoreDNS, or self-managed addon for CoreDNS). A set of default settings for scaling CoreDNS is provided but users can provide their own settings as well to override the defaults via `cluster_proportional_autoscaler_helm_config = {}`. In addition, users have the ability to opt out of this default enablement and either not use the cluster proportional autoscaler for CoreDNS or provide a separate implementation of cluster proportional autoscaler.
-
-```hcl
-  enable_cluster_proportional_autoscaler      = true
-  cluster_proportional_autoscaler_helm_config = { ... }
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.8 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.10 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
-| <a name="provider_time"></a> [time](#provider\_time) | >= 0.8 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_cluster_proportional_autoscaler"></a> [cluster\_proportional\_autoscaler](#module\_cluster\_proportional\_autoscaler) | ../cluster-proportional-autoscaler | n/a |
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_addon.coredns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
-| [null_resource.modify_kube_dns](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [null_resource.remove_default_coredns_deployment](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
-| [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed CoreDNS Add-on config | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_cluster_proportional_autoscaler_helm_config"></a> [cluster\_proportional\_autoscaler\_helm\_config](#input\_cluster\_proportional\_autoscaler\_helm\_config) | Helm provider config for the CoreDNS cluster-proportional-autoscaler | `any` | `{}` | no |
-| <a name="input_eks_cluster_certificate_authority_data"></a> [eks\_cluster\_certificate\_authority\_data](#input\_eks\_cluster\_certificate\_authority\_data) | The base64 encoded certificate data required to communicate with your cluster | `string` | `""` | no |
-| <a name="input_enable_amazon_eks_coredns"></a> [enable\_amazon\_eks\_coredns](#input\_enable\_amazon\_eks\_coredns) | Enable Amazon EKS CoreDNS add-on | `bool` | `false` | no |
-| <a name="input_enable_cluster_proportional_autoscaler"></a> [enable\_cluster\_proportional\_autoscaler](#input\_enable\_cluster\_proportional\_autoscaler) | Enable cluster-proportional-autoscaler | `bool` | `true` | no |
-| <a name="input_enable_self_managed_coredns"></a> [enable\_self\_managed\_coredns](#input\_enable\_self\_managed\_coredns) | Enable self-managed CoreDNS add-on | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the aws\_efs\_csi\_driver | `any` | `{}` | no |
-| <a name="input_remove_default_coredns_deployment"></a> [remove\_default\_coredns\_deployment](#input\_remove\_default\_coredns\_deployment) | Determines whether the default deployment of CoreDNS is removed and ownership of kube-dns passed to Helm | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-coredns/main.tf b/modules/kubernetes-addons/aws-coredns/main.tf
deleted file mode 100644
index aa2768e0ac..0000000000
--- a/modules/kubernetes-addons/aws-coredns/main.tf
+++ /dev/null
@@ -1,206 +0,0 @@
-locals {
-  name = "coredns"
-}
-
-data "aws_eks_addon_version" "this" {
-  addon_name = local.name
-  # Need to allow both config routes - for managed and self-managed configs
-  kubernetes_version = try(var.addon_config.kubernetes_version, var.helm_config.kubernetes_version)
-  most_recent        = try(var.addon_config.most_recent, var.helm_config.most_recent, false)
-}
-
-resource "aws_eks_addon" "coredns" {
-  count = var.enable_amazon_eks_coredns ? 1 : 0
-
-  cluster_name             = var.addon_context.eks_cluster_id
-  addon_name               = local.name
-  addon_version            = try(var.addon_config.addon_version, data.aws_eks_addon_version.this.version)
-  resolve_conflicts        = try(var.addon_config.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = try(var.addon_config.service_account_role_arn, null)
-  preserve                 = try(var.addon_config.preserve, true)
-  configuration_values     = try(var.addon_config.configuration_values, null)
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-  count  = var.enable_self_managed_coredns ? 1 : 0
-
-  helm_config = merge({
-    name        = local.name
-    description = "CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS Services"
-    chart       = local.name
-    repository  = "https://coredns.github.io/helm"
-    namespace   = "kube-system"
-    values = [
-      <<-EOT
-      image:
-        repository: ${var.helm_config.image_registry}/eks/coredns
-        tag: ${try(var.helm_config.addon_version, data.aws_eks_addon_version.this.version)}
-      deployment:
-        name: coredns
-        annotations:
-          eks.amazonaws.com/compute-type: ${try(var.helm_config.compute_type, "ec2")}
-      service:
-        name: kube-dns
-        annotations:
-          eks.amazonaws.com/compute-type: ${try(var.helm_config.compute_type, "ec2")}
-      podAnnotations:
-        eks.amazonaws.com/compute-type: ${try(var.helm_config.compute_type, "ec2")}
-      EOT
-    ]
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.create"
-      value = true
-    },
-    {
-      # This simply maps a dependency for Terraform to ensure the default deployment is
-      # removed first (if enabled) before provisioning self-managed version (if enabled)
-      name  = "blueprints.connection"
-      value = try(null_resource.remove_default_coredns_deployment[0].id, "none")
-    }
-  ]
-
-  # Blueprints
-  addon_context = var.addon_context
-}
-
-#---------------------------------------------------------------
-# Modifying CoreDNS for Fargate
-#---------------------------------------------------------------
-
-data "aws_eks_cluster_auth" "this" {
-  name = time_sleep.this.triggers["eks_cluster_id"]
-}
-
-locals {
-  kubeconfig = yamlencode({
-    apiVersion      = "v1"
-    kind            = "Config"
-    current-context = "terraform"
-    clusters = [{
-      name = time_sleep.this.triggers["eks_cluster_id"]
-      cluster = {
-        certificate-authority-data = var.eks_cluster_certificate_authority_data
-        server                     = var.addon_context.aws_eks_cluster_endpoint
-      }
-    }]
-    contexts = [{
-      name = "terraform"
-      context = {
-        cluster = time_sleep.this.triggers["eks_cluster_id"]
-        user    = "terraform"
-      }
-    }]
-    users = [{
-      name = "terraform"
-      user = {
-        token = data.aws_eks_cluster_auth.this.token
-      }
-    }]
-  })
-}
-
-resource "time_sleep" "this" {
-  create_duration = "1m"
-
-  triggers = {
-    eks_cluster_id = var.addon_context.eks_cluster_id
-  }
-}
-
-# Separate resource so that this is only ever executed once
-resource "null_resource" "remove_default_coredns_deployment" {
-  count = var.enable_self_managed_coredns && var.remove_default_coredns_deployment ? 1 : 0
-
-  triggers = {}
-
-  provisioner "local-exec" {
-    interpreter = ["/bin/bash", "-c"]
-    environment = {
-      KUBECONFIG = base64encode(local.kubeconfig)
-    }
-
-    # We are removing the deployment provided by the EKS service and replacing it through the self-managed CoreDNS Helm addon
-    # However, we are maintaing the existing kube-dns service and annotating it for Helm to assume control
-    command = <<-EOT
-      kubectl --namespace kube-system delete deployment coredns --kubeconfig <(echo $KUBECONFIG | base64 -d)
-    EOT
-  }
-}
-
-resource "null_resource" "modify_kube_dns" {
-  count = var.enable_self_managed_coredns && var.remove_default_coredns_deployment ? 1 : 0
-
-  triggers = {}
-
-  provisioner "local-exec" {
-    interpreter = ["/bin/bash", "-c"]
-    environment = {
-      KUBECONFIG = base64encode(local.kubeconfig)
-      CONNECTION = null_resource.remove_default_coredns_deployment[0].id
-    }
-
-    # We are maintaing the existing kube-dns service and annotating it for Helm to assume control
-    command = <<-EOT
-      kubectl --namespace kube-system annotate --overwrite service kube-dns meta.helm.sh/release-name=coredns --kubeconfig <(echo $KUBECONFIG | base64 -d)
-      kubectl --namespace kube-system annotate --overwrite service kube-dns meta.helm.sh/release-namespace=kube-system --kubeconfig <(echo $KUBECONFIG | base64 -d)
-      kubectl --namespace kube-system label --overwrite service kube-dns app.kubernetes.io/managed-by=Helm --kubeconfig <(echo $KUBECONFIG | base64 -d)
-    EOT
-  }
-}
-
-#---------------------------------------------------------------
-# Cluster proportional autoscaler
-#---------------------------------------------------------------
-
-module "cluster_proportional_autoscaler" {
-  source = "../cluster-proportional-autoscaler"
-
-  count = var.enable_cluster_proportional_autoscaler ? 1 : 0
-
-  helm_config = merge({
-    values = [
-      <<-EOT
-        nameOverride: coredns
-
-        config:
-          linear:
-            coresPerReplica: 256
-            nodesPerReplica: 16
-            min: 1
-            max: 100
-            preventSinglePointFailure: true
-            includeUnschedulableNodes: true
-
-        options:
-          target: "deployment/coredns"
-
-        podSecurityContext:
-          seccompProfile:
-            type: RuntimeDefault
-          supplementalGroups: [ 65534 ]
-          fsGroup: 65534
-
-        tolerations:
-          - key: "CriticalAddonsOnly"
-            operator: "Exists"
-        blueprints:
-          connection: ${try(null_resource.remove_default_coredns_deployment[0].id, "none")}
-      EOT
-    ]
-    },
-    var.cluster_proportional_autoscaler_helm_config
-  )
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/aws-coredns/outputs.tf b/modules/kubernetes-addons/aws-coredns/outputs.tf
deleted file mode 100644
index a81c53eadc..0000000000
--- a/modules/kubernetes-addons/aws-coredns/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = try(module.helm_addon[0].release_metadata, null)
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.helm_addon[0].irsa_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.helm_addon[0].irsa_name, null)
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = try(module.helm_addon[0].service_account, null)
-}
diff --git a/modules/kubernetes-addons/aws-coredns/variables.tf b/modules/kubernetes-addons/aws-coredns/variables.tf
deleted file mode 100644
index 30cafa4af2..0000000000
--- a/modules/kubernetes-addons/aws-coredns/variables.tf
+++ /dev/null
@@ -1,62 +0,0 @@
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
-
-variable "enable_amazon_eks_coredns" {
-  description = "Enable Amazon EKS CoreDNS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "addon_config" {
-  description = "Amazon EKS Managed CoreDNS Add-on config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_self_managed_coredns" {
-  description = "Enable self-managed CoreDNS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "helm_config" {
-  description = "Helm provider config for the aws_efs_csi_driver"
-  default     = {}
-  type        = any
-}
-
-variable "remove_default_coredns_deployment" {
-  description = "Determines whether the default deployment of CoreDNS is removed and ownership of kube-dns passed to Helm"
-  type        = bool
-  default     = false
-}
-
-variable "eks_cluster_certificate_authority_data" {
-  description = "The base64 encoded certificate data required to communicate with your cluster"
-  type        = string
-  default     = ""
-}
-
-variable "enable_cluster_proportional_autoscaler" {
-  description = "Enable cluster-proportional-autoscaler"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_proportional_autoscaler_helm_config" {
-  description = "Helm provider config for the CoreDNS cluster-proportional-autoscaler"
-  default     = {}
-  type        = any
-}
diff --git a/modules/kubernetes-addons/aws-coredns/versions.tf b/modules/kubernetes-addons/aws-coredns/versions.tf
deleted file mode 100644
index 41bb2001a5..0000000000
--- a/modules/kubernetes-addons/aws-coredns/versions.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.10"
-    }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 3.0"
-    }
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.8"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/README.md b/modules/kubernetes-addons/aws-ebs-csi-driver/README.md
deleted file mode 100644
index 9df7fbaf2c..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/README.md
+++ /dev/null
@@ -1,85 +0,0 @@
-# aws-ebs-csi-driver
-
-[aws-ebs-csi-driver](https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html)
-The EBS CSI driver provides a CSI interface used by container orchestrators to manage the lifecycle of Amazon EBS volumes. Availability in EKS add-ons in preview enables a simple experience for attaching persistent storage to an EKS cluster. The EBS CSI driver can now be installed, managed, and updated directly through the EKS console, CLI, and API
-
-This addons supports managing AWS-EBS-CSI-DRIVER through either the EKS managed addon or a self-managed addon via Helm.
-
-## EKS Managed AWS-EBS-CSI-DRIVER Addon
-
-To enable and modify the EKS managed addon for aws-ebs-csi-driver, you can reference the following configuration and tailor to suit:
-
-```hcl
-  enable_amazon_eks_aws_ebs_csi_driver = true
-  amazon_eks_aws_ebs_csi_driver_config = {
-    resolve_conflicts = "OVERWRITE"
-    ...
-  }
-```
-
-## Self Managed AWS-EBS-CSI-DRIVER Addon
-
-Official [aws-ebs-csi-driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) helm chart will be deploy in this mode
-
-you must use this mode if you need to change the configuration of the ebs-csi-driver as this is not possible with the EKS managed mode
-
-See the [`stateful`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/stateful) example where the self-managed aws-ebs-csi-driver addon is used to provision the ebs-csi-driver on a EKS cluster
-
-To provision the self managed addon for aws-ebs-csi-driver, you can reference the following configuration and tailor to suit:
-
- ```hcl
-   enable_self_managed_aws_ebs_csi_driver = true
-   self_managed_aws_ebs_csi_driver_helm_config = {
-    ...
-   }
-  ```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_irsa_addon"></a> [irsa\_addon](#module\_irsa\_addon) | ../../../modules/irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_addon.aws_ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
-| [aws_iam_policy.aws_ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
-| [aws_iam_policy_document.aws_ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed Add-on config for EBS CSI Driver | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_enable_amazon_eks_aws_ebs_csi_driver"></a> [enable\_amazon\_eks\_aws\_ebs\_csi\_driver](#input\_enable\_amazon\_eks\_aws\_ebs\_csi\_driver) | Enable EKS Managed AWS EBS CSI Driver add-on | `bool` | `false` | no |
-| <a name="input_enable_self_managed_aws_ebs_csi_driver"></a> [enable\_self\_managed\_aws\_ebs\_csi\_driver](#input\_enable\_self\_managed\_aws\_ebs\_csi\_driver) | Enable self-managed aws-ebs-csi-driver add-on | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Self-managed aws-ebs-csi-driver Helm chart config | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/data.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/data.tf
deleted file mode 100644
index 8a2339fbbb..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/data.tf
+++ /dev/null
@@ -1,160 +0,0 @@
-data "aws_iam_policy_document" "aws_ebs_csi_driver" {
-  count = local.create_irsa ? 1 : 0
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:CreateSnapshot",
-      "ec2:AttachVolume",
-      "ec2:DetachVolume",
-      "ec2:ModifyVolume",
-      "ec2:DescribeAvailabilityZones",
-      "ec2:DescribeInstances",
-      "ec2:DescribeSnapshots",
-      "ec2:DescribeTags",
-      "ec2:DescribeVolumes",
-      "ec2:DescribeVolumesModifications",
-    ]
-  }
-
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:ec2:*:*:volume/*",
-      "arn:${var.addon_context.aws_partition_id}:ec2:*:*:snapshot/*",
-    ]
-
-    actions = ["ec2:CreateTags"]
-
-    condition {
-      test     = "StringEquals"
-      variable = "ec2:CreateAction"
-
-      values = [
-        "CreateVolume",
-        "CreateSnapshot",
-      ]
-    }
-  }
-
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:ec2:*:*:volume/*",
-      "arn:${var.addon_context.aws_partition_id}:ec2:*:*:snapshot/*",
-    ]
-
-    actions = ["ec2:DeleteTags"]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:CreateVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/ebs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:CreateVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/CSIVolumeName"
-      values   = ["*"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:CreateVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/kubernetes.io/cluster/*"
-      values   = ["owned"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:DeleteVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:DeleteVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/CSIVolumeName"
-      values   = ["*"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:DeleteVolume"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/kubernetes.io/cluster/*"
-      values   = ["owned"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:DeleteSnapshot"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/CSIVolumeSnapshotName"
-      values   = ["*"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:DeleteSnapshot"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
deleted file mode 100644
index 11a5f9923b..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
+++ /dev/null
@@ -1,105 +0,0 @@
-locals {
-  name = "aws-ebs-csi-driver"
-
-  create_irsa     = try(var.addon_config.service_account_role_arn == "", true)
-  namespace       = try(var.helm_config.namespace, "kube-system")
-  service_account = try(var.helm_config.service_account, "ebs-csi-controller-sa")
-}
-
-data "aws_eks_addon_version" "this" {
-  addon_name = local.name
-  # Need to allow both config routes - for managed and self-managed configs
-  kubernetes_version = try(var.addon_config.kubernetes_version, var.helm_config.kubernetes_version)
-  most_recent        = try(var.addon_config.most_recent, var.helm_config.most_recent, false)
-}
-
-resource "aws_eks_addon" "aws_ebs_csi_driver" {
-  count                    = var.enable_amazon_eks_aws_ebs_csi_driver && !var.enable_self_managed_aws_ebs_csi_driver ? 1 : 0
-  cluster_name             = var.addon_context.eks_cluster_id
-  addon_name               = local.name
-  addon_version            = try(var.addon_config.addon_version, data.aws_eks_addon_version.this.version)
-  resolve_conflicts        = try(var.addon_config.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = local.create_irsa ? module.irsa_addon[0].irsa_iam_role_arn : try(var.addon_config.service_account_role_arn, null)
-  preserve                 = try(var.addon_config.preserve, true)
-  configuration_values     = try(var.addon_config.configuration_values, null)
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-  count  = var.enable_self_managed_aws_ebs_csi_driver && !var.enable_amazon_eks_aws_ebs_csi_driver ? 1 : 0
-
-  # https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/charts/aws-ebs-csi-driver/Chart.yaml
-  helm_config = merge({
-    name        = local.name
-    description = "The Amazon Elastic Block Store Container Storage Interface (CSI) Driver provides a CSI interface used by Container Orchestrators to manage the lifecycle of Amazon EBS volumes."
-    chart       = local.name
-    version     = "2.12.1"
-    repository  = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
-    namespace   = local.namespace
-    values = [
-      <<-EOT
-      image:
-        repository: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver
-        tag: ${try(var.helm_config.addon_version, replace(data.aws_eks_addon_version.this.version, "/-eksbuild.*/", ""))}
-      controller:
-        k8sTagClusterId: ${var.addon_context.eks_cluster_id}
-      EOT
-    ]
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "controller.serviceAccount.create"
-      value = "false"
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config.create_namespace, false)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = local.service_account
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.helm_config, "additional_iam_policies", []))
-  }
-
-  # Blueprints
-  addon_context = var.addon_context
-}
-
-module "irsa_addon" {
-  source = "../../../modules/irsa"
-
-  count = local.create_irsa && !var.enable_self_managed_aws_ebs_csi_driver ? 1 : 0
-
-  create_kubernetes_namespace       = false
-  create_kubernetes_service_account = false
-  kubernetes_namespace              = local.namespace
-  kubernetes_service_account        = local.service_account
-  irsa_iam_policies                 = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.addon_config, "additional_iam_policies", []))
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                    = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
-}
-
-resource "aws_iam_policy" "aws_ebs_csi_driver" {
-  count = local.create_irsa || var.enable_self_managed_aws_ebs_csi_driver ? 1 : 0
-
-  name        = "${var.addon_context.eks_cluster_id}-aws-ebs-csi-driver-irsa"
-  description = "IAM Policy for AWS EBS CSI Driver"
-  path        = try(var.addon_context.irsa_iam_role_path, null)
-  policy      = data.aws_iam_policy_document.aws_ebs_csi_driver[0].json
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/outputs.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/outputs.tf
deleted file mode 100644
index a81c53eadc..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = try(module.helm_addon[0].release_metadata, null)
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.helm_addon[0].irsa_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.helm_addon[0].irsa_name, null)
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = try(module.helm_addon[0].service_account, null)
-}
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/variables.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/variables.tf
deleted file mode 100644
index 55a0673421..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/variables.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-variable "addon_config" {
-  description = "Amazon EKS Managed Add-on config for EBS CSI Driver"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "enable_amazon_eks_aws_ebs_csi_driver" {
-  description = "Enable EKS Managed AWS EBS CSI Driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "enable_self_managed_aws_ebs_csi_driver" {
-  description = "Enable self-managed aws-ebs-csi-driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "helm_config" {
-  description = "Self-managed aws-ebs-csi-driver Helm chart config"
-  type        = any
-  default     = {}
-}
diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/versions.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/versions.tf
deleted file mode 100644
index 6ea9ef581c..0000000000
--- a/modules/kubernetes-addons/aws-ebs-csi-driver/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/README.md b/modules/kubernetes-addons/aws-efs-csi-driver/README.md
deleted file mode 100644
index 957fd3950e..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/README.md
+++ /dev/null
@@ -1,48 +0,0 @@
-# AWS EFS CSI driver Helm Chart
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.aws_efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.aws_efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the aws\_efs\_csi\_driver. | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf b/modules/kubernetes-addons/aws-efs-csi-driver/data.tf
deleted file mode 100644
index 3d312e740f..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf
+++ /dev/null
@@ -1,95 +0,0 @@
-data "aws_iam_policy_document" "aws_efs_csi_driver" {
-  statement {
-    sid       = "AllowDescribeAvailabilityZones"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeAvailabilityZones",
-    ]
-  }
-
-  statement {
-    sid    = "AllowDescribeFileSystems"
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:access-point/*"
-    ]
-
-    actions = [
-      "elasticfilesystem:DescribeAccessPoints",
-      "elasticfilesystem:DescribeFileSystems",
-      "elasticfilesystem:DescribeMountTargets"
-    ]
-  }
-
-  statement {
-    sid       = "AllowCreateAccessPoint"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*"]
-    actions   = ["elasticfilesystem:CreateAccessPoint"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = "TagResource"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*"]
-    actions   = ["elasticfilesystem:TagResource"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:RequestTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = "AllowDeleteAccessPoint"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:access-point/*"]
-    actions   = ["elasticfilesystem:DeleteAccessPoint"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:ResourceTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid    = "AllowTagResource"
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:access-point/*"
-    ]
-    actions = ["elasticfilesystem:TagResource"]
-
-    condition {
-      test     = "StringLike"
-      variable = "aws:ResourceTag/efs.csi.aws.com/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    actions = [
-      "elasticfilesystem:ClientRootAccess",
-      "elasticfilesystem:ClientWrite",
-      "elasticfilesystem:ClientMount",
-    ]
-    resources = ["arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*"]
-    condition {
-      test     = "Bool"
-      variable = "elasticfilesystem:AccessedViaMountTarget"
-      values   = ["true"]
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf b/modules/kubernetes-addons/aws-efs-csi-driver/main.tf
deleted file mode 100644
index 15c147ea54..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf
+++ /dev/null
@@ -1,60 +0,0 @@
-locals {
-  name            = try(var.helm_config.name, "aws-efs-csi-driver")
-  namespace       = try(var.helm_config.namespace, "kube-system")
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-
-  # https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/charts/aws-efs-csi-driver/Chart.yaml
-  helm_config = merge({
-    name        = local.name
-    chart       = local.name
-    repository  = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
-    version     = "2.3.2"
-    namespace   = local.namespace
-    description = "The AWS EFS CSI driver Helm chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  irsa_config = {
-    kubernetes_namespace                = local.namespace
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(var.helm_config.create_namespace, false)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_efs_csi_driver.arn], var.irsa_policies)
-  }
-
-  set_values = [
-    {
-      name  = "controller.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "controller.serviceAccount.create"
-      value = false
-    },
-    {
-      name  = "node.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "node.serviceAccount.create"
-      value = false
-    }
-  ]
-
-  addon_context = var.addon_context
-}
-
-resource "aws_iam_policy" "aws_efs_csi_driver" {
-  name        = "${var.addon_context.eks_cluster_id}-efs-csi-policy"
-  description = "IAM Policy for AWS EFS CSI Driver"
-  policy      = data.aws_iam_policy_document.aws_efs_csi_driver.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf b/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf
deleted file mode 100644
index b1934d91fa..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value = var.manage_via_gitops ? {
-    enable             = true
-    serviceAccountName = local.service_account
-  } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/variables.tf b/modules/kubernetes-addons/aws-efs-csi-driver/variables.tf
deleted file mode 100644
index 777c771a8e..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the aws_efs_csi_driver."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/versions.tf b/modules/kubernetes-addons/aws-efs-csi-driver/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-efs-csi-driver/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/README.md b/modules/kubernetes-addons/aws-for-fluentbit/README.md
deleted file mode 100644
index 96682b9c2e..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
-# AWS for Fluent Bit
-
-Fluent Bit is an open source Log Processor and Forwarder which allows you to collect any data like metrics and logs from different sources, enrich them with filters and send them to multiple destinations.
-AWS provides a Fluent Bit image with plugins for CloudWatch Logs, Kinesis Data Firehose, Kinesis Data Stream and Amazon OpenSearch Service.
-
-This add-on is configured to stream the worker node logs to CloudWatch Logs by default. It can be configured to stream the logs to additional destinations like Kinesis Data Firehose, Kinesis Data Streams and Amazon OpenSearch Service by passing the custom `values.yaml`.
-See this [Helm Chart](https://github.com/aws/eks-charts/tree/master/stable/aws-for-fluent-bit) for more details.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_kms"></a> [kms](#module\_kms) | ../../../modules/aws-kms | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudwatch_log_group.aws_for_fluent_bit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_iam_policy.aws_for_fluent_bit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_create_cw_log_group"></a> [create\_cw\_log\_group](#input\_create\_cw\_log\_group) | Set to false to use existing CloudWatch log group supplied via the cw\_log\_group\_name variable. | `bool` | `true` | no |
-| <a name="input_cw_log_group_kms_key_arn"></a> [cw\_log\_group\_kms\_key\_arn](#input\_cw\_log\_group\_kms\_key\_arn) | FluentBit CloudWatch Log group KMS Key | `string` | `null` | no |
-| <a name="input_cw_log_group_name"></a> [cw\_log\_group\_name](#input\_cw\_log\_group\_name) | FluentBit CloudWatch Log group name | `string` | `null` | no |
-| <a name="input_cw_log_group_retention"></a> [cw\_log\_group\_retention](#input\_cw\_log\_group\_retention) | FluentBit CloudWatch Log group retention period | `number` | `90` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config aws\_for\_fluent\_bit. | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_cw_log_group_arn"></a> [cw\_log\_group\_arn](#output\_cw\_log\_group\_arn) | AWS Fluent Bit CloudWatch Log Group ARN |
-| <a name="output_cw_log_group_name"></a> [cw\_log\_group\_name](#output\_cw\_log\_group\_name) | AWS Fluent Bit CloudWatch Log Group Name |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/data.tf b/modules/kubernetes-addons/aws-for-fluentbit/data.tf
deleted file mode 100644
index 5e487443a3..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/data.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-data "aws_iam_session_context" "current" {
-  arn = var.addon_context.aws_caller_identity_arn
-}
-
-data "aws_iam_policy_document" "irsa" {
-  statement {
-    sid       = "PutLogEvents"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:*:log-stream:*"]
-    actions   = ["logs:PutLogEvents"]
-  }
-
-  statement {
-    sid       = "CreateCWLogs"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:*"]
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-    ]
-  }
-}
-
-data "aws_iam_policy_document" "kms" {
-  statement {
-    sid       = "Enable IAM User Permissions"
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["kms:*"]
-
-    principals {
-      type = "AWS"
-      identifiers = ["arn:${var.addon_context.aws_partition_id}:iam::${var.addon_context.aws_caller_identity_account_id}:root",
-      data.aws_iam_session_context.current.issuer_arn]
-    }
-  }
-
-  statement {
-    sid       = "Enable Encryption for LogGroup"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "kms:Decrypt*",
-      "kms:Describe*",
-      "kms:Encrypt*",
-      "kms:GenerateDataKey*",
-      "kms:ReEncrypt*",
-    ]
-
-    condition {
-      test     = "ArnEquals"
-      variable = "kms:EncryptionContext:aws:logs:arn"
-      values   = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:${local.log_group_name}"]
-    }
-
-    principals {
-      type        = "Service"
-      identifiers = ["logs.${var.addon_context.aws_region_name}.amazonaws.com"]
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf b/modules/kubernetes-addons/aws-for-fluentbit/locals.tf
deleted file mode 100644
index 8dd285c55e..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf
+++ /dev/null
@@ -1,53 +0,0 @@
-locals {
-  name            = "aws-for-fluent-bit"
-  log_group_name  = var.cw_log_group_name == null ? "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs" : var.cw_log_group_name
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-for-fluent-bit/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://aws.github.io/eks-charts"
-    version     = "0.1.24"
-    namespace   = local.name
-    values      = local.default_helm_values
-    description = "aws-for-fluentbit Helm Chart deployment configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    aws_region      = var.addon_context.aws_region_name,
-    log_group_name  = local.log_group_name,
-    service_account = local.service_account
-  })]
-
-  argocd_gitops_config = {
-    enable             = true
-    logGroupName       = local.log_group_name
-    serviceAccountName = local.service_account
-  }
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_for_fluent_bit.arn], var.irsa_policies)
-  }
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/main.tf b/modules/kubernetes-addons/aws-for-fluentbit/main.tf
deleted file mode 100644
index 030451187d..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/main.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_cloudwatch_log_group" "aws_for_fluent_bit" {
-  count             = var.create_cw_log_group ? 1 : 0
-  name              = local.log_group_name
-  retention_in_days = var.cw_log_group_retention
-  kms_key_id        = var.cw_log_group_kms_key_arn == null ? module.kms[0].key_arn : var.cw_log_group_kms_key_arn
-  tags              = var.addon_context.tags
-}
-
-resource "aws_iam_policy" "aws_for_fluent_bit" {
-  name        = "${var.addon_context.eks_cluster_id}-fluentbit"
-  description = "IAM Policy for AWS for FluentBit"
-  policy      = data.aws_iam_policy_document.irsa.json
-  tags        = var.addon_context.tags
-}
-
-module "kms" {
-  count       = var.cw_log_group_kms_key_arn == null && var.create_cw_log_group ? 1 : 0
-  source      = "../../../modules/aws-kms"
-  description = "EKS Workers FluentBit CloudWatch Log group KMS Key"
-  alias       = "alias/${var.addon_context.eks_cluster_id}-cw-fluent-bit"
-  policy      = data.aws_iam_policy_document.kms.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/outputs.tf b/modules/kubernetes-addons/aws-for-fluentbit/outputs.tf
deleted file mode 100644
index 5cd834d031..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/outputs.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-output "cw_log_group_name" {
-  description = "AWS Fluent Bit CloudWatch Log Group Name"
-  value       = var.create_cw_log_group ? aws_cloudwatch_log_group.aws_for_fluent_bit[0].name : local.log_group_name
-}
-
-output "cw_log_group_arn" {
-  description = "AWS Fluent Bit CloudWatch Log Group ARN"
-  value       = var.create_cw_log_group ? aws_cloudwatch_log_group.aws_for_fluent_bit[0].arn : null
-}
-
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/values.yaml b/modules/kubernetes-addons/aws-for-fluentbit/values.yaml
deleted file mode 100644
index 8dda00c88f..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/values.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-serviceAccount:
-  create: false
-  name: ${service_account}
-
-cloudWatchLogs:
-  enabled: true
-  region: ${aws_region}
-  logGroupName: ${log_group_name}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/variables.tf b/modules/kubernetes-addons/aws-for-fluentbit/variables.tf
deleted file mode 100644
index e6874efac7..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/variables.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config aws_for_fluent_bit."
-  type        = any
-  default     = {}
-}
-
-variable "create_cw_log_group" {
-  description = "Set to false to use existing CloudWatch log group supplied via the cw_log_group_name variable."
-  type        = bool
-  default     = true
-}
-
-variable "cw_log_group_name" {
-  description = "FluentBit CloudWatch Log group name"
-  type        = string
-  default     = null
-}
-
-variable "cw_log_group_retention" {
-  description = "FluentBit CloudWatch Log group retention period"
-  type        = number
-  default     = 90
-}
-
-variable "cw_log_group_kms_key_arn" {
-  description = "FluentBit CloudWatch Log group KMS Key"
-  type        = string
-  default     = null
-}
-
-variable "manage_via_gitops" {
-  type        = bool
-  description = "Determines if the add-on should be managed via GitOps."
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-for-fluentbit/versions.tf b/modules/kubernetes-addons/aws-for-fluentbit/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-for-fluentbit/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/README.md b/modules/kubernetes-addons/aws-fsx-csi-driver/README.md
deleted file mode 100644
index efcd6c33b9..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/README.md
+++ /dev/null
@@ -1,48 +0,0 @@
-# AWS FSx for Lustre CSI driver Helm Chart
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.aws_fsx_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.aws_fsx_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the aws\_fsx\_csi\_driver. | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/data.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/data.tf
deleted file mode 100644
index 850c754903..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/data.tf
+++ /dev/null
@@ -1,59 +0,0 @@
-data "aws_iam_policy_document" "aws_fsx_csi_driver" {
-  statement {
-    sid       = "AllowCreateServiceLinkedRoles"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/*"]
-
-    actions = [
-      "iam:CreateServiceLinkedRole",
-      "iam:AttachRolePolicy",
-      "iam:PutRolePolicy",
-    ]
-  }
-
-  statement {
-    sid       = "AllowCreateServiceLinkedRole"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:iam::${var.addon_context.aws_caller_identity_account_id}:role/*"]
-    actions   = ["iam:CreateServiceLinkedRole"]
-
-    condition {
-      test     = "StringLike"
-      variable = "iam:AWSServiceName"
-      values   = ["fsx.amazonaws.com"]
-    }
-  }
-
-  statement {
-    sid       = "AllowListBuckets"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:s3:::*"]
-
-    actions = [
-      "s3:ListBucket"
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:fsx:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*"]
-
-    actions = [
-      "fsx:CreateFileSystem",
-      "fsx:DeleteFileSystem",
-      "fsx:UpdateFileSystem",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:fsx:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:*"]
-
-    actions = [
-      "fsx:DescribeFileSystems",
-      "fsx:TagResource"
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
deleted file mode 100644
index 31d5ae513b..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-locals {
-  name            = "aws-fsx-csi-driver"
-  service_account = try(var.helm_config.service_account, "fsx-csi-sa")
-  namespace       = "kube-system"
-
-  # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://kubernetes-sigs.github.io/aws-fsx-csi-driver/"
-    version     = "1.5.0"
-    namespace   = local.namespace
-    description = "The Amazon FSx for Lustre CSI driver Helm chart deployment configuration"
-  }
-
-  helm_config = merge(local.default_helm_config, var.helm_config)
-
-  set_values = [
-    {
-      name  = "controller.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "controller.serviceAccount.create"
-      value = false
-    },
-    {
-      name  = "node.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "node.serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_fsx_csi_driver.arn], var.irsa_policies)
-    tags                                = var.addon_context.tags
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/main.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/main.tf
deleted file mode 100644
index cc96547f1c..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/main.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-#-------------------------------------------------
-# FSx for Lustre Helm Add-on
-#-------------------------------------------------
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-#-------------------------------------------------
-# IRSA IAM policy for FSx for Lustre
-#-------------------------------------------------
-resource "aws_iam_policy" "aws_fsx_csi_driver" {
-  name        = "${var.addon_context.eks_cluster_id}-fsx-csi-policy"
-  description = "IAM Policy for AWS FSx CSI Driver"
-  policy      = data.aws_iam_policy_document.aws_fsx_csi_driver.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/outputs.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/variables.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/variables.tf
deleted file mode 100644
index 0190bab879..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the aws_fsx_csi_driver."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/versions.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-fsx-csi-driver/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-kube-proxy/README.md b/modules/kubernetes-addons/aws-kube-proxy/README.md
deleted file mode 100644
index ca1ece823f..0000000000
--- a/modules/kubernetes-addons/aws-kube-proxy/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# kube-proxy
-
-[kube-proxy](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html)
-Kube-proxy maintains network rules on each Amazon EC2 node. It enables network communication to your pods. Kube-proxy is not deployed to Fargate nodes
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_addon.kube_proxy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
-| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed Add-on config for Kube Proxy | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-
-## Outputs
-
-No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-kube-proxy/main.tf b/modules/kubernetes-addons/aws-kube-proxy/main.tf
deleted file mode 100644
index 096ac28622..0000000000
--- a/modules/kubernetes-addons/aws-kube-proxy/main.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-locals {
-  name = "kube-proxy"
-}
-
-data "aws_eks_addon_version" "this" {
-  addon_name         = local.name
-  kubernetes_version = var.addon_config.kubernetes_version
-  most_recent        = try(var.addon_config.most_recent, false)
-}
-
-resource "aws_eks_addon" "kube_proxy" {
-  cluster_name             = var.addon_context.eks_cluster_id
-  addon_name               = local.name
-  addon_version            = try(var.addon_config.addon_version, data.aws_eks_addon_version.this.version)
-  resolve_conflicts        = try(var.addon_config.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = try(var.addon_config.service_account_role_arn, null)
-  preserve                 = try(var.addon_config.preserve, true)
-  configuration_values     = try(var.addon_config.configuration_values, null)
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
diff --git a/modules/kubernetes-addons/aws-kube-proxy/outputs.tf b/modules/kubernetes-addons/aws-kube-proxy/outputs.tf
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/modules/kubernetes-addons/aws-kube-proxy/variables.tf b/modules/kubernetes-addons/aws-kube-proxy/variables.tf
deleted file mode 100644
index 85ab86ee08..0000000000
--- a/modules/kubernetes-addons/aws-kube-proxy/variables.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-variable "addon_config" {
-  description = "Amazon EKS Managed Add-on config for Kube Proxy"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/aws-kube-proxy/versions.tf b/modules/kubernetes-addons/aws-kube-proxy/versions.tf
deleted file mode 100644
index 6ea9ef581c..0000000000
--- a/modules/kubernetes-addons/aws-kube-proxy/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/README.md b/modules/kubernetes-addons/aws-load-balancer-controller/README.md
deleted file mode 100644
index ade65d54a9..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/README.md
+++ /dev/null
@@ -1,115 +0,0 @@
-# AWS Load Balancer Controller Deployment Guide
-
-# Introduction
-
-The [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.
-
-- It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers.
-- It satisfies Kubernetes Service resources by provisioning Network Load Balancers.
-
-# Helm Chart
-
-### Instructions to use Helm Charts
-
-Add Helm repo for LB Ingress Controller
-
-    helm repo add aws-load-balancer-controller https://aws.github.io/eks-charts
-
-    https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/values.yaml
-
-    https://artifacthub.io/packages/helm/aws/aws-load-balancer-controller
-
-# Docker Image for LB ingress controller
-
-###### Instructions to upload LB ingress controller Docker image to AWS ECR
-
-Step 1: Get the latest docker image from this link
-
-        https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/values.yaml
-
-Step 2: Download the docker image to your local Mac/Laptop
-
-        $ aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 602401143452.dkr.ecr.us-west-2.amazonaws.com
-
-        $ docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.1
-
-Step 3: Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:
-
-        $ aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin <account id>.dkr.ecr.eu-west-1.amazonaws.com
-
-Step 4: Create an ECR repo for LB ingress controller if you don't have one
-
-        $ aws ecr create-repository \
-              --repository-name amazon/aws-load-balancer-controller \
-              --image-scanning-configuration scanOnPush=true
-
-Step 5: After the build completes, tag your image so, you can push the image to this repository:
-
-        $ docker tag 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.1 <accountid>.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.1
-
-Step 6: Run the following command to push this image to your newly created AWS repository:
-
-        $ docker push <accountid>.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.1
-
-#### AWS Service annotations for LB Ingress Controller
-
-Here is the link to get the AWS ELB [service annotations](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/) for LB Ingress controller
-
-# IRSA is too long
-
-If the IAM role is too long, override the service account name in the `helm_config` to create a shorter role name.
-
-```hcl
-  enable_aws_load_balancer_controller = true
-  aws_load_balancer_controller_helm_config = {
-    service_account = "aws-lb-sa"
-  }
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.aws_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon. | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>    default_repository             = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the aws\_load\_balancer\_controller. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_ingress_name"></a> [ingress\_name](#output\_ingress\_name) | AWS LoadBalancer Controller Ingress Name |
-| <a name="output_ingress_namespace"></a> [ingress\_namespace](#output\_ingress\_namespace) | AWS LoadBalancer Controller Ingress Namespace |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/data.tf b/modules/kubernetes-addons/aws-load-balancer-controller/data.tf
deleted file mode 100644
index 8686476ccd..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/data.tf
+++ /dev/null
@@ -1,313 +0,0 @@
-data "aws_iam_policy_document" "aws_lb" {
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["iam:CreateServiceLinkedRole"]
-
-    condition {
-      test     = "StringEquals"
-      variable = "iam:AWSServiceName"
-      values   = ["elasticloadbalancing.amazonaws.com"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeAccountAttributes",
-      "ec2:DescribeAddresses",
-      "ec2:DescribeAvailabilityZones",
-      "ec2:DescribeCoipPools",
-      "ec2:DescribeInstances",
-      "ec2:DescribeInternetGateways",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DescribeSecurityGroups",
-      "ec2:DescribeSubnets",
-      "ec2:DescribeTags",
-      "ec2:DescribeVpcPeeringConnections",
-      "ec2:DescribeVpcs",
-      "ec2:GetCoipPoolUsage",
-      "elasticloadbalancing:DescribeListenerCertificates",
-      "elasticloadbalancing:DescribeListeners",
-      "elasticloadbalancing:DescribeLoadBalancerAttributes",
-      "elasticloadbalancing:DescribeLoadBalancers",
-      "elasticloadbalancing:DescribeRules",
-      "elasticloadbalancing:DescribeSSLPolicies",
-      "elasticloadbalancing:DescribeTags",
-      "elasticloadbalancing:DescribeTargetGroupAttributes",
-      "elasticloadbalancing:DescribeTargetGroups",
-      "elasticloadbalancing:DescribeTargetHealth",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "acm:DescribeCertificate",
-      "acm:ListCertificates",
-      "cognito-idp:DescribeUserPoolClient",
-      "iam:GetServerCertificate",
-      "iam:ListServerCertificates",
-      "shield:CreateProtection",
-      "shield:DeleteProtection",
-      "shield:DescribeProtection",
-      "shield:GetSubscriptionState",
-      "waf-regional:AssociateWebACL",
-      "waf-regional:DisassociateWebACL",
-      "waf-regional:GetWebACL",
-      "waf-regional:GetWebACLForResource",
-      "wafv2:AssociateWebACL",
-      "wafv2:DisassociateWebACL",
-      "wafv2:GetWebACL",
-      "wafv2:GetWebACLForResource",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:AuthorizeSecurityGroupIngress",
-      "ec2:RevokeSecurityGroupIngress",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["ec2:CreateSecurityGroup"]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:ec2:*:*:security-group/*"]
-    actions   = ["ec2:CreateTags"]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-
-    condition {
-      test     = "StringEquals"
-      variable = "ec2:CreateAction"
-      values   = ["CreateSecurityGroup"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:ec2:*:*:security-group/*"]
-
-    actions = [
-      "ec2:CreateTags",
-      "ec2:DeleteTags",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:targetgroup/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:DeleteTargetGroup",
-      "elasticloadbalancing:RemoveTags",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/ingress.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:ec2:*:*:security-group/*"]
-
-    actions = [
-      "ec2:CreateTags",
-      "ec2:DeleteTags",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["true"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:AuthorizeSecurityGroupIngress",
-      "ec2:DeleteSecurityGroup",
-      "ec2:RevokeSecurityGroupIngress",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "elasticloadbalancing:CreateLoadBalancer",
-      "elasticloadbalancing:CreateTargetGroup",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "elasticloadbalancing:CreateListener",
-      "elasticloadbalancing:CreateRule",
-      "elasticloadbalancing:DeleteListener",
-      "elasticloadbalancing:DeleteRule",
-    ]
-  }
-
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:loadbalancer/app/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:targetgroup/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:RemoveTags",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
-      values   = ["true"]
-    }
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid    = ""
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:listener/net/*/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:listener/app/*/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
-      "arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:listener-rule/app/*/*/*",
-    ]
-
-    actions = [
-      "elasticloadbalancing:AddTags",
-      "elasticloadbalancing:RemoveTags",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "elasticloadbalancing:DeleteLoadBalancer",
-      "elasticloadbalancing:DeleteTargetGroup",
-      "elasticloadbalancing:ModifyLoadBalancerAttributes",
-      "elasticloadbalancing:ModifyTargetGroup",
-      "elasticloadbalancing:ModifyTargetGroupAttributes",
-      "elasticloadbalancing:SetIpAddressType",
-      "elasticloadbalancing:SetSecurityGroups",
-      "elasticloadbalancing:SetSubnets",
-    ]
-
-    condition {
-      test     = "Null"
-      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
-      values   = ["false"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:elasticloadbalancing:*:*:targetgroup/*/*"]
-
-    actions = [
-      "elasticloadbalancing:DeregisterTargets",
-      "elasticloadbalancing:RegisterTargets",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "elasticloadbalancing:AddListenerCertificates",
-      "elasticloadbalancing:ModifyListener",
-      "elasticloadbalancing:ModifyRule",
-      "elasticloadbalancing:RemoveListenerCertificates",
-      "elasticloadbalancing:SetWebAcl",
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf b/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
deleted file mode 100644
index 767face086..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf
+++ /dev/null
@@ -1,54 +0,0 @@
-locals {
-  name            = "aws-load-balancer-controller"
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://aws.github.io/eks-charts"
-    version     = "1.4.5"
-    namespace   = "kube-system"
-    values      = local.default_helm_values
-    description = "aws-load-balancer-controller Helm Chart for ingress resources"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    aws_region     = var.addon_context.aws_region_name,
-    eks_cluster_id = var.addon_context.eks_cluster_id,
-    repository     = "${var.addon_context.default_repository}/amazon/aws-load-balancer-controller"
-  })]
-
-  set_values = concat(
-    [
-      {
-        name  = "serviceAccount.name"
-        value = local.service_account
-      },
-      {
-        name  = "serviceAccount.create"
-        value = false
-      }
-    ],
-    try(var.helm_config.set_values, [])
-  )
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = [aws_iam_policy.aws_load_balancer_controller.arn]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/main.tf b/modules/kubernetes-addons/aws-load-balancer-controller/main.tf
deleted file mode 100644
index 307b71bb39..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/main.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "aws_load_balancer_controller" {
-  name        = "${var.addon_context.eks_cluster_id}-lb-irsa"
-  description = "Allows lb controller to manage ALB and NLB"
-  policy      = data.aws_iam_policy_document.aws_lb.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/outputs.tf b/modules/kubernetes-addons/aws-load-balancer-controller/outputs.tf
deleted file mode 100644
index 72fdb6ee7b..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/outputs.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-output "ingress_namespace" {
-  description = "AWS LoadBalancer Controller Ingress Namespace"
-  value       = local.helm_config["namespace"]
-}
-
-output "ingress_name" {
-  description = "AWS LoadBalancer Controller Ingress Name"
-  value       = local.helm_config["name"]
-}
-
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/values.yaml b/modules/kubernetes-addons/aws-load-balancer-controller/values.yaml
deleted file mode 100644
index 90febf945d..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-clusterName: ${eks_cluster_id}
-region: ${aws_region}
-image:
-  repository: ${repository}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/variables.tf b/modules/kubernetes-addons/aws-load-balancer-controller/variables.tf
deleted file mode 100644
index dc8066db21..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/variables.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the aws_load_balancer_controller."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon."
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-    default_repository             = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/versions.tf b/modules/kubernetes-addons/aws-load-balancer-controller/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-load-balancer-controller/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/README.md b/modules/kubernetes-addons/aws-node-termination-handler/README.md
deleted file mode 100644
index 06f3d5d23d..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# AWS Node Termination handler Helm Chart
-
-## What is aws-node-termination-handler
-
-[aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler)
-This project ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, ASG Scale-In, ASG AZ Rebalance, and EC2 Instance Termination via the API or Console. If not handled, your application code may not stop gracefully, take longer to recover full availability, or accidentally schedule work to nodes that are going down.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_autoscaling_group_tag.aws_node_termination_handler_tag](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group_tag) | resource |
-| [aws_autoscaling_lifecycle_hook.aws_node_termination_handler_hook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_lifecycle_hook) | resource |
-| [aws_cloudwatch_event_rule.aws_node_termination_handler_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
-| [aws_cloudwatch_event_target.aws_node_termination_handler_rule_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
-| [aws_iam_policy.aws_node_termination_handler_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_sqs_queue.aws_node_termination_handler_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
-| [aws_sqs_queue_policy.aws_node_termination_handler_queue_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
-| [aws_iam_policy_document.aws_node_termination_handler_queue_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.irsa_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_autoscaling_group_names"></a> [autoscaling\_group\_names](#input\_autoscaling\_group\_names) | EKS Node Group ASG names | `list(string)` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | AWS Node Termination Handler Helm Chart Configuration | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/data.tf b/modules/kubernetes-addons/aws-node-termination-handler/data.tf
deleted file mode 100644
index f55ada01f8..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/data.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-data "aws_iam_policy_document" "aws_node_termination_handler_queue_policy_document" {
-  statement {
-    actions = [
-      "sqs:SendMessage"
-    ]
-    principals {
-      type = "Service"
-      identifiers = [
-        "events.amazonaws.com",
-        "sqs.amazonaws.com"
-      ]
-    }
-    resources = [
-      aws_sqs_queue.aws_node_termination_handler_queue.arn
-    ]
-  }
-}
-
-data "aws_iam_policy_document" "irsa_policy" {
-  statement {
-    actions = [
-      "autoscaling:DescribeAutoScalingInstances",
-      "autoscaling:DescribeTags",
-      "ec2:DescribeInstances",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    actions = [
-      "autoscaling:CompleteLifecycleAction",
-    ]
-    resources = ["arn:${var.addon_context.aws_partition_id}:autoscaling:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:autoScalingGroup:*"]
-  }
-
-  statement {
-    actions = [
-      "sqs:DeleteMessage",
-      "sqs:ReceiveMessage",
-    ]
-    resources = [aws_sqs_queue.aws_node_termination_handler_queue.arn]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf b/modules/kubernetes-addons/aws-node-termination-handler/locals.tf
deleted file mode 100644
index 8e192811dc..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf
+++ /dev/null
@@ -1,88 +0,0 @@
-locals {
-  namespace       = "kube-system"
-  name            = "aws-node-termination-handler"
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://aws.github.io/eks-charts"
-    version     = "0.21.0"
-    namespace   = local.namespace
-    description = "AWS Node Termination Handler Helm Chart"
-    values      = local.default_helm_values
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    autoscaling_group_names = var.autoscaling_group_names
-  })]
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    },
-    { name  = "queueURL"
-      value = aws_sqs_queue.aws_node_termination_handler_queue.url
-    }
-  ]
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-    queueURL           = aws_sqs_queue.aws_node_termination_handler_queue.url
-  }
-
-  irsa_config = {
-    kubernetes_namespace                = local.namespace
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = false
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_node_termination_handler_irsa.arn], var.irsa_policies)
-  }
-
-  event_rules = flatten([
-    length(var.autoscaling_group_names) > 0 ?
-    [{
-      name          = substr("NTHASGTermRule-${var.addon_context.eks_cluster_id}", 0, 63),
-      event_pattern = <<EOF
-{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]}
-EOF
-    }] : [],
-    {
-      name          = substr("NTHSpotTermRule-${var.addon_context.eks_cluster_id}", 0, 63),
-      event_pattern = <<EOF
-{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]}
-EOF
-    },
-    {
-      name          = substr("NTHRebalanceRule-${var.addon_context.eks_cluster_id}", 0, 63),
-      event_pattern = <<EOF
-{"source": ["aws.ec2"],"detail-type": ["EC2 Instance Rebalance Recommendation"]}
-EOF
-    },
-    {
-      name          = substr("NTHInstanceStateChangeRule-${var.addon_context.eks_cluster_id}", 0, 63),
-      event_pattern = <<EOF
-{"source": ["aws.ec2"],"detail-type": ["EC2 Instance State-change Notification"]}
-EOF
-    },
-    {
-      name          = substr("NTHScheduledChangeRule-${var.addon_context.eks_cluster_id}", 0, 63),
-      event_pattern = <<EOF
-{"source": ["aws.health"],"detail-type": ["AWS Health Event"]}
-EOF
-    }
-  ])
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/main.tf b/modules/kubernetes-addons/aws-node-termination-handler/main.tf
deleted file mode 100644
index 3dbe2afed9..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/main.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-  set_values        = local.set_values
-}
-
-resource "aws_autoscaling_lifecycle_hook" "aws_node_termination_handler_hook" {
-  count = length(var.autoscaling_group_names)
-
-  name                   = "aws_node_termination_handler_hook"
-  autoscaling_group_name = var.autoscaling_group_names[count.index]
-  default_result         = "CONTINUE"
-  heartbeat_timeout      = 300
-  lifecycle_transition   = "autoscaling:EC2_INSTANCE_TERMINATING"
-}
-
-resource "aws_autoscaling_group_tag" "aws_node_termination_handler_tag" {
-  count = length(var.autoscaling_group_names)
-
-  autoscaling_group_name = var.autoscaling_group_names[count.index]
-
-  tag {
-    key   = "aws-node-termination-handler/managed"
-    value = "true"
-
-    propagate_at_launch = true
-  }
-}
-
-#tfsec:ignore:aws-sqs-enable-queue-encryption
-resource "aws_sqs_queue" "aws_node_termination_handler_queue" {
-  name_prefix               = "aws_node_termination_handler"
-  message_retention_seconds = "300"
-  sqs_managed_sse_enabled   = true
-  tags                      = var.addon_context.tags
-}
-
-resource "aws_sqs_queue_policy" "aws_node_termination_handler_queue_policy" {
-  queue_url = aws_sqs_queue.aws_node_termination_handler_queue.id
-  policy    = data.aws_iam_policy_document.aws_node_termination_handler_queue_policy_document.json
-}
-
-resource "aws_cloudwatch_event_rule" "aws_node_termination_handler_rule" {
-  count = length(local.event_rules)
-
-  name          = local.event_rules[count.index].name
-  event_pattern = local.event_rules[count.index].event_pattern
-}
-
-resource "aws_cloudwatch_event_target" "aws_node_termination_handler_rule_target" {
-  count = length(aws_cloudwatch_event_rule.aws_node_termination_handler_rule)
-
-  rule = aws_cloudwatch_event_rule.aws_node_termination_handler_rule[count.index].id
-  arn  = aws_sqs_queue.aws_node_termination_handler_queue.arn
-}
-
-resource "aws_iam_policy" "aws_node_termination_handler_irsa" {
-  description = "IAM role policy for AWS Node Termination Handler"
-  name        = "${var.addon_context.eks_cluster_id}-aws-nth-irsa"
-  policy      = data.aws_iam_policy_document.irsa_policy.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/outputs.tf b/modules/kubernetes-addons/aws-node-termination-handler/outputs.tf
deleted file mode 100644
index ff1721e63e..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
-
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/values.yaml b/modules/kubernetes-addons/aws-node-termination-handler/values.yaml
deleted file mode 100644
index eae546e6ef..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/values.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-enableSqsTerminationDraining: true
-enablePrometheusServer: true
-%{ if length(autoscaling_group_names) == 0 ~}
-checkASGTagBeforeDraining: false
-%{ endif ~}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/variables.tf b/modules/kubernetes-addons/aws-node-termination-handler/variables.tf
deleted file mode 100644
index b13129f927..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-variable "helm_config" {
-  description = "AWS Node Termination Handler Helm Chart Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "autoscaling_group_names" {
-  description = "EKS Node Group ASG names"
-  type        = list(string)
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
diff --git a/modules/kubernetes-addons/aws-node-termination-handler/versions.tf b/modules/kubernetes-addons/aws-node-termination-handler/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-node-termination-handler/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/README.md b/modules/kubernetes-addons/aws-privateca-issuer/README.md
deleted file mode 100644
index 03ae3e9c65..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/README.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# AWS PCA issuer Helm Chart
-
-## Introduction
-
-AWS ACM Private CA is a module of the [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/) that can setup and manage private CAs. `cert-manager` is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry. The current module `aws-privateca-issuer` is a addon for `cert-manager` that issues certificates using AWS ACM PCA.
-
-## Helm Chart
-
-See the [aws-pca-issuer documentation](https://cert-manager.github.io/aws-privateca-issuer/).
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.aws_privateca_issuer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.aws_privateca_issuer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_aws_privateca_acmca_arn"></a> [aws\_privateca\_acmca\_arn](#input\_aws\_privateca\_acmca\_arn) | ARN of AWS ACM PCA | `string` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | AWS PCA Issuer Helm Config | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/data.tf b/modules/kubernetes-addons/aws-privateca-issuer/data.tf
deleted file mode 100644
index f6845d5867..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/data.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-data "aws_iam_policy_document" "aws_privateca_issuer" {
-  statement {
-    effect    = "Allow"
-    resources = [var.aws_privateca_acmca_arn]
-    actions = [
-      "acm-pca:DescribeCertificateAuthority",
-      "acm-pca:GetCertificate",
-      "acm-pca:IssueCertificate",
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf b/modules/kubernetes-addons/aws-privateca-issuer/locals.tf
deleted file mode 100644
index bf739015a9..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-locals {
-  name            = "aws-privateca-issuer"
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://cert-manager.github.io/aws-privateca-issuer"
-    version     = "1.2.2"
-    namespace   = local.name
-    description = "AWS PCA Issuer helm Chart deployment configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.create"
-      value = "false"
-    },
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    kubernetes_namespace                = local.helm_config["namespace"]
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = local.service_account
-    irsa_iam_policies                   = concat([aws_iam_policy.aws_privateca_issuer.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/main.tf b/modules/kubernetes-addons/aws-privateca-issuer/main.tf
deleted file mode 100644
index f3ae562cea..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/main.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "aws_privateca_issuer" {
-  description = "AWS PCA issuer IAM policy"
-  name        = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa"
-  policy      = data.aws_iam_policy_document.aws_privateca_issuer.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/outputs.tf b/modules/kubernetes-addons/aws-privateca-issuer/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/variables.tf b/modules/kubernetes-addons/aws-privateca-issuer/variables.tf
deleted file mode 100644
index 80ffb9d6cc..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-variable "helm_config" {
-  description = "AWS PCA Issuer Helm Config"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "aws_privateca_acmca_arn" {
-  description = "ARN of AWS ACM PCA"
-  type        = string
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
diff --git a/modules/kubernetes-addons/aws-privateca-issuer/versions.tf b/modules/kubernetes-addons/aws-privateca-issuer/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/aws-privateca-issuer/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/aws-vpc-cni/README.md b/modules/kubernetes-addons/aws-vpc-cni/README.md
deleted file mode 100644
index 856f0dab63..0000000000
--- a/modules/kubernetes-addons/aws-vpc-cni/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# vpc-cni
-
-[vpc-cni](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html)
-The Amazon VPC CNI plugin for Kubernetes is the networking plugin for pod networking in Amazon EKS clusters. The plugin is responsible for allocating VPC IP addresses to Kubernetes nodes and configuring the necessary networking for pods on each node.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_irsa_addon"></a> [irsa\_addon](#module\_irsa\_addon) | ../../../modules/irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_addon.vpc_cni](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
-| [aws_iam_policy.cni_ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
-| [aws_iam_policy_document.ipv6_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed Add-on | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_enable_ipv6"></a> [enable\_ipv6](#input\_enable\_ipv6) | Enable IPV6 CNI policy | `any` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/aws-vpc-cni/main.tf b/modules/kubernetes-addons/aws-vpc-cni/main.tf
deleted file mode 100644
index 87845ec773..0000000000
--- a/modules/kubernetes-addons/aws-vpc-cni/main.tf
+++ /dev/null
@@ -1,82 +0,0 @@
-locals {
-  name = "vpc-cni"
-
-  create_irsa     = try(var.addon_config.service_account_role_arn == "", true)
-  cni_ipv6_policy = var.enable_ipv6 ? [aws_iam_policy.cni_ipv6_policy[0].arn] : []
-}
-
-data "aws_eks_addon_version" "this" {
-  addon_name         = local.name
-  kubernetes_version = var.addon_config.kubernetes_version
-  most_recent        = try(var.addon_config.most_recent, false)
-}
-
-resource "aws_eks_addon" "vpc_cni" {
-  cluster_name             = var.addon_context.eks_cluster_id
-  addon_name               = local.name
-  addon_version            = try(var.addon_config.addon_version, data.aws_eks_addon_version.this.version)
-  resolve_conflicts        = try(var.addon_config.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = local.create_irsa ? module.irsa_addon[0].irsa_iam_role_arn : try(var.addon_config.service_account_role_arn, null)
-  preserve                 = try(var.addon_config.preserve, true)
-  configuration_values     = try(var.addon_config.configuration_values, null)
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
-
-module "irsa_addon" {
-  source = "../../../modules/irsa"
-
-  count = local.create_irsa ? 1 : 0
-
-  create_kubernetes_namespace       = false
-  create_kubernetes_service_account = false
-  kubernetes_namespace              = "kube-system"
-  kubernetes_service_account        = "aws-node"
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                    = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
-  irsa_iam_policies = concat(
-    ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AmazonEKS_CNI_Policy"],
-    local.cni_ipv6_policy,
-    try(var.addon_config.additional_iam_policies, [])
-  )
-}
-
-resource "aws_iam_policy" "cni_ipv6_policy" {
-  count = local.create_irsa && var.enable_ipv6 ? 1 : 0
-
-  name        = "${var.addon_context.eks_cluster_id}-AmazonEKS_CNI_IPv6_Policy"
-  description = "IAM policy for EKS CNI to assign IPV6 addresses"
-  path        = try(var.addon_context.irsa_iam_role_path, null)
-  policy      = data.aws_iam_policy_document.ipv6_policy[0].json
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {})
-  )
-}
-
-data "aws_iam_policy_document" "ipv6_policy" {
-  count = var.enable_ipv6 ? 1 : 0
-  statement {
-    sid = "IpV6"
-    actions = [
-      "ec2:AssignIpv6Addresses",
-      "ec2:DescribeInstances",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DescribeTags",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid       = "CreateTags"
-    actions   = ["ec2:CreateTags"]
-    resources = ["arn:${var.addon_context.aws_partition_id}:ec2:*:*:network-interface/*"]
-  }
-}
diff --git a/modules/kubernetes-addons/aws-vpc-cni/outputs.tf b/modules/kubernetes-addons/aws-vpc-cni/outputs.tf
deleted file mode 100644
index 81f6f5eee7..0000000000
--- a/modules/kubernetes-addons/aws-vpc-cni/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.irsa_addon[0].irsa_iam_role_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.irsa_addon[0].irsa_iam_role_name, null)
-}
diff --git a/modules/kubernetes-addons/aws-vpc-cni/variables.tf b/modules/kubernetes-addons/aws-vpc-cni/variables.tf
deleted file mode 100644
index 454c342600..0000000000
--- a/modules/kubernetes-addons/aws-vpc-cni/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "addon_config" {
-  description = "Amazon EKS Managed Add-on"
-  type        = any
-  default     = {}
-}
-
-variable "enable_ipv6" {
-  description = "Enable IPV6 CNI policy"
-  type        = any
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/aws-vpc-cni/versions.tf b/modules/kubernetes-addons/aws-vpc-cni/versions.tf
deleted file mode 100644
index 6ea9ef581c..0000000000
--- a/modules/kubernetes-addons/aws-vpc-cni/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/calico/README.md b/modules/kubernetes-addons/calico/README.md
deleted file mode 100644
index 39969fdb32..0000000000
--- a/modules/kubernetes-addons/calico/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Calico Helm Chart
-Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads.
-
-For more details checkout [calico](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm#download-the-helm-chart) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for calico | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/calico/main.tf b/modules/kubernetes-addons/calico/main.tf
deleted file mode 100644
index bb778791c7..0000000000
--- a/modules/kubernetes-addons/calico/main.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/projectcalico/calico/blob/master/charts/tigera-operator/Chart.yaml
-  helm_config = merge(
-    {
-      name       = "calico"
-      chart      = "tigera-operator"
-      repository = "https://docs.projectcalico.org/charts"
-      version    = "v3.24.3"
-      namespace  = "tigera-operator"
-      values = [
-        <<-EOT
-          installation:
-            kubernetesProvider: "EKS"
-        EOT
-      ]
-      create_namespace = true
-      description      = "calico helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/calico/outputs.tf b/modules/kubernetes-addons/calico/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/calico/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/calico/variables.tf b/modules/kubernetes-addons/calico/variables.tf
deleted file mode 100644
index 8d1e68e196..0000000000
--- a/modules/kubernetes-addons/calico/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for calico"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/calico/versions.tf b/modules/kubernetes-addons/calico/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/calico/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/README.md b/modules/kubernetes-addons/cert-manager-csi-driver/README.md
deleted file mode 100644
index 3ad742bd46..0000000000
--- a/modules/kubernetes-addons/cert-manager-csi-driver/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Cert-Manager CSI Driver. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/main.tf b/modules/kubernetes-addons/cert-manager-csi-driver/main.tf
deleted file mode 100644
index 027b5238cb..0000000000
--- a/modules/kubernetes-addons/cert-manager-csi-driver/main.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/cert-manager/csi-driver/blob/main/deploy/charts/csi-driver/Chart.yaml
-  helm_config = merge(
-    {
-      name        = "cert-manager-csi-driver"
-      chart       = "cert-manager-csi-driver"
-      repository  = "https://charts.jetstack.io"
-      version     = "v0.4.2"
-      namespace   = "cert-manager"
-      description = "Cert Manager CSI Driver Add-on"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/outputs.tf b/modules/kubernetes-addons/cert-manager-csi-driver/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/cert-manager-csi-driver/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/variables.tf b/modules/kubernetes-addons/cert-manager-csi-driver/variables.tf
deleted file mode 100644
index 7e5bd63ead..0000000000
--- a/modules/kubernetes-addons/cert-manager-csi-driver/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Cert-Manager CSI Driver."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/versions.tf b/modules/kubernetes-addons/cert-manager-csi-driver/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/cert-manager-csi-driver/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/cert-manager-istio-csr/README.md b/modules/kubernetes-addons/cert-manager-istio-csr/README.md
deleted file mode 100644
index 3643ab0a36..0000000000
--- a/modules/kubernetes-addons/cert-manager-istio-csr/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Cert-manager-istio-csr Helm Chart
-
-istio-csr enables the use of cert-manager for issuing certificates in Istio service meshes
-
-For more details checkout [cert-manager-istio-csr](https://github.com/cert-manager/istio-csr) on GitHub
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for istio-csr. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cert-manager-istio-csr/main.tf b/modules/kubernetes-addons/cert-manager-istio-csr/main.tf
deleted file mode 100644
index 839ec59f05..0000000000
--- a/modules/kubernetes-addons/cert-manager-istio-csr/main.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-  helm_config = merge(
-    {
-      name             = "cert-manager-istio-csr"
-      chart            = "cert-manager-istio-csr"
-      repository       = "https://charts.jetstack.io"
-      version          = "v0.5.0"
-      namespace        = "cert-manager"
-      create_namespace = false
-      description      = "Cert-manager-istio-csr Helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf b/modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/cert-manager-istio-csr/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cert-manager-istio-csr/variables.tf b/modules/kubernetes-addons/cert-manager-istio-csr/variables.tf
deleted file mode 100644
index 522fb21a45..0000000000
--- a/modules/kubernetes-addons/cert-manager-istio-csr/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for istio-csr."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/cert-manager-istio-csr/versions.tf b/modules/kubernetes-addons/cert-manager-istio-csr/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/cert-manager-istio-csr/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/cert-manager/README.md b/modules/kubernetes-addons/cert-manager/README.md
deleted file mode 100644
index f30d03c478..0000000000
--- a/modules/kubernetes-addons/cert-manager/README.md
+++ /dev/null
@@ -1,74 +0,0 @@
-# Cert Manager Deployment Guide
-
-## Introduction
-
-Cert Manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
-
-## Helm Chart
-
-### Instructions to use the Helm Chart
-
-See the [cert-manager documentation](https://cert-manager.io/docs/installation/helm/).
-
-# Docker Image for Cert Manager
-
-cert-manager docker image is available at this repo:
-
-<https://quay.io/repository/jetstack/cert-manager-controller?tag=latest&tab=tags>
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.10 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.4.1 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [helm_release.cert_manager_ca](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.cert_manager_letsencrypt](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [aws_iam_policy_document.cert_manager_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_route53_zone.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | Domain names of the Route53 hosted zone to use with cert-manager. | `list(string)` | `[]` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | cert-manager Helm chart configuration | `any` | `{}` | no |
-| <a name="input_install_letsencrypt_issuers"></a> [install\_letsencrypt\_issuers](#input\_install\_letsencrypt\_issuers) | Install Let's Encrypt Cluster Issuers. | `bool` | `true` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies used for the add-on service account. | `list(string)` | `[]` | no |
-| <a name="input_kubernetes_svc_image_pull_secrets"></a> [kubernetes\_svc\_image\_pull\_secrets](#input\_kubernetes\_svc\_image\_pull\_secrets) | list(string) of kubernetes imagePullSecrets | `list(string)` | `[]` | no |
-| <a name="input_letsencrypt_email"></a> [letsencrypt\_email](#input\_letsencrypt\_email) | Email address for expiration emails from Let's Encrypt. | `string` | `""` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_eks_cluster_id"></a> [eks\_cluster\_id](#output\_eks\_cluster\_id) | Current AWS EKS Cluster ID |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-ca/Chart.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-ca/Chart.yaml
deleted file mode 100644
index 364b25e5ac..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-ca/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: cert-manager-ca
-description: A Helm chart to install a Cert Manager CA
-type: application
-version: 0.2.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/certificate.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/certificate.yaml
deleted file mode 100644
index 25c1240eac..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/certificate.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{- range .Values.clusterIssuers }}
-{{- if eq .type "CA" }}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ .name }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  isCA: true
-  commonName: {{ .name }}
-  secretName: {{ .secretName }}
-  {{- with .privateKey }}
-  privateKey:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with .issuer }}
-  issuerRef:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
-{{- end }}
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/clusterissuers.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/clusterissuers.yaml
deleted file mode 100644
index 86040a2646..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-ca/templates/clusterissuers.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- range .Values.clusterIssuers }}
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: {{ .name }}
-spec:
-  {{- if eq .type "selfSigned" }}
-  selfSigned: {}
-  {{- else if eq .type "CA" }}
-  ca:
-    secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-ca/values.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-ca/values.yaml
deleted file mode 100644
index 02e952b429..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-ca/values.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-clusterIssuers:
-  - name: cert-manager-selfsigned
-    type: selfSigned
-  - name: cert-manager-ca
-    type: CA
-    secretName: cert-manager-ca-root
-    privateKey:
-      algorithm: ECDSA
-      size: 256
-    issuer:
-      name: cert-manager-selfsigned
-      kind: ClusterIssuer
-      group: cert-manager.io
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/Chart.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/Chart.yaml
deleted file mode 100644
index 1ba9f1bfe0..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/Chart.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: cert-manager-letsencrypt
-description: Cert Manager Cluster Issuers for Let's Encrypt certificates with DNS01 protocol
-type: application
-version: 0.1.0
-appVersion: v0.1.0
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-production.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-production.yaml
deleted file mode 100644
index b0c93cb395..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-production.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: {{ .Release.Name }}-production-route53
-  labels:
-    ca: letsencrypt
-    environment: production
-    solver: dns01
-    provider: route53
-spec:
-  acme:
-    {{- if .Values.email }}
-    email: {{ .Values.email }}
-    {{- end }}
-    server: https://acme-v02.api.letsencrypt.org/directory
-    preferredChain: ISRG Root X1
-    privateKeySecretRef:
-      name: {{ .Release.Name }}-production-route53
-    solvers:
-      - dns01:
-          route53:
-            region: {{ .Values.region | default "global" }}
-        {{- if .Values.dnsZones }}
-        selector:
-          dnsZones:
-            {{- .Values.dnsZones | toYaml | nindent 12 }}
-        {{- end }}
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-staging.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-staging.yaml
deleted file mode 100644
index 765ae0d205..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/templates/clusterissuer-staging.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: {{ .Release.Name }}-staging-route53
-  labels:
-    ca: letsencrypt
-    environment: staging
-    solver: dns01
-    provider: route53
-spec:
-  acme:
-    {{- if .Values.email }}
-    email: {{ .Values.email }}
-    {{- end }}
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    preferredChain: ISRG Root X1
-    privateKeySecretRef:
-      name: {{ .Release.Name }}-staging-route53
-    solvers:
-      - dns01:
-          route53:
-            region: {{ .Values.region | default "global" }}
-        {{- if .Values.dnsZones }}
-        selector:
-          dnsZones:
-            {{- .Values.dnsZones | toYaml | nindent 12 }}
-        {{- end }}
diff --git a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/values.yaml b/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/values.yaml
deleted file mode 100644
index 49c7071cd1..0000000000
--- a/modules/kubernetes-addons/cert-manager/cert-manager-letsencrypt/values.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-# email: user@example.com
-
-# region: global
-
-# dnsZones:
-# - domain.name
diff --git a/modules/kubernetes-addons/cert-manager/data.tf b/modules/kubernetes-addons/cert-manager/data.tf
deleted file mode 100644
index 1f9304a8a0..0000000000
--- a/modules/kubernetes-addons/cert-manager/data.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-data "aws_route53_zone" "selected" {
-  for_each = toset(var.domain_names)
-
-  name = each.key
-}
-
-data "aws_iam_policy_document" "cert_manager_iam_policy_document" {
-  statement {
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:route53:::change/*"]
-    actions   = ["route53:GetChange"]
-  }
-
-  dynamic "statement" {
-    for_each = { for k, v in toset(var.domain_names) : k => data.aws_route53_zone.selected[k].arn }
-
-    content {
-      effect    = "Allow"
-      resources = [statement.value]
-      actions = [
-        "route53:ChangeresourceRecordSets",
-        "route53:ListresourceRecordSets"
-      ]
-    }
-  }
-
-  statement {
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["route53:ListHostedZonesByName"]
-  }
-}
diff --git a/modules/kubernetes-addons/cert-manager/locals.tf b/modules/kubernetes-addons/cert-manager/locals.tf
deleted file mode 100644
index 52e2d76e89..0000000000
--- a/modules/kubernetes-addons/cert-manager/locals.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-locals {
-  name            = "cert-manager"
-  service_account = "cert-manager" # AWS PrivateCA is expecting the service account name as `cert-manager`
-
-  # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/Chart.template.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://charts.jetstack.io"
-    version     = "v1.10.0"
-    namespace   = local.name
-    description = "Cert Manager Add-on"
-    values      = local.default_helm_values
-  }
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {})]
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  set_values = concat(
-    [
-      {
-        name  = "serviceAccount.name"
-        value = local.service_account
-      },
-      {
-        name  = "serviceAccount.create"
-        value = false
-      }
-    ],
-    try(var.helm_config.set_values, [])
-  )
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    kubernetes_svc_image_pull_secrets   = var.kubernetes_svc_image_pull_secrets
-    irsa_iam_policies                   = concat([aws_iam_policy.cert_manager.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/cert-manager/main.tf b/modules/kubernetes-addons/cert-manager/main.tf
deleted file mode 100644
index 573030c795..0000000000
--- a/modules/kubernetes-addons/cert-manager/main.tf
+++ /dev/null
@@ -1,48 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "helm_release" "cert_manager_ca" {
-  count     = var.manage_via_gitops ? 0 : 1
-  name      = "cert-manager-ca"
-  chart     = "${path.module}/cert-manager-ca"
-  version   = "0.2.0"
-  namespace = local.helm_config["namespace"]
-
-  depends_on = [module.helm_addon]
-}
-
-resource "helm_release" "cert_manager_letsencrypt" {
-  count     = var.manage_via_gitops || !var.install_letsencrypt_issuers ? 0 : 1
-  name      = "cert-manager-letsencrypt"
-  chart     = "${path.module}/cert-manager-letsencrypt"
-  version   = "0.1.0"
-  namespace = local.helm_config["namespace"]
-
-  set {
-    name  = "email"
-    value = var.letsencrypt_email
-    type  = "string"
-  }
-
-  set {
-    name  = "dnsZones"
-    value = "{${join(",", toset(var.domain_names))}}"
-    type  = "string"
-  }
-
-  depends_on = [module.helm_addon]
-}
-
-resource "aws_iam_policy" "cert_manager" {
-  description = "cert-manager IAM policy."
-  name        = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa"
-  path        = var.addon_context.irsa_iam_role_path
-  policy      = data.aws_iam_policy_document.cert_manager_iam_policy_document.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/cert-manager/outputs.tf b/modules/kubernetes-addons/cert-manager/outputs.tf
deleted file mode 100644
index 3762fcb3a0..0000000000
--- a/modules/kubernetes-addons/cert-manager/outputs.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "eks_cluster_id" {
-  description = "Current AWS EKS Cluster ID"
-  value       = var.addon_context.eks_cluster_id
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cert-manager/values.yaml b/modules/kubernetes-addons/cert-manager/values.yaml
deleted file mode 100644
index 5e4bd84dd3..0000000000
--- a/modules/kubernetes-addons/cert-manager/values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-extraArgs:
-  - --enable-certificate-owner-ref=true
-
-installCRDs: true
diff --git a/modules/kubernetes-addons/cert-manager/variables.tf b/modules/kubernetes-addons/cert-manager/variables.tf
deleted file mode 100644
index 4f5c467489..0000000000
--- a/modules/kubernetes-addons/cert-manager/variables.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-variable "helm_config" {
-  description = "cert-manager Helm chart configuration"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies used for the add-on service account."
-  type        = list(string)
-  default     = []
-}
-
-variable "domain_names" {
-  description = "Domain names of the Route53 hosted zone to use with cert-manager."
-  type        = list(string)
-  default     = []
-}
-
-variable "install_letsencrypt_issuers" {
-  description = "Install Let's Encrypt Cluster Issuers."
-  type        = bool
-  default     = true
-}
-
-variable "letsencrypt_email" {
-  description = "Email address for expiration emails from Let's Encrypt."
-  type        = string
-  default     = ""
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "kubernetes_svc_image_pull_secrets" {
-  description = "list(string) of kubernetes imagePullSecrets"
-  type        = list(string)
-  default     = []
-}
diff --git a/modules/kubernetes-addons/cert-manager/versions.tf b/modules/kubernetes-addons/cert-manager/versions.tf
deleted file mode 100644
index aca51a05f9..0000000000
--- a/modules/kubernetes-addons/cert-manager/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.10"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/chaos-mesh/README.md b/modules/kubernetes-addons/chaos-mesh/README.md
deleted file mode 100644
index dad21a1360..0000000000
--- a/modules/kubernetes-addons/chaos-mesh/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Chaos Mesh Helm Chart
-Chaos Mesh is a  powerful Chaos Engineering Platform for Kubernetes
-
-For more details checkout [Chaos Mesh](https://chaos-mesh.org/docs/production-installation-using-helm/) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for calico | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/chaos-mesh/main.tf b/modules/kubernetes-addons/chaos-mesh/main.tf
deleted file mode 100644
index 54aeb46cdf..0000000000
--- a/modules/kubernetes-addons/chaos-mesh/main.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/chaos-mesh/chaos-mesh/blob/master/helm/chaos-mesh/Chart.yaml
-  helm_config = merge(
-    {
-      name             = "chaos-mesh"
-      chart            = "chaos-mesh"
-      repository       = "https://charts.chaos-mesh.org"
-      version          = "2.4.1"
-      namespace        = "chaos-testing"
-      create_namespace = true
-      description      = "chaos mesh helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/chaos-mesh/outputs.tf b/modules/kubernetes-addons/chaos-mesh/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/chaos-mesh/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/chaos-mesh/variables.tf b/modules/kubernetes-addons/chaos-mesh/variables.tf
deleted file mode 100644
index 300b0751c7..0000000000
--- a/modules/kubernetes-addons/chaos-mesh/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for calico"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/chaos-mesh/versions.tf b/modules/kubernetes-addons/chaos-mesh/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/chaos-mesh/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/cilium/README.md b/modules/kubernetes-addons/cilium/README.md
deleted file mode 100644
index 218c81c8a7..0000000000
--- a/modules/kubernetes-addons/cilium/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Cilium Helm Chart
-Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
-
-For more details checkout [cilium](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-helm/) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_enable_wireguard"></a> [enable\_wireguard](#input\_enable\_wireguard) | Enable wireguard encryption | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for cilium | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cilium/main.tf b/modules/kubernetes-addons/cilium/main.tf
deleted file mode 100644
index f081ce8591..0000000000
--- a/modules/kubernetes-addons/cilium/main.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/cilium/cilium/blob/f5c39586866486ab3532f2a3947e50cf7350763d/install/kubernetes/cilium/Chart.yaml
-  helm_config = merge(
-    {
-      name       = "cilium"
-      chart      = "cilium"
-      repository = "https://helm.cilium.io/"
-      version    = "1.12.3"
-      namespace  = "kube-system"
-      values = [
-        <<-EOT
-          cni:
-            chainingMode: aws-cni
-          enableIPv4Masquerade: false
-          tunnel: disabled
-          endpointRoutes:
-            enabled: true
-          %{if var.enable_wireguard}
-          l7Proxy: false
-          encryption:
-            enabled: true
-            type: wireguard
-          %{endif}
-        EOT
-      ]
-      description = "eBPF-based Networking, Security, and Observability"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/cilium/outputs.tf b/modules/kubernetes-addons/cilium/outputs.tf
deleted file mode 100644
index ef6298971f..0000000000
--- a/modules/kubernetes-addons/cilium/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cilium/variables.tf b/modules/kubernetes-addons/cilium/variables.tf
deleted file mode 100644
index e2b2915311..0000000000
--- a/modules/kubernetes-addons/cilium/variables.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for cilium"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
-
-variable "enable_wireguard" {
-  description = "Enable wireguard encryption"
-  type        = bool
-  default     = false
-}
diff --git a/modules/kubernetes-addons/cilium/versions.tf b/modules/kubernetes-addons/cilium/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/cilium/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/cluster-autoscaler/README.md b/modules/kubernetes-addons/cluster-autoscaler/README.md
deleted file mode 100644
index 2f869c4d19..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/README.md
+++ /dev/null
@@ -1,47 +0,0 @@
-# Cluster Autoscaler Helm Chart
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_eks_cluster_version"></a> [eks\_cluster\_version](#input\_eks\_cluster\_version) | The Kubernetes version for the cluster - used to match appropriate version for image used | `string` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Cluster Autoscaler Helm Config | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cluster-autoscaler/data.tf b/modules/kubernetes-addons/cluster-autoscaler/data.tf
deleted file mode 100644
index a207d2e3a7..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/data.tf
+++ /dev/null
@@ -1,65 +0,0 @@
-data "aws_iam_policy_document" "cluster_autoscaler" {
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "autoscaling:DescribeAutoScalingGroups",
-      "autoscaling:DescribeAutoScalingInstances",
-      "autoscaling:DescribeLaunchConfigurations",
-      "autoscaling:DescribeTags",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeLaunchTemplateVersions"
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeInstanceTypes",
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/${var.addon_context.eks_cluster_id}"
-      values   = ["owned"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:autoscaling:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:autoScalingGroup:*"]
-
-    actions = [
-      "autoscaling:SetDesiredCapacity",
-      "autoscaling:TerminateInstanceInAutoScalingGroup",
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/${var.addon_context.eks_cluster_id}"
-      values   = ["owned"]
-    }
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:eks:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:nodegroup/${var.addon_context.eks_cluster_id}/*"]
-
-    actions = [
-      "eks:DescribeNodegroup",
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/${var.addon_context.eks_cluster_id}"
-      values   = ["owned"]
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/cluster-autoscaler/main.tf b/modules/kubernetes-addons/cluster-autoscaler/main.tf
deleted file mode 100644
index 806a3318c8..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/main.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-locals {
-  name            = try(var.helm_config.name, "cluster-autoscaler")
-  namespace       = try(var.helm_config.namespace, "kube-system")
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-
-  # https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/Chart.yaml
-  helm_config = merge({
-    name        = local.name
-    chart       = local.name
-    version     = "9.21.0"
-    repository  = "https://kubernetes.github.io/autoscaler"
-    namespace   = local.namespace
-    description = "Cluster AutoScaler helm Chart deployment configuration."
-    values = [templatefile("${path.module}/values.yaml", {
-      aws_region     = var.addon_context.aws_region_name
-      eks_cluster_id = var.addon_context.eks_cluster_id
-      image_tag      = "v${var.eks_cluster_version}.0"
-    })]
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "rbac.serviceAccount.create"
-      value = "false"
-    },
-    {
-      name  = "rbac.serviceAccount.name"
-      value = local.service_account
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config.create_namespace, false)
-    kubernetes_namespace                = local.namespace
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = local.service_account
-    irsa_iam_policies                   = [aws_iam_policy.cluster_autoscaler.arn]
-  }
-
-  addon_context = var.addon_context
-}
-
-resource "aws_iam_policy" "cluster_autoscaler" {
-  name        = "${var.addon_context.eks_cluster_id}-${local.name}-irsa"
-  description = "Cluster Autoscaler IAM policy"
-  policy      = data.aws_iam_policy_document.cluster_autoscaler.json
-
-  tags = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/cluster-autoscaler/outputs.tf b/modules/kubernetes-addons/cluster-autoscaler/outputs.tf
deleted file mode 100644
index 9a0dad336e..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/outputs.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value = var.manage_via_gitops ? {
-    enable             = true
-    serviceAccountName = local.service_account
-  } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cluster-autoscaler/values.yaml b/modules/kubernetes-addons/cluster-autoscaler/values.yaml
deleted file mode 100644
index 66c01651f3..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-awsRegion: ${aws_region}
-
-autoDiscovery:
-  clusterName: ${eks_cluster_id}
-extraArgs:
-  aws-use-static-instance-list: true
-
-image:
-  tag: ${image_tag}
-
-resources:
-  limits:
-    cpu: 200m
-    memory: 512Mi
-  requests:
-    cpu: 200m
-    memory: 512Mi
diff --git a/modules/kubernetes-addons/cluster-autoscaler/variables.tf b/modules/kubernetes-addons/cluster-autoscaler/variables.tf
deleted file mode 100644
index c5b21c03d1..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/variables.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-variable "eks_cluster_version" {
-  description = "The Kubernetes version for the cluster - used to match appropriate version for image used"
-  type        = string
-}
-
-variable "helm_config" {
-  description = "Cluster Autoscaler Helm Config"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/cluster-autoscaler/versions.tf b/modules/kubernetes-addons/cluster-autoscaler/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/cluster-autoscaler/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md b/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
deleted file mode 100644
index 995c2e8ea6..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Horizontal cluster-proportional-autoscaler
-
-Horizontal cluster-proportional-autoscaler watches over the number of schedulable nodes and cores of the cluster and resizes the number of replicas for the required resource. This functionality may be desirable for applications that need to be autoscaled with the size of the cluster, such as DNS and other services that scale with the number of nodes/pods in the cluster.
-
-For more details checkout [cluster-proportional-autoscaler](https://github.com/kubernetes-sigs/cluster-proportional-autoscaler) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Karpenter | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
deleted file mode 100644
index 1b69f9950d..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/kubernetes-sigs/cluster-proportional-autoscaler/blob/master/charts/cluster-proportional-autoscaler/Chart.yaml
-  helm_config = merge(
-    {
-      name       = "cluster-proportional-autoscaler"
-      chart      = "cluster-proportional-autoscaler"
-      repository = "https://kubernetes-sigs.github.io/cluster-proportional-autoscaler"
-      version    = "1.0.1"
-      namespace  = "kube-system"
-      values = [templatefile("${path.module}/values.yaml", {
-        operating_system = "linux"
-      })]
-      description = "Cluster Proportional Autoscaler Helm Chart"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml b/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
deleted file mode 100644
index 2767ef4cc0..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/values.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Formula for controlling the replicas. Adjust according to your needs
-#  replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
-#  replicas = min(replicas, max)
-#  replicas = max(replicas, min)
-config:
-  linear:
-    coresPerReplica: 256
-    nodesPerReplica: 16
-    min: 1
-    max: 100
-    preventSinglePointFailure: true
-    includeUnschedulableNodes: true
-
-# Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).
-# The following option should be defined in user defined values.yaml using var.helm_config
-
-#options:
-#  target:
-
-podSecurityContext:
-  seccompProfile:
-    type: RuntimeDefault
-  supplementalGroups: [ 65534 ]
-  fsGroup: 65534
-
-nodeSelector:
-  kubernetes.io/os: ${operating_system}
-
-resources:
-   limits:
-     cpu: 100m
-     memory: 128Mi
-   requests:
-     cpu: 100m
-     memory: 128Mi
-
-tolerations:
-  - key: "CriticalAddonsOnly"
-    operator: "Exists"
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/variables.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/variables.tf
deleted file mode 100644
index a1bc35edd0..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the Karpenter"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/cluster-proportional-autoscaler/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/consul/README.md b/modules/kubernetes-addons/consul/README.md
deleted file mode 100644
index 465654c57e..0000000000
--- a/modules/kubernetes-addons/consul/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Consul
-Deploying  Consul on EKS cluster
-For more details checkout [Consul](https://developer.hashicorp.com/consul/tutorials/get-started-kubernetes/kubernetes-gs-deploy) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for consul. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/consul/locals.tf b/modules/kubernetes-addons/consul/locals.tf
deleted file mode 100644
index 8363e49240..0000000000
--- a/modules/kubernetes-addons/consul/locals.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-locals {
-  name = "consul"
-
-  default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://helm.releases.hashicorp.com"
-    version          = "1.0.1"
-    namespace        = local.name
-    create_namespace = true
-    description      = "Consul helm Chart deployment configuration"
-    values           = [templatefile("${path.module}/values.yaml", {})]
-  }
-
-  helm_config = merge(local.default_helm_config, var.helm_config)
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/consul/main.tf b/modules/kubernetes-addons/consul/main.tf
deleted file mode 100644
index d03500f57c..0000000000
--- a/modules/kubernetes-addons/consul/main.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  helm_config       = local.helm_config
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/consul/outputs.tf b/modules/kubernetes-addons/consul/outputs.tf
deleted file mode 100644
index b30c86b380..0000000000
--- a/modules/kubernetes-addons/consul/outputs.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/consul/values.yaml b/modules/kubernetes-addons/consul/values.yaml
deleted file mode 100644
index 0b5f7b62c3..0000000000
--- a/modules/kubernetes-addons/consul/values.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-global:
-  name: consul
-
-server:
-  replicas: 3
diff --git a/modules/kubernetes-addons/consul/variables.tf b/modules/kubernetes-addons/consul/variables.tf
deleted file mode 100644
index 7c20d90db7..0000000000
--- a/modules/kubernetes-addons/consul/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for consul."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/consul/versions.tf b/modules/kubernetes-addons/consul/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/consul/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/crossplane/README.md b/modules/kubernetes-addons/crossplane/README.md
deleted file mode 100644
index dac1f054f6..0000000000
--- a/modules/kubernetes-addons/crossplane/README.md
+++ /dev/null
@@ -1,110 +0,0 @@
-# Crossplane
-
-Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume, without having to write any code.
-
-- Crossplane is a control plane
-- Allow engineers to model their infrastructure as declarative configuration
-- Support managing a myriad of diverse infrastructure using "provider" plugins
-- It's an open source tool with strong communities
-
-Please find more details from [Crossplane](https://crossplane.io/)
-
-## Usage
-
-Crossplane Add-on can be deployed as follows
-
-```hcl
-  enable_crossplane = true
-```
-
-This module allows you to deploy the following providers for Crossplane. These providers disabled by default.
-
-- [AWS Provider](https://github.com/crossplane/provider-aws)
-- [Upbound AWS Provider](https://github.com/upbound/provider-aws)
-- [Kubernetes Provider](https://github.com/crossplane-contrib/provider-kubernetes)
-- [Helm Provider](https://github.com/crossplane-contrib/provider-helm)
-- [Provider Jet AWS (Deprecated)](https://github.com/crossplane-contrib/provider-jet-aws)
-
-Refer to [docs](../../../docs/add-ons/crossplane.md) on how to deploy AWS Providers.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 1.14 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-| <a name="provider_time"></a> [time](#provider\_time) | >= 0.7 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_aws_provider_irsa"></a> [aws\_provider\_irsa](#module\_aws\_provider\_irsa) | ../../../modules/irsa | n/a |
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_jet_aws_provider_irsa"></a> [jet\_aws\_provider\_irsa](#module\_jet\_aws\_provider\_irsa) | ../../../modules/irsa | n/a |
-| <a name="module_upbound_aws_provider_irsa"></a> [upbound\_aws\_provider\_irsa](#module\_upbound\_aws\_provider\_irsa) | ../../../modules/irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.jet_aws_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [kubectl_manifest.aws_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.aws_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.aws_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.helm_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.helm_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.helm_provider_clusterolebinding](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.helm_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.jet_aws_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.jet_aws_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.jet_aws_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.kubernetes_controller_clusterolebinding](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.kubernetes_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.kubernetes_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.kubernetes_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.upbound_aws_controller_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.upbound_aws_provider](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.upbound_aws_provider_config](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubernetes_namespace_v1.crossplane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_service_account_v1.helm_provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-| [kubernetes_service_account_v1.kubernetes_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-| [time_sleep.upbound_wait_60_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [time_sleep.wait_60_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [time_sleep.wait_60_seconds_helm](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [time_sleep.wait_60_seconds_kubernetes](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [aws_iam_policy_document.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_aws_provider"></a> [aws\_provider](#input\_aws\_provider) | AWS Provider config for Crossplane | `any` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm config for Crossplane | `any` | `{}` | no |
-| <a name="input_helm_provider"></a> [helm\_provider](#input\_helm\_provider) | Helm Provider config for Crossplane | `any` | n/a | yes |
-| <a name="input_jet_aws_provider"></a> [jet\_aws\_provider](#input\_jet\_aws\_provider) | AWS Provider Jet AWS config for Crossplane [Deprecated] | <pre>object({<br>    enable                   = bool<br>    provider_aws_version     = string<br>    additional_irsa_policies = list(string)<br>  })</pre> | n/a | yes |
-| <a name="input_kubernetes_provider"></a> [kubernetes\_provider](#input\_kubernetes\_provider) | Kubernetes Provider config for Crossplane | `any` | n/a | yes |
-| <a name="input_upbound_aws_provider"></a> [upbound\_aws\_provider](#input\_upbound\_aws\_provider) | Upbound AWS Provider config for Crossplane | `any` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/aws-controller-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/aws-controller-config.yaml
deleted file mode 100644
index 31f15e46c1..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/aws-controller-config.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
-  name: ${aws-controller-config}
-  annotations:
-    eks.amazonaws.com/role-arn: ${iam-role-arn}
-spec:
-  podSecurityContext:
-    fsGroup: 2000
-  args:
-    - --debug
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/aws-provider-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/aws-provider-config.yaml
deleted file mode 100644
index eaacbfc786..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/aws-provider-config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: aws.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
-  name: ${aws-provider-config}
-spec:
-  credentials:
-    source: InjectedIdentity
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/aws-provider.yaml b/modules/kubernetes-addons/crossplane/aws-provider/aws-provider.yaml
deleted file mode 100644
index 1511be6343..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/aws-provider.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: ${aws-provider-name}
-spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-aws:${provider-aws-version}
-  controllerConfigRef:
-    name: ${aws-controller-config}
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-controller-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-controller-config.yaml
deleted file mode 100644
index f6b92cf352..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-controller-config.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
-  name: jet-aws-controller-config
-  annotations:
-    eks.amazonaws.com/role-arn: ${iam-role-arn}
-spec:
-  podSecurityContext:
-    fsGroup: 2000
-  args:
-    - --debug
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider-config.yaml
deleted file mode 100644
index 8f61bbe16b..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider-config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: aws.jet.crossplane.io/v1alpha1
-kind: ProviderConfig
-metadata:
-  name: jet-aws-provider-config
-spec:
-  credentials:
-    source: InjectedIdentity
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider.yaml b/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider.yaml
deleted file mode 100644
index 499b6108fb..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/jet-aws-provider.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: ${aws-provider-name}
-spec:
-  package: crossplane/provider-jet-aws:${provider-aws-version}
-  controllerConfigRef:
-    name: jet-aws-controller-config
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-controller-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-controller-config.yaml
deleted file mode 100644
index a50641b7fd..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-controller-config.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# https://github.com/upbound/provider-aws/blob/main/docs/Configuration.md#create-a-controllerconfig
----
-apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
-  name: ${upbound-aws-controller-config}
-  annotations:
-    eks.amazonaws.com/role-arn: ${upbound-iam-role-arn}
-spec:
-  podSecurityContext:
-    fsGroup: 2000
-  args:
-    - --debug
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider-config.yaml b/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider-config.yaml
deleted file mode 100644
index 64180f53f3..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider-config.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# https://github.com/upbound/provider-aws/blob/main/docs/Configuration.md#create-a-providerconfig
----
-apiVersion: aws.upbound.io/v1beta1
-kind: ProviderConfig
-metadata:
-  name: ${upbound-aws-provider-config}
-spec:
-  credentials:
-    source: IRSA
diff --git a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider.yaml b/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider.yaml
deleted file mode 100644
index f02c6cfe37..0000000000
--- a/modules/kubernetes-addons/crossplane/aws-provider/upbound-aws-provider.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-# https://github.com/upbound/provider-aws/blob/main/docs/Configuration.md#create-a-provider
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: ${upbound-aws-provider-name}
-spec:
-  package: xpkg.upbound.io/upbound/provider-aws:${upbound-provider-aws-version}
-  controllerConfigRef:
-    name: ${upbound-aws-controller-config}
diff --git a/modules/kubernetes-addons/crossplane/data.tf b/modules/kubernetes-addons/crossplane/data.tf
deleted file mode 100644
index 6339795ecb..0000000000
--- a/modules/kubernetes-addons/crossplane/data.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-data "aws_iam_policy_document" "s3_policy" {
-  statement {
-    sid       = "VisualEditor0"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:s3:::*"]
-
-    actions = [
-      "s3:CreateBucket",
-      "s3:DeleteBucket",
-      "s3:DeleteObject",
-      "s3:DeleteObjectVersion",
-      "s3:Get*",
-      "s3:ListBucket",
-      "s3:Put*",
-    ]
-  }
-
-  statement {
-    sid       = "VisualEditor1"
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["s3:ListAllMyBuckets"]
-  }
-}
diff --git a/modules/kubernetes-addons/crossplane/helm-provider/helm-controller-config.yaml b/modules/kubernetes-addons/crossplane/helm-provider/helm-controller-config.yaml
deleted file mode 100644
index 5fa1a8791a..0000000000
--- a/modules/kubernetes-addons/crossplane/helm-provider/helm-controller-config.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
-  name: ${helm-controller-config}
-spec:
-  serviceAccountName: ${helm-serviceaccount-name}
diff --git a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-clusterrolebinding.yaml b/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-clusterrolebinding.yaml
deleted file mode 100644
index 7bfb51efe9..0000000000
--- a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: "provider-helm-admin-binding"
-subjects:
-  - kind: ServiceAccount
-    name: ${helm-serviceaccount-name}
-    namespace: ${namespace}
-roleRef:
-  kind: ClusterRole
-  name: ${cluster-role}
-  apiGroup: rbac.authorization.k8s.io
diff --git a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-config.yaml b/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-config.yaml
deleted file mode 100644
index 9868dee39a..0000000000
--- a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider-config.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# https://github.com/crossplane-contrib/provider-helm/blob/master/examples/provider-config/provider-config-incluster.yaml
----
-apiVersion: helm.crossplane.io/v1beta1
-kind: ProviderConfig
-metadata:
-  name: ${helm-provider-config}
-spec:
-  credentials:
-    source: InjectedIdentity
diff --git a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider.yaml b/modules/kubernetes-addons/crossplane/helm-provider/helm-provider.yaml
deleted file mode 100644
index 5c6cbb3336..0000000000
--- a/modules/kubernetes-addons/crossplane/helm-provider/helm-provider.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: ${helm-provider-name}
-spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-helm:${provider-helm-version}
-  controllerConfigRef:
-    name: ${helm-controller-config}
diff --git a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml b/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml
deleted file mode 100644
index bb61499b5b..0000000000
--- a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ${kubernetes-serviceaccount-name}
-subjects:
-  - kind: ServiceAccount
-    name: ${kubernetes-serviceaccount-name}
-    namespace: ${namespace}
-roleRef:
-  kind: ClusterRole
-  name: ${cluster-role}
-  apiGroup: rbac.authorization.k8s.io
diff --git a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-config.yaml b/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-config.yaml
deleted file mode 100644
index 54f8133737..0000000000
--- a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-controller-config.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: pkg.crossplane.io/v1alpha1
-kind: ControllerConfig
-metadata:
-  name: ${kubernetes-controller-config}
-spec:
-  serviceAccountName: ${kubernetes-serviceaccount-name}
diff --git a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider-config.yaml b/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider-config.yaml
deleted file mode 100644
index db2e0e2456..0000000000
--- a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider-config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kubernetes.crossplane.io/v1alpha1
-kind: ProviderConfig
-metadata:
-  name: ${kubernetes-provider-config}
-spec:
-  credentials:
-    source: InjectedIdentity
diff --git a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider.yaml b/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider.yaml
deleted file mode 100644
index 7ec747b136..0000000000
--- a/modules/kubernetes-addons/crossplane/kubernetes-provider/kubernetes-provider.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: ${kubernetes-provider-name}
-spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:${provider-kubernetes-version}
-  controllerConfigRef:
-    name: ${kubernetes-controller-config}
diff --git a/modules/kubernetes-addons/crossplane/locals.tf b/modules/kubernetes-addons/crossplane/locals.tf
deleted file mode 100644
index 0a3a71d3dc..0000000000
--- a/modules/kubernetes-addons/crossplane/locals.tf
+++ /dev/null
@@ -1,66 +0,0 @@
-locals {
-  namespace = try(var.helm_config.namespace, "crossplane-system")
-
-  # https://github.com/crossplane/crossplane/blob/master/cluster/charts/crossplane/Chart.yaml
-  default_helm_config = {
-    chart       = "crossplane"
-    name        = "crossplane"
-    namespace   = local.namespace
-    repository  = "https://charts.crossplane.io/stable/"
-    version     = "1.10.1"
-    description = "Crossplane Helm chart"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  aws_provider = merge({
-    provider_aws_version     = "v0.36.0"
-    additional_irsa_policies = ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AdministratorAccess"]
-    name                     = "aws-provider"
-    namespace                = local.namespace
-    service_account          = "aws-provider"
-    provider_config          = "default"
-    controller_config        = "aws-controller-config"
-    },
-    var.aws_provider
-  )
-
-  upbound_aws_provider = merge({
-    provider_aws_version     = "v0.27.0"
-    additional_irsa_policies = ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AdministratorAccess"]
-    name                     = "upbound-aws-provider"
-    namespace                = local.namespace
-    service_account          = "upbound-aws-provider"
-    provider_config          = "default"
-    controller_config        = "upbound-aws-controller-config"
-    },
-    var.upbound_aws_provider
-  )
-
-  kubernetes_provider = merge({
-    provider_kubernetes_version = "v0.6.0"
-    name                        = "kubernetes-provider"
-    service_account             = "kubernetes-provider"
-    provider_config             = "default"
-    controller_config           = "kubernetes-controller-config"
-    cluster_role                = "cluster-admin"
-    },
-    var.kubernetes_provider
-  )
-
-  helm_provider = merge({
-    provider_helm_version = "v0.13.0"
-    name                  = "provider-helm"
-    service_account       = "provider-helm"
-    provider_config       = "default"
-    controller_config     = "helm-controller-config"
-    cluster_role          = "cluster-admin"
-    },
-    var.helm_provider
-  )
-
-  jet_aws_provider_sa = "jet-aws-provider"
-}
diff --git a/modules/kubernetes-addons/crossplane/main.tf b/modules/kubernetes-addons/crossplane/main.tf
deleted file mode 100644
index 4df4a742c7..0000000000
--- a/modules/kubernetes-addons/crossplane/main.tf
+++ /dev/null
@@ -1,311 +0,0 @@
-resource "kubernetes_namespace_v1" "crossplane" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.crossplane]
-}
-
-#--------------------------------------
-# AWS Provider
-#--------------------------------------
-module "aws_provider_irsa" {
-  count                             = local.aws_provider.enable == true ? 1 : 0
-  source                            = "../../../modules/irsa"
-  create_kubernetes_namespace       = false
-  create_kubernetes_service_account = false
-  kubernetes_namespace              = local.namespace
-  kubernetes_service_account        = "${local.aws_provider.name}-*"
-  irsa_iam_policies                 = local.aws_provider.additional_irsa_policies
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                    = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
-
-}
-
-resource "kubectl_manifest" "aws_controller_config" {
-  count = local.aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/aws-controller-config.yaml", {
-    iam-role-arn          = module.aws_provider_irsa[0].irsa_iam_role_arn
-    aws-controller-config = local.aws_provider.controller_config
-  })
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "aws_provider" {
-  count = local.aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/aws-provider.yaml", {
-    provider-aws-version  = local.aws_provider.provider_aws_version
-    aws-provider-name     = local.aws_provider.name
-    aws-controller-config = local.aws_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [kubectl_manifest.aws_controller_config]
-}
-
-# Wait for the AWS Provider CRDs to be fully created before initiating aws_provider_config deployment
-resource "time_sleep" "wait_60_seconds" {
-  count           = local.aws_provider.enable == true ? 1 : 0
-  create_duration = "60s"
-
-  depends_on = [kubectl_manifest.aws_provider]
-}
-
-resource "kubectl_manifest" "aws_provider_config" {
-  count = local.aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/aws-provider-config.yaml", {
-    aws-provider-config = local.aws_provider.provider_config
-  })
-
-  depends_on = [kubectl_manifest.aws_provider, time_sleep.wait_60_seconds]
-}
-
-#--------------------------------------
-# Terrajet AWS Provider (Deprecated)
-#--------------------------------------
-resource "kubectl_manifest" "jet_aws_controller_config" {
-  count = var.jet_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/jet-aws-controller-config.yaml", {
-    iam-role-arn = module.jet_aws_provider_irsa[0].irsa_iam_role_arn
-  })
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "jet_aws_provider" {
-  count = var.jet_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/jet-aws-provider.yaml", {
-    provider-aws-version = var.jet_aws_provider.provider_aws_version
-    aws-provider-name    = local.jet_aws_provider_sa
-  })
-  wait = true
-
-  depends_on = [kubectl_manifest.jet_aws_controller_config]
-}
-
-module "jet_aws_provider_irsa" {
-  count = var.jet_aws_provider.enable == true ? 1 : 0
-
-  source                            = "../../../modules/irsa"
-  create_kubernetes_namespace       = false
-  create_kubernetes_service_account = false
-  kubernetes_namespace              = local.namespace
-  kubernetes_service_account        = "${local.jet_aws_provider_sa}-*"
-  irsa_iam_policies                 = concat([aws_iam_policy.jet_aws_provider[0].arn], var.jet_aws_provider.additional_irsa_policies)
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                    = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
-
-}
-
-resource "aws_iam_policy" "jet_aws_provider" {
-  count       = var.jet_aws_provider.enable == true ? 1 : 0
-  description = "Crossplane Jet AWS Provider IAM policy"
-  name        = "${var.addon_context.eks_cluster_id}-${local.jet_aws_provider_sa}-irsa"
-  policy      = data.aws_iam_policy_document.s3_policy.json
-  tags        = var.addon_context.tags
-}
-
-resource "kubectl_manifest" "jet_aws_provider_config" {
-  count     = var.jet_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/jet-aws-provider-config.yaml", {})
-
-  depends_on = [kubectl_manifest.jet_aws_provider]
-}
-
-#--------------------------------------
-# Upbound AWS Provider
-#--------------------------------------
-module "upbound_aws_provider_irsa" {
-  count                             = local.upbound_aws_provider.enable == true ? 1 : 0
-  source                            = "../../../modules/irsa"
-  create_kubernetes_namespace       = false
-  create_kubernetes_service_account = false
-  kubernetes_namespace              = local.namespace
-  kubernetes_service_account        = "${local.upbound_aws_provider.name}-*"
-  irsa_iam_policies                 = local.upbound_aws_provider.additional_irsa_policies
-  irsa_iam_role_path                = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary     = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                    = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn             = var.addon_context.eks_oidc_provider_arn
-
-}
-
-resource "kubectl_manifest" "upbound_aws_controller_config" {
-  count = local.upbound_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/upbound-aws-controller-config.yaml", {
-    upbound-iam-role-arn          = module.upbound_aws_provider_irsa[0].irsa_iam_role_arn
-    upbound-aws-controller-config = local.upbound_aws_provider.controller_config
-  })
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "upbound_aws_provider" {
-  count = local.upbound_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/upbound-aws-provider.yaml", {
-    upbound-provider-aws-version  = local.upbound_aws_provider.provider_aws_version
-    upbound-aws-provider-name     = local.upbound_aws_provider.name
-    upbound-aws-controller-config = local.upbound_aws_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [kubectl_manifest.upbound_aws_controller_config]
-}
-
-# Wait for the Upbound AWS Provider CRDs to be fully created before initiating upbound_aws_provider_config deployment
-resource "time_sleep" "upbound_wait_60_seconds" {
-  count           = local.upbound_aws_provider.enable == true ? 1 : 0
-  create_duration = "60s"
-
-  depends_on = [kubectl_manifest.upbound_aws_provider]
-}
-
-resource "kubectl_manifest" "upbound_aws_provider_config" {
-  count = local.upbound_aws_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/aws-provider/upbound-aws-provider-config.yaml", {
-    upbound-aws-provider-config = local.upbound_aws_provider.provider_config
-  })
-
-  depends_on = [kubectl_manifest.upbound_aws_provider, time_sleep.upbound_wait_60_seconds]
-}
-
-#--------------------------------------
-# Kubernetes Provider
-#--------------------------------------
-resource "kubernetes_service_account_v1" "kubernetes_controller" {
-  count = local.kubernetes_provider.enable == true ? 1 : 0
-  metadata {
-    name      = local.kubernetes_provider.service_account
-    namespace = local.namespace
-  }
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "kubernetes_controller_clusterolebinding" {
-  count = local.kubernetes_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/kubernetes-provider/kubernetes-controller-clusterrolebinding.yaml", {
-    namespace                      = local.namespace
-    cluster-role                   = local.kubernetes_provider.cluster_role
-    kubernetes-serviceaccount-name = kubernetes_service_account_v1.kubernetes_controller[0].metadata[0].name
-  })
-  wait = true
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "kubernetes_controller_config" {
-  count = local.kubernetes_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/kubernetes-provider/kubernetes-controller-config.yaml", {
-    kubernetes-serviceaccount-name = kubernetes_service_account_v1.kubernetes_controller[0].metadata[0].name
-    kubernetes-controller-config   = local.kubernetes_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "kubernetes_provider" {
-  count = local.kubernetes_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/kubernetes-provider/kubernetes-provider.yaml", {
-    provider-kubernetes-version  = local.kubernetes_provider.provider_kubernetes_version
-    kubernetes-provider-name     = local.kubernetes_provider.name
-    kubernetes-controller-config = local.kubernetes_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [kubectl_manifest.kubernetes_controller_config]
-}
-
-# Wait for the AWS Provider CRDs to be fully created before initiating aws_provider_config deployment
-resource "time_sleep" "wait_60_seconds_kubernetes" {
-  create_duration = "60s"
-
-  depends_on = [kubectl_manifest.kubernetes_provider]
-}
-
-resource "kubectl_manifest" "kubernetes_provider_config" {
-  count = local.kubernetes_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/kubernetes-provider/kubernetes-provider-config.yaml", {
-    kubernetes-provider-config = local.kubernetes_provider.provider_config
-  })
-
-  depends_on = [kubectl_manifest.kubernetes_provider, time_sleep.wait_60_seconds_kubernetes]
-}
-
-#--------------------------------------
-# Helm Provider
-#--------------------------------------
-resource "kubernetes_service_account_v1" "helm_provider" {
-  count = local.helm_provider.enable == true ? 1 : 0
-  metadata {
-    name      = local.helm_provider.service_account
-    namespace = local.namespace
-  }
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "helm_provider_clusterolebinding" {
-  count = local.helm_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/helm-provider/helm-provider-clusterrolebinding.yaml", {
-    namespace                = local.namespace
-    cluster-role             = local.helm_provider.cluster_role
-    helm-serviceaccount-name = kubernetes_service_account_v1.helm_provider[0].metadata[0].name
-  })
-  wait = true
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "helm_controller_config" {
-  count = local.helm_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/helm-provider/helm-controller-config.yaml", {
-    helm-serviceaccount-name = kubernetes_service_account_v1.helm_provider[0].metadata[0].name
-    helm-controller-config   = local.helm_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [module.helm_addon]
-}
-
-resource "kubectl_manifest" "helm_provider" {
-  count = local.helm_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/helm-provider/helm-provider.yaml", {
-    provider-helm-version  = local.helm_provider.provider_helm_version
-    helm-provider-name     = local.helm_provider.name
-    helm-controller-config = local.helm_provider.controller_config
-  })
-  wait = true
-
-  depends_on = [kubectl_manifest.helm_provider_clusterolebinding]
-}
-
-# Wait for the Helm Provider CRDs to be fully created before initiating helm_provider_config deployment
-resource "time_sleep" "wait_60_seconds_helm" {
-  create_duration = "60s"
-
-  depends_on = [kubectl_manifest.helm_provider]
-}
-
-resource "kubectl_manifest" "helm_provider_config" {
-  count = local.helm_provider.enable == true ? 1 : 0
-  yaml_body = templatefile("${path.module}/helm-provider/helm-provider-config.yaml", {
-    helm-provider-config = local.helm_provider.provider_config
-  })
-
-  depends_on = [kubectl_manifest.helm_provider, time_sleep.wait_60_seconds_helm]
-}
diff --git a/modules/kubernetes-addons/crossplane/outputs.tf b/modules/kubernetes-addons/crossplane/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/crossplane/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/crossplane/variables.tf b/modules/kubernetes-addons/crossplane/variables.tf
deleted file mode 100644
index e242eb1d2c..0000000000
--- a/modules/kubernetes-addons/crossplane/variables.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-variable "helm_config" {
-  description = "Helm config for Crossplane"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "aws_provider" {
-  description = "AWS Provider config for Crossplane"
-  type        = any
-}
-
-variable "upbound_aws_provider" {
-  description = "Upbound AWS Provider config for Crossplane"
-  type        = any
-}
-
-variable "kubernetes_provider" {
-  description = "Kubernetes Provider config for Crossplane"
-  type        = any
-}
-
-variable "helm_provider" {
-  description = "Helm Provider config for Crossplane"
-  type        = any
-}
-
-variable "jet_aws_provider" {
-  description = "AWS Provider Jet AWS config for Crossplane [Deprecated]"
-  type = object({
-    enable                   = bool
-    provider_aws_version     = string
-    additional_irsa_policies = list(string)
-  })
-}
diff --git a/modules/kubernetes-addons/crossplane/versions.tf b/modules/kubernetes-addons/crossplane/versions.tf
deleted file mode 100644
index 96ea58d622..0000000000
--- a/modules/kubernetes-addons/crossplane/versions.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.7"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/README.md b/modules/kubernetes-addons/csi-secrets-store-provider-aws/README.md
deleted file mode 100644
index 34f0950c2e..0000000000
--- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# CSI Secrets Store Provider Helm Chart
-
-# Introduction
-
-AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
-
-# Helm Chart
-
-### Instructions to use the Helm Chart
-
-See the [csi-secrets-store-provider-aws](https://github.com/aws/eks-charts/tree/master/stable/csi-secrets-store-provider-aws).
-
-<!--- BEGIN_TF_DOCS --->
-## Requirements
-
-[Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/getting-started/installation.html) to be provisioned.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace.csi_secrets_store_provider_aws](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Cluster Autoscaler Helm Config | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-
-<!--- END_TF_DOCS --->
diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf
deleted file mode 100644
index 885ab7d50e..0000000000
--- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/main.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "secrets-store-csi-driver-provider-aws")
-  namespace = try(var.helm_config.namespace, "kube-system")
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/charts/secrets-store-csi-driver-provider-aws/Chart.yaml
-  helm_config = merge(
-    {
-      name             = local.name
-      chart            = local.name
-      repository       = "https://aws.github.io/secrets-store-csi-driver-provider-aws"
-      version          = "0.3.2"
-      namespace        = local.namespace
-      create_namespace = local.namespace == "kube-system" ? false : true
-      description      = "A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver."
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/outputs.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/variables.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/variables.tf
deleted file mode 100644
index 619698f9a9..0000000000
--- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "CSI Secrets Store Provider AWS Helm Configurations"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/csi-secrets-store-provider-aws/versions.tf b/modules/kubernetes-addons/csi-secrets-store-provider-aws/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/csi-secrets-store-provider-aws/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/data.tf b/modules/kubernetes-addons/data.tf
deleted file mode 100644
index 8370230cd1..0000000000
--- a/modules/kubernetes-addons/data.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-data "aws_partition" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
-resource "time_sleep" "dataplane" {
-  create_duration = "10s"
-
-  triggers = {
-    data_plane_wait_arn = var.data_plane_wait_arn # this waits for the data plane to be ready
-    eks_cluster_id      = var.eks_cluster_id      # this ties it to downstream resources
-  }
-}
-
-data "aws_eks_cluster" "eks_cluster" {
-  # this makes downstream resources wait for data plane to be ready
-  name = time_sleep.dataplane.triggers["eks_cluster_id"]
-}
diff --git a/modules/kubernetes-addons/datadog-operator/README.md b/modules/kubernetes-addons/datadog-operator/README.md
deleted file mode 100644
index c68cd45550..0000000000
--- a/modules/kubernetes-addons/datadog-operator/README.md
+++ /dev/null
@@ -1,47 +0,0 @@
-# Datadog Operator
-
-## Datadog Operator vs. Helm chart
-
-The official Datadog Helm chart is still the recommended way to setup Datadog in a Kubernetes cluster, as it has most supported configuration options readily accessible. It also makes using more advanced features easier than rolling your own deployments.
-
-The **Datadog Operator** aims to improve the user experience around deploying Datadog. It does this by reporting deployment status, health, and errors in its Custom Resource status, and by limiting the risk of misconfiguration thanks to higher-level configuration options.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for calico | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/datadog-operator/main.tf b/modules/kubernetes-addons/datadog-operator/main.tf
deleted file mode 100644
index 6e9d587fc6..0000000000
--- a/modules/kubernetes-addons/datadog-operator/main.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-locals {
-  name = "datadog-operator"
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/Chart.yaml
-  helm_config = merge(
-    {
-      name             = local.name
-      chart            = local.name
-      repository       = "https://helm.datadoghq.com"
-      version          = "1.0.2"
-      namespace        = local.name
-      create_namespace = true
-      description      = "Datadog Operator"
-    },
-    var.helm_config
-  )
-  manage_via_gitops = var.manage_via_gitops
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/datadog-operator/outputs.tf b/modules/kubernetes-addons/datadog-operator/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/datadog-operator/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/datadog-operator/variables.tf b/modules/kubernetes-addons/datadog-operator/variables.tf
deleted file mode 100644
index 300b0751c7..0000000000
--- a/modules/kubernetes-addons/datadog-operator/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for calico"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/datadog-operator/versions.tf b/modules/kubernetes-addons/datadog-operator/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/datadog-operator/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/emr-on-eks/README.md b/modules/kubernetes-addons/emr-on-eks/README.md
deleted file mode 100644
index 80a791a690..0000000000
--- a/modules/kubernetes-addons/emr-on-eks/README.md
+++ /dev/null
@@ -1,83 +0,0 @@
-# [EMR on EKS](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/emr-eks.html)
-
-The resources created by the `emr-on-eks` addon include:
-- Kubernetes namespace, role, and role binding; existing or externally created namespace and role can be utilized as well
-- IAM role for service account (IRSA) used by for job execution. Users can scope access to the appropriate S3 bucket and path via `s3_bucket_arns`, use for both accessing job data as well as writing out results. The bare minimum permissions have been provided for the job execution role; users can provide additional permissions by passing in additional policies to attach to the role via `iam_role_additional_policies`
-- CloudWatch log group for task execution logs. Log streams are created by the job itself and not via Terraform
-- EMR managed security group for the virtual cluster
-- EMR virtual cluster scoped to the namespace created/provided
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.13 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.13 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_emrcontainers_virtual_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/emrcontainers_virtual_cluster) | resource |
-| [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_role_binding_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |
-| [kubernetes_role_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_v1) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_cloudwatch_log_group_arn"></a> [cloudwatch\_log\_group\_arn](#input\_cloudwatch\_log\_group\_arn) | ARN of the log group to use for the cluster logs | `string` | `"arn:aws:logs:*:*:*"` | no |
-| <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | `string` | `null` | no |
-| <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default retention - 7 days | `number` | `7` | no |
-| <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
-| <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created for EMR on EKS job execution role | `bool` | `true` | no |
-| <a name="input_create_kubernetes_role"></a> [create\_kubernetes\_role](#input\_create\_kubernetes\_role) | Determines whether a Kubernetes role is created for EMR on EKS | `bool` | `true` | no |
-| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Determines whether a Kubernetes namespace is created for EMR on EKS | `bool` | `true` | no |
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS cluster ID | `string` | n/a | yes |
-| <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the job execution IAM role | `any` | `{}` | no |
-| <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the job execution role | `string` | `null` | no |
-| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Job execution IAM role path | `string` | `null` | no |
-| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the job execution IAM role | `string` | `null` | no |
-| <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM job execution role name (`role_name`) is used as a prefix | `bool` | `true` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name of the EMR on EKS virtual cluster | `string` | n/a | yes |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace for EMR on EKS | `string` | `"emr-containers"` | no |
-| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | OIDC provider ARN for the EKS cluster | `string` | `""` | no |
-| <a name="input_role_name"></a> [role\_name](#input\_role\_name) | Name to use on IAM role created for EMR on EKS job execution role as well as Kubernetes RBAC role | `string` | `null` | no |
-| <a name="input_s3_bucket_arns"></a> [s3\_bucket\_arns](#input\_s3\_bucket\_arns) | S3 bucket ARNs for EMR on EKS job execution role to list, get objects, and put objects | `list(string)` | <pre>[<br>  "*"<br>]</pre> | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all AWS resources | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_cloudwatch_log_group_arn"></a> [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
-| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
-| <a name="output_job_execution_role_arn"></a> [job\_execution\_role\_arn](#output\_job\_execution\_role\_arn) | IAM role ARN of the job execution role |
-| <a name="output_job_execution_role_name"></a> [job\_execution\_role\_name](#output\_job\_execution\_role\_name) | IAM role name of the job execution role |
-| <a name="output_job_execution_role_unique_id"></a> [job\_execution\_role\_unique\_id](#output\_job\_execution\_role\_unique\_id) | Stable and unique string identifying the job execution IAM role |
-| <a name="output_virtual_cluster_arn"></a> [virtual\_cluster\_arn](#output\_virtual\_cluster\_arn) | ARN of the EMR virtual cluster |
-| <a name="output_virtual_cluster_id"></a> [virtual\_cluster\_id](#output\_virtual\_cluster\_id) | ID of the EMR virtual cluster |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/emr-on-eks/main.tf b/modules/kubernetes-addons/emr-on-eks/main.tf
deleted file mode 100644
index 54402d825e..0000000000
--- a/modules/kubernetes-addons/emr-on-eks/main.tf
+++ /dev/null
@@ -1,255 +0,0 @@
-data "aws_caller_identity" "current" {}
-data "aws_partition" "current" {}
-
-locals {
-  account_id = data.aws_caller_identity.current.account_id
-
-  internal_role_name = try(coalesce(var.role_name, var.name), "")
-
-  role_name = var.create_kubernetes_role ? kubernetes_role_v1.this[0].metadata[0].name : local.internal_role_name
-  namespace = var.create_namespace ? kubernetes_namespace_v1.this[0].metadata[0].name : var.namespace
-}
-
-################################################################################
-# Kubernetes Namespace + Role/Role Binding
-# https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-cluster-access.html#setting-up-cluster-access-manual
-################################################################################
-
-resource "kubernetes_namespace_v1" "this" {
-  count = var.create_namespace ? 1 : 0
-
-  metadata {
-    name = var.namespace
-  }
-}
-
-resource "kubernetes_role_v1" "this" {
-  count = var.create_kubernetes_role ? 1 : 0
-
-  metadata {
-    name      = local.internal_role_name
-    namespace = local.namespace
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["namespaces"]
-    verbs      = ["get"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["serviceaccounts", "services", "configmaps", "events", "pods", "pods/log"]
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "deletecollection", "annotate", "patch", "label"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["secrets"]
-    verbs      = ["create", "patch", "delete", "watch"]
-  }
-
-  rule {
-    api_groups = ["apps"]
-    resources  = ["statefulsets", "deployments"]
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-  }
-
-  rule {
-    api_groups = ["batch"]
-    resources  = ["jobs"]
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-  }
-
-  rule {
-    api_groups = ["extensions"]
-    resources  = ["ingresses"]
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "annotate", "patch", "label"]
-  }
-
-  rule {
-    api_groups = ["rbac.authorization.k8s.io"]
-    resources  = ["roles", "rolebindings"]
-    verbs      = ["get", "list", "watch", "describe", "create", "edit", "delete", "deletecollection", "annotate", "patch", "label"]
-  }
-}
-
-resource "kubernetes_role_binding_v1" "this" {
-  metadata {
-    name      = local.role_name
-    namespace = local.namespace
-  }
-
-  subject {
-    kind      = "User"
-    name      = "emr-containers" # this must stay static and is not configurable
-    api_group = "rbac.authorization.k8s.io"
-  }
-
-  role_ref {
-    kind      = "Role"
-    name      = local.role_name
-    api_group = "rbac.authorization.k8s.io"
-  }
-}
-
-################################################################################
-# Job Execution Role
-# https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/creating-job-execution-role.html
-# https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/iam-execution-role.html
-################################################################################
-
-data "aws_iam_policy_document" "assume" {
-  count = var.create_iam_role ? 1 : 0
-
-  statement {
-    sid     = "EMR"
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["elasticmapreduce.${data.aws_partition.current.dns_suffix}"]
-    }
-  }
-
-  statement {
-    sid     = "IRSA"
-    effect  = "Allow"
-    actions = ["sts:AssumeRoleWithWebIdentity"]
-
-    principals {
-      type        = "Federated"
-      identifiers = [var.oidc_provider_arn]
-    }
-
-    condition {
-      test     = "StringLike"
-      variable = "${replace(var.oidc_provider_arn, "/^(.*provider/)/", "")}:sub"
-      # Terraform lacks support for a base32 function and role names with prefixes are unknown so a wildcard is used
-      values = ["system:serviceaccount:${local.namespace}:emr-containers-sa-*-*-${local.account_id}-*"]
-    }
-
-    # https://aws.amazon.com/premiumsupport/knowledge-center/eks-troubleshoot-oidc-and-irsa/?nc1=h_ls
-    condition {
-      test     = "StringEquals"
-      variable = "${replace(var.oidc_provider_arn, "/^(.*provider/)/", "")}:aud"
-      values   = ["sts.amazonaws.com"]
-    }
-  }
-}
-
-data "aws_iam_policy_document" "this" {
-  count = var.create_iam_role ? 1 : 0
-
-  statement {
-    sid    = "S3Objects"
-    effect = "Allow"
-    actions = [
-      "s3:DeleteObject",
-      "s3:GetObject",
-      "s3:ListBucket",
-      "s3:PutObject",
-    ]
-    resources = var.s3_bucket_arns
-  }
-
-  statement {
-    sid    = "CloudWatchLogs"
-    effect = "Allow"
-    actions = [
-      "logs:PutLogEvents",
-      "logs:CreateLogStream",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-    ]
-    resources = var.create_cloudwatch_log_group ? ["${aws_cloudwatch_log_group.this[0].arn}:log-stream:*"] : ["${var.cloudwatch_log_group_arn}:log-stream:*"]
-  }
-
-  statement {
-    sid    = "CloudWatchLogsReadOnly"
-    effect = "Allow"
-    actions = [
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-    ]
-    resources = ["*"]
-  }
-}
-
-resource "aws_iam_role" "this" {
-  count = var.create_iam_role ? 1 : 0
-
-  name        = var.iam_role_use_name_prefix ? null : local.internal_role_name
-  name_prefix = var.iam_role_use_name_prefix ? "${local.internal_role_name}-" : null
-  path        = var.iam_role_path
-  description = coalesce(var.iam_role_description, "Job execution role for EMR on EKS ${var.name} virtual cluster")
-
-  assume_role_policy    = data.aws_iam_policy_document.assume[0].json
-  permissions_boundary  = var.iam_role_permissions_boundary
-  force_detach_policies = true
-
-  tags = var.tags
-}
-
-resource "aws_iam_policy" "this" {
-  count = var.create_iam_role ? 1 : 0
-
-  name        = var.iam_role_use_name_prefix ? null : local.internal_role_name
-  name_prefix = var.iam_role_use_name_prefix ? "${local.internal_role_name}-" : null
-  path        = var.iam_role_path
-  description = coalesce(var.iam_role_description, "Job execution role policy for EMR on EKS ${var.name} virtual cluster")
-
-  policy = data.aws_iam_policy_document.this[0].json
-
-  tags = var.tags
-}
-
-resource "aws_iam_role_policy_attachment" "this" {
-  count = var.create_iam_role ? 1 : 0
-
-  policy_arn = aws_iam_policy.this[0].arn
-  role       = aws_iam_role.this[0].name
-}
-
-resource "aws_iam_role_policy_attachment" "additional" {
-  for_each = { for k, v in var.iam_role_additional_policies : k => v if var.create_iam_role }
-
-  policy_arn = each.value
-  role       = aws_iam_role.this[0].name
-}
-
-################################################################################
-# Cloudwatch Log Group
-################################################################################
-
-resource "aws_cloudwatch_log_group" "this" {
-  count = var.create_cloudwatch_log_group ? 1 : 0
-
-  name              = "/emr-on-eks-logs/emr-workload/${local.namespace}"
-  retention_in_days = var.cloudwatch_log_group_retention_in_days
-  kms_key_id        = var.cloudwatch_log_group_kms_key_id
-
-  tags = var.tags
-}
-
-################################################################################
-# EMR Virtual Cluster
-################################################################################
-
-resource "aws_emrcontainers_virtual_cluster" "this" {
-  name = var.name
-
-  container_provider {
-    id   = var.eks_cluster_id
-    type = "EKS"
-
-    info {
-      eks_info {
-        namespace = local.namespace
-      }
-    }
-  }
-
-  tags = var.tags
-}
diff --git a/modules/kubernetes-addons/emr-on-eks/outputs.tf b/modules/kubernetes-addons/emr-on-eks/outputs.tf
deleted file mode 100644
index a4e9226612..0000000000
--- a/modules/kubernetes-addons/emr-on-eks/outputs.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-################################################################################
-# Job Execution Role
-################################################################################
-
-output "job_execution_role_name" {
-  description = "IAM role name of the job execution role"
-  value       = try(aws_iam_role.this[0].name, "")
-}
-
-output "job_execution_role_arn" {
-  description = "IAM role ARN of the job execution role"
-  value       = try(aws_iam_role.this[0].arn, "")
-}
-
-output "job_execution_role_unique_id" {
-  description = "Stable and unique string identifying the job execution IAM role"
-  value       = try(aws_iam_role.this[0].unique_id, "")
-}
-
-################################################################################
-# EMR Virtual Cluster
-################################################################################
-
-output "virtual_cluster_arn" {
-  description = "ARN of the EMR virtual cluster"
-  value       = aws_emrcontainers_virtual_cluster.this.arn
-}
-
-output "virtual_cluster_id" {
-  description = "ID of the EMR virtual cluster"
-  value       = aws_emrcontainers_virtual_cluster.this.id
-}
-
-################################################################################
-# CloudWatch Log Group
-################################################################################
-
-output "cloudwatch_log_group_name" {
-  description = "Name of cloudwatch log group created"
-  value       = try(aws_cloudwatch_log_group.this[0].name, "")
-}
-
-output "cloudwatch_log_group_arn" {
-  description = "Arn of cloudwatch log group created"
-  value       = try(aws_cloudwatch_log_group.this[0].arn, "")
-}
diff --git a/modules/kubernetes-addons/emr-on-eks/variables.tf b/modules/kubernetes-addons/emr-on-eks/variables.tf
deleted file mode 100644
index dba44ac10c..0000000000
--- a/modules/kubernetes-addons/emr-on-eks/variables.tf
+++ /dev/null
@@ -1,127 +0,0 @@
-################################################################################
-# Kubernetes Namespace + Role/Role Binding
-################################################################################
-
-variable "create_namespace" {
-  description = "Determines whether a Kubernetes namespace is created for EMR on EKS"
-  type        = bool
-  default     = true
-}
-
-variable "namespace" {
-  description = "Kubernetes namespace for EMR on EKS"
-  type        = string
-  default     = "emr-containers"
-}
-
-variable "create_kubernetes_role" {
-  description = "Determines whether a Kubernetes role is created for EMR on EKS"
-  type        = bool
-  default     = true
-}
-
-################################################################################
-# Job Execution Role
-################################################################################
-
-variable "create_iam_role" {
-  description = "Determines whether an IAM role is created for EMR on EKS job execution role"
-  type        = bool
-  default     = true
-}
-
-variable "oidc_provider_arn" {
-  description = "OIDC provider ARN for the EKS cluster"
-  type        = string
-  default     = ""
-}
-
-variable "s3_bucket_arns" {
-  description = "S3 bucket ARNs for EMR on EKS job execution role to list, get objects, and put objects"
-  type        = list(string)
-  default     = ["*"]
-}
-
-variable "role_name" {
-  description = "Name to use on IAM role created for EMR on EKS job execution role as well as Kubernetes RBAC role"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_use_name_prefix" {
-  description = "Determines whether the IAM job execution role name (`role_name`) is used as a prefix"
-  type        = bool
-  default     = true
-}
-
-variable "iam_role_path" {
-  description = "Job execution IAM role path"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_description" {
-  description = "Description of the job execution role"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_permissions_boundary" {
-  description = "ARN of the policy that is used to set the permissions boundary for the job execution IAM role"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_additional_policies" {
-  description = "Additional policies to be added to the job execution IAM role"
-  type        = any
-  default     = {}
-}
-
-################################################################################
-# CloudWatch Log Group
-################################################################################
-
-variable "create_cloudwatch_log_group" {
-  description = "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
-  type        = bool
-  default     = true
-}
-
-variable "cloudwatch_log_group_arn" {
-  description = "ARN of the log group to use for the cluster logs"
-  type        = string
-  default     = "arn:aws:logs:*:*:*"
-}
-
-variable "cloudwatch_log_group_retention_in_days" {
-  description = "Number of days to retain log events. Default retention - 7 days"
-  type        = number
-  default     = 7
-}
-
-variable "cloudwatch_log_group_kms_key_id" {
-  description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
-  type        = string
-  default     = null
-}
-
-################################################################################
-# EMR Virtual Cluster
-################################################################################
-
-variable "name" {
-  description = "Name of the EMR on EKS virtual cluster"
-  type        = string
-}
-
-variable "eks_cluster_id" {
-  description = "EKS cluster ID"
-  type        = string
-}
-
-variable "tags" {
-  description = "Tags to apply to all AWS resources"
-  type        = map(string)
-  default     = {}
-}
diff --git a/modules/kubernetes-addons/emr-on-eks/versions.tf b/modules/kubernetes-addons/emr-on-eks/versions.tf
deleted file mode 100644
index ee6a63d562..0000000000
--- a/modules/kubernetes-addons/emr-on-eks/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.13"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/external-dns/README.md b/modules/kubernetes-addons/external-dns/README.md
deleted file mode 100644
index 7bd7d028cb..0000000000
--- a/modules/kubernetes-addons/external-dns/README.md
+++ /dev/null
@@ -1,58 +0,0 @@
-# External DNS Helm Chart
-
-## Introduction
-
-[External DNS](https://github.com/kubernetes-sigs/external-dns) is a Kubernetes add-on that can automate the management of DNS records based on Ingress and Service resources.
-
-For complete project documentation, please visit the [ExternalDNS Github repository](https://github.com/kubernetes-sigs/external-dns).
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.external_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.external_dns_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_route53_zone.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | [Deprecated - use `route53_zone_arns`] Domain name of the Route53 hosted zone to use with External DNS. | `string` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | External DNS Helm Configuration | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies used for the add-on service account. | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | [Deprecated - use `route53_zone_arns`] Determines if referenced Route53 hosted zone is private. | `bool` | `false` | no |
-| <a name="input_route53_zone_arns"></a> [route53\_zone\_arns](#input\_route53\_zone\_arns) | List of Route53 zones ARNs which external-dns will have access to create/manage records | `list(string)` | `[]` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with GitOps |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/external-dns/data.tf b/modules/kubernetes-addons/external-dns/data.tf
deleted file mode 100644
index 436e938847..0000000000
--- a/modules/kubernetes-addons/external-dns/data.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-data "aws_iam_policy_document" "external_dns_iam_policy_document" {
-  statement {
-    effect = "Allow"
-    resources = distinct(concat(
-      [data.aws_route53_zone.selected.arn],
-      var.route53_zone_arns
-    ))
-    actions = ["route53:ChangeResourceRecordSets"]
-  }
-
-  statement {
-    effect    = "Allow"
-    resources = ["*"]
-    actions = [
-      "route53:ListHostedZones",
-      "route53:ListResourceRecordSets",
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/external-dns/main.tf b/modules/kubernetes-addons/external-dns/main.tf
deleted file mode 100644
index 7f4eaab0a4..0000000000
--- a/modules/kubernetes-addons/external-dns/main.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-locals {
-  name            = try(var.helm_config.name, "external-dns")
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  argocd_gitops_config = merge(
-    {
-      enable             = true
-      serviceAccountName = local.service_account
-    },
-    var.helm_config
-  )
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/bitnami/charts/blob/main/bitnami/external-dns/Chart.yaml
-  helm_config = merge(
-    {
-      description = "ExternalDNS Helm Chart"
-      name        = local.name
-      chart       = local.name
-      repository  = "https://charts.bitnami.com/bitnami"
-      version     = "6.11.2"
-      namespace   = local.name
-      values = [
-        <<-EOT
-          provider: aws
-          aws:
-            region: ${var.addon_context.aws_region_name}
-        EOT
-      ]
-    },
-    var.helm_config
-  )
-
-  set_values = concat(
-    [
-      {
-        name  = "serviceAccount.name"
-        value = local.service_account
-      },
-      {
-        name  = "serviceAccount.create"
-        value = false
-      }
-    ],
-    try(var.helm_config.set_values, [])
-  )
-
-  irsa_config = {
-    create_kubernetes_namespace         = try(var.helm_config.create_namespace, true)
-    kubernetes_namespace                = try(var.helm_config.namespace, local.name)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = local.service_account
-    irsa_iam_policies                   = concat([aws_iam_policy.external_dns.arn], var.irsa_policies)
-  }
-
-  addon_context     = var.addon_context
-  manage_via_gitops = var.manage_via_gitops
-}
-
-#------------------------------------
-# IAM Policy
-#------------------------------------
-
-resource "aws_iam_policy" "external_dns" {
-  description = "External DNS IAM policy."
-  name        = "${var.addon_context.eks_cluster_id}-${local.name}-irsa"
-  path        = var.addon_context.irsa_iam_role_path
-  policy      = data.aws_iam_policy_document.external_dns_iam_policy_document.json
-  tags        = var.addon_context.tags
-}
-
-# TODO - remove at next breaking change
-data "aws_route53_zone" "selected" {
-  name         = var.domain_name
-  private_zone = var.private_zone
-}
diff --git a/modules/kubernetes-addons/external-dns/outputs.tf b/modules/kubernetes-addons/external-dns/outputs.tf
deleted file mode 100644
index daef755d44..0000000000
--- a/modules/kubernetes-addons/external-dns/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with GitOps"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/external-dns/variables.tf b/modules/kubernetes-addons/external-dns/variables.tf
deleted file mode 100644
index 04353c13f7..0000000000
--- a/modules/kubernetes-addons/external-dns/variables.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-variable "helm_config" {
-  description = "External DNS Helm Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies used for the add-on service account."
-  type        = list(string)
-  default     = []
-}
-
-variable "domain_name" {
-  description = "[Deprecated - use `route53_zone_arns`] Domain name of the Route53 hosted zone to use with External DNS."
-  type        = string
-}
-
-variable "private_zone" {
-  description = "[Deprecated - use `route53_zone_arns`] Determines if referenced Route53 hosted zone is private."
-  type        = bool
-  default     = false
-}
-
-variable "route53_zone_arns" {
-  description = "List of Route53 zones ARNs which external-dns will have access to create/manage records"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/external-dns/versions.tf b/modules/kubernetes-addons/external-dns/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/external-dns/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/external-secrets/README.md b/modules/kubernetes-addons/external-secrets/README.md
deleted file mode 100644
index 1201ffd525..0000000000
--- a/modules/kubernetes-addons/external-secrets/README.md
+++ /dev/null
@@ -1,52 +0,0 @@
-# External Secrets Operator
-
-External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.external_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.external_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_external_secrets_secrets_manager_arns"></a> [external\_secrets\_secrets\_manager\_arns](#input\_external\_secrets\_secrets\_manager\_arns) | List of Secrets Manager ARNs that contain secrets to mount using External Secrets | `list(string)` | `[]` | no |
-| <a name="input_external_secrets_ssm_parameter_arns"></a> [external\_secrets\_ssm\_parameter\_arns](#input\_external\_secrets\_ssm\_parameter\_arns) | List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets | `list(string)` | `[]` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for External Secrets Operator | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/external-secrets/data.tf b/modules/kubernetes-addons/external-secrets/data.tf
deleted file mode 100644
index 4b381acf84..0000000000
--- a/modules/kubernetes-addons/external-secrets/data.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-data "aws_iam_policy_document" "external_secrets" {
-  statement {
-    actions = ["ssm:GetParameter"]
-    resources = concat(
-      var.external_secrets_ssm_parameter_arns,
-      ["arn:${var.addon_context.aws_partition_id}:ssm:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:parameter/*"]
-    )
-  }
-
-  statement {
-    actions = [
-      "secretsmanager:GetResourcePolicy",
-      "secretsmanager:GetSecretValue",
-      "secretsmanager:DescribeSecret",
-      "secretsmanager:ListSecretVersionIds",
-    ]
-    resources = concat(
-      var.external_secrets_secrets_manager_arns,
-      ["arn:${var.addon_context.aws_partition_id}:secretsmanager:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:secret:*"]
-    )
-  }
-}
diff --git a/modules/kubernetes-addons/external-secrets/locals.tf b/modules/kubernetes-addons/external-secrets/locals.tf
deleted file mode 100644
index dd7db9c2e4..0000000000
--- a/modules/kubernetes-addons/external-secrets/locals.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-locals {
-  name            = "external-secrets"
-  service_account = try(var.helm_config.service_account, "${local.name}-sa")
-
-  # https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://charts.external-secrets.io/"
-      version     = "0.6.0"
-      namespace   = local.name
-      description = "The External Secrets Operator Helm chart default configuration"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    },
-    {
-      name  = "webhook.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "webhook.serviceAccount.create"
-      value = false
-    },
-    {
-      name  = "certController.serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "certController.serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.external_secrets.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/external-secrets/main.tf b/modules/kubernetes-addons/external-secrets/main.tf
deleted file mode 100644
index 3e5168de94..0000000000
--- a/modules/kubernetes-addons/external-secrets/main.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "external_secrets" {
-  name        = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa"
-  path        = var.addon_context.irsa_iam_role_path
-  description = "Provides permissions to for External Secrets to retrieve secrets from AWS SSM and AWS Secrets Manager"
-  policy      = data.aws_iam_policy_document.external_secrets.json
-}
diff --git a/modules/kubernetes-addons/external-secrets/outputs.tf b/modules/kubernetes-addons/external-secrets/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/external-secrets/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/external-secrets/variables.tf b/modules/kubernetes-addons/external-secrets/variables.tf
deleted file mode 100644
index f5a78723de..0000000000
--- a/modules/kubernetes-addons/external-secrets/variables.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-variable "helm_config" {
-  type        = any
-  description = "Helm provider config for External Secrets Operator"
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  type        = bool
-  default     = false
-  description = "Determines if the add-on should be managed via GitOps"
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "external_secrets_ssm_parameter_arns" {
-  description = "List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = []
-}
-
-variable "external_secrets_secrets_manager_arns" {
-  description = "List of Secrets Manager ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = []
-}
diff --git a/modules/kubernetes-addons/external-secrets/versions.tf b/modules/kubernetes-addons/external-secrets/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/external-secrets/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/fargate-fluentbit/README.md b/modules/kubernetes-addons/fargate-fluentbit/README.md
deleted file mode 100644
index 4240de0608..0000000000
--- a/modules/kubernetes-addons/fargate-fluentbit/README.md
+++ /dev/null
@@ -1,98 +0,0 @@
-# Fargate Fluent Bit Logger
-
-Amazon EKS on Fargate offers a built-in log router based on Fluent Bit.
-This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you.
-All that you have to do is configure the log router.
-The configuration happens through a dedicated ConfigMap that must meet the following criteria:
-
-Named `aws-logging`
-
-Created in a dedicated namespace called `aws-observability`
-
-Once you've created the ConfigMap, Amazon EKS on Fargate automatically detects it and configures the log router with it.
-Fargate uses a version of AWS for Fluent Bit, an upstream compliant distribution of Fluent Bit managed by AWS.
-For more information, see AWS for Fluent Bit on GitHub.
-
-The log router allows you to use the breadth of services at AWS for log analytics and storage.
-You can stream logs from Fargate directly to `Amazon CloudWatch`, `Amazon OpenSearch Service`.
-You can also stream logs to destinations such as `Amazon S3`, `Amazon Kinesis Data Streams`, and partner tools through Amazon Kinesis Data Firehose.
-
-## Fluent Bit CloudWatch Config
-
-Please find the updated configuration from [AWS Docs](https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html)
-
-```hcl
-  #---------------------------------------
-  # FARGATE FLUENTBIT
-  #---------------------------------------
-  fargate_fluentbit_enable = true
-
-  fargate_fluentbit_config = {
-      output_conf  = <<EOF
-[OUTPUT]
-  Name cloudwatch_logs
-  Match *
-  region eu-west-1
-  log_group_name /${local.eks_cluster_id}/fargate-fluentbit-logs
-  log_stream_prefix "fargate-logs-"
-  auto_create_group true
-    EOF
-      filters_conf = <<EOF
-[FILTER]
-  Name parser
-  Match *
-  Key_Name log
-  Parser regex
-  Preserve_Key True
-  Reserve_Data True
-    EOF
-      parsers_conf = <<EOF
-[PARSER]
-  Name regex
-  Format regex
-  Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
-  Time_Key time
-  Time_Format %Y-%m-%dT%H:%M:%S.%L%z
-  Time_Keep On
-  Decode_Field_As json message
-    EOF
-  flb_log_cw: true
-  }
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_config_map.aws_logging](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
-| [kubernetes_namespace.aws_observability](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Fargate fluentbit configuration | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-
-## Outputs
-
-No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/fargate-fluentbit/locals.tf b/modules/kubernetes-addons/fargate-fluentbit/locals.tf
deleted file mode 100644
index 281f71cce0..0000000000
--- a/modules/kubernetes-addons/fargate-fluentbit/locals.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-locals {
-
-  cwlog_group         = "/${var.addon_context.eks_cluster_id}/fargate-fluentbit-logs"
-  cwlog_stream_prefix = "fargate-logs-"
-
-  default_config = {
-    output_conf  = <<-EOF
-    [OUTPUT]
-      Name cloudwatch_logs
-      Match *
-      region ${var.addon_context.aws_region_name}
-      log_group_name ${local.cwlog_group}
-      log_stream_prefix ${local.cwlog_stream_prefix}
-      auto_create_group true
-    EOF
-    filters_conf = <<-EOF
-    [FILTER]
-      Name parser
-      Match *
-      Key_Name log
-      Parser regex
-      Preserve_Key True
-      Reserve_Data True
-    EOF
-    parsers_conf = <<-EOF
-    [PARSER]
-      Name regex
-      Format regex
-      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
-      Time_Key time
-      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
-      Time_Keep On
-      Decode_Field_As json message
-    EOF
-    flb_log_cw   = false
-  }
-
-  config = merge(
-    local.default_config,
-    var.addon_config
-  )
-}
diff --git a/modules/kubernetes-addons/fargate-fluentbit/main.tf b/modules/kubernetes-addons/fargate-fluentbit/main.tf
deleted file mode 100755
index 4f3e9e8508..0000000000
--- a/modules/kubernetes-addons/fargate-fluentbit/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-# Help on Fargate Logging with Fluentbit and CloudWatch
-# https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
-
-resource "kubernetes_namespace" "aws_observability" {
-  metadata {
-    name = "aws-observability"
-
-    labels = {
-      aws-observability = "enabled"
-    }
-  }
-}
-
-# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
-resource "kubernetes_config_map" "aws_logging" {
-  metadata {
-    name      = "aws-logging"
-    namespace = kubernetes_namespace.aws_observability.id
-  }
-
-  data = {
-    "parsers.conf" = local.config["parsers_conf"]
-    "filters.conf" = local.config["filters_conf"]
-    "output.conf"  = local.config["output_conf"]
-    "flb_log_cw"   = local.config["flb_log_cw"]
-  }
-}
diff --git a/modules/kubernetes-addons/fargate-fluentbit/outputs.tf b/modules/kubernetes-addons/fargate-fluentbit/outputs.tf
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/modules/kubernetes-addons/fargate-fluentbit/variables.tf b/modules/kubernetes-addons/fargate-fluentbit/variables.tf
deleted file mode 100644
index fa11b174e0..0000000000
--- a/modules/kubernetes-addons/fargate-fluentbit/variables.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-variable "addon_config" {
-  description = "Fargate fluentbit configuration"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/fargate-fluentbit/versions.tf b/modules/kubernetes-addons/fargate-fluentbit/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/fargate-fluentbit/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/gatekeeper/README.md b/modules/kubernetes-addons/gatekeeper/README.md
deleted file mode 100644
index d48e87655f..0000000000
--- a/modules/kubernetes-addons/gatekeeper/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Gatekeeper
-
-Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.
-[Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/)
-[Templates](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper/templates)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config aws-cloudwatch-metrics. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/gatekeeper/main.tf b/modules/kubernetes-addons/gatekeeper/main.tf
deleted file mode 100644
index c20e24b0cb..0000000000
--- a/modules/kubernetes-addons/gatekeeper/main.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-locals {
-  argocd_gitops_config = {
-    enable      = true
-    clusterName = var.addon_context.eks_cluster_id
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/open-policy-agent/gatekeeper/blob/master/charts/gatekeeper/Chart.yaml
-  helm_config = merge(
-    {
-      name             = "gatekeeper"
-      chart            = "gatekeeper"
-      description      = "gatekeeper Helm Chart deployment configuration"
-      repository       = "https://open-policy-agent.github.io/gatekeeper/charts"
-      version          = "3.10.0"
-      namespace        = "gatekeeper-system"
-      create_namespace = true
-      values = [
-        <<-EOT
-          clusterName: ${var.addon_context.eks_cluster_id}
-        EOT
-      ]
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/gatekeeper/outputs.tf b/modules/kubernetes-addons/gatekeeper/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/gatekeeper/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/gatekeeper/variables.tf b/modules/kubernetes-addons/gatekeeper/variables.tf
deleted file mode 100644
index 16d3b459f8..0000000000
--- a/modules/kubernetes-addons/gatekeeper/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config aws-cloudwatch-metrics."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/gatekeeper/versions.tf b/modules/kubernetes-addons/gatekeeper/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/gatekeeper/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/grafana/README.md b/modules/kubernetes-addons/grafana/README.md
deleted file mode 100644
index c92c224edd..0000000000
--- a/modules/kubernetes-addons/grafana/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# Grafana Helm Chart
-
-This add-on configures [Grafana Helm Chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Grafana. | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/grafana/data.tf b/modules/kubernetes-addons/grafana/data.tf
deleted file mode 100644
index dd6cf15d79..0000000000
--- a/modules/kubernetes-addons/grafana/data.tf
+++ /dev/null
@@ -1,87 +0,0 @@
-data "aws_iam_policy_document" "this" {
-  statement {
-    sid       = "AllowReadingMetricsFromCloudWatch"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "cloudwatch:DescribeAlarmsForMetric",
-      "cloudwatch:ListMetrics",
-      "cloudwatch:GetMetricData",
-      "cloudwatch:GetMetricStatistics"
-    ]
-  }
-
-  statement {
-    sid       = "AllowGetInsightsCloudWatch"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:cloudwatch:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:insight-rule/*"]
-
-    actions = [
-      "cloudwatch:GetInsightRuleReport",
-    ]
-  }
-
-  statement {
-    sid       = "AllowReadingAlarmHistoryFromCloudWatch"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:cloudwatch:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:alarm:*"]
-
-    actions = [
-      "cloudwatch:DescribeAlarmHistory",
-      "cloudwatch:DescribeAlarms",
-    ]
-  }
-
-  statement {
-    sid       = "AllowReadingLogsFromCloudWatch"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:logs:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:log-group:*:log-stream:*"]
-
-    actions = [
-      "logs:DescribeLogGroups",
-      "logs:GetLogGroupFields",
-      "logs:StartQuery",
-      "logs:StopQuery",
-      "logs:GetQueryResults",
-      "logs:GetLogEvents",
-    ]
-  }
-
-  statement {
-    sid       = "AllowReadingTagsInstancesRegionsFromEC2"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeTags",
-      "ec2:DescribeInstances",
-      "ec2:DescribeRegions",
-    ]
-  }
-
-  statement {
-    sid       = "AllowReadingResourcesForTags"
-    effect    = "Allow"
-    resources = ["*"]
-    actions   = ["tag:GetResources"]
-  }
-
-  statement {
-    sid    = "AllowListApsWorkspaces"
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:/*",
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*",
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*/*",
-    ]
-    actions = [
-      "aps:ListWorkspaces",
-      "aps:DescribeWorkspace",
-      "aps:GetMetricMetadata",
-      "aps:GetSeries",
-      "aps:QueryMetrics",
-    ]
-  }
-
-}
diff --git a/modules/kubernetes-addons/grafana/locals.tf b/modules/kubernetes-addons/grafana/locals.tf
deleted file mode 100644
index c95b801ab9..0000000000
--- a/modules/kubernetes-addons/grafana/locals.tf
+++ /dev/null
@@ -1,49 +0,0 @@
-locals {
-  name = "grafana"
-
-  # https://github.com/grafana/helm-charts/blob/main/charts/grafana/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://grafana.github.io/helm-charts"
-    version     = "6.43.1"
-    namespace   = local.name
-    values      = local.default_helm_values
-    description = "Grafana Helm Chart deployment configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    operating_system = "linux"
-    region           = var.addon_context.aws_region_name
-  })]
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.name
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    create_kubernetes_namespace         = try(local.helm_config.create_namespace, true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.grafana.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.name
-  }
-}
diff --git a/modules/kubernetes-addons/grafana/main.tf b/modules/kubernetes-addons/grafana/main.tf
deleted file mode 100644
index ae9b324045..0000000000
--- a/modules/kubernetes-addons/grafana/main.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "grafana" {
-  description = "IAM policy for Grafana Pod"
-  name        = "${var.addon_context.eks_cluster_id}-grafana"
-  path        = var.addon_context.irsa_iam_role_path
-  policy      = data.aws_iam_policy_document.this.json
-}
diff --git a/modules/kubernetes-addons/grafana/outputs.tf b/modules/kubernetes-addons/grafana/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/grafana/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/grafana/values.yaml b/modules/kubernetes-addons/grafana/values.yaml
deleted file mode 100644
index 02b563061e..0000000000
--- a/modules/kubernetes-addons/grafana/values.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-#Enabling IRSA module for extending the data sources to CloudWatch
-serviceAccount:
-  create: false
-
-resources:
-  limits:
-    cpu: 200m
-    memory: 512Mi
-  requests:
-    cpu: 200m
-    memory: 512Mi
-
-autoscaling:
-  enabled: true
-  minReplicas: 1
-  maxReplicas: 10
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      targetAverageUtilization: 60
-  - type: Resource
-    resource:
-      name: memory
-      targetAverageUtilization: 60
-
-nodeSelector:
-  kubernetes.io/os: ${operating_system}
-
-
-adminUser: admin
-# Set this password using set_sensitive values
-#adminPassword:
-
-persistence:
-  type: pvc
-  enabled: true
-  storageClassName: gp2
-  accessModes:
-    - ReadWriteOnce
-  size: 50Gi
-
-datasources:
-  datasources.yaml:
-    apiVersion: 1
-    datasources:
-    - name: Prometheus
-      type: prometheus
-      url: http://prometheus-server.prometheus.svc.cluster.local
-      access: proxy
-      isDefault: true
-    - name: CloudWatch
-      type: cloudwatch
-      access: proxy
-      uid: cloudwatch
-      editable: false
-      jsonData:
-        authType: default
-        defaultRegion: ${region}
diff --git a/modules/kubernetes-addons/grafana/variables.tf b/modules/kubernetes-addons/grafana/variables.tf
deleted file mode 100644
index 576a5a956d..0000000000
--- a/modules/kubernetes-addons/grafana/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Grafana."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/grafana/versions.tf b/modules/kubernetes-addons/grafana/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/grafana/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/helm-addon/README.md b/modules/kubernetes-addons/helm-addon/README.md
deleted file mode 100644
index 450840992d..0000000000
--- a/modules/kubernetes-addons/helm-addon/README.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# Helm AddOn
-
-## Introduction
-
-Helm Addon module can be used to provision a generic Helm Chart as an Add-On for an EKS cluster provisioned using the EKS Blueprints. This module does the following:
-
-1. Create an IAM role for Service Accounts with the provided configuration for the [`irsa`](./../../irsa) module.
-2. If `manage_via_gitops` is set to `false`, provision the helm chart for the add-on based on the configuration provided for the `helm_config` as defined in the [helm provider](https://registry.terraform.io/providers/hashicorp/helm/latest/docs) documentation.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.4.1 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_irsa"></a> [irsa](#module\_irsa) | ../../irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [helm_release.addon](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | `any` | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs | `any` | n/a | yes |
-| <a name="input_irsa_config"></a> [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | `any` | `{}` | no |
-| <a name="input_irsa_iam_role_name"></a> [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-| <a name="input_set_sensitive_values"></a> [set\_sensitive\_values](#input\_set\_sensitive\_values) | Forced set\_sensitive values | `any` | `[]` | no |
-| <a name="input_set_values"></a> [set\_values](#input\_set\_values) | Forced set values | `any` | `[]` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_helm_release"></a> [helm\_release](#output\_helm\_release) | Map of attributes of the Helm release created without sensitive outputs |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/helm-addon/main.tf b/modules/kubernetes-addons/helm-addon/main.tf
deleted file mode 100644
index 34994f7d8f..0000000000
--- a/modules/kubernetes-addons/helm-addon/main.tf
+++ /dev/null
@@ -1,81 +0,0 @@
-resource "helm_release" "addon" {
-  count                      = var.manage_via_gitops ? 0 : 1
-  name                       = var.helm_config["name"]
-  repository                 = try(var.helm_config["repository"], null)
-  chart                      = var.helm_config["chart"]
-  version                    = try(var.helm_config["version"], null)
-  timeout                    = try(var.helm_config["timeout"], 1200)
-  values                     = try(var.helm_config["values"], null)
-  create_namespace           = length(var.irsa_config) > 0 ? false : try(var.helm_config["create_namespace"], false)
-  namespace                  = var.helm_config["namespace"]
-  lint                       = try(var.helm_config["lint"], false)
-  description                = try(var.helm_config["description"], "")
-  repository_key_file        = try(var.helm_config["repository_key_file"], "")
-  repository_cert_file       = try(var.helm_config["repository_cert_file"], "")
-  repository_username        = try(var.helm_config["repository_username"], "")
-  repository_password        = try(var.helm_config["repository_password"], "")
-  verify                     = try(var.helm_config["verify"], false)
-  keyring                    = try(var.helm_config["keyring"], "")
-  disable_webhooks           = try(var.helm_config["disable_webhooks"], false)
-  reuse_values               = try(var.helm_config["reuse_values"], false)
-  reset_values               = try(var.helm_config["reset_values"], false)
-  force_update               = try(var.helm_config["force_update"], false)
-  recreate_pods              = try(var.helm_config["recreate_pods"], false)
-  cleanup_on_fail            = try(var.helm_config["cleanup_on_fail"], false)
-  max_history                = try(var.helm_config["max_history"], 0)
-  atomic                     = try(var.helm_config["atomic"], false)
-  skip_crds                  = try(var.helm_config["skip_crds"], false)
-  render_subchart_notes      = try(var.helm_config["render_subchart_notes"], true)
-  disable_openapi_validation = try(var.helm_config["disable_openapi_validation"], false)
-  wait                       = try(var.helm_config["wait"], true)
-  wait_for_jobs              = try(var.helm_config["wait_for_jobs"], false)
-  dependency_update          = try(var.helm_config["dependency_update"], false)
-  replace                    = try(var.helm_config["replace"], false)
-
-  postrender {
-    binary_path = try(var.helm_config["postrender"], "")
-  }
-
-  dynamic "set" {
-    iterator = each_item
-    for_each = try(var.helm_config["set"], null) != null ? distinct(concat(var.set_values, var.helm_config["set"])) : var.set_values
-
-    content {
-      name  = each_item.value.name
-      value = each_item.value.value
-      type  = try(each_item.value.type, null)
-    }
-  }
-
-  dynamic "set_sensitive" {
-    iterator = each_item
-    for_each = try(var.helm_config["set_sensitive"], null) != null ? concat(var.helm_config["set_sensitive"], var.set_sensitive_values) : var.set_sensitive_values
-
-    content {
-      name  = each_item.value.name
-      value = each_item.value.value
-      type  = try(each_item.value.type, null)
-    }
-  }
-  depends_on = [module.irsa]
-}
-
-module "irsa" {
-  source = "../../irsa"
-
-  count = length(var.irsa_config) > 0 ? 1 : 0
-
-  create_kubernetes_namespace         = try(var.irsa_config.create_kubernetes_namespace, true)
-  create_kubernetes_service_account   = try(var.irsa_config.create_kubernetes_service_account, true)
-  create_service_account_secret_token = try(var.irsa_config.create_service_account_secret_token, false)
-  kubernetes_namespace                = lookup(var.irsa_config, "kubernetes_namespace", "")
-  kubernetes_service_account          = lookup(var.irsa_config, "kubernetes_service_account", "")
-  kubernetes_svc_image_pull_secrets   = try(var.irsa_config.kubernetes_svc_image_pull_secrets, null)
-  irsa_iam_policies                   = lookup(var.irsa_config, "irsa_iam_policies", null)
-  irsa_iam_role_name                  = var.irsa_iam_role_name
-  irsa_iam_role_path                  = lookup(var.addon_context, "irsa_iam_role_path", null)
-  irsa_iam_permissions_boundary       = lookup(var.addon_context, "irsa_iam_permissions_boundary", null)
-  eks_cluster_id                      = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn               = var.addon_context.eks_oidc_provider_arn
-  tags                                = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/helm-addon/outputs.tf b/modules/kubernetes-addons/helm-addon/outputs.tf
deleted file mode 100644
index 97124e4a35..0000000000
--- a/modules/kubernetes-addons/helm-addon/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "helm_release" {
-  description = "Map of attributes of the Helm release created without sensitive outputs"
-  value       = try({ for k, v in helm_release.addon : k => v if k != "repository_password" }, {})
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = try(helm_release.addon[0].metadata, null)
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.irsa[0].irsa_iam_role_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.irsa[0].irsa_iam_role_name, null)
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = try(coalesce(try(module.irsa[0].service_account, null), lookup(var.irsa_config, "kubernetes_service_account", null)), null)
-}
diff --git a/modules/kubernetes-addons/helm-addon/variables.tf b/modules/kubernetes-addons/helm-addon/variables.tf
deleted file mode 100644
index d8d706e8fd..0000000000
--- a/modules/kubernetes-addons/helm-addon/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-variable "helm_config" {
-  description = "Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs"
-  type        = any
-}
-
-variable "set_values" {
-  description = "Forced set values"
-  type        = any
-  default     = []
-}
-
-variable "set_sensitive_values" {
-  description = "Forced set_sensitive values"
-  type        = any
-  default     = []
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "irsa_iam_role_name" {
-  description = "IAM role name for IRSA"
-  type        = string
-  default     = ""
-}
-
-variable "irsa_config" {
-  description = "Input configuration for IRSA module"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type        = any
-}
diff --git a/modules/kubernetes-addons/helm-addon/versions.tf b/modules/kubernetes-addons/helm-addon/versions.tf
deleted file mode 100644
index 278a4fbb4d..0000000000
--- a/modules/kubernetes-addons/helm-addon/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/ingress-nginx/README.md b/modules/kubernetes-addons/ingress-nginx/README.md
deleted file mode 100644
index 111222d0c1..0000000000
--- a/modules/kubernetes-addons/ingress-nginx/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Nginx Ingress Controller Deployment Guide
-
-## Introduction
-
-Nginx Ingress Controller is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
-For more details [Ingress-Nginx can be found here](https://kubernetes.github.io/ingress-nginx/)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Ingress NGINX Helm Configuration | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/ingress-nginx/main.tf b/modules/kubernetes-addons/ingress-nginx/main.tf
deleted file mode 100644
index 479071879f..0000000000
--- a/modules/kubernetes-addons/ingress-nginx/main.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "ingress-nginx")
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(var.helm_config.create_namespace, true) && local.namespace != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://kubernetes.github.io/ingress-nginx"
-      version     = "4.1.4"
-      namespace   = try(kubernetes_namespace_v1.this[0].metadata[0].name, local.namespace)
-      description = "The NGINX HelmChart Ingress Controller deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/ingress-nginx/outputs.tf b/modules/kubernetes-addons/ingress-nginx/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/ingress-nginx/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/ingress-nginx/variables.tf b/modules/kubernetes-addons/ingress-nginx/variables.tf
deleted file mode 100644
index 6f2901de38..0000000000
--- a/modules/kubernetes-addons/ingress-nginx/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Ingress NGINX Helm Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/ingress-nginx/versions.tf b/modules/kubernetes-addons/ingress-nginx/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/ingress-nginx/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/karpenter/README.md b/modules/kubernetes-addons/karpenter/README.md
deleted file mode 100644
index c69ad00620..0000000000
--- a/modules/kubernetes-addons/karpenter/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# Karpenter
-
-Karpenter is an open-source node provisioning project built for Kubernetes. Karpenter automatically launches just the right compute resources to handle your cluster's applications. It is designed to let you take full advantage of the cloud with fast and simple compute provisioning for Kubernetes clusters.
-
-For more details checkout [Karpenter](https://karpenter.sh/docs/getting-started/) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
-| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
-| [aws_iam_policy.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
-| [aws_sqs_queue_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
-| [aws_iam_policy_document.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_enable_spot_termination"></a> [enable\_spot\_termination](#input\_enable\_spot\_termination) | Determines whether to enable native spot termination handling | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Karpenter | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-| <a name="input_node_iam_instance_profile"></a> [node\_iam\_instance\_profile](#input\_node\_iam\_instance\_profile) | Karpenter Node IAM Instance profile id | `string` | `""` | no |
-| <a name="input_path"></a> [path](#input\_path) | Path in which to create the Karpenter policy | `string` | `"/"` | no |
-| <a name="input_rule_name_prefix"></a> [rule\_name\_prefix](#input\_rule\_name\_prefix) | Prefix used for all event bridge rules | `string` | `""` | no |
-| <a name="input_sqs_queue_kms_data_key_reuse_period_seconds"></a> [sqs\_queue\_kms\_data\_key\_reuse\_period\_seconds](#input\_sqs\_queue\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again | `number` | `null` | no |
-| <a name="input_sqs_queue_kms_master_key_id"></a> [sqs\_queue\_kms\_master\_key\_id](#input\_sqs\_queue\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | `string` | `null` | no |
-| <a name="input_sqs_queue_managed_sse_enabled"></a> [sqs\_queue\_managed\_sse\_enabled](#input\_sqs\_queue\_managed\_sse\_enabled) | Enable server-side encryption (SSE) for a SQS queue | `bool` | `true` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_event_rules"></a> [event\_rules](#output\_event\_rules) | Map of the event rules created and their attributes |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-| <a name="output_sqs_queue_arn"></a> [sqs\_queue\_arn](#output\_sqs\_queue\_arn) | The ARN of the SQS queue |
-| <a name="output_sqs_queue_name"></a> [sqs\_queue\_name](#output\_sqs\_queue\_name) | The name of the created Amazon SQS queue |
-| <a name="output_sqs_queue_url"></a> [sqs\_queue\_url](#output\_sqs\_queue\_url) | The URL for the created Amazon SQS queue |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/karpenter/data.tf b/modules/kubernetes-addons/karpenter/data.tf
deleted file mode 100644
index e13812016a..0000000000
--- a/modules/kubernetes-addons/karpenter/data.tf
+++ /dev/null
@@ -1,117 +0,0 @@
-data "aws_partition" "current" {}
-
-data "aws_iam_policy_document" "karpenter" {
-  statement {
-    sid       = "AllowEc2DescribeActions"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "ec2:DescribeAvailabilityZones",
-      "ec2:DescribeImages",
-      "ec2:DescribeInstances",
-      "ec2:DescribeInstanceTypeOfferings",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeLaunchTemplates",
-      "ec2:DescribeSecurityGroups",
-      "ec2:DescribeSpotPriceHistory",
-      "ec2:DescribeSubnets",
-    ]
-  }
-
-  statement {
-    sid    = "AllowEc2Actions"
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:*",
-      "arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}::image/*"
-    ]
-
-    actions = [
-      "ec2:CreateFleet",
-      "ec2:CreateLaunchTemplate",
-      "ec2:CreateTags",
-      "ec2:DeleteLaunchTemplate",
-      "ec2:RunInstances"
-    ]
-  }
-
-  statement {
-    sid       = "AllowPassRole"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:iam::${var.addon_context.aws_caller_identity_account_id}:role/*"]
-
-    actions = [
-      "iam:PassRole",
-    ]
-  }
-
-  statement {
-    sid       = "AllowGetPrice"
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "pricing:GetProducts",
-    ]
-  }
-
-  statement {
-    sid       = "AllowGetParameters"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:ssm:${var.addon_context.aws_region_name}::parameter/*"]
-
-    actions = [
-      "ssm:GetParameter",
-    ]
-  }
-
-  statement {
-    actions   = ["eks:DescribeCluster"]
-    resources = ["arn:${var.addon_context.aws_partition_id}:eks:*:${var.addon_context.aws_caller_identity_account_id}:cluster/${var.addon_context.eks_cluster_id}"]
-  }
-
-  statement {
-    sid       = "ConditionalEC2Termination"
-    effect    = "Allow"
-    resources = ["arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:instance/*"]
-    actions   = ["ec2:TerminateInstances"]
-
-    condition {
-      test     = "StringLike"
-      variable = "ec2:ResourceTag/Name"
-      values   = ["*karpenter*"]
-    }
-  }
-
-  dynamic "statement" {
-    for_each = var.enable_spot_termination ? [1] : []
-
-    content {
-      actions = [
-        "sqs:DeleteMessage",
-        "sqs:GetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:ReceiveMessage",
-      ]
-      resources = [aws_sqs_queue.this[0].arn]
-    }
-  }
-}
-
-data "aws_iam_policy_document" "sqs_queue" {
-  count = var.enable_spot_termination ? 1 : 0
-
-  statement {
-    sid     = "SqsWrite"
-    actions = ["sqs:SendMessage"]
-    principals {
-      type = "Service"
-      identifiers = [
-        "events.${local.dns_suffix}",
-        "sqs.${local.dns_suffix}"
-      ]
-    }
-    resources = [aws_sqs_queue.this[0].arn]
-  }
-}
diff --git a/modules/kubernetes-addons/karpenter/locals.tf b/modules/kubernetes-addons/karpenter/locals.tf
deleted file mode 100644
index 9b5f988529..0000000000
--- a/modules/kubernetes-addons/karpenter/locals.tf
+++ /dev/null
@@ -1,97 +0,0 @@
-locals {
-  name            = "karpenter"
-  service_account = try(var.helm_config.service_account, "karpenter")
-  set_values = [{
-    name  = "serviceAccount.name"
-    value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  # https://github.com/aws/karpenter/blob/main/charts/karpenter/Chart.yaml
-  helm_config = merge(
-    {
-      name       = local.name
-      chart      = local.name
-      repository = "oci://public.ecr.aws/karpenter"
-      version    = "v0.27.3"
-      namespace  = local.name
-      values = [
-        <<-EOT
-          settings:
-            aws:
-              clusterName: ${var.addon_context.eks_cluster_id}
-              clusterEndpoint: ${var.addon_context.aws_eks_cluster_endpoint}
-              defaultInstanceProfile: ${var.node_iam_instance_profile}
-              interruptionQueueName: ${try(aws_sqs_queue.this[0].name, "")}
-        EOT
-      ]
-      description = "karpenter Helm Chart for Node Autoscaling"
-    },
-    var.helm_config
-  )
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.karpenter.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable                    = true
-    serviceAccountName        = local.service_account
-    controllerClusterEndpoint = var.addon_context.aws_eks_cluster_endpoint
-    awsDefaultInstanceProfile = var.node_iam_instance_profile
-    awsInterruptionQueueName  = try(aws_sqs_queue.this[0].name, "")
-  }
-
-  dns_suffix = data.aws_partition.current.dns_suffix
-
-  # Karpenter Spot Interruption Event rules
-  event_rules = {
-    health_event = {
-      name        = "HealthEvent"
-      description = "Karpenter Interrupt - AWS health event for EC2"
-      event_pattern = {
-        source      = ["aws.health"]
-        detail-type = ["AWS Health Event"]
-        detail = {
-          service = ["EC2"]
-        }
-      }
-    }
-    spot_interupt = {
-      name        = "SpotInterrupt"
-      description = "Karpenter Interrupt - A spot interruption warning was triggered for the node"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Spot Instance Interruption Warning"]
-      }
-    }
-    instance_rebalance = {
-      name        = "InstanceRebalance"
-      description = "Karpenter Interrupt - A spot rebalance recommendation was triggered for the node"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Instance Rebalance Recommendation"]
-      }
-    }
-    instance_state_change = {
-      name        = "InstanceStateChange"
-      description = "Karpenter interrupt - EC2 instance state-change notification"
-      event_pattern = {
-        source      = ["aws.ec2"]
-        detail-type = ["EC2 Instance State-change Notification"]
-        detail = {
-          state = ["stopping", "terminated", "shutting-down", "stopped"] #ignored pending and running
-        }
-      }
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/karpenter/main.tf b/modules/kubernetes-addons/karpenter/main.tf
deleted file mode 100644
index a9f94efa2e..0000000000
--- a/modules/kubernetes-addons/karpenter/main.tf
+++ /dev/null
@@ -1,55 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  set_values        = local.set_values
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "karpenter" {
-  name        = "${var.addon_context.eks_cluster_id}-karpenter"
-  description = "IAM Policy for Karpenter"
-  policy      = data.aws_iam_policy_document.karpenter.json
-  path        = var.path
-}
-
-#tfsec:ignore:aws-sqs-enable-queue-encryption
-resource "aws_sqs_queue" "this" {
-  count = var.enable_spot_termination ? 1 : 0
-
-  name                              = "karpenter-${var.addon_context.eks_cluster_id}"
-  message_retention_seconds         = 300
-  sqs_managed_sse_enabled           = var.sqs_queue_managed_sse_enabled
-  kms_master_key_id                 = var.sqs_queue_kms_master_key_id
-  kms_data_key_reuse_period_seconds = var.sqs_queue_kms_data_key_reuse_period_seconds
-
-  tags = var.addon_context.tags
-}
-
-resource "aws_sqs_queue_policy" "this" {
-  count = var.enable_spot_termination ? 1 : 0
-
-  queue_url = aws_sqs_queue.this[0].id
-  policy    = data.aws_iam_policy_document.sqs_queue[0].json
-}
-
-resource "aws_cloudwatch_event_rule" "this" {
-  for_each = { for k, v in local.event_rules : k => v if var.enable_spot_termination }
-
-  name_prefix   = "${var.rule_name_prefix}${each.value.name}-"
-  description   = each.value.description
-  event_pattern = jsonencode(each.value.event_pattern)
-  tags = merge(
-    { "ClusterName" : var.addon_context.eks_cluster_id },
-    var.addon_context.tags,
-  )
-}
-
-resource "aws_cloudwatch_event_target" "this" {
-  for_each = { for k, v in local.event_rules : k => v if var.enable_spot_termination }
-
-  rule      = aws_cloudwatch_event_rule.this[each.key].name
-  arn       = aws_sqs_queue.this[0].arn
-  target_id = "KarpenterInterruptionQueueTarget"
-}
diff --git a/modules/kubernetes-addons/karpenter/outputs.tf b/modules/kubernetes-addons/karpenter/outputs.tf
deleted file mode 100644
index f93e8a3350..0000000000
--- a/modules/kubernetes-addons/karpenter/outputs.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
-
-output "sqs_queue_arn" {
-  description = "The ARN of the SQS queue"
-  value       = try(aws_sqs_queue.this[0].arn, null)
-}
-
-output "sqs_queue_name" {
-  description = "The name of the created Amazon SQS queue"
-  value       = try(aws_sqs_queue.this[0].name, null)
-}
-
-output "sqs_queue_url" {
-  description = "The URL for the created Amazon SQS queue"
-  value       = try(aws_sqs_queue.this[0].url, null)
-}
-
-output "event_rules" {
-  description = "Map of the event rules created and their attributes"
-  value       = aws_cloudwatch_event_rule.this
-}
diff --git a/modules/kubernetes-addons/karpenter/variables.tf b/modules/kubernetes-addons/karpenter/variables.tf
deleted file mode 100644
index c9a7504286..0000000000
--- a/modules/kubernetes-addons/karpenter/variables.tf
+++ /dev/null
@@ -1,81 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the Karpenter"
-  type        = any
-  default     = {}
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "node_iam_instance_profile" {
-  description = "Karpenter Node IAM Instance profile id"
-  type        = string
-  default     = ""
-}
-
-variable "enable_spot_termination" {
-  description = "Determines whether to enable native spot termination handling"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "path" {
-  description = "Path in which to create the Karpenter policy"
-  type        = string
-  default     = "/"
-}
-
-variable "sqs_queue_managed_sse_enabled" {
-  description = "Enable server-side encryption (SSE) for a SQS queue"
-  type        = bool
-  default     = true
-}
-
-variable "sqs_queue_kms_master_key_id" {
-  description = "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
-  type        = string
-  default     = null
-}
-
-variable "sqs_queue_kms_data_key_reuse_period_seconds" {
-  description = "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again"
-  type        = number
-  default     = null
-}
-
-variable "rule_name_prefix" {
-  description = "Prefix used for all event bridge rules"
-  type        = string
-  default     = ""
-
-  validation {
-    condition     = length(var.rule_name_prefix) <= 14
-    error_message = "Maximum input length exceeded. Please enter no more than 14 characters."
-  }
-}
diff --git a/modules/kubernetes-addons/karpenter/versions.tf b/modules/kubernetes-addons/karpenter/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/karpenter/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/keda/README.md b/modules/kubernetes-addons/keda/README.md
deleted file mode 100644
index c5a0606f0c..0000000000
--- a/modules/kubernetes-addons/keda/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
-# KEDA Helm Chart
-
-## What is Keda
-
-[KEDA](https://keda.sh/) is a Kubernetes-based Event Driven Autoscaler. With KEDA, you can drive the scaling of any container in Kubernetes based on the number of events needing to be processed.
-
-KEDA is a single-purpose and lightweight component that can be added into any Kubernetes cluster. KEDA works alongside standard Kubernetes components like the [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) and can extend functionality without overwriting or duplication. With KEDA you can explicitly map the apps you want to use event-driven scale, with other apps continuing to function. This makes KEDA a flexible and safe option to run alongside any number of any other Kubernetes applications or frameworks
-
-## WARNING
-
-Sometimes kubernetes namespace `keda-ns` created by this helm chart failed to delete due to the [defect](https://github.com/kedacore/keda/issues/1231)
-
-Workaround is to run the following command manually to clean up the namespace and rerun the `terraform apply`
-
-```sh
-kubectl delete apiservice v1beta1.external.metrics.k8s.io
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.keda_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.keda_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the KEDA | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | IAM Policy ARN list for any IRSA policies | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/keda/data.tf b/modules/kubernetes-addons/keda/data.tf
deleted file mode 100644
index f87fa30c25..0000000000
--- a/modules/kubernetes-addons/keda/data.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-data "aws_iam_policy_document" "keda_irsa" {
-  statement {
-    effect = "Allow"
-
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:cloudwatch:*:${var.addon_context.aws_caller_identity_account_id}:metric-stream/*",
-      "arn:${var.addon_context.aws_partition_id}:sqs:*:${var.addon_context.aws_caller_identity_account_id}:*",
-    ]
-
-    actions = [
-      "cloudwatch:DescribeAlarmHistory",
-      "cloudwatch:DescribeAlarms",
-      "cloudwatch:GetDashboard",
-      "cloudwatch:GetInsightRuleReport",
-      "cloudwatch:GetMetricStream",
-      "cloudwatch:ListTagsForResource",
-      "sqs:GetQueueAttributes",
-      "sqs:GetQueueUrl",
-      "sqs:ListDeadLetterSourceQueues",
-      "sqs:ListQueueTags",
-      "sqs:ReceiveMessage",
-    ]
-  }
-
-  statement {
-    sid       = ""
-    effect    = "Allow"
-    resources = ["*"]
-
-    actions = [
-      "cloudwatch:DescribeAlarmsForMetric",
-      "cloudwatch:DescribeAnomalyDetectors",
-      "cloudwatch:DescribeInsightRules",
-      "cloudwatch:GetMetricData",
-      "cloudwatch:GetMetricStatistics",
-      "cloudwatch:GetMetricWidgetImage",
-      "cloudwatch:ListDashboards",
-      "cloudwatch:ListMetrics",
-      "cloudwatch:ListMetricStreams",
-      "sqs:ListQueues",
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/keda/locals.tf b/modules/kubernetes-addons/keda/locals.tf
deleted file mode 100644
index c59317a69f..0000000000
--- a/modules/kubernetes-addons/keda/locals.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-locals {
-  name            = "keda"
-  service_account = try(var.helm_config.service_account, "keda-operator-sa")
-
-  # https://github.com/kedacore/charts/blob/main/keda/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://kedacore.github.io/charts"
-      version     = "2.8.2"
-      namespace   = local.name
-      description = "Keda Event-based autoscaler for workloads on Kubernetes"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.name"
-      value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = concat([aws_iam_policy.keda_irsa.arn], var.irsa_policies)
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-}
diff --git a/modules/kubernetes-addons/keda/main.tf b/modules/kubernetes-addons/keda/main.tf
deleted file mode 100644
index cd0c04eeaf..0000000000
--- a/modules/kubernetes-addons/keda/main.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  set_values        = local.set_values
-  helm_config       = local.helm_config
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
-
-resource "aws_iam_policy" "keda_irsa" {
-  description = "KEDA IAM role policy for SQS and CloudWatch"
-  name        = "${var.addon_context.eks_cluster_id}-${local.helm_config["name"]}-irsa"
-  path        = var.addon_context.irsa_iam_role_path
-  policy      = data.aws_iam_policy_document.keda_irsa.json
-  tags        = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/keda/outputs.tf b/modules/kubernetes-addons/keda/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/keda/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/keda/values.yaml b/modules/kubernetes-addons/keda/values.yaml
deleted file mode 100644
index e9b4bd4924..0000000000
--- a/modules/kubernetes-addons/keda/values.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-resources:
-  limits:
-    cpu: 1
-    memory: 1000Mi
-  requests:
-    cpu: 100m
-    memory: 100Mi
-
-nodeSelector:
-  kubernetes.io/os: linux
diff --git a/modules/kubernetes-addons/keda/variables.tf b/modules/kubernetes-addons/keda/variables.tf
deleted file mode 100644
index 98cab95877..0000000000
--- a/modules/kubernetes-addons/keda/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the KEDA"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "IAM Policy ARN list for any IRSA policies"
-  type        = list(string)
-  default     = []
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/keda/versions.tf b/modules/kubernetes-addons/keda/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/keda/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/README.md b/modules/kubernetes-addons/kube-prometheus-stack/README.md
deleted file mode 100644
index 5414d38fa5..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# kube-prometheus-stack Helm Chart
-
-## Introduction
-
-[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) is a a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
-
-The default values.yaml file in this add-on has disabled the components that are unreachable in EKS environments, and an EBS Volume for Persistent Storage.
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/main.tf b/modules/kubernetes-addons/kube-prometheus-stack/main.tf
deleted file mode 100644
index 952033c1ab..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/main.tf
+++ /dev/null
@@ -1,36 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "kube-prometheus-stack")
-  namespace = try(var.helm_config.namespace, local.name)
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
-
-resource "kubernetes_namespace_v1" "prometheus" {
-  metadata {
-    name = local.namespace
-  }
-}
-
-# https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml
-module "helm_addon" {
-  source = "../helm-addon"
-
-  helm_config = merge(
-    {
-      name       = local.name
-      chart      = local.name
-      repository = "https://prometheus-community.github.io/helm-charts"
-      version    = "41.6.1"
-      namespace  = kubernetes_namespace_v1.prometheus.metadata[0].name
-      values = [templatefile("${path.module}/values.yaml", {
-        aws_region = var.addon_context.aws_region_name
-      })]
-      description = "kube-prometheus-stack helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf b/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf
deleted file mode 100644
index ff1721e63e..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
-
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/values.yaml b/modules/kubernetes-addons/kube-prometheus-stack/values.yaml
deleted file mode 100644
index 2ad90239dd..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/values.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# Create default rules for monitoring the cluster
-# Disable rules for unreachable components
-defaultRules:
-  create: true
-  rules:
-    etcd: false
-    kubeScheduler: false
-
-# Disable component scraping for the kube controller manager, etcd, and kube-scheduler
-# These components are not reachable on EKS
-kubeControllerManager:
-  enabled: false
-kubeEtcd:
-  enabled: false
-kubeScheduler:
-  enabled: false
-
-prometheus:
-  prometheusSpec:
-    # Prometheus StorageSpec for persistent data on AWS EBS
-    # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
-    storageSpec:
-     volumeClaimTemplate:
-       spec:
-         storageClassName: gp2
-         accessModes: ["ReadWriteOnce"]
-         resources:
-           requests:
-             storage: 20Gi
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/variables.tf b/modules/kubernetes-addons/kube-prometheus-stack/variables.tf
deleted file mode 100644
index caef817986..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for kube-prometheus-stack"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/versions.tf b/modules/kubernetes-addons/kube-prometheus-stack/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/kube-prometheus-stack/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/kube-state-metrics/README.md b/modules/kubernetes-addons/kube-state-metrics/README.md
deleted file mode 100644
index f710ca09fd..0000000000
--- a/modules/kubernetes-addons/kube-state-metrics/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Kube State Metrics Helm Chart
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Kube State Metrics | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/kube-state-metrics/main.tf b/modules/kubernetes-addons/kube-state-metrics/main.tf
deleted file mode 100644
index e9c1d24148..0000000000
--- a/modules/kubernetes-addons/kube-state-metrics/main.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-locals {
-  name = "kube-state-metrics"
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics/Chart.yaml
-  helm_config = merge(
-    {
-      name             = local.name
-      chart            = local.name
-      repository       = "https://prometheus-community.github.io/helm-charts"
-      version          = "4.29.0"
-      namespace        = local.name
-      create_namespace = true
-      description      = "Kube State Metrics helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  addon_context     = var.addon_context
-  manage_via_gitops = var.manage_via_gitops
-}
diff --git a/modules/kubernetes-addons/kube-state-metrics/outputs.tf b/modules/kubernetes-addons/kube-state-metrics/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/kube-state-metrics/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/kube-state-metrics/variables.tf b/modules/kubernetes-addons/kube-state-metrics/variables.tf
deleted file mode 100644
index 3ed367ef40..0000000000
--- a/modules/kubernetes-addons/kube-state-metrics/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Kube State Metrics"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/kube-state-metrics/versions.tf b/modules/kubernetes-addons/kube-state-metrics/versions.tf
deleted file mode 100644
index 7117131f4c..0000000000
--- a/modules/kubernetes-addons/kube-state-metrics/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-}
diff --git a/modules/kubernetes-addons/kubecost/README.md b/modules/kubernetes-addons/kubecost/README.md
deleted file mode 100644
index 72f215b7ce..0000000000
--- a/modules/kubernetes-addons/kubecost/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Kubecost Helm Chart
-Kubecost provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs
-
-For more details checkout [kubecost](https://docs.aws.amazon.com/eks/latest/userguide/cost-monitoring.html) docs on AWS EKS User Guide
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for kubecost. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/kubecost/main.tf b/modules/kubernetes-addons/kubecost/main.tf
deleted file mode 100644
index 5e0e5f2084..0000000000
--- a/modules/kubernetes-addons/kubecost/main.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/kubecost/cost-analyzer-helm-chart/blob/develop/cost-analyzer/Chart.yaml
-  helm_config = merge(
-    {
-      name             = "kubecost"
-      chart            = "cost-analyzer"
-      repository       = "oci://public.ecr.aws/kubecost"
-      version          = "1.103.3"
-      namespace        = "kubecost"
-      values           = [file("${path.module}/values.yaml")]
-      create_namespace = true
-      description      = "Kubecost Helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/kubecost/outputs.tf b/modules/kubernetes-addons/kubecost/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/kubecost/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/kubecost/values.yaml b/modules/kubernetes-addons/kubecost/values.yaml
deleted file mode 100644
index 7aceaca501..0000000000
--- a/modules/kubernetes-addons/kubecost/values.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# https://github.com/kubecost/cost-analyzer-helm-chart/blob/master/cost-analyzer/values-eks-cost-monitoring.yaml
-global:
-  grafana:
-    enabled: false
-    proxy: false
-
-imageVersion: prod-1.103.3
-kubecostFrontend:
-  image: public.ecr.aws/kubecost/frontend
-
-kubecostModel:
-  image: public.ecr.aws/kubecost/cost-model
-
-kubecostMetrics:
-  emitPodAnnotations: true
-  emitNamespaceAnnotations: true
-
-prometheus:
-  server:
-    image:
-      repository: public.ecr.aws/kubecost/prometheus
-      tag: v2.35.0
-
-  configmapReload:
-    prometheus:
-      image:
-        repository: public.ecr.aws/bitnami/configmap-reload
-        tag: 0.7.1
-
-reporting:
-  productAnalytics: false
diff --git a/modules/kubernetes-addons/kubecost/variables.tf b/modules/kubernetes-addons/kubecost/variables.tf
deleted file mode 100644
index 85e2c1d8cf..0000000000
--- a/modules/kubernetes-addons/kubecost/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for kubecost."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/kubecost/versions.tf b/modules/kubernetes-addons/kubecost/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/kubecost/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/kuberay-operator/README.md b/modules/kubernetes-addons/kuberay-operator/README.md
deleted file mode 100644
index 06c8d9b41b..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# KubeRay Operator
-
-See [docs](../../../docs/add-ons/kuberay-operator.md)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_permissions_boundary  = string<br>    irsa_iam_role_path             = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for KubeRay Operator | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/Chart.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/Chart.yaml
deleted file mode 100644
index fbb732a3be..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/Chart.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v2
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: kuberay-operator
-version: 0.1.0
-icon: https://github.com/ray-project/ray/raw/master/doc/source/images/ray_header_logo.png
-type: application
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/README.md b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/README.md
deleted file mode 100644
index 0ece34d914..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# KubeRay Operator (Alpha)
-
-Kuberay-operator: A simple Helm chart
-
-Run a deployment of Ray Operator.
-
-Deploy ray operator first, then deploy ray cluster.
-
-## Helm
-
-Make sure helm version is v3+
-```console
-$ helm version
-version.BuildInfo{Version:"v3.6.2", GitCommit:"ee407bdf364942bcb8e8c665f82e15aa28009b71", GitTreeState:"dirty", GoVersion:"go1.16.5"}
-```
-
-## Installing the Chart
-
-To avoid duplicate CRD definitions in this repo, we reuse CRD config in `ray-operator`:
-```console
-$ kubectl apply -k "github.com/ray-project/kuberay/ray-operator/config/crd?ref=v0.3.0"
-```
-
-Please use command below:
-```console
-$ helm install kuberay-operator --namespace ray-system --create-namespace $(curl -s https://api.github.com/repos/ray-project/kuberay/releases/latest | grep '"browser_download_url":' | sort | grep -om1 'https.*helm-chart-kuberay-operator.*tgz')
-```
-
-## List the Chart
-
-To list the `my-release` deployment:
-
-```console
-$ helm list -n kuberay-operator
-```
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete kuberay-operator -n ray-system
-```
-
-The command removes nearly all the Kubernetes components associated with the
-chart and deletes the release.
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayclusters.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayclusters.yaml
deleted file mode 100644
index cb5045c81a..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayclusters.yaml
+++ /dev/null
@@ -1,11026 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.0
-  creationTimestamp: null
-  name: rayclusters.ray.io
-spec:
-  group: ray.io
-  names:
-    kind: RayCluster
-    listKind: RayClusterList
-    plural: rayclusters
-    singular: raycluster
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: RayCluster is the Schema for the RayClusters API
-        properties:
-          apiVersion:
-            description: APIVersion defines the versioned schema of this representation
-              of an object.
-            type: string
-          kind:
-            description: Kind is a string value representing the REST resource this
-              object represents.
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Specification of the desired behavior of the RayCluster.
-            properties:
-              autoscalerOptions:
-                description: AutoscalerOptions specifies optional configuration for
-                  the Ray autoscaler.
-                properties:
-                  idleTimeoutSeconds:
-                    description: IdleTimeoutSeconds is the number of seconds to wait
-                      before scaling down a worker pod which is not us
-                    format: int32
-                    type: integer
-                  image:
-                    description: Image optionally overrides the autoscaler's container
-                      image.
-                    type: string
-                  imagePullPolicy:
-                    description: ImagePullPolicy optionally overrides the autoscaler
-                      container's image pull policy.
-                    type: string
-                  resources:
-                    description: Resources specifies resource requests and limits
-                      for the autoscaler container.
-                    properties:
-                      limits:
-                        additionalProperties:
-                          anyOf:
-                          - type: integer
-                          - type: string
-                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                          x-kubernetes-int-or-string: true
-                        description: 'Limits describes the maximum amount of compute
-                          resources allowed. More info: https://kubernetes.'
-                        type: object
-                      requests:
-                        additionalProperties:
-                          anyOf:
-                          - type: integer
-                          - type: string
-                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                          x-kubernetes-int-or-string: true
-                        description: Requests describes the minimum amount of compute
-                          resources required.
-                        type: object
-                    type: object
-                  upscalingMode:
-                    description: UpscalineMode is "Default" or "Aggressive.
-                    enum:
-                    - Default
-                    - Aggressive
-                    type: string
-                type: object
-              enableInTreeAutoscaling:
-                description: EnableInTreeAutoscaling indicates whether operator should
-                  create in tree autoscaling configs
-                type: boolean
-              headGroupSpec:
-                description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-                  Important: Run "make" to regenerate code af'
-                properties:
-                  enableIngress:
-                    description: EnableIngress indicates whether operator should create
-                      ingress object for head service or not.
-                    type: boolean
-                  rayStartParams:
-                    additionalProperties:
-                      type: string
-                    description: 'RayStartParams are the params of the start command:
-                      node-manager-port, object-store-memory, ...'
-                    type: object
-                  replicas:
-                    description: HeadGroupSpec.Replicas is deprecated and ignored;
-                      there can only be one head pod per Ray cluster.
-                    format: int32
-                    type: integer
-                  serviceType:
-                    description: ServiceType is Kubernetes service type of the head
-                      service.
-                    type: string
-                  template:
-                    description: Template is the eaxct pod template used in K8s depoyments,
-                      statefulsets, etc.
-                    properties:
-                      metadata:
-                        description: 'Standard object''s metadata. More info: https://git.k8s.'
-                        properties:
-                          annotations:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          finalizers:
-                            items:
-                              type: string
-                            type: array
-                          labels:
-                            additionalProperties:
-                              type: string
-                            type: object
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                        type: object
-                      spec:
-                        description: 'Specification of the desired behavior of the
-                          pod. More info: https://git.k8s.'
-                        properties:
-                          activeDeadlineSeconds:
-                            description: Optional duration in seconds the pod may
-                              be active on the node relative to StartTime before the
-                              syst
-                            format: int64
-                            type: integer
-                          affinity:
-                            description: If specified, the pod's scheduling constraints
-                            properties:
-                              nodeAffinity:
-                                description: Describes node affinity scheduling rules
-                                  for the pod.
-                                properties:
-                                  preferredDuringSchedulingIgnoredDuringExecution:
-                                    description: 'The scheduler will prefer to schedule
-                                      pods to nodes that satisfy the affinity expressions
-                                      specified '
-                                    items:
-                                      description: An empty preferred scheduling term
-                                        matches all objects with implicit weight 0
-                                        (i.e. it's a no-op).
-                                      properties:
-                                        preference:
-                                          description: A node selector term, associated
-                                            with the corresponding weight.
-                                          properties:
-                                            matchExpressions:
-                                              description: A list of node selector
-                                                requirements by node's labels.
-                                              items:
-                                                description: 'A node selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates '
-                                                properties:
-                                                  key:
-                                                    description: The label key that
-                                                      the selector applies to.
-                                                    type: string
-                                                  operator:
-                                                    description: Represents a key's
-                                                      relationship to a set of values.
-                                                    type: string
-                                                  values:
-                                                    description: An array of string
-                                                      values. If the operator is In
-                                                      or NotIn, the values array must
-                                                      be non-empty.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchFields:
-                                              description: A list of node selector
-                                                requirements by node's fields.
-                                              items:
-                                                description: 'A node selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates '
-                                                properties:
-                                                  key:
-                                                    description: The label key that
-                                                      the selector applies to.
-                                                    type: string
-                                                  operator:
-                                                    description: Represents a key's
-                                                      relationship to a set of values.
-                                                    type: string
-                                                  values:
-                                                    description: An array of string
-                                                      values. If the operator is In
-                                                      or NotIn, the values array must
-                                                      be non-empty.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                          type: object
-                                        weight:
-                                          description: Weight associated with matching
-                                            the corresponding nodeSelectorTerm, in
-                                            the range 1-100.
-                                          format: int32
-                                          type: integer
-                                      required:
-                                      - preference
-                                      - weight
-                                      type: object
-                                    type: array
-                                  requiredDuringSchedulingIgnoredDuringExecution:
-                                    description: If the affinity requirements specified
-                                      by this field are not met at scheduling time,
-                                      the pod will no
-                                    properties:
-                                      nodeSelectorTerms:
-                                        description: Required. A list of node selector
-                                          terms. The terms are ORed.
-                                        items:
-                                          description: A null or empty node selector
-                                            term matches no objects. The requirements
-                                            of them are ANDed.
-                                          properties:
-                                            matchExpressions:
-                                              description: A list of node selector
-                                                requirements by node's labels.
-                                              items:
-                                                description: 'A node selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates '
-                                                properties:
-                                                  key:
-                                                    description: The label key that
-                                                      the selector applies to.
-                                                    type: string
-                                                  operator:
-                                                    description: Represents a key's
-                                                      relationship to a set of values.
-                                                    type: string
-                                                  values:
-                                                    description: An array of string
-                                                      values. If the operator is In
-                                                      or NotIn, the values array must
-                                                      be non-empty.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchFields:
-                                              description: A list of node selector
-                                                requirements by node's fields.
-                                              items:
-                                                description: 'A node selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates '
-                                                properties:
-                                                  key:
-                                                    description: The label key that
-                                                      the selector applies to.
-                                                    type: string
-                                                  operator:
-                                                    description: Represents a key's
-                                                      relationship to a set of values.
-                                                    type: string
-                                                  values:
-                                                    description: An array of string
-                                                      values. If the operator is In
-                                                      or NotIn, the values array must
-                                                      be non-empty.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                          type: object
-                                        type: array
-                                    required:
-                                    - nodeSelectorTerms
-                                    type: object
-                                type: object
-                              podAffinity:
-                                description: Describes pod affinity scheduling rules
-                                  (e.g. co-locate this pod in the same node, zone,
-                                  etc.
-                                properties:
-                                  preferredDuringSchedulingIgnoredDuringExecution:
-                                    description: 'The scheduler will prefer to schedule
-                                      pods to nodes that satisfy the affinity expressions
-                                      specified '
-                                    items:
-                                      description: The weights of all of the matched
-                                        WeightedPodAffinityTerm fields are added per-node
-                                        to find the most
-                                      properties:
-                                        podAffinityTerm:
-                                          description: Required. A pod affinity term,
-                                            associated with the corresponding weight.
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        weight:
-                                          description: weight associated with matching
-                                            the corresponding podAffinityTerm, in
-                                            the range 1-100.
-                                          format: int32
-                                          type: integer
-                                      required:
-                                      - podAffinityTerm
-                                      - weight
-                                      type: object
-                                    type: array
-                                  requiredDuringSchedulingIgnoredDuringExecution:
-                                    description: If the affinity requirements specified
-                                      by this field are not met at scheduling time,
-                                      the pod will no
-                                    items:
-                                      description: Defines a set of pods (namely those
-                                        matching the labelSelector relative to the
-                                        given namespace(s)) t
-                                      properties:
-                                        labelSelector:
-                                          description: A label query over a set of
-                                            resources, in this case pods.
-                                          properties:
-                                            matchExpressions:
-                                              description: matchExpressions is a list
-                                                of label selector requirements. The
-                                                requirements are ANDed.
-                                              items:
-                                                description: A label selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates
-                                                properties:
-                                                  key:
-                                                    description: key is the label
-                                                      key that the selector applies
-                                                      to.
-                                                    type: string
-                                                  operator:
-                                                    description: operator represents
-                                                      a key's relationship to a set
-                                                      of values.
-                                                    type: string
-                                                  values:
-                                                    description: values is an array
-                                                      of string values.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchLabels:
-                                              additionalProperties:
-                                                type: string
-                                              description: matchLabels is a map of
-                                                {key,value} pairs.
-                                              type: object
-                                          type: object
-                                        namespaceSelector:
-                                          description: A label query over the set
-                                            of namespaces that the term applies to.
-                                          properties:
-                                            matchExpressions:
-                                              description: matchExpressions is a list
-                                                of label selector requirements. The
-                                                requirements are ANDed.
-                                              items:
-                                                description: A label selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates
-                                                properties:
-                                                  key:
-                                                    description: key is the label
-                                                      key that the selector applies
-                                                      to.
-                                                    type: string
-                                                  operator:
-                                                    description: operator represents
-                                                      a key's relationship to a set
-                                                      of values.
-                                                    type: string
-                                                  values:
-                                                    description: values is an array
-                                                      of string values.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchLabels:
-                                              additionalProperties:
-                                                type: string
-                                              description: matchLabels is a map of
-                                                {key,value} pairs.
-                                              type: object
-                                          type: object
-                                        namespaces:
-                                          description: namespaces specifies a static
-                                            list of namespace names that the term
-                                            applies to.
-                                          items:
-                                            type: string
-                                          type: array
-                                        topologyKey:
-                                          description: This pod should be co-located
-                                            (affinity) or not co-located (anti-affinity)
-                                            with the pods matching th
-                                          type: string
-                                      required:
-                                      - topologyKey
-                                      type: object
-                                    type: array
-                                type: object
-                              podAntiAffinity:
-                                description: Describes pod anti-affinity scheduling
-                                  rules (e.g.
-                                properties:
-                                  preferredDuringSchedulingIgnoredDuringExecution:
-                                    description: The scheduler will prefer to schedule
-                                      pods to nodes that satisfy the anti-affinity
-                                      expressions speci
-                                    items:
-                                      description: The weights of all of the matched
-                                        WeightedPodAffinityTerm fields are added per-node
-                                        to find the most
-                                      properties:
-                                        podAffinityTerm:
-                                          description: Required. A pod affinity term,
-                                            associated with the corresponding weight.
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        weight:
-                                          description: weight associated with matching
-                                            the corresponding podAffinityTerm, in
-                                            the range 1-100.
-                                          format: int32
-                                          type: integer
-                                      required:
-                                      - podAffinityTerm
-                                      - weight
-                                      type: object
-                                    type: array
-                                  requiredDuringSchedulingIgnoredDuringExecution:
-                                    description: If the anti-affinity requirements
-                                      specified by this field are not met at scheduling
-                                      time, the pod wi
-                                    items:
-                                      description: Defines a set of pods (namely those
-                                        matching the labelSelector relative to the
-                                        given namespace(s)) t
-                                      properties:
-                                        labelSelector:
-                                          description: A label query over a set of
-                                            resources, in this case pods.
-                                          properties:
-                                            matchExpressions:
-                                              description: matchExpressions is a list
-                                                of label selector requirements. The
-                                                requirements are ANDed.
-                                              items:
-                                                description: A label selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates
-                                                properties:
-                                                  key:
-                                                    description: key is the label
-                                                      key that the selector applies
-                                                      to.
-                                                    type: string
-                                                  operator:
-                                                    description: operator represents
-                                                      a key's relationship to a set
-                                                      of values.
-                                                    type: string
-                                                  values:
-                                                    description: values is an array
-                                                      of string values.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchLabels:
-                                              additionalProperties:
-                                                type: string
-                                              description: matchLabels is a map of
-                                                {key,value} pairs.
-                                              type: object
-                                          type: object
-                                        namespaceSelector:
-                                          description: A label query over the set
-                                            of namespaces that the term applies to.
-                                          properties:
-                                            matchExpressions:
-                                              description: matchExpressions is a list
-                                                of label selector requirements. The
-                                                requirements are ANDed.
-                                              items:
-                                                description: A label selector requirement
-                                                  is a selector that contains values,
-                                                  a key, and an operator that relates
-                                                properties:
-                                                  key:
-                                                    description: key is the label
-                                                      key that the selector applies
-                                                      to.
-                                                    type: string
-                                                  operator:
-                                                    description: operator represents
-                                                      a key's relationship to a set
-                                                      of values.
-                                                    type: string
-                                                  values:
-                                                    description: values is an array
-                                                      of string values.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                required:
-                                                - key
-                                                - operator
-                                                type: object
-                                              type: array
-                                            matchLabels:
-                                              additionalProperties:
-                                                type: string
-                                              description: matchLabels is a map of
-                                                {key,value} pairs.
-                                              type: object
-                                          type: object
-                                        namespaces:
-                                          description: namespaces specifies a static
-                                            list of namespace names that the term
-                                            applies to.
-                                          items:
-                                            type: string
-                                          type: array
-                                        topologyKey:
-                                          description: This pod should be co-located
-                                            (affinity) or not co-located (anti-affinity)
-                                            with the pods matching th
-                                          type: string
-                                      required:
-                                      - topologyKey
-                                      type: object
-                                    type: array
-                                type: object
-                            type: object
-                          automountServiceAccountToken:
-                            description: AutomountServiceAccountToken indicates whether
-                              a service account token should be automatically mount
-                            type: boolean
-                          containers:
-                            description: List of containers belonging to the pod.
-                              Containers cannot currently be added or removed.
-                            items:
-                              description: A single application container that you
-                                want to run within a pod.
-                              properties:
-                                args:
-                                  description: Arguments to the entrypoint. The docker
-                                    image's CMD is used if this is not provided.
-                                  items:
-                                    type: string
-                                  type: array
-                                command:
-                                  description: Entrypoint array. Not executed within
-                                    a shell.
-                                  items:
-                                    type: string
-                                  type: array
-                                env:
-                                  description: List of environment variables to set
-                                    in the container. Cannot be updated.
-                                  items:
-                                    description: EnvVar represents an environment
-                                      variable present in a Container.
-                                    properties:
-                                      name:
-                                        description: Name of the environment variable.
-                                          Must be a C_IDENTIFIER.
-                                        type: string
-                                      value:
-                                        description: Variable references $(VAR_NAME)
-                                          are expanded using the previously defined
-                                          environment variables in t
-                                        type: string
-                                      valueFrom:
-                                        description: Source for the environment variable's
-                                          value. Cannot be used if value is not empty.
-                                        properties:
-                                          configMapKeyRef:
-                                            description: Selects a key of a ConfigMap.
-                                            properties:
-                                              key:
-                                                description: The key to select.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                          fieldRef:
-                                            description: 'Selects a field of the pod:
-                                              supports metadata.name, metadata.namespace,
-                                              `metadata.'
-                                            properties:
-                                              apiVersion:
-                                                description: Version of the schema
-                                                  the FieldPath is written in terms
-                                                  of, defaults to "v1".
-                                                type: string
-                                              fieldPath:
-                                                description: Path of the field to
-                                                  select in the specified API version.
-                                                type: string
-                                            required:
-                                            - fieldPath
-                                            type: object
-                                          resourceFieldRef:
-                                            description: 'Selects a resource of the
-                                              container: only resources limits and
-                                              requests (limits.cpu, limits.'
-                                            properties:
-                                              containerName:
-                                                description: 'Container name: required
-                                                  for volumes, optional for env vars'
-                                                type: string
-                                              divisor:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Specifies the output
-                                                  format of the exposed resources,
-                                                  defaults to "1"
-                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                x-kubernetes-int-or-string: true
-                                              resource:
-                                                description: 'Required: resource to
-                                                  select'
-                                                type: string
-                                            required:
-                                            - resource
-                                            type: object
-                                          secretKeyRef:
-                                            description: Selects a key of a secret
-                                              in the pod's namespace
-                                            properties:
-                                              key:
-                                                description: The key of the secret
-                                                  to select from.  Must be a valid
-                                                  secret key.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                        type: object
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                envFrom:
-                                  description: List of sources to populate environment
-                                    variables in the container.
-                                  items:
-                                    description: EnvFromSource represents the source
-                                      of a set of ConfigMaps
-                                    properties:
-                                      configMapRef:
-                                        description: The ConfigMap to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the ConfigMap
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                      prefix:
-                                        description: An optional identifier to prepend
-                                          to each key in the ConfigMap. Must be a
-                                          C_IDENTIFIER.
-                                        type: string
-                                      secretRef:
-                                        description: The Secret to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the Secret
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                    type: object
-                                  type: array
-                                image:
-                                  description: 'Docker image name. More info: https://kubernetes.'
-                                  type: string
-                                imagePullPolicy:
-                                  description: Image pull policy. One of Always, Never,
-                                    IfNotPresent.
-                                  type: string
-                                lifecycle:
-                                  description: Actions that the management system
-                                    should take in response to container lifecycle
-                                    events.
-                                  properties:
-                                    postStart:
-                                      description: PostStart is called immediately
-                                        after a container is created.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                    preStop:
-                                      description: PreStop is called immediately before
-                                        a container is terminated due to an API request
-                                        or management e
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                  type: object
-                                livenessProbe:
-                                  description: Periodic probe of container liveness.
-                                    Container will be restarted if the probe fails.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                name:
-                                  description: Name of the container specified as
-                                    a DNS_LABEL.
-                                  type: string
-                                ports:
-                                  description: List of ports to expose from the container.
-                                  items:
-                                    description: ContainerPort represents a network
-                                      port in a single container.
-                                    properties:
-                                      containerPort:
-                                        description: Number of port to expose on the
-                                          pod's IP address. This must be a valid port
-                                          number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      hostIP:
-                                        description: What host IP to bind the external
-                                          port to.
-                                        type: string
-                                      hostPort:
-                                        description: Number of port to expose on the
-                                          host. If specified, this must be a valid
-                                          port number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      name:
-                                        description: If specified, this must be an
-                                          IANA_SVC_NAME and unique within the pod.
-                                        type: string
-                                      protocol:
-                                        default: TCP
-                                        description: Protocol for port. Must be UDP,
-                                          TCP, or SCTP. Defaults to "TCP".
-                                        type: string
-                                    required:
-                                    - containerPort
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - containerPort
-                                  - protocol
-                                  x-kubernetes-list-type: map
-                                readinessProbe:
-                                  description: Periodic probe of container service
-                                    readiness.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                resources:
-                                  description: 'Compute Resources required by this
-                                    container. Cannot be updated. More info: https://kubernetes.'
-                                  properties:
-                                    limits:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: 'Limits describes the maximum amount
-                                        of compute resources allowed. More info: https://kubernetes.'
-                                      type: object
-                                    requests:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: Requests describes the minimum
-                                        amount of compute resources required.
-                                      type: object
-                                  type: object
-                                securityContext:
-                                  description: SecurityContext defines the security
-                                    options the container should be run with.
-                                  properties:
-                                    allowPrivilegeEscalation:
-                                      description: AllowPrivilegeEscalation controls
-                                        whether a process can gain more privileges
-                                        than its parent process
-                                      type: boolean
-                                    capabilities:
-                                      description: The capabilities to add/drop when
-                                        running containers.
-                                      properties:
-                                        add:
-                                          description: Added capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                        drop:
-                                          description: Removed capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                      type: object
-                                    privileged:
-                                      description: Run container in privileged mode.
-                                      type: boolean
-                                    procMount:
-                                      description: procMount denotes the type of proc
-                                        mount to use for the containers.
-                                      type: string
-                                    readOnlyRootFilesystem:
-                                      description: Whether this container has a read-only
-                                        root filesystem. Default is false.
-                                      type: boolean
-                                    runAsGroup:
-                                      description: The GID to run the entrypoint of
-                                        the container process. Uses runtime default
-                                        if unset.
-                                      format: int64
-                                      type: integer
-                                    runAsNonRoot:
-                                      description: Indicates that the container must
-                                        run as a non-root user.
-                                      type: boolean
-                                    runAsUser:
-                                      description: The UID to run the entrypoint of
-                                        the container process.
-                                      format: int64
-                                      type: integer
-                                    seLinuxOptions:
-                                      description: The SELinux context to be applied
-                                        to the container.
-                                      properties:
-                                        level:
-                                          description: Level is SELinux level label
-                                            that applies to the container.
-                                          type: string
-                                        role:
-                                          description: Role is a SELinux role label
-                                            that applies to the container.
-                                          type: string
-                                        type:
-                                          description: Type is a SELinux type label
-                                            that applies to the container.
-                                          type: string
-                                        user:
-                                          description: User is a SELinux user label
-                                            that applies to the container.
-                                          type: string
-                                      type: object
-                                    seccompProfile:
-                                      description: The seccomp options to use by this
-                                        container.
-                                      properties:
-                                        localhostProfile:
-                                          description: localhostProfile indicates
-                                            a profile defined in a file on the node
-                                            should be used.
-                                          type: string
-                                        type:
-                                          description: type indicates which kind of
-                                            seccomp profile will be applied.
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                    windowsOptions:
-                                      description: The Windows specific settings applied
-                                        to all containers.
-                                      properties:
-                                        gmsaCredentialSpec:
-                                          description: GMSACredentialSpec is where
-                                            the GMSA admission webhook (https://github.
-                                          type: string
-                                        gmsaCredentialSpecName:
-                                          description: GMSACredentialSpecName is the
-                                            name of the GMSA credential spec to use.
-                                          type: string
-                                        hostProcess:
-                                          description: HostProcess determines if a
-                                            container should be run as a 'Host Process'
-                                            container.
-                                          type: boolean
-                                        runAsUserName:
-                                          description: The UserName in Windows to
-                                            run the entrypoint of the container process.
-                                          type: string
-                                      type: object
-                                  type: object
-                                startupProbe:
-                                  description: StartupProbe indicates that the Pod
-                                    has successfully initialized.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                stdin:
-                                  description: Whether this container should allocate
-                                    a buffer for stdin in the container runtime.
-                                  type: boolean
-                                stdinOnce:
-                                  description: Whether the container runtime should
-                                    close the stdin channel after it has been opened
-                                    by a single at
-                                  type: boolean
-                                terminationMessagePath:
-                                  description: 'Optional: Path at which the file to
-                                    which the container''s termination message will
-                                    be written is mou'
-                                  type: string
-                                terminationMessagePolicy:
-                                  description: Indicate how the termination message
-                                    should be populated.
-                                  type: string
-                                tty:
-                                  description: Whether this container should allocate
-                                    a TTY for itself, also requires 'stdin' to be
-                                    true.
-                                  type: boolean
-                                volumeDevices:
-                                  description: volumeDevices is the list of block
-                                    devices to be used by the container.
-                                  items:
-                                    description: volumeDevice describes a mapping
-                                      of a raw block device within a container.
-                                    properties:
-                                      devicePath:
-                                        description: devicePath is the path inside
-                                          of the container that the device will be
-                                          mapped to.
-                                        type: string
-                                      name:
-                                        description: name must match the name of a
-                                          persistentVolumeClaim in the pod
-                                        type: string
-                                    required:
-                                    - devicePath
-                                    - name
-                                    type: object
-                                  type: array
-                                volumeMounts:
-                                  description: Pod volumes to mount into the container's
-                                    filesystem. Cannot be updated.
-                                  items:
-                                    description: VolumeMount describes a mounting
-                                      of a Volume within a container.
-                                    properties:
-                                      mountPath:
-                                        description: Path within the container at
-                                          which the volume should be mounted.  Must
-                                          not contain ':'.
-                                        type: string
-                                      mountPropagation:
-                                        description: mountPropagation determines how
-                                          mounts are propagated from the host to container
-                                          and the other way a
-                                        type: string
-                                      name:
-                                        description: This must match the Name of a
-                                          Volume.
-                                        type: string
-                                      readOnly:
-                                        description: Mounted read-only if true, read-write
-                                          otherwise (false or unspecified). Defaults
-                                          to false.
-                                        type: boolean
-                                      subPath:
-                                        description: Path within the volume from which
-                                          the container's volume should be mounted.
-                                        type: string
-                                      subPathExpr:
-                                        description: Expanded path within the volume
-                                          from which the container's volume should
-                                          be mounted.
-                                        type: string
-                                    required:
-                                    - mountPath
-                                    - name
-                                    type: object
-                                  type: array
-                                workingDir:
-                                  description: Container's working directory.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          dnsConfig:
-                            description: Specifies the DNS parameters of a pod.
-                            properties:
-                              nameservers:
-                                description: A list of DNS name server IP addresses.
-                                items:
-                                  type: string
-                                type: array
-                              options:
-                                description: A list of DNS resolver options. This
-                                  will be merged with the base options generated from
-                                  DNSPolicy.
-                                items:
-                                  description: PodDNSConfigOption defines DNS resolver
-                                    options of a pod.
-                                  properties:
-                                    name:
-                                      description: Required.
-                                      type: string
-                                    value:
-                                      type: string
-                                  type: object
-                                type: array
-                              searches:
-                                description: A list of DNS search domains for host-name
-                                  lookup.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                          dnsPolicy:
-                            description: Set DNS policy for the pod. Defaults to "ClusterFirst".
-                            type: string
-                          enableServiceLinks:
-                            description: EnableServiceLinks indicates whether information
-                              about services should be injected into pod's enviro
-                            type: boolean
-                          ephemeralContainers:
-                            description: List of ephemeral containers run in this
-                              pod.
-                            items:
-                              description: An EphemeralContainer is a temporary container
-                                that you may add to an existing Pod for user-initiate
-                              properties:
-                                args:
-                                  description: Arguments to the entrypoint. The docker
-                                    image's CMD is used if this is not provided.
-                                  items:
-                                    type: string
-                                  type: array
-                                command:
-                                  description: Entrypoint array. Not executed within
-                                    a shell.
-                                  items:
-                                    type: string
-                                  type: array
-                                env:
-                                  description: List of environment variables to set
-                                    in the container. Cannot be updated.
-                                  items:
-                                    description: EnvVar represents an environment
-                                      variable present in a Container.
-                                    properties:
-                                      name:
-                                        description: Name of the environment variable.
-                                          Must be a C_IDENTIFIER.
-                                        type: string
-                                      value:
-                                        description: Variable references $(VAR_NAME)
-                                          are expanded using the previously defined
-                                          environment variables in t
-                                        type: string
-                                      valueFrom:
-                                        description: Source for the environment variable's
-                                          value. Cannot be used if value is not empty.
-                                        properties:
-                                          configMapKeyRef:
-                                            description: Selects a key of a ConfigMap.
-                                            properties:
-                                              key:
-                                                description: The key to select.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                          fieldRef:
-                                            description: 'Selects a field of the pod:
-                                              supports metadata.name, metadata.namespace,
-                                              `metadata.'
-                                            properties:
-                                              apiVersion:
-                                                description: Version of the schema
-                                                  the FieldPath is written in terms
-                                                  of, defaults to "v1".
-                                                type: string
-                                              fieldPath:
-                                                description: Path of the field to
-                                                  select in the specified API version.
-                                                type: string
-                                            required:
-                                            - fieldPath
-                                            type: object
-                                          resourceFieldRef:
-                                            description: 'Selects a resource of the
-                                              container: only resources limits and
-                                              requests (limits.cpu, limits.'
-                                            properties:
-                                              containerName:
-                                                description: 'Container name: required
-                                                  for volumes, optional for env vars'
-                                                type: string
-                                              divisor:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Specifies the output
-                                                  format of the exposed resources,
-                                                  defaults to "1"
-                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                x-kubernetes-int-or-string: true
-                                              resource:
-                                                description: 'Required: resource to
-                                                  select'
-                                                type: string
-                                            required:
-                                            - resource
-                                            type: object
-                                          secretKeyRef:
-                                            description: Selects a key of a secret
-                                              in the pod's namespace
-                                            properties:
-                                              key:
-                                                description: The key of the secret
-                                                  to select from.  Must be a valid
-                                                  secret key.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                        type: object
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                envFrom:
-                                  description: List of sources to populate environment
-                                    variables in the container.
-                                  items:
-                                    description: EnvFromSource represents the source
-                                      of a set of ConfigMaps
-                                    properties:
-                                      configMapRef:
-                                        description: The ConfigMap to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the ConfigMap
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                      prefix:
-                                        description: An optional identifier to prepend
-                                          to each key in the ConfigMap. Must be a
-                                          C_IDENTIFIER.
-                                        type: string
-                                      secretRef:
-                                        description: The Secret to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the Secret
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                    type: object
-                                  type: array
-                                image:
-                                  description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
-                                  type: string
-                                imagePullPolicy:
-                                  description: Image pull policy. One of Always, Never,
-                                    IfNotPresent.
-                                  type: string
-                                lifecycle:
-                                  description: Lifecycle is not allowed for ephemeral
-                                    containers.
-                                  properties:
-                                    postStart:
-                                      description: PostStart is called immediately
-                                        after a container is created.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                    preStop:
-                                      description: PreStop is called immediately before
-                                        a container is terminated due to an API request
-                                        or management e
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                  type: object
-                                livenessProbe:
-                                  description: Probes are not allowed for ephemeral
-                                    containers.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                name:
-                                  description: Name of the ephemeral container specified
-                                    as a DNS_LABEL.
-                                  type: string
-                                ports:
-                                  description: Ports are not allowed for ephemeral
-                                    containers.
-                                  items:
-                                    description: ContainerPort represents a network
-                                      port in a single container.
-                                    properties:
-                                      containerPort:
-                                        description: Number of port to expose on the
-                                          pod's IP address. This must be a valid port
-                                          number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      hostIP:
-                                        description: What host IP to bind the external
-                                          port to.
-                                        type: string
-                                      hostPort:
-                                        description: Number of port to expose on the
-                                          host. If specified, this must be a valid
-                                          port number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      name:
-                                        description: If specified, this must be an
-                                          IANA_SVC_NAME and unique within the pod.
-                                        type: string
-                                      protocol:
-                                        default: TCP
-                                        description: Protocol for port. Must be UDP,
-                                          TCP, or SCTP. Defaults to "TCP".
-                                        type: string
-                                    required:
-                                    - containerPort
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - containerPort
-                                  - protocol
-                                  x-kubernetes-list-type: map
-                                readinessProbe:
-                                  description: Probes are not allowed for ephemeral
-                                    containers.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                resources:
-                                  description: Resources are not allowed for ephemeral
-                                    containers.
-                                  properties:
-                                    limits:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: 'Limits describes the maximum amount
-                                        of compute resources allowed. More info: https://kubernetes.'
-                                      type: object
-                                    requests:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: Requests describes the minimum
-                                        amount of compute resources required.
-                                      type: object
-                                  type: object
-                                securityContext:
-                                  description: 'Optional: SecurityContext defines
-                                    the security options the ephemeral container should
-                                    be run with.'
-                                  properties:
-                                    allowPrivilegeEscalation:
-                                      description: AllowPrivilegeEscalation controls
-                                        whether a process can gain more privileges
-                                        than its parent process
-                                      type: boolean
-                                    capabilities:
-                                      description: The capabilities to add/drop when
-                                        running containers.
-                                      properties:
-                                        add:
-                                          description: Added capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                        drop:
-                                          description: Removed capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                      type: object
-                                    privileged:
-                                      description: Run container in privileged mode.
-                                      type: boolean
-                                    procMount:
-                                      description: procMount denotes the type of proc
-                                        mount to use for the containers.
-                                      type: string
-                                    readOnlyRootFilesystem:
-                                      description: Whether this container has a read-only
-                                        root filesystem. Default is false.
-                                      type: boolean
-                                    runAsGroup:
-                                      description: The GID to run the entrypoint of
-                                        the container process. Uses runtime default
-                                        if unset.
-                                      format: int64
-                                      type: integer
-                                    runAsNonRoot:
-                                      description: Indicates that the container must
-                                        run as a non-root user.
-                                      type: boolean
-                                    runAsUser:
-                                      description: The UID to run the entrypoint of
-                                        the container process.
-                                      format: int64
-                                      type: integer
-                                    seLinuxOptions:
-                                      description: The SELinux context to be applied
-                                        to the container.
-                                      properties:
-                                        level:
-                                          description: Level is SELinux level label
-                                            that applies to the container.
-                                          type: string
-                                        role:
-                                          description: Role is a SELinux role label
-                                            that applies to the container.
-                                          type: string
-                                        type:
-                                          description: Type is a SELinux type label
-                                            that applies to the container.
-                                          type: string
-                                        user:
-                                          description: User is a SELinux user label
-                                            that applies to the container.
-                                          type: string
-                                      type: object
-                                    seccompProfile:
-                                      description: The seccomp options to use by this
-                                        container.
-                                      properties:
-                                        localhostProfile:
-                                          description: localhostProfile indicates
-                                            a profile defined in a file on the node
-                                            should be used.
-                                          type: string
-                                        type:
-                                          description: type indicates which kind of
-                                            seccomp profile will be applied.
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                    windowsOptions:
-                                      description: The Windows specific settings applied
-                                        to all containers.
-                                      properties:
-                                        gmsaCredentialSpec:
-                                          description: GMSACredentialSpec is where
-                                            the GMSA admission webhook (https://github.
-                                          type: string
-                                        gmsaCredentialSpecName:
-                                          description: GMSACredentialSpecName is the
-                                            name of the GMSA credential spec to use.
-                                          type: string
-                                        hostProcess:
-                                          description: HostProcess determines if a
-                                            container should be run as a 'Host Process'
-                                            container.
-                                          type: boolean
-                                        runAsUserName:
-                                          description: The UserName in Windows to
-                                            run the entrypoint of the container process.
-                                          type: string
-                                      type: object
-                                  type: object
-                                startupProbe:
-                                  description: Probes are not allowed for ephemeral
-                                    containers.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                stdin:
-                                  description: Whether this container should allocate
-                                    a buffer for stdin in the container runtime.
-                                  type: boolean
-                                stdinOnce:
-                                  description: Whether the container runtime should
-                                    close the stdin channel after it has been opened
-                                    by a single at
-                                  type: boolean
-                                targetContainerName:
-                                  description: If set, the name of the container from
-                                    PodSpec that this ephemeral container targets.
-                                  type: string
-                                terminationMessagePath:
-                                  description: 'Optional: Path at which the file to
-                                    which the container''s termination message will
-                                    be written is mou'
-                                  type: string
-                                terminationMessagePolicy:
-                                  description: Indicate how the termination message
-                                    should be populated.
-                                  type: string
-                                tty:
-                                  description: Whether this container should allocate
-                                    a TTY for itself, also requires 'stdin' to be
-                                    true.
-                                  type: boolean
-                                volumeDevices:
-                                  description: volumeDevices is the list of block
-                                    devices to be used by the container.
-                                  items:
-                                    description: volumeDevice describes a mapping
-                                      of a raw block device within a container.
-                                    properties:
-                                      devicePath:
-                                        description: devicePath is the path inside
-                                          of the container that the device will be
-                                          mapped to.
-                                        type: string
-                                      name:
-                                        description: name must match the name of a
-                                          persistentVolumeClaim in the pod
-                                        type: string
-                                    required:
-                                    - devicePath
-                                    - name
-                                    type: object
-                                  type: array
-                                volumeMounts:
-                                  description: Pod volumes to mount into the container's
-                                    filesystem.
-                                  items:
-                                    description: VolumeMount describes a mounting
-                                      of a Volume within a container.
-                                    properties:
-                                      mountPath:
-                                        description: Path within the container at
-                                          which the volume should be mounted.  Must
-                                          not contain ':'.
-                                        type: string
-                                      mountPropagation:
-                                        description: mountPropagation determines how
-                                          mounts are propagated from the host to container
-                                          and the other way a
-                                        type: string
-                                      name:
-                                        description: This must match the Name of a
-                                          Volume.
-                                        type: string
-                                      readOnly:
-                                        description: Mounted read-only if true, read-write
-                                          otherwise (false or unspecified). Defaults
-                                          to false.
-                                        type: boolean
-                                      subPath:
-                                        description: Path within the volume from which
-                                          the container's volume should be mounted.
-                                        type: string
-                                      subPathExpr:
-                                        description: Expanded path within the volume
-                                          from which the container's volume should
-                                          be mounted.
-                                        type: string
-                                    required:
-                                    - mountPath
-                                    - name
-                                    type: object
-                                  type: array
-                                workingDir:
-                                  description: Container's working directory.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          hostAliases:
-                            description: 'HostAliases is an optional list of hosts
-                              and IPs that will be injected into the pod''s hosts
-                              file if '
-                            items:
-                              description: 'HostAlias holds the mapping between IP
-                                and hostnames that will be injected as an entry in
-                                the pod''s '
-                              properties:
-                                hostnames:
-                                  description: Hostnames for the above IP address.
-                                  items:
-                                    type: string
-                                  type: array
-                                ip:
-                                  description: IP address of the host file entry.
-                                  type: string
-                              type: object
-                            type: array
-                          hostIPC:
-                            description: 'Use the host''s ipc namespace. Optional:
-                              Default to false.'
-                            type: boolean
-                          hostNetwork:
-                            description: Host networking requested for this pod. Use
-                              the host's network namespace.
-                            type: boolean
-                          hostPID:
-                            description: 'Use the host''s pid namespace. Optional:
-                              Default to false.'
-                            type: boolean
-                          hostname:
-                            description: Specifies the hostname of the Pod If not
-                              specified, the pod's hostname will be set to a system-defin
-                            type: string
-                          imagePullSecrets:
-                            description: ImagePullSecrets is an optional list of references
-                              to secrets in the same namespace to use for pulli
-                            items:
-                              description: 'LocalObjectReference contains enough information
-                                to let you locate the referenced object inside the '
-                              properties:
-                                name:
-                                  description: 'Name of the referent. More info: https://kubernetes.'
-                                  type: string
-                              type: object
-                            type: array
-                          initContainers:
-                            description: List of initialization containers belonging
-                              to the pod.
-                            items:
-                              description: A single application container that you
-                                want to run within a pod.
-                              properties:
-                                args:
-                                  description: Arguments to the entrypoint. The docker
-                                    image's CMD is used if this is not provided.
-                                  items:
-                                    type: string
-                                  type: array
-                                command:
-                                  description: Entrypoint array. Not executed within
-                                    a shell.
-                                  items:
-                                    type: string
-                                  type: array
-                                env:
-                                  description: List of environment variables to set
-                                    in the container. Cannot be updated.
-                                  items:
-                                    description: EnvVar represents an environment
-                                      variable present in a Container.
-                                    properties:
-                                      name:
-                                        description: Name of the environment variable.
-                                          Must be a C_IDENTIFIER.
-                                        type: string
-                                      value:
-                                        description: Variable references $(VAR_NAME)
-                                          are expanded using the previously defined
-                                          environment variables in t
-                                        type: string
-                                      valueFrom:
-                                        description: Source for the environment variable's
-                                          value. Cannot be used if value is not empty.
-                                        properties:
-                                          configMapKeyRef:
-                                            description: Selects a key of a ConfigMap.
-                                            properties:
-                                              key:
-                                                description: The key to select.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                          fieldRef:
-                                            description: 'Selects a field of the pod:
-                                              supports metadata.name, metadata.namespace,
-                                              `metadata.'
-                                            properties:
-                                              apiVersion:
-                                                description: Version of the schema
-                                                  the FieldPath is written in terms
-                                                  of, defaults to "v1".
-                                                type: string
-                                              fieldPath:
-                                                description: Path of the field to
-                                                  select in the specified API version.
-                                                type: string
-                                            required:
-                                            - fieldPath
-                                            type: object
-                                          resourceFieldRef:
-                                            description: 'Selects a resource of the
-                                              container: only resources limits and
-                                              requests (limits.cpu, limits.'
-                                            properties:
-                                              containerName:
-                                                description: 'Container name: required
-                                                  for volumes, optional for env vars'
-                                                type: string
-                                              divisor:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Specifies the output
-                                                  format of the exposed resources,
-                                                  defaults to "1"
-                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                x-kubernetes-int-or-string: true
-                                              resource:
-                                                description: 'Required: resource to
-                                                  select'
-                                                type: string
-                                            required:
-                                            - resource
-                                            type: object
-                                          secretKeyRef:
-                                            description: Selects a key of a secret
-                                              in the pod's namespace
-                                            properties:
-                                              key:
-                                                description: The key of the secret
-                                                  to select from.  Must be a valid
-                                                  secret key.
-                                                type: string
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  or its key must be defined
-                                                type: boolean
-                                            required:
-                                            - key
-                                            type: object
-                                        type: object
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                envFrom:
-                                  description: List of sources to populate environment
-                                    variables in the container.
-                                  items:
-                                    description: EnvFromSource represents the source
-                                      of a set of ConfigMaps
-                                    properties:
-                                      configMapRef:
-                                        description: The ConfigMap to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the ConfigMap
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                      prefix:
-                                        description: An optional identifier to prepend
-                                          to each key in the ConfigMap. Must be a
-                                          C_IDENTIFIER.
-                                        type: string
-                                      secretRef:
-                                        description: The Secret to select from
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the Secret
-                                              must be defined
-                                            type: boolean
-                                        type: object
-                                    type: object
-                                  type: array
-                                image:
-                                  description: 'Docker image name. More info: https://kubernetes.'
-                                  type: string
-                                imagePullPolicy:
-                                  description: Image pull policy. One of Always, Never,
-                                    IfNotPresent.
-                                  type: string
-                                lifecycle:
-                                  description: Actions that the management system
-                                    should take in response to container lifecycle
-                                    events.
-                                  properties:
-                                    postStart:
-                                      description: PostStart is called immediately
-                                        after a container is created.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                    preStop:
-                                      description: PreStop is called immediately before
-                                        a container is terminated due to an API request
-                                        or management e
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        tcpSocket:
-                                          description: Deprecated.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                      type: object
-                                  type: object
-                                livenessProbe:
-                                  description: Periodic probe of container liveness.
-                                    Container will be restarted if the probe fails.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                name:
-                                  description: Name of the container specified as
-                                    a DNS_LABEL.
-                                  type: string
-                                ports:
-                                  description: List of ports to expose from the container.
-                                  items:
-                                    description: ContainerPort represents a network
-                                      port in a single container.
-                                    properties:
-                                      containerPort:
-                                        description: Number of port to expose on the
-                                          pod's IP address. This must be a valid port
-                                          number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      hostIP:
-                                        description: What host IP to bind the external
-                                          port to.
-                                        type: string
-                                      hostPort:
-                                        description: Number of port to expose on the
-                                          host. If specified, this must be a valid
-                                          port number, 0 < x < 65536.
-                                        format: int32
-                                        type: integer
-                                      name:
-                                        description: If specified, this must be an
-                                          IANA_SVC_NAME and unique within the pod.
-                                        type: string
-                                      protocol:
-                                        default: TCP
-                                        description: Protocol for port. Must be UDP,
-                                          TCP, or SCTP. Defaults to "TCP".
-                                        type: string
-                                    required:
-                                    - containerPort
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - containerPort
-                                  - protocol
-                                  x-kubernetes-list-type: map
-                                readinessProbe:
-                                  description: Periodic probe of container service
-                                    readiness.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                resources:
-                                  description: 'Compute Resources required by this
-                                    container. Cannot be updated. More info: https://kubernetes.'
-                                  properties:
-                                    limits:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: 'Limits describes the maximum amount
-                                        of compute resources allowed. More info: https://kubernetes.'
-                                      type: object
-                                    requests:
-                                      additionalProperties:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                      description: Requests describes the minimum
-                                        amount of compute resources required.
-                                      type: object
-                                  type: object
-                                securityContext:
-                                  description: SecurityContext defines the security
-                                    options the container should be run with.
-                                  properties:
-                                    allowPrivilegeEscalation:
-                                      description: AllowPrivilegeEscalation controls
-                                        whether a process can gain more privileges
-                                        than its parent process
-                                      type: boolean
-                                    capabilities:
-                                      description: The capabilities to add/drop when
-                                        running containers.
-                                      properties:
-                                        add:
-                                          description: Added capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                        drop:
-                                          description: Removed capabilities
-                                          items:
-                                            description: Capability represent POSIX
-                                              capabilities type
-                                            type: string
-                                          type: array
-                                      type: object
-                                    privileged:
-                                      description: Run container in privileged mode.
-                                      type: boolean
-                                    procMount:
-                                      description: procMount denotes the type of proc
-                                        mount to use for the containers.
-                                      type: string
-                                    readOnlyRootFilesystem:
-                                      description: Whether this container has a read-only
-                                        root filesystem. Default is false.
-                                      type: boolean
-                                    runAsGroup:
-                                      description: The GID to run the entrypoint of
-                                        the container process. Uses runtime default
-                                        if unset.
-                                      format: int64
-                                      type: integer
-                                    runAsNonRoot:
-                                      description: Indicates that the container must
-                                        run as a non-root user.
-                                      type: boolean
-                                    runAsUser:
-                                      description: The UID to run the entrypoint of
-                                        the container process.
-                                      format: int64
-                                      type: integer
-                                    seLinuxOptions:
-                                      description: The SELinux context to be applied
-                                        to the container.
-                                      properties:
-                                        level:
-                                          description: Level is SELinux level label
-                                            that applies to the container.
-                                          type: string
-                                        role:
-                                          description: Role is a SELinux role label
-                                            that applies to the container.
-                                          type: string
-                                        type:
-                                          description: Type is a SELinux type label
-                                            that applies to the container.
-                                          type: string
-                                        user:
-                                          description: User is a SELinux user label
-                                            that applies to the container.
-                                          type: string
-                                      type: object
-                                    seccompProfile:
-                                      description: The seccomp options to use by this
-                                        container.
-                                      properties:
-                                        localhostProfile:
-                                          description: localhostProfile indicates
-                                            a profile defined in a file on the node
-                                            should be used.
-                                          type: string
-                                        type:
-                                          description: type indicates which kind of
-                                            seccomp profile will be applied.
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                    windowsOptions:
-                                      description: The Windows specific settings applied
-                                        to all containers.
-                                      properties:
-                                        gmsaCredentialSpec:
-                                          description: GMSACredentialSpec is where
-                                            the GMSA admission webhook (https://github.
-                                          type: string
-                                        gmsaCredentialSpecName:
-                                          description: GMSACredentialSpecName is the
-                                            name of the GMSA credential spec to use.
-                                          type: string
-                                        hostProcess:
-                                          description: HostProcess determines if a
-                                            container should be run as a 'Host Process'
-                                            container.
-                                          type: boolean
-                                        runAsUserName:
-                                          description: The UserName in Windows to
-                                            run the entrypoint of the container process.
-                                          type: string
-                                      type: object
-                                  type: object
-                                startupProbe:
-                                  description: StartupProbe indicates that the Pod
-                                    has successfully initialized.
-                                  properties:
-                                    exec:
-                                      description: Exec specifies the action to take.
-                                      properties:
-                                        command:
-                                          description: 'Command is the command line
-                                            to execute inside the container, the working
-                                            directory for the command  '
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    failureThreshold:
-                                      description: Minimum consecutive failures for
-                                        the probe to be considered failed after having
-                                        succeeded.
-                                      format: int32
-                                      type: integer
-                                    grpc:
-                                      description: GRPC specifies an action involving
-                                        a GRPC port.
-                                      properties:
-                                        port:
-                                          description: Port number of the gRPC service.
-                                            Number must be in the range 1 to 65535.
-                                          format: int32
-                                          type: integer
-                                        service:
-                                          description: Service is the name of the
-                                            service to place in the gRPC HealthCheckRequest
-                                            (see https://github.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    httpGet:
-                                      description: HTTPGet specifies the http request
-                                        to perform.
-                                      properties:
-                                        host:
-                                          description: Host name to connect to, defaults
-                                            to the pod IP.
-                                          type: string
-                                        httpHeaders:
-                                          description: Custom headers to set in the
-                                            request. HTTP allows repeated headers.
-                                          items:
-                                            description: HTTPHeader describes a custom
-                                              header to be used in HTTP probes
-                                            properties:
-                                              name:
-                                                description: The header field name
-                                                type: string
-                                              value:
-                                                description: The header field value
-                                                type: string
-                                            required:
-                                            - name
-                                            - value
-                                            type: object
-                                          type: array
-                                        path:
-                                          description: Path to access on the HTTP
-                                            server.
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Name or number of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                        scheme:
-                                          description: Scheme to use for connecting
-                                            to the host. Defaults to HTTP.
-                                          type: string
-                                      required:
-                                      - port
-                                      type: object
-                                    initialDelaySeconds:
-                                      description: Number of seconds after the container
-                                        has started before liveness probes are initiated.
-                                      format: int32
-                                      type: integer
-                                    periodSeconds:
-                                      description: How often (in seconds) to perform
-                                        the probe. Default to 10 seconds. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                    successThreshold:
-                                      description: Minimum consecutive successes for
-                                        the probe to be considered successful after
-                                        having failed.
-                                      format: int32
-                                      type: integer
-                                    tcpSocket:
-                                      description: TCPSocket specifies an action involving
-                                        a TCP port.
-                                      properties:
-                                        host:
-                                          description: 'Optional: Host name to connect
-                                            to, defaults to the pod IP.'
-                                          type: string
-                                        port:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Number or name of the port
-                                            to access on the container. Number must
-                                            be in the range 1 to 65535.
-                                          x-kubernetes-int-or-string: true
-                                      required:
-                                      - port
-                                      type: object
-                                    terminationGracePeriodSeconds:
-                                      description: Optional duration in seconds the
-                                        pod needs to terminate gracefully upon probe
-                                        failure.
-                                      format: int64
-                                      type: integer
-                                    timeoutSeconds:
-                                      description: Number of seconds after which the
-                                        probe times out. Defaults to 1 second. Minimum
-                                        value is 1.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                stdin:
-                                  description: Whether this container should allocate
-                                    a buffer for stdin in the container runtime.
-                                  type: boolean
-                                stdinOnce:
-                                  description: Whether the container runtime should
-                                    close the stdin channel after it has been opened
-                                    by a single at
-                                  type: boolean
-                                terminationMessagePath:
-                                  description: 'Optional: Path at which the file to
-                                    which the container''s termination message will
-                                    be written is mou'
-                                  type: string
-                                terminationMessagePolicy:
-                                  description: Indicate how the termination message
-                                    should be populated.
-                                  type: string
-                                tty:
-                                  description: Whether this container should allocate
-                                    a TTY for itself, also requires 'stdin' to be
-                                    true.
-                                  type: boolean
-                                volumeDevices:
-                                  description: volumeDevices is the list of block
-                                    devices to be used by the container.
-                                  items:
-                                    description: volumeDevice describes a mapping
-                                      of a raw block device within a container.
-                                    properties:
-                                      devicePath:
-                                        description: devicePath is the path inside
-                                          of the container that the device will be
-                                          mapped to.
-                                        type: string
-                                      name:
-                                        description: name must match the name of a
-                                          persistentVolumeClaim in the pod
-                                        type: string
-                                    required:
-                                    - devicePath
-                                    - name
-                                    type: object
-                                  type: array
-                                volumeMounts:
-                                  description: Pod volumes to mount into the container's
-                                    filesystem. Cannot be updated.
-                                  items:
-                                    description: VolumeMount describes a mounting
-                                      of a Volume within a container.
-                                    properties:
-                                      mountPath:
-                                        description: Path within the container at
-                                          which the volume should be mounted.  Must
-                                          not contain ':'.
-                                        type: string
-                                      mountPropagation:
-                                        description: mountPropagation determines how
-                                          mounts are propagated from the host to container
-                                          and the other way a
-                                        type: string
-                                      name:
-                                        description: This must match the Name of a
-                                          Volume.
-                                        type: string
-                                      readOnly:
-                                        description: Mounted read-only if true, read-write
-                                          otherwise (false or unspecified). Defaults
-                                          to false.
-                                        type: boolean
-                                      subPath:
-                                        description: Path within the volume from which
-                                          the container's volume should be mounted.
-                                        type: string
-                                      subPathExpr:
-                                        description: Expanded path within the volume
-                                          from which the container's volume should
-                                          be mounted.
-                                        type: string
-                                    required:
-                                    - mountPath
-                                    - name
-                                    type: object
-                                  type: array
-                                workingDir:
-                                  description: Container's working directory.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          nodeName:
-                            description: NodeName is a request to schedule this pod
-                              onto a specific node.
-                            type: string
-                          nodeSelector:
-                            additionalProperties:
-                              type: string
-                            description: NodeSelector is a selector which must be
-                              true for the pod to fit on a node.
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          os:
-                            description: Specifies the OS of the containers in the
-                              pod.
-                            properties:
-                              name:
-                                description: Name is the name of the operating system.
-                                  The currently supported values are linux and windows.
-                                type: string
-                            required:
-                            - name
-                            type: object
-                          overhead:
-                            additionalProperties:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                            description: Overhead represents the resource overhead
-                              associated with running a pod for a given RuntimeClass.
-                            type: object
-                          preemptionPolicy:
-                            description: PreemptionPolicy is the Policy for preempting
-                              pods with lower priority.
-                            type: string
-                          priority:
-                            description: The priority value. Various system components
-                              use this field to find the priority of the pod.
-                            format: int32
-                            type: integer
-                          priorityClassName:
-                            description: If specified, indicates the pod's priority.
-                            type: string
-                          readinessGates:
-                            description: If specified, all readiness gates will be
-                              evaluated for pod readiness.
-                            items:
-                              description: PodReadinessGate contains the reference
-                                to a pod condition
-                              properties:
-                                conditionType:
-                                  description: ConditionType refers to a condition
-                                    in the pod's condition list with matching type.
-                                  type: string
-                              required:
-                              - conditionType
-                              type: object
-                            type: array
-                          restartPolicy:
-                            description: Restart policy for all containers within
-                              the pod. One of Always, OnFailure, Never.
-                            type: string
-                          runtimeClassName:
-                            description: RuntimeClassName refers to a RuntimeClass
-                              object in the node.k8s.
-                            type: string
-                          schedulerName:
-                            description: If specified, the pod will be dispatched
-                              by specified scheduler.
-                            type: string
-                          securityContext:
-                            description: SecurityContext holds pod-level security
-                              attributes and common container settings.
-                            properties:
-                              fsGroup:
-                                description: A special supplemental group that applies
-                                  to all containers in a pod.
-                                format: int64
-                                type: integer
-                              fsGroupChangePolicy:
-                                description: fsGroupChangePolicy defines behavior
-                                  of changing ownership and permission of the volume
-                                  before being
-                                type: string
-                              runAsGroup:
-                                description: The GID to run the entrypoint of the
-                                  container process. Uses runtime default if unset.
-                                format: int64
-                                type: integer
-                              runAsNonRoot:
-                                description: Indicates that the container must run
-                                  as a non-root user.
-                                type: boolean
-                              runAsUser:
-                                description: The UID to run the entrypoint of the
-                                  container process.
-                                format: int64
-                                type: integer
-                              seLinuxOptions:
-                                description: The SELinux context to be applied to
-                                  all containers.
-                                properties:
-                                  level:
-                                    description: Level is SELinux level label that
-                                      applies to the container.
-                                    type: string
-                                  role:
-                                    description: Role is a SELinux role label that
-                                      applies to the container.
-                                    type: string
-                                  type:
-                                    description: Type is a SELinux type label that
-                                      applies to the container.
-                                    type: string
-                                  user:
-                                    description: User is a SELinux user label that
-                                      applies to the container.
-                                    type: string
-                                type: object
-                              seccompProfile:
-                                description: The seccomp options to use by the containers
-                                  in this pod.
-                                properties:
-                                  localhostProfile:
-                                    description: localhostProfile indicates a profile
-                                      defined in a file on the node should be used.
-                                    type: string
-                                  type:
-                                    description: type indicates which kind of seccomp
-                                      profile will be applied.
-                                    type: string
-                                required:
-                                - type
-                                type: object
-                              supplementalGroups:
-                                description: 'A list of groups applied to the first
-                                  process run in each container, in addition to the
-                                  container''s '
-                                items:
-                                  format: int64
-                                  type: integer
-                                type: array
-                              sysctls:
-                                description: Sysctls hold a list of namespaced sysctls
-                                  used for the pod.
-                                items:
-                                  description: Sysctl defines a kernel parameter to
-                                    be set
-                                  properties:
-                                    name:
-                                      description: Name of a property to set
-                                      type: string
-                                    value:
-                                      description: Value of a property to set
-                                      type: string
-                                  required:
-                                  - name
-                                  - value
-                                  type: object
-                                type: array
-                              windowsOptions:
-                                description: The Windows specific settings applied
-                                  to all containers.
-                                properties:
-                                  gmsaCredentialSpec:
-                                    description: GMSACredentialSpec is where the GMSA
-                                      admission webhook (https://github.
-                                    type: string
-                                  gmsaCredentialSpecName:
-                                    description: GMSACredentialSpecName is the name
-                                      of the GMSA credential spec to use.
-                                    type: string
-                                  hostProcess:
-                                    description: HostProcess determines if a container
-                                      should be run as a 'Host Process' container.
-                                    type: boolean
-                                  runAsUserName:
-                                    description: The UserName in Windows to run the
-                                      entrypoint of the container process.
-                                    type: string
-                                type: object
-                            type: object
-                          serviceAccount:
-                            description: DeprecatedServiceAccount is a depreciated
-                              alias for ServiceAccountName.
-                            type: string
-                          serviceAccountName:
-                            description: ServiceAccountName is the name of the ServiceAccount
-                              to use to run this pod.
-                            type: string
-                          setHostnameAsFQDN:
-                            description: If true the pod's hostname will be configured
-                              as the pod's FQDN, rather than the leaf name (the defa
-                            type: boolean
-                          shareProcessNamespace:
-                            description: Share a single process namespace between
-                              all of the containers in a pod.
-                            type: boolean
-                          subdomain:
-                            description: If specified, the fully qualified Pod hostname
-                              will be "<hostname>.<subdomain>.<pod namespace>.svc.
-                            type: string
-                          terminationGracePeriodSeconds:
-                            description: Optional duration in seconds the pod needs
-                              to terminate gracefully.
-                            format: int64
-                            type: integer
-                          tolerations:
-                            description: If specified, the pod's tolerations.
-                            items:
-                              description: The pod this Toleration is attached to
-                                tolerates any taint that matches the triple <key,value,effect
-                              properties:
-                                effect:
-                                  description: Effect indicates the taint effect to
-                                    match. Empty means match all taint effects.
-                                  type: string
-                                key:
-                                  description: Key is the taint key that the toleration
-                                    applies to. Empty means match all taint keys.
-                                  type: string
-                                operator:
-                                  description: Operator represents a key's relationship
-                                    to the value. Valid operators are Exists and Equal.
-                                  type: string
-                                tolerationSeconds:
-                                  description: TolerationSeconds represents the period
-                                    of time the toleration (which must be of effect
-                                    NoExecute, o
-                                  format: int64
-                                  type: integer
-                                value:
-                                  description: Value is the taint value the toleration
-                                    matches to.
-                                  type: string
-                              type: object
-                            type: array
-                          topologySpreadConstraints:
-                            description: TopologySpreadConstraints describes how a
-                              group of pods ought to spread across topology domains.
-                            items:
-                              description: TopologySpreadConstraint specifies how
-                                to spread matching pods among the given topology.
-                              properties:
-                                labelSelector:
-                                  description: LabelSelector is used to find matching
-                                    pods.
-                                  properties:
-                                    matchExpressions:
-                                      description: matchExpressions is a list of label
-                                        selector requirements. The requirements are
-                                        ANDed.
-                                      items:
-                                        description: A label selector requirement
-                                          is a selector that contains values, a key,
-                                          and an operator that relates
-                                        properties:
-                                          key:
-                                            description: key is the label key that
-                                              the selector applies to.
-                                            type: string
-                                          operator:
-                                            description: operator represents a key's
-                                              relationship to a set of values.
-                                            type: string
-                                          values:
-                                            description: values is an array of string
-                                              values.
-                                            items:
-                                              type: string
-                                            type: array
-                                        required:
-                                        - key
-                                        - operator
-                                        type: object
-                                      type: array
-                                    matchLabels:
-                                      additionalProperties:
-                                        type: string
-                                      description: matchLabels is a map of {key,value}
-                                        pairs.
-                                      type: object
-                                  type: object
-                                maxSkew:
-                                  description: MaxSkew describes the degree to which
-                                    pods may be unevenly distributed.
-                                  format: int32
-                                  type: integer
-                                topologyKey:
-                                  description: TopologyKey is the key of node labels.
-                                  type: string
-                                whenUnsatisfiable:
-                                  description: WhenUnsatisfiable indicates how to
-                                    deal with a pod if it doesn't satisfy the spread
-                                    constraint.
-                                  type: string
-                              required:
-                              - maxSkew
-                              - topologyKey
-                              - whenUnsatisfiable
-                              type: object
-                            type: array
-                            x-kubernetes-list-map-keys:
-                            - topologyKey
-                            - whenUnsatisfiable
-                            x-kubernetes-list-type: map
-                          volumes:
-                            description: List of volumes that can be mounted by containers
-                              belonging to the pod.
-                            items:
-                              description: Volume represents a named volume in a pod
-                                that may be accessed by any container in the pod.
-                              properties:
-                                awsElasticBlockStore:
-                                  description: AWSElasticBlockStore represents an
-                                    AWS Disk resource that is attached to a kubelet's
-                                    host machine an
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type of the volume that
-                                        you want to mount.
-                                      type: string
-                                    partition:
-                                      description: The partition in the volume that
-                                        you want to mount.
-                                      format: int32
-                                      type: integer
-                                    readOnly:
-                                      description: Specify "true" to force and set
-                                        the ReadOnly property in VolumeMounts to "true".
-                                      type: boolean
-                                    volumeID:
-                                      description: 'Unique ID of the persistent disk
-                                        resource in AWS (Amazon EBS volume). More
-                                        info: https://kubernetes.'
-                                      type: string
-                                  required:
-                                  - volumeID
-                                  type: object
-                                azureDisk:
-                                  description: AzureDisk represents an Azure Data
-                                    Disk mount on the host and bind mount to the pod.
-                                  properties:
-                                    cachingMode:
-                                      description: 'Host Caching mode: None, Read
-                                        Only, Read Write.'
-                                      type: string
-                                    diskName:
-                                      description: The Name of the data disk in the
-                                        blob storage
-                                      type: string
-                                    diskURI:
-                                      description: The URI the data disk in the blob
-                                        storage
-                                      type: string
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    kind:
-                                      description: 'Expected values Shared: multiple
-                                        blob disks per storage account  Dedicated:
-                                        single blob disk per sto'
-                                      type: string
-                                    readOnly:
-                                      description: Defaults to false (read/write).
-                                        ReadOnly here will force the ReadOnly setting
-                                        in VolumeMounts.
-                                      type: boolean
-                                  required:
-                                  - diskName
-                                  - diskURI
-                                  type: object
-                                azureFile:
-                                  description: AzureFile represents an Azure File
-                                    Service mount on the host and bind mount to the
-                                    pod.
-                                  properties:
-                                    readOnly:
-                                      description: Defaults to false (read/write).
-                                        ReadOnly here will force the ReadOnly setting
-                                        in VolumeMounts.
-                                      type: boolean
-                                    secretName:
-                                      description: the name of secret that contains
-                                        Azure Storage Account Name and Key
-                                      type: string
-                                    shareName:
-                                      description: Share Name
-                                      type: string
-                                  required:
-                                  - secretName
-                                  - shareName
-                                  type: object
-                                cephfs:
-                                  description: CephFS represents a Ceph FS mount on
-                                    the host that shares a pod's lifetime
-                                  properties:
-                                    monitors:
-                                      description: 'Required: Monitors is a collection
-                                        of Ceph monitors More info: https://examples.k8s.'
-                                      items:
-                                        type: string
-                                      type: array
-                                    path:
-                                      description: 'Optional: Used as the mounted
-                                        root, rather than the full Ceph tree, default
-                                        is /'
-                                      type: string
-                                    readOnly:
-                                      description: 'Optional: Defaults to false (read/write).'
-                                      type: boolean
-                                    secretFile:
-                                      description: 'Optional: SecretFile is the path
-                                        to key ring for User, default is /etc/ceph/user.'
-                                      type: string
-                                    secretRef:
-                                      description: 'Optional: SecretRef is reference
-                                        to the authentication secret for User, default
-                                        is empty.'
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    user:
-                                      description: 'Optional: User is the rados user
-                                        name, default is admin More info: https://examples.k8s.'
-                                      type: string
-                                  required:
-                                  - monitors
-                                  type: object
-                                cinder:
-                                  description: Cinder represents a cinder volume attached
-                                    and mounted on kubelets host machine.
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system.
-                                      type: string
-                                    readOnly:
-                                      description: 'Optional: Defaults to false (read/write).'
-                                      type: boolean
-                                    secretRef:
-                                      description: 'Optional: points to a secret object
-                                        containing parameters used to connect to OpenStack.'
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    volumeID:
-                                      description: 'volume id used to identify the
-                                        volume in cinder. More info: https://examples.k8s.'
-                                      type: string
-                                  required:
-                                  - volumeID
-                                  type: object
-                                configMap:
-                                  description: ConfigMap represents a configMap that
-                                    should populate this volume
-                                  properties:
-                                    defaultMode:
-                                      description: 'Optional: mode bits used to set
-                                        permissions on created files by default.'
-                                      format: int32
-                                      type: integer
-                                    items:
-                                      description: 'If unspecified, each key-value
-                                        pair in the Data field of the referenced ConfigMap
-                                        will be projected '
-                                      items:
-                                        description: Maps a string key to a path within
-                                          a volume.
-                                        properties:
-                                          key:
-                                            description: The key to project.
-                                            type: string
-                                          mode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on this file.'
-                                            format: int32
-                                            type: integer
-                                          path:
-                                            description: The relative path of the
-                                              file to map the key to. May not be an
-                                              absolute path.
-                                            type: string
-                                        required:
-                                        - key
-                                        - path
-                                        type: object
-                                      type: array
-                                    name:
-                                      description: 'Name of the referent. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    optional:
-                                      description: Specify whether the ConfigMap or
-                                        its keys must be defined
-                                      type: boolean
-                                  type: object
-                                csi:
-                                  description: CSI (Container Storage Interface) represents
-                                    ephemeral storage that is handled by certain external
-                                    C
-                                  properties:
-                                    driver:
-                                      description: Driver is the name of the CSI driver
-                                        that handles this volume.
-                                      type: string
-                                    fsType:
-                                      description: Filesystem type to mount. Ex. "ext4",
-                                        "xfs", "ntfs".
-                                      type: string
-                                    nodePublishSecretRef:
-                                      description: NodePublishSecretRef is a reference
-                                        to the secret object containing sensitive
-                                        information to pass to
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    readOnly:
-                                      description: Specifies a read-only configuration
-                                        for the volume. Defaults to false (read/write).
-                                      type: boolean
-                                    volumeAttributes:
-                                      additionalProperties:
-                                        type: string
-                                      description: VolumeAttributes stores driver-specific
-                                        properties that are passed to the CSI driver.
-                                      type: object
-                                  required:
-                                  - driver
-                                  type: object
-                                downwardAPI:
-                                  description: DownwardAPI represents downward API
-                                    about the pod that should populate this volume
-                                  properties:
-                                    defaultMode:
-                                      description: 'Optional: mode bits to use on
-                                        created files by default.'
-                                      format: int32
-                                      type: integer
-                                    items:
-                                      description: Items is a list of downward API
-                                        volume file
-                                      items:
-                                        description: DownwardAPIVolumeFile represents
-                                          information to create the file containing
-                                          the pod field
-                                        properties:
-                                          fieldRef:
-                                            description: 'Required: Selects a field
-                                              of the pod: only annotations, labels,
-                                              name and namespace are supported.'
-                                            properties:
-                                              apiVersion:
-                                                description: Version of the schema
-                                                  the FieldPath is written in terms
-                                                  of, defaults to "v1".
-                                                type: string
-                                              fieldPath:
-                                                description: Path of the field to
-                                                  select in the specified API version.
-                                                type: string
-                                            required:
-                                            - fieldPath
-                                            type: object
-                                          mode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on this file, must
-                                              be an octal value between 0000 and 07'
-                                            format: int32
-                                            type: integer
-                                          path:
-                                            description: 'Required: Path is  the relative
-                                              path name of the file to be created.'
-                                            type: string
-                                          resourceFieldRef:
-                                            description: 'Selects a resource of the
-                                              container: only resources limits and
-                                              requests (limits.cpu, limits.'
-                                            properties:
-                                              containerName:
-                                                description: 'Container name: required
-                                                  for volumes, optional for env vars'
-                                                type: string
-                                              divisor:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Specifies the output
-                                                  format of the exposed resources,
-                                                  defaults to "1"
-                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                x-kubernetes-int-or-string: true
-                                              resource:
-                                                description: 'Required: resource to
-                                                  select'
-                                                type: string
-                                            required:
-                                            - resource
-                                            type: object
-                                        required:
-                                        - path
-                                        type: object
-                                      type: array
-                                  type: object
-                                emptyDir:
-                                  description: EmptyDir represents a temporary directory
-                                    that shares a pod's lifetime.
-                                  properties:
-                                    medium:
-                                      description: What type of storage medium should
-                                        back this directory.
-                                      type: string
-                                    sizeLimit:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: Total amount of local storage required
-                                        for this EmptyDir volume.
-                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                      x-kubernetes-int-or-string: true
-                                  type: object
-                                ephemeral:
-                                  description: Ephemeral represents a volume that
-                                    is handled by a cluster storage driver.
-                                  properties:
-                                    volumeClaimTemplate:
-                                      description: Will be used to create a stand-alone
-                                        PVC to provision the volume.
-                                      properties:
-                                        metadata:
-                                          description: May contain labels and annotations
-                                            that will be copied into the PVC when
-                                            creating it.
-                                          properties:
-                                            annotations:
-                                              additionalProperties:
-                                                type: string
-                                              type: object
-                                            finalizers:
-                                              items:
-                                                type: string
-                                              type: array
-                                            labels:
-                                              additionalProperties:
-                                                type: string
-                                              type: object
-                                            name:
-                                              type: string
-                                            namespace:
-                                              type: string
-                                          type: object
-                                        spec:
-                                          description: The specification for the PersistentVolumeClaim.
-                                          properties:
-                                            accessModes:
-                                              description: 'AccessModes contains the
-                                                desired access modes the volume should
-                                                have. More info: https://kubernetes.'
-                                              items:
-                                                type: string
-                                              type: array
-                                            dataSource:
-                                              description: 'This field can be used
-                                                to specify either: * An existing VolumeSnapshot
-                                                object (snapshot.storage.k8s.'
-                                              properties:
-                                                apiGroup:
-                                                  description: APIGroup is the group
-                                                    for the resource being referenced.
-                                                  type: string
-                                                kind:
-                                                  description: Kind is the type of
-                                                    resource being referenced
-                                                  type: string
-                                                name:
-                                                  description: Name is the name of
-                                                    resource being referenced
-                                                  type: string
-                                              required:
-                                              - kind
-                                              - name
-                                              type: object
-                                            dataSourceRef:
-                                              description: Specifies the object from
-                                                which to populate the volume with
-                                                data, if a non-empty volume is desired.
-                                              properties:
-                                                apiGroup:
-                                                  description: APIGroup is the group
-                                                    for the resource being referenced.
-                                                  type: string
-                                                kind:
-                                                  description: Kind is the type of
-                                                    resource being referenced
-                                                  type: string
-                                                name:
-                                                  description: Name is the name of
-                                                    resource being referenced
-                                                  type: string
-                                              required:
-                                              - kind
-                                              - name
-                                              type: object
-                                            resources:
-                                              description: Resources represents the
-                                                minimum resources the volume should
-                                                have.
-                                              properties:
-                                                limits:
-                                                  additionalProperties:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  description: 'Limits describes the
-                                                    maximum amount of compute resources
-                                                    allowed. More info: https://kubernetes.'
-                                                  type: object
-                                                requests:
-                                                  additionalProperties:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  description: Requests describes
-                                                    the minimum amount of compute
-                                                    resources required.
-                                                  type: object
-                                              type: object
-                                            selector:
-                                              description: A label query over volumes
-                                                to consider for binding.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            storageClassName:
-                                              description: 'Name of the StorageClass
-                                                required by the claim. More info:
-                                                https://kubernetes.'
-                                              type: string
-                                            volumeMode:
-                                              description: volumeMode defines what
-                                                type of volume is required by the
-                                                claim.
-                                              type: string
-                                            volumeName:
-                                              description: VolumeName is the binding
-                                                reference to the PersistentVolume
-                                                backing this claim.
-                                              type: string
-                                          type: object
-                                      required:
-                                      - spec
-                                      type: object
-                                  type: object
-                                fc:
-                                  description: FC represents a Fibre Channel resource
-                                    that is attached to a kubelet's host machine and
-                                    then exposed
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    lun:
-                                      description: 'Optional: FC target lun number'
-                                      format: int32
-                                      type: integer
-                                    readOnly:
-                                      description: 'Optional: Defaults to false (read/write).'
-                                      type: boolean
-                                    targetWWNs:
-                                      description: 'Optional: FC target worldwide
-                                        names (WWNs)'
-                                      items:
-                                        type: string
-                                      type: array
-                                    wwids:
-                                      description: 'Optional: FC volume world wide
-                                        identifiers (wwids) Either wwids or combination
-                                        of targetWWNs and lun'
-                                      items:
-                                        type: string
-                                      type: array
-                                  type: object
-                                flexVolume:
-                                  description: FlexVolume represents a generic volume
-                                    resource that is provisioned/attached using an
-                                    exec based plu
-                                  properties:
-                                    driver:
-                                      description: Driver is the name of the driver
-                                        to use for this volume.
-                                      type: string
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    options:
-                                      additionalProperties:
-                                        type: string
-                                      description: 'Optional: Extra command options
-                                        if any.'
-                                      type: object
-                                    readOnly:
-                                      description: 'Optional: Defaults to false (read/write).'
-                                      type: boolean
-                                    secretRef:
-                                      description: 'Optional: SecretRef is reference
-                                        to the secret object containing sensitive
-                                        information to pass to th'
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                  required:
-                                  - driver
-                                  type: object
-                                flocker:
-                                  description: Flocker represents a Flocker volume
-                                    attached to a kubelet's host machine.
-                                  properties:
-                                    datasetName:
-                                      description: Name of the dataset stored as metadata
-                                        -> name on the dataset for Flocker should
-                                        be considered as de
-                                      type: string
-                                    datasetUUID:
-                                      description: UUID of the dataset. This is unique
-                                        identifier of a Flocker dataset
-                                      type: string
-                                  type: object
-                                gcePersistentDisk:
-                                  description: GCEPersistentDisk represents a GCE
-                                    Disk resource that is attached to a kubelet's
-                                    host machine and th
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type of the volume that
-                                        you want to mount.
-                                      type: string
-                                    partition:
-                                      description: The partition in the volume that
-                                        you want to mount.
-                                      format: int32
-                                      type: integer
-                                    pdName:
-                                      description: Unique name of the PD resource
-                                        in GCE. Used to identify the disk in GCE.
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly here will force the ReadOnly
-                                        setting in VolumeMounts. Defaults to false.
-                                      type: boolean
-                                  required:
-                                  - pdName
-                                  type: object
-                                gitRepo:
-                                  description: 'GitRepo represents a git repository
-                                    at a particular revision. DEPRECATED: GitRepo
-                                    is deprecated.'
-                                  properties:
-                                    directory:
-                                      description: Target directory name. Must not
-                                        contain or start with '..'.  If '.
-                                      type: string
-                                    repository:
-                                      description: Repository URL
-                                      type: string
-                                    revision:
-                                      description: Commit hash for the specified revision.
-                                      type: string
-                                  required:
-                                  - repository
-                                  type: object
-                                glusterfs:
-                                  description: Glusterfs represents a Glusterfs mount
-                                    on the host that shares a pod's lifetime.
-                                  properties:
-                                    endpoints:
-                                      description: 'EndpointsName is the endpoint
-                                        name that details Glusterfs topology. More
-                                        info: https://examples.k8s.'
-                                      type: string
-                                    path:
-                                      description: 'Path is the Glusterfs volume path.
-                                        More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly here will force the Glusterfs
-                                        volume to be mounted with read-only permissions.
-                                      type: boolean
-                                  required:
-                                  - endpoints
-                                  - path
-                                  type: object
-                                hostPath:
-                                  description: HostPath represents a pre-existing
-                                    file or directory on the host machine that is
-                                    directly exposed to
-                                  properties:
-                                    path:
-                                      description: Path of the directory on the host.
-                                      type: string
-                                    type:
-                                      description: 'Type for HostPath Volume Defaults
-                                        to "" More info: https://kubernetes.'
-                                      type: string
-                                  required:
-                                  - path
-                                  type: object
-                                iscsi:
-                                  description: ISCSI represents an ISCSI Disk resource
-                                    that is attached to a kubelet's host machine and
-                                    then expose
-                                  properties:
-                                    chapAuthDiscovery:
-                                      description: whether support iSCSI Discovery
-                                        CHAP authentication
-                                      type: boolean
-                                    chapAuthSession:
-                                      description: whether support iSCSI Session CHAP
-                                        authentication
-                                      type: boolean
-                                    fsType:
-                                      description: Filesystem type of the volume that
-                                        you want to mount.
-                                      type: string
-                                    initiatorName:
-                                      description: Custom iSCSI Initiator Name.
-                                      type: string
-                                    iqn:
-                                      description: Target iSCSI Qualified Name.
-                                      type: string
-                                    iscsiInterface:
-                                      description: iSCSI Interface Name that uses
-                                        an iSCSI transport. Defaults to 'default'
-                                        (tcp).
-                                      type: string
-                                    lun:
-                                      description: iSCSI Target Lun number.
-                                      format: int32
-                                      type: integer
-                                    portals:
-                                      description: iSCSI Target Portal List.
-                                      items:
-                                        type: string
-                                      type: array
-                                    readOnly:
-                                      description: ReadOnly here will force the ReadOnly
-                                        setting in VolumeMounts. Defaults to false.
-                                      type: boolean
-                                    secretRef:
-                                      description: CHAP Secret for iSCSI target and
-                                        initiator authentication
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    targetPortal:
-                                      description: iSCSI Target Portal.
-                                      type: string
-                                  required:
-                                  - iqn
-                                  - lun
-                                  - targetPortal
-                                  type: object
-                                name:
-                                  description: 'Volume''s name. Must be a DNS_LABEL
-                                    and unique within the pod. More info: https://kubernetes.'
-                                  type: string
-                                nfs:
-                                  description: 'NFS represents an NFS mount on the
-                                    host that shares a pod''s lifetime More info:
-                                    https://kubernetes.'
-                                  properties:
-                                    path:
-                                      description: 'Path that is exported by the NFS
-                                        server. More info: https://kubernetes.'
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly here will force the NFS
-                                        export to be mounted with read-only permissions.
-                                        Defaults to false.
-                                      type: boolean
-                                    server:
-                                      description: 'Server is the hostname or IP address
-                                        of the NFS server. More info: https://kubernetes.'
-                                      type: string
-                                  required:
-                                  - path
-                                  - server
-                                  type: object
-                                persistentVolumeClaim:
-                                  description: PersistentVolumeClaimVolumeSource represents
-                                    a reference to a PersistentVolumeClaim in the
-                                    same name
-                                  properties:
-                                    claimName:
-                                      description: ClaimName is the name of a PersistentVolumeClaim
-                                        in the same namespace as the pod using this
-                                        volume.
-                                      type: string
-                                    readOnly:
-                                      description: Will force the ReadOnly setting
-                                        in VolumeMounts. Default false.
-                                      type: boolean
-                                  required:
-                                  - claimName
-                                  type: object
-                                photonPersistentDisk:
-                                  description: 'PhotonPersistentDisk represents a
-                                    PhotonController persistent disk attached and
-                                    mounted on kubelets '
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    pdID:
-                                      description: ID that identifies Photon Controller
-                                        persistent disk
-                                      type: string
-                                  required:
-                                  - pdID
-                                  type: object
-                                portworxVolume:
-                                  description: PortworxVolume represents a portworx
-                                    volume attached and mounted on kubelets host machine
-                                  properties:
-                                    fsType:
-                                      description: FSType represents the filesystem
-                                        type to mount Must be a filesystem type supported
-                                        by the host opera
-                                      type: string
-                                    readOnly:
-                                      description: Defaults to false (read/write).
-                                        ReadOnly here will force the ReadOnly setting
-                                        in VolumeMounts.
-                                      type: boolean
-                                    volumeID:
-                                      description: VolumeID uniquely identifies a
-                                        Portworx volume
-                                      type: string
-                                  required:
-                                  - volumeID
-                                  type: object
-                                projected:
-                                  description: Items for all in one resources secrets,
-                                    configmaps, and downward API
-                                  properties:
-                                    defaultMode:
-                                      description: Mode bits used to set permissions
-                                        on created files by default.
-                                      format: int32
-                                      type: integer
-                                    sources:
-                                      description: list of volume projections
-                                      items:
-                                        description: Projection that may be projected
-                                          along with other supported volume types
-                                        properties:
-                                          configMap:
-                                            description: information about the configMap
-                                              data to project
-                                            properties:
-                                              items:
-                                                description: 'If unspecified, each
-                                                  key-value pair in the Data field
-                                                  of the referenced ConfigMap will
-                                                  be projected '
-                                                items:
-                                                  description: Maps a string key to
-                                                    a path within a volume.
-                                                  properties:
-                                                    key:
-                                                      description: The key to project.
-                                                      type: string
-                                                    mode:
-                                                      description: 'Optional: mode
-                                                        bits used to set permissions
-                                                        on this file.'
-                                                      format: int32
-                                                      type: integer
-                                                    path:
-                                                      description: The relative path
-                                                        of the file to map the key
-                                                        to. May not be an absolute
-                                                        path.
-                                                      type: string
-                                                  required:
-                                                  - key
-                                                  - path
-                                                  type: object
-                                                type: array
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  or its keys must be defined
-                                                type: boolean
-                                            type: object
-                                          downwardAPI:
-                                            description: information about the downwardAPI
-                                              data to project
-                                            properties:
-                                              items:
-                                                description: Items is a list of DownwardAPIVolume
-                                                  file
-                                                items:
-                                                  description: DownwardAPIVolumeFile
-                                                    represents information to create
-                                                    the file containing the pod field
-                                                  properties:
-                                                    fieldRef:
-                                                      description: 'Required: Selects
-                                                        a field of the pod: only annotations,
-                                                        labels, name and namespace
-                                                        are supported.'
-                                                      properties:
-                                                        apiVersion:
-                                                          description: Version of
-                                                            the schema the FieldPath
-                                                            is written in terms of,
-                                                            defaults to "v1".
-                                                          type: string
-                                                        fieldPath:
-                                                          description: Path of the
-                                                            field to select in the
-                                                            specified API version.
-                                                          type: string
-                                                      required:
-                                                      - fieldPath
-                                                      type: object
-                                                    mode:
-                                                      description: 'Optional: mode
-                                                        bits used to set permissions
-                                                        on this file, must be an octal
-                                                        value between 0000 and 07'
-                                                      format: int32
-                                                      type: integer
-                                                    path:
-                                                      description: 'Required: Path
-                                                        is  the relative path name
-                                                        of the file to be created.'
-                                                      type: string
-                                                    resourceFieldRef:
-                                                      description: 'Selects a resource
-                                                        of the container: only resources
-                                                        limits and requests (limits.cpu,
-                                                        limits.'
-                                                      properties:
-                                                        containerName:
-                                                          description: 'Container
-                                                            name: required for volumes,
-                                                            optional for env vars'
-                                                          type: string
-                                                        divisor:
-                                                          anyOf:
-                                                          - type: integer
-                                                          - type: string
-                                                          description: Specifies the
-                                                            output format of the exposed
-                                                            resources, defaults to
-                                                            "1"
-                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                          x-kubernetes-int-or-string: true
-                                                        resource:
-                                                          description: 'Required:
-                                                            resource to select'
-                                                          type: string
-                                                      required:
-                                                      - resource
-                                                      type: object
-                                                  required:
-                                                  - path
-                                                  type: object
-                                                type: array
-                                            type: object
-                                          secret:
-                                            description: information about the secret
-                                              data to project
-                                            properties:
-                                              items:
-                                                description: If unspecified, each
-                                                  key-value pair in the Data field
-                                                  of the referenced Secret will be
-                                                  projected int
-                                                items:
-                                                  description: Maps a string key to
-                                                    a path within a volume.
-                                                  properties:
-                                                    key:
-                                                      description: The key to project.
-                                                      type: string
-                                                    mode:
-                                                      description: 'Optional: mode
-                                                        bits used to set permissions
-                                                        on this file.'
-                                                      format: int32
-                                                      type: integer
-                                                    path:
-                                                      description: The relative path
-                                                        of the file to map the key
-                                                        to. May not be an absolute
-                                                        path.
-                                                      type: string
-                                                  required:
-                                                  - key
-                                                  - path
-                                                  type: object
-                                                type: array
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  or its key must be defined
-                                                type: boolean
-                                            type: object
-                                          serviceAccountToken:
-                                            description: information about the serviceAccountToken
-                                              data to project
-                                            properties:
-                                              audience:
-                                                description: Audience is the intended
-                                                  audience of the token.
-                                                type: string
-                                              expirationSeconds:
-                                                description: ExpirationSeconds is
-                                                  the requested duration of validity
-                                                  of the service account token.
-                                                format: int64
-                                                type: integer
-                                              path:
-                                                description: Path is the path relative
-                                                  to the mount point of the file to
-                                                  project the token into.
-                                                type: string
-                                            required:
-                                            - path
-                                            type: object
-                                        type: object
-                                      type: array
-                                  type: object
-                                quobyte:
-                                  description: Quobyte represents a Quobyte mount
-                                    on the host that shares a pod's lifetime
-                                  properties:
-                                    group:
-                                      description: Group to map volume access to Default
-                                        is no group
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly here will force the Quobyte
-                                        volume to be mounted with read-only permissions.
-                                      type: boolean
-                                    registry:
-                                      description: Registry represents a single or
-                                        multiple Quobyte Registry services specified
-                                        as a string as host:por
-                                      type: string
-                                    tenant:
-                                      description: Tenant owning the given Quobyte
-                                        volume in the Backend Used with dynamically
-                                        provisioned Quobyte volu
-                                      type: string
-                                    user:
-                                      description: User to map volume access to Defaults
-                                        to serivceaccount user
-                                      type: string
-                                    volume:
-                                      description: Volume is a string that references
-                                        an already created Quobyte volume by name.
-                                      type: string
-                                  required:
-                                  - registry
-                                  - volume
-                                  type: object
-                                rbd:
-                                  description: RBD represents a Rados Block Device
-                                    mount on the host that shares a pod's lifetime.
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type of the volume that
-                                        you want to mount.
-                                      type: string
-                                    image:
-                                      description: 'The rados image name. More info:
-                                        https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                      type: string
-                                    keyring:
-                                      description: Keyring is the path to key ring
-                                        for RBDUser. Default is /etc/ceph/keyring.
-                                      type: string
-                                    monitors:
-                                      description: 'A collection of Ceph monitors.
-                                        More info: https://examples.k8s.io/volumes/rbd/README.'
-                                      items:
-                                        type: string
-                                      type: array
-                                    pool:
-                                      description: 'The rados pool name. Default is
-                                        rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly here will force the ReadOnly
-                                        setting in VolumeMounts. Defaults to false.
-                                      type: boolean
-                                    secretRef:
-                                      description: SecretRef is name of the authentication
-                                        secret for RBDUser. If provided overrides
-                                        keyring.
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    user:
-                                      description: 'The rados user name. Default is
-                                        admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                      type: string
-                                  required:
-                                  - image
-                                  - monitors
-                                  type: object
-                                scaleIO:
-                                  description: ScaleIO represents a ScaleIO persistent
-                                    volume attached and mounted on Kubernetes nodes.
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    gateway:
-                                      description: The host address of the ScaleIO
-                                        API Gateway.
-                                      type: string
-                                    protectionDomain:
-                                      description: The name of the ScaleIO Protection
-                                        Domain for the configured storage.
-                                      type: string
-                                    readOnly:
-                                      description: Defaults to false (read/write).
-                                        ReadOnly here will force the ReadOnly setting
-                                        in VolumeMounts.
-                                      type: boolean
-                                    secretRef:
-                                      description: SecretRef references to the secret
-                                        for ScaleIO user and other sensitive information.
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    sslEnabled:
-                                      description: Flag to enable/disable SSL communication
-                                        with Gateway, default false
-                                      type: boolean
-                                    storageMode:
-                                      description: Indicates whether the storage for
-                                        a volume should be ThickProvisioned or ThinProvisioned.
-                                      type: string
-                                    storagePool:
-                                      description: The ScaleIO Storage Pool associated
-                                        with the protection domain.
-                                      type: string
-                                    system:
-                                      description: The name of the storage system
-                                        as configured in ScaleIO.
-                                      type: string
-                                    volumeName:
-                                      description: The name of a volume already created
-                                        in the ScaleIO system that is associated with
-                                        this volume sourc
-                                      type: string
-                                  required:
-                                  - gateway
-                                  - secretRef
-                                  - system
-                                  type: object
-                                secret:
-                                  description: 'Secret represents a secret that should
-                                    populate this volume. More info: https://kubernetes.'
-                                  properties:
-                                    defaultMode:
-                                      description: 'Optional: mode bits used to set
-                                        permissions on created files by default.'
-                                      format: int32
-                                      type: integer
-                                    items:
-                                      description: If unspecified, each key-value
-                                        pair in the Data field of the referenced Secret
-                                        will be projected int
-                                      items:
-                                        description: Maps a string key to a path within
-                                          a volume.
-                                        properties:
-                                          key:
-                                            description: The key to project.
-                                            type: string
-                                          mode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on this file.'
-                                            format: int32
-                                            type: integer
-                                          path:
-                                            description: The relative path of the
-                                              file to map the key to. May not be an
-                                              absolute path.
-                                            type: string
-                                        required:
-                                        - key
-                                        - path
-                                        type: object
-                                      type: array
-                                    optional:
-                                      description: Specify whether the Secret or its
-                                        keys must be defined
-                                      type: boolean
-                                    secretName:
-                                      description: 'Name of the secret in the pod''s
-                                        namespace to use. More info: https://kubernetes.'
-                                      type: string
-                                  type: object
-                                storageos:
-                                  description: StorageOS represents a StorageOS volume
-                                    attached and mounted on Kubernetes nodes.
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    readOnly:
-                                      description: Defaults to false (read/write).
-                                        ReadOnly here will force the ReadOnly setting
-                                        in VolumeMounts.
-                                      type: boolean
-                                    secretRef:
-                                      description: SecretRef specifies the secret
-                                        to use for obtaining the StorageOS API credentials.
-                                      properties:
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    volumeName:
-                                      description: VolumeName is the human-readable
-                                        name of the StorageOS volume.
-                                      type: string
-                                    volumeNamespace:
-                                      description: VolumeNamespace specifies the scope
-                                        of the volume within StorageOS.
-                                      type: string
-                                  type: object
-                                vsphereVolume:
-                                  description: VsphereVolume represents a vSphere
-                                    volume attached and mounted on kubelets host machine
-                                  properties:
-                                    fsType:
-                                      description: Filesystem type to mount. Must
-                                        be a filesystem type supported by the host
-                                        operating system. Ex.
-                                      type: string
-                                    storagePolicyID:
-                                      description: Storage Policy Based Management
-                                        (SPBM) profile ID associated with the StoragePolicyName.
-                                      type: string
-                                    storagePolicyName:
-                                      description: Storage Policy Based Management
-                                        (SPBM) profile name.
-                                      type: string
-                                    volumePath:
-                                      description: Path that identifies vSphere volume
-                                        vmdk
-                                      type: string
-                                  required:
-                                  - volumePath
-                                  type: object
-                              required:
-                              - name
-                              type: object
-                            type: array
-                        required:
-                        - containers
-                        type: object
-                    type: object
-                required:
-                - rayStartParams
-                - serviceType
-                - template
-                type: object
-              rayVersion:
-                description: RayVersion is the version of ray being used. this affects
-                  the command used to start ray
-                type: string
-              workerGroupSpecs:
-                description: WorkerGroupSpecs are the specs for the worker pods
-                items:
-                  description: WorkerGroupSpec are the specs for the worker pods
-                  properties:
-                    groupName:
-                      description: we can have multiple worker groups, we distinguish
-                        them by name
-                      type: string
-                    maxReplicas:
-                      description: MaxReplicas defaults to maxInt32
-                      format: int32
-                      type: integer
-                    minReplicas:
-                      description: MinReplicas defaults to 1
-                      format: int32
-                      type: integer
-                    rayStartParams:
-                      additionalProperties:
-                        type: string
-                      description: 'RayStartParams are the params of the start command:
-                        address, object-store-memory, ...'
-                      type: object
-                    replicas:
-                      description: Replicas Number of desired pods in this pod group.
-                      format: int32
-                      type: integer
-                    scaleStrategy:
-                      description: ScaleStrategy defines which pods to remove
-                      properties:
-                        workersToDelete:
-                          description: WorkersToDelete workers to be deleted
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    template:
-                      description: Template a pod template for the worker
-                      properties:
-                        metadata:
-                          description: 'Standard object''s metadata. More info: https://git.k8s.'
-                          properties:
-                            annotations:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            finalizers:
-                              items:
-                                type: string
-                              type: array
-                            labels:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                          type: object
-                        spec:
-                          description: 'Specification of the desired behavior of the
-                            pod. More info: https://git.k8s.'
-                          properties:
-                            activeDeadlineSeconds:
-                              description: Optional duration in seconds the pod may
-                                be active on the node relative to StartTime before
-                                the syst
-                              format: int64
-                              type: integer
-                            affinity:
-                              description: If specified, the pod's scheduling constraints
-                              properties:
-                                nodeAffinity:
-                                  description: Describes node affinity scheduling
-                                    rules for the pod.
-                                  properties:
-                                    preferredDuringSchedulingIgnoredDuringExecution:
-                                      description: 'The scheduler will prefer to schedule
-                                        pods to nodes that satisfy the affinity expressions
-                                        specified '
-                                      items:
-                                        description: An empty preferred scheduling
-                                          term matches all objects with implicit weight
-                                          0 (i.e. it's a no-op).
-                                        properties:
-                                          preference:
-                                            description: A node selector term, associated
-                                              with the corresponding weight.
-                                            properties:
-                                              matchExpressions:
-                                                description: A list of node selector
-                                                  requirements by node's labels.
-                                                items:
-                                                  description: 'A node selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates '
-                                                  properties:
-                                                    key:
-                                                      description: The label key that
-                                                        the selector applies to.
-                                                      type: string
-                                                    operator:
-                                                      description: Represents a key's
-                                                        relationship to a set of values.
-                                                      type: string
-                                                    values:
-                                                      description: An array of string
-                                                        values. If the operator is
-                                                        In or NotIn, the values array
-                                                        must be non-empty.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchFields:
-                                                description: A list of node selector
-                                                  requirements by node's fields.
-                                                items:
-                                                  description: 'A node selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates '
-                                                  properties:
-                                                    key:
-                                                      description: The label key that
-                                                        the selector applies to.
-                                                      type: string
-                                                    operator:
-                                                      description: Represents a key's
-                                                        relationship to a set of values.
-                                                      type: string
-                                                    values:
-                                                      description: An array of string
-                                                        values. If the operator is
-                                                        In or NotIn, the values array
-                                                        must be non-empty.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                            type: object
-                                          weight:
-                                            description: Weight associated with matching
-                                              the corresponding nodeSelectorTerm,
-                                              in the range 1-100.
-                                            format: int32
-                                            type: integer
-                                        required:
-                                        - preference
-                                        - weight
-                                        type: object
-                                      type: array
-                                    requiredDuringSchedulingIgnoredDuringExecution:
-                                      description: If the affinity requirements specified
-                                        by this field are not met at scheduling time,
-                                        the pod will no
-                                      properties:
-                                        nodeSelectorTerms:
-                                          description: Required. A list of node selector
-                                            terms. The terms are ORed.
-                                          items:
-                                            description: A null or empty node selector
-                                              term matches no objects. The requirements
-                                              of them are ANDed.
-                                            properties:
-                                              matchExpressions:
-                                                description: A list of node selector
-                                                  requirements by node's labels.
-                                                items:
-                                                  description: 'A node selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates '
-                                                  properties:
-                                                    key:
-                                                      description: The label key that
-                                                        the selector applies to.
-                                                      type: string
-                                                    operator:
-                                                      description: Represents a key's
-                                                        relationship to a set of values.
-                                                      type: string
-                                                    values:
-                                                      description: An array of string
-                                                        values. If the operator is
-                                                        In or NotIn, the values array
-                                                        must be non-empty.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchFields:
-                                                description: A list of node selector
-                                                  requirements by node's fields.
-                                                items:
-                                                  description: 'A node selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates '
-                                                  properties:
-                                                    key:
-                                                      description: The label key that
-                                                        the selector applies to.
-                                                      type: string
-                                                    operator:
-                                                      description: Represents a key's
-                                                        relationship to a set of values.
-                                                      type: string
-                                                    values:
-                                                      description: An array of string
-                                                        values. If the operator is
-                                                        In or NotIn, the values array
-                                                        must be non-empty.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                            type: object
-                                          type: array
-                                      required:
-                                      - nodeSelectorTerms
-                                      type: object
-                                  type: object
-                                podAffinity:
-                                  description: Describes pod affinity scheduling rules
-                                    (e.g. co-locate this pod in the same node, zone,
-                                    etc.
-                                  properties:
-                                    preferredDuringSchedulingIgnoredDuringExecution:
-                                      description: 'The scheduler will prefer to schedule
-                                        pods to nodes that satisfy the affinity expressions
-                                        specified '
-                                      items:
-                                        description: The weights of all of the matched
-                                          WeightedPodAffinityTerm fields are added
-                                          per-node to find the most
-                                        properties:
-                                          podAffinityTerm:
-                                            description: Required. A pod affinity
-                                              term, associated with the corresponding
-                                              weight.
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          weight:
-                                            description: weight associated with matching
-                                              the corresponding podAffinityTerm, in
-                                              the range 1-100.
-                                            format: int32
-                                            type: integer
-                                        required:
-                                        - podAffinityTerm
-                                        - weight
-                                        type: object
-                                      type: array
-                                    requiredDuringSchedulingIgnoredDuringExecution:
-                                      description: If the affinity requirements specified
-                                        by this field are not met at scheduling time,
-                                        the pod will no
-                                      items:
-                                        description: Defines a set of pods (namely
-                                          those matching the labelSelector relative
-                                          to the given namespace(s)) t
-                                        properties:
-                                          labelSelector:
-                                            description: A label query over a set
-                                              of resources, in this case pods.
-                                            properties:
-                                              matchExpressions:
-                                                description: matchExpressions is a
-                                                  list of label selector requirements.
-                                                  The requirements are ANDed.
-                                                items:
-                                                  description: A label selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates
-                                                  properties:
-                                                    key:
-                                                      description: key is the label
-                                                        key that the selector applies
-                                                        to.
-                                                      type: string
-                                                    operator:
-                                                      description: operator represents
-                                                        a key's relationship to a
-                                                        set of values.
-                                                      type: string
-                                                    values:
-                                                      description: values is an array
-                                                        of string values.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchLabels:
-                                                additionalProperties:
-                                                  type: string
-                                                description: matchLabels is a map
-                                                  of {key,value} pairs.
-                                                type: object
-                                            type: object
-                                          namespaceSelector:
-                                            description: A label query over the set
-                                              of namespaces that the term applies
-                                              to.
-                                            properties:
-                                              matchExpressions:
-                                                description: matchExpressions is a
-                                                  list of label selector requirements.
-                                                  The requirements are ANDed.
-                                                items:
-                                                  description: A label selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates
-                                                  properties:
-                                                    key:
-                                                      description: key is the label
-                                                        key that the selector applies
-                                                        to.
-                                                      type: string
-                                                    operator:
-                                                      description: operator represents
-                                                        a key's relationship to a
-                                                        set of values.
-                                                      type: string
-                                                    values:
-                                                      description: values is an array
-                                                        of string values.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchLabels:
-                                                additionalProperties:
-                                                  type: string
-                                                description: matchLabels is a map
-                                                  of {key,value} pairs.
-                                                type: object
-                                            type: object
-                                          namespaces:
-                                            description: namespaces specifies a static
-                                              list of namespace names that the term
-                                              applies to.
-                                            items:
-                                              type: string
-                                            type: array
-                                          topologyKey:
-                                            description: This pod should be co-located
-                                              (affinity) or not co-located (anti-affinity)
-                                              with the pods matching th
-                                            type: string
-                                        required:
-                                        - topologyKey
-                                        type: object
-                                      type: array
-                                  type: object
-                                podAntiAffinity:
-                                  description: Describes pod anti-affinity scheduling
-                                    rules (e.g.
-                                  properties:
-                                    preferredDuringSchedulingIgnoredDuringExecution:
-                                      description: The scheduler will prefer to schedule
-                                        pods to nodes that satisfy the anti-affinity
-                                        expressions speci
-                                      items:
-                                        description: The weights of all of the matched
-                                          WeightedPodAffinityTerm fields are added
-                                          per-node to find the most
-                                        properties:
-                                          podAffinityTerm:
-                                            description: Required. A pod affinity
-                                              term, associated with the corresponding
-                                              weight.
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          weight:
-                                            description: weight associated with matching
-                                              the corresponding podAffinityTerm, in
-                                              the range 1-100.
-                                            format: int32
-                                            type: integer
-                                        required:
-                                        - podAffinityTerm
-                                        - weight
-                                        type: object
-                                      type: array
-                                    requiredDuringSchedulingIgnoredDuringExecution:
-                                      description: If the anti-affinity requirements
-                                        specified by this field are not met at scheduling
-                                        time, the pod wi
-                                      items:
-                                        description: Defines a set of pods (namely
-                                          those matching the labelSelector relative
-                                          to the given namespace(s)) t
-                                        properties:
-                                          labelSelector:
-                                            description: A label query over a set
-                                              of resources, in this case pods.
-                                            properties:
-                                              matchExpressions:
-                                                description: matchExpressions is a
-                                                  list of label selector requirements.
-                                                  The requirements are ANDed.
-                                                items:
-                                                  description: A label selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates
-                                                  properties:
-                                                    key:
-                                                      description: key is the label
-                                                        key that the selector applies
-                                                        to.
-                                                      type: string
-                                                    operator:
-                                                      description: operator represents
-                                                        a key's relationship to a
-                                                        set of values.
-                                                      type: string
-                                                    values:
-                                                      description: values is an array
-                                                        of string values.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchLabels:
-                                                additionalProperties:
-                                                  type: string
-                                                description: matchLabels is a map
-                                                  of {key,value} pairs.
-                                                type: object
-                                            type: object
-                                          namespaceSelector:
-                                            description: A label query over the set
-                                              of namespaces that the term applies
-                                              to.
-                                            properties:
-                                              matchExpressions:
-                                                description: matchExpressions is a
-                                                  list of label selector requirements.
-                                                  The requirements are ANDed.
-                                                items:
-                                                  description: A label selector requirement
-                                                    is a selector that contains values,
-                                                    a key, and an operator that relates
-                                                  properties:
-                                                    key:
-                                                      description: key is the label
-                                                        key that the selector applies
-                                                        to.
-                                                      type: string
-                                                    operator:
-                                                      description: operator represents
-                                                        a key's relationship to a
-                                                        set of values.
-                                                      type: string
-                                                    values:
-                                                      description: values is an array
-                                                        of string values.
-                                                      items:
-                                                        type: string
-                                                      type: array
-                                                  required:
-                                                  - key
-                                                  - operator
-                                                  type: object
-                                                type: array
-                                              matchLabels:
-                                                additionalProperties:
-                                                  type: string
-                                                description: matchLabels is a map
-                                                  of {key,value} pairs.
-                                                type: object
-                                            type: object
-                                          namespaces:
-                                            description: namespaces specifies a static
-                                              list of namespace names that the term
-                                              applies to.
-                                            items:
-                                              type: string
-                                            type: array
-                                          topologyKey:
-                                            description: This pod should be co-located
-                                              (affinity) or not co-located (anti-affinity)
-                                              with the pods matching th
-                                            type: string
-                                        required:
-                                        - topologyKey
-                                        type: object
-                                      type: array
-                                  type: object
-                              type: object
-                            automountServiceAccountToken:
-                              description: AutomountServiceAccountToken indicates
-                                whether a service account token should be automatically
-                                mount
-                              type: boolean
-                            containers:
-                              description: List of containers belonging to the pod.
-                                Containers cannot currently be added or removed.
-                              items:
-                                description: A single application container that you
-                                  want to run within a pod.
-                                properties:
-                                  args:
-                                    description: Arguments to the entrypoint. The
-                                      docker image's CMD is used if this is not provided.
-                                    items:
-                                      type: string
-                                    type: array
-                                  command:
-                                    description: Entrypoint array. Not executed within
-                                      a shell.
-                                    items:
-                                      type: string
-                                    type: array
-                                  env:
-                                    description: List of environment variables to
-                                      set in the container. Cannot be updated.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: Variable references $(VAR_NAME)
-                                            are expanded using the previously defined
-                                            environment variables in t
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                            fieldRef:
-                                              description: 'Selects a field of the
-                                                pod: supports metadata.name, metadata.namespace,
-                                                `metadata.'
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                            resourceFieldRef:
-                                              description: 'Selects a resource of
-                                                the container: only resources limits
-                                                and requests (limits.cpu, limits.'
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  envFrom:
-                                    description: List of sources to populate environment
-                                      variables in the container.
-                                    items:
-                                      description: EnvFromSource represents the source
-                                        of a set of ConfigMaps
-                                      properties:
-                                        configMapRef:
-                                          description: The ConfigMap to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                        prefix:
-                                          description: An optional identifier to prepend
-                                            to each key in the ConfigMap. Must be
-                                            a C_IDENTIFIER.
-                                          type: string
-                                        secretRef:
-                                          description: The Secret to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                      type: object
-                                    type: array
-                                  image:
-                                    description: 'Docker image name. More info: https://kubernetes.'
-                                    type: string
-                                  imagePullPolicy:
-                                    description: Image pull policy. One of Always,
-                                      Never, IfNotPresent.
-                                    type: string
-                                  lifecycle:
-                                    description: Actions that the management system
-                                      should take in response to container lifecycle
-                                      events.
-                                    properties:
-                                      postStart:
-                                        description: PostStart is called immediately
-                                          after a container is created.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                      preStop:
-                                        description: PreStop is called immediately
-                                          before a container is terminated due to
-                                          an API request or management e
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                    type: object
-                                  livenessProbe:
-                                    description: Periodic probe of container liveness.
-                                      Container will be restarted if the probe fails.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  name:
-                                    description: Name of the container specified as
-                                      a DNS_LABEL.
-                                    type: string
-                                  ports:
-                                    description: List of ports to expose from the
-                                      container.
-                                    items:
-                                      description: ContainerPort represents a network
-                                        port in a single container.
-                                      properties:
-                                        containerPort:
-                                          description: Number of port to expose on
-                                            the pod's IP address. This must be a valid
-                                            port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        hostIP:
-                                          description: What host IP to bind the external
-                                            port to.
-                                          type: string
-                                        hostPort:
-                                          description: Number of port to expose on
-                                            the host. If specified, this must be a
-                                            valid port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        name:
-                                          description: If specified, this must be
-                                            an IANA_SVC_NAME and unique within the
-                                            pod.
-                                          type: string
-                                        protocol:
-                                          default: TCP
-                                          description: Protocol for port. Must be
-                                            UDP, TCP, or SCTP. Defaults to "TCP".
-                                          type: string
-                                      required:
-                                      - containerPort
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                    - containerPort
-                                    - protocol
-                                    x-kubernetes-list-type: map
-                                  readinessProbe:
-                                    description: Periodic probe of container service
-                                      readiness.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  resources:
-                                    description: 'Compute Resources required by this
-                                      container. Cannot be updated. More info: https://kubernetes.'
-                                    properties:
-                                      limits:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: 'Limits describes the maximum
-                                          amount of compute resources allowed. More
-                                          info: https://kubernetes.'
-                                        type: object
-                                      requests:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: Requests describes the minimum
-                                          amount of compute resources required.
-                                        type: object
-                                    type: object
-                                  securityContext:
-                                    description: SecurityContext defines the security
-                                      options the container should be run with.
-                                    properties:
-                                      allowPrivilegeEscalation:
-                                        description: AllowPrivilegeEscalation controls
-                                          whether a process can gain more privileges
-                                          than its parent process
-                                        type: boolean
-                                      capabilities:
-                                        description: The capabilities to add/drop
-                                          when running containers.
-                                        properties:
-                                          add:
-                                            description: Added capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                          drop:
-                                            description: Removed capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                        type: object
-                                      privileged:
-                                        description: Run container in privileged mode.
-                                        type: boolean
-                                      procMount:
-                                        description: procMount denotes the type of
-                                          proc mount to use for the containers.
-                                        type: string
-                                      readOnlyRootFilesystem:
-                                        description: Whether this container has a
-                                          read-only root filesystem. Default is false.
-                                        type: boolean
-                                      runAsGroup:
-                                        description: The GID to run the entrypoint
-                                          of the container process. Uses runtime default
-                                          if unset.
-                                        format: int64
-                                        type: integer
-                                      runAsNonRoot:
-                                        description: Indicates that the container
-                                          must run as a non-root user.
-                                        type: boolean
-                                      runAsUser:
-                                        description: The UID to run the entrypoint
-                                          of the container process.
-                                        format: int64
-                                        type: integer
-                                      seLinuxOptions:
-                                        description: The SELinux context to be applied
-                                          to the container.
-                                        properties:
-                                          level:
-                                            description: Level is SELinux level label
-                                              that applies to the container.
-                                            type: string
-                                          role:
-                                            description: Role is a SELinux role label
-                                              that applies to the container.
-                                            type: string
-                                          type:
-                                            description: Type is a SELinux type label
-                                              that applies to the container.
-                                            type: string
-                                          user:
-                                            description: User is a SELinux user label
-                                              that applies to the container.
-                                            type: string
-                                        type: object
-                                      seccompProfile:
-                                        description: The seccomp options to use by
-                                          this container.
-                                        properties:
-                                          localhostProfile:
-                                            description: localhostProfile indicates
-                                              a profile defined in a file on the node
-                                              should be used.
-                                            type: string
-                                          type:
-                                            description: type indicates which kind
-                                              of seccomp profile will be applied.
-                                            type: string
-                                        required:
-                                        - type
-                                        type: object
-                                      windowsOptions:
-                                        description: The Windows specific settings
-                                          applied to all containers.
-                                        properties:
-                                          gmsaCredentialSpec:
-                                            description: GMSACredentialSpec is where
-                                              the GMSA admission webhook (https://github.
-                                            type: string
-                                          gmsaCredentialSpecName:
-                                            description: GMSACredentialSpecName is
-                                              the name of the GMSA credential spec
-                                              to use.
-                                            type: string
-                                          hostProcess:
-                                            description: HostProcess determines if
-                                              a container should be run as a 'Host
-                                              Process' container.
-                                            type: boolean
-                                          runAsUserName:
-                                            description: The UserName in Windows to
-                                              run the entrypoint of the container
-                                              process.
-                                            type: string
-                                        type: object
-                                    type: object
-                                  startupProbe:
-                                    description: StartupProbe indicates that the Pod
-                                      has successfully initialized.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  stdin:
-                                    description: Whether this container should allocate
-                                      a buffer for stdin in the container runtime.
-                                    type: boolean
-                                  stdinOnce:
-                                    description: Whether the container runtime should
-                                      close the stdin channel after it has been opened
-                                      by a single at
-                                    type: boolean
-                                  terminationMessagePath:
-                                    description: 'Optional: Path at which the file
-                                      to which the container''s termination message
-                                      will be written is mou'
-                                    type: string
-                                  terminationMessagePolicy:
-                                    description: Indicate how the termination message
-                                      should be populated.
-                                    type: string
-                                  tty:
-                                    description: Whether this container should allocate
-                                      a TTY for itself, also requires 'stdin' to be
-                                      true.
-                                    type: boolean
-                                  volumeDevices:
-                                    description: volumeDevices is the list of block
-                                      devices to be used by the container.
-                                    items:
-                                      description: volumeDevice describes a mapping
-                                        of a raw block device within a container.
-                                      properties:
-                                        devicePath:
-                                          description: devicePath is the path inside
-                                            of the container that the device will
-                                            be mapped to.
-                                          type: string
-                                        name:
-                                          description: name must match the name of
-                                            a persistentVolumeClaim in the pod
-                                          type: string
-                                      required:
-                                      - devicePath
-                                      - name
-                                      type: object
-                                    type: array
-                                  volumeMounts:
-                                    description: Pod volumes to mount into the container's
-                                      filesystem. Cannot be updated.
-                                    items:
-                                      description: VolumeMount describes a mounting
-                                        of a Volume within a container.
-                                      properties:
-                                        mountPath:
-                                          description: Path within the container at
-                                            which the volume should be mounted.  Must
-                                            not contain ':'.
-                                          type: string
-                                        mountPropagation:
-                                          description: mountPropagation determines
-                                            how mounts are propagated from the host
-                                            to container and the other way a
-                                          type: string
-                                        name:
-                                          description: This must match the Name of
-                                            a Volume.
-                                          type: string
-                                        readOnly:
-                                          description: Mounted read-only if true,
-                                            read-write otherwise (false or unspecified).
-                                            Defaults to false.
-                                          type: boolean
-                                        subPath:
-                                          description: Path within the volume from
-                                            which the container's volume should be
-                                            mounted.
-                                          type: string
-                                        subPathExpr:
-                                          description: Expanded path within the volume
-                                            from which the container's volume should
-                                            be mounted.
-                                          type: string
-                                      required:
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                  workingDir:
-                                    description: Container's working directory.
-                                    type: string
-                                required:
-                                - name
-                                type: object
-                              type: array
-                            dnsConfig:
-                              description: Specifies the DNS parameters of a pod.
-                              properties:
-                                nameservers:
-                                  description: A list of DNS name server IP addresses.
-                                  items:
-                                    type: string
-                                  type: array
-                                options:
-                                  description: A list of DNS resolver options. This
-                                    will be merged with the base options generated
-                                    from DNSPolicy.
-                                  items:
-                                    description: PodDNSConfigOption defines DNS resolver
-                                      options of a pod.
-                                    properties:
-                                      name:
-                                        description: Required.
-                                        type: string
-                                      value:
-                                        type: string
-                                    type: object
-                                  type: array
-                                searches:
-                                  description: A list of DNS search domains for host-name
-                                    lookup.
-                                  items:
-                                    type: string
-                                  type: array
-                              type: object
-                            dnsPolicy:
-                              description: Set DNS policy for the pod. Defaults to
-                                "ClusterFirst".
-                              type: string
-                            enableServiceLinks:
-                              description: EnableServiceLinks indicates whether information
-                                about services should be injected into pod's enviro
-                              type: boolean
-                            ephemeralContainers:
-                              description: List of ephemeral containers run in this
-                                pod.
-                              items:
-                                description: An EphemeralContainer is a temporary
-                                  container that you may add to an existing Pod for
-                                  user-initiate
-                                properties:
-                                  args:
-                                    description: Arguments to the entrypoint. The
-                                      docker image's CMD is used if this is not provided.
-                                    items:
-                                      type: string
-                                    type: array
-                                  command:
-                                    description: Entrypoint array. Not executed within
-                                      a shell.
-                                    items:
-                                      type: string
-                                    type: array
-                                  env:
-                                    description: List of environment variables to
-                                      set in the container. Cannot be updated.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: Variable references $(VAR_NAME)
-                                            are expanded using the previously defined
-                                            environment variables in t
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                            fieldRef:
-                                              description: 'Selects a field of the
-                                                pod: supports metadata.name, metadata.namespace,
-                                                `metadata.'
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                            resourceFieldRef:
-                                              description: 'Selects a resource of
-                                                the container: only resources limits
-                                                and requests (limits.cpu, limits.'
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  envFrom:
-                                    description: List of sources to populate environment
-                                      variables in the container.
-                                    items:
-                                      description: EnvFromSource represents the source
-                                        of a set of ConfigMaps
-                                      properties:
-                                        configMapRef:
-                                          description: The ConfigMap to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                        prefix:
-                                          description: An optional identifier to prepend
-                                            to each key in the ConfigMap. Must be
-                                            a C_IDENTIFIER.
-                                          type: string
-                                        secretRef:
-                                          description: The Secret to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                      type: object
-                                    type: array
-                                  image:
-                                    description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
-                                    type: string
-                                  imagePullPolicy:
-                                    description: Image pull policy. One of Always,
-                                      Never, IfNotPresent.
-                                    type: string
-                                  lifecycle:
-                                    description: Lifecycle is not allowed for ephemeral
-                                      containers.
-                                    properties:
-                                      postStart:
-                                        description: PostStart is called immediately
-                                          after a container is created.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                      preStop:
-                                        description: PreStop is called immediately
-                                          before a container is terminated due to
-                                          an API request or management e
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                    type: object
-                                  livenessProbe:
-                                    description: Probes are not allowed for ephemeral
-                                      containers.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  name:
-                                    description: Name of the ephemeral container specified
-                                      as a DNS_LABEL.
-                                    type: string
-                                  ports:
-                                    description: Ports are not allowed for ephemeral
-                                      containers.
-                                    items:
-                                      description: ContainerPort represents a network
-                                        port in a single container.
-                                      properties:
-                                        containerPort:
-                                          description: Number of port to expose on
-                                            the pod's IP address. This must be a valid
-                                            port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        hostIP:
-                                          description: What host IP to bind the external
-                                            port to.
-                                          type: string
-                                        hostPort:
-                                          description: Number of port to expose on
-                                            the host. If specified, this must be a
-                                            valid port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        name:
-                                          description: If specified, this must be
-                                            an IANA_SVC_NAME and unique within the
-                                            pod.
-                                          type: string
-                                        protocol:
-                                          default: TCP
-                                          description: Protocol for port. Must be
-                                            UDP, TCP, or SCTP. Defaults to "TCP".
-                                          type: string
-                                      required:
-                                      - containerPort
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                    - containerPort
-                                    - protocol
-                                    x-kubernetes-list-type: map
-                                  readinessProbe:
-                                    description: Probes are not allowed for ephemeral
-                                      containers.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  resources:
-                                    description: Resources are not allowed for ephemeral
-                                      containers.
-                                    properties:
-                                      limits:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: 'Limits describes the maximum
-                                          amount of compute resources allowed. More
-                                          info: https://kubernetes.'
-                                        type: object
-                                      requests:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: Requests describes the minimum
-                                          amount of compute resources required.
-                                        type: object
-                                    type: object
-                                  securityContext:
-                                    description: 'Optional: SecurityContext defines
-                                      the security options the ephemeral container
-                                      should be run with.'
-                                    properties:
-                                      allowPrivilegeEscalation:
-                                        description: AllowPrivilegeEscalation controls
-                                          whether a process can gain more privileges
-                                          than its parent process
-                                        type: boolean
-                                      capabilities:
-                                        description: The capabilities to add/drop
-                                          when running containers.
-                                        properties:
-                                          add:
-                                            description: Added capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                          drop:
-                                            description: Removed capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                        type: object
-                                      privileged:
-                                        description: Run container in privileged mode.
-                                        type: boolean
-                                      procMount:
-                                        description: procMount denotes the type of
-                                          proc mount to use for the containers.
-                                        type: string
-                                      readOnlyRootFilesystem:
-                                        description: Whether this container has a
-                                          read-only root filesystem. Default is false.
-                                        type: boolean
-                                      runAsGroup:
-                                        description: The GID to run the entrypoint
-                                          of the container process. Uses runtime default
-                                          if unset.
-                                        format: int64
-                                        type: integer
-                                      runAsNonRoot:
-                                        description: Indicates that the container
-                                          must run as a non-root user.
-                                        type: boolean
-                                      runAsUser:
-                                        description: The UID to run the entrypoint
-                                          of the container process.
-                                        format: int64
-                                        type: integer
-                                      seLinuxOptions:
-                                        description: The SELinux context to be applied
-                                          to the container.
-                                        properties:
-                                          level:
-                                            description: Level is SELinux level label
-                                              that applies to the container.
-                                            type: string
-                                          role:
-                                            description: Role is a SELinux role label
-                                              that applies to the container.
-                                            type: string
-                                          type:
-                                            description: Type is a SELinux type label
-                                              that applies to the container.
-                                            type: string
-                                          user:
-                                            description: User is a SELinux user label
-                                              that applies to the container.
-                                            type: string
-                                        type: object
-                                      seccompProfile:
-                                        description: The seccomp options to use by
-                                          this container.
-                                        properties:
-                                          localhostProfile:
-                                            description: localhostProfile indicates
-                                              a profile defined in a file on the node
-                                              should be used.
-                                            type: string
-                                          type:
-                                            description: type indicates which kind
-                                              of seccomp profile will be applied.
-                                            type: string
-                                        required:
-                                        - type
-                                        type: object
-                                      windowsOptions:
-                                        description: The Windows specific settings
-                                          applied to all containers.
-                                        properties:
-                                          gmsaCredentialSpec:
-                                            description: GMSACredentialSpec is where
-                                              the GMSA admission webhook (https://github.
-                                            type: string
-                                          gmsaCredentialSpecName:
-                                            description: GMSACredentialSpecName is
-                                              the name of the GMSA credential spec
-                                              to use.
-                                            type: string
-                                          hostProcess:
-                                            description: HostProcess determines if
-                                              a container should be run as a 'Host
-                                              Process' container.
-                                            type: boolean
-                                          runAsUserName:
-                                            description: The UserName in Windows to
-                                              run the entrypoint of the container
-                                              process.
-                                            type: string
-                                        type: object
-                                    type: object
-                                  startupProbe:
-                                    description: Probes are not allowed for ephemeral
-                                      containers.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  stdin:
-                                    description: Whether this container should allocate
-                                      a buffer for stdin in the container runtime.
-                                    type: boolean
-                                  stdinOnce:
-                                    description: Whether the container runtime should
-                                      close the stdin channel after it has been opened
-                                      by a single at
-                                    type: boolean
-                                  targetContainerName:
-                                    description: If set, the name of the container
-                                      from PodSpec that this ephemeral container targets.
-                                    type: string
-                                  terminationMessagePath:
-                                    description: 'Optional: Path at which the file
-                                      to which the container''s termination message
-                                      will be written is mou'
-                                    type: string
-                                  terminationMessagePolicy:
-                                    description: Indicate how the termination message
-                                      should be populated.
-                                    type: string
-                                  tty:
-                                    description: Whether this container should allocate
-                                      a TTY for itself, also requires 'stdin' to be
-                                      true.
-                                    type: boolean
-                                  volumeDevices:
-                                    description: volumeDevices is the list of block
-                                      devices to be used by the container.
-                                    items:
-                                      description: volumeDevice describes a mapping
-                                        of a raw block device within a container.
-                                      properties:
-                                        devicePath:
-                                          description: devicePath is the path inside
-                                            of the container that the device will
-                                            be mapped to.
-                                          type: string
-                                        name:
-                                          description: name must match the name of
-                                            a persistentVolumeClaim in the pod
-                                          type: string
-                                      required:
-                                      - devicePath
-                                      - name
-                                      type: object
-                                    type: array
-                                  volumeMounts:
-                                    description: Pod volumes to mount into the container's
-                                      filesystem.
-                                    items:
-                                      description: VolumeMount describes a mounting
-                                        of a Volume within a container.
-                                      properties:
-                                        mountPath:
-                                          description: Path within the container at
-                                            which the volume should be mounted.  Must
-                                            not contain ':'.
-                                          type: string
-                                        mountPropagation:
-                                          description: mountPropagation determines
-                                            how mounts are propagated from the host
-                                            to container and the other way a
-                                          type: string
-                                        name:
-                                          description: This must match the Name of
-                                            a Volume.
-                                          type: string
-                                        readOnly:
-                                          description: Mounted read-only if true,
-                                            read-write otherwise (false or unspecified).
-                                            Defaults to false.
-                                          type: boolean
-                                        subPath:
-                                          description: Path within the volume from
-                                            which the container's volume should be
-                                            mounted.
-                                          type: string
-                                        subPathExpr:
-                                          description: Expanded path within the volume
-                                            from which the container's volume should
-                                            be mounted.
-                                          type: string
-                                      required:
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                  workingDir:
-                                    description: Container's working directory.
-                                    type: string
-                                required:
-                                - name
-                                type: object
-                              type: array
-                            hostAliases:
-                              description: 'HostAliases is an optional list of hosts
-                                and IPs that will be injected into the pod''s hosts
-                                file if '
-                              items:
-                                description: 'HostAlias holds the mapping between
-                                  IP and hostnames that will be injected as an entry
-                                  in the pod''s '
-                                properties:
-                                  hostnames:
-                                    description: Hostnames for the above IP address.
-                                    items:
-                                      type: string
-                                    type: array
-                                  ip:
-                                    description: IP address of the host file entry.
-                                    type: string
-                                type: object
-                              type: array
-                            hostIPC:
-                              description: 'Use the host''s ipc namespace. Optional:
-                                Default to false.'
-                              type: boolean
-                            hostNetwork:
-                              description: Host networking requested for this pod.
-                                Use the host's network namespace.
-                              type: boolean
-                            hostPID:
-                              description: 'Use the host''s pid namespace. Optional:
-                                Default to false.'
-                              type: boolean
-                            hostname:
-                              description: Specifies the hostname of the Pod If not
-                                specified, the pod's hostname will be set to a system-defin
-                              type: string
-                            imagePullSecrets:
-                              description: ImagePullSecrets is an optional list of
-                                references to secrets in the same namespace to use
-                                for pulli
-                              items:
-                                description: 'LocalObjectReference contains enough
-                                  information to let you locate the referenced object
-                                  inside the '
-                                properties:
-                                  name:
-                                    description: 'Name of the referent. More info:
-                                      https://kubernetes.'
-                                    type: string
-                                type: object
-                              type: array
-                            initContainers:
-                              description: List of initialization containers belonging
-                                to the pod.
-                              items:
-                                description: A single application container that you
-                                  want to run within a pod.
-                                properties:
-                                  args:
-                                    description: Arguments to the entrypoint. The
-                                      docker image's CMD is used if this is not provided.
-                                    items:
-                                      type: string
-                                    type: array
-                                  command:
-                                    description: Entrypoint array. Not executed within
-                                      a shell.
-                                    items:
-                                      type: string
-                                    type: array
-                                  env:
-                                    description: List of environment variables to
-                                      set in the container. Cannot be updated.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: Variable references $(VAR_NAME)
-                                            are expanded using the previously defined
-                                            environment variables in t
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                            fieldRef:
-                                              description: 'Selects a field of the
-                                                pod: supports metadata.name, metadata.namespace,
-                                                `metadata.'
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                            resourceFieldRef:
-                                              description: 'Selects a resource of
-                                                the container: only resources limits
-                                                and requests (limits.cpu, limits.'
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  envFrom:
-                                    description: List of sources to populate environment
-                                      variables in the container.
-                                    items:
-                                      description: EnvFromSource represents the source
-                                        of a set of ConfigMaps
-                                      properties:
-                                        configMapRef:
-                                          description: The ConfigMap to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                        prefix:
-                                          description: An optional identifier to prepend
-                                            to each key in the ConfigMap. Must be
-                                            a C_IDENTIFIER.
-                                          type: string
-                                        secretRef:
-                                          description: The Secret to select from
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                must be defined
-                                              type: boolean
-                                          type: object
-                                      type: object
-                                    type: array
-                                  image:
-                                    description: 'Docker image name. More info: https://kubernetes.'
-                                    type: string
-                                  imagePullPolicy:
-                                    description: Image pull policy. One of Always,
-                                      Never, IfNotPresent.
-                                    type: string
-                                  lifecycle:
-                                    description: Actions that the management system
-                                      should take in response to container lifecycle
-                                      events.
-                                    properties:
-                                      postStart:
-                                        description: PostStart is called immediately
-                                          after a container is created.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                      preStop:
-                                        description: PreStop is called immediately
-                                          before a container is terminated due to
-                                          an API request or management e
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          tcpSocket:
-                                            description: Deprecated.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                        type: object
-                                    type: object
-                                  livenessProbe:
-                                    description: Periodic probe of container liveness.
-                                      Container will be restarted if the probe fails.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  name:
-                                    description: Name of the container specified as
-                                      a DNS_LABEL.
-                                    type: string
-                                  ports:
-                                    description: List of ports to expose from the
-                                      container.
-                                    items:
-                                      description: ContainerPort represents a network
-                                        port in a single container.
-                                      properties:
-                                        containerPort:
-                                          description: Number of port to expose on
-                                            the pod's IP address. This must be a valid
-                                            port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        hostIP:
-                                          description: What host IP to bind the external
-                                            port to.
-                                          type: string
-                                        hostPort:
-                                          description: Number of port to expose on
-                                            the host. If specified, this must be a
-                                            valid port number, 0 < x < 65536.
-                                          format: int32
-                                          type: integer
-                                        name:
-                                          description: If specified, this must be
-                                            an IANA_SVC_NAME and unique within the
-                                            pod.
-                                          type: string
-                                        protocol:
-                                          default: TCP
-                                          description: Protocol for port. Must be
-                                            UDP, TCP, or SCTP. Defaults to "TCP".
-                                          type: string
-                                      required:
-                                      - containerPort
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                    - containerPort
-                                    - protocol
-                                    x-kubernetes-list-type: map
-                                  readinessProbe:
-                                    description: Periodic probe of container service
-                                      readiness.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  resources:
-                                    description: 'Compute Resources required by this
-                                      container. Cannot be updated. More info: https://kubernetes.'
-                                    properties:
-                                      limits:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: 'Limits describes the maximum
-                                          amount of compute resources allowed. More
-                                          info: https://kubernetes.'
-                                        type: object
-                                      requests:
-                                        additionalProperties:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        description: Requests describes the minimum
-                                          amount of compute resources required.
-                                        type: object
-                                    type: object
-                                  securityContext:
-                                    description: SecurityContext defines the security
-                                      options the container should be run with.
-                                    properties:
-                                      allowPrivilegeEscalation:
-                                        description: AllowPrivilegeEscalation controls
-                                          whether a process can gain more privileges
-                                          than its parent process
-                                        type: boolean
-                                      capabilities:
-                                        description: The capabilities to add/drop
-                                          when running containers.
-                                        properties:
-                                          add:
-                                            description: Added capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                          drop:
-                                            description: Removed capabilities
-                                            items:
-                                              description: Capability represent POSIX
-                                                capabilities type
-                                              type: string
-                                            type: array
-                                        type: object
-                                      privileged:
-                                        description: Run container in privileged mode.
-                                        type: boolean
-                                      procMount:
-                                        description: procMount denotes the type of
-                                          proc mount to use for the containers.
-                                        type: string
-                                      readOnlyRootFilesystem:
-                                        description: Whether this container has a
-                                          read-only root filesystem. Default is false.
-                                        type: boolean
-                                      runAsGroup:
-                                        description: The GID to run the entrypoint
-                                          of the container process. Uses runtime default
-                                          if unset.
-                                        format: int64
-                                        type: integer
-                                      runAsNonRoot:
-                                        description: Indicates that the container
-                                          must run as a non-root user.
-                                        type: boolean
-                                      runAsUser:
-                                        description: The UID to run the entrypoint
-                                          of the container process.
-                                        format: int64
-                                        type: integer
-                                      seLinuxOptions:
-                                        description: The SELinux context to be applied
-                                          to the container.
-                                        properties:
-                                          level:
-                                            description: Level is SELinux level label
-                                              that applies to the container.
-                                            type: string
-                                          role:
-                                            description: Role is a SELinux role label
-                                              that applies to the container.
-                                            type: string
-                                          type:
-                                            description: Type is a SELinux type label
-                                              that applies to the container.
-                                            type: string
-                                          user:
-                                            description: User is a SELinux user label
-                                              that applies to the container.
-                                            type: string
-                                        type: object
-                                      seccompProfile:
-                                        description: The seccomp options to use by
-                                          this container.
-                                        properties:
-                                          localhostProfile:
-                                            description: localhostProfile indicates
-                                              a profile defined in a file on the node
-                                              should be used.
-                                            type: string
-                                          type:
-                                            description: type indicates which kind
-                                              of seccomp profile will be applied.
-                                            type: string
-                                        required:
-                                        - type
-                                        type: object
-                                      windowsOptions:
-                                        description: The Windows specific settings
-                                          applied to all containers.
-                                        properties:
-                                          gmsaCredentialSpec:
-                                            description: GMSACredentialSpec is where
-                                              the GMSA admission webhook (https://github.
-                                            type: string
-                                          gmsaCredentialSpecName:
-                                            description: GMSACredentialSpecName is
-                                              the name of the GMSA credential spec
-                                              to use.
-                                            type: string
-                                          hostProcess:
-                                            description: HostProcess determines if
-                                              a container should be run as a 'Host
-                                              Process' container.
-                                            type: boolean
-                                          runAsUserName:
-                                            description: The UserName in Windows to
-                                              run the entrypoint of the container
-                                              process.
-                                            type: string
-                                        type: object
-                                    type: object
-                                  startupProbe:
-                                    description: StartupProbe indicates that the Pod
-                                      has successfully initialized.
-                                    properties:
-                                      exec:
-                                        description: Exec specifies the action to
-                                          take.
-                                        properties:
-                                          command:
-                                            description: 'Command is the command line
-                                              to execute inside the container, the
-                                              working directory for the command  '
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      failureThreshold:
-                                        description: Minimum consecutive failures
-                                          for the probe to be considered failed after
-                                          having succeeded.
-                                        format: int32
-                                        type: integer
-                                      grpc:
-                                        description: GRPC specifies an action involving
-                                          a GRPC port.
-                                        properties:
-                                          port:
-                                            description: Port number of the gRPC service.
-                                              Number must be in the range 1 to 65535.
-                                            format: int32
-                                            type: integer
-                                          service:
-                                            description: Service is the name of the
-                                              service to place in the gRPC HealthCheckRequest
-                                              (see https://github.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      httpGet:
-                                        description: HTTPGet specifies the http request
-                                          to perform.
-                                        properties:
-                                          host:
-                                            description: Host name to connect to,
-                                              defaults to the pod IP.
-                                            type: string
-                                          httpHeaders:
-                                            description: Custom headers to set in
-                                              the request. HTTP allows repeated headers.
-                                            items:
-                                              description: HTTPHeader describes a
-                                                custom header to be used in HTTP probes
-                                              properties:
-                                                name:
-                                                  description: The header field name
-                                                  type: string
-                                                value:
-                                                  description: The header field value
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          path:
-                                            description: Path to access on the HTTP
-                                              server.
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Name or number of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                          scheme:
-                                            description: Scheme to use for connecting
-                                              to the host. Defaults to HTTP.
-                                            type: string
-                                        required:
-                                        - port
-                                        type: object
-                                      initialDelaySeconds:
-                                        description: Number of seconds after the container
-                                          has started before liveness probes are initiated.
-                                        format: int32
-                                        type: integer
-                                      periodSeconds:
-                                        description: How often (in seconds) to perform
-                                          the probe. Default to 10 seconds. Minimum
-                                          value is 1.
-                                        format: int32
-                                        type: integer
-                                      successThreshold:
-                                        description: Minimum consecutive successes
-                                          for the probe to be considered successful
-                                          after having failed.
-                                        format: int32
-                                        type: integer
-                                      tcpSocket:
-                                        description: TCPSocket specifies an action
-                                          involving a TCP port.
-                                        properties:
-                                          host:
-                                            description: 'Optional: Host name to connect
-                                              to, defaults to the pod IP.'
-                                            type: string
-                                          port:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Number or name of the port
-                                              to access on the container. Number must
-                                              be in the range 1 to 65535.
-                                            x-kubernetes-int-or-string: true
-                                        required:
-                                        - port
-                                        type: object
-                                      terminationGracePeriodSeconds:
-                                        description: Optional duration in seconds
-                                          the pod needs to terminate gracefully upon
-                                          probe failure.
-                                        format: int64
-                                        type: integer
-                                      timeoutSeconds:
-                                        description: Number of seconds after which
-                                          the probe times out. Defaults to 1 second.
-                                          Minimum value is 1.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                  stdin:
-                                    description: Whether this container should allocate
-                                      a buffer for stdin in the container runtime.
-                                    type: boolean
-                                  stdinOnce:
-                                    description: Whether the container runtime should
-                                      close the stdin channel after it has been opened
-                                      by a single at
-                                    type: boolean
-                                  terminationMessagePath:
-                                    description: 'Optional: Path at which the file
-                                      to which the container''s termination message
-                                      will be written is mou'
-                                    type: string
-                                  terminationMessagePolicy:
-                                    description: Indicate how the termination message
-                                      should be populated.
-                                    type: string
-                                  tty:
-                                    description: Whether this container should allocate
-                                      a TTY for itself, also requires 'stdin' to be
-                                      true.
-                                    type: boolean
-                                  volumeDevices:
-                                    description: volumeDevices is the list of block
-                                      devices to be used by the container.
-                                    items:
-                                      description: volumeDevice describes a mapping
-                                        of a raw block device within a container.
-                                      properties:
-                                        devicePath:
-                                          description: devicePath is the path inside
-                                            of the container that the device will
-                                            be mapped to.
-                                          type: string
-                                        name:
-                                          description: name must match the name of
-                                            a persistentVolumeClaim in the pod
-                                          type: string
-                                      required:
-                                      - devicePath
-                                      - name
-                                      type: object
-                                    type: array
-                                  volumeMounts:
-                                    description: Pod volumes to mount into the container's
-                                      filesystem. Cannot be updated.
-                                    items:
-                                      description: VolumeMount describes a mounting
-                                        of a Volume within a container.
-                                      properties:
-                                        mountPath:
-                                          description: Path within the container at
-                                            which the volume should be mounted.  Must
-                                            not contain ':'.
-                                          type: string
-                                        mountPropagation:
-                                          description: mountPropagation determines
-                                            how mounts are propagated from the host
-                                            to container and the other way a
-                                          type: string
-                                        name:
-                                          description: This must match the Name of
-                                            a Volume.
-                                          type: string
-                                        readOnly:
-                                          description: Mounted read-only if true,
-                                            read-write otherwise (false or unspecified).
-                                            Defaults to false.
-                                          type: boolean
-                                        subPath:
-                                          description: Path within the volume from
-                                            which the container's volume should be
-                                            mounted.
-                                          type: string
-                                        subPathExpr:
-                                          description: Expanded path within the volume
-                                            from which the container's volume should
-                                            be mounted.
-                                          type: string
-                                      required:
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                  workingDir:
-                                    description: Container's working directory.
-                                    type: string
-                                required:
-                                - name
-                                type: object
-                              type: array
-                            nodeName:
-                              description: NodeName is a request to schedule this
-                                pod onto a specific node.
-                              type: string
-                            nodeSelector:
-                              additionalProperties:
-                                type: string
-                              description: NodeSelector is a selector which must be
-                                true for the pod to fit on a node.
-                              type: object
-                              x-kubernetes-map-type: atomic
-                            os:
-                              description: Specifies the OS of the containers in the
-                                pod.
-                              properties:
-                                name:
-                                  description: Name is the name of the operating system.
-                                    The currently supported values are linux and windows.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            overhead:
-                              additionalProperties:
-                                anyOf:
-                                - type: integer
-                                - type: string
-                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                x-kubernetes-int-or-string: true
-                              description: Overhead represents the resource overhead
-                                associated with running a pod for a given RuntimeClass.
-                              type: object
-                            preemptionPolicy:
-                              description: PreemptionPolicy is the Policy for preempting
-                                pods with lower priority.
-                              type: string
-                            priority:
-                              description: The priority value. Various system components
-                                use this field to find the priority of the pod.
-                              format: int32
-                              type: integer
-                            priorityClassName:
-                              description: If specified, indicates the pod's priority.
-                              type: string
-                            readinessGates:
-                              description: If specified, all readiness gates will
-                                be evaluated for pod readiness.
-                              items:
-                                description: PodReadinessGate contains the reference
-                                  to a pod condition
-                                properties:
-                                  conditionType:
-                                    description: ConditionType refers to a condition
-                                      in the pod's condition list with matching type.
-                                    type: string
-                                required:
-                                - conditionType
-                                type: object
-                              type: array
-                            restartPolicy:
-                              description: Restart policy for all containers within
-                                the pod. One of Always, OnFailure, Never.
-                              type: string
-                            runtimeClassName:
-                              description: RuntimeClassName refers to a RuntimeClass
-                                object in the node.k8s.
-                              type: string
-                            schedulerName:
-                              description: If specified, the pod will be dispatched
-                                by specified scheduler.
-                              type: string
-                            securityContext:
-                              description: SecurityContext holds pod-level security
-                                attributes and common container settings.
-                              properties:
-                                fsGroup:
-                                  description: A special supplemental group that applies
-                                    to all containers in a pod.
-                                  format: int64
-                                  type: integer
-                                fsGroupChangePolicy:
-                                  description: fsGroupChangePolicy defines behavior
-                                    of changing ownership and permission of the volume
-                                    before being
-                                  type: string
-                                runAsGroup:
-                                  description: The GID to run the entrypoint of the
-                                    container process. Uses runtime default if unset.
-                                  format: int64
-                                  type: integer
-                                runAsNonRoot:
-                                  description: Indicates that the container must run
-                                    as a non-root user.
-                                  type: boolean
-                                runAsUser:
-                                  description: The UID to run the entrypoint of the
-                                    container process.
-                                  format: int64
-                                  type: integer
-                                seLinuxOptions:
-                                  description: The SELinux context to be applied to
-                                    all containers.
-                                  properties:
-                                    level:
-                                      description: Level is SELinux level label that
-                                        applies to the container.
-                                      type: string
-                                    role:
-                                      description: Role is a SELinux role label that
-                                        applies to the container.
-                                      type: string
-                                    type:
-                                      description: Type is a SELinux type label that
-                                        applies to the container.
-                                      type: string
-                                    user:
-                                      description: User is a SELinux user label that
-                                        applies to the container.
-                                      type: string
-                                  type: object
-                                seccompProfile:
-                                  description: The seccomp options to use by the containers
-                                    in this pod.
-                                  properties:
-                                    localhostProfile:
-                                      description: localhostProfile indicates a profile
-                                        defined in a file on the node should be used.
-                                      type: string
-                                    type:
-                                      description: type indicates which kind of seccomp
-                                        profile will be applied.
-                                      type: string
-                                  required:
-                                  - type
-                                  type: object
-                                supplementalGroups:
-                                  description: 'A list of groups applied to the first
-                                    process run in each container, in addition to
-                                    the container''s '
-                                  items:
-                                    format: int64
-                                    type: integer
-                                  type: array
-                                sysctls:
-                                  description: Sysctls hold a list of namespaced sysctls
-                                    used for the pod.
-                                  items:
-                                    description: Sysctl defines a kernel parameter
-                                      to be set
-                                    properties:
-                                      name:
-                                        description: Name of a property to set
-                                        type: string
-                                      value:
-                                        description: Value of a property to set
-                                        type: string
-                                    required:
-                                    - name
-                                    - value
-                                    type: object
-                                  type: array
-                                windowsOptions:
-                                  description: The Windows specific settings applied
-                                    to all containers.
-                                  properties:
-                                    gmsaCredentialSpec:
-                                      description: GMSACredentialSpec is where the
-                                        GMSA admission webhook (https://github.
-                                      type: string
-                                    gmsaCredentialSpecName:
-                                      description: GMSACredentialSpecName is the name
-                                        of the GMSA credential spec to use.
-                                      type: string
-                                    hostProcess:
-                                      description: HostProcess determines if a container
-                                        should be run as a 'Host Process' container.
-                                      type: boolean
-                                    runAsUserName:
-                                      description: The UserName in Windows to run
-                                        the entrypoint of the container process.
-                                      type: string
-                                  type: object
-                              type: object
-                            serviceAccount:
-                              description: DeprecatedServiceAccount is a depreciated
-                                alias for ServiceAccountName.
-                              type: string
-                            serviceAccountName:
-                              description: ServiceAccountName is the name of the ServiceAccount
-                                to use to run this pod.
-                              type: string
-                            setHostnameAsFQDN:
-                              description: If true the pod's hostname will be configured
-                                as the pod's FQDN, rather than the leaf name (the
-                                defa
-                              type: boolean
-                            shareProcessNamespace:
-                              description: Share a single process namespace between
-                                all of the containers in a pod.
-                              type: boolean
-                            subdomain:
-                              description: If specified, the fully qualified Pod hostname
-                                will be "<hostname>.<subdomain>.<pod namespace>.svc.
-                              type: string
-                            terminationGracePeriodSeconds:
-                              description: Optional duration in seconds the pod needs
-                                to terminate gracefully.
-                              format: int64
-                              type: integer
-                            tolerations:
-                              description: If specified, the pod's tolerations.
-                              items:
-                                description: The pod this Toleration is attached to
-                                  tolerates any taint that matches the triple <key,value,effect
-                                properties:
-                                  effect:
-                                    description: Effect indicates the taint effect
-                                      to match. Empty means match all taint effects.
-                                    type: string
-                                  key:
-                                    description: Key is the taint key that the toleration
-                                      applies to. Empty means match all taint keys.
-                                    type: string
-                                  operator:
-                                    description: Operator represents a key's relationship
-                                      to the value. Valid operators are Exists and
-                                      Equal.
-                                    type: string
-                                  tolerationSeconds:
-                                    description: TolerationSeconds represents the
-                                      period of time the toleration (which must be
-                                      of effect NoExecute, o
-                                    format: int64
-                                    type: integer
-                                  value:
-                                    description: Value is the taint value the toleration
-                                      matches to.
-                                    type: string
-                                type: object
-                              type: array
-                            topologySpreadConstraints:
-                              description: TopologySpreadConstraints describes how
-                                a group of pods ought to spread across topology domains.
-                              items:
-                                description: TopologySpreadConstraint specifies how
-                                  to spread matching pods among the given topology.
-                                properties:
-                                  labelSelector:
-                                    description: LabelSelector is used to find matching
-                                      pods.
-                                    properties:
-                                      matchExpressions:
-                                        description: matchExpressions is a list of
-                                          label selector requirements. The requirements
-                                          are ANDed.
-                                        items:
-                                          description: A label selector requirement
-                                            is a selector that contains values, a
-                                            key, and an operator that relates
-                                          properties:
-                                            key:
-                                              description: key is the label key that
-                                                the selector applies to.
-                                              type: string
-                                            operator:
-                                              description: operator represents a key's
-                                                relationship to a set of values.
-                                              type: string
-                                            values:
-                                              description: values is an array of string
-                                                values.
-                                              items:
-                                                type: string
-                                              type: array
-                                          required:
-                                          - key
-                                          - operator
-                                          type: object
-                                        type: array
-                                      matchLabels:
-                                        additionalProperties:
-                                          type: string
-                                        description: matchLabels is a map of {key,value}
-                                          pairs.
-                                        type: object
-                                    type: object
-                                  maxSkew:
-                                    description: MaxSkew describes the degree to which
-                                      pods may be unevenly distributed.
-                                    format: int32
-                                    type: integer
-                                  topologyKey:
-                                    description: TopologyKey is the key of node labels.
-                                    type: string
-                                  whenUnsatisfiable:
-                                    description: WhenUnsatisfiable indicates how to
-                                      deal with a pod if it doesn't satisfy the spread
-                                      constraint.
-                                    type: string
-                                required:
-                                - maxSkew
-                                - topologyKey
-                                - whenUnsatisfiable
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - topologyKey
-                              - whenUnsatisfiable
-                              x-kubernetes-list-type: map
-                            volumes:
-                              description: List of volumes that can be mounted by
-                                containers belonging to the pod.
-                              items:
-                                description: Volume represents a named volume in a
-                                  pod that may be accessed by any container in the
-                                  pod.
-                                properties:
-                                  awsElasticBlockStore:
-                                    description: AWSElasticBlockStore represents an
-                                      AWS Disk resource that is attached to a kubelet's
-                                      host machine an
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type of the volume
-                                          that you want to mount.
-                                        type: string
-                                      partition:
-                                        description: The partition in the volume that
-                                          you want to mount.
-                                        format: int32
-                                        type: integer
-                                      readOnly:
-                                        description: Specify "true" to force and set
-                                          the ReadOnly property in VolumeMounts to
-                                          "true".
-                                        type: boolean
-                                      volumeID:
-                                        description: 'Unique ID of the persistent
-                                          disk resource in AWS (Amazon EBS volume).
-                                          More info: https://kubernetes.'
-                                        type: string
-                                    required:
-                                    - volumeID
-                                    type: object
-                                  azureDisk:
-                                    description: AzureDisk represents an Azure Data
-                                      Disk mount on the host and bind mount to the
-                                      pod.
-                                    properties:
-                                      cachingMode:
-                                        description: 'Host Caching mode: None, Read
-                                          Only, Read Write.'
-                                        type: string
-                                      diskName:
-                                        description: The Name of the data disk in
-                                          the blob storage
-                                        type: string
-                                      diskURI:
-                                        description: The URI the data disk in the
-                                          blob storage
-                                        type: string
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      kind:
-                                        description: 'Expected values Shared: multiple
-                                          blob disks per storage account  Dedicated:
-                                          single blob disk per sto'
-                                        type: string
-                                      readOnly:
-                                        description: Defaults to false (read/write).
-                                          ReadOnly here will force the ReadOnly setting
-                                          in VolumeMounts.
-                                        type: boolean
-                                    required:
-                                    - diskName
-                                    - diskURI
-                                    type: object
-                                  azureFile:
-                                    description: AzureFile represents an Azure File
-                                      Service mount on the host and bind mount to
-                                      the pod.
-                                    properties:
-                                      readOnly:
-                                        description: Defaults to false (read/write).
-                                          ReadOnly here will force the ReadOnly setting
-                                          in VolumeMounts.
-                                        type: boolean
-                                      secretName:
-                                        description: the name of secret that contains
-                                          Azure Storage Account Name and Key
-                                        type: string
-                                      shareName:
-                                        description: Share Name
-                                        type: string
-                                    required:
-                                    - secretName
-                                    - shareName
-                                    type: object
-                                  cephfs:
-                                    description: CephFS represents a Ceph FS mount
-                                      on the host that shares a pod's lifetime
-                                    properties:
-                                      monitors:
-                                        description: 'Required: Monitors is a collection
-                                          of Ceph monitors More info: https://examples.k8s.'
-                                        items:
-                                          type: string
-                                        type: array
-                                      path:
-                                        description: 'Optional: Used as the mounted
-                                          root, rather than the full Ceph tree, default
-                                          is /'
-                                        type: string
-                                      readOnly:
-                                        description: 'Optional: Defaults to false
-                                          (read/write).'
-                                        type: boolean
-                                      secretFile:
-                                        description: 'Optional: SecretFile is the
-                                          path to key ring for User, default is /etc/ceph/user.'
-                                        type: string
-                                      secretRef:
-                                        description: 'Optional: SecretRef is reference
-                                          to the authentication secret for User, default
-                                          is empty.'
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      user:
-                                        description: 'Optional: User is the rados
-                                          user name, default is admin More info: https://examples.k8s.'
-                                        type: string
-                                    required:
-                                    - monitors
-                                    type: object
-                                  cinder:
-                                    description: Cinder represents a cinder volume
-                                      attached and mounted on kubelets host machine.
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system.
-                                        type: string
-                                      readOnly:
-                                        description: 'Optional: Defaults to false
-                                          (read/write).'
-                                        type: boolean
-                                      secretRef:
-                                        description: 'Optional: points to a secret
-                                          object containing parameters used to connect
-                                          to OpenStack.'
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      volumeID:
-                                        description: 'volume id used to identify the
-                                          volume in cinder. More info: https://examples.k8s.'
-                                        type: string
-                                    required:
-                                    - volumeID
-                                    type: object
-                                  configMap:
-                                    description: ConfigMap represents a configMap
-                                      that should populate this volume
-                                    properties:
-                                      defaultMode:
-                                        description: 'Optional: mode bits used to
-                                          set permissions on created files by default.'
-                                        format: int32
-                                        type: integer
-                                      items:
-                                        description: 'If unspecified, each key-value
-                                          pair in the Data field of the referenced
-                                          ConfigMap will be projected '
-                                        items:
-                                          description: Maps a string key to a path
-                                            within a volume.
-                                          properties:
-                                            key:
-                                              description: The key to project.
-                                              type: string
-                                            mode:
-                                              description: 'Optional: mode bits used
-                                                to set permissions on this file.'
-                                              format: int32
-                                              type: integer
-                                            path:
-                                              description: The relative path of the
-                                                file to map the key to. May not be
-                                                an absolute path.
-                                              type: string
-                                          required:
-                                          - key
-                                          - path
-                                          type: object
-                                        type: array
-                                      name:
-                                        description: 'Name of the referent. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                      optional:
-                                        description: Specify whether the ConfigMap
-                                          or its keys must be defined
-                                        type: boolean
-                                    type: object
-                                  csi:
-                                    description: CSI (Container Storage Interface)
-                                      represents ephemeral storage that is handled
-                                      by certain external C
-                                    properties:
-                                      driver:
-                                        description: Driver is the name of the CSI
-                                          driver that handles this volume.
-                                        type: string
-                                      fsType:
-                                        description: Filesystem type to mount. Ex.
-                                          "ext4", "xfs", "ntfs".
-                                        type: string
-                                      nodePublishSecretRef:
-                                        description: NodePublishSecretRef is a reference
-                                          to the secret object containing sensitive
-                                          information to pass to
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      readOnly:
-                                        description: Specifies a read-only configuration
-                                          for the volume. Defaults to false (read/write).
-                                        type: boolean
-                                      volumeAttributes:
-                                        additionalProperties:
-                                          type: string
-                                        description: VolumeAttributes stores driver-specific
-                                          properties that are passed to the CSI driver.
-                                        type: object
-                                    required:
-                                    - driver
-                                    type: object
-                                  downwardAPI:
-                                    description: DownwardAPI represents downward API
-                                      about the pod that should populate this volume
-                                    properties:
-                                      defaultMode:
-                                        description: 'Optional: mode bits to use on
-                                          created files by default.'
-                                        format: int32
-                                        type: integer
-                                      items:
-                                        description: Items is a list of downward API
-                                          volume file
-                                        items:
-                                          description: DownwardAPIVolumeFile represents
-                                            information to create the file containing
-                                            the pod field
-                                          properties:
-                                            fieldRef:
-                                              description: 'Required: Selects a field
-                                                of the pod: only annotations, labels,
-                                                name and namespace are supported.'
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                            mode:
-                                              description: 'Optional: mode bits used
-                                                to set permissions on this file, must
-                                                be an octal value between 0000 and
-                                                07'
-                                              format: int32
-                                              type: integer
-                                            path:
-                                              description: 'Required: Path is  the
-                                                relative path name of the file to
-                                                be created.'
-                                              type: string
-                                            resourceFieldRef:
-                                              description: 'Selects a resource of
-                                                the container: only resources limits
-                                                and requests (limits.cpu, limits.'
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                          required:
-                                          - path
-                                          type: object
-                                        type: array
-                                    type: object
-                                  emptyDir:
-                                    description: EmptyDir represents a temporary directory
-                                      that shares a pod's lifetime.
-                                    properties:
-                                      medium:
-                                        description: What type of storage medium should
-                                          back this directory.
-                                        type: string
-                                      sizeLimit:
-                                        anyOf:
-                                        - type: integer
-                                        - type: string
-                                        description: Total amount of local storage
-                                          required for this EmptyDir volume.
-                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                        x-kubernetes-int-or-string: true
-                                    type: object
-                                  ephemeral:
-                                    description: Ephemeral represents a volume that
-                                      is handled by a cluster storage driver.
-                                    properties:
-                                      volumeClaimTemplate:
-                                        description: Will be used to create a stand-alone
-                                          PVC to provision the volume.
-                                        properties:
-                                          metadata:
-                                            description: May contain labels and annotations
-                                              that will be copied into the PVC when
-                                              creating it.
-                                            properties:
-                                              annotations:
-                                                additionalProperties:
-                                                  type: string
-                                                type: object
-                                              finalizers:
-                                                items:
-                                                  type: string
-                                                type: array
-                                              labels:
-                                                additionalProperties:
-                                                  type: string
-                                                type: object
-                                              name:
-                                                type: string
-                                              namespace:
-                                                type: string
-                                            type: object
-                                          spec:
-                                            description: The specification for the
-                                              PersistentVolumeClaim.
-                                            properties:
-                                              accessModes:
-                                                description: 'AccessModes contains
-                                                  the desired access modes the volume
-                                                  should have. More info: https://kubernetes.'
-                                                items:
-                                                  type: string
-                                                type: array
-                                              dataSource:
-                                                description: 'This field can be used
-                                                  to specify either: * An existing
-                                                  VolumeSnapshot object (snapshot.storage.k8s.'
-                                                properties:
-                                                  apiGroup:
-                                                    description: APIGroup is the group
-                                                      for the resource being referenced.
-                                                    type: string
-                                                  kind:
-                                                    description: Kind is the type
-                                                      of resource being referenced
-                                                    type: string
-                                                  name:
-                                                    description: Name is the name
-                                                      of resource being referenced
-                                                    type: string
-                                                required:
-                                                - kind
-                                                - name
-                                                type: object
-                                              dataSourceRef:
-                                                description: Specifies the object
-                                                  from which to populate the volume
-                                                  with data, if a non-empty volume
-                                                  is desired.
-                                                properties:
-                                                  apiGroup:
-                                                    description: APIGroup is the group
-                                                      for the resource being referenced.
-                                                    type: string
-                                                  kind:
-                                                    description: Kind is the type
-                                                      of resource being referenced
-                                                    type: string
-                                                  name:
-                                                    description: Name is the name
-                                                      of resource being referenced
-                                                    type: string
-                                                required:
-                                                - kind
-                                                - name
-                                                type: object
-                                              resources:
-                                                description: Resources represents
-                                                  the minimum resources the volume
-                                                  should have.
-                                                properties:
-                                                  limits:
-                                                    additionalProperties:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    description: 'Limits describes
-                                                      the maximum amount of compute
-                                                      resources allowed. More info:
-                                                      https://kubernetes.'
-                                                    type: object
-                                                  requests:
-                                                    additionalProperties:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    description: Requests describes
-                                                      the minimum amount of compute
-                                                      resources required.
-                                                    type: object
-                                                type: object
-                                              selector:
-                                                description: A label query over volumes
-                                                  to consider for binding.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              storageClassName:
-                                                description: 'Name of the StorageClass
-                                                  required by the claim. More info:
-                                                  https://kubernetes.'
-                                                type: string
-                                              volumeMode:
-                                                description: volumeMode defines what
-                                                  type of volume is required by the
-                                                  claim.
-                                                type: string
-                                              volumeName:
-                                                description: VolumeName is the binding
-                                                  reference to the PersistentVolume
-                                                  backing this claim.
-                                                type: string
-                                            type: object
-                                        required:
-                                        - spec
-                                        type: object
-                                    type: object
-                                  fc:
-                                    description: FC represents a Fibre Channel resource
-                                      that is attached to a kubelet's host machine
-                                      and then exposed
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      lun:
-                                        description: 'Optional: FC target lun number'
-                                        format: int32
-                                        type: integer
-                                      readOnly:
-                                        description: 'Optional: Defaults to false
-                                          (read/write).'
-                                        type: boolean
-                                      targetWWNs:
-                                        description: 'Optional: FC target worldwide
-                                          names (WWNs)'
-                                        items:
-                                          type: string
-                                        type: array
-                                      wwids:
-                                        description: 'Optional: FC volume world wide
-                                          identifiers (wwids) Either wwids or combination
-                                          of targetWWNs and lun'
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  flexVolume:
-                                    description: FlexVolume represents a generic volume
-                                      resource that is provisioned/attached using
-                                      an exec based plu
-                                    properties:
-                                      driver:
-                                        description: Driver is the name of the driver
-                                          to use for this volume.
-                                        type: string
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      options:
-                                        additionalProperties:
-                                          type: string
-                                        description: 'Optional: Extra command options
-                                          if any.'
-                                        type: object
-                                      readOnly:
-                                        description: 'Optional: Defaults to false
-                                          (read/write).'
-                                        type: boolean
-                                      secretRef:
-                                        description: 'Optional: SecretRef is reference
-                                          to the secret object containing sensitive
-                                          information to pass to th'
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                    required:
-                                    - driver
-                                    type: object
-                                  flocker:
-                                    description: Flocker represents a Flocker volume
-                                      attached to a kubelet's host machine.
-                                    properties:
-                                      datasetName:
-                                        description: Name of the dataset stored as
-                                          metadata -> name on the dataset for Flocker
-                                          should be considered as de
-                                        type: string
-                                      datasetUUID:
-                                        description: UUID of the dataset. This is
-                                          unique identifier of a Flocker dataset
-                                        type: string
-                                    type: object
-                                  gcePersistentDisk:
-                                    description: GCEPersistentDisk represents a GCE
-                                      Disk resource that is attached to a kubelet's
-                                      host machine and th
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type of the volume
-                                          that you want to mount.
-                                        type: string
-                                      partition:
-                                        description: The partition in the volume that
-                                          you want to mount.
-                                        format: int32
-                                        type: integer
-                                      pdName:
-                                        description: Unique name of the PD resource
-                                          in GCE. Used to identify the disk in GCE.
-                                        type: string
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          ReadOnly setting in VolumeMounts. Defaults
-                                          to false.
-                                        type: boolean
-                                    required:
-                                    - pdName
-                                    type: object
-                                  gitRepo:
-                                    description: 'GitRepo represents a git repository
-                                      at a particular revision. DEPRECATED: GitRepo
-                                      is deprecated.'
-                                    properties:
-                                      directory:
-                                        description: Target directory name. Must not
-                                          contain or start with '..'.  If '.
-                                        type: string
-                                      repository:
-                                        description: Repository URL
-                                        type: string
-                                      revision:
-                                        description: Commit hash for the specified
-                                          revision.
-                                        type: string
-                                    required:
-                                    - repository
-                                    type: object
-                                  glusterfs:
-                                    description: Glusterfs represents a Glusterfs
-                                      mount on the host that shares a pod's lifetime.
-                                    properties:
-                                      endpoints:
-                                        description: 'EndpointsName is the endpoint
-                                          name that details Glusterfs topology. More
-                                          info: https://examples.k8s.'
-                                        type: string
-                                      path:
-                                        description: 'Path is the Glusterfs volume
-                                          path. More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                        type: string
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          Glusterfs volume to be mounted with read-only
-                                          permissions.
-                                        type: boolean
-                                    required:
-                                    - endpoints
-                                    - path
-                                    type: object
-                                  hostPath:
-                                    description: HostPath represents a pre-existing
-                                      file or directory on the host machine that is
-                                      directly exposed to
-                                    properties:
-                                      path:
-                                        description: Path of the directory on the
-                                          host.
-                                        type: string
-                                      type:
-                                        description: 'Type for HostPath Volume Defaults
-                                          to "" More info: https://kubernetes.'
-                                        type: string
-                                    required:
-                                    - path
-                                    type: object
-                                  iscsi:
-                                    description: ISCSI represents an ISCSI Disk resource
-                                      that is attached to a kubelet's host machine
-                                      and then expose
-                                    properties:
-                                      chapAuthDiscovery:
-                                        description: whether support iSCSI Discovery
-                                          CHAP authentication
-                                        type: boolean
-                                      chapAuthSession:
-                                        description: whether support iSCSI Session
-                                          CHAP authentication
-                                        type: boolean
-                                      fsType:
-                                        description: Filesystem type of the volume
-                                          that you want to mount.
-                                        type: string
-                                      initiatorName:
-                                        description: Custom iSCSI Initiator Name.
-                                        type: string
-                                      iqn:
-                                        description: Target iSCSI Qualified Name.
-                                        type: string
-                                      iscsiInterface:
-                                        description: iSCSI Interface Name that uses
-                                          an iSCSI transport. Defaults to 'default'
-                                          (tcp).
-                                        type: string
-                                      lun:
-                                        description: iSCSI Target Lun number.
-                                        format: int32
-                                        type: integer
-                                      portals:
-                                        description: iSCSI Target Portal List.
-                                        items:
-                                          type: string
-                                        type: array
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          ReadOnly setting in VolumeMounts. Defaults
-                                          to false.
-                                        type: boolean
-                                      secretRef:
-                                        description: CHAP Secret for iSCSI target
-                                          and initiator authentication
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      targetPortal:
-                                        description: iSCSI Target Portal.
-                                        type: string
-                                    required:
-                                    - iqn
-                                    - lun
-                                    - targetPortal
-                                    type: object
-                                  name:
-                                    description: 'Volume''s name. Must be a DNS_LABEL
-                                      and unique within the pod. More info: https://kubernetes.'
-                                    type: string
-                                  nfs:
-                                    description: 'NFS represents an NFS mount on the
-                                      host that shares a pod''s lifetime More info:
-                                      https://kubernetes.'
-                                    properties:
-                                      path:
-                                        description: 'Path that is exported by the
-                                          NFS server. More info: https://kubernetes.'
-                                        type: string
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          NFS export to be mounted with read-only
-                                          permissions. Defaults to false.
-                                        type: boolean
-                                      server:
-                                        description: 'Server is the hostname or IP
-                                          address of the NFS server. More info: https://kubernetes.'
-                                        type: string
-                                    required:
-                                    - path
-                                    - server
-                                    type: object
-                                  persistentVolumeClaim:
-                                    description: PersistentVolumeClaimVolumeSource
-                                      represents a reference to a PersistentVolumeClaim
-                                      in the same name
-                                    properties:
-                                      claimName:
-                                        description: ClaimName is the name of a PersistentVolumeClaim
-                                          in the same namespace as the pod using this
-                                          volume.
-                                        type: string
-                                      readOnly:
-                                        description: Will force the ReadOnly setting
-                                          in VolumeMounts. Default false.
-                                        type: boolean
-                                    required:
-                                    - claimName
-                                    type: object
-                                  photonPersistentDisk:
-                                    description: 'PhotonPersistentDisk represents
-                                      a PhotonController persistent disk attached
-                                      and mounted on kubelets '
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      pdID:
-                                        description: ID that identifies Photon Controller
-                                          persistent disk
-                                        type: string
-                                    required:
-                                    - pdID
-                                    type: object
-                                  portworxVolume:
-                                    description: PortworxVolume represents a portworx
-                                      volume attached and mounted on kubelets host
-                                      machine
-                                    properties:
-                                      fsType:
-                                        description: FSType represents the filesystem
-                                          type to mount Must be a filesystem type
-                                          supported by the host opera
-                                        type: string
-                                      readOnly:
-                                        description: Defaults to false (read/write).
-                                          ReadOnly here will force the ReadOnly setting
-                                          in VolumeMounts.
-                                        type: boolean
-                                      volumeID:
-                                        description: VolumeID uniquely identifies
-                                          a Portworx volume
-                                        type: string
-                                    required:
-                                    - volumeID
-                                    type: object
-                                  projected:
-                                    description: Items for all in one resources secrets,
-                                      configmaps, and downward API
-                                    properties:
-                                      defaultMode:
-                                        description: Mode bits used to set permissions
-                                          on created files by default.
-                                        format: int32
-                                        type: integer
-                                      sources:
-                                        description: list of volume projections
-                                        items:
-                                          description: Projection that may be projected
-                                            along with other supported volume types
-                                          properties:
-                                            configMap:
-                                              description: information about the configMap
-                                                data to project
-                                              properties:
-                                                items:
-                                                  description: 'If unspecified, each
-                                                    key-value pair in the Data field
-                                                    of the referenced ConfigMap will
-                                                    be projected '
-                                                  items:
-                                                    description: Maps a string key
-                                                      to a path within a volume.
-                                                    properties:
-                                                      key:
-                                                        description: The key to project.
-                                                        type: string
-                                                      mode:
-                                                        description: 'Optional: mode
-                                                          bits used to set permissions
-                                                          on this file.'
-                                                        format: int32
-                                                        type: integer
-                                                      path:
-                                                        description: The relative
-                                                          path of the file to map
-                                                          the key to. May not be an
-                                                          absolute path.
-                                                        type: string
-                                                    required:
-                                                    - key
-                                                    - path
-                                                    type: object
-                                                  type: array
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its keys must be
-                                                    defined
-                                                  type: boolean
-                                              type: object
-                                            downwardAPI:
-                                              description: information about the downwardAPI
-                                                data to project
-                                              properties:
-                                                items:
-                                                  description: Items is a list of
-                                                    DownwardAPIVolume file
-                                                  items:
-                                                    description: DownwardAPIVolumeFile
-                                                      represents information to create
-                                                      the file containing the pod
-                                                      field
-                                                    properties:
-                                                      fieldRef:
-                                                        description: 'Required: Selects
-                                                          a field of the pod: only
-                                                          annotations, labels, name
-                                                          and namespace are supported.'
-                                                        properties:
-                                                          apiVersion:
-                                                            description: Version of
-                                                              the schema the FieldPath
-                                                              is written in terms
-                                                              of, defaults to "v1".
-                                                            type: string
-                                                          fieldPath:
-                                                            description: Path of the
-                                                              field to select in the
-                                                              specified API version.
-                                                            type: string
-                                                        required:
-                                                        - fieldPath
-                                                        type: object
-                                                      mode:
-                                                        description: 'Optional: mode
-                                                          bits used to set permissions
-                                                          on this file, must be an
-                                                          octal value between 0000
-                                                          and 07'
-                                                        format: int32
-                                                        type: integer
-                                                      path:
-                                                        description: 'Required: Path
-                                                          is  the relative path name
-                                                          of the file to be created.'
-                                                        type: string
-                                                      resourceFieldRef:
-                                                        description: 'Selects a resource
-                                                          of the container: only resources
-                                                          limits and requests (limits.cpu,
-                                                          limits.'
-                                                        properties:
-                                                          containerName:
-                                                            description: 'Container
-                                                              name: required for volumes,
-                                                              optional for env vars'
-                                                            type: string
-                                                          divisor:
-                                                            anyOf:
-                                                            - type: integer
-                                                            - type: string
-                                                            description: Specifies
-                                                              the output format of
-                                                              the exposed resources,
-                                                              defaults to "1"
-                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                            x-kubernetes-int-or-string: true
-                                                          resource:
-                                                            description: 'Required:
-                                                              resource to select'
-                                                            type: string
-                                                        required:
-                                                        - resource
-                                                        type: object
-                                                    required:
-                                                    - path
-                                                    type: object
-                                                  type: array
-                                              type: object
-                                            secret:
-                                              description: information about the secret
-                                                data to project
-                                              properties:
-                                                items:
-                                                  description: If unspecified, each
-                                                    key-value pair in the Data field
-                                                    of the referenced Secret will
-                                                    be projected int
-                                                  items:
-                                                    description: Maps a string key
-                                                      to a path within a volume.
-                                                    properties:
-                                                      key:
-                                                        description: The key to project.
-                                                        type: string
-                                                      mode:
-                                                        description: 'Optional: mode
-                                                          bits used to set permissions
-                                                          on this file.'
-                                                        format: int32
-                                                        type: integer
-                                                      path:
-                                                        description: The relative
-                                                          path of the file to map
-                                                          the key to. May not be an
-                                                          absolute path.
-                                                        type: string
-                                                    required:
-                                                    - key
-                                                    - path
-                                                    type: object
-                                                  type: array
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              type: object
-                                            serviceAccountToken:
-                                              description: information about the serviceAccountToken
-                                                data to project
-                                              properties:
-                                                audience:
-                                                  description: Audience is the intended
-                                                    audience of the token.
-                                                  type: string
-                                                expirationSeconds:
-                                                  description: ExpirationSeconds is
-                                                    the requested duration of validity
-                                                    of the service account token.
-                                                  format: int64
-                                                  type: integer
-                                                path:
-                                                  description: Path is the path relative
-                                                    to the mount point of the file
-                                                    to project the token into.
-                                                  type: string
-                                              required:
-                                              - path
-                                              type: object
-                                          type: object
-                                        type: array
-                                    type: object
-                                  quobyte:
-                                    description: Quobyte represents a Quobyte mount
-                                      on the host that shares a pod's lifetime
-                                    properties:
-                                      group:
-                                        description: Group to map volume access to
-                                          Default is no group
-                                        type: string
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          Quobyte volume to be mounted with read-only
-                                          permissions.
-                                        type: boolean
-                                      registry:
-                                        description: Registry represents a single
-                                          or multiple Quobyte Registry services specified
-                                          as a string as host:por
-                                        type: string
-                                      tenant:
-                                        description: Tenant owning the given Quobyte
-                                          volume in the Backend Used with dynamically
-                                          provisioned Quobyte volu
-                                        type: string
-                                      user:
-                                        description: User to map volume access to
-                                          Defaults to serivceaccount user
-                                        type: string
-                                      volume:
-                                        description: Volume is a string that references
-                                          an already created Quobyte volume by name.
-                                        type: string
-                                    required:
-                                    - registry
-                                    - volume
-                                    type: object
-                                  rbd:
-                                    description: RBD represents a Rados Block Device
-                                      mount on the host that shares a pod's lifetime.
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type of the volume
-                                          that you want to mount.
-                                        type: string
-                                      image:
-                                        description: 'The rados image name. More info:
-                                          https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                        type: string
-                                      keyring:
-                                        description: Keyring is the path to key ring
-                                          for RBDUser. Default is /etc/ceph/keyring.
-                                        type: string
-                                      monitors:
-                                        description: 'A collection of Ceph monitors.
-                                          More info: https://examples.k8s.io/volumes/rbd/README.'
-                                        items:
-                                          type: string
-                                        type: array
-                                      pool:
-                                        description: 'The rados pool name. Default
-                                          is rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                        type: string
-                                      readOnly:
-                                        description: ReadOnly here will force the
-                                          ReadOnly setting in VolumeMounts. Defaults
-                                          to false.
-                                        type: boolean
-                                      secretRef:
-                                        description: SecretRef is name of the authentication
-                                          secret for RBDUser. If provided overrides
-                                          keyring.
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      user:
-                                        description: 'The rados user name. Default
-                                          is admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                        type: string
-                                    required:
-                                    - image
-                                    - monitors
-                                    type: object
-                                  scaleIO:
-                                    description: ScaleIO represents a ScaleIO persistent
-                                      volume attached and mounted on Kubernetes nodes.
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      gateway:
-                                        description: The host address of the ScaleIO
-                                          API Gateway.
-                                        type: string
-                                      protectionDomain:
-                                        description: The name of the ScaleIO Protection
-                                          Domain for the configured storage.
-                                        type: string
-                                      readOnly:
-                                        description: Defaults to false (read/write).
-                                          ReadOnly here will force the ReadOnly setting
-                                          in VolumeMounts.
-                                        type: boolean
-                                      secretRef:
-                                        description: SecretRef references to the secret
-                                          for ScaleIO user and other sensitive information.
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      sslEnabled:
-                                        description: Flag to enable/disable SSL communication
-                                          with Gateway, default false
-                                        type: boolean
-                                      storageMode:
-                                        description: Indicates whether the storage
-                                          for a volume should be ThickProvisioned
-                                          or ThinProvisioned.
-                                        type: string
-                                      storagePool:
-                                        description: The ScaleIO Storage Pool associated
-                                          with the protection domain.
-                                        type: string
-                                      system:
-                                        description: The name of the storage system
-                                          as configured in ScaleIO.
-                                        type: string
-                                      volumeName:
-                                        description: The name of a volume already
-                                          created in the ScaleIO system that is associated
-                                          with this volume sourc
-                                        type: string
-                                    required:
-                                    - gateway
-                                    - secretRef
-                                    - system
-                                    type: object
-                                  secret:
-                                    description: 'Secret represents a secret that
-                                      should populate this volume. More info: https://kubernetes.'
-                                    properties:
-                                      defaultMode:
-                                        description: 'Optional: mode bits used to
-                                          set permissions on created files by default.'
-                                        format: int32
-                                        type: integer
-                                      items:
-                                        description: If unspecified, each key-value
-                                          pair in the Data field of the referenced
-                                          Secret will be projected int
-                                        items:
-                                          description: Maps a string key to a path
-                                            within a volume.
-                                          properties:
-                                            key:
-                                              description: The key to project.
-                                              type: string
-                                            mode:
-                                              description: 'Optional: mode bits used
-                                                to set permissions on this file.'
-                                              format: int32
-                                              type: integer
-                                            path:
-                                              description: The relative path of the
-                                                file to map the key to. May not be
-                                                an absolute path.
-                                              type: string
-                                          required:
-                                          - key
-                                          - path
-                                          type: object
-                                        type: array
-                                      optional:
-                                        description: Specify whether the Secret or
-                                          its keys must be defined
-                                        type: boolean
-                                      secretName:
-                                        description: 'Name of the secret in the pod''s
-                                          namespace to use. More info: https://kubernetes.'
-                                        type: string
-                                    type: object
-                                  storageos:
-                                    description: StorageOS represents a StorageOS
-                                      volume attached and mounted on Kubernetes nodes.
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      readOnly:
-                                        description: Defaults to false (read/write).
-                                          ReadOnly here will force the ReadOnly setting
-                                          in VolumeMounts.
-                                        type: boolean
-                                      secretRef:
-                                        description: SecretRef specifies the secret
-                                          to use for obtaining the StorageOS API credentials.
-                                        properties:
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      volumeName:
-                                        description: VolumeName is the human-readable
-                                          name of the StorageOS volume.
-                                        type: string
-                                      volumeNamespace:
-                                        description: VolumeNamespace specifies the
-                                          scope of the volume within StorageOS.
-                                        type: string
-                                    type: object
-                                  vsphereVolume:
-                                    description: VsphereVolume represents a vSphere
-                                      volume attached and mounted on kubelets host
-                                      machine
-                                    properties:
-                                      fsType:
-                                        description: Filesystem type to mount. Must
-                                          be a filesystem type supported by the host
-                                          operating system. Ex.
-                                        type: string
-                                      storagePolicyID:
-                                        description: Storage Policy Based Management
-                                          (SPBM) profile ID associated with the StoragePolicyName.
-                                        type: string
-                                      storagePolicyName:
-                                        description: Storage Policy Based Management
-                                          (SPBM) profile name.
-                                        type: string
-                                      volumePath:
-                                        description: Path that identifies vSphere
-                                          volume vmdk
-                                        type: string
-                                    required:
-                                    - volumePath
-                                    type: object
-                                required:
-                                - name
-                                type: object
-                              type: array
-                          required:
-                          - containers
-                          type: object
-                      type: object
-                  required:
-                  - groupName
-                  - maxReplicas
-                  - minReplicas
-                  - rayStartParams
-                  - replicas
-                  - template
-                  type: object
-                type: array
-            required:
-            - headGroupSpec
-            type: object
-          status:
-            description: RayClusterStatus defines the observed state of RayCluster
-            properties:
-              availableWorkerReplicas:
-                description: AvailableWorkerReplicas indicates how many replicas are
-                  available in the cluster
-                format: int32
-                type: integer
-              desiredWorkerReplicas:
-                description: DesiredWorkerReplicas indicates overall desired replicas
-                  claimed by the user at the cluster level.
-                format: int32
-                type: integer
-              endpoints:
-                additionalProperties:
-                  type: string
-                description: Service Endpoints
-                type: object
-              lastUpdateTime:
-                description: LastUpdateTime indicates last update timestamp for this
-                  cluster status.
-                format: date-time
-                nullable: true
-                type: string
-              maxWorkerReplicas:
-                description: MaxWorkerReplicas indicates sum of maximum replicas of
-                  each node group.
-                format: int32
-                type: integer
-              minWorkerReplicas:
-                description: MinWorkerReplicas indicates sum of minimum replicas of
-                  each node group.
-                format: int32
-                type: integer
-              state:
-                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                  of cluster Important: Run "make" to regenerat'
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayjobs.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayjobs.yaml
deleted file mode 100644
index 1170f048b3..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayjobs.yaml
+++ /dev/null
@@ -1,11723 +0,0 @@
-# Make sure to increase resource requests and limits before using this example in production.
-# For examples with more realistic resource configuration, see
-# ray-cluster.complete.large.yaml and
-# ray-cluster.autoscaler.large.yaml.
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.0
-  creationTimestamp: null
-  name: rayjobs.ray.io
-spec:
-  group: ray.io
-  names:
-    kind: RayJob
-    listKind: RayJobList
-    plural: rayjobs
-    singular: rayjob
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: RayJob is the Schema for the rayjobs API
-        properties:
-          apiVersion:
-            description: APIVersion defines the versioned schema of this representation
-              of an object.
-            type: string
-          kind:
-            description: Kind is a string value representing the REST resource this
-              object represents.
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: RayJobSpec defines the desired state of RayJob
-            properties:
-              clusterSelector:
-                additionalProperties:
-                  type: string
-                description: clusterSelector is used to select running rayclusters
-                  by labels
-                type: object
-              entrypoint:
-                description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-                  Important: Run "make" to regenerate code af'
-                type: string
-              jobId:
-                description: If jobId is not set, a new jobId will be auto-generated.
-                type: string
-              metadata:
-                additionalProperties:
-                  type: string
-                description: Metadata is data to store along with this job.
-                type: object
-              rayClusterSpec:
-                description: RayClusterSpec is the cluster template to run the job
-                properties:
-                  autoscalerOptions:
-                    description: AutoscalerOptions specifies optional configuration
-                      for the Ray autoscaler.
-                    properties:
-                      env:
-                        description: Optional list of environment variables to set
-                          in the autoscaler container.
-                        items:
-                          description: EnvVar represents an environment variable present
-                            in a Container.
-                          properties:
-                            name:
-                              description: Name of the environment variable. Must
-                                be a C_IDENTIFIER.
-                              type: string
-                            value:
-                              description: Variable references $(VAR_NAME) are expanded
-                                using the previously defined environment variables
-                                in t
-                              type: string
-                            valueFrom:
-                              description: Source for the environment variable's value.
-                                Cannot be used if value is not empty.
-                              properties:
-                                configMapKeyRef:
-                                  description: Selects a key of a ConfigMap.
-                                  properties:
-                                    key:
-                                      description: The key to select.
-                                      type: string
-                                    name:
-                                      description: 'Name of the referent. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    optional:
-                                      description: Specify whether the ConfigMap or
-                                        its key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                fieldRef:
-                                  description: 'Selects a field of the pod: supports
-                                    metadata.name, metadata.namespace, `metadata.'
-                                  properties:
-                                    apiVersion:
-                                      description: Version of the schema the FieldPath
-                                        is written in terms of, defaults to "v1".
-                                      type: string
-                                    fieldPath:
-                                      description: Path of the field to select in
-                                        the specified API version.
-                                      type: string
-                                  required:
-                                  - fieldPath
-                                  type: object
-                                resourceFieldRef:
-                                  description: 'Selects a resource of the container:
-                                    only resources limits and requests (limits.cpu,
-                                    limits.'
-                                  properties:
-                                    containerName:
-                                      description: 'Container name: required for volumes,
-                                        optional for env vars'
-                                      type: string
-                                    divisor:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: Specifies the output format of
-                                        the exposed resources, defaults to "1"
-                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                      x-kubernetes-int-or-string: true
-                                    resource:
-                                      description: 'Required: resource to select'
-                                      type: string
-                                  required:
-                                  - resource
-                                  type: object
-                                secretKeyRef:
-                                  description: Selects a key of a secret in the pod's
-                                    namespace
-                                  properties:
-                                    key:
-                                      description: The key of the secret to select
-                                        from.  Must be a valid secret key.
-                                      type: string
-                                    name:
-                                      description: 'Name of the referent. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    optional:
-                                      description: Specify whether the Secret or its
-                                        key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      envFrom:
-                        description: Optional list of sources to populate environment
-                          variables in the autoscaler container.
-                        items:
-                          description: EnvFromSource represents the source of a set
-                            of ConfigMaps
-                          properties:
-                            configMapRef:
-                              description: The ConfigMap to select from
-                              properties:
-                                name:
-                                  description: 'Name of the referent. More info: https://kubernetes.'
-                                  type: string
-                                optional:
-                                  description: Specify whether the ConfigMap must
-                                    be defined
-                                  type: boolean
-                              type: object
-                            prefix:
-                              description: An optional identifier to prepend to each
-                                key in the ConfigMap. Must be a C_IDENTIFIER.
-                              type: string
-                            secretRef:
-                              description: The Secret to select from
-                              properties:
-                                name:
-                                  description: 'Name of the referent. More info: https://kubernetes.'
-                                  type: string
-                                optional:
-                                  description: Specify whether the Secret must be
-                                    defined
-                                  type: boolean
-                              type: object
-                          type: object
-                        type: array
-                      idleTimeoutSeconds:
-                        description: IdleTimeoutSeconds is the number of seconds to
-                          wait before scaling down a worker pod which is not us
-                        format: int32
-                        type: integer
-                      image:
-                        description: Image optionally overrides the autoscaler's container
-                          image.
-                        type: string
-                      imagePullPolicy:
-                        description: ImagePullPolicy optionally overrides the autoscaler
-                          container's image pull policy.
-                        type: string
-                      resources:
-                        description: Resources specifies optional resource request
-                          and limit overrides for the autoscaler container.
-                        properties:
-                          limits:
-                            additionalProperties:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                            description: 'Limits describes the maximum amount of compute
-                              resources allowed. More info: https://kubernetes.'
-                            type: object
-                          requests:
-                            additionalProperties:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                            description: Requests describes the minimum amount of
-                              compute resources required.
-                            type: object
-                        type: object
-                      upscalingMode:
-                        description: UpscalingMode is "Conservative", "Default", or
-                          "Aggressive.
-                        enum:
-                        - Default
-                        - Aggressive
-                        - Conservative
-                        type: string
-                    type: object
-                  enableInTreeAutoscaling:
-                    description: EnableInTreeAutoscaling indicates whether operator
-                      should create in tree autoscaling configs
-                    type: boolean
-                  headGroupSpec:
-                    description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of
-                      cluster Important: Run "make" to regenerate code af'
-                    properties:
-                      enableIngress:
-                        description: EnableIngress indicates whether operator should
-                          create ingress object for head service or not.
-                        type: boolean
-                      rayStartParams:
-                        additionalProperties:
-                          type: string
-                        description: 'RayStartParams are the params of the start command:
-                          node-manager-port, object-store-memory, ...'
-                        type: object
-                      replicas:
-                        description: HeadGroupSpec.Replicas is deprecated and ignored;
-                          there can only be one head pod per Ray cluster.
-                        format: int32
-                        type: integer
-                      serviceType:
-                        description: ServiceType is Kubernetes service type of the
-                          head service.
-                        type: string
-                      template:
-                        description: Template is the eaxct pod template used in K8s
-                          depoyments, statefulsets, etc.
-                        properties:
-                          metadata:
-                            description: 'Standard object''s metadata. More info:
-                              https://git.k8s.'
-                            properties:
-                              annotations:
-                                additionalProperties:
-                                  type: string
-                                type: object
-                              finalizers:
-                                items:
-                                  type: string
-                                type: array
-                              labels:
-                                additionalProperties:
-                                  type: string
-                                type: object
-                              name:
-                                type: string
-                              namespace:
-                                type: string
-                            type: object
-                          spec:
-                            description: 'Specification of the desired behavior of
-                              the pod. More info: https://git.k8s.'
-                            properties:
-                              activeDeadlineSeconds:
-                                description: Optional duration in seconds the pod
-                                  may be active on the node relative to StartTime
-                                  before the syst
-                                format: int64
-                                type: integer
-                              affinity:
-                                description: If specified, the pod's scheduling constraints
-                                properties:
-                                  nodeAffinity:
-                                    description: Describes node affinity scheduling
-                                      rules for the pod.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: 'The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          affinity expressions specified '
-                                        items:
-                                          description: An empty preferred scheduling
-                                            term matches all objects with implicit
-                                            weight 0 (i.e. it's a no-op).
-                                          properties:
-                                            preference:
-                                              description: A node selector term, associated
-                                                with the corresponding weight.
-                                              properties:
-                                                matchExpressions:
-                                                  description: A list of node selector
-                                                    requirements by node's labels.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchFields:
-                                                  description: A list of node selector
-                                                    requirements by node's fields.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                              type: object
-                                            weight:
-                                              description: Weight associated with
-                                                matching the corresponding nodeSelectorTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - preference
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod will no
-                                        properties:
-                                          nodeSelectorTerms:
-                                            description: Required. A list of node
-                                              selector terms. The terms are ORed.
-                                            items:
-                                              description: A null or empty node selector
-                                                term matches no objects. The requirements
-                                                of them are ANDed.
-                                              properties:
-                                                matchExpressions:
-                                                  description: A list of node selector
-                                                    requirements by node's labels.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchFields:
-                                                  description: A list of node selector
-                                                    requirements by node's fields.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                              type: object
-                                            type: array
-                                        required:
-                                        - nodeSelectorTerms
-                                        type: object
-                                    type: object
-                                  podAffinity:
-                                    description: Describes pod affinity scheduling
-                                      rules (e.g. co-locate this pod in the same node,
-                                      zone, etc.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: 'The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          affinity expressions specified '
-                                        items:
-                                          description: The weights of all of the matched
-                                            WeightedPodAffinityTerm fields are added
-                                            per-node to find the most
-                                          properties:
-                                            podAffinityTerm:
-                                              description: Required. A pod affinity
-                                                term, associated with the corresponding
-                                                weight.
-                                              properties:
-                                                labelSelector:
-                                                  description: A label query over
-                                                    a set of resources, in this case
-                                                    pods.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaceSelector:
-                                                  description: A label query over
-                                                    the set of namespaces that the
-                                                    term applies to.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaces:
-                                                  description: namespaces specifies
-                                                    a static list of namespace names
-                                                    that the term applies to.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                topologyKey:
-                                                  description: This pod should be
-                                                    co-located (affinity) or not co-located
-                                                    (anti-affinity) with the pods
-                                                    matching th
-                                                  type: string
-                                              required:
-                                              - topologyKey
-                                              type: object
-                                            weight:
-                                              description: weight associated with
-                                                matching the corresponding podAffinityTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - podAffinityTerm
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod will no
-                                        items:
-                                          description: Defines a set of pods (namely
-                                            those matching the labelSelector relative
-                                            to the given namespace(s)) t
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        type: array
-                                    type: object
-                                  podAntiAffinity:
-                                    description: Describes pod anti-affinity scheduling
-                                      rules (e.g.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          anti-affinity expressions speci
-                                        items:
-                                          description: The weights of all of the matched
-                                            WeightedPodAffinityTerm fields are added
-                                            per-node to find the most
-                                          properties:
-                                            podAffinityTerm:
-                                              description: Required. A pod affinity
-                                                term, associated with the corresponding
-                                                weight.
-                                              properties:
-                                                labelSelector:
-                                                  description: A label query over
-                                                    a set of resources, in this case
-                                                    pods.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaceSelector:
-                                                  description: A label query over
-                                                    the set of namespaces that the
-                                                    term applies to.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaces:
-                                                  description: namespaces specifies
-                                                    a static list of namespace names
-                                                    that the term applies to.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                topologyKey:
-                                                  description: This pod should be
-                                                    co-located (affinity) or not co-located
-                                                    (anti-affinity) with the pods
-                                                    matching th
-                                                  type: string
-                                              required:
-                                              - topologyKey
-                                              type: object
-                                            weight:
-                                              description: weight associated with
-                                                matching the corresponding podAffinityTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - podAffinityTerm
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the anti-affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod wi
-                                        items:
-                                          description: Defines a set of pods (namely
-                                            those matching the labelSelector relative
-                                            to the given namespace(s)) t
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        type: array
-                                    type: object
-                                type: object
-                              automountServiceAccountToken:
-                                description: AutomountServiceAccountToken indicates
-                                  whether a service account token should be automatically
-                                  mount
-                                type: boolean
-                              containers:
-                                description: List of containers belonging to the pod.
-                                  Containers cannot currently be added or removed.
-                                items:
-                                  description: A single application container that
-                                    you want to run within a pod.
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Actions that the management system
-                                        should take in response to container lifecycle
-                                        events.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Periodic probe of container liveness.
-                                        Container will be restarted if the probe fails.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the container specified
-                                        as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: List of ports to expose from the
-                                        container.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Periodic probe of container service
-                                        readiness.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: 'Compute Resources required by
-                                        this container. Cannot be updated. More info:
-                                        https://kubernetes.'
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: SecurityContext defines the security
-                                        options the container should be run with.
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: StartupProbe indicates that the
-                                        Pod has successfully initialized.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem. Cannot be updated.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              dnsConfig:
-                                description: Specifies the DNS parameters of a pod.
-                                properties:
-                                  nameservers:
-                                    description: A list of DNS name server IP addresses.
-                                    items:
-                                      type: string
-                                    type: array
-                                  options:
-                                    description: A list of DNS resolver options. This
-                                      will be merged with the base options generated
-                                      from DNSPolicy.
-                                    items:
-                                      description: PodDNSConfigOption defines DNS
-                                        resolver options of a pod.
-                                      properties:
-                                        name:
-                                          description: Required.
-                                          type: string
-                                        value:
-                                          type: string
-                                      type: object
-                                    type: array
-                                  searches:
-                                    description: A list of DNS search domains for
-                                      host-name lookup.
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                              dnsPolicy:
-                                description: Set DNS policy for the pod. Defaults
-                                  to "ClusterFirst".
-                                type: string
-                              enableServiceLinks:
-                                description: EnableServiceLinks indicates whether
-                                  information about services should be injected into
-                                  pod's enviro
-                                type: boolean
-                              ephemeralContainers:
-                                description: List of ephemeral containers run in this
-                                  pod.
-                                items:
-                                  description: An EphemeralContainer is a temporary
-                                    container that you may add to an existing Pod
-                                    for user-initiate
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.io/docs/concepts/containers/images'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Lifecycle is not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the ephemeral container
-                                        specified as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: Ports are not allowed for ephemeral
-                                        containers.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: Resources are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: 'Optional: SecurityContext defines
-                                        the security options the ephemeral container
-                                        should be run with.'
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    targetContainerName:
-                                      description: If set, the name of the container
-                                        from PodSpec that this ephemeral container
-                                        targets.
-                                      type: string
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              hostAliases:
-                                description: 'HostAliases is an optional list of hosts
-                                  and IPs that will be injected into the pod''s hosts
-                                  file if '
-                                items:
-                                  description: 'HostAlias holds the mapping between
-                                    IP and hostnames that will be injected as an entry
-                                    in the pod''s '
-                                  properties:
-                                    hostnames:
-                                      description: Hostnames for the above IP address.
-                                      items:
-                                        type: string
-                                      type: array
-                                    ip:
-                                      description: IP address of the host file entry.
-                                      type: string
-                                  type: object
-                                type: array
-                              hostIPC:
-                                description: 'Use the host''s ipc namespace. Optional:
-                                  Default to false.'
-                                type: boolean
-                              hostNetwork:
-                                description: Host networking requested for this pod.
-                                  Use the host's network namespace.
-                                type: boolean
-                              hostPID:
-                                description: 'Use the host''s pid namespace. Optional:
-                                  Default to false.'
-                                type: boolean
-                              hostname:
-                                description: Specifies the hostname of the Pod If
-                                  not specified, the pod's hostname will be set to
-                                  a system-defin
-                                type: string
-                              imagePullSecrets:
-                                description: ImagePullSecrets is an optional list
-                                  of references to secrets in the same namespace to
-                                  use for pulli
-                                items:
-                                  description: 'LocalObjectReference contains enough
-                                    information to let you locate the referenced object
-                                    inside the '
-                                  properties:
-                                    name:
-                                      description: 'Name of the referent. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                  type: object
-                                type: array
-                              initContainers:
-                                description: List of initialization containers belonging
-                                  to the pod.
-                                items:
-                                  description: A single application container that
-                                    you want to run within a pod.
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Actions that the management system
-                                        should take in response to container lifecycle
-                                        events.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Periodic probe of container liveness.
-                                        Container will be restarted if the probe fails.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the container specified
-                                        as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: List of ports to expose from the
-                                        container.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Periodic probe of container service
-                                        readiness.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: 'Compute Resources required by
-                                        this container. Cannot be updated. More info:
-                                        https://kubernetes.'
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: SecurityContext defines the security
-                                        options the container should be run with.
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: StartupProbe indicates that the
-                                        Pod has successfully initialized.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem. Cannot be updated.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              nodeName:
-                                description: NodeName is a request to schedule this
-                                  pod onto a specific node.
-                                type: string
-                              nodeSelector:
-                                additionalProperties:
-                                  type: string
-                                description: NodeSelector is a selector which must
-                                  be true for the pod to fit on a node.
-                                type: object
-                                x-kubernetes-map-type: atomic
-                              os:
-                                description: Specifies the OS of the containers in
-                                  the pod.
-                                properties:
-                                  name:
-                                    description: Name is the name of the operating
-                                      system. The currently supported values are linux
-                                      and windows.
-                                    type: string
-                                required:
-                                - name
-                                type: object
-                              overhead:
-                                additionalProperties:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                  x-kubernetes-int-or-string: true
-                                description: Overhead represents the resource overhead
-                                  associated with running a pod for a given RuntimeClass.
-                                type: object
-                              preemptionPolicy:
-                                description: PreemptionPolicy is the Policy for preempting
-                                  pods with lower priority.
-                                type: string
-                              priority:
-                                description: The priority value. Various system components
-                                  use this field to find the priority of the pod.
-                                format: int32
-                                type: integer
-                              priorityClassName:
-                                description: If specified, indicates the pod's priority.
-                                type: string
-                              readinessGates:
-                                description: If specified, all readiness gates will
-                                  be evaluated for pod readiness.
-                                items:
-                                  description: PodReadinessGate contains the reference
-                                    to a pod condition
-                                  properties:
-                                    conditionType:
-                                      description: ConditionType refers to a condition
-                                        in the pod's condition list with matching
-                                        type.
-                                      type: string
-                                  required:
-                                  - conditionType
-                                  type: object
-                                type: array
-                              restartPolicy:
-                                description: Restart policy for all containers within
-                                  the pod. One of Always, OnFailure, Never.
-                                type: string
-                              runtimeClassName:
-                                description: RuntimeClassName refers to a RuntimeClass
-                                  object in the node.k8s.
-                                type: string
-                              schedulerName:
-                                description: If specified, the pod will be dispatched
-                                  by specified scheduler.
-                                type: string
-                              securityContext:
-                                description: SecurityContext holds pod-level security
-                                  attributes and common container settings.
-                                properties:
-                                  fsGroup:
-                                    description: A special supplemental group that
-                                      applies to all containers in a pod.
-                                    format: int64
-                                    type: integer
-                                  fsGroupChangePolicy:
-                                    description: fsGroupChangePolicy defines behavior
-                                      of changing ownership and permission of the
-                                      volume before being
-                                    type: string
-                                  runAsGroup:
-                                    description: The GID to run the entrypoint of
-                                      the container process. Uses runtime default
-                                      if unset.
-                                    format: int64
-                                    type: integer
-                                  runAsNonRoot:
-                                    description: Indicates that the container must
-                                      run as a non-root user.
-                                    type: boolean
-                                  runAsUser:
-                                    description: The UID to run the entrypoint of
-                                      the container process.
-                                    format: int64
-                                    type: integer
-                                  seLinuxOptions:
-                                    description: The SELinux context to be applied
-                                      to all containers.
-                                    properties:
-                                      level:
-                                        description: Level is SELinux level label
-                                          that applies to the container.
-                                        type: string
-                                      role:
-                                        description: Role is a SELinux role label
-                                          that applies to the container.
-                                        type: string
-                                      type:
-                                        description: Type is a SELinux type label
-                                          that applies to the container.
-                                        type: string
-                                      user:
-                                        description: User is a SELinux user label
-                                          that applies to the container.
-                                        type: string
-                                    type: object
-                                  seccompProfile:
-                                    description: The seccomp options to use by the
-                                      containers in this pod.
-                                    properties:
-                                      localhostProfile:
-                                        description: localhostProfile indicates a
-                                          profile defined in a file on the node should
-                                          be used.
-                                        type: string
-                                      type:
-                                        description: type indicates which kind of
-                                          seccomp profile will be applied.
-                                        type: string
-                                    required:
-                                    - type
-                                    type: object
-                                  supplementalGroups:
-                                    description: 'A list of groups applied to the
-                                      first process run in each container, in addition
-                                      to the container''s '
-                                    items:
-                                      format: int64
-                                      type: integer
-                                    type: array
-                                  sysctls:
-                                    description: Sysctls hold a list of namespaced
-                                      sysctls used for the pod.
-                                    items:
-                                      description: Sysctl defines a kernel parameter
-                                        to be set
-                                      properties:
-                                        name:
-                                          description: Name of a property to set
-                                          type: string
-                                        value:
-                                          description: Value of a property to set
-                                          type: string
-                                      required:
-                                      - name
-                                      - value
-                                      type: object
-                                    type: array
-                                  windowsOptions:
-                                    description: The Windows specific settings applied
-                                      to all containers.
-                                    properties:
-                                      gmsaCredentialSpec:
-                                        description: GMSACredentialSpec is where the
-                                          GMSA admission webhook (https://github.
-                                        type: string
-                                      gmsaCredentialSpecName:
-                                        description: GMSACredentialSpecName is the
-                                          name of the GMSA credential spec to use.
-                                        type: string
-                                      hostProcess:
-                                        description: HostProcess determines if a container
-                                          should be run as a 'Host Process' container.
-                                        type: boolean
-                                      runAsUserName:
-                                        description: The UserName in Windows to run
-                                          the entrypoint of the container process.
-                                        type: string
-                                    type: object
-                                type: object
-                              serviceAccount:
-                                description: DeprecatedServiceAccount is a depreciated
-                                  alias for ServiceAccountName.
-                                type: string
-                              serviceAccountName:
-                                description: ServiceAccountName is the name of the
-                                  ServiceAccount to use to run this pod.
-                                type: string
-                              setHostnameAsFQDN:
-                                description: If true the pod's hostname will be configured
-                                  as the pod's FQDN, rather than the leaf name (the
-                                  defa
-                                type: boolean
-                              shareProcessNamespace:
-                                description: Share a single process namespace between
-                                  all of the containers in a pod.
-                                type: boolean
-                              subdomain:
-                                description: If specified, the fully qualified Pod
-                                  hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.
-                                type: string
-                              terminationGracePeriodSeconds:
-                                description: Optional duration in seconds the pod
-                                  needs to terminate gracefully.
-                                format: int64
-                                type: integer
-                              tolerations:
-                                description: If specified, the pod's tolerations.
-                                items:
-                                  description: The pod this Toleration is attached
-                                    to tolerates any taint that matches the triple
-                                    <key,value,effect
-                                  properties:
-                                    effect:
-                                      description: Effect indicates the taint effect
-                                        to match. Empty means match all taint effects.
-                                      type: string
-                                    key:
-                                      description: Key is the taint key that the toleration
-                                        applies to. Empty means match all taint keys.
-                                      type: string
-                                    operator:
-                                      description: Operator represents a key's relationship
-                                        to the value. Valid operators are Exists and
-                                        Equal.
-                                      type: string
-                                    tolerationSeconds:
-                                      description: TolerationSeconds represents the
-                                        period of time the toleration (which must
-                                        be of effect NoExecute, o
-                                      format: int64
-                                      type: integer
-                                    value:
-                                      description: Value is the taint value the toleration
-                                        matches to.
-                                      type: string
-                                  type: object
-                                type: array
-                              topologySpreadConstraints:
-                                description: TopologySpreadConstraints describes how
-                                  a group of pods ought to spread across topology
-                                  domains.
-                                items:
-                                  description: TopologySpreadConstraint specifies
-                                    how to spread matching pods among the given topology.
-                                  properties:
-                                    labelSelector:
-                                      description: LabelSelector is used to find matching
-                                        pods.
-                                      properties:
-                                        matchExpressions:
-                                          description: matchExpressions is a list
-                                            of label selector requirements. The requirements
-                                            are ANDed.
-                                          items:
-                                            description: A label selector requirement
-                                              is a selector that contains values,
-                                              a key, and an operator that relates
-                                            properties:
-                                              key:
-                                                description: key is the label key
-                                                  that the selector applies to.
-                                                type: string
-                                              operator:
-                                                description: operator represents a
-                                                  key's relationship to a set of values.
-                                                type: string
-                                              values:
-                                                description: values is an array of
-                                                  string values.
-                                                items:
-                                                  type: string
-                                                type: array
-                                            required:
-                                            - key
-                                            - operator
-                                            type: object
-                                          type: array
-                                        matchLabels:
-                                          additionalProperties:
-                                            type: string
-                                          description: matchLabels is a map of {key,value}
-                                            pairs.
-                                          type: object
-                                      type: object
-                                    maxSkew:
-                                      description: MaxSkew describes the degree to
-                                        which pods may be unevenly distributed.
-                                      format: int32
-                                      type: integer
-                                    topologyKey:
-                                      description: TopologyKey is the key of node
-                                        labels.
-                                      type: string
-                                    whenUnsatisfiable:
-                                      description: WhenUnsatisfiable indicates how
-                                        to deal with a pod if it doesn't satisfy the
-                                        spread constraint.
-                                      type: string
-                                  required:
-                                  - maxSkew
-                                  - topologyKey
-                                  - whenUnsatisfiable
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - topologyKey
-                                - whenUnsatisfiable
-                                x-kubernetes-list-type: map
-                              volumes:
-                                description: List of volumes that can be mounted by
-                                  containers belonging to the pod.
-                                items:
-                                  description: Volume represents a named volume in
-                                    a pod that may be accessed by any container in
-                                    the pod.
-                                  properties:
-                                    awsElasticBlockStore:
-                                      description: AWSElasticBlockStore represents
-                                        an AWS Disk resource that is attached to a
-                                        kubelet's host machine an
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        partition:
-                                          description: The partition in the volume
-                                            that you want to mount.
-                                          format: int32
-                                          type: integer
-                                        readOnly:
-                                          description: Specify "true" to force and
-                                            set the ReadOnly property in VolumeMounts
-                                            to "true".
-                                          type: boolean
-                                        volumeID:
-                                          description: 'Unique ID of the persistent
-                                            disk resource in AWS (Amazon EBS volume).
-                                            More info: https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    azureDisk:
-                                      description: AzureDisk represents an Azure Data
-                                        Disk mount on the host and bind mount to the
-                                        pod.
-                                      properties:
-                                        cachingMode:
-                                          description: 'Host Caching mode: None, Read
-                                            Only, Read Write.'
-                                          type: string
-                                        diskName:
-                                          description: The Name of the data disk in
-                                            the blob storage
-                                          type: string
-                                        diskURI:
-                                          description: The URI the data disk in the
-                                            blob storage
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        kind:
-                                          description: 'Expected values Shared: multiple
-                                            blob disks per storage account  Dedicated:
-                                            single blob disk per sto'
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                      required:
-                                      - diskName
-                                      - diskURI
-                                      type: object
-                                    azureFile:
-                                      description: AzureFile represents an Azure File
-                                        Service mount on the host and bind mount to
-                                        the pod.
-                                      properties:
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretName:
-                                          description: the name of secret that contains
-                                            Azure Storage Account Name and Key
-                                          type: string
-                                        shareName:
-                                          description: Share Name
-                                          type: string
-                                      required:
-                                      - secretName
-                                      - shareName
-                                      type: object
-                                    cephfs:
-                                      description: CephFS represents a Ceph FS mount
-                                        on the host that shares a pod's lifetime
-                                      properties:
-                                        monitors:
-                                          description: 'Required: Monitors is a collection
-                                            of Ceph monitors More info: https://examples.k8s.'
-                                          items:
-                                            type: string
-                                          type: array
-                                        path:
-                                          description: 'Optional: Used as the mounted
-                                            root, rather than the full Ceph tree,
-                                            default is /'
-                                          type: string
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretFile:
-                                          description: 'Optional: SecretFile is the
-                                            path to key ring for User, default is
-                                            /etc/ceph/user.'
-                                          type: string
-                                        secretRef:
-                                          description: 'Optional: SecretRef is reference
-                                            to the authentication secret for User,
-                                            default is empty.'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        user:
-                                          description: 'Optional: User is the rados
-                                            user name, default is admin More info:
-                                            https://examples.k8s.'
-                                          type: string
-                                      required:
-                                      - monitors
-                                      type: object
-                                    cinder:
-                                      description: Cinder represents a cinder volume
-                                        attached and mounted on kubelets host machine.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system.
-                                          type: string
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretRef:
-                                          description: 'Optional: points to a secret
-                                            object containing parameters used to connect
-                                            to OpenStack.'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        volumeID:
-                                          description: 'volume id used to identify
-                                            the volume in cinder. More info: https://examples.k8s.'
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    configMap:
-                                      description: ConfigMap represents a configMap
-                                        that should populate this volume
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits used to
-                                            set permissions on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: 'If unspecified, each key-value
-                                            pair in the Data field of the referenced
-                                            ConfigMap will be projected '
-                                          items:
-                                            description: Maps a string key to a path
-                                              within a volume.
-                                            properties:
-                                              key:
-                                                description: The key to project.
-                                                type: string
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file.'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: The relative path of
-                                                  the file to map the key to. May
-                                                  not be an absolute path.
-                                                type: string
-                                            required:
-                                            - key
-                                            - path
-                                            type: object
-                                          type: array
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its keys must be defined
-                                          type: boolean
-                                      type: object
-                                    csi:
-                                      description: CSI (Container Storage Interface)
-                                        represents ephemeral storage that is handled
-                                        by certain external C
-                                      properties:
-                                        driver:
-                                          description: Driver is the name of the CSI
-                                            driver that handles this volume.
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Ex.
-                                            "ext4", "xfs", "ntfs".
-                                          type: string
-                                        nodePublishSecretRef:
-                                          description: NodePublishSecretRef is a reference
-                                            to the secret object containing sensitive
-                                            information to pass to
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        readOnly:
-                                          description: Specifies a read-only configuration
-                                            for the volume. Defaults to false (read/write).
-                                          type: boolean
-                                        volumeAttributes:
-                                          additionalProperties:
-                                            type: string
-                                          description: VolumeAttributes stores driver-specific
-                                            properties that are passed to the CSI
-                                            driver.
-                                          type: object
-                                      required:
-                                      - driver
-                                      type: object
-                                    downwardAPI:
-                                      description: DownwardAPI represents downward
-                                        API about the pod that should populate this
-                                        volume
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits to use
-                                            on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: Items is a list of downward
-                                            API volume file
-                                          items:
-                                            description: DownwardAPIVolumeFile represents
-                                              information to create the file containing
-                                              the pod field
-                                            properties:
-                                              fieldRef:
-                                                description: 'Required: Selects a
-                                                  field of the pod: only annotations,
-                                                  labels, name and namespace are supported.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file, must be an octal value between
-                                                  0000 and 07'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: 'Required: Path is  the
-                                                  relative path name of the file to
-                                                  be created.'
-                                                type: string
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                            required:
-                                            - path
-                                            type: object
-                                          type: array
-                                      type: object
-                                    emptyDir:
-                                      description: EmptyDir represents a temporary
-                                        directory that shares a pod's lifetime.
-                                      properties:
-                                        medium:
-                                          description: What type of storage medium
-                                            should back this directory.
-                                          type: string
-                                        sizeLimit:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Total amount of local storage
-                                            required for this EmptyDir volume.
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                      type: object
-                                    ephemeral:
-                                      description: Ephemeral represents a volume that
-                                        is handled by a cluster storage driver.
-                                      properties:
-                                        volumeClaimTemplate:
-                                          description: Will be used to create a stand-alone
-                                            PVC to provision the volume.
-                                          properties:
-                                            metadata:
-                                              description: May contain labels and
-                                                annotations that will be copied into
-                                                the PVC when creating it.
-                                              properties:
-                                                annotations:
-                                                  additionalProperties:
-                                                    type: string
-                                                  type: object
-                                                finalizers:
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                labels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  type: object
-                                                name:
-                                                  type: string
-                                                namespace:
-                                                  type: string
-                                              type: object
-                                            spec:
-                                              description: The specification for the
-                                                PersistentVolumeClaim.
-                                              properties:
-                                                accessModes:
-                                                  description: 'AccessModes contains
-                                                    the desired access modes the volume
-                                                    should have. More info: https://kubernetes.'
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                dataSource:
-                                                  description: 'This field can be
-                                                    used to specify either: * An existing
-                                                    VolumeSnapshot object (snapshot.storage.k8s.'
-                                                  properties:
-                                                    apiGroup:
-                                                      description: APIGroup is the
-                                                        group for the resource being
-                                                        referenced.
-                                                      type: string
-                                                    kind:
-                                                      description: Kind is the type
-                                                        of resource being referenced
-                                                      type: string
-                                                    name:
-                                                      description: Name is the name
-                                                        of resource being referenced
-                                                      type: string
-                                                  required:
-                                                  - kind
-                                                  - name
-                                                  type: object
-                                                dataSourceRef:
-                                                  description: Specifies the object
-                                                    from which to populate the volume
-                                                    with data, if a non-empty volume
-                                                    is desired.
-                                                  properties:
-                                                    apiGroup:
-                                                      description: APIGroup is the
-                                                        group for the resource being
-                                                        referenced.
-                                                      type: string
-                                                    kind:
-                                                      description: Kind is the type
-                                                        of resource being referenced
-                                                      type: string
-                                                    name:
-                                                      description: Name is the name
-                                                        of resource being referenced
-                                                      type: string
-                                                  required:
-                                                  - kind
-                                                  - name
-                                                  type: object
-                                                resources:
-                                                  description: Resources represents
-                                                    the minimum resources the volume
-                                                    should have.
-                                                  properties:
-                                                    limits:
-                                                      additionalProperties:
-                                                        anyOf:
-                                                        - type: integer
-                                                        - type: string
-                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                        x-kubernetes-int-or-string: true
-                                                      description: 'Limits describes
-                                                        the maximum amount of compute
-                                                        resources allowed. More info:
-                                                        https://kubernetes.'
-                                                      type: object
-                                                    requests:
-                                                      additionalProperties:
-                                                        anyOf:
-                                                        - type: integer
-                                                        - type: string
-                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                        x-kubernetes-int-or-string: true
-                                                      description: Requests describes
-                                                        the minimum amount of compute
-                                                        resources required.
-                                                      type: object
-                                                  type: object
-                                                selector:
-                                                  description: A label query over
-                                                    volumes to consider for binding.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                storageClassName:
-                                                  description: 'Name of the StorageClass
-                                                    required by the claim. More info:
-                                                    https://kubernetes.'
-                                                  type: string
-                                                volumeMode:
-                                                  description: volumeMode defines
-                                                    what type of volume is required
-                                                    by the claim.
-                                                  type: string
-                                                volumeName:
-                                                  description: VolumeName is the binding
-                                                    reference to the PersistentVolume
-                                                    backing this claim.
-                                                  type: string
-                                              type: object
-                                          required:
-                                          - spec
-                                          type: object
-                                      type: object
-                                    fc:
-                                      description: FC represents a Fibre Channel resource
-                                        that is attached to a kubelet's host machine
-                                        and then exposed
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        lun:
-                                          description: 'Optional: FC target lun number'
-                                          format: int32
-                                          type: integer
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        targetWWNs:
-                                          description: 'Optional: FC target worldwide
-                                            names (WWNs)'
-                                          items:
-                                            type: string
-                                          type: array
-                                        wwids:
-                                          description: 'Optional: FC volume world
-                                            wide identifiers (wwids) Either wwids
-                                            or combination of targetWWNs and lun'
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    flexVolume:
-                                      description: FlexVolume represents a generic
-                                        volume resource that is provisioned/attached
-                                        using an exec based plu
-                                      properties:
-                                        driver:
-                                          description: Driver is the name of the driver
-                                            to use for this volume.
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        options:
-                                          additionalProperties:
-                                            type: string
-                                          description: 'Optional: Extra command options
-                                            if any.'
-                                          type: object
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretRef:
-                                          description: 'Optional: SecretRef is reference
-                                            to the secret object containing sensitive
-                                            information to pass to th'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                      required:
-                                      - driver
-                                      type: object
-                                    flocker:
-                                      description: Flocker represents a Flocker volume
-                                        attached to a kubelet's host machine.
-                                      properties:
-                                        datasetName:
-                                          description: Name of the dataset stored
-                                            as metadata -> name on the dataset for
-                                            Flocker should be considered as de
-                                          type: string
-                                        datasetUUID:
-                                          description: UUID of the dataset. This is
-                                            unique identifier of a Flocker dataset
-                                          type: string
-                                      type: object
-                                    gcePersistentDisk:
-                                      description: GCEPersistentDisk represents a
-                                        GCE Disk resource that is attached to a kubelet's
-                                        host machine and th
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        partition:
-                                          description: The partition in the volume
-                                            that you want to mount.
-                                          format: int32
-                                          type: integer
-                                        pdName:
-                                          description: Unique name of the PD resource
-                                            in GCE. Used to identify the disk in GCE.
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                      required:
-                                      - pdName
-                                      type: object
-                                    gitRepo:
-                                      description: 'GitRepo represents a git repository
-                                        at a particular revision. DEPRECATED: GitRepo
-                                        is deprecated.'
-                                      properties:
-                                        directory:
-                                          description: Target directory name. Must
-                                            not contain or start with '..'.  If '.
-                                          type: string
-                                        repository:
-                                          description: Repository URL
-                                          type: string
-                                        revision:
-                                          description: Commit hash for the specified
-                                            revision.
-                                          type: string
-                                      required:
-                                      - repository
-                                      type: object
-                                    glusterfs:
-                                      description: Glusterfs represents a Glusterfs
-                                        mount on the host that shares a pod's lifetime.
-                                      properties:
-                                        endpoints:
-                                          description: 'EndpointsName is the endpoint
-                                            name that details Glusterfs topology.
-                                            More info: https://examples.k8s.'
-                                          type: string
-                                        path:
-                                          description: 'Path is the Glusterfs volume
-                                            path. More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            Glusterfs volume to be mounted with read-only
-                                            permissions.
-                                          type: boolean
-                                      required:
-                                      - endpoints
-                                      - path
-                                      type: object
-                                    hostPath:
-                                      description: HostPath represents a pre-existing
-                                        file or directory on the host machine that
-                                        is directly exposed to
-                                      properties:
-                                        path:
-                                          description: Path of the directory on the
-                                            host.
-                                          type: string
-                                        type:
-                                          description: 'Type for HostPath Volume Defaults
-                                            to "" More info: https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - path
-                                      type: object
-                                    iscsi:
-                                      description: ISCSI represents an ISCSI Disk
-                                        resource that is attached to a kubelet's host
-                                        machine and then expose
-                                      properties:
-                                        chapAuthDiscovery:
-                                          description: whether support iSCSI Discovery
-                                            CHAP authentication
-                                          type: boolean
-                                        chapAuthSession:
-                                          description: whether support iSCSI Session
-                                            CHAP authentication
-                                          type: boolean
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        initiatorName:
-                                          description: Custom iSCSI Initiator Name.
-                                          type: string
-                                        iqn:
-                                          description: Target iSCSI Qualified Name.
-                                          type: string
-                                        iscsiInterface:
-                                          description: iSCSI Interface Name that uses
-                                            an iSCSI transport. Defaults to 'default'
-                                            (tcp).
-                                          type: string
-                                        lun:
-                                          description: iSCSI Target Lun number.
-                                          format: int32
-                                          type: integer
-                                        portals:
-                                          description: iSCSI Target Portal List.
-                                          items:
-                                            type: string
-                                          type: array
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                        secretRef:
-                                          description: CHAP Secret for iSCSI target
-                                            and initiator authentication
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        targetPortal:
-                                          description: iSCSI Target Portal.
-                                          type: string
-                                      required:
-                                      - iqn
-                                      - lun
-                                      - targetPortal
-                                      type: object
-                                    name:
-                                      description: 'Volume''s name. Must be a DNS_LABEL
-                                        and unique within the pod. More info: https://kubernetes.'
-                                      type: string
-                                    nfs:
-                                      description: 'NFS represents an NFS mount on
-                                        the host that shares a pod''s lifetime More
-                                        info: https://kubernetes.'
-                                      properties:
-                                        path:
-                                          description: 'Path that is exported by the
-                                            NFS server. More info: https://kubernetes.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            NFS export to be mounted with read-only
-                                            permissions. Defaults to false.
-                                          type: boolean
-                                        server:
-                                          description: 'Server is the hostname or
-                                            IP address of the NFS server. More info:
-                                            https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - path
-                                      - server
-                                      type: object
-                                    persistentVolumeClaim:
-                                      description: PersistentVolumeClaimVolumeSource
-                                        represents a reference to a PersistentVolumeClaim
-                                        in the same name
-                                      properties:
-                                        claimName:
-                                          description: ClaimName is the name of a
-                                            PersistentVolumeClaim in the same namespace
-                                            as the pod using this volume.
-                                          type: string
-                                        readOnly:
-                                          description: Will force the ReadOnly setting
-                                            in VolumeMounts. Default false.
-                                          type: boolean
-                                      required:
-                                      - claimName
-                                      type: object
-                                    photonPersistentDisk:
-                                      description: 'PhotonPersistentDisk represents
-                                        a PhotonController persistent disk attached
-                                        and mounted on kubelets '
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        pdID:
-                                          description: ID that identifies Photon Controller
-                                            persistent disk
-                                          type: string
-                                      required:
-                                      - pdID
-                                      type: object
-                                    portworxVolume:
-                                      description: PortworxVolume represents a portworx
-                                        volume attached and mounted on kubelets host
-                                        machine
-                                      properties:
-                                        fsType:
-                                          description: FSType represents the filesystem
-                                            type to mount Must be a filesystem type
-                                            supported by the host opera
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        volumeID:
-                                          description: VolumeID uniquely identifies
-                                            a Portworx volume
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    projected:
-                                      description: Items for all in one resources
-                                        secrets, configmaps, and downward API
-                                      properties:
-                                        defaultMode:
-                                          description: Mode bits used to set permissions
-                                            on created files by default.
-                                          format: int32
-                                          type: integer
-                                        sources:
-                                          description: list of volume projections
-                                          items:
-                                            description: Projection that may be projected
-                                              along with other supported volume types
-                                            properties:
-                                              configMap:
-                                                description: information about the
-                                                  configMap data to project
-                                                properties:
-                                                  items:
-                                                    description: 'If unspecified,
-                                                      each key-value pair in the Data
-                                                      field of the referenced ConfigMap
-                                                      will be projected '
-                                                    items:
-                                                      description: Maps a string key
-                                                        to a path within a volume.
-                                                      properties:
-                                                        key:
-                                                          description: The key to
-                                                            project.
-                                                          type: string
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file.'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: The relative
-                                                            path of the file to map
-                                                            the key to. May not be
-                                                            an absolute path.
-                                                          type: string
-                                                      required:
-                                                      - key
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its keys must be
-                                                      defined
-                                                    type: boolean
-                                                type: object
-                                              downwardAPI:
-                                                description: information about the
-                                                  downwardAPI data to project
-                                                properties:
-                                                  items:
-                                                    description: Items is a list of
-                                                      DownwardAPIVolume file
-                                                    items:
-                                                      description: DownwardAPIVolumeFile
-                                                        represents information to
-                                                        create the file containing
-                                                        the pod field
-                                                      properties:
-                                                        fieldRef:
-                                                          description: 'Required:
-                                                            Selects a field of the
-                                                            pod: only annotations,
-                                                            labels, name and namespace
-                                                            are supported.'
-                                                          properties:
-                                                            apiVersion:
-                                                              description: Version
-                                                                of the schema the
-                                                                FieldPath is written
-                                                                in terms of, defaults
-                                                                to "v1".
-                                                              type: string
-                                                            fieldPath:
-                                                              description: Path of
-                                                                the field to select
-                                                                in the specified API
-                                                                version.
-                                                              type: string
-                                                          required:
-                                                          - fieldPath
-                                                          type: object
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file,
-                                                            must be an octal value
-                                                            between 0000 and 07'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: 'Required:
-                                                            Path is  the relative
-                                                            path name of the file
-                                                            to be created.'
-                                                          type: string
-                                                        resourceFieldRef:
-                                                          description: 'Selects a
-                                                            resource of the container:
-                                                            only resources limits
-                                                            and requests (limits.cpu,
-                                                            limits.'
-                                                          properties:
-                                                            containerName:
-                                                              description: 'Container
-                                                                name: required for
-                                                                volumes, optional
-                                                                for env vars'
-                                                              type: string
-                                                            divisor:
-                                                              anyOf:
-                                                              - type: integer
-                                                              - type: string
-                                                              description: Specifies
-                                                                the output format
-                                                                of the exposed resources,
-                                                                defaults to "1"
-                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                              x-kubernetes-int-or-string: true
-                                                            resource:
-                                                              description: 'Required:
-                                                                resource to select'
-                                                              type: string
-                                                          required:
-                                                          - resource
-                                                          type: object
-                                                      required:
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              secret:
-                                                description: information about the
-                                                  secret data to project
-                                                properties:
-                                                  items:
-                                                    description: If unspecified, each
-                                                      key-value pair in the Data field
-                                                      of the referenced Secret will
-                                                      be projected int
-                                                    items:
-                                                      description: Maps a string key
-                                                        to a path within a volume.
-                                                      properties:
-                                                        key:
-                                                          description: The key to
-                                                            project.
-                                                          type: string
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file.'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: The relative
-                                                            path of the file to map
-                                                            the key to. May not be
-                                                            an absolute path.
-                                                          type: string
-                                                      required:
-                                                      - key
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                type: object
-                                              serviceAccountToken:
-                                                description: information about the
-                                                  serviceAccountToken data to project
-                                                properties:
-                                                  audience:
-                                                    description: Audience is the intended
-                                                      audience of the token.
-                                                    type: string
-                                                  expirationSeconds:
-                                                    description: ExpirationSeconds
-                                                      is the requested duration of
-                                                      validity of the service account
-                                                      token.
-                                                    format: int64
-                                                    type: integer
-                                                  path:
-                                                    description: Path is the path
-                                                      relative to the mount point
-                                                      of the file to project the token
-                                                      into.
-                                                    type: string
-                                                required:
-                                                - path
-                                                type: object
-                                            type: object
-                                          type: array
-                                      type: object
-                                    quobyte:
-                                      description: Quobyte represents a Quobyte mount
-                                        on the host that shares a pod's lifetime
-                                      properties:
-                                        group:
-                                          description: Group to map volume access
-                                            to Default is no group
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            Quobyte volume to be mounted with read-only
-                                            permissions.
-                                          type: boolean
-                                        registry:
-                                          description: Registry represents a single
-                                            or multiple Quobyte Registry services
-                                            specified as a string as host:por
-                                          type: string
-                                        tenant:
-                                          description: Tenant owning the given Quobyte
-                                            volume in the Backend Used with dynamically
-                                            provisioned Quobyte volu
-                                          type: string
-                                        user:
-                                          description: User to map volume access to
-                                            Defaults to serivceaccount user
-                                          type: string
-                                        volume:
-                                          description: Volume is a string that references
-                                            an already created Quobyte volume by name.
-                                          type: string
-                                      required:
-                                      - registry
-                                      - volume
-                                      type: object
-                                    rbd:
-                                      description: RBD represents a Rados Block Device
-                                        mount on the host that shares a pod's lifetime.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        image:
-                                          description: 'The rados image name. More
-                                            info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                          type: string
-                                        keyring:
-                                          description: Keyring is the path to key
-                                            ring for RBDUser. Default is /etc/ceph/keyring.
-                                          type: string
-                                        monitors:
-                                          description: 'A collection of Ceph monitors.
-                                            More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          items:
-                                            type: string
-                                          type: array
-                                        pool:
-                                          description: 'The rados pool name. Default
-                                            is rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef is name of the authentication
-                                            secret for RBDUser. If provided overrides
-                                            keyring.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        user:
-                                          description: 'The rados user name. Default
-                                            is admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          type: string
-                                      required:
-                                      - image
-                                      - monitors
-                                      type: object
-                                    scaleIO:
-                                      description: ScaleIO represents a ScaleIO persistent
-                                        volume attached and mounted on Kubernetes
-                                        nodes.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        gateway:
-                                          description: The host address of the ScaleIO
-                                            API Gateway.
-                                          type: string
-                                        protectionDomain:
-                                          description: The name of the ScaleIO Protection
-                                            Domain for the configured storage.
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef references to the
-                                            secret for ScaleIO user and other sensitive
-                                            information.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        sslEnabled:
-                                          description: Flag to enable/disable SSL
-                                            communication with Gateway, default false
-                                          type: boolean
-                                        storageMode:
-                                          description: Indicates whether the storage
-                                            for a volume should be ThickProvisioned
-                                            or ThinProvisioned.
-                                          type: string
-                                        storagePool:
-                                          description: The ScaleIO Storage Pool associated
-                                            with the protection domain.
-                                          type: string
-                                        system:
-                                          description: The name of the storage system
-                                            as configured in ScaleIO.
-                                          type: string
-                                        volumeName:
-                                          description: The name of a volume already
-                                            created in the ScaleIO system that is
-                                            associated with this volume sourc
-                                          type: string
-                                      required:
-                                      - gateway
-                                      - secretRef
-                                      - system
-                                      type: object
-                                    secret:
-                                      description: 'Secret represents a secret that
-                                        should populate this volume. More info: https://kubernetes.'
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits used to
-                                            set permissions on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: If unspecified, each key-value
-                                            pair in the Data field of the referenced
-                                            Secret will be projected int
-                                          items:
-                                            description: Maps a string key to a path
-                                              within a volume.
-                                            properties:
-                                              key:
-                                                description: The key to project.
-                                                type: string
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file.'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: The relative path of
-                                                  the file to map the key to. May
-                                                  not be an absolute path.
-                                                type: string
-                                            required:
-                                            - key
-                                            - path
-                                            type: object
-                                          type: array
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its keys must be defined
-                                          type: boolean
-                                        secretName:
-                                          description: 'Name of the secret in the
-                                            pod''s namespace to use. More info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    storageos:
-                                      description: StorageOS represents a StorageOS
-                                        volume attached and mounted on Kubernetes
-                                        nodes.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef specifies the secret
-                                            to use for obtaining the StorageOS API
-                                            credentials.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        volumeName:
-                                          description: VolumeName is the human-readable
-                                            name of the StorageOS volume.
-                                          type: string
-                                        volumeNamespace:
-                                          description: VolumeNamespace specifies the
-                                            scope of the volume within StorageOS.
-                                          type: string
-                                      type: object
-                                    vsphereVolume:
-                                      description: VsphereVolume represents a vSphere
-                                        volume attached and mounted on kubelets host
-                                        machine
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        storagePolicyID:
-                                          description: Storage Policy Based Management
-                                            (SPBM) profile ID associated with the
-                                            StoragePolicyName.
-                                          type: string
-                                        storagePolicyName:
-                                          description: Storage Policy Based Management
-                                            (SPBM) profile name.
-                                          type: string
-                                        volumePath:
-                                          description: Path that identifies vSphere
-                                            volume vmdk
-                                          type: string
-                                      required:
-                                      - volumePath
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                            required:
-                            - containers
-                            type: object
-                        type: object
-                    required:
-                    - rayStartParams
-                    - serviceType
-                    - template
-                    type: object
-                  rayVersion:
-                    description: RayVersion is the version of ray being used. this
-                      affects the command used to start ray
-                    type: string
-                  workerGroupSpecs:
-                    description: WorkerGroupSpecs are the specs for the worker pods
-                    items:
-                      description: WorkerGroupSpec are the specs for the worker pods
-                      properties:
-                        groupName:
-                          description: we can have multiple worker groups, we distinguish
-                            them by name
-                          type: string
-                        maxReplicas:
-                          description: MaxReplicas defaults to maxInt32
-                          format: int32
-                          type: integer
-                        minReplicas:
-                          description: MinReplicas defaults to 1
-                          format: int32
-                          type: integer
-                        rayStartParams:
-                          additionalProperties:
-                            type: string
-                          description: 'RayStartParams are the params of the start
-                            command: address, object-store-memory, ...'
-                          type: object
-                        replicas:
-                          description: Replicas Number of desired pods in this pod
-                            group.
-                          format: int32
-                          type: integer
-                        scaleStrategy:
-                          description: ScaleStrategy defines which pods to remove
-                          properties:
-                            workersToDelete:
-                              description: WorkersToDelete workers to be deleted
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                        template:
-                          description: Template a pod template for the worker
-                          properties:
-                            metadata:
-                              description: 'Standard object''s metadata. More info:
-                                https://git.k8s.'
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                                finalizers:
-                                  items:
-                                    type: string
-                                  type: array
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                              type: object
-                            spec:
-                              description: 'Specification of the desired behavior
-                                of the pod. More info: https://git.k8s.'
-                              properties:
-                                activeDeadlineSeconds:
-                                  description: Optional duration in seconds the pod
-                                    may be active on the node relative to StartTime
-                                    before the syst
-                                  format: int64
-                                  type: integer
-                                affinity:
-                                  description: If specified, the pod's scheduling
-                                    constraints
-                                  properties:
-                                    nodeAffinity:
-                                      description: Describes node affinity scheduling
-                                        rules for the pod.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: 'The scheduler will prefer
-                                            to schedule pods to nodes that satisfy
-                                            the affinity expressions specified '
-                                          items:
-                                            description: An empty preferred scheduling
-                                              term matches all objects with implicit
-                                              weight 0 (i.e. it's a no-op).
-                                            properties:
-                                              preference:
-                                                description: A node selector term,
-                                                  associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: A list of node selector
-                                                      requirements by node's labels.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchFields:
-                                                    description: A list of node selector
-                                                      requirements by node's fields.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              weight:
-                                                description: Weight associated with
-                                                  matching the corresponding nodeSelectorTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - preference
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod will no
-                                          properties:
-                                            nodeSelectorTerms:
-                                              description: Required. A list of node
-                                                selector terms. The terms are ORed.
-                                              items:
-                                                description: A null or empty node
-                                                  selector term matches no objects.
-                                                  The requirements of them are ANDed.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: A list of node selector
-                                                      requirements by node's labels.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchFields:
-                                                    description: A list of node selector
-                                                      requirements by node's fields.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              type: array
-                                          required:
-                                          - nodeSelectorTerms
-                                          type: object
-                                      type: object
-                                    podAffinity:
-                                      description: Describes pod affinity scheduling
-                                        rules (e.g. co-locate this pod in the same
-                                        node, zone, etc.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: 'The scheduler will prefer
-                                            to schedule pods to nodes that satisfy
-                                            the affinity expressions specified '
-                                          items:
-                                            description: The weights of all of the
-                                              matched WeightedPodAffinityTerm fields
-                                              are added per-node to find the most
-                                            properties:
-                                              podAffinityTerm:
-                                                description: Required. A pod affinity
-                                                  term, associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  labelSelector:
-                                                    description: A label query over
-                                                      a set of resources, in this
-                                                      case pods.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaceSelector:
-                                                    description: A label query over
-                                                      the set of namespaces that the
-                                                      term applies to.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaces:
-                                                    description: namespaces specifies
-                                                      a static list of namespace names
-                                                      that the term applies to.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  topologyKey:
-                                                    description: This pod should be
-                                                      co-located (affinity) or not
-                                                      co-located (anti-affinity) with
-                                                      the pods matching th
-                                                    type: string
-                                                required:
-                                                - topologyKey
-                                                type: object
-                                              weight:
-                                                description: weight associated with
-                                                  matching the corresponding podAffinityTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - podAffinityTerm
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod will no
-                                          items:
-                                            description: Defines a set of pods (namely
-                                              those matching the labelSelector relative
-                                              to the given namespace(s)) t
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          type: array
-                                      type: object
-                                    podAntiAffinity:
-                                      description: Describes pod anti-affinity scheduling
-                                        rules (e.g.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: The scheduler will prefer to
-                                            schedule pods to nodes that satisfy the
-                                            anti-affinity expressions speci
-                                          items:
-                                            description: The weights of all of the
-                                              matched WeightedPodAffinityTerm fields
-                                              are added per-node to find the most
-                                            properties:
-                                              podAffinityTerm:
-                                                description: Required. A pod affinity
-                                                  term, associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  labelSelector:
-                                                    description: A label query over
-                                                      a set of resources, in this
-                                                      case pods.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaceSelector:
-                                                    description: A label query over
-                                                      the set of namespaces that the
-                                                      term applies to.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaces:
-                                                    description: namespaces specifies
-                                                      a static list of namespace names
-                                                      that the term applies to.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  topologyKey:
-                                                    description: This pod should be
-                                                      co-located (affinity) or not
-                                                      co-located (anti-affinity) with
-                                                      the pods matching th
-                                                    type: string
-                                                required:
-                                                - topologyKey
-                                                type: object
-                                              weight:
-                                                description: weight associated with
-                                                  matching the corresponding podAffinityTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - podAffinityTerm
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the anti-affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod wi
-                                          items:
-                                            description: Defines a set of pods (namely
-                                              those matching the labelSelector relative
-                                              to the given namespace(s)) t
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          type: array
-                                      type: object
-                                  type: object
-                                automountServiceAccountToken:
-                                  description: AutomountServiceAccountToken indicates
-                                    whether a service account token should be automatically
-                                    mount
-                                  type: boolean
-                                containers:
-                                  description: List of containers belonging to the
-                                    pod. Containers cannot currently be added or removed.
-                                  items:
-                                    description: A single application container that
-                                      you want to run within a pod.
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Actions that the management system
-                                          should take in response to container lifecycle
-                                          events.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Periodic probe of container liveness.
-                                          Container will be restarted if the probe
-                                          fails.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the container specified
-                                          as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: List of ports to expose from
-                                          the container.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Periodic probe of container service
-                                          readiness.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: 'Compute Resources required by
-                                          this container. Cannot be updated. More
-                                          info: https://kubernetes.'
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: SecurityContext defines the security
-                                          options the container should be run with.
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: StartupProbe indicates that the
-                                          Pod has successfully initialized.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem. Cannot be updated.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                dnsConfig:
-                                  description: Specifies the DNS parameters of a pod.
-                                  properties:
-                                    nameservers:
-                                      description: A list of DNS name server IP addresses.
-                                      items:
-                                        type: string
-                                      type: array
-                                    options:
-                                      description: A list of DNS resolver options.
-                                        This will be merged with the base options
-                                        generated from DNSPolicy.
-                                      items:
-                                        description: PodDNSConfigOption defines DNS
-                                          resolver options of a pod.
-                                        properties:
-                                          name:
-                                            description: Required.
-                                            type: string
-                                          value:
-                                            type: string
-                                        type: object
-                                      type: array
-                                    searches:
-                                      description: A list of DNS search domains for
-                                        host-name lookup.
-                                      items:
-                                        type: string
-                                      type: array
-                                  type: object
-                                dnsPolicy:
-                                  description: Set DNS policy for the pod. Defaults
-                                    to "ClusterFirst".
-                                  type: string
-                                enableServiceLinks:
-                                  description: EnableServiceLinks indicates whether
-                                    information about services should be injected
-                                    into pod's enviro
-                                  type: boolean
-                                ephemeralContainers:
-                                  description: List of ephemeral containers run in
-                                    this pod.
-                                  items:
-                                    description: An EphemeralContainer is a temporary
-                                      container that you may add to an existing Pod
-                                      for user-initiate
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.io/docs/concepts/containers/images'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Lifecycle is not allowed for
-                                          ephemeral containers.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the ephemeral container
-                                          specified as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: Ports are not allowed for ephemeral
-                                          containers.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: Resources are not allowed for
-                                          ephemeral containers.
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: 'Optional: SecurityContext defines
-                                          the security options the ephemeral container
-                                          should be run with.'
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      targetContainerName:
-                                        description: If set, the name of the container
-                                          from PodSpec that this ephemeral container
-                                          targets.
-                                        type: string
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                hostAliases:
-                                  description: 'HostAliases is an optional list of
-                                    hosts and IPs that will be injected into the pod''s
-                                    hosts file if '
-                                  items:
-                                    description: 'HostAlias holds the mapping between
-                                      IP and hostnames that will be injected as an
-                                      entry in the pod''s '
-                                    properties:
-                                      hostnames:
-                                        description: Hostnames for the above IP address.
-                                        items:
-                                          type: string
-                                        type: array
-                                      ip:
-                                        description: IP address of the host file entry.
-                                        type: string
-                                    type: object
-                                  type: array
-                                hostIPC:
-                                  description: 'Use the host''s ipc namespace. Optional:
-                                    Default to false.'
-                                  type: boolean
-                                hostNetwork:
-                                  description: Host networking requested for this
-                                    pod. Use the host's network namespace.
-                                  type: boolean
-                                hostPID:
-                                  description: 'Use the host''s pid namespace. Optional:
-                                    Default to false.'
-                                  type: boolean
-                                hostname:
-                                  description: Specifies the hostname of the Pod If
-                                    not specified, the pod's hostname will be set
-                                    to a system-defin
-                                  type: string
-                                imagePullSecrets:
-                                  description: ImagePullSecrets is an optional list
-                                    of references to secrets in the same namespace
-                                    to use for pulli
-                                  items:
-                                    description: 'LocalObjectReference contains enough
-                                      information to let you locate the referenced
-                                      object inside the '
-                                    properties:
-                                      name:
-                                        description: 'Name of the referent. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                    type: object
-                                  type: array
-                                initContainers:
-                                  description: List of initialization containers belonging
-                                    to the pod.
-                                  items:
-                                    description: A single application container that
-                                      you want to run within a pod.
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Actions that the management system
-                                          should take in response to container lifecycle
-                                          events.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Periodic probe of container liveness.
-                                          Container will be restarted if the probe
-                                          fails.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the container specified
-                                          as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: List of ports to expose from
-                                          the container.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Periodic probe of container service
-                                          readiness.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: 'Compute Resources required by
-                                          this container. Cannot be updated. More
-                                          info: https://kubernetes.'
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: SecurityContext defines the security
-                                          options the container should be run with.
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: StartupProbe indicates that the
-                                          Pod has successfully initialized.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem. Cannot be updated.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                nodeName:
-                                  description: NodeName is a request to schedule this
-                                    pod onto a specific node.
-                                  type: string
-                                nodeSelector:
-                                  additionalProperties:
-                                    type: string
-                                  description: NodeSelector is a selector which must
-                                    be true for the pod to fit on a node.
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                os:
-                                  description: Specifies the OS of the containers
-                                    in the pod.
-                                  properties:
-                                    name:
-                                      description: Name is the name of the operating
-                                        system. The currently supported values are
-                                        linux and windows.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                overhead:
-                                  additionalProperties:
-                                    anyOf:
-                                    - type: integer
-                                    - type: string
-                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                    x-kubernetes-int-or-string: true
-                                  description: Overhead represents the resource overhead
-                                    associated with running a pod for a given RuntimeClass.
-                                  type: object
-                                preemptionPolicy:
-                                  description: PreemptionPolicy is the Policy for
-                                    preempting pods with lower priority.
-                                  type: string
-                                priority:
-                                  description: The priority value. Various system
-                                    components use this field to find the priority
-                                    of the pod.
-                                  format: int32
-                                  type: integer
-                                priorityClassName:
-                                  description: If specified, indicates the pod's priority.
-                                  type: string
-                                readinessGates:
-                                  description: If specified, all readiness gates will
-                                    be evaluated for pod readiness.
-                                  items:
-                                    description: PodReadinessGate contains the reference
-                                      to a pod condition
-                                    properties:
-                                      conditionType:
-                                        description: ConditionType refers to a condition
-                                          in the pod's condition list with matching
-                                          type.
-                                        type: string
-                                    required:
-                                    - conditionType
-                                    type: object
-                                  type: array
-                                restartPolicy:
-                                  description: Restart policy for all containers within
-                                    the pod. One of Always, OnFailure, Never.
-                                  type: string
-                                runtimeClassName:
-                                  description: RuntimeClassName refers to a RuntimeClass
-                                    object in the node.k8s.
-                                  type: string
-                                schedulerName:
-                                  description: If specified, the pod will be dispatched
-                                    by specified scheduler.
-                                  type: string
-                                securityContext:
-                                  description: SecurityContext holds pod-level security
-                                    attributes and common container settings.
-                                  properties:
-                                    fsGroup:
-                                      description: A special supplemental group that
-                                        applies to all containers in a pod.
-                                      format: int64
-                                      type: integer
-                                    fsGroupChangePolicy:
-                                      description: fsGroupChangePolicy defines behavior
-                                        of changing ownership and permission of the
-                                        volume before being
-                                      type: string
-                                    runAsGroup:
-                                      description: The GID to run the entrypoint of
-                                        the container process. Uses runtime default
-                                        if unset.
-                                      format: int64
-                                      type: integer
-                                    runAsNonRoot:
-                                      description: Indicates that the container must
-                                        run as a non-root user.
-                                      type: boolean
-                                    runAsUser:
-                                      description: The UID to run the entrypoint of
-                                        the container process.
-                                      format: int64
-                                      type: integer
-                                    seLinuxOptions:
-                                      description: The SELinux context to be applied
-                                        to all containers.
-                                      properties:
-                                        level:
-                                          description: Level is SELinux level label
-                                            that applies to the container.
-                                          type: string
-                                        role:
-                                          description: Role is a SELinux role label
-                                            that applies to the container.
-                                          type: string
-                                        type:
-                                          description: Type is a SELinux type label
-                                            that applies to the container.
-                                          type: string
-                                        user:
-                                          description: User is a SELinux user label
-                                            that applies to the container.
-                                          type: string
-                                      type: object
-                                    seccompProfile:
-                                      description: The seccomp options to use by the
-                                        containers in this pod.
-                                      properties:
-                                        localhostProfile:
-                                          description: localhostProfile indicates
-                                            a profile defined in a file on the node
-                                            should be used.
-                                          type: string
-                                        type:
-                                          description: type indicates which kind of
-                                            seccomp profile will be applied.
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                    supplementalGroups:
-                                      description: 'A list of groups applied to the
-                                        first process run in each container, in addition
-                                        to the container''s '
-                                      items:
-                                        format: int64
-                                        type: integer
-                                      type: array
-                                    sysctls:
-                                      description: Sysctls hold a list of namespaced
-                                        sysctls used for the pod.
-                                      items:
-                                        description: Sysctl defines a kernel parameter
-                                          to be set
-                                        properties:
-                                          name:
-                                            description: Name of a property to set
-                                            type: string
-                                          value:
-                                            description: Value of a property to set
-                                            type: string
-                                        required:
-                                        - name
-                                        - value
-                                        type: object
-                                      type: array
-                                    windowsOptions:
-                                      description: The Windows specific settings applied
-                                        to all containers.
-                                      properties:
-                                        gmsaCredentialSpec:
-                                          description: GMSACredentialSpec is where
-                                            the GMSA admission webhook (https://github.
-                                          type: string
-                                        gmsaCredentialSpecName:
-                                          description: GMSACredentialSpecName is the
-                                            name of the GMSA credential spec to use.
-                                          type: string
-                                        hostProcess:
-                                          description: HostProcess determines if a
-                                            container should be run as a 'Host Process'
-                                            container.
-                                          type: boolean
-                                        runAsUserName:
-                                          description: The UserName in Windows to
-                                            run the entrypoint of the container process.
-                                          type: string
-                                      type: object
-                                  type: object
-                                serviceAccount:
-                                  description: DeprecatedServiceAccount is a depreciated
-                                    alias for ServiceAccountName.
-                                  type: string
-                                serviceAccountName:
-                                  description: ServiceAccountName is the name of the
-                                    ServiceAccount to use to run this pod.
-                                  type: string
-                                setHostnameAsFQDN:
-                                  description: If true the pod's hostname will be
-                                    configured as the pod's FQDN, rather than the
-                                    leaf name (the defa
-                                  type: boolean
-                                shareProcessNamespace:
-                                  description: Share a single process namespace between
-                                    all of the containers in a pod.
-                                  type: boolean
-                                subdomain:
-                                  description: If specified, the fully qualified Pod
-                                    hostname will be "<hostname>.<subdomain>.<pod
-                                    namespace>.svc.
-                                  type: string
-                                terminationGracePeriodSeconds:
-                                  description: Optional duration in seconds the pod
-                                    needs to terminate gracefully.
-                                  format: int64
-                                  type: integer
-                                tolerations:
-                                  description: If specified, the pod's tolerations.
-                                  items:
-                                    description: The pod this Toleration is attached
-                                      to tolerates any taint that matches the triple
-                                      <key,value,effect
-                                    properties:
-                                      effect:
-                                        description: Effect indicates the taint effect
-                                          to match. Empty means match all taint effects.
-                                        type: string
-                                      key:
-                                        description: Key is the taint key that the
-                                          toleration applies to. Empty means match
-                                          all taint keys.
-                                        type: string
-                                      operator:
-                                        description: Operator represents a key's relationship
-                                          to the value. Valid operators are Exists
-                                          and Equal.
-                                        type: string
-                                      tolerationSeconds:
-                                        description: TolerationSeconds represents
-                                          the period of time the toleration (which
-                                          must be of effect NoExecute, o
-                                        format: int64
-                                        type: integer
-                                      value:
-                                        description: Value is the taint value the
-                                          toleration matches to.
-                                        type: string
-                                    type: object
-                                  type: array
-                                topologySpreadConstraints:
-                                  description: TopologySpreadConstraints describes
-                                    how a group of pods ought to spread across topology
-                                    domains.
-                                  items:
-                                    description: TopologySpreadConstraint specifies
-                                      how to spread matching pods among the given
-                                      topology.
-                                    properties:
-                                      labelSelector:
-                                        description: LabelSelector is used to find
-                                          matching pods.
-                                        properties:
-                                          matchExpressions:
-                                            description: matchExpressions is a list
-                                              of label selector requirements. The
-                                              requirements are ANDed.
-                                            items:
-                                              description: A label selector requirement
-                                                is a selector that contains values,
-                                                a key, and an operator that relates
-                                              properties:
-                                                key:
-                                                  description: key is the label key
-                                                    that the selector applies to.
-                                                  type: string
-                                                operator:
-                                                  description: operator represents
-                                                    a key's relationship to a set
-                                                    of values.
-                                                  type: string
-                                                values:
-                                                  description: values is an array
-                                                    of string values.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              required:
-                                              - key
-                                              - operator
-                                              type: object
-                                            type: array
-                                          matchLabels:
-                                            additionalProperties:
-                                              type: string
-                                            description: matchLabels is a map of {key,value}
-                                              pairs.
-                                            type: object
-                                        type: object
-                                      maxSkew:
-                                        description: MaxSkew describes the degree
-                                          to which pods may be unevenly distributed.
-                                        format: int32
-                                        type: integer
-                                      topologyKey:
-                                        description: TopologyKey is the key of node
-                                          labels.
-                                        type: string
-                                      whenUnsatisfiable:
-                                        description: WhenUnsatisfiable indicates how
-                                          to deal with a pod if it doesn't satisfy
-                                          the spread constraint.
-                                        type: string
-                                    required:
-                                    - maxSkew
-                                    - topologyKey
-                                    - whenUnsatisfiable
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - topologyKey
-                                  - whenUnsatisfiable
-                                  x-kubernetes-list-type: map
-                                volumes:
-                                  description: List of volumes that can be mounted
-                                    by containers belonging to the pod.
-                                  items:
-                                    description: Volume represents a named volume
-                                      in a pod that may be accessed by any container
-                                      in the pod.
-                                    properties:
-                                      awsElasticBlockStore:
-                                        description: AWSElasticBlockStore represents
-                                          an AWS Disk resource that is attached to
-                                          a kubelet's host machine an
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          partition:
-                                            description: The partition in the volume
-                                              that you want to mount.
-                                            format: int32
-                                            type: integer
-                                          readOnly:
-                                            description: Specify "true" to force and
-                                              set the ReadOnly property in VolumeMounts
-                                              to "true".
-                                            type: boolean
-                                          volumeID:
-                                            description: 'Unique ID of the persistent
-                                              disk resource in AWS (Amazon EBS volume).
-                                              More info: https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      azureDisk:
-                                        description: AzureDisk represents an Azure
-                                          Data Disk mount on the host and bind mount
-                                          to the pod.
-                                        properties:
-                                          cachingMode:
-                                            description: 'Host Caching mode: None,
-                                              Read Only, Read Write.'
-                                            type: string
-                                          diskName:
-                                            description: The Name of the data disk
-                                              in the blob storage
-                                            type: string
-                                          diskURI:
-                                            description: The URI the data disk in
-                                              the blob storage
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          kind:
-                                            description: 'Expected values Shared:
-                                              multiple blob disks per storage account  Dedicated:
-                                              single blob disk per sto'
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                        required:
-                                        - diskName
-                                        - diskURI
-                                        type: object
-                                      azureFile:
-                                        description: AzureFile represents an Azure
-                                          File Service mount on the host and bind
-                                          mount to the pod.
-                                        properties:
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretName:
-                                            description: the name of secret that contains
-                                              Azure Storage Account Name and Key
-                                            type: string
-                                          shareName:
-                                            description: Share Name
-                                            type: string
-                                        required:
-                                        - secretName
-                                        - shareName
-                                        type: object
-                                      cephfs:
-                                        description: CephFS represents a Ceph FS mount
-                                          on the host that shares a pod's lifetime
-                                        properties:
-                                          monitors:
-                                            description: 'Required: Monitors is a
-                                              collection of Ceph monitors More info:
-                                              https://examples.k8s.'
-                                            items:
-                                              type: string
-                                            type: array
-                                          path:
-                                            description: 'Optional: Used as the mounted
-                                              root, rather than the full Ceph tree,
-                                              default is /'
-                                            type: string
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretFile:
-                                            description: 'Optional: SecretFile is
-                                              the path to key ring for User, default
-                                              is /etc/ceph/user.'
-                                            type: string
-                                          secretRef:
-                                            description: 'Optional: SecretRef is reference
-                                              to the authentication secret for User,
-                                              default is empty.'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          user:
-                                            description: 'Optional: User is the rados
-                                              user name, default is admin More info:
-                                              https://examples.k8s.'
-                                            type: string
-                                        required:
-                                        - monitors
-                                        type: object
-                                      cinder:
-                                        description: Cinder represents a cinder volume
-                                          attached and mounted on kubelets host machine.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system.
-                                            type: string
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretRef:
-                                            description: 'Optional: points to a secret
-                                              object containing parameters used to
-                                              connect to OpenStack.'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          volumeID:
-                                            description: 'volume id used to identify
-                                              the volume in cinder. More info: https://examples.k8s.'
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      configMap:
-                                        description: ConfigMap represents a configMap
-                                          that should populate this volume
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on created files
-                                              by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: 'If unspecified, each key-value
-                                              pair in the Data field of the referenced
-                                              ConfigMap will be projected '
-                                            items:
-                                              description: Maps a string key to a
-                                                path within a volume.
-                                              properties:
-                                                key:
-                                                  description: The key to project.
-                                                  type: string
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file.'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: The relative path of
-                                                    the file to map the key to. May
-                                                    not be an absolute path.
-                                                  type: string
-                                              required:
-                                              - key
-                                              - path
-                                              type: object
-                                            type: array
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the ConfigMap
-                                              or its keys must be defined
-                                            type: boolean
-                                        type: object
-                                      csi:
-                                        description: CSI (Container Storage Interface)
-                                          represents ephemeral storage that is handled
-                                          by certain external C
-                                        properties:
-                                          driver:
-                                            description: Driver is the name of the
-                                              CSI driver that handles this volume.
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Ex. "ext4", "xfs", "ntfs".
-                                            type: string
-                                          nodePublishSecretRef:
-                                            description: NodePublishSecretRef is a
-                                              reference to the secret object containing
-                                              sensitive information to pass to
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          readOnly:
-                                            description: Specifies a read-only configuration
-                                              for the volume. Defaults to false (read/write).
-                                            type: boolean
-                                          volumeAttributes:
-                                            additionalProperties:
-                                              type: string
-                                            description: VolumeAttributes stores driver-specific
-                                              properties that are passed to the CSI
-                                              driver.
-                                            type: object
-                                        required:
-                                        - driver
-                                        type: object
-                                      downwardAPI:
-                                        description: DownwardAPI represents downward
-                                          API about the pod that should populate this
-                                          volume
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits to use
-                                              on created files by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: Items is a list of downward
-                                              API volume file
-                                            items:
-                                              description: DownwardAPIVolumeFile represents
-                                                information to create the file containing
-                                                the pod field
-                                              properties:
-                                                fieldRef:
-                                                  description: 'Required: Selects
-                                                    a field of the pod: only annotations,
-                                                    labels, name and namespace are
-                                                    supported.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file, must be an octal value between
-                                                    0000 and 07'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: 'Required: Path is  the
-                                                    relative path name of the file
-                                                    to be created.'
-                                                  type: string
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                              required:
-                                              - path
-                                              type: object
-                                            type: array
-                                        type: object
-                                      emptyDir:
-                                        description: EmptyDir represents a temporary
-                                          directory that shares a pod's lifetime.
-                                        properties:
-                                          medium:
-                                            description: What type of storage medium
-                                              should back this directory.
-                                            type: string
-                                          sizeLimit:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Total amount of local storage
-                                              required for this EmptyDir volume.
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                        type: object
-                                      ephemeral:
-                                        description: Ephemeral represents a volume
-                                          that is handled by a cluster storage driver.
-                                        properties:
-                                          volumeClaimTemplate:
-                                            description: Will be used to create a
-                                              stand-alone PVC to provision the volume.
-                                            properties:
-                                              metadata:
-                                                description: May contain labels and
-                                                  annotations that will be copied
-                                                  into the PVC when creating it.
-                                                properties:
-                                                  annotations:
-                                                    additionalProperties:
-                                                      type: string
-                                                    type: object
-                                                  finalizers:
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  labels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    type: object
-                                                  name:
-                                                    type: string
-                                                  namespace:
-                                                    type: string
-                                                type: object
-                                              spec:
-                                                description: The specification for
-                                                  the PersistentVolumeClaim.
-                                                properties:
-                                                  accessModes:
-                                                    description: 'AccessModes contains
-                                                      the desired access modes the
-                                                      volume should have. More info:
-                                                      https://kubernetes.'
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  dataSource:
-                                                    description: 'This field can be
-                                                      used to specify either: * An
-                                                      existing VolumeSnapshot object
-                                                      (snapshot.storage.k8s.'
-                                                    properties:
-                                                      apiGroup:
-                                                        description: APIGroup is the
-                                                          group for the resource being
-                                                          referenced.
-                                                        type: string
-                                                      kind:
-                                                        description: Kind is the type
-                                                          of resource being referenced
-                                                        type: string
-                                                      name:
-                                                        description: Name is the name
-                                                          of resource being referenced
-                                                        type: string
-                                                    required:
-                                                    - kind
-                                                    - name
-                                                    type: object
-                                                  dataSourceRef:
-                                                    description: Specifies the object
-                                                      from which to populate the volume
-                                                      with data, if a non-empty volume
-                                                      is desired.
-                                                    properties:
-                                                      apiGroup:
-                                                        description: APIGroup is the
-                                                          group for the resource being
-                                                          referenced.
-                                                        type: string
-                                                      kind:
-                                                        description: Kind is the type
-                                                          of resource being referenced
-                                                        type: string
-                                                      name:
-                                                        description: Name is the name
-                                                          of resource being referenced
-                                                        type: string
-                                                    required:
-                                                    - kind
-                                                    - name
-                                                    type: object
-                                                  resources:
-                                                    description: Resources represents
-                                                      the minimum resources the volume
-                                                      should have.
-                                                    properties:
-                                                      limits:
-                                                        additionalProperties:
-                                                          anyOf:
-                                                          - type: integer
-                                                          - type: string
-                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                          x-kubernetes-int-or-string: true
-                                                        description: 'Limits describes
-                                                          the maximum amount of compute
-                                                          resources allowed. More
-                                                          info: https://kubernetes.'
-                                                        type: object
-                                                      requests:
-                                                        additionalProperties:
-                                                          anyOf:
-                                                          - type: integer
-                                                          - type: string
-                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                          x-kubernetes-int-or-string: true
-                                                        description: Requests describes
-                                                          the minimum amount of compute
-                                                          resources required.
-                                                        type: object
-                                                    type: object
-                                                  selector:
-                                                    description: A label query over
-                                                      volumes to consider for binding.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  storageClassName:
-                                                    description: 'Name of the StorageClass
-                                                      required by the claim. More
-                                                      info: https://kubernetes.'
-                                                    type: string
-                                                  volumeMode:
-                                                    description: volumeMode defines
-                                                      what type of volume is required
-                                                      by the claim.
-                                                    type: string
-                                                  volumeName:
-                                                    description: VolumeName is the
-                                                      binding reference to the PersistentVolume
-                                                      backing this claim.
-                                                    type: string
-                                                type: object
-                                            required:
-                                            - spec
-                                            type: object
-                                        type: object
-                                      fc:
-                                        description: FC represents a Fibre Channel
-                                          resource that is attached to a kubelet's
-                                          host machine and then exposed
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          lun:
-                                            description: 'Optional: FC target lun
-                                              number'
-                                            format: int32
-                                            type: integer
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          targetWWNs:
-                                            description: 'Optional: FC target worldwide
-                                              names (WWNs)'
-                                            items:
-                                              type: string
-                                            type: array
-                                          wwids:
-                                            description: 'Optional: FC volume world
-                                              wide identifiers (wwids) Either wwids
-                                              or combination of targetWWNs and lun'
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      flexVolume:
-                                        description: FlexVolume represents a generic
-                                          volume resource that is provisioned/attached
-                                          using an exec based plu
-                                        properties:
-                                          driver:
-                                            description: Driver is the name of the
-                                              driver to use for this volume.
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          options:
-                                            additionalProperties:
-                                              type: string
-                                            description: 'Optional: Extra command
-                                              options if any.'
-                                            type: object
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretRef:
-                                            description: 'Optional: SecretRef is reference
-                                              to the secret object containing sensitive
-                                              information to pass to th'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                        required:
-                                        - driver
-                                        type: object
-                                      flocker:
-                                        description: Flocker represents a Flocker
-                                          volume attached to a kubelet's host machine.
-                                        properties:
-                                          datasetName:
-                                            description: Name of the dataset stored
-                                              as metadata -> name on the dataset for
-                                              Flocker should be considered as de
-                                            type: string
-                                          datasetUUID:
-                                            description: UUID of the dataset. This
-                                              is unique identifier of a Flocker dataset
-                                            type: string
-                                        type: object
-                                      gcePersistentDisk:
-                                        description: GCEPersistentDisk represents
-                                          a GCE Disk resource that is attached to
-                                          a kubelet's host machine and th
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          partition:
-                                            description: The partition in the volume
-                                              that you want to mount.
-                                            format: int32
-                                            type: integer
-                                          pdName:
-                                            description: Unique name of the PD resource
-                                              in GCE. Used to identify the disk in
-                                              GCE.
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                        required:
-                                        - pdName
-                                        type: object
-                                      gitRepo:
-                                        description: 'GitRepo represents a git repository
-                                          at a particular revision. DEPRECATED: GitRepo
-                                          is deprecated.'
-                                        properties:
-                                          directory:
-                                            description: Target directory name. Must
-                                              not contain or start with '..'.  If
-                                              '.
-                                            type: string
-                                          repository:
-                                            description: Repository URL
-                                            type: string
-                                          revision:
-                                            description: Commit hash for the specified
-                                              revision.
-                                            type: string
-                                        required:
-                                        - repository
-                                        type: object
-                                      glusterfs:
-                                        description: Glusterfs represents a Glusterfs
-                                          mount on the host that shares a pod's lifetime.
-                                        properties:
-                                          endpoints:
-                                            description: 'EndpointsName is the endpoint
-                                              name that details Glusterfs topology.
-                                              More info: https://examples.k8s.'
-                                            type: string
-                                          path:
-                                            description: 'Path is the Glusterfs volume
-                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the Glusterfs volume to be mounted with
-                                              read-only permissions.
-                                            type: boolean
-                                        required:
-                                        - endpoints
-                                        - path
-                                        type: object
-                                      hostPath:
-                                        description: HostPath represents a pre-existing
-                                          file or directory on the host machine that
-                                          is directly exposed to
-                                        properties:
-                                          path:
-                                            description: Path of the directory on
-                                              the host.
-                                            type: string
-                                          type:
-                                            description: 'Type for HostPath Volume
-                                              Defaults to "" More info: https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - path
-                                        type: object
-                                      iscsi:
-                                        description: ISCSI represents an ISCSI Disk
-                                          resource that is attached to a kubelet's
-                                          host machine and then expose
-                                        properties:
-                                          chapAuthDiscovery:
-                                            description: whether support iSCSI Discovery
-                                              CHAP authentication
-                                            type: boolean
-                                          chapAuthSession:
-                                            description: whether support iSCSI Session
-                                              CHAP authentication
-                                            type: boolean
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          initiatorName:
-                                            description: Custom iSCSI Initiator Name.
-                                            type: string
-                                          iqn:
-                                            description: Target iSCSI Qualified Name.
-                                            type: string
-                                          iscsiInterface:
-                                            description: iSCSI Interface Name that
-                                              uses an iSCSI transport. Defaults to
-                                              'default' (tcp).
-                                            type: string
-                                          lun:
-                                            description: iSCSI Target Lun number.
-                                            format: int32
-                                            type: integer
-                                          portals:
-                                            description: iSCSI Target Portal List.
-                                            items:
-                                              type: string
-                                            type: array
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                          secretRef:
-                                            description: CHAP Secret for iSCSI target
-                                              and initiator authentication
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          targetPortal:
-                                            description: iSCSI Target Portal.
-                                            type: string
-                                        required:
-                                        - iqn
-                                        - lun
-                                        - targetPortal
-                                        type: object
-                                      name:
-                                        description: 'Volume''s name. Must be a DNS_LABEL
-                                          and unique within the pod. More info: https://kubernetes.'
-                                        type: string
-                                      nfs:
-                                        description: 'NFS represents an NFS mount
-                                          on the host that shares a pod''s lifetime
-                                          More info: https://kubernetes.'
-                                        properties:
-                                          path:
-                                            description: 'Path that is exported by
-                                              the NFS server. More info: https://kubernetes.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the NFS export to be mounted with read-only
-                                              permissions. Defaults to false.
-                                            type: boolean
-                                          server:
-                                            description: 'Server is the hostname or
-                                              IP address of the NFS server. More info:
-                                              https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - path
-                                        - server
-                                        type: object
-                                      persistentVolumeClaim:
-                                        description: PersistentVolumeClaimVolumeSource
-                                          represents a reference to a PersistentVolumeClaim
-                                          in the same name
-                                        properties:
-                                          claimName:
-                                            description: ClaimName is the name of
-                                              a PersistentVolumeClaim in the same
-                                              namespace as the pod using this volume.
-                                            type: string
-                                          readOnly:
-                                            description: Will force the ReadOnly setting
-                                              in VolumeMounts. Default false.
-                                            type: boolean
-                                        required:
-                                        - claimName
-                                        type: object
-                                      photonPersistentDisk:
-                                        description: 'PhotonPersistentDisk represents
-                                          a PhotonController persistent disk attached
-                                          and mounted on kubelets '
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          pdID:
-                                            description: ID that identifies Photon
-                                              Controller persistent disk
-                                            type: string
-                                        required:
-                                        - pdID
-                                        type: object
-                                      portworxVolume:
-                                        description: PortworxVolume represents a portworx
-                                          volume attached and mounted on kubelets
-                                          host machine
-                                        properties:
-                                          fsType:
-                                            description: FSType represents the filesystem
-                                              type to mount Must be a filesystem type
-                                              supported by the host opera
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          volumeID:
-                                            description: VolumeID uniquely identifies
-                                              a Portworx volume
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      projected:
-                                        description: Items for all in one resources
-                                          secrets, configmaps, and downward API
-                                        properties:
-                                          defaultMode:
-                                            description: Mode bits used to set permissions
-                                              on created files by default.
-                                            format: int32
-                                            type: integer
-                                          sources:
-                                            description: list of volume projections
-                                            items:
-                                              description: Projection that may be
-                                                projected along with other supported
-                                                volume types
-                                              properties:
-                                                configMap:
-                                                  description: information about the
-                                                    configMap data to project
-                                                  properties:
-                                                    items:
-                                                      description: 'If unspecified,
-                                                        each key-value pair in the
-                                                        Data field of the referenced
-                                                        ConfigMap will be projected '
-                                                      items:
-                                                        description: Maps a string
-                                                          key to a path within a volume.
-                                                        properties:
-                                                          key:
-                                                            description: The key to
-                                                              project.
-                                                            type: string
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file.'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: The relative
-                                                              path of the file to
-                                                              map the key to. May
-                                                              not be an absolute path.
-                                                            type: string
-                                                        required:
-                                                        - key
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its keys
-                                                        must be defined
-                                                      type: boolean
-                                                  type: object
-                                                downwardAPI:
-                                                  description: information about the
-                                                    downwardAPI data to project
-                                                  properties:
-                                                    items:
-                                                      description: Items is a list
-                                                        of DownwardAPIVolume file
-                                                      items:
-                                                        description: DownwardAPIVolumeFile
-                                                          represents information to
-                                                          create the file containing
-                                                          the pod field
-                                                        properties:
-                                                          fieldRef:
-                                                            description: 'Required:
-                                                              Selects a field of the
-                                                              pod: only annotations,
-                                                              labels, name and namespace
-                                                              are supported.'
-                                                            properties:
-                                                              apiVersion:
-                                                                description: Version
-                                                                  of the schema the
-                                                                  FieldPath is written
-                                                                  in terms of, defaults
-                                                                  to "v1".
-                                                                type: string
-                                                              fieldPath:
-                                                                description: Path
-                                                                  of the field to
-                                                                  select in the specified
-                                                                  API version.
-                                                                type: string
-                                                            required:
-                                                            - fieldPath
-                                                            type: object
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file, must be an octal
-                                                              value between 0000 and
-                                                              07'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: 'Required:
-                                                              Path is  the relative
-                                                              path name of the file
-                                                              to be created.'
-                                                            type: string
-                                                          resourceFieldRef:
-                                                            description: 'Selects
-                                                              a resource of the container:
-                                                              only resources limits
-                                                              and requests (limits.cpu,
-                                                              limits.'
-                                                            properties:
-                                                              containerName:
-                                                                description: 'Container
-                                                                  name: required for
-                                                                  volumes, optional
-                                                                  for env vars'
-                                                                type: string
-                                                              divisor:
-                                                                anyOf:
-                                                                - type: integer
-                                                                - type: string
-                                                                description: Specifies
-                                                                  the output format
-                                                                  of the exposed resources,
-                                                                  defaults to "1"
-                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                                x-kubernetes-int-or-string: true
-                                                              resource:
-                                                                description: 'Required:
-                                                                  resource to select'
-                                                                type: string
-                                                            required:
-                                                            - resource
-                                                            type: object
-                                                        required:
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                  type: object
-                                                secret:
-                                                  description: information about the
-                                                    secret data to project
-                                                  properties:
-                                                    items:
-                                                      description: If unspecified,
-                                                        each key-value pair in the
-                                                        Data field of the referenced
-                                                        Secret will be projected int
-                                                      items:
-                                                        description: Maps a string
-                                                          key to a path within a volume.
-                                                        properties:
-                                                          key:
-                                                            description: The key to
-                                                              project.
-                                                            type: string
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file.'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: The relative
-                                                              path of the file to
-                                                              map the key to. May
-                                                              not be an absolute path.
-                                                            type: string
-                                                        required:
-                                                        - key
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  type: object
-                                                serviceAccountToken:
-                                                  description: information about the
-                                                    serviceAccountToken data to project
-                                                  properties:
-                                                    audience:
-                                                      description: Audience is the
-                                                        intended audience of the token.
-                                                      type: string
-                                                    expirationSeconds:
-                                                      description: ExpirationSeconds
-                                                        is the requested duration
-                                                        of validity of the service
-                                                        account token.
-                                                      format: int64
-                                                      type: integer
-                                                    path:
-                                                      description: Path is the path
-                                                        relative to the mount point
-                                                        of the file to project the
-                                                        token into.
-                                                      type: string
-                                                  required:
-                                                  - path
-                                                  type: object
-                                              type: object
-                                            type: array
-                                        type: object
-                                      quobyte:
-                                        description: Quobyte represents a Quobyte
-                                          mount on the host that shares a pod's lifetime
-                                        properties:
-                                          group:
-                                            description: Group to map volume access
-                                              to Default is no group
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the Quobyte volume to be mounted with
-                                              read-only permissions.
-                                            type: boolean
-                                          registry:
-                                            description: Registry represents a single
-                                              or multiple Quobyte Registry services
-                                              specified as a string as host:por
-                                            type: string
-                                          tenant:
-                                            description: Tenant owning the given Quobyte
-                                              volume in the Backend Used with dynamically
-                                              provisioned Quobyte volu
-                                            type: string
-                                          user:
-                                            description: User to map volume access
-                                              to Defaults to serivceaccount user
-                                            type: string
-                                          volume:
-                                            description: Volume is a string that references
-                                              an already created Quobyte volume by
-                                              name.
-                                            type: string
-                                        required:
-                                        - registry
-                                        - volume
-                                        type: object
-                                      rbd:
-                                        description: RBD represents a Rados Block
-                                          Device mount on the host that shares a pod's
-                                          lifetime.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          image:
-                                            description: 'The rados image name. More
-                                              info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                            type: string
-                                          keyring:
-                                            description: Keyring is the path to key
-                                              ring for RBDUser. Default is /etc/ceph/keyring.
-                                            type: string
-                                          monitors:
-                                            description: 'A collection of Ceph monitors.
-                                              More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            items:
-                                              type: string
-                                            type: array
-                                          pool:
-                                            description: 'The rados pool name. Default
-                                              is rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef is name of the
-                                              authentication secret for RBDUser. If
-                                              provided overrides keyring.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          user:
-                                            description: 'The rados user name. Default
-                                              is admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            type: string
-                                        required:
-                                        - image
-                                        - monitors
-                                        type: object
-                                      scaleIO:
-                                        description: ScaleIO represents a ScaleIO
-                                          persistent volume attached and mounted on
-                                          Kubernetes nodes.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          gateway:
-                                            description: The host address of the ScaleIO
-                                              API Gateway.
-                                            type: string
-                                          protectionDomain:
-                                            description: The name of the ScaleIO Protection
-                                              Domain for the configured storage.
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef references to the
-                                              secret for ScaleIO user and other sensitive
-                                              information.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          sslEnabled:
-                                            description: Flag to enable/disable SSL
-                                              communication with Gateway, default
-                                              false
-                                            type: boolean
-                                          storageMode:
-                                            description: Indicates whether the storage
-                                              for a volume should be ThickProvisioned
-                                              or ThinProvisioned.
-                                            type: string
-                                          storagePool:
-                                            description: The ScaleIO Storage Pool
-                                              associated with the protection domain.
-                                            type: string
-                                          system:
-                                            description: The name of the storage system
-                                              as configured in ScaleIO.
-                                            type: string
-                                          volumeName:
-                                            description: The name of a volume already
-                                              created in the ScaleIO system that is
-                                              associated with this volume sourc
-                                            type: string
-                                        required:
-                                        - gateway
-                                        - secretRef
-                                        - system
-                                        type: object
-                                      secret:
-                                        description: 'Secret represents a secret that
-                                          should populate this volume. More info:
-                                          https://kubernetes.'
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on created files
-                                              by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: If unspecified, each key-value
-                                              pair in the Data field of the referenced
-                                              Secret will be projected int
-                                            items:
-                                              description: Maps a string key to a
-                                                path within a volume.
-                                              properties:
-                                                key:
-                                                  description: The key to project.
-                                                  type: string
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file.'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: The relative path of
-                                                    the file to map the key to. May
-                                                    not be an absolute path.
-                                                  type: string
-                                              required:
-                                              - key
-                                              - path
-                                              type: object
-                                            type: array
-                                          optional:
-                                            description: Specify whether the Secret
-                                              or its keys must be defined
-                                            type: boolean
-                                          secretName:
-                                            description: 'Name of the secret in the
-                                              pod''s namespace to use. More info:
-                                              https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      storageos:
-                                        description: StorageOS represents a StorageOS
-                                          volume attached and mounted on Kubernetes
-                                          nodes.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef specifies the secret
-                                              to use for obtaining the StorageOS API
-                                              credentials.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          volumeName:
-                                            description: VolumeName is the human-readable
-                                              name of the StorageOS volume.
-                                            type: string
-                                          volumeNamespace:
-                                            description: VolumeNamespace specifies
-                                              the scope of the volume within StorageOS.
-                                            type: string
-                                        type: object
-                                      vsphereVolume:
-                                        description: VsphereVolume represents a vSphere
-                                          volume attached and mounted on kubelets
-                                          host machine
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          storagePolicyID:
-                                            description: Storage Policy Based Management
-                                              (SPBM) profile ID associated with the
-                                              StoragePolicyName.
-                                            type: string
-                                          storagePolicyName:
-                                            description: Storage Policy Based Management
-                                              (SPBM) profile name.
-                                            type: string
-                                          volumePath:
-                                            description: Path that identifies vSphere
-                                              volume vmdk
-                                            type: string
-                                        required:
-                                        - volumePath
-                                        type: object
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                              required:
-                              - containers
-                              type: object
-                          type: object
-                      required:
-                      - groupName
-                      - maxReplicas
-                      - minReplicas
-                      - rayStartParams
-                      - replicas
-                      - template
-                      type: object
-                    type: array
-                required:
-                - headGroupSpec
-                type: object
-              runtimeEnv:
-                description: RuntimeEnv is base64 encoded.
-                type: string
-              shutdownAfterJobFinishes:
-                description: ShutdownAfterJobFinishes will determine whether to delete
-                  the ray cluster once rayJob succeed or fai
-                type: boolean
-              ttlSecondsAfterFinished:
-                description: TTLSecondsAfterFinished is the TTL to clean up RayCluster.
-                format: int32
-                type: integer
-            required:
-            - entrypoint
-            type: object
-          status:
-            description: RayJobStatus defines the observed state of RayJob
-            properties:
-              dashboardURL:
-                type: string
-              endTime:
-                description: Represents time when the job was ended.
-                format: date-time
-                type: string
-              jobDeploymentStatus:
-                description: JobDeploymentStatus indicates RayJob status including
-                  RayCluster lifecycle management and Job submis
-                type: string
-              jobId:
-                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                  of cluster Important: Run "make" to regenerat'
-                type: string
-              jobStatus:
-                description: JobStatus is the Ray Job Status. https://docs.ray.io/en/latest/cluster/jobs-package-ref.
-                type: string
-              message:
-                type: string
-              rayClusterName:
-                type: string
-              rayClusterStatus:
-                description: RayClusterStatus defines the observed state of RayCluster
-                properties:
-                  availableWorkerReplicas:
-                    description: AvailableWorkerReplicas indicates how many replicas
-                      are available in the cluster
-                    format: int32
-                    type: integer
-                  desiredWorkerReplicas:
-                    description: DesiredWorkerReplicas indicates overall desired replicas
-                      claimed by the user at the cluster level.
-                    format: int32
-                    type: integer
-                  endpoints:
-                    additionalProperties:
-                      type: string
-                    description: Service Endpoints
-                    type: object
-                  lastUpdateTime:
-                    description: LastUpdateTime indicates last update timestamp for
-                      this cluster status.
-                    format: date-time
-                    nullable: true
-                    type: string
-                  maxWorkerReplicas:
-                    description: MaxWorkerReplicas indicates sum of maximum replicas
-                      of each node group.
-                    format: int32
-                    type: integer
-                  minWorkerReplicas:
-                    description: MinWorkerReplicas indicates sum of minimum replicas
-                      of each node group.
-                    format: int32
-                    type: integer
-                  state:
-                    description: 'INSERT ADDITIONAL STATUS FIELD - define observed
-                      state of cluster Important: Run "make" to regenerat'
-                    type: string
-                type: object
-              startTime:
-                description: Represents time when the job was acknowledged by the
-                  Ray cluster.
-                format: date-time
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayservices.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayservices.yaml
deleted file mode 100644
index 3c50e92036..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/crds/ray.io_rayservices.yaml
+++ /dev/null
@@ -1,11755 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.0
-  creationTimestamp: null
-  name: rayservices.ray.io
-spec:
-  group: ray.io
-  names:
-    kind: RayService
-    listKind: RayServiceList
-    plural: rayservices
-    singular: rayservice
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: RayService is the Schema for the rayservices API
-        properties:
-          apiVersion:
-            description: APIVersion defines the versioned schema of this representation
-              of an object.
-            type: string
-          kind:
-            description: Kind is a string value representing the REST resource this
-              object represents.
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: RayServiceSpec defines the desired state of RayService
-            properties:
-              rayClusterConfig:
-                description: 'EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-                  NOTE: json tags are required.'
-                properties:
-                  autoscalerOptions:
-                    description: AutoscalerOptions specifies optional configuration
-                      for the Ray autoscaler.
-                    properties:
-                      idleTimeoutSeconds:
-                        description: IdleTimeoutSeconds is the number of seconds to
-                          wait before scaling down a worker pod which is not us
-                        format: int32
-                        type: integer
-                      image:
-                        description: Image optionally overrides the autoscaler's container
-                          image.
-                        type: string
-                      imagePullPolicy:
-                        description: ImagePullPolicy optionally overrides the autoscaler
-                          container's image pull policy.
-                        type: string
-                      resources:
-                        description: Resources specifies resource requests and limits
-                          for the autoscaler container.
-                        properties:
-                          limits:
-                            additionalProperties:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                            description: 'Limits describes the maximum amount of compute
-                              resources allowed. More info: https://kubernetes.'
-                            type: object
-                          requests:
-                            additionalProperties:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                            description: Requests describes the minimum amount of
-                              compute resources required.
-                            type: object
-                        type: object
-                      upscalingMode:
-                        description: UpscalineMode is "Default" or "Aggressive.
-                        enum:
-                        - Default
-                        - Aggressive
-                        type: string
-                    type: object
-                  enableInTreeAutoscaling:
-                    description: EnableInTreeAutoscaling indicates whether operator
-                      should create in tree autoscaling configs
-                    type: boolean
-                  headGroupSpec:
-                    description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of
-                      cluster Important: Run "make" to regenerate code af'
-                    properties:
-                      enableIngress:
-                        description: EnableIngress indicates whether operator should
-                          create ingress object for head service or not.
-                        type: boolean
-                      rayStartParams:
-                        additionalProperties:
-                          type: string
-                        description: 'RayStartParams are the params of the start command:
-                          node-manager-port, object-store-memory, ...'
-                        type: object
-                      replicas:
-                        description: HeadGroupSpec.Replicas is deprecated and ignored;
-                          there can only be one head pod per Ray cluster.
-                        format: int32
-                        type: integer
-                      serviceType:
-                        description: ServiceType is Kubernetes service type of the
-                          head service.
-                        type: string
-                      template:
-                        description: Template is the eaxct pod template used in K8s
-                          depoyments, statefulsets, etc.
-                        properties:
-                          metadata:
-                            description: 'Standard object''s metadata. More info:
-                              https://git.k8s.'
-                            properties:
-                              annotations:
-                                additionalProperties:
-                                  type: string
-                                type: object
-                              finalizers:
-                                items:
-                                  type: string
-                                type: array
-                              labels:
-                                additionalProperties:
-                                  type: string
-                                type: object
-                              name:
-                                type: string
-                              namespace:
-                                type: string
-                            type: object
-                          spec:
-                            description: 'Specification of the desired behavior of
-                              the pod. More info: https://git.k8s.'
-                            properties:
-                              activeDeadlineSeconds:
-                                description: Optional duration in seconds the pod
-                                  may be active on the node relative to StartTime
-                                  before the syst
-                                format: int64
-                                type: integer
-                              affinity:
-                                description: If specified, the pod's scheduling constraints
-                                properties:
-                                  nodeAffinity:
-                                    description: Describes node affinity scheduling
-                                      rules for the pod.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: 'The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          affinity expressions specified '
-                                        items:
-                                          description: An empty preferred scheduling
-                                            term matches all objects with implicit
-                                            weight 0 (i.e. it's a no-op).
-                                          properties:
-                                            preference:
-                                              description: A node selector term, associated
-                                                with the corresponding weight.
-                                              properties:
-                                                matchExpressions:
-                                                  description: A list of node selector
-                                                    requirements by node's labels.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchFields:
-                                                  description: A list of node selector
-                                                    requirements by node's fields.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                              type: object
-                                            weight:
-                                              description: Weight associated with
-                                                matching the corresponding nodeSelectorTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - preference
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod will no
-                                        properties:
-                                          nodeSelectorTerms:
-                                            description: Required. A list of node
-                                              selector terms. The terms are ORed.
-                                            items:
-                                              description: A null or empty node selector
-                                                term matches no objects. The requirements
-                                                of them are ANDed.
-                                              properties:
-                                                matchExpressions:
-                                                  description: A list of node selector
-                                                    requirements by node's labels.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchFields:
-                                                  description: A list of node selector
-                                                    requirements by node's fields.
-                                                  items:
-                                                    description: 'A node selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates '
-                                                    properties:
-                                                      key:
-                                                        description: The label key
-                                                          that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: Represents a
-                                                          key's relationship to a
-                                                          set of values.
-                                                        type: string
-                                                      values:
-                                                        description: An array of string
-                                                          values. If the operator
-                                                          is In or NotIn, the values
-                                                          array must be non-empty.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                              type: object
-                                            type: array
-                                        required:
-                                        - nodeSelectorTerms
-                                        type: object
-                                    type: object
-                                  podAffinity:
-                                    description: Describes pod affinity scheduling
-                                      rules (e.g. co-locate this pod in the same node,
-                                      zone, etc.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: 'The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          affinity expressions specified '
-                                        items:
-                                          description: The weights of all of the matched
-                                            WeightedPodAffinityTerm fields are added
-                                            per-node to find the most
-                                          properties:
-                                            podAffinityTerm:
-                                              description: Required. A pod affinity
-                                                term, associated with the corresponding
-                                                weight.
-                                              properties:
-                                                labelSelector:
-                                                  description: A label query over
-                                                    a set of resources, in this case
-                                                    pods.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaceSelector:
-                                                  description: A label query over
-                                                    the set of namespaces that the
-                                                    term applies to.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaces:
-                                                  description: namespaces specifies
-                                                    a static list of namespace names
-                                                    that the term applies to.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                topologyKey:
-                                                  description: This pod should be
-                                                    co-located (affinity) or not co-located
-                                                    (anti-affinity) with the pods
-                                                    matching th
-                                                  type: string
-                                              required:
-                                              - topologyKey
-                                              type: object
-                                            weight:
-                                              description: weight associated with
-                                                matching the corresponding podAffinityTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - podAffinityTerm
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod will no
-                                        items:
-                                          description: Defines a set of pods (namely
-                                            those matching the labelSelector relative
-                                            to the given namespace(s)) t
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        type: array
-                                    type: object
-                                  podAntiAffinity:
-                                    description: Describes pod anti-affinity scheduling
-                                      rules (e.g.
-                                    properties:
-                                      preferredDuringSchedulingIgnoredDuringExecution:
-                                        description: The scheduler will prefer to
-                                          schedule pods to nodes that satisfy the
-                                          anti-affinity expressions speci
-                                        items:
-                                          description: The weights of all of the matched
-                                            WeightedPodAffinityTerm fields are added
-                                            per-node to find the most
-                                          properties:
-                                            podAffinityTerm:
-                                              description: Required. A pod affinity
-                                                term, associated with the corresponding
-                                                weight.
-                                              properties:
-                                                labelSelector:
-                                                  description: A label query over
-                                                    a set of resources, in this case
-                                                    pods.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaceSelector:
-                                                  description: A label query over
-                                                    the set of namespaces that the
-                                                    term applies to.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                namespaces:
-                                                  description: namespaces specifies
-                                                    a static list of namespace names
-                                                    that the term applies to.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                topologyKey:
-                                                  description: This pod should be
-                                                    co-located (affinity) or not co-located
-                                                    (anti-affinity) with the pods
-                                                    matching th
-                                                  type: string
-                                              required:
-                                              - topologyKey
-                                              type: object
-                                            weight:
-                                              description: weight associated with
-                                                matching the corresponding podAffinityTerm,
-                                                in the range 1-100.
-                                              format: int32
-                                              type: integer
-                                          required:
-                                          - podAffinityTerm
-                                          - weight
-                                          type: object
-                                        type: array
-                                      requiredDuringSchedulingIgnoredDuringExecution:
-                                        description: If the anti-affinity requirements
-                                          specified by this field are not met at scheduling
-                                          time, the pod wi
-                                        items:
-                                          description: Defines a set of pods (namely
-                                            those matching the labelSelector relative
-                                            to the given namespace(s)) t
-                                          properties:
-                                            labelSelector:
-                                              description: A label query over a set
-                                                of resources, in this case pods.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaceSelector:
-                                              description: A label query over the
-                                                set of namespaces that the term applies
-                                                to.
-                                              properties:
-                                                matchExpressions:
-                                                  description: matchExpressions is
-                                                    a list of label selector requirements.
-                                                    The requirements are ANDed.
-                                                  items:
-                                                    description: A label selector
-                                                      requirement is a selector that
-                                                      contains values, a key, and
-                                                      an operator that relates
-                                                    properties:
-                                                      key:
-                                                        description: key is the label
-                                                          key that the selector applies
-                                                          to.
-                                                        type: string
-                                                      operator:
-                                                        description: operator represents
-                                                          a key's relationship to
-                                                          a set of values.
-                                                        type: string
-                                                      values:
-                                                        description: values is an
-                                                          array of string values.
-                                                        items:
-                                                          type: string
-                                                        type: array
-                                                    required:
-                                                    - key
-                                                    - operator
-                                                    type: object
-                                                  type: array
-                                                matchLabels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  description: matchLabels is a map
-                                                    of {key,value} pairs.
-                                                  type: object
-                                              type: object
-                                            namespaces:
-                                              description: namespaces specifies a
-                                                static list of namespace names that
-                                                the term applies to.
-                                              items:
-                                                type: string
-                                              type: array
-                                            topologyKey:
-                                              description: This pod should be co-located
-                                                (affinity) or not co-located (anti-affinity)
-                                                with the pods matching th
-                                              type: string
-                                          required:
-                                          - topologyKey
-                                          type: object
-                                        type: array
-                                    type: object
-                                type: object
-                              automountServiceAccountToken:
-                                description: AutomountServiceAccountToken indicates
-                                  whether a service account token should be automatically
-                                  mount
-                                type: boolean
-                              containers:
-                                description: List of containers belonging to the pod.
-                                  Containers cannot currently be added or removed.
-                                items:
-                                  description: A single application container that
-                                    you want to run within a pod.
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Actions that the management system
-                                        should take in response to container lifecycle
-                                        events.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Periodic probe of container liveness.
-                                        Container will be restarted if the probe fails.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the container specified
-                                        as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: List of ports to expose from the
-                                        container.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Periodic probe of container service
-                                        readiness.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: 'Compute Resources required by
-                                        this container. Cannot be updated. More info:
-                                        https://kubernetes.'
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: SecurityContext defines the security
-                                        options the container should be run with.
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: StartupProbe indicates that the
-                                        Pod has successfully initialized.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem. Cannot be updated.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              dnsConfig:
-                                description: Specifies the DNS parameters of a pod.
-                                properties:
-                                  nameservers:
-                                    description: A list of DNS name server IP addresses.
-                                    items:
-                                      type: string
-                                    type: array
-                                  options:
-                                    description: A list of DNS resolver options. This
-                                      will be merged with the base options generated
-                                      from DNSPolicy.
-                                    items:
-                                      description: PodDNSConfigOption defines DNS
-                                        resolver options of a pod.
-                                      properties:
-                                        name:
-                                          description: Required.
-                                          type: string
-                                        value:
-                                          type: string
-                                      type: object
-                                    type: array
-                                  searches:
-                                    description: A list of DNS search domains for
-                                      host-name lookup.
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                              dnsPolicy:
-                                description: Set DNS policy for the pod. Defaults
-                                  to "ClusterFirst".
-                                type: string
-                              enableServiceLinks:
-                                description: EnableServiceLinks indicates whether
-                                  information about services should be injected into
-                                  pod's enviro
-                                type: boolean
-                              ephemeralContainers:
-                                description: List of ephemeral containers run in this
-                                  pod.
-                                items:
-                                  description: An EphemeralContainer is a temporary
-                                    container that you may add to an existing Pod
-                                    for user-initiate
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.io/docs/concepts/containers/images'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Lifecycle is not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the ephemeral container
-                                        specified as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: Ports are not allowed for ephemeral
-                                        containers.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: Resources are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: 'Optional: SecurityContext defines
-                                        the security options the ephemeral container
-                                        should be run with.'
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: Probes are not allowed for ephemeral
-                                        containers.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    targetContainerName:
-                                      description: If set, the name of the container
-                                        from PodSpec that this ephemeral container
-                                        targets.
-                                      type: string
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              hostAliases:
-                                description: 'HostAliases is an optional list of hosts
-                                  and IPs that will be injected into the pod''s hosts
-                                  file if '
-                                items:
-                                  description: 'HostAlias holds the mapping between
-                                    IP and hostnames that will be injected as an entry
-                                    in the pod''s '
-                                  properties:
-                                    hostnames:
-                                      description: Hostnames for the above IP address.
-                                      items:
-                                        type: string
-                                      type: array
-                                    ip:
-                                      description: IP address of the host file entry.
-                                      type: string
-                                  type: object
-                                type: array
-                              hostIPC:
-                                description: 'Use the host''s ipc namespace. Optional:
-                                  Default to false.'
-                                type: boolean
-                              hostNetwork:
-                                description: Host networking requested for this pod.
-                                  Use the host's network namespace.
-                                type: boolean
-                              hostPID:
-                                description: 'Use the host''s pid namespace. Optional:
-                                  Default to false.'
-                                type: boolean
-                              hostname:
-                                description: Specifies the hostname of the Pod If
-                                  not specified, the pod's hostname will be set to
-                                  a system-defin
-                                type: string
-                              imagePullSecrets:
-                                description: ImagePullSecrets is an optional list
-                                  of references to secrets in the same namespace to
-                                  use for pulli
-                                items:
-                                  description: 'LocalObjectReference contains enough
-                                    information to let you locate the referenced object
-                                    inside the '
-                                  properties:
-                                    name:
-                                      description: 'Name of the referent. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                  type: object
-                                type: array
-                              initContainers:
-                                description: List of initialization containers belonging
-                                  to the pod.
-                                items:
-                                  description: A single application container that
-                                    you want to run within a pod.
-                                  properties:
-                                    args:
-                                      description: Arguments to the entrypoint. The
-                                        docker image's CMD is used if this is not
-                                        provided.
-                                      items:
-                                        type: string
-                                      type: array
-                                    command:
-                                      description: Entrypoint array. Not executed
-                                        within a shell.
-                                      items:
-                                        type: string
-                                      type: array
-                                    env:
-                                      description: List of environment variables to
-                                        set in the container. Cannot be updated.
-                                      items:
-                                        description: EnvVar represents an environment
-                                          variable present in a Container.
-                                        properties:
-                                          name:
-                                            description: Name of the environment variable.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          value:
-                                            description: Variable references $(VAR_NAME)
-                                              are expanded using the previously defined
-                                              environment variables in t
-                                            type: string
-                                          valueFrom:
-                                            description: Source for the environment
-                                              variable's value. Cannot be used if
-                                              value is not empty.
-                                            properties:
-                                              configMapKeyRef:
-                                                description: Selects a key of a ConfigMap.
-                                                properties:
-                                                  key:
-                                                    description: The key to select.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its key must be
-                                                      defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                              fieldRef:
-                                                description: 'Selects a field of the
-                                                  pod: supports metadata.name, metadata.namespace,
-                                                  `metadata.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                              secretKeyRef:
-                                                description: Selects a key of a secret
-                                                  in the pod's namespace
-                                                properties:
-                                                  key:
-                                                    description: The key of the secret
-                                                      to select from.  Must be a valid
-                                                      secret key.
-                                                    type: string
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                required:
-                                                - key
-                                                type: object
-                                            type: object
-                                        required:
-                                        - name
-                                        type: object
-                                      type: array
-                                    envFrom:
-                                      description: List of sources to populate environment
-                                        variables in the container.
-                                      items:
-                                        description: EnvFromSource represents the
-                                          source of a set of ConfigMaps
-                                        properties:
-                                          configMapRef:
-                                            description: The ConfigMap to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the ConfigMap
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                          prefix:
-                                            description: An optional identifier to
-                                              prepend to each key in the ConfigMap.
-                                              Must be a C_IDENTIFIER.
-                                            type: string
-                                          secretRef:
-                                            description: The Secret to select from
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                              optional:
-                                                description: Specify whether the Secret
-                                                  must be defined
-                                                type: boolean
-                                            type: object
-                                        type: object
-                                      type: array
-                                    image:
-                                      description: 'Docker image name. More info:
-                                        https://kubernetes.'
-                                      type: string
-                                    imagePullPolicy:
-                                      description: Image pull policy. One of Always,
-                                        Never, IfNotPresent.
-                                      type: string
-                                    lifecycle:
-                                      description: Actions that the management system
-                                        should take in response to container lifecycle
-                                        events.
-                                      properties:
-                                        postStart:
-                                          description: PostStart is called immediately
-                                            after a container is created.
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                        preStop:
-                                          description: PreStop is called immediately
-                                            before a container is terminated due to
-                                            an API request or management e
-                                          properties:
-                                            exec:
-                                              description: Exec specifies the action
-                                                to take.
-                                              properties:
-                                                command:
-                                                  description: 'Command is the command
-                                                    line to execute inside the container,
-                                                    the working directory for the
-                                                    command  '
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              type: object
-                                            httpGet:
-                                              description: HTTPGet specifies the http
-                                                request to perform.
-                                              properties:
-                                                host:
-                                                  description: Host name to connect
-                                                    to, defaults to the pod IP.
-                                                  type: string
-                                                httpHeaders:
-                                                  description: Custom headers to set
-                                                    in the request. HTTP allows repeated
-                                                    headers.
-                                                  items:
-                                                    description: HTTPHeader describes
-                                                      a custom header to be used in
-                                                      HTTP probes
-                                                    properties:
-                                                      name:
-                                                        description: The header field
-                                                          name
-                                                        type: string
-                                                      value:
-                                                        description: The header field
-                                                          value
-                                                        type: string
-                                                    required:
-                                                    - name
-                                                    - value
-                                                    type: object
-                                                  type: array
-                                                path:
-                                                  description: Path to access on the
-                                                    HTTP server.
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Name or number of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                                scheme:
-                                                  description: Scheme to use for connecting
-                                                    to the host. Defaults to HTTP.
-                                                  type: string
-                                              required:
-                                              - port
-                                              type: object
-                                            tcpSocket:
-                                              description: Deprecated.
-                                              properties:
-                                                host:
-                                                  description: 'Optional: Host name
-                                                    to connect to, defaults to the
-                                                    pod IP.'
-                                                  type: string
-                                                port:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Number or name of the
-                                                    port to access on the container.
-                                                    Number must be in the range 1
-                                                    to 65535.
-                                                  x-kubernetes-int-or-string: true
-                                              required:
-                                              - port
-                                              type: object
-                                          type: object
-                                      type: object
-                                    livenessProbe:
-                                      description: Periodic probe of container liveness.
-                                        Container will be restarted if the probe fails.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    name:
-                                      description: Name of the container specified
-                                        as a DNS_LABEL.
-                                      type: string
-                                    ports:
-                                      description: List of ports to expose from the
-                                        container.
-                                      items:
-                                        description: ContainerPort represents a network
-                                          port in a single container.
-                                        properties:
-                                          containerPort:
-                                            description: Number of port to expose
-                                              on the pod's IP address. This must be
-                                              a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          hostIP:
-                                            description: What host IP to bind the
-                                              external port to.
-                                            type: string
-                                          hostPort:
-                                            description: Number of port to expose
-                                              on the host. If specified, this must
-                                              be a valid port number, 0 < x < 65536.
-                                            format: int32
-                                            type: integer
-                                          name:
-                                            description: If specified, this must be
-                                              an IANA_SVC_NAME and unique within the
-                                              pod.
-                                            type: string
-                                          protocol:
-                                            default: TCP
-                                            description: Protocol for port. Must be
-                                              UDP, TCP, or SCTP. Defaults to "TCP".
-                                            type: string
-                                        required:
-                                        - containerPort
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - containerPort
-                                      - protocol
-                                      x-kubernetes-list-type: map
-                                    readinessProbe:
-                                      description: Periodic probe of container service
-                                        readiness.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    resources:
-                                      description: 'Compute Resources required by
-                                        this container. Cannot be updated. More info:
-                                        https://kubernetes.'
-                                      properties:
-                                        limits:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: 'Limits describes the maximum
-                                            amount of compute resources allowed. More
-                                            info: https://kubernetes.'
-                                          type: object
-                                        requests:
-                                          additionalProperties:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                          description: Requests describes the minimum
-                                            amount of compute resources required.
-                                          type: object
-                                      type: object
-                                    securityContext:
-                                      description: SecurityContext defines the security
-                                        options the container should be run with.
-                                      properties:
-                                        allowPrivilegeEscalation:
-                                          description: AllowPrivilegeEscalation controls
-                                            whether a process can gain more privileges
-                                            than its parent process
-                                          type: boolean
-                                        capabilities:
-                                          description: The capabilities to add/drop
-                                            when running containers.
-                                          properties:
-                                            add:
-                                              description: Added capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                            drop:
-                                              description: Removed capabilities
-                                              items:
-                                                description: Capability represent
-                                                  POSIX capabilities type
-                                                type: string
-                                              type: array
-                                          type: object
-                                        privileged:
-                                          description: Run container in privileged
-                                            mode.
-                                          type: boolean
-                                        procMount:
-                                          description: procMount denotes the type
-                                            of proc mount to use for the containers.
-                                          type: string
-                                        readOnlyRootFilesystem:
-                                          description: Whether this container has
-                                            a read-only root filesystem. Default is
-                                            false.
-                                          type: boolean
-                                        runAsGroup:
-                                          description: The GID to run the entrypoint
-                                            of the container process. Uses runtime
-                                            default if unset.
-                                          format: int64
-                                          type: integer
-                                        runAsNonRoot:
-                                          description: Indicates that the container
-                                            must run as a non-root user.
-                                          type: boolean
-                                        runAsUser:
-                                          description: The UID to run the entrypoint
-                                            of the container process.
-                                          format: int64
-                                          type: integer
-                                        seLinuxOptions:
-                                          description: The SELinux context to be applied
-                                            to the container.
-                                          properties:
-                                            level:
-                                              description: Level is SELinux level
-                                                label that applies to the container.
-                                              type: string
-                                            role:
-                                              description: Role is a SELinux role
-                                                label that applies to the container.
-                                              type: string
-                                            type:
-                                              description: Type is a SELinux type
-                                                label that applies to the container.
-                                              type: string
-                                            user:
-                                              description: User is a SELinux user
-                                                label that applies to the container.
-                                              type: string
-                                          type: object
-                                        seccompProfile:
-                                          description: The seccomp options to use
-                                            by this container.
-                                          properties:
-                                            localhostProfile:
-                                              description: localhostProfile indicates
-                                                a profile defined in a file on the
-                                                node should be used.
-                                              type: string
-                                            type:
-                                              description: type indicates which kind
-                                                of seccomp profile will be applied.
-                                              type: string
-                                          required:
-                                          - type
-                                          type: object
-                                        windowsOptions:
-                                          description: The Windows specific settings
-                                            applied to all containers.
-                                          properties:
-                                            gmsaCredentialSpec:
-                                              description: GMSACredentialSpec is where
-                                                the GMSA admission webhook (https://github.
-                                              type: string
-                                            gmsaCredentialSpecName:
-                                              description: GMSACredentialSpecName
-                                                is the name of the GMSA credential
-                                                spec to use.
-                                              type: string
-                                            hostProcess:
-                                              description: HostProcess determines
-                                                if a container should be run as a
-                                                'Host Process' container.
-                                              type: boolean
-                                            runAsUserName:
-                                              description: The UserName in Windows
-                                                to run the entrypoint of the container
-                                                process.
-                                              type: string
-                                          type: object
-                                      type: object
-                                    startupProbe:
-                                      description: StartupProbe indicates that the
-                                        Pod has successfully initialized.
-                                      properties:
-                                        exec:
-                                          description: Exec specifies the action to
-                                            take.
-                                          properties:
-                                            command:
-                                              description: 'Command is the command
-                                                line to execute inside the container,
-                                                the working directory for the command  '
-                                              items:
-                                                type: string
-                                              type: array
-                                          type: object
-                                        failureThreshold:
-                                          description: Minimum consecutive failures
-                                            for the probe to be considered failed
-                                            after having succeeded.
-                                          format: int32
-                                          type: integer
-                                        grpc:
-                                          description: GRPC specifies an action involving
-                                            a GRPC port.
-                                          properties:
-                                            port:
-                                              description: Port number of the gRPC
-                                                service. Number must be in the range
-                                                1 to 65535.
-                                              format: int32
-                                              type: integer
-                                            service:
-                                              description: Service is the name of
-                                                the service to place in the gRPC HealthCheckRequest
-                                                (see https://github.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        httpGet:
-                                          description: HTTPGet specifies the http
-                                            request to perform.
-                                          properties:
-                                            host:
-                                              description: Host name to connect to,
-                                                defaults to the pod IP.
-                                              type: string
-                                            httpHeaders:
-                                              description: Custom headers to set in
-                                                the request. HTTP allows repeated
-                                                headers.
-                                              items:
-                                                description: HTTPHeader describes
-                                                  a custom header to be used in HTTP
-                                                  probes
-                                                properties:
-                                                  name:
-                                                    description: The header field
-                                                      name
-                                                    type: string
-                                                  value:
-                                                    description: The header field
-                                                      value
-                                                    type: string
-                                                required:
-                                                - name
-                                                - value
-                                                type: object
-                                              type: array
-                                            path:
-                                              description: Path to access on the HTTP
-                                                server.
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Name or number of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                            scheme:
-                                              description: Scheme to use for connecting
-                                                to the host. Defaults to HTTP.
-                                              type: string
-                                          required:
-                                          - port
-                                          type: object
-                                        initialDelaySeconds:
-                                          description: Number of seconds after the
-                                            container has started before liveness
-                                            probes are initiated.
-                                          format: int32
-                                          type: integer
-                                        periodSeconds:
-                                          description: How often (in seconds) to perform
-                                            the probe. Default to 10 seconds. Minimum
-                                            value is 1.
-                                          format: int32
-                                          type: integer
-                                        successThreshold:
-                                          description: Minimum consecutive successes
-                                            for the probe to be considered successful
-                                            after having failed.
-                                          format: int32
-                                          type: integer
-                                        tcpSocket:
-                                          description: TCPSocket specifies an action
-                                            involving a TCP port.
-                                          properties:
-                                            host:
-                                              description: 'Optional: Host name to
-                                                connect to, defaults to the pod IP.'
-                                              type: string
-                                            port:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Number or name of the port
-                                                to access on the container. Number
-                                                must be in the range 1 to 65535.
-                                              x-kubernetes-int-or-string: true
-                                          required:
-                                          - port
-                                          type: object
-                                        terminationGracePeriodSeconds:
-                                          description: Optional duration in seconds
-                                            the pod needs to terminate gracefully
-                                            upon probe failure.
-                                          format: int64
-                                          type: integer
-                                        timeoutSeconds:
-                                          description: Number of seconds after which
-                                            the probe times out. Defaults to 1 second.
-                                            Minimum value is 1.
-                                          format: int32
-                                          type: integer
-                                      type: object
-                                    stdin:
-                                      description: Whether this container should allocate
-                                        a buffer for stdin in the container runtime.
-                                      type: boolean
-                                    stdinOnce:
-                                      description: Whether the container runtime should
-                                        close the stdin channel after it has been
-                                        opened by a single at
-                                      type: boolean
-                                    terminationMessagePath:
-                                      description: 'Optional: Path at which the file
-                                        to which the container''s termination message
-                                        will be written is mou'
-                                      type: string
-                                    terminationMessagePolicy:
-                                      description: Indicate how the termination message
-                                        should be populated.
-                                      type: string
-                                    tty:
-                                      description: Whether this container should allocate
-                                        a TTY for itself, also requires 'stdin' to
-                                        be true.
-                                      type: boolean
-                                    volumeDevices:
-                                      description: volumeDevices is the list of block
-                                        devices to be used by the container.
-                                      items:
-                                        description: volumeDevice describes a mapping
-                                          of a raw block device within a container.
-                                        properties:
-                                          devicePath:
-                                            description: devicePath is the path inside
-                                              of the container that the device will
-                                              be mapped to.
-                                            type: string
-                                          name:
-                                            description: name must match the name
-                                              of a persistentVolumeClaim in the pod
-                                            type: string
-                                        required:
-                                        - devicePath
-                                        - name
-                                        type: object
-                                      type: array
-                                    volumeMounts:
-                                      description: Pod volumes to mount into the container's
-                                        filesystem. Cannot be updated.
-                                      items:
-                                        description: VolumeMount describes a mounting
-                                          of a Volume within a container.
-                                        properties:
-                                          mountPath:
-                                            description: Path within the container
-                                              at which the volume should be mounted.  Must
-                                              not contain ':'.
-                                            type: string
-                                          mountPropagation:
-                                            description: mountPropagation determines
-                                              how mounts are propagated from the host
-                                              to container and the other way a
-                                            type: string
-                                          name:
-                                            description: This must match the Name
-                                              of a Volume.
-                                            type: string
-                                          readOnly:
-                                            description: Mounted read-only if true,
-                                              read-write otherwise (false or unspecified).
-                                              Defaults to false.
-                                            type: boolean
-                                          subPath:
-                                            description: Path within the volume from
-                                              which the container's volume should
-                                              be mounted.
-                                            type: string
-                                          subPathExpr:
-                                            description: Expanded path within the
-                                              volume from which the container's volume
-                                              should be mounted.
-                                            type: string
-                                        required:
-                                        - mountPath
-                                        - name
-                                        type: object
-                                      type: array
-                                    workingDir:
-                                      description: Container's working directory.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              nodeName:
-                                description: NodeName is a request to schedule this
-                                  pod onto a specific node.
-                                type: string
-                              nodeSelector:
-                                additionalProperties:
-                                  type: string
-                                description: NodeSelector is a selector which must
-                                  be true for the pod to fit on a node.
-                                type: object
-                                x-kubernetes-map-type: atomic
-                              os:
-                                description: Specifies the OS of the containers in
-                                  the pod.
-                                properties:
-                                  name:
-                                    description: Name is the name of the operating
-                                      system. The currently supported values are linux
-                                      and windows.
-                                    type: string
-                                required:
-                                - name
-                                type: object
-                              overhead:
-                                additionalProperties:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                  x-kubernetes-int-or-string: true
-                                description: Overhead represents the resource overhead
-                                  associated with running a pod for a given RuntimeClass.
-                                type: object
-                              preemptionPolicy:
-                                description: PreemptionPolicy is the Policy for preempting
-                                  pods with lower priority.
-                                type: string
-                              priority:
-                                description: The priority value. Various system components
-                                  use this field to find the priority of the pod.
-                                format: int32
-                                type: integer
-                              priorityClassName:
-                                description: If specified, indicates the pod's priority.
-                                type: string
-                              readinessGates:
-                                description: If specified, all readiness gates will
-                                  be evaluated for pod readiness.
-                                items:
-                                  description: PodReadinessGate contains the reference
-                                    to a pod condition
-                                  properties:
-                                    conditionType:
-                                      description: ConditionType refers to a condition
-                                        in the pod's condition list with matching
-                                        type.
-                                      type: string
-                                  required:
-                                  - conditionType
-                                  type: object
-                                type: array
-                              restartPolicy:
-                                description: Restart policy for all containers within
-                                  the pod. One of Always, OnFailure, Never.
-                                type: string
-                              runtimeClassName:
-                                description: RuntimeClassName refers to a RuntimeClass
-                                  object in the node.k8s.
-                                type: string
-                              schedulerName:
-                                description: If specified, the pod will be dispatched
-                                  by specified scheduler.
-                                type: string
-                              securityContext:
-                                description: SecurityContext holds pod-level security
-                                  attributes and common container settings.
-                                properties:
-                                  fsGroup:
-                                    description: A special supplemental group that
-                                      applies to all containers in a pod.
-                                    format: int64
-                                    type: integer
-                                  fsGroupChangePolicy:
-                                    description: fsGroupChangePolicy defines behavior
-                                      of changing ownership and permission of the
-                                      volume before being
-                                    type: string
-                                  runAsGroup:
-                                    description: The GID to run the entrypoint of
-                                      the container process. Uses runtime default
-                                      if unset.
-                                    format: int64
-                                    type: integer
-                                  runAsNonRoot:
-                                    description: Indicates that the container must
-                                      run as a non-root user.
-                                    type: boolean
-                                  runAsUser:
-                                    description: The UID to run the entrypoint of
-                                      the container process.
-                                    format: int64
-                                    type: integer
-                                  seLinuxOptions:
-                                    description: The SELinux context to be applied
-                                      to all containers.
-                                    properties:
-                                      level:
-                                        description: Level is SELinux level label
-                                          that applies to the container.
-                                        type: string
-                                      role:
-                                        description: Role is a SELinux role label
-                                          that applies to the container.
-                                        type: string
-                                      type:
-                                        description: Type is a SELinux type label
-                                          that applies to the container.
-                                        type: string
-                                      user:
-                                        description: User is a SELinux user label
-                                          that applies to the container.
-                                        type: string
-                                    type: object
-                                  seccompProfile:
-                                    description: The seccomp options to use by the
-                                      containers in this pod.
-                                    properties:
-                                      localhostProfile:
-                                        description: localhostProfile indicates a
-                                          profile defined in a file on the node should
-                                          be used.
-                                        type: string
-                                      type:
-                                        description: type indicates which kind of
-                                          seccomp profile will be applied.
-                                        type: string
-                                    required:
-                                    - type
-                                    type: object
-                                  supplementalGroups:
-                                    description: 'A list of groups applied to the
-                                      first process run in each container, in addition
-                                      to the container''s '
-                                    items:
-                                      format: int64
-                                      type: integer
-                                    type: array
-                                  sysctls:
-                                    description: Sysctls hold a list of namespaced
-                                      sysctls used for the pod.
-                                    items:
-                                      description: Sysctl defines a kernel parameter
-                                        to be set
-                                      properties:
-                                        name:
-                                          description: Name of a property to set
-                                          type: string
-                                        value:
-                                          description: Value of a property to set
-                                          type: string
-                                      required:
-                                      - name
-                                      - value
-                                      type: object
-                                    type: array
-                                  windowsOptions:
-                                    description: The Windows specific settings applied
-                                      to all containers.
-                                    properties:
-                                      gmsaCredentialSpec:
-                                        description: GMSACredentialSpec is where the
-                                          GMSA admission webhook (https://github.
-                                        type: string
-                                      gmsaCredentialSpecName:
-                                        description: GMSACredentialSpecName is the
-                                          name of the GMSA credential spec to use.
-                                        type: string
-                                      hostProcess:
-                                        description: HostProcess determines if a container
-                                          should be run as a 'Host Process' container.
-                                        type: boolean
-                                      runAsUserName:
-                                        description: The UserName in Windows to run
-                                          the entrypoint of the container process.
-                                        type: string
-                                    type: object
-                                type: object
-                              serviceAccount:
-                                description: DeprecatedServiceAccount is a depreciated
-                                  alias for ServiceAccountName.
-                                type: string
-                              serviceAccountName:
-                                description: ServiceAccountName is the name of the
-                                  ServiceAccount to use to run this pod.
-                                type: string
-                              setHostnameAsFQDN:
-                                description: If true the pod's hostname will be configured
-                                  as the pod's FQDN, rather than the leaf name (the
-                                  defa
-                                type: boolean
-                              shareProcessNamespace:
-                                description: Share a single process namespace between
-                                  all of the containers in a pod.
-                                type: boolean
-                              subdomain:
-                                description: If specified, the fully qualified Pod
-                                  hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.
-                                type: string
-                              terminationGracePeriodSeconds:
-                                description: Optional duration in seconds the pod
-                                  needs to terminate gracefully.
-                                format: int64
-                                type: integer
-                              tolerations:
-                                description: If specified, the pod's tolerations.
-                                items:
-                                  description: The pod this Toleration is attached
-                                    to tolerates any taint that matches the triple
-                                    <key,value,effect
-                                  properties:
-                                    effect:
-                                      description: Effect indicates the taint effect
-                                        to match. Empty means match all taint effects.
-                                      type: string
-                                    key:
-                                      description: Key is the taint key that the toleration
-                                        applies to. Empty means match all taint keys.
-                                      type: string
-                                    operator:
-                                      description: Operator represents a key's relationship
-                                        to the value. Valid operators are Exists and
-                                        Equal.
-                                      type: string
-                                    tolerationSeconds:
-                                      description: TolerationSeconds represents the
-                                        period of time the toleration (which must
-                                        be of effect NoExecute, o
-                                      format: int64
-                                      type: integer
-                                    value:
-                                      description: Value is the taint value the toleration
-                                        matches to.
-                                      type: string
-                                  type: object
-                                type: array
-                              topologySpreadConstraints:
-                                description: TopologySpreadConstraints describes how
-                                  a group of pods ought to spread across topology
-                                  domains.
-                                items:
-                                  description: TopologySpreadConstraint specifies
-                                    how to spread matching pods among the given topology.
-                                  properties:
-                                    labelSelector:
-                                      description: LabelSelector is used to find matching
-                                        pods.
-                                      properties:
-                                        matchExpressions:
-                                          description: matchExpressions is a list
-                                            of label selector requirements. The requirements
-                                            are ANDed.
-                                          items:
-                                            description: A label selector requirement
-                                              is a selector that contains values,
-                                              a key, and an operator that relates
-                                            properties:
-                                              key:
-                                                description: key is the label key
-                                                  that the selector applies to.
-                                                type: string
-                                              operator:
-                                                description: operator represents a
-                                                  key's relationship to a set of values.
-                                                type: string
-                                              values:
-                                                description: values is an array of
-                                                  string values.
-                                                items:
-                                                  type: string
-                                                type: array
-                                            required:
-                                            - key
-                                            - operator
-                                            type: object
-                                          type: array
-                                        matchLabels:
-                                          additionalProperties:
-                                            type: string
-                                          description: matchLabels is a map of {key,value}
-                                            pairs.
-                                          type: object
-                                      type: object
-                                    maxSkew:
-                                      description: MaxSkew describes the degree to
-                                        which pods may be unevenly distributed.
-                                      format: int32
-                                      type: integer
-                                    topologyKey:
-                                      description: TopologyKey is the key of node
-                                        labels.
-                                      type: string
-                                    whenUnsatisfiable:
-                                      description: WhenUnsatisfiable indicates how
-                                        to deal with a pod if it doesn't satisfy the
-                                        spread constraint.
-                                      type: string
-                                  required:
-                                  - maxSkew
-                                  - topologyKey
-                                  - whenUnsatisfiable
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - topologyKey
-                                - whenUnsatisfiable
-                                x-kubernetes-list-type: map
-                              volumes:
-                                description: List of volumes that can be mounted by
-                                  containers belonging to the pod.
-                                items:
-                                  description: Volume represents a named volume in
-                                    a pod that may be accessed by any container in
-                                    the pod.
-                                  properties:
-                                    awsElasticBlockStore:
-                                      description: AWSElasticBlockStore represents
-                                        an AWS Disk resource that is attached to a
-                                        kubelet's host machine an
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        partition:
-                                          description: The partition in the volume
-                                            that you want to mount.
-                                          format: int32
-                                          type: integer
-                                        readOnly:
-                                          description: Specify "true" to force and
-                                            set the ReadOnly property in VolumeMounts
-                                            to "true".
-                                          type: boolean
-                                        volumeID:
-                                          description: 'Unique ID of the persistent
-                                            disk resource in AWS (Amazon EBS volume).
-                                            More info: https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    azureDisk:
-                                      description: AzureDisk represents an Azure Data
-                                        Disk mount on the host and bind mount to the
-                                        pod.
-                                      properties:
-                                        cachingMode:
-                                          description: 'Host Caching mode: None, Read
-                                            Only, Read Write.'
-                                          type: string
-                                        diskName:
-                                          description: The Name of the data disk in
-                                            the blob storage
-                                          type: string
-                                        diskURI:
-                                          description: The URI the data disk in the
-                                            blob storage
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        kind:
-                                          description: 'Expected values Shared: multiple
-                                            blob disks per storage account  Dedicated:
-                                            single blob disk per sto'
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                      required:
-                                      - diskName
-                                      - diskURI
-                                      type: object
-                                    azureFile:
-                                      description: AzureFile represents an Azure File
-                                        Service mount on the host and bind mount to
-                                        the pod.
-                                      properties:
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretName:
-                                          description: the name of secret that contains
-                                            Azure Storage Account Name and Key
-                                          type: string
-                                        shareName:
-                                          description: Share Name
-                                          type: string
-                                      required:
-                                      - secretName
-                                      - shareName
-                                      type: object
-                                    cephfs:
-                                      description: CephFS represents a Ceph FS mount
-                                        on the host that shares a pod's lifetime
-                                      properties:
-                                        monitors:
-                                          description: 'Required: Monitors is a collection
-                                            of Ceph monitors More info: https://examples.k8s.'
-                                          items:
-                                            type: string
-                                          type: array
-                                        path:
-                                          description: 'Optional: Used as the mounted
-                                            root, rather than the full Ceph tree,
-                                            default is /'
-                                          type: string
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretFile:
-                                          description: 'Optional: SecretFile is the
-                                            path to key ring for User, default is
-                                            /etc/ceph/user.'
-                                          type: string
-                                        secretRef:
-                                          description: 'Optional: SecretRef is reference
-                                            to the authentication secret for User,
-                                            default is empty.'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        user:
-                                          description: 'Optional: User is the rados
-                                            user name, default is admin More info:
-                                            https://examples.k8s.'
-                                          type: string
-                                      required:
-                                      - monitors
-                                      type: object
-                                    cinder:
-                                      description: Cinder represents a cinder volume
-                                        attached and mounted on kubelets host machine.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system.
-                                          type: string
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretRef:
-                                          description: 'Optional: points to a secret
-                                            object containing parameters used to connect
-                                            to OpenStack.'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        volumeID:
-                                          description: 'volume id used to identify
-                                            the volume in cinder. More info: https://examples.k8s.'
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    configMap:
-                                      description: ConfigMap represents a configMap
-                                        that should populate this volume
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits used to
-                                            set permissions on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: 'If unspecified, each key-value
-                                            pair in the Data field of the referenced
-                                            ConfigMap will be projected '
-                                          items:
-                                            description: Maps a string key to a path
-                                              within a volume.
-                                            properties:
-                                              key:
-                                                description: The key to project.
-                                                type: string
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file.'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: The relative path of
-                                                  the file to map the key to. May
-                                                  not be an absolute path.
-                                                type: string
-                                            required:
-                                            - key
-                                            - path
-                                            type: object
-                                          type: array
-                                        name:
-                                          description: 'Name of the referent. More
-                                            info: https://kubernetes.'
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its keys must be defined
-                                          type: boolean
-                                      type: object
-                                    csi:
-                                      description: CSI (Container Storage Interface)
-                                        represents ephemeral storage that is handled
-                                        by certain external C
-                                      properties:
-                                        driver:
-                                          description: Driver is the name of the CSI
-                                            driver that handles this volume.
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Ex.
-                                            "ext4", "xfs", "ntfs".
-                                          type: string
-                                        nodePublishSecretRef:
-                                          description: NodePublishSecretRef is a reference
-                                            to the secret object containing sensitive
-                                            information to pass to
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        readOnly:
-                                          description: Specifies a read-only configuration
-                                            for the volume. Defaults to false (read/write).
-                                          type: boolean
-                                        volumeAttributes:
-                                          additionalProperties:
-                                            type: string
-                                          description: VolumeAttributes stores driver-specific
-                                            properties that are passed to the CSI
-                                            driver.
-                                          type: object
-                                      required:
-                                      - driver
-                                      type: object
-                                    downwardAPI:
-                                      description: DownwardAPI represents downward
-                                        API about the pod that should populate this
-                                        volume
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits to use
-                                            on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: Items is a list of downward
-                                            API volume file
-                                          items:
-                                            description: DownwardAPIVolumeFile represents
-                                              information to create the file containing
-                                              the pod field
-                                            properties:
-                                              fieldRef:
-                                                description: 'Required: Selects a
-                                                  field of the pod: only annotations,
-                                                  labels, name and namespace are supported.'
-                                                properties:
-                                                  apiVersion:
-                                                    description: Version of the schema
-                                                      the FieldPath is written in
-                                                      terms of, defaults to "v1".
-                                                    type: string
-                                                  fieldPath:
-                                                    description: Path of the field
-                                                      to select in the specified API
-                                                      version.
-                                                    type: string
-                                                required:
-                                                - fieldPath
-                                                type: object
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file, must be an octal value between
-                                                  0000 and 07'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: 'Required: Path is  the
-                                                  relative path name of the file to
-                                                  be created.'
-                                                type: string
-                                              resourceFieldRef:
-                                                description: 'Selects a resource of
-                                                  the container: only resources limits
-                                                  and requests (limits.cpu, limits.'
-                                                properties:
-                                                  containerName:
-                                                    description: 'Container name:
-                                                      required for volumes, optional
-                                                      for env vars'
-                                                    type: string
-                                                  divisor:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Specifies the output
-                                                      format of the exposed resources,
-                                                      defaults to "1"
-                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                    x-kubernetes-int-or-string: true
-                                                  resource:
-                                                    description: 'Required: resource
-                                                      to select'
-                                                    type: string
-                                                required:
-                                                - resource
-                                                type: object
-                                            required:
-                                            - path
-                                            type: object
-                                          type: array
-                                      type: object
-                                    emptyDir:
-                                      description: EmptyDir represents a temporary
-                                        directory that shares a pod's lifetime.
-                                      properties:
-                                        medium:
-                                          description: What type of storage medium
-                                            should back this directory.
-                                          type: string
-                                        sizeLimit:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Total amount of local storage
-                                            required for this EmptyDir volume.
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                      type: object
-                                    ephemeral:
-                                      description: Ephemeral represents a volume that
-                                        is handled by a cluster storage driver.
-                                      properties:
-                                        volumeClaimTemplate:
-                                          description: Will be used to create a stand-alone
-                                            PVC to provision the volume.
-                                          properties:
-                                            metadata:
-                                              description: May contain labels and
-                                                annotations that will be copied into
-                                                the PVC when creating it.
-                                              properties:
-                                                annotations:
-                                                  additionalProperties:
-                                                    type: string
-                                                  type: object
-                                                finalizers:
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                labels:
-                                                  additionalProperties:
-                                                    type: string
-                                                  type: object
-                                                name:
-                                                  type: string
-                                                namespace:
-                                                  type: string
-                                              type: object
-                                            spec:
-                                              description: The specification for the
-                                                PersistentVolumeClaim.
-                                              properties:
-                                                accessModes:
-                                                  description: 'AccessModes contains
-                                                    the desired access modes the volume
-                                                    should have. More info: https://kubernetes.'
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                                dataSource:
-                                                  description: 'This field can be
-                                                    used to specify either: * An existing
-                                                    VolumeSnapshot object (snapshot.storage.k8s.'
-                                                  properties:
-                                                    apiGroup:
-                                                      description: APIGroup is the
-                                                        group for the resource being
-                                                        referenced.
-                                                      type: string
-                                                    kind:
-                                                      description: Kind is the type
-                                                        of resource being referenced
-                                                      type: string
-                                                    name:
-                                                      description: Name is the name
-                                                        of resource being referenced
-                                                      type: string
-                                                  required:
-                                                  - kind
-                                                  - name
-                                                  type: object
-                                                dataSourceRef:
-                                                  description: Specifies the object
-                                                    from which to populate the volume
-                                                    with data, if a non-empty volume
-                                                    is desired.
-                                                  properties:
-                                                    apiGroup:
-                                                      description: APIGroup is the
-                                                        group for the resource being
-                                                        referenced.
-                                                      type: string
-                                                    kind:
-                                                      description: Kind is the type
-                                                        of resource being referenced
-                                                      type: string
-                                                    name:
-                                                      description: Name is the name
-                                                        of resource being referenced
-                                                      type: string
-                                                  required:
-                                                  - kind
-                                                  - name
-                                                  type: object
-                                                resources:
-                                                  description: Resources represents
-                                                    the minimum resources the volume
-                                                    should have.
-                                                  properties:
-                                                    limits:
-                                                      additionalProperties:
-                                                        anyOf:
-                                                        - type: integer
-                                                        - type: string
-                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                        x-kubernetes-int-or-string: true
-                                                      description: 'Limits describes
-                                                        the maximum amount of compute
-                                                        resources allowed. More info:
-                                                        https://kubernetes.'
-                                                      type: object
-                                                    requests:
-                                                      additionalProperties:
-                                                        anyOf:
-                                                        - type: integer
-                                                        - type: string
-                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                        x-kubernetes-int-or-string: true
-                                                      description: Requests describes
-                                                        the minimum amount of compute
-                                                        resources required.
-                                                      type: object
-                                                  type: object
-                                                selector:
-                                                  description: A label query over
-                                                    volumes to consider for binding.
-                                                  properties:
-                                                    matchExpressions:
-                                                      description: matchExpressions
-                                                        is a list of label selector
-                                                        requirements. The requirements
-                                                        are ANDed.
-                                                      items:
-                                                        description: A label selector
-                                                          requirement is a selector
-                                                          that contains values, a
-                                                          key, and an operator that
-                                                          relates
-                                                        properties:
-                                                          key:
-                                                            description: key is the
-                                                              label key that the selector
-                                                              applies to.
-                                                            type: string
-                                                          operator:
-                                                            description: operator
-                                                              represents a key's relationship
-                                                              to a set of values.
-                                                            type: string
-                                                          values:
-                                                            description: values is
-                                                              an array of string values.
-                                                            items:
-                                                              type: string
-                                                            type: array
-                                                        required:
-                                                        - key
-                                                        - operator
-                                                        type: object
-                                                      type: array
-                                                    matchLabels:
-                                                      additionalProperties:
-                                                        type: string
-                                                      description: matchLabels is
-                                                        a map of {key,value} pairs.
-                                                      type: object
-                                                  type: object
-                                                storageClassName:
-                                                  description: 'Name of the StorageClass
-                                                    required by the claim. More info:
-                                                    https://kubernetes.'
-                                                  type: string
-                                                volumeMode:
-                                                  description: volumeMode defines
-                                                    what type of volume is required
-                                                    by the claim.
-                                                  type: string
-                                                volumeName:
-                                                  description: VolumeName is the binding
-                                                    reference to the PersistentVolume
-                                                    backing this claim.
-                                                  type: string
-                                              type: object
-                                          required:
-                                          - spec
-                                          type: object
-                                      type: object
-                                    fc:
-                                      description: FC represents a Fibre Channel resource
-                                        that is attached to a kubelet's host machine
-                                        and then exposed
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        lun:
-                                          description: 'Optional: FC target lun number'
-                                          format: int32
-                                          type: integer
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        targetWWNs:
-                                          description: 'Optional: FC target worldwide
-                                            names (WWNs)'
-                                          items:
-                                            type: string
-                                          type: array
-                                        wwids:
-                                          description: 'Optional: FC volume world
-                                            wide identifiers (wwids) Either wwids
-                                            or combination of targetWWNs and lun'
-                                          items:
-                                            type: string
-                                          type: array
-                                      type: object
-                                    flexVolume:
-                                      description: FlexVolume represents a generic
-                                        volume resource that is provisioned/attached
-                                        using an exec based plu
-                                      properties:
-                                        driver:
-                                          description: Driver is the name of the driver
-                                            to use for this volume.
-                                          type: string
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        options:
-                                          additionalProperties:
-                                            type: string
-                                          description: 'Optional: Extra command options
-                                            if any.'
-                                          type: object
-                                        readOnly:
-                                          description: 'Optional: Defaults to false
-                                            (read/write).'
-                                          type: boolean
-                                        secretRef:
-                                          description: 'Optional: SecretRef is reference
-                                            to the secret object containing sensitive
-                                            information to pass to th'
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                      required:
-                                      - driver
-                                      type: object
-                                    flocker:
-                                      description: Flocker represents a Flocker volume
-                                        attached to a kubelet's host machine.
-                                      properties:
-                                        datasetName:
-                                          description: Name of the dataset stored
-                                            as metadata -> name on the dataset for
-                                            Flocker should be considered as de
-                                          type: string
-                                        datasetUUID:
-                                          description: UUID of the dataset. This is
-                                            unique identifier of a Flocker dataset
-                                          type: string
-                                      type: object
-                                    gcePersistentDisk:
-                                      description: GCEPersistentDisk represents a
-                                        GCE Disk resource that is attached to a kubelet's
-                                        host machine and th
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        partition:
-                                          description: The partition in the volume
-                                            that you want to mount.
-                                          format: int32
-                                          type: integer
-                                        pdName:
-                                          description: Unique name of the PD resource
-                                            in GCE. Used to identify the disk in GCE.
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                      required:
-                                      - pdName
-                                      type: object
-                                    gitRepo:
-                                      description: 'GitRepo represents a git repository
-                                        at a particular revision. DEPRECATED: GitRepo
-                                        is deprecated.'
-                                      properties:
-                                        directory:
-                                          description: Target directory name. Must
-                                            not contain or start with '..'.  If '.
-                                          type: string
-                                        repository:
-                                          description: Repository URL
-                                          type: string
-                                        revision:
-                                          description: Commit hash for the specified
-                                            revision.
-                                          type: string
-                                      required:
-                                      - repository
-                                      type: object
-                                    glusterfs:
-                                      description: Glusterfs represents a Glusterfs
-                                        mount on the host that shares a pod's lifetime.
-                                      properties:
-                                        endpoints:
-                                          description: 'EndpointsName is the endpoint
-                                            name that details Glusterfs topology.
-                                            More info: https://examples.k8s.'
-                                          type: string
-                                        path:
-                                          description: 'Path is the Glusterfs volume
-                                            path. More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            Glusterfs volume to be mounted with read-only
-                                            permissions.
-                                          type: boolean
-                                      required:
-                                      - endpoints
-                                      - path
-                                      type: object
-                                    hostPath:
-                                      description: HostPath represents a pre-existing
-                                        file or directory on the host machine that
-                                        is directly exposed to
-                                      properties:
-                                        path:
-                                          description: Path of the directory on the
-                                            host.
-                                          type: string
-                                        type:
-                                          description: 'Type for HostPath Volume Defaults
-                                            to "" More info: https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - path
-                                      type: object
-                                    iscsi:
-                                      description: ISCSI represents an ISCSI Disk
-                                        resource that is attached to a kubelet's host
-                                        machine and then expose
-                                      properties:
-                                        chapAuthDiscovery:
-                                          description: whether support iSCSI Discovery
-                                            CHAP authentication
-                                          type: boolean
-                                        chapAuthSession:
-                                          description: whether support iSCSI Session
-                                            CHAP authentication
-                                          type: boolean
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        initiatorName:
-                                          description: Custom iSCSI Initiator Name.
-                                          type: string
-                                        iqn:
-                                          description: Target iSCSI Qualified Name.
-                                          type: string
-                                        iscsiInterface:
-                                          description: iSCSI Interface Name that uses
-                                            an iSCSI transport. Defaults to 'default'
-                                            (tcp).
-                                          type: string
-                                        lun:
-                                          description: iSCSI Target Lun number.
-                                          format: int32
-                                          type: integer
-                                        portals:
-                                          description: iSCSI Target Portal List.
-                                          items:
-                                            type: string
-                                          type: array
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                        secretRef:
-                                          description: CHAP Secret for iSCSI target
-                                            and initiator authentication
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        targetPortal:
-                                          description: iSCSI Target Portal.
-                                          type: string
-                                      required:
-                                      - iqn
-                                      - lun
-                                      - targetPortal
-                                      type: object
-                                    name:
-                                      description: 'Volume''s name. Must be a DNS_LABEL
-                                        and unique within the pod. More info: https://kubernetes.'
-                                      type: string
-                                    nfs:
-                                      description: 'NFS represents an NFS mount on
-                                        the host that shares a pod''s lifetime More
-                                        info: https://kubernetes.'
-                                      properties:
-                                        path:
-                                          description: 'Path that is exported by the
-                                            NFS server. More info: https://kubernetes.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            NFS export to be mounted with read-only
-                                            permissions. Defaults to false.
-                                          type: boolean
-                                        server:
-                                          description: 'Server is the hostname or
-                                            IP address of the NFS server. More info:
-                                            https://kubernetes.'
-                                          type: string
-                                      required:
-                                      - path
-                                      - server
-                                      type: object
-                                    persistentVolumeClaim:
-                                      description: PersistentVolumeClaimVolumeSource
-                                        represents a reference to a PersistentVolumeClaim
-                                        in the same name
-                                      properties:
-                                        claimName:
-                                          description: ClaimName is the name of a
-                                            PersistentVolumeClaim in the same namespace
-                                            as the pod using this volume.
-                                          type: string
-                                        readOnly:
-                                          description: Will force the ReadOnly setting
-                                            in VolumeMounts. Default false.
-                                          type: boolean
-                                      required:
-                                      - claimName
-                                      type: object
-                                    photonPersistentDisk:
-                                      description: 'PhotonPersistentDisk represents
-                                        a PhotonController persistent disk attached
-                                        and mounted on kubelets '
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        pdID:
-                                          description: ID that identifies Photon Controller
-                                            persistent disk
-                                          type: string
-                                      required:
-                                      - pdID
-                                      type: object
-                                    portworxVolume:
-                                      description: PortworxVolume represents a portworx
-                                        volume attached and mounted on kubelets host
-                                        machine
-                                      properties:
-                                        fsType:
-                                          description: FSType represents the filesystem
-                                            type to mount Must be a filesystem type
-                                            supported by the host opera
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        volumeID:
-                                          description: VolumeID uniquely identifies
-                                            a Portworx volume
-                                          type: string
-                                      required:
-                                      - volumeID
-                                      type: object
-                                    projected:
-                                      description: Items for all in one resources
-                                        secrets, configmaps, and downward API
-                                      properties:
-                                        defaultMode:
-                                          description: Mode bits used to set permissions
-                                            on created files by default.
-                                          format: int32
-                                          type: integer
-                                        sources:
-                                          description: list of volume projections
-                                          items:
-                                            description: Projection that may be projected
-                                              along with other supported volume types
-                                            properties:
-                                              configMap:
-                                                description: information about the
-                                                  configMap data to project
-                                                properties:
-                                                  items:
-                                                    description: 'If unspecified,
-                                                      each key-value pair in the Data
-                                                      field of the referenced ConfigMap
-                                                      will be projected '
-                                                    items:
-                                                      description: Maps a string key
-                                                        to a path within a volume.
-                                                      properties:
-                                                        key:
-                                                          description: The key to
-                                                            project.
-                                                          type: string
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file.'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: The relative
-                                                            path of the file to map
-                                                            the key to. May not be
-                                                            an absolute path.
-                                                          type: string
-                                                      required:
-                                                      - key
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      ConfigMap or its keys must be
-                                                      defined
-                                                    type: boolean
-                                                type: object
-                                              downwardAPI:
-                                                description: information about the
-                                                  downwardAPI data to project
-                                                properties:
-                                                  items:
-                                                    description: Items is a list of
-                                                      DownwardAPIVolume file
-                                                    items:
-                                                      description: DownwardAPIVolumeFile
-                                                        represents information to
-                                                        create the file containing
-                                                        the pod field
-                                                      properties:
-                                                        fieldRef:
-                                                          description: 'Required:
-                                                            Selects a field of the
-                                                            pod: only annotations,
-                                                            labels, name and namespace
-                                                            are supported.'
-                                                          properties:
-                                                            apiVersion:
-                                                              description: Version
-                                                                of the schema the
-                                                                FieldPath is written
-                                                                in terms of, defaults
-                                                                to "v1".
-                                                              type: string
-                                                            fieldPath:
-                                                              description: Path of
-                                                                the field to select
-                                                                in the specified API
-                                                                version.
-                                                              type: string
-                                                          required:
-                                                          - fieldPath
-                                                          type: object
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file,
-                                                            must be an octal value
-                                                            between 0000 and 07'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: 'Required:
-                                                            Path is  the relative
-                                                            path name of the file
-                                                            to be created.'
-                                                          type: string
-                                                        resourceFieldRef:
-                                                          description: 'Selects a
-                                                            resource of the container:
-                                                            only resources limits
-                                                            and requests (limits.cpu,
-                                                            limits.'
-                                                          properties:
-                                                            containerName:
-                                                              description: 'Container
-                                                                name: required for
-                                                                volumes, optional
-                                                                for env vars'
-                                                              type: string
-                                                            divisor:
-                                                              anyOf:
-                                                              - type: integer
-                                                              - type: string
-                                                              description: Specifies
-                                                                the output format
-                                                                of the exposed resources,
-                                                                defaults to "1"
-                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                              x-kubernetes-int-or-string: true
-                                                            resource:
-                                                              description: 'Required:
-                                                                resource to select'
-                                                              type: string
-                                                          required:
-                                                          - resource
-                                                          type: object
-                                                      required:
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              secret:
-                                                description: information about the
-                                                  secret data to project
-                                                properties:
-                                                  items:
-                                                    description: If unspecified, each
-                                                      key-value pair in the Data field
-                                                      of the referenced Secret will
-                                                      be projected int
-                                                    items:
-                                                      description: Maps a string key
-                                                        to a path within a volume.
-                                                      properties:
-                                                        key:
-                                                          description: The key to
-                                                            project.
-                                                          type: string
-                                                        mode:
-                                                          description: 'Optional:
-                                                            mode bits used to set
-                                                            permissions on this file.'
-                                                          format: int32
-                                                          type: integer
-                                                        path:
-                                                          description: The relative
-                                                            path of the file to map
-                                                            the key to. May not be
-                                                            an absolute path.
-                                                          type: string
-                                                      required:
-                                                      - key
-                                                      - path
-                                                      type: object
-                                                    type: array
-                                                  name:
-                                                    description: 'Name of the referent.
-                                                      More info: https://kubernetes.'
-                                                    type: string
-                                                  optional:
-                                                    description: Specify whether the
-                                                      Secret or its key must be defined
-                                                    type: boolean
-                                                type: object
-                                              serviceAccountToken:
-                                                description: information about the
-                                                  serviceAccountToken data to project
-                                                properties:
-                                                  audience:
-                                                    description: Audience is the intended
-                                                      audience of the token.
-                                                    type: string
-                                                  expirationSeconds:
-                                                    description: ExpirationSeconds
-                                                      is the requested duration of
-                                                      validity of the service account
-                                                      token.
-                                                    format: int64
-                                                    type: integer
-                                                  path:
-                                                    description: Path is the path
-                                                      relative to the mount point
-                                                      of the file to project the token
-                                                      into.
-                                                    type: string
-                                                required:
-                                                - path
-                                                type: object
-                                            type: object
-                                          type: array
-                                      type: object
-                                    quobyte:
-                                      description: Quobyte represents a Quobyte mount
-                                        on the host that shares a pod's lifetime
-                                      properties:
-                                        group:
-                                          description: Group to map volume access
-                                            to Default is no group
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            Quobyte volume to be mounted with read-only
-                                            permissions.
-                                          type: boolean
-                                        registry:
-                                          description: Registry represents a single
-                                            or multiple Quobyte Registry services
-                                            specified as a string as host:por
-                                          type: string
-                                        tenant:
-                                          description: Tenant owning the given Quobyte
-                                            volume in the Backend Used with dynamically
-                                            provisioned Quobyte volu
-                                          type: string
-                                        user:
-                                          description: User to map volume access to
-                                            Defaults to serivceaccount user
-                                          type: string
-                                        volume:
-                                          description: Volume is a string that references
-                                            an already created Quobyte volume by name.
-                                          type: string
-                                      required:
-                                      - registry
-                                      - volume
-                                      type: object
-                                    rbd:
-                                      description: RBD represents a Rados Block Device
-                                        mount on the host that shares a pod's lifetime.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type of the volume
-                                            that you want to mount.
-                                          type: string
-                                        image:
-                                          description: 'The rados image name. More
-                                            info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                          type: string
-                                        keyring:
-                                          description: Keyring is the path to key
-                                            ring for RBDUser. Default is /etc/ceph/keyring.
-                                          type: string
-                                        monitors:
-                                          description: 'A collection of Ceph monitors.
-                                            More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          items:
-                                            type: string
-                                          type: array
-                                        pool:
-                                          description: 'The rados pool name. Default
-                                            is rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          type: string
-                                        readOnly:
-                                          description: ReadOnly here will force the
-                                            ReadOnly setting in VolumeMounts. Defaults
-                                            to false.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef is name of the authentication
-                                            secret for RBDUser. If provided overrides
-                                            keyring.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        user:
-                                          description: 'The rados user name. Default
-                                            is admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                          type: string
-                                      required:
-                                      - image
-                                      - monitors
-                                      type: object
-                                    scaleIO:
-                                      description: ScaleIO represents a ScaleIO persistent
-                                        volume attached and mounted on Kubernetes
-                                        nodes.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        gateway:
-                                          description: The host address of the ScaleIO
-                                            API Gateway.
-                                          type: string
-                                        protectionDomain:
-                                          description: The name of the ScaleIO Protection
-                                            Domain for the configured storage.
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef references to the
-                                            secret for ScaleIO user and other sensitive
-                                            information.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        sslEnabled:
-                                          description: Flag to enable/disable SSL
-                                            communication with Gateway, default false
-                                          type: boolean
-                                        storageMode:
-                                          description: Indicates whether the storage
-                                            for a volume should be ThickProvisioned
-                                            or ThinProvisioned.
-                                          type: string
-                                        storagePool:
-                                          description: The ScaleIO Storage Pool associated
-                                            with the protection domain.
-                                          type: string
-                                        system:
-                                          description: The name of the storage system
-                                            as configured in ScaleIO.
-                                          type: string
-                                        volumeName:
-                                          description: The name of a volume already
-                                            created in the ScaleIO system that is
-                                            associated with this volume sourc
-                                          type: string
-                                      required:
-                                      - gateway
-                                      - secretRef
-                                      - system
-                                      type: object
-                                    secret:
-                                      description: 'Secret represents a secret that
-                                        should populate this volume. More info: https://kubernetes.'
-                                      properties:
-                                        defaultMode:
-                                          description: 'Optional: mode bits used to
-                                            set permissions on created files by default.'
-                                          format: int32
-                                          type: integer
-                                        items:
-                                          description: If unspecified, each key-value
-                                            pair in the Data field of the referenced
-                                            Secret will be projected int
-                                          items:
-                                            description: Maps a string key to a path
-                                              within a volume.
-                                            properties:
-                                              key:
-                                                description: The key to project.
-                                                type: string
-                                              mode:
-                                                description: 'Optional: mode bits
-                                                  used to set permissions on this
-                                                  file.'
-                                                format: int32
-                                                type: integer
-                                              path:
-                                                description: The relative path of
-                                                  the file to map the key to. May
-                                                  not be an absolute path.
-                                                type: string
-                                            required:
-                                            - key
-                                            - path
-                                            type: object
-                                          type: array
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its keys must be defined
-                                          type: boolean
-                                        secretName:
-                                          description: 'Name of the secret in the
-                                            pod''s namespace to use. More info: https://kubernetes.'
-                                          type: string
-                                      type: object
-                                    storageos:
-                                      description: StorageOS represents a StorageOS
-                                        volume attached and mounted on Kubernetes
-                                        nodes.
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        readOnly:
-                                          description: Defaults to false (read/write).
-                                            ReadOnly here will force the ReadOnly
-                                            setting in VolumeMounts.
-                                          type: boolean
-                                        secretRef:
-                                          description: SecretRef specifies the secret
-                                            to use for obtaining the StorageOS API
-                                            credentials.
-                                          properties:
-                                            name:
-                                              description: 'Name of the referent.
-                                                More info: https://kubernetes.'
-                                              type: string
-                                          type: object
-                                        volumeName:
-                                          description: VolumeName is the human-readable
-                                            name of the StorageOS volume.
-                                          type: string
-                                        volumeNamespace:
-                                          description: VolumeNamespace specifies the
-                                            scope of the volume within StorageOS.
-                                          type: string
-                                      type: object
-                                    vsphereVolume:
-                                      description: VsphereVolume represents a vSphere
-                                        volume attached and mounted on kubelets host
-                                        machine
-                                      properties:
-                                        fsType:
-                                          description: Filesystem type to mount. Must
-                                            be a filesystem type supported by the
-                                            host operating system. Ex.
-                                          type: string
-                                        storagePolicyID:
-                                          description: Storage Policy Based Management
-                                            (SPBM) profile ID associated with the
-                                            StoragePolicyName.
-                                          type: string
-                                        storagePolicyName:
-                                          description: Storage Policy Based Management
-                                            (SPBM) profile name.
-                                          type: string
-                                        volumePath:
-                                          description: Path that identifies vSphere
-                                            volume vmdk
-                                          type: string
-                                      required:
-                                      - volumePath
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                            required:
-                            - containers
-                            type: object
-                        type: object
-                    required:
-                    - rayStartParams
-                    - serviceType
-                    - template
-                    type: object
-                  rayVersion:
-                    description: RayVersion is the version of ray being used. this
-                      affects the command used to start ray
-                    type: string
-                  workerGroupSpecs:
-                    description: WorkerGroupSpecs are the specs for the worker pods
-                    items:
-                      description: WorkerGroupSpec are the specs for the worker pods
-                      properties:
-                        groupName:
-                          description: we can have multiple worker groups, we distinguish
-                            them by name
-                          type: string
-                        maxReplicas:
-                          description: MaxReplicas defaults to maxInt32
-                          format: int32
-                          type: integer
-                        minReplicas:
-                          description: MinReplicas defaults to 1
-                          format: int32
-                          type: integer
-                        rayStartParams:
-                          additionalProperties:
-                            type: string
-                          description: 'RayStartParams are the params of the start
-                            command: address, object-store-memory, ...'
-                          type: object
-                        replicas:
-                          description: Replicas Number of desired pods in this pod
-                            group.
-                          format: int32
-                          type: integer
-                        scaleStrategy:
-                          description: ScaleStrategy defines which pods to remove
-                          properties:
-                            workersToDelete:
-                              description: WorkersToDelete workers to be deleted
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                        template:
-                          description: Template a pod template for the worker
-                          properties:
-                            metadata:
-                              description: 'Standard object''s metadata. More info:
-                                https://git.k8s.'
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                                finalizers:
-                                  items:
-                                    type: string
-                                  type: array
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                              type: object
-                            spec:
-                              description: 'Specification of the desired behavior
-                                of the pod. More info: https://git.k8s.'
-                              properties:
-                                activeDeadlineSeconds:
-                                  description: Optional duration in seconds the pod
-                                    may be active on the node relative to StartTime
-                                    before the syst
-                                  format: int64
-                                  type: integer
-                                affinity:
-                                  description: If specified, the pod's scheduling
-                                    constraints
-                                  properties:
-                                    nodeAffinity:
-                                      description: Describes node affinity scheduling
-                                        rules for the pod.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: 'The scheduler will prefer
-                                            to schedule pods to nodes that satisfy
-                                            the affinity expressions specified '
-                                          items:
-                                            description: An empty preferred scheduling
-                                              term matches all objects with implicit
-                                              weight 0 (i.e. it's a no-op).
-                                            properties:
-                                              preference:
-                                                description: A node selector term,
-                                                  associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: A list of node selector
-                                                      requirements by node's labels.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchFields:
-                                                    description: A list of node selector
-                                                      requirements by node's fields.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              weight:
-                                                description: Weight associated with
-                                                  matching the corresponding nodeSelectorTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - preference
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod will no
-                                          properties:
-                                            nodeSelectorTerms:
-                                              description: Required. A list of node
-                                                selector terms. The terms are ORed.
-                                              items:
-                                                description: A null or empty node
-                                                  selector term matches no objects.
-                                                  The requirements of them are ANDed.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: A list of node selector
-                                                      requirements by node's labels.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchFields:
-                                                    description: A list of node selector
-                                                      requirements by node's fields.
-                                                    items:
-                                                      description: 'A node selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates '
-                                                      properties:
-                                                        key:
-                                                          description: The label key
-                                                            that the selector applies
-                                                            to.
-                                                          type: string
-                                                        operator:
-                                                          description: Represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: An array of
-                                                            string values. If the
-                                                            operator is In or NotIn,
-                                                            the values array must
-                                                            be non-empty.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                type: object
-                                              type: array
-                                          required:
-                                          - nodeSelectorTerms
-                                          type: object
-                                      type: object
-                                    podAffinity:
-                                      description: Describes pod affinity scheduling
-                                        rules (e.g. co-locate this pod in the same
-                                        node, zone, etc.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: 'The scheduler will prefer
-                                            to schedule pods to nodes that satisfy
-                                            the affinity expressions specified '
-                                          items:
-                                            description: The weights of all of the
-                                              matched WeightedPodAffinityTerm fields
-                                              are added per-node to find the most
-                                            properties:
-                                              podAffinityTerm:
-                                                description: Required. A pod affinity
-                                                  term, associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  labelSelector:
-                                                    description: A label query over
-                                                      a set of resources, in this
-                                                      case pods.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaceSelector:
-                                                    description: A label query over
-                                                      the set of namespaces that the
-                                                      term applies to.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaces:
-                                                    description: namespaces specifies
-                                                      a static list of namespace names
-                                                      that the term applies to.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  topologyKey:
-                                                    description: This pod should be
-                                                      co-located (affinity) or not
-                                                      co-located (anti-affinity) with
-                                                      the pods matching th
-                                                    type: string
-                                                required:
-                                                - topologyKey
-                                                type: object
-                                              weight:
-                                                description: weight associated with
-                                                  matching the corresponding podAffinityTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - podAffinityTerm
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod will no
-                                          items:
-                                            description: Defines a set of pods (namely
-                                              those matching the labelSelector relative
-                                              to the given namespace(s)) t
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          type: array
-                                      type: object
-                                    podAntiAffinity:
-                                      description: Describes pod anti-affinity scheduling
-                                        rules (e.g.
-                                      properties:
-                                        preferredDuringSchedulingIgnoredDuringExecution:
-                                          description: The scheduler will prefer to
-                                            schedule pods to nodes that satisfy the
-                                            anti-affinity expressions speci
-                                          items:
-                                            description: The weights of all of the
-                                              matched WeightedPodAffinityTerm fields
-                                              are added per-node to find the most
-                                            properties:
-                                              podAffinityTerm:
-                                                description: Required. A pod affinity
-                                                  term, associated with the corresponding
-                                                  weight.
-                                                properties:
-                                                  labelSelector:
-                                                    description: A label query over
-                                                      a set of resources, in this
-                                                      case pods.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaceSelector:
-                                                    description: A label query over
-                                                      the set of namespaces that the
-                                                      term applies to.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  namespaces:
-                                                    description: namespaces specifies
-                                                      a static list of namespace names
-                                                      that the term applies to.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  topologyKey:
-                                                    description: This pod should be
-                                                      co-located (affinity) or not
-                                                      co-located (anti-affinity) with
-                                                      the pods matching th
-                                                    type: string
-                                                required:
-                                                - topologyKey
-                                                type: object
-                                              weight:
-                                                description: weight associated with
-                                                  matching the corresponding podAffinityTerm,
-                                                  in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - podAffinityTerm
-                                            - weight
-                                            type: object
-                                          type: array
-                                        requiredDuringSchedulingIgnoredDuringExecution:
-                                          description: If the anti-affinity requirements
-                                            specified by this field are not met at
-                                            scheduling time, the pod wi
-                                          items:
-                                            description: Defines a set of pods (namely
-                                              those matching the labelSelector relative
-                                              to the given namespace(s)) t
-                                            properties:
-                                              labelSelector:
-                                                description: A label query over a
-                                                  set of resources, in this case pods.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaceSelector:
-                                                description: A label query over the
-                                                  set of namespaces that the term
-                                                  applies to.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions
-                                                      is a list of label selector
-                                                      requirements. The requirements
-                                                      are ANDed.
-                                                    items:
-                                                      description: A label selector
-                                                        requirement is a selector
-                                                        that contains values, a key,
-                                                        and an operator that relates
-                                                      properties:
-                                                        key:
-                                                          description: key is the
-                                                            label key that the selector
-                                                            applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents
-                                                            a key's relationship to
-                                                            a set of values.
-                                                          type: string
-                                                        values:
-                                                          description: values is an
-                                                            array of string values.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a
-                                                      map of {key,value} pairs.
-                                                    type: object
-                                                type: object
-                                              namespaces:
-                                                description: namespaces specifies
-                                                  a static list of namespace names
-                                                  that the term applies to.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              topologyKey:
-                                                description: This pod should be co-located
-                                                  (affinity) or not co-located (anti-affinity)
-                                                  with the pods matching th
-                                                type: string
-                                            required:
-                                            - topologyKey
-                                            type: object
-                                          type: array
-                                      type: object
-                                  type: object
-                                automountServiceAccountToken:
-                                  description: AutomountServiceAccountToken indicates
-                                    whether a service account token should be automatically
-                                    mount
-                                  type: boolean
-                                containers:
-                                  description: List of containers belonging to the
-                                    pod. Containers cannot currently be added or removed.
-                                  items:
-                                    description: A single application container that
-                                      you want to run within a pod.
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Actions that the management system
-                                          should take in response to container lifecycle
-                                          events.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Periodic probe of container liveness.
-                                          Container will be restarted if the probe
-                                          fails.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the container specified
-                                          as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: List of ports to expose from
-                                          the container.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Periodic probe of container service
-                                          readiness.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: 'Compute Resources required by
-                                          this container. Cannot be updated. More
-                                          info: https://kubernetes.'
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: SecurityContext defines the security
-                                          options the container should be run with.
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: StartupProbe indicates that the
-                                          Pod has successfully initialized.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem. Cannot be updated.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                dnsConfig:
-                                  description: Specifies the DNS parameters of a pod.
-                                  properties:
-                                    nameservers:
-                                      description: A list of DNS name server IP addresses.
-                                      items:
-                                        type: string
-                                      type: array
-                                    options:
-                                      description: A list of DNS resolver options.
-                                        This will be merged with the base options
-                                        generated from DNSPolicy.
-                                      items:
-                                        description: PodDNSConfigOption defines DNS
-                                          resolver options of a pod.
-                                        properties:
-                                          name:
-                                            description: Required.
-                                            type: string
-                                          value:
-                                            type: string
-                                        type: object
-                                      type: array
-                                    searches:
-                                      description: A list of DNS search domains for
-                                        host-name lookup.
-                                      items:
-                                        type: string
-                                      type: array
-                                  type: object
-                                dnsPolicy:
-                                  description: Set DNS policy for the pod. Defaults
-                                    to "ClusterFirst".
-                                  type: string
-                                enableServiceLinks:
-                                  description: EnableServiceLinks indicates whether
-                                    information about services should be injected
-                                    into pod's enviro
-                                  type: boolean
-                                ephemeralContainers:
-                                  description: List of ephemeral containers run in
-                                    this pod.
-                                  items:
-                                    description: An EphemeralContainer is a temporary
-                                      container that you may add to an existing Pod
-                                      for user-initiate
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.io/docs/concepts/containers/images'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Lifecycle is not allowed for
-                                          ephemeral containers.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the ephemeral container
-                                          specified as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: Ports are not allowed for ephemeral
-                                          containers.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: Resources are not allowed for
-                                          ephemeral containers.
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: 'Optional: SecurityContext defines
-                                          the security options the ephemeral container
-                                          should be run with.'
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: Probes are not allowed for ephemeral
-                                          containers.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      targetContainerName:
-                                        description: If set, the name of the container
-                                          from PodSpec that this ephemeral container
-                                          targets.
-                                        type: string
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                hostAliases:
-                                  description: 'HostAliases is an optional list of
-                                    hosts and IPs that will be injected into the pod''s
-                                    hosts file if '
-                                  items:
-                                    description: 'HostAlias holds the mapping between
-                                      IP and hostnames that will be injected as an
-                                      entry in the pod''s '
-                                    properties:
-                                      hostnames:
-                                        description: Hostnames for the above IP address.
-                                        items:
-                                          type: string
-                                        type: array
-                                      ip:
-                                        description: IP address of the host file entry.
-                                        type: string
-                                    type: object
-                                  type: array
-                                hostIPC:
-                                  description: 'Use the host''s ipc namespace. Optional:
-                                    Default to false.'
-                                  type: boolean
-                                hostNetwork:
-                                  description: Host networking requested for this
-                                    pod. Use the host's network namespace.
-                                  type: boolean
-                                hostPID:
-                                  description: 'Use the host''s pid namespace. Optional:
-                                    Default to false.'
-                                  type: boolean
-                                hostname:
-                                  description: Specifies the hostname of the Pod If
-                                    not specified, the pod's hostname will be set
-                                    to a system-defin
-                                  type: string
-                                imagePullSecrets:
-                                  description: ImagePullSecrets is an optional list
-                                    of references to secrets in the same namespace
-                                    to use for pulli
-                                  items:
-                                    description: 'LocalObjectReference contains enough
-                                      information to let you locate the referenced
-                                      object inside the '
-                                    properties:
-                                      name:
-                                        description: 'Name of the referent. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                    type: object
-                                  type: array
-                                initContainers:
-                                  description: List of initialization containers belonging
-                                    to the pod.
-                                  items:
-                                    description: A single application container that
-                                      you want to run within a pod.
-                                    properties:
-                                      args:
-                                        description: Arguments to the entrypoint.
-                                          The docker image's CMD is used if this is
-                                          not provided.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: Entrypoint array. Not executed
-                                          within a shell.
-                                        items:
-                                          type: string
-                                        type: array
-                                      env:
-                                        description: List of environment variables
-                                          to set in the container. Cannot be updated.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: Variable references $(VAR_NAME)
-                                                are expanded using the previously
-                                                defined environment variables in t
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                fieldRef:
-                                                  description: 'Selects a field of
-                                                    the pod: supports metadata.name,
-                                                    metadata.namespace, `metadata.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      envFrom:
-                                        description: List of sources to populate environment
-                                          variables in the container.
-                                        items:
-                                          description: EnvFromSource represents the
-                                            source of a set of ConfigMaps
-                                          properties:
-                                            configMapRef:
-                                              description: The ConfigMap to select
-                                                from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap must be defined
-                                                  type: boolean
-                                              type: object
-                                            prefix:
-                                              description: An optional identifier
-                                                to prepend to each key in the ConfigMap.
-                                                Must be a C_IDENTIFIER.
-                                              type: string
-                                            secretRef:
-                                              description: The Secret to select from
-                                              properties:
-                                                name:
-                                                  description: 'Name of the referent.
-                                                    More info: https://kubernetes.'
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret must be defined
-                                                  type: boolean
-                                              type: object
-                                          type: object
-                                        type: array
-                                      image:
-                                        description: 'Docker image name. More info:
-                                          https://kubernetes.'
-                                        type: string
-                                      imagePullPolicy:
-                                        description: Image pull policy. One of Always,
-                                          Never, IfNotPresent.
-                                        type: string
-                                      lifecycle:
-                                        description: Actions that the management system
-                                          should take in response to container lifecycle
-                                          events.
-                                        properties:
-                                          postStart:
-                                            description: PostStart is called immediately
-                                              after a container is created.
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                          preStop:
-                                            description: PreStop is called immediately
-                                              before a container is terminated due
-                                              to an API request or management e
-                                            properties:
-                                              exec:
-                                                description: Exec specifies the action
-                                                  to take.
-                                                properties:
-                                                  command:
-                                                    description: 'Command is the command
-                                                      line to execute inside the container,
-                                                      the working directory for the
-                                                      command  '
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                type: object
-                                              httpGet:
-                                                description: HTTPGet specifies the
-                                                  http request to perform.
-                                                properties:
-                                                  host:
-                                                    description: Host name to connect
-                                                      to, defaults to the pod IP.
-                                                    type: string
-                                                  httpHeaders:
-                                                    description: Custom headers to
-                                                      set in the request. HTTP allows
-                                                      repeated headers.
-                                                    items:
-                                                      description: HTTPHeader describes
-                                                        a custom header to be used
-                                                        in HTTP probes
-                                                      properties:
-                                                        name:
-                                                          description: The header
-                                                            field name
-                                                          type: string
-                                                        value:
-                                                          description: The header
-                                                            field value
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  path:
-                                                    description: Path to access on
-                                                      the HTTP server.
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Name or number of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                  scheme:
-                                                    description: Scheme to use for
-                                                      connecting to the host. Defaults
-                                                      to HTTP.
-                                                    type: string
-                                                required:
-                                                - port
-                                                type: object
-                                              tcpSocket:
-                                                description: Deprecated.
-                                                properties:
-                                                  host:
-                                                    description: 'Optional: Host name
-                                                      to connect to, defaults to the
-                                                      pod IP.'
-                                                    type: string
-                                                  port:
-                                                    anyOf:
-                                                    - type: integer
-                                                    - type: string
-                                                    description: Number or name of
-                                                      the port to access on the container.
-                                                      Number must be in the range
-                                                      1 to 65535.
-                                                    x-kubernetes-int-or-string: true
-                                                required:
-                                                - port
-                                                type: object
-                                            type: object
-                                        type: object
-                                      livenessProbe:
-                                        description: Periodic probe of container liveness.
-                                          Container will be restarted if the probe
-                                          fails.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      name:
-                                        description: Name of the container specified
-                                          as a DNS_LABEL.
-                                        type: string
-                                      ports:
-                                        description: List of ports to expose from
-                                          the container.
-                                        items:
-                                          description: ContainerPort represents a
-                                            network port in a single container.
-                                          properties:
-                                            containerPort:
-                                              description: Number of port to expose
-                                                on the pod's IP address. This must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            hostIP:
-                                              description: What host IP to bind the
-                                                external port to.
-                                              type: string
-                                            hostPort:
-                                              description: Number of port to expose
-                                                on the host. If specified, this must
-                                                be a valid port number, 0 < x < 65536.
-                                              format: int32
-                                              type: integer
-                                            name:
-                                              description: If specified, this must
-                                                be an IANA_SVC_NAME and unique within
-                                                the pod.
-                                              type: string
-                                            protocol:
-                                              default: TCP
-                                              description: Protocol for port. Must
-                                                be UDP, TCP, or SCTP. Defaults to
-                                                "TCP".
-                                              type: string
-                                          required:
-                                          - containerPort
-                                          type: object
-                                        type: array
-                                        x-kubernetes-list-map-keys:
-                                        - containerPort
-                                        - protocol
-                                        x-kubernetes-list-type: map
-                                      readinessProbe:
-                                        description: Periodic probe of container service
-                                          readiness.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      resources:
-                                        description: 'Compute Resources required by
-                                          this container. Cannot be updated. More
-                                          info: https://kubernetes.'
-                                        properties:
-                                          limits:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: 'Limits describes the maximum
-                                              amount of compute resources allowed.
-                                              More info: https://kubernetes.'
-                                            type: object
-                                          requests:
-                                            additionalProperties:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            description: Requests describes the minimum
-                                              amount of compute resources required.
-                                            type: object
-                                        type: object
-                                      securityContext:
-                                        description: SecurityContext defines the security
-                                          options the container should be run with.
-                                        properties:
-                                          allowPrivilegeEscalation:
-                                            description: AllowPrivilegeEscalation
-                                              controls whether a process can gain
-                                              more privileges than its parent process
-                                            type: boolean
-                                          capabilities:
-                                            description: The capabilities to add/drop
-                                              when running containers.
-                                            properties:
-                                              add:
-                                                description: Added capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                              drop:
-                                                description: Removed capabilities
-                                                items:
-                                                  description: Capability represent
-                                                    POSIX capabilities type
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          privileged:
-                                            description: Run container in privileged
-                                              mode.
-                                            type: boolean
-                                          procMount:
-                                            description: procMount denotes the type
-                                              of proc mount to use for the containers.
-                                            type: string
-                                          readOnlyRootFilesystem:
-                                            description: Whether this container has
-                                              a read-only root filesystem. Default
-                                              is false.
-                                            type: boolean
-                                          runAsGroup:
-                                            description: The GID to run the entrypoint
-                                              of the container process. Uses runtime
-                                              default if unset.
-                                            format: int64
-                                            type: integer
-                                          runAsNonRoot:
-                                            description: Indicates that the container
-                                              must run as a non-root user.
-                                            type: boolean
-                                          runAsUser:
-                                            description: The UID to run the entrypoint
-                                              of the container process.
-                                            format: int64
-                                            type: integer
-                                          seLinuxOptions:
-                                            description: The SELinux context to be
-                                              applied to the container.
-                                            properties:
-                                              level:
-                                                description: Level is SELinux level
-                                                  label that applies to the container.
-                                                type: string
-                                              role:
-                                                description: Role is a SELinux role
-                                                  label that applies to the container.
-                                                type: string
-                                              type:
-                                                description: Type is a SELinux type
-                                                  label that applies to the container.
-                                                type: string
-                                              user:
-                                                description: User is a SELinux user
-                                                  label that applies to the container.
-                                                type: string
-                                            type: object
-                                          seccompProfile:
-                                            description: The seccomp options to use
-                                              by this container.
-                                            properties:
-                                              localhostProfile:
-                                                description: localhostProfile indicates
-                                                  a profile defined in a file on the
-                                                  node should be used.
-                                                type: string
-                                              type:
-                                                description: type indicates which
-                                                  kind of seccomp profile will be
-                                                  applied.
-                                                type: string
-                                            required:
-                                            - type
-                                            type: object
-                                          windowsOptions:
-                                            description: The Windows specific settings
-                                              applied to all containers.
-                                            properties:
-                                              gmsaCredentialSpec:
-                                                description: GMSACredentialSpec is
-                                                  where the GMSA admission webhook
-                                                  (https://github.
-                                                type: string
-                                              gmsaCredentialSpecName:
-                                                description: GMSACredentialSpecName
-                                                  is the name of the GMSA credential
-                                                  spec to use.
-                                                type: string
-                                              hostProcess:
-                                                description: HostProcess determines
-                                                  if a container should be run as
-                                                  a 'Host Process' container.
-                                                type: boolean
-                                              runAsUserName:
-                                                description: The UserName in Windows
-                                                  to run the entrypoint of the container
-                                                  process.
-                                                type: string
-                                            type: object
-                                        type: object
-                                      startupProbe:
-                                        description: StartupProbe indicates that the
-                                          Pod has successfully initialized.
-                                        properties:
-                                          exec:
-                                            description: Exec specifies the action
-                                              to take.
-                                            properties:
-                                              command:
-                                                description: 'Command is the command
-                                                  line to execute inside the container,
-                                                  the working directory for the command  '
-                                                items:
-                                                  type: string
-                                                type: array
-                                            type: object
-                                          failureThreshold:
-                                            description: Minimum consecutive failures
-                                              for the probe to be considered failed
-                                              after having succeeded.
-                                            format: int32
-                                            type: integer
-                                          grpc:
-                                            description: GRPC specifies an action
-                                              involving a GRPC port.
-                                            properties:
-                                              port:
-                                                description: Port number of the gRPC
-                                                  service. Number must be in the range
-                                                  1 to 65535.
-                                                format: int32
-                                                type: integer
-                                              service:
-                                                description: Service is the name of
-                                                  the service to place in the gRPC
-                                                  HealthCheckRequest (see https://github.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          httpGet:
-                                            description: HTTPGet specifies the http
-                                              request to perform.
-                                            properties:
-                                              host:
-                                                description: Host name to connect
-                                                  to, defaults to the pod IP.
-                                                type: string
-                                              httpHeaders:
-                                                description: Custom headers to set
-                                                  in the request. HTTP allows repeated
-                                                  headers.
-                                                items:
-                                                  description: HTTPHeader describes
-                                                    a custom header to be used in
-                                                    HTTP probes
-                                                  properties:
-                                                    name:
-                                                      description: The header field
-                                                        name
-                                                      type: string
-                                                    value:
-                                                      description: The header field
-                                                        value
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              path:
-                                                description: Path to access on the
-                                                  HTTP server.
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Name or number of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                              scheme:
-                                                description: Scheme to use for connecting
-                                                  to the host. Defaults to HTTP.
-                                                type: string
-                                            required:
-                                            - port
-                                            type: object
-                                          initialDelaySeconds:
-                                            description: Number of seconds after the
-                                              container has started before liveness
-                                              probes are initiated.
-                                            format: int32
-                                            type: integer
-                                          periodSeconds:
-                                            description: How often (in seconds) to
-                                              perform the probe. Default to 10 seconds.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                          successThreshold:
-                                            description: Minimum consecutive successes
-                                              for the probe to be considered successful
-                                              after having failed.
-                                            format: int32
-                                            type: integer
-                                          tcpSocket:
-                                            description: TCPSocket specifies an action
-                                              involving a TCP port.
-                                            properties:
-                                              host:
-                                                description: 'Optional: Host name
-                                                  to connect to, defaults to the pod
-                                                  IP.'
-                                                type: string
-                                              port:
-                                                anyOf:
-                                                - type: integer
-                                                - type: string
-                                                description: Number or name of the
-                                                  port to access on the container.
-                                                  Number must be in the range 1 to
-                                                  65535.
-                                                x-kubernetes-int-or-string: true
-                                            required:
-                                            - port
-                                            type: object
-                                          terminationGracePeriodSeconds:
-                                            description: Optional duration in seconds
-                                              the pod needs to terminate gracefully
-                                              upon probe failure.
-                                            format: int64
-                                            type: integer
-                                          timeoutSeconds:
-                                            description: Number of seconds after which
-                                              the probe times out. Defaults to 1 second.
-                                              Minimum value is 1.
-                                            format: int32
-                                            type: integer
-                                        type: object
-                                      stdin:
-                                        description: Whether this container should
-                                          allocate a buffer for stdin in the container
-                                          runtime.
-                                        type: boolean
-                                      stdinOnce:
-                                        description: Whether the container runtime
-                                          should close the stdin channel after it
-                                          has been opened by a single at
-                                        type: boolean
-                                      terminationMessagePath:
-                                        description: 'Optional: Path at which the
-                                          file to which the container''s termination
-                                          message will be written is mou'
-                                        type: string
-                                      terminationMessagePolicy:
-                                        description: Indicate how the termination
-                                          message should be populated.
-                                        type: string
-                                      tty:
-                                        description: Whether this container should
-                                          allocate a TTY for itself, also requires
-                                          'stdin' to be true.
-                                        type: boolean
-                                      volumeDevices:
-                                        description: volumeDevices is the list of
-                                          block devices to be used by the container.
-                                        items:
-                                          description: volumeDevice describes a mapping
-                                            of a raw block device within a container.
-                                          properties:
-                                            devicePath:
-                                              description: devicePath is the path
-                                                inside of the container that the device
-                                                will be mapped to.
-                                              type: string
-                                            name:
-                                              description: name must match the name
-                                                of a persistentVolumeClaim in the
-                                                pod
-                                              type: string
-                                          required:
-                                          - devicePath
-                                          - name
-                                          type: object
-                                        type: array
-                                      volumeMounts:
-                                        description: Pod volumes to mount into the
-                                          container's filesystem. Cannot be updated.
-                                        items:
-                                          description: VolumeMount describes a mounting
-                                            of a Volume within a container.
-                                          properties:
-                                            mountPath:
-                                              description: Path within the container
-                                                at which the volume should be mounted.  Must
-                                                not contain ':'.
-                                              type: string
-                                            mountPropagation:
-                                              description: mountPropagation determines
-                                                how mounts are propagated from the
-                                                host to container and the other way
-                                                a
-                                              type: string
-                                            name:
-                                              description: This must match the Name
-                                                of a Volume.
-                                              type: string
-                                            readOnly:
-                                              description: Mounted read-only if true,
-                                                read-write otherwise (false or unspecified).
-                                                Defaults to false.
-                                              type: boolean
-                                            subPath:
-                                              description: Path within the volume
-                                                from which the container's volume
-                                                should be mounted.
-                                              type: string
-                                            subPathExpr:
-                                              description: Expanded path within the
-                                                volume from which the container's
-                                                volume should be mounted.
-                                              type: string
-                                          required:
-                                          - mountPath
-                                          - name
-                                          type: object
-                                        type: array
-                                      workingDir:
-                                        description: Container's working directory.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                                nodeName:
-                                  description: NodeName is a request to schedule this
-                                    pod onto a specific node.
-                                  type: string
-                                nodeSelector:
-                                  additionalProperties:
-                                    type: string
-                                  description: NodeSelector is a selector which must
-                                    be true for the pod to fit on a node.
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                os:
-                                  description: Specifies the OS of the containers
-                                    in the pod.
-                                  properties:
-                                    name:
-                                      description: Name is the name of the operating
-                                        system. The currently supported values are
-                                        linux and windows.
-                                      type: string
-                                  required:
-                                  - name
-                                  type: object
-                                overhead:
-                                  additionalProperties:
-                                    anyOf:
-                                    - type: integer
-                                    - type: string
-                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                    x-kubernetes-int-or-string: true
-                                  description: Overhead represents the resource overhead
-                                    associated with running a pod for a given RuntimeClass.
-                                  type: object
-                                preemptionPolicy:
-                                  description: PreemptionPolicy is the Policy for
-                                    preempting pods with lower priority.
-                                  type: string
-                                priority:
-                                  description: The priority value. Various system
-                                    components use this field to find the priority
-                                    of the pod.
-                                  format: int32
-                                  type: integer
-                                priorityClassName:
-                                  description: If specified, indicates the pod's priority.
-                                  type: string
-                                readinessGates:
-                                  description: If specified, all readiness gates will
-                                    be evaluated for pod readiness.
-                                  items:
-                                    description: PodReadinessGate contains the reference
-                                      to a pod condition
-                                    properties:
-                                      conditionType:
-                                        description: ConditionType refers to a condition
-                                          in the pod's condition list with matching
-                                          type.
-                                        type: string
-                                    required:
-                                    - conditionType
-                                    type: object
-                                  type: array
-                                restartPolicy:
-                                  description: Restart policy for all containers within
-                                    the pod. One of Always, OnFailure, Never.
-                                  type: string
-                                runtimeClassName:
-                                  description: RuntimeClassName refers to a RuntimeClass
-                                    object in the node.k8s.
-                                  type: string
-                                schedulerName:
-                                  description: If specified, the pod will be dispatched
-                                    by specified scheduler.
-                                  type: string
-                                securityContext:
-                                  description: SecurityContext holds pod-level security
-                                    attributes and common container settings.
-                                  properties:
-                                    fsGroup:
-                                      description: A special supplemental group that
-                                        applies to all containers in a pod.
-                                      format: int64
-                                      type: integer
-                                    fsGroupChangePolicy:
-                                      description: fsGroupChangePolicy defines behavior
-                                        of changing ownership and permission of the
-                                        volume before being
-                                      type: string
-                                    runAsGroup:
-                                      description: The GID to run the entrypoint of
-                                        the container process. Uses runtime default
-                                        if unset.
-                                      format: int64
-                                      type: integer
-                                    runAsNonRoot:
-                                      description: Indicates that the container must
-                                        run as a non-root user.
-                                      type: boolean
-                                    runAsUser:
-                                      description: The UID to run the entrypoint of
-                                        the container process.
-                                      format: int64
-                                      type: integer
-                                    seLinuxOptions:
-                                      description: The SELinux context to be applied
-                                        to all containers.
-                                      properties:
-                                        level:
-                                          description: Level is SELinux level label
-                                            that applies to the container.
-                                          type: string
-                                        role:
-                                          description: Role is a SELinux role label
-                                            that applies to the container.
-                                          type: string
-                                        type:
-                                          description: Type is a SELinux type label
-                                            that applies to the container.
-                                          type: string
-                                        user:
-                                          description: User is a SELinux user label
-                                            that applies to the container.
-                                          type: string
-                                      type: object
-                                    seccompProfile:
-                                      description: The seccomp options to use by the
-                                        containers in this pod.
-                                      properties:
-                                        localhostProfile:
-                                          description: localhostProfile indicates
-                                            a profile defined in a file on the node
-                                            should be used.
-                                          type: string
-                                        type:
-                                          description: type indicates which kind of
-                                            seccomp profile will be applied.
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                    supplementalGroups:
-                                      description: 'A list of groups applied to the
-                                        first process run in each container, in addition
-                                        to the container''s '
-                                      items:
-                                        format: int64
-                                        type: integer
-                                      type: array
-                                    sysctls:
-                                      description: Sysctls hold a list of namespaced
-                                        sysctls used for the pod.
-                                      items:
-                                        description: Sysctl defines a kernel parameter
-                                          to be set
-                                        properties:
-                                          name:
-                                            description: Name of a property to set
-                                            type: string
-                                          value:
-                                            description: Value of a property to set
-                                            type: string
-                                        required:
-                                        - name
-                                        - value
-                                        type: object
-                                      type: array
-                                    windowsOptions:
-                                      description: The Windows specific settings applied
-                                        to all containers.
-                                      properties:
-                                        gmsaCredentialSpec:
-                                          description: GMSACredentialSpec is where
-                                            the GMSA admission webhook (https://github.
-                                          type: string
-                                        gmsaCredentialSpecName:
-                                          description: GMSACredentialSpecName is the
-                                            name of the GMSA credential spec to use.
-                                          type: string
-                                        hostProcess:
-                                          description: HostProcess determines if a
-                                            container should be run as a 'Host Process'
-                                            container.
-                                          type: boolean
-                                        runAsUserName:
-                                          description: The UserName in Windows to
-                                            run the entrypoint of the container process.
-                                          type: string
-                                      type: object
-                                  type: object
-                                serviceAccount:
-                                  description: DeprecatedServiceAccount is a depreciated
-                                    alias for ServiceAccountName.
-                                  type: string
-                                serviceAccountName:
-                                  description: ServiceAccountName is the name of the
-                                    ServiceAccount to use to run this pod.
-                                  type: string
-                                setHostnameAsFQDN:
-                                  description: If true the pod's hostname will be
-                                    configured as the pod's FQDN, rather than the
-                                    leaf name (the defa
-                                  type: boolean
-                                shareProcessNamespace:
-                                  description: Share a single process namespace between
-                                    all of the containers in a pod.
-                                  type: boolean
-                                subdomain:
-                                  description: If specified, the fully qualified Pod
-                                    hostname will be "<hostname>.<subdomain>.<pod
-                                    namespace>.svc.
-                                  type: string
-                                terminationGracePeriodSeconds:
-                                  description: Optional duration in seconds the pod
-                                    needs to terminate gracefully.
-                                  format: int64
-                                  type: integer
-                                tolerations:
-                                  description: If specified, the pod's tolerations.
-                                  items:
-                                    description: The pod this Toleration is attached
-                                      to tolerates any taint that matches the triple
-                                      <key,value,effect
-                                    properties:
-                                      effect:
-                                        description: Effect indicates the taint effect
-                                          to match. Empty means match all taint effects.
-                                        type: string
-                                      key:
-                                        description: Key is the taint key that the
-                                          toleration applies to. Empty means match
-                                          all taint keys.
-                                        type: string
-                                      operator:
-                                        description: Operator represents a key's relationship
-                                          to the value. Valid operators are Exists
-                                          and Equal.
-                                        type: string
-                                      tolerationSeconds:
-                                        description: TolerationSeconds represents
-                                          the period of time the toleration (which
-                                          must be of effect NoExecute, o
-                                        format: int64
-                                        type: integer
-                                      value:
-                                        description: Value is the taint value the
-                                          toleration matches to.
-                                        type: string
-                                    type: object
-                                  type: array
-                                topologySpreadConstraints:
-                                  description: TopologySpreadConstraints describes
-                                    how a group of pods ought to spread across topology
-                                    domains.
-                                  items:
-                                    description: TopologySpreadConstraint specifies
-                                      how to spread matching pods among the given
-                                      topology.
-                                    properties:
-                                      labelSelector:
-                                        description: LabelSelector is used to find
-                                          matching pods.
-                                        properties:
-                                          matchExpressions:
-                                            description: matchExpressions is a list
-                                              of label selector requirements. The
-                                              requirements are ANDed.
-                                            items:
-                                              description: A label selector requirement
-                                                is a selector that contains values,
-                                                a key, and an operator that relates
-                                              properties:
-                                                key:
-                                                  description: key is the label key
-                                                    that the selector applies to.
-                                                  type: string
-                                                operator:
-                                                  description: operator represents
-                                                    a key's relationship to a set
-                                                    of values.
-                                                  type: string
-                                                values:
-                                                  description: values is an array
-                                                    of string values.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              required:
-                                              - key
-                                              - operator
-                                              type: object
-                                            type: array
-                                          matchLabels:
-                                            additionalProperties:
-                                              type: string
-                                            description: matchLabels is a map of {key,value}
-                                              pairs.
-                                            type: object
-                                        type: object
-                                      maxSkew:
-                                        description: MaxSkew describes the degree
-                                          to which pods may be unevenly distributed.
-                                        format: int32
-                                        type: integer
-                                      topologyKey:
-                                        description: TopologyKey is the key of node
-                                          labels.
-                                        type: string
-                                      whenUnsatisfiable:
-                                        description: WhenUnsatisfiable indicates how
-                                          to deal with a pod if it doesn't satisfy
-                                          the spread constraint.
-                                        type: string
-                                    required:
-                                    - maxSkew
-                                    - topologyKey
-                                    - whenUnsatisfiable
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - topologyKey
-                                  - whenUnsatisfiable
-                                  x-kubernetes-list-type: map
-                                volumes:
-                                  description: List of volumes that can be mounted
-                                    by containers belonging to the pod.
-                                  items:
-                                    description: Volume represents a named volume
-                                      in a pod that may be accessed by any container
-                                      in the pod.
-                                    properties:
-                                      awsElasticBlockStore:
-                                        description: AWSElasticBlockStore represents
-                                          an AWS Disk resource that is attached to
-                                          a kubelet's host machine an
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          partition:
-                                            description: The partition in the volume
-                                              that you want to mount.
-                                            format: int32
-                                            type: integer
-                                          readOnly:
-                                            description: Specify "true" to force and
-                                              set the ReadOnly property in VolumeMounts
-                                              to "true".
-                                            type: boolean
-                                          volumeID:
-                                            description: 'Unique ID of the persistent
-                                              disk resource in AWS (Amazon EBS volume).
-                                              More info: https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      azureDisk:
-                                        description: AzureDisk represents an Azure
-                                          Data Disk mount on the host and bind mount
-                                          to the pod.
-                                        properties:
-                                          cachingMode:
-                                            description: 'Host Caching mode: None,
-                                              Read Only, Read Write.'
-                                            type: string
-                                          diskName:
-                                            description: The Name of the data disk
-                                              in the blob storage
-                                            type: string
-                                          diskURI:
-                                            description: The URI the data disk in
-                                              the blob storage
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          kind:
-                                            description: 'Expected values Shared:
-                                              multiple blob disks per storage account  Dedicated:
-                                              single blob disk per sto'
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                        required:
-                                        - diskName
-                                        - diskURI
-                                        type: object
-                                      azureFile:
-                                        description: AzureFile represents an Azure
-                                          File Service mount on the host and bind
-                                          mount to the pod.
-                                        properties:
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretName:
-                                            description: the name of secret that contains
-                                              Azure Storage Account Name and Key
-                                            type: string
-                                          shareName:
-                                            description: Share Name
-                                            type: string
-                                        required:
-                                        - secretName
-                                        - shareName
-                                        type: object
-                                      cephfs:
-                                        description: CephFS represents a Ceph FS mount
-                                          on the host that shares a pod's lifetime
-                                        properties:
-                                          monitors:
-                                            description: 'Required: Monitors is a
-                                              collection of Ceph monitors More info:
-                                              https://examples.k8s.'
-                                            items:
-                                              type: string
-                                            type: array
-                                          path:
-                                            description: 'Optional: Used as the mounted
-                                              root, rather than the full Ceph tree,
-                                              default is /'
-                                            type: string
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretFile:
-                                            description: 'Optional: SecretFile is
-                                              the path to key ring for User, default
-                                              is /etc/ceph/user.'
-                                            type: string
-                                          secretRef:
-                                            description: 'Optional: SecretRef is reference
-                                              to the authentication secret for User,
-                                              default is empty.'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          user:
-                                            description: 'Optional: User is the rados
-                                              user name, default is admin More info:
-                                              https://examples.k8s.'
-                                            type: string
-                                        required:
-                                        - monitors
-                                        type: object
-                                      cinder:
-                                        description: Cinder represents a cinder volume
-                                          attached and mounted on kubelets host machine.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system.
-                                            type: string
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretRef:
-                                            description: 'Optional: points to a secret
-                                              object containing parameters used to
-                                              connect to OpenStack.'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          volumeID:
-                                            description: 'volume id used to identify
-                                              the volume in cinder. More info: https://examples.k8s.'
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      configMap:
-                                        description: ConfigMap represents a configMap
-                                          that should populate this volume
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on created files
-                                              by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: 'If unspecified, each key-value
-                                              pair in the Data field of the referenced
-                                              ConfigMap will be projected '
-                                            items:
-                                              description: Maps a string key to a
-                                                path within a volume.
-                                              properties:
-                                                key:
-                                                  description: The key to project.
-                                                  type: string
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file.'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: The relative path of
-                                                    the file to map the key to. May
-                                                    not be an absolute path.
-                                                  type: string
-                                              required:
-                                              - key
-                                              - path
-                                              type: object
-                                            type: array
-                                          name:
-                                            description: 'Name of the referent. More
-                                              info: https://kubernetes.'
-                                            type: string
-                                          optional:
-                                            description: Specify whether the ConfigMap
-                                              or its keys must be defined
-                                            type: boolean
-                                        type: object
-                                      csi:
-                                        description: CSI (Container Storage Interface)
-                                          represents ephemeral storage that is handled
-                                          by certain external C
-                                        properties:
-                                          driver:
-                                            description: Driver is the name of the
-                                              CSI driver that handles this volume.
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Ex. "ext4", "xfs", "ntfs".
-                                            type: string
-                                          nodePublishSecretRef:
-                                            description: NodePublishSecretRef is a
-                                              reference to the secret object containing
-                                              sensitive information to pass to
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          readOnly:
-                                            description: Specifies a read-only configuration
-                                              for the volume. Defaults to false (read/write).
-                                            type: boolean
-                                          volumeAttributes:
-                                            additionalProperties:
-                                              type: string
-                                            description: VolumeAttributes stores driver-specific
-                                              properties that are passed to the CSI
-                                              driver.
-                                            type: object
-                                        required:
-                                        - driver
-                                        type: object
-                                      downwardAPI:
-                                        description: DownwardAPI represents downward
-                                          API about the pod that should populate this
-                                          volume
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits to use
-                                              on created files by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: Items is a list of downward
-                                              API volume file
-                                            items:
-                                              description: DownwardAPIVolumeFile represents
-                                                information to create the file containing
-                                                the pod field
-                                              properties:
-                                                fieldRef:
-                                                  description: 'Required: Selects
-                                                    a field of the pod: only annotations,
-                                                    labels, name and namespace are
-                                                    supported.'
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file, must be an octal value between
-                                                    0000 and 07'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: 'Required: Path is  the
-                                                    relative path name of the file
-                                                    to be created.'
-                                                  type: string
-                                                resourceFieldRef:
-                                                  description: 'Selects a resource
-                                                    of the container: only resources
-                                                    limits and requests (limits.cpu,
-                                                    limits.'
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                              required:
-                                              - path
-                                              type: object
-                                            type: array
-                                        type: object
-                                      emptyDir:
-                                        description: EmptyDir represents a temporary
-                                          directory that shares a pod's lifetime.
-                                        properties:
-                                          medium:
-                                            description: What type of storage medium
-                                              should back this directory.
-                                            type: string
-                                          sizeLimit:
-                                            anyOf:
-                                            - type: integer
-                                            - type: string
-                                            description: Total amount of local storage
-                                              required for this EmptyDir volume.
-                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                            x-kubernetes-int-or-string: true
-                                        type: object
-                                      ephemeral:
-                                        description: Ephemeral represents a volume
-                                          that is handled by a cluster storage driver.
-                                        properties:
-                                          volumeClaimTemplate:
-                                            description: Will be used to create a
-                                              stand-alone PVC to provision the volume.
-                                            properties:
-                                              metadata:
-                                                description: May contain labels and
-                                                  annotations that will be copied
-                                                  into the PVC when creating it.
-                                                properties:
-                                                  annotations:
-                                                    additionalProperties:
-                                                      type: string
-                                                    type: object
-                                                  finalizers:
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  labels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    type: object
-                                                  name:
-                                                    type: string
-                                                  namespace:
-                                                    type: string
-                                                type: object
-                                              spec:
-                                                description: The specification for
-                                                  the PersistentVolumeClaim.
-                                                properties:
-                                                  accessModes:
-                                                    description: 'AccessModes contains
-                                                      the desired access modes the
-                                                      volume should have. More info:
-                                                      https://kubernetes.'
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  dataSource:
-                                                    description: 'This field can be
-                                                      used to specify either: * An
-                                                      existing VolumeSnapshot object
-                                                      (snapshot.storage.k8s.'
-                                                    properties:
-                                                      apiGroup:
-                                                        description: APIGroup is the
-                                                          group for the resource being
-                                                          referenced.
-                                                        type: string
-                                                      kind:
-                                                        description: Kind is the type
-                                                          of resource being referenced
-                                                        type: string
-                                                      name:
-                                                        description: Name is the name
-                                                          of resource being referenced
-                                                        type: string
-                                                    required:
-                                                    - kind
-                                                    - name
-                                                    type: object
-                                                  dataSourceRef:
-                                                    description: Specifies the object
-                                                      from which to populate the volume
-                                                      with data, if a non-empty volume
-                                                      is desired.
-                                                    properties:
-                                                      apiGroup:
-                                                        description: APIGroup is the
-                                                          group for the resource being
-                                                          referenced.
-                                                        type: string
-                                                      kind:
-                                                        description: Kind is the type
-                                                          of resource being referenced
-                                                        type: string
-                                                      name:
-                                                        description: Name is the name
-                                                          of resource being referenced
-                                                        type: string
-                                                    required:
-                                                    - kind
-                                                    - name
-                                                    type: object
-                                                  resources:
-                                                    description: Resources represents
-                                                      the minimum resources the volume
-                                                      should have.
-                                                    properties:
-                                                      limits:
-                                                        additionalProperties:
-                                                          anyOf:
-                                                          - type: integer
-                                                          - type: string
-                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                          x-kubernetes-int-or-string: true
-                                                        description: 'Limits describes
-                                                          the maximum amount of compute
-                                                          resources allowed. More
-                                                          info: https://kubernetes.'
-                                                        type: object
-                                                      requests:
-                                                        additionalProperties:
-                                                          anyOf:
-                                                          - type: integer
-                                                          - type: string
-                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                          x-kubernetes-int-or-string: true
-                                                        description: Requests describes
-                                                          the minimum amount of compute
-                                                          resources required.
-                                                        type: object
-                                                    type: object
-                                                  selector:
-                                                    description: A label query over
-                                                      volumes to consider for binding.
-                                                    properties:
-                                                      matchExpressions:
-                                                        description: matchExpressions
-                                                          is a list of label selector
-                                                          requirements. The requirements
-                                                          are ANDed.
-                                                        items:
-                                                          description: A label selector
-                                                            requirement is a selector
-                                                            that contains values,
-                                                            a key, and an operator
-                                                            that relates
-                                                          properties:
-                                                            key:
-                                                              description: key is
-                                                                the label key that
-                                                                the selector applies
-                                                                to.
-                                                              type: string
-                                                            operator:
-                                                              description: operator
-                                                                represents a key's
-                                                                relationship to a
-                                                                set of values.
-                                                              type: string
-                                                            values:
-                                                              description: values
-                                                                is an array of string
-                                                                values.
-                                                              items:
-                                                                type: string
-                                                              type: array
-                                                          required:
-                                                          - key
-                                                          - operator
-                                                          type: object
-                                                        type: array
-                                                      matchLabels:
-                                                        additionalProperties:
-                                                          type: string
-                                                        description: matchLabels is
-                                                          a map of {key,value} pairs.
-                                                        type: object
-                                                    type: object
-                                                  storageClassName:
-                                                    description: 'Name of the StorageClass
-                                                      required by the claim. More
-                                                      info: https://kubernetes.'
-                                                    type: string
-                                                  volumeMode:
-                                                    description: volumeMode defines
-                                                      what type of volume is required
-                                                      by the claim.
-                                                    type: string
-                                                  volumeName:
-                                                    description: VolumeName is the
-                                                      binding reference to the PersistentVolume
-                                                      backing this claim.
-                                                    type: string
-                                                type: object
-                                            required:
-                                            - spec
-                                            type: object
-                                        type: object
-                                      fc:
-                                        description: FC represents a Fibre Channel
-                                          resource that is attached to a kubelet's
-                                          host machine and then exposed
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          lun:
-                                            description: 'Optional: FC target lun
-                                              number'
-                                            format: int32
-                                            type: integer
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          targetWWNs:
-                                            description: 'Optional: FC target worldwide
-                                              names (WWNs)'
-                                            items:
-                                              type: string
-                                            type: array
-                                          wwids:
-                                            description: 'Optional: FC volume world
-                                              wide identifiers (wwids) Either wwids
-                                              or combination of targetWWNs and lun'
-                                            items:
-                                              type: string
-                                            type: array
-                                        type: object
-                                      flexVolume:
-                                        description: FlexVolume represents a generic
-                                          volume resource that is provisioned/attached
-                                          using an exec based plu
-                                        properties:
-                                          driver:
-                                            description: Driver is the name of the
-                                              driver to use for this volume.
-                                            type: string
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          options:
-                                            additionalProperties:
-                                              type: string
-                                            description: 'Optional: Extra command
-                                              options if any.'
-                                            type: object
-                                          readOnly:
-                                            description: 'Optional: Defaults to false
-                                              (read/write).'
-                                            type: boolean
-                                          secretRef:
-                                            description: 'Optional: SecretRef is reference
-                                              to the secret object containing sensitive
-                                              information to pass to th'
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                        required:
-                                        - driver
-                                        type: object
-                                      flocker:
-                                        description: Flocker represents a Flocker
-                                          volume attached to a kubelet's host machine.
-                                        properties:
-                                          datasetName:
-                                            description: Name of the dataset stored
-                                              as metadata -> name on the dataset for
-                                              Flocker should be considered as de
-                                            type: string
-                                          datasetUUID:
-                                            description: UUID of the dataset. This
-                                              is unique identifier of a Flocker dataset
-                                            type: string
-                                        type: object
-                                      gcePersistentDisk:
-                                        description: GCEPersistentDisk represents
-                                          a GCE Disk resource that is attached to
-                                          a kubelet's host machine and th
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          partition:
-                                            description: The partition in the volume
-                                              that you want to mount.
-                                            format: int32
-                                            type: integer
-                                          pdName:
-                                            description: Unique name of the PD resource
-                                              in GCE. Used to identify the disk in
-                                              GCE.
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                        required:
-                                        - pdName
-                                        type: object
-                                      gitRepo:
-                                        description: 'GitRepo represents a git repository
-                                          at a particular revision. DEPRECATED: GitRepo
-                                          is deprecated.'
-                                        properties:
-                                          directory:
-                                            description: Target directory name. Must
-                                              not contain or start with '..'.  If
-                                              '.
-                                            type: string
-                                          repository:
-                                            description: Repository URL
-                                            type: string
-                                          revision:
-                                            description: Commit hash for the specified
-                                              revision.
-                                            type: string
-                                        required:
-                                        - repository
-                                        type: object
-                                      glusterfs:
-                                        description: Glusterfs represents a Glusterfs
-                                          mount on the host that shares a pod's lifetime.
-                                        properties:
-                                          endpoints:
-                                            description: 'EndpointsName is the endpoint
-                                              name that details Glusterfs topology.
-                                              More info: https://examples.k8s.'
-                                            type: string
-                                          path:
-                                            description: 'Path is the Glusterfs volume
-                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the Glusterfs volume to be mounted with
-                                              read-only permissions.
-                                            type: boolean
-                                        required:
-                                        - endpoints
-                                        - path
-                                        type: object
-                                      hostPath:
-                                        description: HostPath represents a pre-existing
-                                          file or directory on the host machine that
-                                          is directly exposed to
-                                        properties:
-                                          path:
-                                            description: Path of the directory on
-                                              the host.
-                                            type: string
-                                          type:
-                                            description: 'Type for HostPath Volume
-                                              Defaults to "" More info: https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - path
-                                        type: object
-                                      iscsi:
-                                        description: ISCSI represents an ISCSI Disk
-                                          resource that is attached to a kubelet's
-                                          host machine and then expose
-                                        properties:
-                                          chapAuthDiscovery:
-                                            description: whether support iSCSI Discovery
-                                              CHAP authentication
-                                            type: boolean
-                                          chapAuthSession:
-                                            description: whether support iSCSI Session
-                                              CHAP authentication
-                                            type: boolean
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          initiatorName:
-                                            description: Custom iSCSI Initiator Name.
-                                            type: string
-                                          iqn:
-                                            description: Target iSCSI Qualified Name.
-                                            type: string
-                                          iscsiInterface:
-                                            description: iSCSI Interface Name that
-                                              uses an iSCSI transport. Defaults to
-                                              'default' (tcp).
-                                            type: string
-                                          lun:
-                                            description: iSCSI Target Lun number.
-                                            format: int32
-                                            type: integer
-                                          portals:
-                                            description: iSCSI Target Portal List.
-                                            items:
-                                              type: string
-                                            type: array
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                          secretRef:
-                                            description: CHAP Secret for iSCSI target
-                                              and initiator authentication
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          targetPortal:
-                                            description: iSCSI Target Portal.
-                                            type: string
-                                        required:
-                                        - iqn
-                                        - lun
-                                        - targetPortal
-                                        type: object
-                                      name:
-                                        description: 'Volume''s name. Must be a DNS_LABEL
-                                          and unique within the pod. More info: https://kubernetes.'
-                                        type: string
-                                      nfs:
-                                        description: 'NFS represents an NFS mount
-                                          on the host that shares a pod''s lifetime
-                                          More info: https://kubernetes.'
-                                        properties:
-                                          path:
-                                            description: 'Path that is exported by
-                                              the NFS server. More info: https://kubernetes.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the NFS export to be mounted with read-only
-                                              permissions. Defaults to false.
-                                            type: boolean
-                                          server:
-                                            description: 'Server is the hostname or
-                                              IP address of the NFS server. More info:
-                                              https://kubernetes.'
-                                            type: string
-                                        required:
-                                        - path
-                                        - server
-                                        type: object
-                                      persistentVolumeClaim:
-                                        description: PersistentVolumeClaimVolumeSource
-                                          represents a reference to a PersistentVolumeClaim
-                                          in the same name
-                                        properties:
-                                          claimName:
-                                            description: ClaimName is the name of
-                                              a PersistentVolumeClaim in the same
-                                              namespace as the pod using this volume.
-                                            type: string
-                                          readOnly:
-                                            description: Will force the ReadOnly setting
-                                              in VolumeMounts. Default false.
-                                            type: boolean
-                                        required:
-                                        - claimName
-                                        type: object
-                                      photonPersistentDisk:
-                                        description: 'PhotonPersistentDisk represents
-                                          a PhotonController persistent disk attached
-                                          and mounted on kubelets '
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          pdID:
-                                            description: ID that identifies Photon
-                                              Controller persistent disk
-                                            type: string
-                                        required:
-                                        - pdID
-                                        type: object
-                                      portworxVolume:
-                                        description: PortworxVolume represents a portworx
-                                          volume attached and mounted on kubelets
-                                          host machine
-                                        properties:
-                                          fsType:
-                                            description: FSType represents the filesystem
-                                              type to mount Must be a filesystem type
-                                              supported by the host opera
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          volumeID:
-                                            description: VolumeID uniquely identifies
-                                              a Portworx volume
-                                            type: string
-                                        required:
-                                        - volumeID
-                                        type: object
-                                      projected:
-                                        description: Items for all in one resources
-                                          secrets, configmaps, and downward API
-                                        properties:
-                                          defaultMode:
-                                            description: Mode bits used to set permissions
-                                              on created files by default.
-                                            format: int32
-                                            type: integer
-                                          sources:
-                                            description: list of volume projections
-                                            items:
-                                              description: Projection that may be
-                                                projected along with other supported
-                                                volume types
-                                              properties:
-                                                configMap:
-                                                  description: information about the
-                                                    configMap data to project
-                                                  properties:
-                                                    items:
-                                                      description: 'If unspecified,
-                                                        each key-value pair in the
-                                                        Data field of the referenced
-                                                        ConfigMap will be projected '
-                                                      items:
-                                                        description: Maps a string
-                                                          key to a path within a volume.
-                                                        properties:
-                                                          key:
-                                                            description: The key to
-                                                              project.
-                                                            type: string
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file.'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: The relative
-                                                              path of the file to
-                                                              map the key to. May
-                                                              not be an absolute path.
-                                                            type: string
-                                                        required:
-                                                        - key
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its keys
-                                                        must be defined
-                                                      type: boolean
-                                                  type: object
-                                                downwardAPI:
-                                                  description: information about the
-                                                    downwardAPI data to project
-                                                  properties:
-                                                    items:
-                                                      description: Items is a list
-                                                        of DownwardAPIVolume file
-                                                      items:
-                                                        description: DownwardAPIVolumeFile
-                                                          represents information to
-                                                          create the file containing
-                                                          the pod field
-                                                        properties:
-                                                          fieldRef:
-                                                            description: 'Required:
-                                                              Selects a field of the
-                                                              pod: only annotations,
-                                                              labels, name and namespace
-                                                              are supported.'
-                                                            properties:
-                                                              apiVersion:
-                                                                description: Version
-                                                                  of the schema the
-                                                                  FieldPath is written
-                                                                  in terms of, defaults
-                                                                  to "v1".
-                                                                type: string
-                                                              fieldPath:
-                                                                description: Path
-                                                                  of the field to
-                                                                  select in the specified
-                                                                  API version.
-                                                                type: string
-                                                            required:
-                                                            - fieldPath
-                                                            type: object
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file, must be an octal
-                                                              value between 0000 and
-                                                              07'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: 'Required:
-                                                              Path is  the relative
-                                                              path name of the file
-                                                              to be created.'
-                                                            type: string
-                                                          resourceFieldRef:
-                                                            description: 'Selects
-                                                              a resource of the container:
-                                                              only resources limits
-                                                              and requests (limits.cpu,
-                                                              limits.'
-                                                            properties:
-                                                              containerName:
-                                                                description: 'Container
-                                                                  name: required for
-                                                                  volumes, optional
-                                                                  for env vars'
-                                                                type: string
-                                                              divisor:
-                                                                anyOf:
-                                                                - type: integer
-                                                                - type: string
-                                                                description: Specifies
-                                                                  the output format
-                                                                  of the exposed resources,
-                                                                  defaults to "1"
-                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                                x-kubernetes-int-or-string: true
-                                                              resource:
-                                                                description: 'Required:
-                                                                  resource to select'
-                                                                type: string
-                                                            required:
-                                                            - resource
-                                                            type: object
-                                                        required:
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                  type: object
-                                                secret:
-                                                  description: information about the
-                                                    secret data to project
-                                                  properties:
-                                                    items:
-                                                      description: If unspecified,
-                                                        each key-value pair in the
-                                                        Data field of the referenced
-                                                        Secret will be projected int
-                                                      items:
-                                                        description: Maps a string
-                                                          key to a path within a volume.
-                                                        properties:
-                                                          key:
-                                                            description: The key to
-                                                              project.
-                                                            type: string
-                                                          mode:
-                                                            description: 'Optional:
-                                                              mode bits used to set
-                                                              permissions on this
-                                                              file.'
-                                                            format: int32
-                                                            type: integer
-                                                          path:
-                                                            description: The relative
-                                                              path of the file to
-                                                              map the key to. May
-                                                              not be an absolute path.
-                                                            type: string
-                                                        required:
-                                                        - key
-                                                        - path
-                                                        type: object
-                                                      type: array
-                                                    name:
-                                                      description: 'Name of the referent.
-                                                        More info: https://kubernetes.'
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  type: object
-                                                serviceAccountToken:
-                                                  description: information about the
-                                                    serviceAccountToken data to project
-                                                  properties:
-                                                    audience:
-                                                      description: Audience is the
-                                                        intended audience of the token.
-                                                      type: string
-                                                    expirationSeconds:
-                                                      description: ExpirationSeconds
-                                                        is the requested duration
-                                                        of validity of the service
-                                                        account token.
-                                                      format: int64
-                                                      type: integer
-                                                    path:
-                                                      description: Path is the path
-                                                        relative to the mount point
-                                                        of the file to project the
-                                                        token into.
-                                                      type: string
-                                                  required:
-                                                  - path
-                                                  type: object
-                                              type: object
-                                            type: array
-                                        type: object
-                                      quobyte:
-                                        description: Quobyte represents a Quobyte
-                                          mount on the host that shares a pod's lifetime
-                                        properties:
-                                          group:
-                                            description: Group to map volume access
-                                              to Default is no group
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the Quobyte volume to be mounted with
-                                              read-only permissions.
-                                            type: boolean
-                                          registry:
-                                            description: Registry represents a single
-                                              or multiple Quobyte Registry services
-                                              specified as a string as host:por
-                                            type: string
-                                          tenant:
-                                            description: Tenant owning the given Quobyte
-                                              volume in the Backend Used with dynamically
-                                              provisioned Quobyte volu
-                                            type: string
-                                          user:
-                                            description: User to map volume access
-                                              to Defaults to serivceaccount user
-                                            type: string
-                                          volume:
-                                            description: Volume is a string that references
-                                              an already created Quobyte volume by
-                                              name.
-                                            type: string
-                                        required:
-                                        - registry
-                                        - volume
-                                        type: object
-                                      rbd:
-                                        description: RBD represents a Rados Block
-                                          Device mount on the host that shares a pod's
-                                          lifetime.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type of the volume
-                                              that you want to mount.
-                                            type: string
-                                          image:
-                                            description: 'The rados image name. More
-                                              info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
-                                            type: string
-                                          keyring:
-                                            description: Keyring is the path to key
-                                              ring for RBDUser. Default is /etc/ceph/keyring.
-                                            type: string
-                                          monitors:
-                                            description: 'A collection of Ceph monitors.
-                                              More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            items:
-                                              type: string
-                                            type: array
-                                          pool:
-                                            description: 'The rados pool name. Default
-                                              is rbd. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            type: string
-                                          readOnly:
-                                            description: ReadOnly here will force
-                                              the ReadOnly setting in VolumeMounts.
-                                              Defaults to false.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef is name of the
-                                              authentication secret for RBDUser. If
-                                              provided overrides keyring.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          user:
-                                            description: 'The rados user name. Default
-                                              is admin. More info: https://examples.k8s.io/volumes/rbd/README.'
-                                            type: string
-                                        required:
-                                        - image
-                                        - monitors
-                                        type: object
-                                      scaleIO:
-                                        description: ScaleIO represents a ScaleIO
-                                          persistent volume attached and mounted on
-                                          Kubernetes nodes.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          gateway:
-                                            description: The host address of the ScaleIO
-                                              API Gateway.
-                                            type: string
-                                          protectionDomain:
-                                            description: The name of the ScaleIO Protection
-                                              Domain for the configured storage.
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef references to the
-                                              secret for ScaleIO user and other sensitive
-                                              information.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          sslEnabled:
-                                            description: Flag to enable/disable SSL
-                                              communication with Gateway, default
-                                              false
-                                            type: boolean
-                                          storageMode:
-                                            description: Indicates whether the storage
-                                              for a volume should be ThickProvisioned
-                                              or ThinProvisioned.
-                                            type: string
-                                          storagePool:
-                                            description: The ScaleIO Storage Pool
-                                              associated with the protection domain.
-                                            type: string
-                                          system:
-                                            description: The name of the storage system
-                                              as configured in ScaleIO.
-                                            type: string
-                                          volumeName:
-                                            description: The name of a volume already
-                                              created in the ScaleIO system that is
-                                              associated with this volume sourc
-                                            type: string
-                                        required:
-                                        - gateway
-                                        - secretRef
-                                        - system
-                                        type: object
-                                      secret:
-                                        description: 'Secret represents a secret that
-                                          should populate this volume. More info:
-                                          https://kubernetes.'
-                                        properties:
-                                          defaultMode:
-                                            description: 'Optional: mode bits used
-                                              to set permissions on created files
-                                              by default.'
-                                            format: int32
-                                            type: integer
-                                          items:
-                                            description: If unspecified, each key-value
-                                              pair in the Data field of the referenced
-                                              Secret will be projected int
-                                            items:
-                                              description: Maps a string key to a
-                                                path within a volume.
-                                              properties:
-                                                key:
-                                                  description: The key to project.
-                                                  type: string
-                                                mode:
-                                                  description: 'Optional: mode bits
-                                                    used to set permissions on this
-                                                    file.'
-                                                  format: int32
-                                                  type: integer
-                                                path:
-                                                  description: The relative path of
-                                                    the file to map the key to. May
-                                                    not be an absolute path.
-                                                  type: string
-                                              required:
-                                              - key
-                                              - path
-                                              type: object
-                                            type: array
-                                          optional:
-                                            description: Specify whether the Secret
-                                              or its keys must be defined
-                                            type: boolean
-                                          secretName:
-                                            description: 'Name of the secret in the
-                                              pod''s namespace to use. More info:
-                                              https://kubernetes.'
-                                            type: string
-                                        type: object
-                                      storageos:
-                                        description: StorageOS represents a StorageOS
-                                          volume attached and mounted on Kubernetes
-                                          nodes.
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          readOnly:
-                                            description: Defaults to false (read/write).
-                                              ReadOnly here will force the ReadOnly
-                                              setting in VolumeMounts.
-                                            type: boolean
-                                          secretRef:
-                                            description: SecretRef specifies the secret
-                                              to use for obtaining the StorageOS API
-                                              credentials.
-                                            properties:
-                                              name:
-                                                description: 'Name of the referent.
-                                                  More info: https://kubernetes.'
-                                                type: string
-                                            type: object
-                                          volumeName:
-                                            description: VolumeName is the human-readable
-                                              name of the StorageOS volume.
-                                            type: string
-                                          volumeNamespace:
-                                            description: VolumeNamespace specifies
-                                              the scope of the volume within StorageOS.
-                                            type: string
-                                        type: object
-                                      vsphereVolume:
-                                        description: VsphereVolume represents a vSphere
-                                          volume attached and mounted on kubelets
-                                          host machine
-                                        properties:
-                                          fsType:
-                                            description: Filesystem type to mount.
-                                              Must be a filesystem type supported
-                                              by the host operating system. Ex.
-                                            type: string
-                                          storagePolicyID:
-                                            description: Storage Policy Based Management
-                                              (SPBM) profile ID associated with the
-                                              StoragePolicyName.
-                                            type: string
-                                          storagePolicyName:
-                                            description: Storage Policy Based Management
-                                              (SPBM) profile name.
-                                            type: string
-                                          volumePath:
-                                            description: Path that identifies vSphere
-                                              volume vmdk
-                                            type: string
-                                        required:
-                                        - volumePath
-                                        type: object
-                                    required:
-                                    - name
-                                    type: object
-                                  type: array
-                              required:
-                              - containers
-                              type: object
-                          type: object
-                      required:
-                      - groupName
-                      - maxReplicas
-                      - minReplicas
-                      - rayStartParams
-                      - replicas
-                      - template
-                      type: object
-                    type: array
-                required:
-                - headGroupSpec
-                type: object
-              serveDeploymentGraphConfig:
-                description: 'Important: Run "make" to regenerate code after modifying
-                  this file'
-                properties:
-                  importPath:
-                    type: string
-                  runtimeEnv:
-                    type: string
-                  serveConfigs:
-                    items:
-                      description: ServeConfigSpec defines the desired state of RayService
-                        Reference to http://rayserve.org
-                      properties:
-                        autoscalingConfig:
-                          type: string
-                        gracefulShutdownTimeoutS:
-                          format: int32
-                          type: integer
-                        gracefulShutdownWaitLoopS:
-                          format: int32
-                          type: integer
-                        healthCheckPeriodS:
-                          format: int32
-                          type: integer
-                        healthCheckTimeoutS:
-                          format: int32
-                          type: integer
-                        maxConcurrentQueries:
-                          format: int32
-                          type: integer
-                        name:
-                          type: string
-                        numReplicas:
-                          format: int32
-                          type: integer
-                        rayActorOptions:
-                          description: RayActorOptionSpec defines the desired state
-                            of RayActor
-                          properties:
-                            acceleratorType:
-                              type: string
-                            memory:
-                              format: int32
-                              type: integer
-                            numCpus:
-                              type: number
-                            numGpus:
-                              type: number
-                            objectStoreMemory:
-                              format: int32
-                              type: integer
-                            resources:
-                              type: string
-                            runtimeEnv:
-                              type: string
-                          type: object
-                        routePrefix:
-                          type: string
-                        userConfig:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    type: array
-                required:
-                - importPath
-                type: object
-            type: object
-          status:
-            description: RayServiceStatuses defines the observed state of RayService
-            properties:
-              activeServiceStatus:
-                properties:
-                  appStatus:
-                    description: 'Important: Run "make" to regenerate code after modifying
-                      this file'
-                    properties:
-                      healthLastUpdateTime:
-                        description: Keep track of how long the service is healthy.
-                        format: date-time
-                        type: string
-                      lastUpdateTime:
-                        format: date-time
-                        type: string
-                      message:
-                        type: string
-                      status:
-                        type: string
-                    type: object
-                  dashboardStatus:
-                    description: DashboardStatus defines the current states of Ray
-                      Dashboard
-                    properties:
-                      healthLastUpdateTime:
-                        description: Keep track of how long the dashboard is healthy.
-                        format: date-time
-                        type: string
-                      isHealthy:
-                        type: boolean
-                      lastUpdateTime:
-                        format: date-time
-                        type: string
-                    type: object
-                  rayClusterName:
-                    type: string
-                  rayClusterStatus:
-                    description: RayClusterStatus defines the observed state of RayCluster
-                    properties:
-                      availableWorkerReplicas:
-                        description: AvailableWorkerReplicas indicates how many replicas
-                          are available in the cluster
-                        format: int32
-                        type: integer
-                      desiredWorkerReplicas:
-                        description: DesiredWorkerReplicas indicates overall desired
-                          replicas claimed by the user at the cluster level.
-                        format: int32
-                        type: integer
-                      endpoints:
-                        additionalProperties:
-                          type: string
-                        description: Service Endpoints
-                        type: object
-                      lastUpdateTime:
-                        description: LastUpdateTime indicates last update timestamp
-                          for this cluster status.
-                        format: date-time
-                        nullable: true
-                        type: string
-                      maxWorkerReplicas:
-                        description: MaxWorkerReplicas indicates sum of maximum replicas
-                          of each node group.
-                        format: int32
-                        type: integer
-                      minWorkerReplicas:
-                        description: MinWorkerReplicas indicates sum of minimum replicas
-                          of each node group.
-                        format: int32
-                        type: integer
-                      state:
-                        description: 'INSERT ADDITIONAL STATUS FIELD - define observed
-                          state of cluster Important: Run "make" to regenerat'
-                        type: string
-                    type: object
-                  serveDeploymentStatuses:
-                    items:
-                      description: ServeDeploymentStatus defines the current state
-                        of Serve Deployment
-                      properties:
-                        healthLastUpdateTime:
-                          description: Keep track of how long the service is healthy.
-                          format: date-time
-                          type: string
-                        lastUpdateTime:
-                          format: date-time
-                          type: string
-                        message:
-                          type: string
-                        name:
-                          description: Name, Status, Message are from Ray Dashboard
-                            to represent the state of a serve deployment.
-                          type: string
-                        status:
-                          description: 'TODO: change status type to enum'
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              pendingServiceStatus:
-                description: Pending Service Status indicates a RayCluster will be
-                  created or is being created.
-                properties:
-                  appStatus:
-                    description: 'Important: Run "make" to regenerate code after modifying
-                      this file'
-                    properties:
-                      healthLastUpdateTime:
-                        description: Keep track of how long the service is healthy.
-                        format: date-time
-                        type: string
-                      lastUpdateTime:
-                        format: date-time
-                        type: string
-                      message:
-                        type: string
-                      status:
-                        type: string
-                    type: object
-                  dashboardStatus:
-                    description: DashboardStatus defines the current states of Ray
-                      Dashboard
-                    properties:
-                      healthLastUpdateTime:
-                        description: Keep track of how long the dashboard is healthy.
-                        format: date-time
-                        type: string
-                      isHealthy:
-                        type: boolean
-                      lastUpdateTime:
-                        format: date-time
-                        type: string
-                    type: object
-                  rayClusterName:
-                    type: string
-                  rayClusterStatus:
-                    description: RayClusterStatus defines the observed state of RayCluster
-                    properties:
-                      availableWorkerReplicas:
-                        description: AvailableWorkerReplicas indicates how many replicas
-                          are available in the cluster
-                        format: int32
-                        type: integer
-                      desiredWorkerReplicas:
-                        description: DesiredWorkerReplicas indicates overall desired
-                          replicas claimed by the user at the cluster level.
-                        format: int32
-                        type: integer
-                      endpoints:
-                        additionalProperties:
-                          type: string
-                        description: Service Endpoints
-                        type: object
-                      lastUpdateTime:
-                        description: LastUpdateTime indicates last update timestamp
-                          for this cluster status.
-                        format: date-time
-                        nullable: true
-                        type: string
-                      maxWorkerReplicas:
-                        description: MaxWorkerReplicas indicates sum of maximum replicas
-                          of each node group.
-                        format: int32
-                        type: integer
-                      minWorkerReplicas:
-                        description: MinWorkerReplicas indicates sum of minimum replicas
-                          of each node group.
-                        format: int32
-                        type: integer
-                      state:
-                        description: 'INSERT ADDITIONAL STATUS FIELD - define observed
-                          state of cluster Important: Run "make" to regenerat'
-                        type: string
-                    type: object
-                  serveDeploymentStatuses:
-                    items:
-                      description: ServeDeploymentStatus defines the current state
-                        of Serve Deployment
-                      properties:
-                        healthLastUpdateTime:
-                          description: Keep track of how long the service is healthy.
-                          format: date-time
-                          type: string
-                        lastUpdateTime:
-                          format: date-time
-                          type: string
-                        message:
-                          type: string
-                        name:
-                          description: Name, Status, Message are from Ray Dashboard
-                            to represent the state of a serve deployment.
-                          type: string
-                        status:
-                          description: 'TODO: change status type to enum'
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              serviceStatus:
-                description: ServiceStatus indicates the current RayService status.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/_helpers.tpl b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/_helpers.tpl
deleted file mode 100644
index 040cdd9e44..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/_helpers.tpl
+++ /dev/null
@@ -1,56 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kuberay-operator.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kuberay-operator.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kuberay-operator.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "kuberay-operator.labels" -}}
-app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
-helm.sh/chart: {{ include "kuberay-operator.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "kuberay-operator.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "kuberay-operator.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/deployment.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/deployment.yaml
deleted file mode 100644
index f41959adb9..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/deployment.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "kuberay-operator.fullname" . }}
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      serviceAccountName: {{ .Values.serviceAccount.name  }}
-      volumes: []
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          volumeMounts: []
-          command:
-            - /manager
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          env: []
-          livenessProbe:
-            httpGet:
-              path: /metrics
-              port: http
-            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          readinessProbe:
-            httpGet:
-              path: /metrics
-              port: http
-            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-role.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-role.yaml
deleted file mode 100644
index c86852eb1f..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-role.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-{{- if .Values.rbacEnable }}
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-  name: {{ include "kuberay-operator.fullname" . }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - configmaps/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-{{- end }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-rolebinding.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-rolebinding.yaml
deleted file mode 100644
index bf7c5db169..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/leader-rolebinding.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-{{- if .Values.rbacEnable }}
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-  name: {{ include "kuberay-operator.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.serviceAccount.name  }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: Role
-  name: {{ include "kuberay-operator.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/role.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/role.yaml
deleted file mode 100644
index 3e2a79259c..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/role.yaml
+++ /dev/null
@@ -1,236 +0,0 @@
-{{- if .Values.rbacEnable }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-  name: {{ include "kuberay-operator.fullname" . }}
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - get
-  - list
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - services
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - services/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - extensions
-  resources:
-  - ingresses
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingressclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ray.io
-  resources:
-  - rayclusters
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ray.io
-  resources:
-  - rayclusters/finalizer
-  verbs:
-  - update
-- apiGroups:
-  - ray.io
-  resources:
-  - rayclusters/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ray.io
-  resources:
-  - rayservices
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ray.io
-  resources:
-  - rayservices/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - ray.io
-  resources:
-  - rayservices/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - ray.io
-  resources:
-  - rayjobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ray.io
-  resources:
-  - rayjobs/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - ray.io
-  resources:
-  - rayjobs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-{{- end }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/rolebinding.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/rolebinding.yaml
deleted file mode 100644
index cfa1d0cf80..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/rolebinding.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-{{- if .Values.rbacEnable }}
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-  name: {{ include "kuberay-operator.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.serviceAccount.name  }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "kuberay-operator.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/service.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/service.yaml
deleted file mode 100644
index 7756d6e647..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/service.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "kuberay-operator.fullname" . }}
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/serviceaccount.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/serviceaccount.yaml
deleted file mode 100644
index 1d63ff56a9..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "kuberay-operator.serviceAccountName" . }}
-  labels:
-{{ include "kuberay-operator.labels" . | indent 4 }}
-{{- end -}}
diff --git a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/values.yaml b/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/values.yaml
deleted file mode 100644
index 6c230594e7..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/kuberay-operator-config/values.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-# Default values for kuberay-operator.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: kuberay/operator
-  tag: nightly
-  pullPolicy: IfNotPresent
-
-nameOverride: "kuberay-operator"
-fullnameOverride: "kuberay-operator"
-
-## Install Default RBAC roles and bindings
-rbac:
-  create: true
-  apiVersion: v1
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: "kuberay-operator"
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: false
-
-resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do whelm to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  limits:
-    cpu: 100m
-    memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-livenessProbe:
-  initialDelaySeconds: 10
-  periodSeconds: 5
-  failureThreshold: 5
-
-readinessProbe:
-  initialDelaySeconds: 10
-  periodSeconds: 5
-  failureThreshold: 5
-
-createCustomResource: true
-rbacEnable: true
diff --git a/modules/kubernetes-addons/kuberay-operator/main.tf b/modules/kubernetes-addons/kuberay-operator/main.tf
deleted file mode 100644
index bd263daf8e..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/main.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-locals {
-  name      = "kuberay-operator"
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = "${path.module}/kuberay-operator-config"
-      version     = "0.3.0"
-      namespace   = kubernetes_namespace_v1.this.metadata[0].name
-      description = "KubeRay Operator Helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/kuberay-operator/outputs.tf b/modules/kubernetes-addons/kuberay-operator/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/kuberay-operator/variables.tf b/modules/kubernetes-addons/kuberay-operator/variables.tf
deleted file mode 100644
index 187a4e407a..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/variables.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for KubeRay Operator"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_permissions_boundary  = string
-    irsa_iam_role_path             = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/kuberay-operator/versions.tf b/modules/kubernetes-addons/kuberay-operator/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/kuberay-operator/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/README.md b/modules/kubernetes-addons/kubernetes-dashboard/README.md
deleted file mode 100644
index 4b7eeac83c..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/README.md
+++ /dev/null
@@ -1,52 +0,0 @@
-# Kubernetes Dashboard
-
-## Introduction
-
-[Kubernetes Dashboard](https://github.com/kubernetes/dashboard) is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
-
-This add-on bootstraps the Kubernetes Dashboard on the EKS cluster using a [helm chart](https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard) with the default configuration.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the Kubernetes Dashboard | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/locals.tf b/modules/kubernetes-addons/kubernetes-dashboard/locals.tf
deleted file mode 100644
index 26c3ad9654..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/locals.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-locals {
-  name = "kubernetes-dashboard"
-
-  # https://github.com/kubernetes/dashboard/blob/master/charts/helm-chart/kubernetes-dashboard/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://kubernetes.github.io/dashboard/"
-    version     = "5.11.0"
-    namespace   = local.name
-    description = "Kubernetes Dashboard Helm Chart"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/main.tf b/modules/kubernetes-addons/kubernetes-dashboard/main.tf
deleted file mode 100644
index c5efe40051..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/main.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-    labels = {
-      "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/outputs.tf b/modules/kubernetes-addons/kubernetes-dashboard/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/variables.tf b/modules/kubernetes-addons/kubernetes-dashboard/variables.tf
deleted file mode 100644
index 20ca515422..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the Kubernetes Dashboard"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/kubernetes-dashboard/versions.tf b/modules/kubernetes-addons/kubernetes-dashboard/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/kubernetes-dashboard/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/kyverno/README.md b/modules/kubernetes-addons/kyverno/README.md
deleted file mode 100644
index 7440355387..0000000000
--- a/modules/kubernetes-addons/kyverno/README.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Kyverno
-
-Kyverno is a policy engine that can help kubernetes clusters to enforce security and governance policies.
-
-This addon provides support for:
-1. [Kyverno](https://github.com/kyverno/kyverno/tree/main/charts/kyverno)
-2. [Kyverno policies](https://github.com/kyverno/kyverno/tree/main/charts/kyverno-policies)
-3. [Kyverno policy reporter](https://github.com/kyverno/policy-reporter/tree/main/charts/policy-reporter)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_kyverno_helm_addon"></a> [kyverno\_helm\_addon](#module\_kyverno\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_kyverno_policies_helm_addon"></a> [kyverno\_policies\_helm\_addon](#module\_kyverno\_policies\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_kyverno_policy_reporter_helm_addon"></a> [kyverno\_policy\_reporter\_helm\_addon](#module\_kyverno\_policy\_reporter\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_enable_kyverno_policies"></a> [enable\_kyverno\_policies](#input\_enable\_kyverno\_policies) | Enable Kyverno policies | `bool` | `false` | no |
-| <a name="input_enable_kyverno_policy_reporter"></a> [enable\_kyverno\_policy\_reporter](#input\_enable\_kyverno\_policy\_reporter) | Enable Kyverno UI | `bool` | `false` | no |
-| <a name="input_kyverno_helm_config"></a> [kyverno\_helm\_config](#input\_kyverno\_helm\_config) | Helm provider config for the Kyverno | `any` | `{}` | no |
-| <a name="input_kyverno_policies_helm_config"></a> [kyverno\_policies\_helm\_config](#input\_kyverno\_policies\_helm\_config) | Helm provider config for the Kyverno baseline policies | `any` | `{}` | no |
-| <a name="input_kyverno_policy_reporter_helm_config"></a> [kyverno\_policy\_reporter\_helm\_config](#input\_kyverno\_policy\_reporter\_helm\_config) | Helm provider config for the Kyverno policy reporter UI | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/kyverno/main.tf b/modules/kubernetes-addons/kyverno/main.tf
deleted file mode 100644
index b808049d7b..0000000000
--- a/modules/kubernetes-addons/kyverno/main.tf
+++ /dev/null
@@ -1,75 +0,0 @@
-module "kyverno_helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  # https://github.com/kyverno/kyverno/blob/main/charts/kyverno/Chart.yaml
-  helm_config = merge(
-    {
-      name             = "kyverno"
-      chart            = "kyverno"
-      repository       = "https://kyverno.github.io/kyverno/"
-      version          = "v2.5.3"
-      namespace        = "kyverno"
-      create_namespace = true
-      description      = "Kubernetes Native Policy Management"
-      values = [
-        <<-EOT
-          replicaCount: 3
-        EOT
-      ]
-    },
-    var.kyverno_helm_config
-  )
-
-  addon_context = var.addon_context
-}
-
-module "kyverno_policies_helm_addon" {
-  source = "../helm-addon"
-
-  count = var.enable_kyverno_policies ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  # https://github.com/kyverno/kyverno/blob/main/charts/kyverno-policies/Chart.yaml
-  helm_config = merge(
-    {
-      name        = "kyverno-policies"
-      chart       = "kyverno-policies"
-      repository  = "https://kyverno.github.io/kyverno/"
-      version     = "v2.5.5"
-      namespace   = module.kyverno_helm_addon.helm_release[0].namespace
-      description = "Kubernetes Pod Security Standards implemented as Kyverno policies"
-      values = [
-        <<-EOT
-          podSecurityStandard: restricted
-        EOT
-
-      ]
-    },
-    var.kyverno_policies_helm_config
-  )
-
-  addon_context = var.addon_context
-}
-
-module "kyverno_policy_reporter_helm_addon" {
-  source = "../helm-addon"
-
-  count = var.enable_kyverno_policy_reporter ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  # https://github.com/kyverno/policy-reporter/blob/main/charts/policy-reporter/Chart.yaml
-  helm_config = merge(
-    {
-      name        = "policy-reporter"
-      chart       = "policy-reporter"
-      repository  = "https://kyverno.github.io/policy-reporter"
-      version     = "2.13.4"
-      namespace   = module.kyverno_helm_addon.helm_release[0].namespace
-      description = "Policy Reporter watches for PolicyReport Resources"
-    },
-    var.kyverno_policy_reporter_helm_config
-  )
-
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/kyverno/outputs.tf b/modules/kubernetes-addons/kyverno/outputs.tf
deleted file mode 100644
index 110946f5df..0000000000
--- a/modules/kubernetes-addons/kyverno/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.kyverno_helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.kyverno_helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.kyverno_helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.kyverno_helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/kyverno/variables.tf b/modules/kubernetes-addons/kyverno/variables.tf
deleted file mode 100644
index 84206667dd..0000000000
--- a/modules/kubernetes-addons/kyverno/variables.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-variable "kyverno_helm_config" {
-  description = "Helm provider config for the Kyverno"
-  type        = any
-  default     = {}
-}
-
-variable "kyverno_policies_helm_config" {
-  description = "Helm provider config for the Kyverno baseline policies"
-  type        = any
-  default     = {}
-}
-
-variable "kyverno_policy_reporter_helm_config" {
-  description = "Helm provider config for the Kyverno policy reporter UI"
-  type        = any
-  default     = {}
-}
-
-variable "enable_kyverno_policies" {
-  description = "Enable Kyverno policies"
-  type        = bool
-  default     = false
-}
-
-variable "enable_kyverno_policy_reporter" {
-  description = "Enable Kyverno UI"
-  type        = bool
-  default     = false
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/kyverno/versions.tf b/modules/kubernetes-addons/kyverno/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/kyverno/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/README.md b/modules/kubernetes-addons/local-volume-provisioner/README.md
deleted file mode 100644
index 8377371b7f..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Local volume provisioner
-
-See [docs](../../../docs/add-ons/local-volume-provisioner.md)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for local volume provisioner | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/Chart.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/Chart.yaml
deleted file mode 100644
index 0861422b64..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/Chart.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-name: provisioner
-description: local provisioner chart
-keywords:
-- storage
-- local
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.6.0-alpha.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 2.4.0
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/NOTES.txt b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/NOTES.txt
deleted file mode 100644
index 5839304911..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/NOTES.txt
+++ /dev/null
@@ -1 +0,0 @@
-provisioner installed
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/_helpers.tpl b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/_helpers.tpl
deleted file mode 100644
index 406d4d0b1e..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/_helpers.tpl
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "provisioner.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "provisioner.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "provisioner.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "provisioner.serviceAccountName" -}}
-{{- if .Values.common.serviceAccount.create -}}
-    {{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.common.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/configmap.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/configmap.yaml
deleted file mode 100644
index 5bdb7a3455..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/configmap.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "provisioner.fullname" . }}-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-data:
-{{- if .Values.daemonset.nodeLabels }}
-  nodeLabelsForPV: |
-   {{- range $label := .Values.daemonset.nodeLabels }}
-    - {{$label}}
-   {{- end }}
-{{- end }}
-{{- if .Values.common.labelsForPV }}
-  labelsForPV: |
-   {{- range $label, $value := .Values.common.labelsForPV }}
-    {{$label}} : {{$value}}
-   {{- end }}
-{{- end }}
-{{- if .Values.common.useAlphaAPI }}
-  useAlphaAPI: "true"
-{{- end }}
-{{- if .Values.common.setPVOwnerRef }}
-  setPVOwnerRef: "true"
-{{- end }}
-{{- if .Values.common.useJobForCleaning }}
-  useJobForCleaning: "yes"
-{{- end}}
-{{- if .Values.common.useNodeNameOnly }}
-  useNodeNameOnly: "true"
-{{- end }}
-{{- if .Values.common.minResyncPeriod }}
-  minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
-{{- end}}
-  storageClassMap: |
-    {{- range $classConfig := .Values.classes }}
-    {{ $classConfig.name }}:
-      hostDir: {{ $classConfig.hostDir }}
-      mountDir: {{ $classConfig.mountDir | default $classConfig.hostDir }}
-      {{- if $classConfig.blockCleanerCommand }}
-      blockCleanerCommand:
-      {{- range $val := $classConfig.blockCleanerCommand }}
-        - {{ $val | quote }}
-      {{- end}}
-      {{- end }}
-      {{- if $classConfig.volumeMode }}
-      volumeMode: {{ $classConfig.volumeMode }}
-      {{- end }}
-      {{- if $classConfig.fsType }}
-      fsType: {{ $classConfig.fsType }}
-      {{- end }}
-      {{- if $classConfig.namePattern }}
-      namePattern: {{ $classConfig.namePattern | quote }}
-      {{- end }}
-    {{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_linux.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_linux.yaml
deleted file mode 100644
index 8b5add235a..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_linux.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ include "provisioner.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "provisioner.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ template "provisioner.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Values.daemonset.podLabels }}
-{{ .Values.daemonset.podLabels | toYaml | trim | indent 8 }}
-{{- end }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-{{- if .Values.daemonset.podAnnotations }}
-{{ .Values.daemonset.podAnnotations | toYaml | trim | indent 8 }}
-{{- end }}
-    spec:
-      serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
-{{- if .Values.daemonset.priorityClassName }}
-      priorityClassName: {{.Values.daemonset.priorityClassName}}
-{{- end }}
-      nodeSelector:
-        kubernetes.io/os: linux
-{{- if .Values.daemonset.nodeSelector }}
-        {{ toYaml .Values.daemonset.nodeSelector | nindent 8 }}
-{{- end }}
-{{- if .Values.daemonset.tolerations }}
-      tolerations:
-        {{ toYaml .Values.daemonset.tolerations | nindent 8 }}
-{{- end }}
-{{- if .Values.daemonset.affinity }}
-      affinity:
-        {{ toYaml .Values.daemonset.affinity | nindent 8 }}
-{{- end }}
-{{- with .Values.daemonset.initContainers }}
-      initContainers:
-        {{- toYaml . | nindent 8 }}
-{{- end }}
-      containers:
-        - name: provisioner
-          image: {{ .Values.daemonset.image }}
-          {{- if .Values.daemonset.imagePullPolicy }}
-          imagePullPolicy: {{ .Values.daemonset.imagePullPolicy }}
-          {{- end }}
-          securityContext:
-            privileged: {{ .Values.daemonset.privileged }}
-{{- if .Values.daemonset.resources }}
-          resources:
-            {{ toYaml .Values.daemonset.resources | nindent 12 }}
-{{- end }}
-          env:
-          - name: MY_NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: MY_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: JOB_CONTAINER_IMAGE
-            value: {{ .Values.daemonset.image }}
-          {{- if .Values.daemonset.kubeConfigEnv }}
-          - name: KUBECONFIG
-            value: {{.Values.daemonset.kubeConfigEnv}}
-          {{- end }}
-          ports:
-          - name: metrics
-            containerPort: 8080
-          volumeMounts:
-            - name: provisioner-config
-              mountPath: /etc/provisioner/config
-              readOnly: true
-            {{- if .Values.common.mountDevVolume }}
-            - name: provisioner-dev
-              mountPath: /dev
-            {{- end }}
-            {{- range $classConfig := .Values.classes }}
-            - name: {{ $classConfig.name }}
-              mountPath: {{ $classConfig.mountDir | default $classConfig.hostDir }}
-              mountPropagation: HostToContainer
-            {{- end }}
-      volumes:
-        - name: provisioner-config
-          configMap:
-            name: {{ template "provisioner.fullname" . }}-config
-        {{- if .Values.common.mountDevVolume }}
-        - name: provisioner-dev
-          hostPath:
-            path: /dev
-        {{- end }}
-        {{- range $classConfig := .Values.classes }}
-        - name: {{ $classConfig.name }}
-          hostPath:
-            path: {{ $classConfig.hostDir }}
-        {{- end }}
-        {{- range $name, $path := .Values.daemonset.additionalHostPathVolumes }}
-        - name: {{ quote $name }}
-          hostPath:
-            path: {{ quote $path }}
-        {{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_windows.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_windows.yaml
deleted file mode 100644
index 90fc566440..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/daemonset_windows.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ include "provisioner.fullname" . }}-win
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "provisioner.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ template "provisioner.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Values.daemonset.podLabels }}
-{{ .Values.daemonset.podLabels | toYaml | trim | indent 8 }}
-{{- end }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-{{- if .Values.daemonset.podAnnotations }}
-{{ .Values.daemonset.podAnnotations | toYaml | trim | indent 8 }}
-{{- end }}
-    spec:
-      serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
-{{- if .Values.daemonset.priorityClassName }}
-      priorityClassName: {{.Values.daemonset.priorityClassName}}
-{{- end }}
-      nodeSelector:
-        kubernetes.io/os: windows
-      tolerations:
-        # an empty key operator Exists matches all keys, values and effects
-        # which meants that this will tolerate everything
-        - operator: "Exists"
-{{- if .Values.daemonset.tolerations }}
-        {{ toYaml .Values.daemonset.tolerations | nindent 8 }}
-{{- end }}
-{{- if .Values.daemonset.affinity }}
-      affinity:
-        {{ toYaml .Values.daemonset.affinity | nindent 8 }}
-{{- end }}
-{{- with .Values.daemonset.initContainers }}
-      initContainers:
-        {{- toYaml . | nindent 8 }}
-{{- end }}
-      containers:
-        - name: provisioner
-          image: {{ .Values.daemonset.image }}
-          {{- if .Values.daemonset.imagePullPolicy }}
-          imagePullPolicy: {{ .Values.daemonset.imagePullPolicy }}
-          {{- end }}
-{{- if .Values.daemonset.resources }}
-          resources:
-            {{ toYaml .Values.daemonset.resources | nindent 12 }}
-{{- end }}
-          env:
-          - name: MY_NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: MY_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: JOB_CONTAINER_IMAGE
-            value: {{ .Values.daemonset.image }}
-          {{- if .Values.daemonset.kubeConfigEnv }}
-          - name: KUBECONFIG
-            value: {{.Values.daemonset.kubeConfigEnv}}
-          {{- end }}
-          ports:
-          - name: metrics
-            containerPort: 8080
-          volumeMounts:
-            - name: provisioner-config
-              mountPath: /etc/provisioner/config
-              readOnly: true
-            {{- if .Values.common.mountDevVolume }}
-            - name: provisioner-dev
-              mountPath: /dev
-            {{- end }}
-            {{- range $classConfig := .Values.classes }}
-            - name: {{ $classConfig.name }}
-              mountPath: {{ $classConfig.mountDir | default $classConfig.hostDir }}
-              mountPropagation: HostToContainer
-            {{- end }}
-            - name: csi-proxy-volume-v1
-              mountPath: \\.\pipe\csi-proxy-volume-v1
-            - name: csi-proxy-filesystem-v1
-              mountPath: \\.\pipe\csi-proxy-filesystem-v1
-            # these csi-proxy paths are still included for compatibility, they're used
-            # only if the node has still the beta version of the CSI proxy
-            - name: csi-proxy-volume-v1beta2
-              mountPath: \\.\pipe\csi-proxy-volume-v1beta2
-            - name: csi-proxy-filesystem-v1beta2
-              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta2
-      volumes:
-        - name: csi-proxy-volume-v1
-          hostPath:
-            path: \\.\pipe\csi-proxy-volume-v1
-            type: ""
-        - name: csi-proxy-filesystem-v1
-          hostPath:
-            path: \\.\pipe\csi-proxy-filesystem-v1
-            type: ""
-        # these csi-proxy paths are still included for compatibility, they're used
-        # only if the node has still the beta version of the CSI proxy
-        - name: csi-proxy-volume-v1beta2
-          hostPath:
-            path: \\.\pipe\csi-proxy-volume-v1beta2
-            type: ""
-        - name: csi-proxy-filesystem-v1beta2
-          hostPath:
-            path: \\.\pipe\csi-proxy-filesystem-v1beta2
-            type: ""
-        - name: provisioner-config
-          configMap:
-            name: {{ template "provisioner.fullname" . }}-config
-        {{- if .Values.common.mountDevVolume }}
-        - name: provisioner-dev
-          hostPath:
-            path: "C:\\dev"
-            # If nothing exists at the given path, an empty directory will be
-            # created there as needed with permission set to 0755,
-            # having the same group and ownership with Kubelet.
-            type: DirectoryOrCreate
-        {{- end }}
-        {{- range $classConfig := .Values.classes }}
-        - name: {{ $classConfig.name }}
-          hostPath:
-            path: {{ $classConfig.hostDir }}
-        {{- end }}
-        {{- range $name, $path := .Values.daemonset.additionalHostPathVolumes }}
-        - name: {{ quote $name }}
-          hostPath:
-            path: {{ quote $path }}
-        {{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/psp.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/psp.yaml
deleted file mode 100644
index 6cfec81658..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/psp.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if .Values.common.rbac.pspEnabled -}}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "provisioner.fullname" . }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-spec:
-  allowPrivilegeEscalation: true
-  allowedHostPaths:
-  {{- if .Values.common.mountDevVolume }}
-  - pathPrefix: /dev
-  {{- end }}
-  {{- range $classConfig := .Values.classes }}
-  - pathPrefix: {{ $classConfig.hostDir }}
-  {{- end }}
-  fsGroup:
-    rule: RunAsAny
-  privileged: {{ .Values.daemonset.privileged }}
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - configMap
-  - secret
-  - hostPath
-{{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/rbac.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/rbac.yaml
deleted file mode 100644
index ba4c9a11fa..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/rbac.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-{{- if .Values.common.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "provisioner.fullname" . }}-node-clusterrole
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-rules:
-- apiGroups: [""]
-  resources: ["persistentvolumes"]
-  verbs: ["get", "list", "watch", "create", "delete"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["watch"]
-- apiGroups: ["", "events.k8s.io"]
-  resources: ["events"]
-  verbs: ["create", "update", "patch"]
-- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "provisioner.fullname" . }}-node-binding
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "provisioner.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ template "provisioner.fullname" . }}-node-clusterrole
-  apiGroup: rbac.authorization.k8s.io
-{{- if .Values.common.useJobForCleaning }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "provisioner.fullname" . }}-jobs-role
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-rules:
-- apiGroups:
-    - 'batch'
-  resources:
-    - jobs
-  verbs:
-    - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "provisioner.fullname" . }}-jobs-rolebinding
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "provisioner.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: Role
-  name: {{ template "provisioner.fullname" . }}-jobs-role
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- if .Values.common.rbac.pspEnabled }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "provisioner.fullname" . }}-psp-role
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-rules:
-- apiGroups:
-    - policy
-  resources:
-    - podsecuritypolicies
-  resourceNames:
-    - {{ template "provisioner.fullname" . }}
-  verbs:
-    - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "provisioner.fullname" . }}-psp-rolebinding
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "provisioner.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: Role
-  name: {{ template "provisioner.fullname" . }}-psp-role
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/serviceaccount.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/serviceaccount.yaml
deleted file mode 100644
index 19941689f3..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.common.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "provisioner.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/servicemonitor.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/servicemonitor.yaml
deleted file mode 100644
index 04103a619c..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/servicemonitor.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-{{- if .Values.serviceMonitor.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "provisioner.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      targetPort: 8080
-      name: metrics
-  selector:
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ include "provisioner.fullname" . }}
-  namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" . }}
-    app.kubernetes.io/name: {{ template "provisioner.name" . }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    {{- range $k, $v := .Values.serviceMonitor.additionalLabels }}
-    {{ $k }}: {{ $v | quote }}
-    {{- end }}
-spec:
-  jobLabel: app.kubernetes.io/name
-  endpoints:
-  - port: metrics
-    interval: {{ .Values.serviceMonitor.interval }}
-    scheme: http
-{{- if .Values.serviceMonitor.relabelings }}
-    relabelings:
-      {{ toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
-{{- end }}
-  namespaceSelector:
-    matchNames:
-      - {{ .Release.Namespace }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "provisioner.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/storageclass.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/storageclass.yaml
deleted file mode 100644
index b225f41aab..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/templates/storageclass.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- range $val := .Values.classes }}
-{{- if $val.storageClass }}
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: {{ $val.name }}
-  {{- if kindIs "map" $val.storageClass }}
-  {{- if $val.storageClass.isDefaultClass }}
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-  {{- end }}
-  {{- end }}
-  labels:
-    helm.sh/chart: {{ template "provisioner.chart" $ }}
-    app.kubernetes.io/name: {{ template "provisioner.name" $ }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-provisioner: kubernetes.io/no-provisioner
-volumeBindingMode: WaitForFirstConsumer
-{{- if kindIs "map" $val.storageClass }}
-reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }}
-{{- else }}
-reclaimPolicy: Delete
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/values.yaml b/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/values.yaml
deleted file mode 100644
index 19d8a936bb..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/local-static-provisioner/values.yaml
+++ /dev/null
@@ -1,195 +0,0 @@
-#
-# Common options.
-#
-common:
-  #
-  # Defines whether to generate rbac roles
-  #
-  rbac:
-    # rbac.create: `true` if rbac resources should be created
-    create: true
-    # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
-    pspEnabled: false
-  #
-  # Defines whether to generate a serviceAccount
-  #
-  serviceAccount:
-    # serviceAccount.create: Whether to create a service account or not
-    create: true
-    # serviceAccount.name: The name of the service account to create or use
-    name: ""
-  #
-  # Beta PV.NodeAffinity field is used by default. If running against pre-1.10
-  # k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
-  #
-  useAlphaAPI: false
-  #
-  # Indicates if PVs should be dependents of the owner Node.
-  #
-  setPVOwnerRef: false
-  #
-  # Provisioner clean volumes in process by default. If set to true, provisioner
-  # will use Jobs to clean.
-  #
-  useJobForCleaning: false
-  #
-  # Provisioner name contains Node.UID by default. If set to true, the provisioner
-  # name will only use Node.Name.
-  #
-  useNodeNameOnly: false
-  #
-  # Resync period in reflectors will be random between minResyncPeriod and
-  # 2*minResyncPeriod. Default: 5m0s.
-  #
-  #minResyncPeriod: 5m0s
-  #
-  # Mount the host's `/dev/` by default so that block device symlinks can be
-  # resolved by the containers
-  #
-  mountDevVolume: true
-  #
-  # A mapping of additional HostPath volume names to host paths to create, for
-  # your init container to consume
-  #
-  additionalHostPathVolumes: {}
-  #  provisioner-proc: /proc
-  #  provisioner-mnt: /mnt
-  #
-  # Map of label key-value pairs to apply to the PVs created by the
-  # provisioner. Uncomment to add labels to the list.
-  #
-  #labelsForPV:
-  #  pv-labels: can-be-selected
-#
-# Configure storage classes.
-#
-
-classes:
-- name: nvme-ssd # Defines name of storage classe.
-  # Path on the host where local volumes of this storage class are mounted
-  # under.
-  hostDir: /dev/disk/kubernetes
-  # Optionally specify mount path of local volumes. By default, we use same
-  # path as hostDir in container.
-  # mountDir: /mnt/fast-disks
-  # The volume mode of created PersistentVolume object. Default to Filesystem
-  # if not specified.
-  volumeMode: Filesystem
-  # Filesystem type to mount.
-  # It applies only when the source path is a block device,
-  # and desire volume mode is Filesystem.
-  # Must be a filesystem type supported by the host operating system.
-  fsType: ext4
-  # File name pattern to discover. By default, discover all file names.
-  namePattern: "*"
-  blockCleanerCommand:
-  #  Do a quick reset of the block device during its cleanup.
-  #  - "/scripts/quick_reset.sh"
-  #  or use dd to zero out block dev in two iterations by uncommenting these lines
-  #  - "/scripts/dd_zero.sh"
-  #  - "2"
-  # or run shred utility for 2 iteration.s
-    - "/scripts/shred.sh"
-    - "2"
-  # or blkdiscard utility by uncommenting the line below.
-  #  - "/scripts/blkdiscard.sh"
-  # Uncomment to create storage class object with default configuration.
-  storageClass: true
-  # Uncomment to create storage class object and configure it.
-  # storageClass:
-    # reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete.
-    # isDefaultClass: true # set as default class
-#
-# Configure DaemonSet for provisioner.
-#
-daemonset:
-  #
-  # Defines annotations for each Pod in the DaemonSet.
-  #
-  podAnnotations: {}
-  #
-  # Defines labels for each Pod in the DaemonSet.
-  #
-  podLabels: {}
-  #
-  # Defines Provisioner's image name including container registry.
-  #
-  image: k8s.gcr.io/sig-storage/local-volume-provisioner:v2.4.0
-  #
-  # Defines Image download policy, see kubernetes documentation for available values.
-  #
-  #imagePullPolicy: Always
-  #
-  # Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet
-  #
-  # Note that if you want to make it critical, specify "system-cluster-critical"
-  # or "system-node-critical" and deploy in kube-system namespace.
-  # Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical
-  #
-  #priorityClassName: system-node-critical
-  # If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec.
-  #
-  # NodeSelector constraint for local-volume-provisioner scheduling to nodes.
-  # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
-  nodeSelector: {}
-  #
-  # If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
-  #  kubeConfigEnv: KUBECONFIG
-  #
-  # List of node labels to be copied to the PVs created by the provisioner in a format:
-  #
-  #  nodeLabels:
-  #    - failure-domain.beta.kubernetes.io/zone
-  #    - failure-domain.beta.kubernetes.io/region
-  #
-  # If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
-  #
-  # Node tolerations for local-volume-provisioner scheduling to nodes with taints.
-  # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-  tolerations: []
-  #
-  # If configured, affinity will add a affinity filed to the DeamonSet PodSpec.
-  # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
-  affinity: {}
-  #
-  # If configured, resources will set the requests/limits field to the Daemonset PodSpec.
-  # Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  resources: {}
-    # limits:
-    #   memory: "512Mi"
-    #   cpu: "1000m"
-    # requests:
-    #   memory: "32Mi"
-    #   cpu: "10m"
-  #
-  # If set to false, containers created by the Provisioner Daemonset will run without extra privileges.
-  privileged: true
-  # Any init containers can be configured here.
-  # Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
-  initContainers: []
-#
-# Configure Prometheus monitoring
-#
-serviceMonitor:
-  enabled: false
-  ## Interval at which Prometheus scrapes the provisioner
-  interval: 10s
-  # Namespace Prometheus is installed in defaults to release namespace
-  namespace:
-  ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
-  ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
-  ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
-  additionalLabels: {}
-  relabelings: []
-  # - sourceLabels: [__meta_kubernetes_pod_node_name]
-  #   separator: ;
-  #   regex: ^(.*)$
-  #   targetLabel: nodename
-  #   replacement: $1
-  #   action: replace
-
-#
-# Overrice the default chartname or releasename
-#
-nameOverride: ""
-fullnameOverride: ""
diff --git a/modules/kubernetes-addons/local-volume-provisioner/locals.tf b/modules/kubernetes-addons/local-volume-provisioner/locals.tf
deleted file mode 100644
index fc36387d7e..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/locals.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-locals {
-  default_helm_config = {
-    name             = "local-static-provisioner"
-    chart            = "${path.module}/local-static-provisioner"
-    version          = "2.6.0-alpha.1"
-    namespace        = "local-static-provisioner"
-    create_namespace = true
-    description      = "local provisioner helm chart configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/main.tf b/modules/kubernetes-addons/local-volume-provisioner/main.tf
deleted file mode 100644
index afed7a9bd5..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/main.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-module "helm_addon" {
-  source        = "../helm-addon"
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/outputs.tf b/modules/kubernetes-addons/local-volume-provisioner/outputs.tf
deleted file mode 100644
index 37b305f9b1..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/variables.tf b/modules/kubernetes-addons/local-volume-provisioner/variables.tf
deleted file mode 100644
index 5e74805688..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/variables.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for local volume provisioner"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/local-volume-provisioner/versions.tf b/modules/kubernetes-addons/local-volume-provisioner/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/local-volume-provisioner/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/locals.tf b/modules/kubernetes-addons/locals.tf
deleted file mode 100644
index cb1075928a..0000000000
--- a/modules/kubernetes-addons/locals.tf
+++ /dev/null
@@ -1,110 +0,0 @@
-locals {
-
-  eks_oidc_issuer_url  = var.eks_oidc_provider != null ? var.eks_oidc_provider : replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "")
-  eks_cluster_endpoint = var.eks_cluster_endpoint != null ? var.eks_cluster_endpoint : data.aws_eks_cluster.eks_cluster.endpoint
-  eks_cluster_version  = var.eks_cluster_version != null ? var.eks_cluster_version : data.aws_eks_cluster.eks_cluster.version
-
-  # Configuration for managing add-ons via ArgoCD.
-  argocd_addon_config = {
-    agones                    = var.enable_agones ? module.agones[0].argocd_gitops_config : null
-    awsEfsCsiDriver           = var.enable_aws_efs_csi_driver ? module.aws_efs_csi_driver[0].argocd_gitops_config : null
-    awsFSxCsiDriver           = var.enable_aws_fsx_csi_driver ? module.aws_fsx_csi_driver[0].argocd_gitops_config : null
-    awsForFluentBit           = var.enable_aws_for_fluentbit ? module.aws_for_fluent_bit[0].argocd_gitops_config : null
-    awsLoadBalancerController = var.enable_aws_load_balancer_controller ? module.aws_load_balancer_controller[0].argocd_gitops_config : null
-    awsNodeTerminationHandler = var.enable_aws_node_termination_handler ? module.aws_node_termination_handler[0].argocd_gitops_config : null
-    certManager               = var.enable_cert_manager ? module.cert_manager[0].argocd_gitops_config : null
-    clusterAutoscaler         = var.enable_cluster_autoscaler ? module.cluster_autoscaler[0].argocd_gitops_config : null
-    corednsAutoscaler         = var.enable_amazon_eks_coredns && var.enable_coredns_autoscaler && length(var.coredns_autoscaler_helm_config) > 0 ? module.coredns_autoscaler[0].argocd_gitops_config : null
-    datadogOperator           = var.enable_datadog_operator ? module.datadog_operator[0].argocd_gitops_config : null
-    grafana                   = var.enable_grafana ? module.grafana[0].argocd_gitops_config : null
-    ingressNginx              = var.enable_ingress_nginx ? module.ingress_nginx[0].argocd_gitops_config : null
-    keda                      = var.enable_keda ? module.keda[0].argocd_gitops_config : null
-    metricsServer             = var.enable_metrics_server ? module.metrics_server[0].argocd_gitops_config : null
-    ondat                     = var.enable_ondat ? module.ondat[0].argocd_gitops_config : null
-    prometheus                = var.enable_prometheus ? module.prometheus[0].argocd_gitops_config : null
-    sparkHistoryServer        = var.enable_spark_history_server ? module.spark_history_server[0].argocd_gitops_config : null
-    sparkOperator             = var.enable_spark_k8s_operator ? module.spark_k8s_operator[0].argocd_gitops_config : null
-    tetrateIstio              = var.enable_tetrate_istio ? module.tetrate_istio[0].argocd_gitops_config : null
-    traefik                   = var.enable_traefik ? module.traefik[0].argocd_gitops_config : null
-    vault                     = var.enable_vault ? module.vault[0].argocd_gitops_config : null
-    vpa                       = var.enable_vpa ? module.vpa[0].argocd_gitops_config : null
-    yunikorn                  = var.enable_yunikorn ? module.yunikorn[0].argocd_gitops_config : null
-    argoRollouts              = var.enable_argo_rollouts ? module.argo_rollouts[0].argocd_gitops_config : null
-    argoWorkflows             = var.enable_argo_workflows ? module.argo_workflows[0].argocd_gitops_config : null
-    karpenter                 = var.enable_karpenter ? module.karpenter[0].argocd_gitops_config : null
-    kubernetesDashboard       = var.enable_kubernetes_dashboard ? module.kubernetes_dashboard[0].argocd_gitops_config : null
-    kubePrometheusStack       = var.enable_kube_prometheus_stack ? module.kube_prometheus_stack[0].argocd_gitops_config : null
-    awsCloudWatchMetrics      = var.enable_aws_cloudwatch_metrics ? module.aws_cloudwatch_metrics[0].argocd_gitops_config : null
-    externalDns               = var.enable_external_dns ? module.external_dns[0].argocd_gitops_config : null
-    externalSecrets           = var.enable_external_secrets ? module.external_secrets[0].argocd_gitops_config : null
-    velero                    = var.enable_velero ? module.velero[0].argocd_gitops_config : null
-    promtail                  = var.enable_promtail ? module.promtail[0].argocd_gitops_config : null
-    calico                    = var.enable_calico ? module.calico[0].argocd_gitops_config : null
-    kubecost                  = var.enable_kubecost ? module.kubecost[0].argocd_gitops_config : null
-    strimziKafkaOperator      = var.enable_strimzi_kafka_operator ? module.strimzi_kafka_operator[0].argocd_gitops_config : null
-    smb_csi_driver            = var.enable_smb_csi_driver ? module.smb_csi_driver[0].argocd_gitops_config : null
-    chaos_mesh                = var.enable_chaos_mesh ? module.chaos_mesh[0].argocd_gitops_config : null
-    cilium                    = var.enable_cilium ? module.cilium[0].argocd_gitops_config : null
-    gatekeeper                = var.enable_gatekeeper ? module.gatekeeper[0].argocd_gitops_config : null
-    kyverno                   = var.enable_kyverno ? { enable = true } : null
-    kyverno_policies          = var.enable_kyverno ? { enable = true } : null
-    kyverno_policy_reporter   = var.enable_kyverno ? { enable = true } : null
-    nvidiaDevicePlugin        = var.enable_nvidia_device_plugin ? module.nvidia_device_plugin[0].argocd_gitops_config : null
-    consul                    = var.enable_consul ? module.consul[0].argocd_gitops_config : null
-    thanos                    = var.enable_thanos ? module.thanos[0].argocd_gitops_config : null
-    kubeStateMetrics          = var.enable_kube_state_metrics ? module.kube_state_metrics[0].argocd_gitops_config : null
-  }
-
-  addon_context = {
-    aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
-    aws_caller_identity_arn        = data.aws_caller_identity.current.arn
-    aws_eks_cluster_endpoint       = local.eks_cluster_endpoint
-    aws_partition_id               = data.aws_partition.current.partition
-    aws_region_name                = data.aws_region.current.name
-    eks_cluster_id                 = data.aws_eks_cluster.eks_cluster.id
-    eks_oidc_issuer_url            = local.eks_oidc_issuer_url
-    eks_oidc_provider_arn          = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.eks_oidc_issuer_url}"
-    tags                           = var.tags
-    irsa_iam_role_path             = var.irsa_iam_role_path
-    irsa_iam_permissions_boundary  = var.irsa_iam_permissions_boundary
-  }
-
-  # For addons that pull images from a region-specific ECR container registry by default
-  # for more information see: https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html
-  amazon_container_image_registry_uris = merge(
-    {
-      af-south-1     = "877085696533.dkr.ecr.af-south-1.amazonaws.com",
-      ap-east-1      = "800184023465.dkr.ecr.ap-east-1.amazonaws.com",
-      ap-northeast-1 = "602401143452.dkr.ecr.ap-northeast-1.amazonaws.com",
-      ap-northeast-2 = "602401143452.dkr.ecr.ap-northeast-2.amazonaws.com",
-      ap-northeast-3 = "602401143452.dkr.ecr.ap-northeast-3.amazonaws.com",
-      ap-south-1     = "602401143452.dkr.ecr.ap-south-1.amazonaws.com",
-      ap-south-2     = "900889452093.dkr.ecr.ap-south-2.amazonaws.com",
-      ap-southeast-1 = "602401143452.dkr.ecr.ap-southeast-1.amazonaws.com",
-      ap-southeast-2 = "602401143452.dkr.ecr.ap-southeast-2.amazonaws.com",
-      ap-southeast-3 = "296578399912.dkr.ecr.ap-southeast-3.amazonaws.com",
-      ap-southeast-4 = "491585149902.dkr.ecr.ap-southeast-4.amazonaws.com",
-      ca-central-1   = "602401143452.dkr.ecr.ca-central-1.amazonaws.com",
-      cn-north-1     = "918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn",
-      cn-northwest-1 = "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn",
-      eu-central-1   = "602401143452.dkr.ecr.eu-central-1.amazonaws.com",
-      eu-central-2   = "900612956339.dkr.ecr.eu-central-2.amazonaws.com",
-      eu-north-1     = "602401143452.dkr.ecr.eu-north-1.amazonaws.com",
-      eu-south-1     = "590381155156.dkr.ecr.eu-south-1.amazonaws.com",
-      eu-south-2     = "455263428931.dkr.ecr.eu-south-2.amazonaws.com",
-      eu-west-1      = "602401143452.dkr.ecr.eu-west-1.amazonaws.com",
-      eu-west-2      = "602401143452.dkr.ecr.eu-west-2.amazonaws.com",
-      eu-west-3      = "602401143452.dkr.ecr.eu-west-3.amazonaws.com",
-      me-south-1     = "558608220178.dkr.ecr.me-south-1.amazonaws.com",
-      me-central-1   = "759879836304.dkr.ecr.me-central-1.amazonaws.com",
-      sa-east-1      = "602401143452.dkr.ecr.sa-east-1.amazonaws.com",
-      us-east-1      = "602401143452.dkr.ecr.us-east-1.amazonaws.com",
-      us-east-2      = "602401143452.dkr.ecr.us-east-2.amazonaws.com",
-      us-gov-east-1  = "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com",
-      us-gov-west-1  = "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com",
-      us-west-1      = "602401143452.dkr.ecr.us-west-1.amazonaws.com",
-      us-west-2      = "602401143452.dkr.ecr.us-west-2.amazonaws.com"
-    },
-    var.custom_image_registry_uri
-  )
-}
diff --git a/modules/kubernetes-addons/main.tf b/modules/kubernetes-addons/main.tf
deleted file mode 100644
index 62080c9e4d..0000000000
--- a/modules/kubernetes-addons/main.tf
+++ /dev/null
@@ -1,817 +0,0 @@
-#-----------------AWS Managed EKS Add-ons----------------------
-
-module "aws_vpc_cni" {
-  source = "./aws-vpc-cni"
-
-  count = var.enable_amazon_eks_vpc_cni ? 1 : 0
-
-  enable_ipv6 = var.enable_ipv6
-  addon_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.amazon_eks_vpc_cni_config,
-  )
-
-  addon_context = local.addon_context
-}
-
-module "aws_coredns" {
-  source = "./aws-coredns"
-
-  count = var.enable_amazon_eks_coredns || var.enable_self_managed_coredns ? 1 : 0
-
-  addon_context = local.addon_context
-
-  # Amazon EKS CoreDNS addon
-  enable_amazon_eks_coredns = var.enable_amazon_eks_coredns
-  addon_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.amazon_eks_coredns_config,
-  )
-
-  # Self-managed CoreDNS addon via Helm chart
-  enable_self_managed_coredns = var.enable_self_managed_coredns
-  helm_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.self_managed_coredns_helm_config,
-    {
-      # Putting after because we don't want users to overwrite this - internal use only
-      image_registry = local.amazon_container_image_registry_uris[data.aws_region.current.name]
-    }
-  )
-
-  # CoreDNS cluster proportioanl autoscaler
-  enable_cluster_proportional_autoscaler      = var.enable_coredns_cluster_proportional_autoscaler
-  cluster_proportional_autoscaler_helm_config = var.coredns_cluster_proportional_autoscaler_helm_config
-
-  remove_default_coredns_deployment      = var.remove_default_coredns_deployment
-  eks_cluster_certificate_authority_data = data.aws_eks_cluster.eks_cluster.certificate_authority[0].data
-}
-
-module "aws_kube_proxy" {
-  source = "./aws-kube-proxy"
-
-  count = var.enable_amazon_eks_kube_proxy ? 1 : 0
-
-  addon_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.amazon_eks_kube_proxy_config,
-  )
-
-  addon_context = local.addon_context
-}
-
-module "aws_ebs_csi_driver" {
-  source = "./aws-ebs-csi-driver"
-
-  count = var.enable_amazon_eks_aws_ebs_csi_driver || var.enable_self_managed_aws_ebs_csi_driver ? 1 : 0
-
-  # Amazon EKS aws-ebs-csi-driver addon
-  enable_amazon_eks_aws_ebs_csi_driver = var.enable_amazon_eks_aws_ebs_csi_driver
-  addon_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.amazon_eks_aws_ebs_csi_driver_config,
-  )
-
-  addon_context = local.addon_context
-
-  # Self-managed aws-ebs-csi-driver addon via Helm chart
-  enable_self_managed_aws_ebs_csi_driver = var.enable_self_managed_aws_ebs_csi_driver
-  helm_config = merge(
-    {
-      kubernetes_version = local.eks_cluster_version
-    },
-    var.self_managed_aws_ebs_csi_driver_helm_config,
-  )
-}
-
-#-----------------Kubernetes Add-ons----------------------
-
-module "agones" {
-  count                        = var.enable_agones ? 1 : 0
-  source                       = "./agones"
-  helm_config                  = var.agones_helm_config
-  eks_worker_security_group_id = var.eks_worker_security_group_id
-  manage_via_gitops            = var.argocd_manage_add_ons
-  addon_context                = local.addon_context
-}
-
-module "airflow" {
-  count         = var.enable_airflow ? 1 : 0
-  source        = "./airflow"
-  helm_config   = var.airflow_helm_config
-  addon_context = local.addon_context
-}
-
-module "argocd" {
-  count         = var.enable_argocd ? 1 : 0
-  source        = "./argocd"
-  helm_config   = var.argocd_helm_config
-  applications  = var.argocd_applications
-  addon_config  = { for k, v in local.argocd_addon_config : k => v if v != null }
-  addon_context = local.addon_context
-}
-
-module "argo_rollouts" {
-  count             = var.enable_argo_rollouts ? 1 : 0
-  source            = "./argo-rollouts"
-  helm_config       = var.argo_rollouts_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "argo_workflows" {
-  count             = var.enable_argo_workflows ? 1 : 0
-  source            = "./argo-workflows"
-  helm_config       = var.argo_workflows_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "aws_efs_csi_driver" {
-  count             = var.enable_aws_efs_csi_driver ? 1 : 0
-  source            = "./aws-efs-csi-driver"
-  helm_config       = var.aws_efs_csi_driver_helm_config
-  irsa_policies     = var.aws_efs_csi_driver_irsa_policies
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "aws_fsx_csi_driver" {
-  count             = var.enable_aws_fsx_csi_driver ? 1 : 0
-  source            = "./aws-fsx-csi-driver"
-  helm_config       = var.aws_fsx_csi_driver_helm_config
-  irsa_policies     = var.aws_fsx_csi_driver_irsa_policies
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "aws_for_fluent_bit" {
-  count                    = var.enable_aws_for_fluentbit ? 1 : 0
-  source                   = "./aws-for-fluentbit"
-  helm_config              = var.aws_for_fluentbit_helm_config
-  irsa_policies            = var.aws_for_fluentbit_irsa_policies
-  create_cw_log_group      = var.aws_for_fluentbit_create_cw_log_group
-  cw_log_group_name        = var.aws_for_fluentbit_cw_log_group_name
-  cw_log_group_retention   = var.aws_for_fluentbit_cw_log_group_retention
-  cw_log_group_kms_key_arn = var.aws_for_fluentbit_cw_log_group_kms_key_arn
-  manage_via_gitops        = var.argocd_manage_add_ons
-  addon_context            = local.addon_context
-}
-
-module "aws_cloudwatch_metrics" {
-  count             = var.enable_aws_cloudwatch_metrics ? 1 : 0
-  source            = "./aws-cloudwatch-metrics"
-  helm_config       = var.aws_cloudwatch_metrics_helm_config
-  irsa_policies     = var.aws_cloudwatch_metrics_irsa_policies
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "aws_load_balancer_controller" {
-  count             = var.enable_aws_load_balancer_controller ? 1 : 0
-  source            = "./aws-load-balancer-controller"
-  helm_config       = var.aws_load_balancer_controller_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = merge(local.addon_context, { default_repository = local.amazon_container_image_registry_uris[data.aws_region.current.name] })
-}
-
-module "aws_node_termination_handler" {
-  count                   = var.enable_aws_node_termination_handler && (length(var.auto_scaling_group_names) > 0 || var.enable_karpenter) ? 1 : 0
-  source                  = "./aws-node-termination-handler"
-  helm_config             = var.aws_node_termination_handler_helm_config
-  manage_via_gitops       = var.argocd_manage_add_ons
-  irsa_policies           = var.aws_node_termination_handler_irsa_policies
-  autoscaling_group_names = var.auto_scaling_group_names
-  addon_context           = local.addon_context
-}
-
-module "appmesh_controller" {
-  count         = var.enable_appmesh_controller ? 1 : 0
-  source        = "./appmesh-controller"
-  helm_config   = var.appmesh_helm_config
-  irsa_policies = var.appmesh_irsa_policies
-  addon_context = local.addon_context
-}
-
-module "cert_manager" {
-  count                             = var.enable_cert_manager ? 1 : 0
-  source                            = "./cert-manager"
-  helm_config                       = var.cert_manager_helm_config
-  manage_via_gitops                 = var.argocd_manage_add_ons
-  irsa_policies                     = var.cert_manager_irsa_policies
-  addon_context                     = local.addon_context
-  domain_names                      = var.cert_manager_domain_names
-  install_letsencrypt_issuers       = var.cert_manager_install_letsencrypt_issuers
-  letsencrypt_email                 = var.cert_manager_letsencrypt_email
-  kubernetes_svc_image_pull_secrets = var.cert_manager_kubernetes_svc_image_pull_secrets
-}
-
-module "cert_manager_csi_driver" {
-  count             = var.enable_cert_manager_csi_driver ? 1 : 0
-  source            = "./cert-manager-csi-driver"
-  helm_config       = var.cert_manager_csi_driver_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "cert_manager_istio_csr" {
-  count             = var.enable_cert_manager_istio_csr ? 1 : 0
-  source            = "./cert-manager-istio-csr"
-  helm_config       = var.cert_manager_istio_csr_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "cluster_autoscaler" {
-  source = "./cluster-autoscaler"
-
-  count = var.enable_cluster_autoscaler ? 1 : 0
-
-  eks_cluster_version = local.eks_cluster_version
-  helm_config         = var.cluster_autoscaler_helm_config
-  manage_via_gitops   = var.argocd_manage_add_ons
-  addon_context       = local.addon_context
-}
-
-module "coredns_autoscaler" {
-  count             = var.enable_amazon_eks_coredns && var.enable_coredns_autoscaler && length(var.coredns_autoscaler_helm_config) > 0 ? 1 : 0
-  source            = "./cluster-proportional-autoscaler"
-  helm_config       = var.coredns_autoscaler_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "crossplane" {
-  count                = var.enable_crossplane ? 1 : 0
-  source               = "./crossplane"
-  helm_config          = var.crossplane_helm_config
-  aws_provider         = var.crossplane_aws_provider
-  upbound_aws_provider = var.crossplane_upbound_aws_provider
-  jet_aws_provider     = var.crossplane_jet_aws_provider
-  kubernetes_provider  = var.crossplane_kubernetes_provider
-  helm_provider        = var.crossplane_helm_provider
-  addon_context        = local.addon_context
-}
-
-module "datadog_operator" {
-  source = "./datadog-operator"
-
-  count = var.enable_datadog_operator ? 1 : 0
-
-  helm_config       = var.datadog_operator_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "external_dns" {
-  source = "./external-dns"
-
-  count = var.enable_external_dns ? 1 : 0
-
-  helm_config       = var.external_dns_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  irsa_policies     = var.external_dns_irsa_policies
-  addon_context     = local.addon_context
-
-  domain_name       = var.eks_cluster_domain
-  private_zone      = var.external_dns_private_zone
-  route53_zone_arns = var.external_dns_route53_zone_arns
-}
-
-module "fargate_fluentbit" {
-  count         = var.enable_fargate_fluentbit ? 1 : 0
-  source        = "./fargate-fluentbit"
-  addon_config  = var.fargate_fluentbit_addon_config
-  addon_context = local.addon_context
-}
-
-module "grafana" {
-  count             = var.enable_grafana ? 1 : 0
-  source            = "./grafana"
-  helm_config       = var.grafana_helm_config
-  irsa_policies     = var.grafana_irsa_policies
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "ingress_nginx" {
-  count             = var.enable_ingress_nginx ? 1 : 0
-  source            = "./ingress-nginx"
-  helm_config       = var.ingress_nginx_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "karpenter" {
-  source = "./karpenter"
-
-  count = var.enable_karpenter ? 1 : 0
-
-  helm_config                                 = var.karpenter_helm_config
-  irsa_policies                               = var.karpenter_irsa_policies
-  node_iam_instance_profile                   = var.karpenter_node_iam_instance_profile
-  enable_spot_termination                     = var.karpenter_enable_spot_termination_handling
-  rule_name_prefix                            = var.karpenter_event_rule_name_prefix
-  manage_via_gitops                           = var.argocd_manage_add_ons
-  addon_context                               = local.addon_context
-  sqs_queue_managed_sse_enabled               = var.sqs_queue_managed_sse_enabled
-  sqs_queue_kms_master_key_id                 = var.sqs_queue_kms_master_key_id
-  sqs_queue_kms_data_key_reuse_period_seconds = var.sqs_queue_kms_data_key_reuse_period_seconds
-}
-
-module "keda" {
-  count             = var.enable_keda ? 1 : 0
-  source            = "./keda"
-  helm_config       = var.keda_helm_config
-  irsa_policies     = var.keda_irsa_policies
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "kubernetes_dashboard" {
-  count             = var.enable_kubernetes_dashboard ? 1 : 0
-  source            = "./kubernetes-dashboard"
-  helm_config       = var.kubernetes_dashboard_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "metrics_server" {
-  count             = var.enable_metrics_server ? 1 : 0
-  source            = "./metrics-server"
-  helm_config       = var.metrics_server_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "kube_state_metrics" {
-  count             = var.enable_kube_state_metrics ? 1 : 0
-  source            = "./kube-state-metrics"
-  helm_config       = var.kube_state_metrics_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "ondat" {
-  source = "./ondat"
-
-  count = var.enable_ondat ? 1 : 0
-
-  helm_config       = var.ondat_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-  irsa_policies     = var.ondat_irsa_policies
-  create_cluster    = var.ondat_create_cluster
-  etcd_endpoints    = var.ondat_etcd_endpoints
-  etcd_ca           = var.ondat_etcd_ca
-  etcd_cert         = var.ondat_etcd_cert
-  etcd_key          = var.ondat_etcd_key
-  admin_username    = var.ondat_admin_username
-  admin_password    = var.ondat_admin_password
-}
-
-module "kube_prometheus_stack" {
-  count             = var.enable_kube_prometheus_stack ? 1 : 0
-  source            = "./kube-prometheus-stack"
-  helm_config       = var.kube_prometheus_stack_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "portworx" {
-  count         = var.enable_portworx ? 1 : 0
-  source        = "portworx/portworx-addon/eksblueprints"
-  version       = "0.0.6"
-  helm_config   = var.portworx_helm_config
-  addon_context = local.addon_context
-}
-module "prometheus" {
-  count       = var.enable_prometheus ? 1 : 0
-  source      = "./prometheus"
-  helm_config = var.prometheus_helm_config
-  #AWS Managed Prometheus Workspace
-  enable_amazon_prometheus             = var.enable_amazon_prometheus
-  amazon_prometheus_workspace_endpoint = var.amazon_prometheus_workspace_endpoint
-  manage_via_gitops                    = var.argocd_manage_add_ons
-  addon_context                        = local.addon_context
-}
-
-module "reloader" {
-  count             = var.enable_reloader ? 1 : 0
-  source            = "./reloader"
-  helm_config       = var.reloader_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "spark_history_server" {
-  count             = var.enable_spark_history_server ? 1 : 0
-  source            = "./spark-history-server"
-  helm_config       = var.spark_history_server_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-  irsa_policies     = var.spark_history_server_irsa_policies
-  s3a_path          = var.spark_history_server_s3a_path
-}
-
-module "spark_k8s_operator" {
-  count             = var.enable_spark_k8s_operator ? 1 : 0
-  source            = "./spark-k8s-operator"
-  helm_config       = var.spark_k8s_operator_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "strimzi_kafka_operator" {
-  count             = var.enable_strimzi_kafka_operator ? 1 : 0
-  source            = "./strimzi-kafka-operator"
-  helm_config       = var.strimzi_kafka_operator_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "sysdig_agent" {
-  source  = "sysdiglabs/sysdig-addon/eksblueprints"
-  version = "0.0.3"
-
-  count         = var.enable_sysdig_agent ? 1 : 0
-  helm_config   = var.sysdig_agent_helm_config
-  addon_context = local.addon_context
-}
-
-module "tetrate_istio" {
-  # source  = "tetratelabs/tetrate-istio-addon/eksblueprints"
-  # version = "0.0.7"
-
-  # TODO - remove local source and revert to remote once
-  # https://github.com/tetratelabs/terraform-eksblueprints-tetrate-istio-addon/pull/12  is merged
-  source = "./tetrate-istio"
-
-  count = var.enable_tetrate_istio ? 1 : 0
-
-  distribution         = var.tetrate_istio_distribution
-  distribution_version = var.tetrate_istio_version
-  install_base         = var.tetrate_istio_install_base
-  install_cni          = var.tetrate_istio_install_cni
-  install_istiod       = var.tetrate_istio_install_istiod
-  install_gateway      = var.tetrate_istio_install_gateway
-  base_helm_config     = var.tetrate_istio_base_helm_config
-  cni_helm_config      = var.tetrate_istio_cni_helm_config
-  istiod_helm_config   = var.tetrate_istio_istiod_helm_config
-  gateway_helm_config  = var.tetrate_istio_gateway_helm_config
-  manage_via_gitops    = var.argocd_manage_add_ons
-  addon_context        = local.addon_context
-}
-
-module "thanos" {
-  count             = var.enable_thanos ? 1 : 0
-  source            = "./thanos"
-  helm_config       = var.thanos_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-  irsa_policies     = var.thanos_irsa_policies
-}
-
-module "traefik" {
-  count             = var.enable_traefik ? 1 : 0
-  source            = "./traefik"
-  helm_config       = var.traefik_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "vault" {
-  count = var.enable_vault ? 1 : 0
-
-  # See https://registry.terraform.io/modules/hashicorp/hashicorp-vault-eks-addon/aws/
-  source  = "hashicorp/hashicorp-vault-eks-addon/aws"
-  version = "1.0.0-rc2"
-
-  helm_config       = var.vault_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-}
-
-module "vpa" {
-  count             = var.enable_vpa ? 1 : 0
-  source            = "./vpa"
-  helm_config       = var.vpa_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "yunikorn" {
-  count             = var.enable_yunikorn ? 1 : 0
-  source            = "./yunikorn"
-  helm_config       = var.yunikorn_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "csi_secrets_store_provider_aws" {
-  count             = var.enable_secrets_store_csi_driver_provider_aws ? 1 : 0
-  source            = "./csi-secrets-store-provider-aws"
-  helm_config       = var.csi_secrets_store_provider_aws_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "secrets_store_csi_driver" {
-  count             = var.enable_secrets_store_csi_driver ? 1 : 0
-  source            = "./secrets-store-csi-driver"
-  helm_config       = var.secrets_store_csi_driver_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "aws_privateca_issuer" {
-  count                   = var.enable_aws_privateca_issuer ? 1 : 0
-  source                  = "./aws-privateca-issuer"
-  helm_config             = var.aws_privateca_issuer_helm_config
-  manage_via_gitops       = var.argocd_manage_add_ons
-  addon_context           = local.addon_context
-  aws_privateca_acmca_arn = var.aws_privateca_acmca_arn
-  irsa_policies           = var.aws_privateca_issuer_irsa_policies
-}
-
-module "velero" {
-  count             = var.enable_velero ? 1 : 0
-  source            = "./velero"
-  helm_config       = var.velero_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-  irsa_policies     = var.velero_irsa_policies
-  backup_s3_bucket  = var.velero_backup_s3_bucket
-}
-
-module "opentelemetry_operator" {
-  source = "./opentelemetry-operator"
-
-  count = var.enable_amazon_eks_adot || var.enable_opentelemetry_operator ? 1 : 0
-
-  # Amazon EKS ADOT addon
-  enable_amazon_eks_adot = var.enable_amazon_eks_adot
-  addon_config = merge(
-    {
-      kubernetes_version = var.eks_cluster_version
-    },
-    var.amazon_eks_adot_config,
-  )
-
-  # Self-managed OpenTelemetry Operator via Helm chart
-  enable_opentelemetry_operator = var.enable_opentelemetry_operator
-  helm_config                   = var.opentelemetry_operator_helm_config
-
-  addon_context = local.addon_context
-}
-
-module "adot_collector_java" {
-  source = "./adot-collector-java"
-
-  count = var.enable_adot_collector_java ? 1 : 0
-
-  helm_config   = var.adot_collector_java_helm_config
-  addon_context = local.addon_context
-
-  amazon_prometheus_workspace_endpoint = var.amazon_prometheus_workspace_endpoint
-  amazon_prometheus_workspace_region   = var.amazon_prometheus_workspace_region
-
-  depends_on = [
-    module.opentelemetry_operator
-  ]
-}
-
-module "adot_collector_haproxy" {
-  source = "./adot-collector-haproxy"
-
-  count = var.enable_adot_collector_haproxy ? 1 : 0
-
-  helm_config   = var.adot_collector_haproxy_helm_config
-  addon_context = local.addon_context
-
-  amazon_prometheus_workspace_endpoint = var.amazon_prometheus_workspace_endpoint
-  amazon_prometheus_workspace_region   = var.amazon_prometheus_workspace_region
-
-  depends_on = [
-    module.opentelemetry_operator
-  ]
-}
-
-module "adot_collector_memcached" {
-  source = "./adot-collector-memcached"
-
-  count = var.enable_adot_collector_memcached ? 1 : 0
-
-  helm_config   = var.adot_collector_memcached_helm_config
-  addon_context = local.addon_context
-
-  amazon_prometheus_workspace_endpoint = var.amazon_prometheus_workspace_endpoint
-  amazon_prometheus_workspace_region   = var.amazon_prometheus_workspace_region
-
-  depends_on = [
-    module.opentelemetry_operator
-  ]
-}
-
-module "adot_collector_nginx" {
-  source = "./adot-collector-nginx"
-
-  count = var.enable_adot_collector_nginx ? 1 : 0
-
-  helm_config   = var.adot_collector_nginx_helm_config
-  addon_context = local.addon_context
-
-  amazon_prometheus_workspace_endpoint = var.amazon_prometheus_workspace_endpoint
-  amazon_prometheus_workspace_region   = var.amazon_prometheus_workspace_region
-
-  depends_on = [
-    module.opentelemetry_operator
-  ]
-}
-
-module "kuberay_operator" {
-  source = "./kuberay-operator"
-
-  count = var.enable_kuberay_operator ? 1 : 0
-
-  helm_config   = var.kuberay_operator_helm_config
-  addon_context = local.addon_context
-}
-
-module "external_secrets" {
-  source = "./external-secrets"
-
-  count = var.enable_external_secrets ? 1 : 0
-
-  helm_config                           = var.external_secrets_helm_config
-  manage_via_gitops                     = var.argocd_manage_add_ons
-  addon_context                         = local.addon_context
-  irsa_policies                         = var.external_secrets_irsa_policies
-  external_secrets_ssm_parameter_arns   = var.external_secrets_ssm_parameter_arns
-  external_secrets_secrets_manager_arns = var.external_secrets_secrets_manager_arns
-}
-
-module "promtail" {
-  source = "./promtail"
-
-  count = var.enable_promtail ? 1 : 0
-
-  helm_config       = var.promtail_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "calico" {
-  source = "./calico"
-
-  count = var.enable_calico ? 1 : 0
-
-  helm_config       = var.calico_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "kubecost" {
-  source = "./kubecost"
-
-  count = var.enable_kubecost ? 1 : 0
-
-  helm_config       = var.kubecost_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "kyverno" {
-  source = "./kyverno"
-
-  count = var.enable_kyverno ? 1 : 0
-
-  addon_context     = local.addon_context
-  manage_via_gitops = var.argocd_manage_add_ons
-
-  kyverno_helm_config = var.kyverno_helm_config
-
-  enable_kyverno_policies      = var.enable_kyverno_policies
-  kyverno_policies_helm_config = var.kyverno_policies_helm_config
-
-  enable_kyverno_policy_reporter      = var.enable_kyverno_policy_reporter
-  kyverno_policy_reporter_helm_config = var.kyverno_policy_reporter_helm_config
-}
-
-module "smb_csi_driver" {
-  source = "./smb-csi-driver"
-
-  count = var.enable_smb_csi_driver ? 1 : 0
-
-  helm_config       = var.smb_csi_driver_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "chaos_mesh" {
-  source = "./chaos-mesh"
-
-  count = var.enable_chaos_mesh ? 1 : 0
-
-  helm_config       = var.chaos_mesh_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "cilium" {
-  source = "./cilium"
-
-  count = var.enable_cilium ? 1 : 0
-
-  helm_config       = var.cilium_helm_config
-  enable_wireguard  = var.cilium_enable_wireguard
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "gatekeeper" {
-  source = "./gatekeeper"
-
-  count = var.enable_gatekeeper ? 1 : 0
-
-  helm_config       = var.gatekeeper_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-module "local_volume_provisioner" {
-  source = "./local-volume-provisioner"
-
-  count = var.enable_local_volume_provisioner ? 1 : 0
-
-  helm_config   = var.local_volume_provisioner_helm_config
-  addon_context = local.addon_context
-}
-
-module "nvidia_device_plugin" {
-  source = "./nvidia-device-plugin"
-
-  count = var.enable_nvidia_device_plugin ? 1 : 0
-
-  helm_config       = var.nvidia_device_plugin_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
-
-# Sample app for demo purposes
-module "app_2048" {
-  source = "./app-2048"
-
-  count = var.enable_app_2048 ? 1 : 0
-}
-
-module "emr_on_eks" {
-  source = "./emr-on-eks"
-
-  for_each = { for k, v in var.emr_on_eks_config : k => v if var.enable_emr_on_eks }
-
-  # Kubernetes Namespace + Role/Role Binding
-  create_namespace       = try(each.value.create_namespace, true)
-  namespace              = try(each.value.namespace, each.value.name, each.key)
-  create_kubernetes_role = try(each.value.create_kubernetes_role, true)
-
-  # Job Execution Role
-  create_iam_role               = try(each.value.create_iam_role, true)
-  oidc_provider_arn             = var.eks_oidc_provider_arn
-  s3_bucket_arns                = try(each.value.s3_bucket_arns, ["*"])
-  role_name                     = try(each.value.role_name, each.value.name, each.key)
-  iam_role_use_name_prefix      = try(each.value.iam_role_use_name_prefix, true)
-  iam_role_path                 = try(each.value.iam_role_path, null)
-  iam_role_description          = try(each.value.iam_role_description, null)
-  iam_role_permissions_boundary = try(each.value.iam_role_permissions_boundary, null)
-  iam_role_additional_policies  = try(each.value.iam_role_additional_policies, {})
-
-  # Cloudwatch Log Group
-  create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_arn               = try(each.value.cloudwatch_log_group_arn, "arn:aws:logs:*:*:*")
-  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, 7)
-  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, null)
-
-  # EMR Virtual Cluster
-  name           = try(each.value.name, each.key)
-  eks_cluster_id = data.aws_eks_cluster.eks_cluster.id # Data source is tied to `sleep` to ensure data plane is ready first
-
-  tags = merge(var.tags, try(each.value.tags, {}))
-}
-
-module "consul" {
-  count             = var.enable_consul ? 1 : 0
-  source            = "./consul"
-  helm_config       = var.consul_helm_config
-  manage_via_gitops = var.argocd_manage_add_ons
-  addon_context     = local.addon_context
-}
diff --git a/modules/kubernetes-addons/metrics-server/README.md b/modules/kubernetes-addons/metrics-server/README.md
deleted file mode 100644
index 38ebd09c6c..0000000000
--- a/modules/kubernetes-addons/metrics-server/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# Metrics Server Helm Chart
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Metrics Server | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/metrics-server/locals.tf b/modules/kubernetes-addons/metrics-server/locals.tf
deleted file mode 100644
index 0cc68e53b0..0000000000
--- a/modules/kubernetes-addons/metrics-server/locals.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-locals {
-  name = "metrics-server"
-
-  # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://kubernetes-sigs.github.io/metrics-server/"
-    version     = "3.8.2"
-    namespace   = "kube-system"
-    description = "Metric server helm Chart deployment configuration"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/metrics-server/main.tf b/modules/kubernetes-addons/metrics-server/main.tf
deleted file mode 100644
index eaf3a4aaff..0000000000
--- a/modules/kubernetes-addons/metrics-server/main.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.this]
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
diff --git a/modules/kubernetes-addons/metrics-server/outputs.tf b/modules/kubernetes-addons/metrics-server/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/metrics-server/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/metrics-server/variables.tf b/modules/kubernetes-addons/metrics-server/variables.tf
deleted file mode 100644
index b9ebc17f79..0000000000
--- a/modules/kubernetes-addons/metrics-server/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Metrics Server"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/metrics-server/versions.tf b/modules/kubernetes-addons/metrics-server/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/metrics-server/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/README.md b/modules/kubernetes-addons/nvidia-device-plugin/README.md
deleted file mode 100644
index 93f4ab0c6c..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# NVIDIA Device Plugin
-
-The NVIDIA device plugin for Kubernetes is a Daemonset that allows you to automatically:
-
-* Expose the number of GPUs on each nodes of your cluster
-* Keep track of the health of your GPUs
-* Run GPU enabled containers in your Kubernetes cluster.
-
-Read the add-on [docs](../../../docs/add-ons/nvidia-device-plugin.md) for more details.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the add-on | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/locals.tf b/modules/kubernetes-addons/nvidia-device-plugin/locals.tf
deleted file mode 100644
index 35f046f0bc..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/locals.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-locals {
-  name = "nvidia-device-plugin"
-
-  # https://github.com/NVIDIA/k8s-device-plugin/blob/master/deployments/helm/nvidia-device-plugin/Chart.yaml
-  default_helm_config = {
-    name             = local.name
-    chart            = local.name
-    repository       = "https://nvidia.github.io/k8s-device-plugin"
-    version          = "0.12.3"
-    namespace        = local.name
-    description      = "nvidia-device-plugin Helm Chart deployment configuration"
-    create_namespace = true
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/main.tf b/modules/kubernetes-addons/nvidia-device-plugin/main.tf
deleted file mode 100644
index 8fe6ffd350..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/main.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/outputs.tf b/modules/kubernetes-addons/nvidia-device-plugin/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/variables.tf b/modules/kubernetes-addons/nvidia-device-plugin/variables.tf
deleted file mode 100644
index 293fca040d..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the add-on"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/nvidia-device-plugin/versions.tf b/modules/kubernetes-addons/nvidia-device-plugin/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/nvidia-device-plugin/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/ondat/README.md b/modules/kubernetes-addons/ondat/README.md
deleted file mode 100644
index e8b76cb3b6..0000000000
--- a/modules/kubernetes-addons/ondat/README.md
+++ /dev/null
@@ -1,79 +0,0 @@
-# Ondat add-on for EKS Blueprints
-
-## Introduction
-
-[Ondat](https://ondat.io) is a highly scalable Kubernetes data plane that
-provides stateful storage for applications. This blueprint installs Ondat
-on Amazon Elastic Kubernetes Service (AWS EKS).
-
-## Key features
-
-1. Hyperconverged (all nodes have storage) or centralised (some nodes
-have storage), Kubernetes-native storage on any infrastructure - use the
-same code and storage features in-cloud and on-premises!
-1. Best-in-class performance, availability and security - individually
-encrypted volumes, performs better than competitors and synchronizes replicas
-quickly and efficiently.
-1. NFS (RWX) support allowing for performant sharing of volumes across multiple
-workloads.
-1. Free tier with 1TiB of storage under management plus unlimited replicas
-1. Larger storage capacity and business support available in paid product
-
-Find out more in our [documentation](https://docs.ondat.io/docs/concepts/)!
-
-## Examples
-
-See [blueprints](blueprints/).
-
-<!--- BEGIN_TF_DOCS --->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.15.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.11.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons/helm-addon | v4.1.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace.ondat](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.storageos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_secret.etcd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_storage_class.etcd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
-| [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = optional(string)<br>    irsa_iam_permissions_boundary  = optional(string)<br>  })</pre> | n/a | yes |
-| <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | Password for the Ondat admin user | `string` | `"storageos"` | no |
-| <a name="input_admin_username"></a> [admin\_username](#input\_admin\_username) | Username for the Ondat admin user | `string` | `"storageos"` | no |
-| <a name="input_create_cluster"></a> [create\_cluster](#input\_create\_cluster) | Determines if the StorageOSCluster and secrets should be created | `bool` | `true` | no |
-| <a name="input_etcd_ca"></a> [etcd\_ca](#input\_etcd\_ca) | The PEM encoded CA for Ondat's etcd | `string` | `null` | no |
-| <a name="input_etcd_cert"></a> [etcd\_cert](#input\_etcd\_cert) | The PEM encoded client certificate for Ondat's etcd | `string` | `null` | no |
-| <a name="input_etcd_endpoints"></a> [etcd\_endpoints](#input\_etcd\_endpoints) | A list of etcd endpoints for Ondat | `list(string)` | `[]` | no |
-| <a name="input_etcd_key"></a> [etcd\_key](#input\_etcd\_key) | The PEM encoded client key for Ondat's etcd | `string` | `null` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the ondat addon | `any` | `{}` | no |
-| <a name="input_irsa_permissions_boundary"></a> [irsa\_permissions\_boundary](#input\_irsa\_permissions\_boundary) | IAM Policy ARN for IRSA IAM role permissions boundary | `string` | `""` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | IAM policy ARNs for Ondat IRSA | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-<!--- END_TF_DOCS --->
diff --git a/modules/kubernetes-addons/ondat/main.tf b/modules/kubernetes-addons/ondat/main.tf
deleted file mode 100644
index 0f9b6ca6ba..0000000000
--- a/modules/kubernetes-addons/ondat/main.tf
+++ /dev/null
@@ -1,179 +0,0 @@
-locals {
-  name                 = "ondat"
-  service_account_name = "storageos-operator"
-
-  ondat_etcd_endpoints = length(var.etcd_endpoints) == 0 ? "storageos-etcd.storageos-etcd:2379" : join(",", var.etcd_endpoints)
-
-  argocd_gitops_config = {
-    enable                             = true
-    etcdClusterCreate                  = length(var.etcd_endpoints) == 0
-    serviceAccountName                 = local.service_account_name
-    clusterSecretRefName               = "storageos-api"
-    clusterAdminUsername               = "storageos"
-    clusterAdminPassword               = "storageos"
-    clusterKvBackendAddress            = local.ondat_etcd_endpoints
-    clusterKvBackendTLSSecretName      = length(kubernetes_secret.etcd) > 0 ? kubernetes_secret.etcd[0].metadata[0].name : "storageos-etcd-secret"
-    clusterKvBackendTLSSecretNamespace = length(kubernetes_secret.etcd) > 0 ? kubernetes_secret.etcd[0].metadata[0].namespace : "storageos"
-    clusterNodeSelectorTermKey         = "storageos-node"
-    clusterNodeSelectorTermValue       = "1"
-    etcdNodeSelectorTermKey            = "storageos-etcd"
-    etcdNodeSelectorTermValue          = "1"
-  }
-
-  default_helm_values = [templatefile("${path.module}/values.yaml",
-    {
-      ondat_service_account_name   = local.service_account_name,
-      ondat_nodeselectorterm_key   = "storageos-node"
-      ondat_nodeselectorterm_value = "1"
-      etcd_nodeselectorterm_key    = "storageos-etcd"
-      etcd_nodeselectorterm_value  = "1"
-      ondat_admin_username         = "storageos",
-      ondat_admin_password         = "storageos",
-      ondat_credential_secret_name = "storageos-api",
-      etcd_address                 = local.ondat_etcd_endpoints,
-    },
-  )]
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-
-  helm_config = merge(
-    {
-      name             = local.name
-      chart            = "ondat"
-      repository       = "https://ondat.github.io/charts"
-      version          = "0.2.5"
-      namespace        = kubernetes_namespace.ondat.metadata[0].name
-      timeout          = "1500"
-      create_namespace = false
-      values           = local.default_helm_values
-      description      = "Ondat Helm Chart for storage"
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "ondat-operator.serviceAccount.name"
-      value = local.service_account_name
-    },
-    {
-      name  = "ondat-operator.cluster.create"
-      value = var.create_cluster
-    },
-    {
-      name  = "ondat-operator.cluster.secretRefName"
-      value = "storageos-api"
-    },
-    {
-      name  = "ondat-operator.cluster.kvBackend.address"
-      value = local.ondat_etcd_endpoints
-    },
-    {
-      name  = "ondat-operator.cluster.kvBackend.tlsSecretName"
-      value = length(kubernetes_secret.etcd) > 0 ? kubernetes_secret.etcd[0].metadata[0].name : "storageos-etcd-secret"
-    },
-    {
-      name  = "ondat-operator.cluster.kvBackend.tlsSecretNamespace"
-      value = length(kubernetes_secret.etcd) > 0 ? kubernetes_secret.etcd[0].metadata[0].namespace : "storageos"
-    },
-    {
-      name  = "etcd-cluster-operator.cluster.create"
-      value = length(var.etcd_endpoints) == 0
-    },
-  ]
-
-  set_sensitive_values = [
-    {
-      name  = "cluster.admin.username",
-      value = var.admin_username
-    },
-    {
-      name  = "cluster.admin.password",
-      value = var.admin_password
-    },
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace = false
-    kubernetes_namespace        = kubernetes_namespace.ondat.metadata[0].name
-
-    create_kubernetes_service_account = true
-    kubernetes_service_account        = local.service_account_name
-
-    iam_role_path                 = "/"
-    tags                          = var.addon_context.tags
-    eks_cluster_id                = var.addon_context.eks_cluster_id
-    irsa_iam_policies             = var.irsa_policies
-    irsa_iam_permissions_boundary = var.irsa_permissions_boundary
-  }
-
-  addon_context = var.addon_context
-}
-
-resource "kubernetes_namespace" "ondat" {
-  metadata {
-    name = "ondat"
-    labels = {
-      app = local.name
-    }
-  }
-}
-
-################################################################################
-# Secrets
-################################################################################
-
-resource "kubernetes_namespace" "storageos" {
-  count = length(var.etcd_endpoints) == 0 ? 0 : 1
-
-  metadata {
-    name = "storageos"
-    labels = {
-      app = local.name
-    }
-  }
-}
-
-resource "kubernetes_secret" "etcd" {
-  count = length(var.etcd_endpoints) == 0 ? 0 : 1
-
-  metadata {
-    name      = "storageos-etcd"
-    namespace = kubernetes_namespace.storageos[0].metadata[0].name
-    labels = {
-      app = local.name
-    }
-  }
-
-  data = {
-    "etcd-client-ca.crt" = var.etcd_ca
-    "etcd-client.crt"    = var.etcd_cert
-    "etcd-client.key"    = var.etcd_key
-  }
-
-  type = "kubernetes.io/storageos"
-}
-
-################################################################################
-# Storage Class
-################################################################################
-
-resource "kubernetes_storage_class" "etcd" {
-  count = length(var.etcd_endpoints) == 0 ? 1 : 0
-
-  metadata {
-    name = "etcd"
-  }
-
-  storage_provisioner = "ebs.csi.aws.com"
-  reclaim_policy      = "Retain"
-  volume_binding_mode = "WaitForFirstConsumer"
-
-  parameters = {
-    type = "gp3"
-  }
-}
diff --git a/modules/kubernetes-addons/ondat/outputs.tf b/modules/kubernetes-addons/ondat/outputs.tf
deleted file mode 100644
index b30c86b380..0000000000
--- a/modules/kubernetes-addons/ondat/outputs.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/ondat/values.yaml b/modules/kubernetes-addons/ondat/values.yaml
deleted file mode 100644
index 68c6e02fe8..0000000000
--- a/modules/kubernetes-addons/ondat/values.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-ondat-operator:
-  serviceAccount:
-    create: false
-    name: ${ondat_service_account_name}
-  cluster:
-    create: true
-    secretRefName: ${ondat_credential_secret_name}
-    admin:
-      username: ${ondat_admin_username}
-      password: ${ondat_admin_password}
-    kvBackend:
-      address: ${etcd_address}
-    nodeSelectorTerm:
-      key: ${ondat_nodeselectorterm_key}
-      value: ${ondat_nodeselectorterm_value}
-etcd-cluster-operator:
-  cluster:
-    replicas: 5
-    storage: 15Gi
-    storageclass: etcd
-    nodeSelectorTerm:
-      key: ${etcd_nodeselectorterm_key}
-      value: ${etcd_nodeselectorterm_value}
-  ondat:
-    namespace: storageos
diff --git a/modules/kubernetes-addons/ondat/variables.tf b/modules/kubernetes-addons/ondat/variables.tf
deleted file mode 100644
index 916a622fee..0000000000
--- a/modules/kubernetes-addons/ondat/variables.tf
+++ /dev/null
@@ -1,72 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the ondat addon"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type        = any
-}
-
-variable "irsa_permissions_boundary" {
-  description = "IAM Policy ARN for IRSA IAM role permissions boundary"
-  type        = string
-  default     = ""
-}
-
-variable "irsa_policies" {
-  description = "IAM policy ARNs for Ondat IRSA"
-  type        = list(string)
-  default     = []
-}
-
-variable "create_cluster" {
-  description = "Determines if the StorageOSCluster and secrets should be created"
-  type        = bool
-  default     = true
-}
-
-variable "etcd_endpoints" {
-  description = "A list of etcd endpoints for Ondat"
-  type        = list(string)
-  default     = []
-}
-
-variable "etcd_ca" {
-  description = "The PEM encoded CA for Ondat's etcd"
-  type        = string
-  default     = null
-}
-
-variable "etcd_cert" {
-  description = "The PEM encoded client certificate for Ondat's etcd"
-  type        = string
-  default     = null
-}
-
-variable "etcd_key" {
-  description = "The PEM encoded client key for Ondat's etcd"
-  type        = string
-  default     = null
-  sensitive   = true
-}
-
-variable "admin_username" {
-  description = "Username for the Ondat admin user"
-  type        = string
-  default     = "storageos"
-}
-
-variable "admin_password" {
-  description = "Password for the Ondat admin user"
-  type        = string
-  default     = "storageos"
-  sensitive   = true
-}
diff --git a/modules/kubernetes-addons/ondat/versions.tf b/modules/kubernetes-addons/ondat/versions.tf
deleted file mode 100644
index ec3c6c311a..0000000000
--- a/modules/kubernetes-addons/ondat/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.6.1"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/opentelemetry-operator/README.md b/modules/kubernetes-addons/opentelemetry-operator/README.md
deleted file mode 100644
index c0791d2589..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/README.md
+++ /dev/null
@@ -1,77 +0,0 @@
-# AWS OpenTelemetry Operator
-
-[AWS Distro for OpenTelemetry (ADOT)](https://aws-otel.github.io/) is a secure,
-production-ready, AWS-supported distribution of the OpenTelemetry project.
-Part of the Cloud Native Computing Foundation, OpenTelemetry provides open
-source APIs, libraries, and agents to collect distributed traces and metrics
-for application monitoring.
-
-This modules deploys either the
-[AWS Managed ADOT OpenTelemetry Operator for EKS](https://aws.amazon.com/about-aws/whats-new/2022/04/eks-opentelemetry-operator-now-available/)
-or [the OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-helm-charts)
-through helm.
-The OpenTelemetry Operator is an implementation of a Kubernetes Operator.
-A Kubernetes Operator is a method of packaging, deploying and managing a
-Kubernetes-native application, which is both deployed on Kubernetes and
-managed using the Kubernetes APIs and kubectl tooling. The Kubernetes Operator
-is a custom controller, which introduces new object types through Custom Resource
-Definition (CRD), an extension mechanism in Kubernetes.
-In this case, the CRD that is managed by the OpenTelemetry Operator is the Collector.
-
-> :warning: We do install [cert-manager](https://cert-manager.io/) as a [hard requirement](https://docs.aws.amazon.com/eks/latest/userguide/opentelemetry.html) for
-the ADOT Operator.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_cert_manager"></a> [cert\_manager](#module\_cert\_manager) | ../cert-manager | n/a |
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_eks_addon.adot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
-| [kubernetes_cluster_role_binding_v1.adot](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |
-| [kubernetes_cluster_role_v1.adot](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |
-| [kubernetes_namespace_v1.adot](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_role_binding_v1.adot](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |
-| [kubernetes_role_v1.adot](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_v1) | resource |
-| [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_config"></a> [addon\_config](#input\_addon\_config) | Amazon EKS Managed ADOT Add-on config | `any` | `{}` | no |
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_enable_amazon_eks_adot"></a> [enable\_amazon\_eks\_adot](#input\_enable\_amazon\_eks\_adot) | Enable Amazon EKS ADOT add-on | `bool` | `true` | no |
-| <a name="input_enable_opentelemetry_operator"></a> [enable\_opentelemetry\_operator](#input\_enable\_opentelemetry\_operator) | Enable opentelemetry operator addon | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for ADOT Operator AddOn | `any` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/opentelemetry-operator/locals.tf b/modules/kubernetes-addons/opentelemetry-operator/locals.tf
deleted file mode 100644
index 5168043447..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/locals.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-locals {
-  name                       = "adot"
-  eks_addon_role_name        = "eks:addon-manager"
-  eks_addon_clusterrole_name = "eks:addon-manager-otel"
-  addon_namespace            = "opentelemetry-operator-system"
-
-  create_namespace = var.enable_opentelemetry_operator ? true : try(var.helm_config.create_namespace, true)
-  namespace        = local.create_namespace ? kubernetes_namespace_v1.adot[0].metadata[0].name : try(var.helm_config.namespace, local.addon_namespace)
-
-  # https://github.com/open-telemetry/opentelemetry-helm-charts/blob/main/charts/opentelemetry-operator/Chart.yaml
-  default_helm_config = {
-    name        = "opentelemetry"
-    repository  = "https://open-telemetry.github.io/opentelemetry-helm-charts"
-    chart       = "opentelemetry-operator"
-    version     = "0.16.0"
-    namespace   = local.namespace
-    description = "ADOT Operator helm chart"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-}
diff --git a/modules/kubernetes-addons/opentelemetry-operator/main.tf b/modules/kubernetes-addons/opentelemetry-operator/main.tf
deleted file mode 100644
index 808bd638da..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/main.tf
+++ /dev/null
@@ -1,318 +0,0 @@
-module "cert_manager" {
-  source = "../cert-manager"
-
-  # https://docs.aws.amazon.com/eks/latest/userguide/adot-reqts.html
-  # certmanaager v1.6.0 onwards is not supported yet
-  helm_config   = { version = "v1.5.0" }
-  addon_context = var.addon_context
-}
-
-resource "kubernetes_namespace_v1" "adot" {
-  count = local.create_namespace ? 1 : 0
-
-  metadata {
-    # If using EKS addon, namespace must be "opentelemetry-operator-system"
-    name = var.enable_amazon_eks_adot ? local.addon_namespace : try(var.helm_config.namespace, local.addon_namespace)
-
-    labels = {
-      # Prerequisite for EKS addon
-      "control-plane" = "controller-manager"
-    }
-  }
-}
-
-data "aws_eks_addon_version" "this" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  addon_name = local.name
-  # Need to allow both config routes - for managed and self-managed configs
-  kubernetes_version = try(var.addon_config.kubernetes_version, var.helm_config.kubernetes_version)
-  most_recent        = try(var.addon_config.most_recent, var.helm_config.most_recent, true)
-}
-
-resource "aws_eks_addon" "adot" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  cluster_name             = var.addon_context.eks_cluster_id
-  addon_name               = local.name
-  addon_version            = try(var.addon_config.addon_version, data.aws_eks_addon_version.this[0].version)
-  resolve_conflicts        = try(var.addon_config.resolve_conflicts, "OVERWRITE")
-  service_account_role_arn = try(var.addon_config.service_account_role_arn, null)
-  preserve                 = try(var.addon_config.preserve, true)
-
-  tags = merge(
-    var.addon_context.tags,
-    try(var.addon_config.tags, {}),
-    # implicit dependency with roles
-    {
-      RoleVersion        = try(kubernetes_role_v1.adot[0].metadata[0].resource_version, ""),
-      ClusterRoleVersion = try(kubernetes_cluster_role_v1.adot[0].metadata[0].resource_version, "")
-    }
-  )
-
-  depends_on = [module.cert_manager]
-}
-
-resource "kubernetes_role_v1" "adot" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  metadata {
-    name      = local.eks_addon_role_name
-    namespace = kubernetes_namespace_v1.adot[0].metadata[0].name
-  }
-
-  rule {
-    api_groups     = [""]
-    resources      = ["serviceaccounts"]
-    resource_names = ["opentelemetry-operator-controller-manager"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["rbac.authorization.k8s.io"]
-    resources      = ["roles"]
-    resource_names = ["opentelemetry-operator-leader-election-role"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["rbac.authorization.k8s.io"]
-    resources      = ["rolebindings"]
-    resource_names = ["opentelemetry-operator-leader-election-rolebinding"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = [""]
-    resources      = ["services"]
-    resource_names = ["opentelemetry-operator-controller-manager-metrics-service", "opentelemetry-operator-webhook-service"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["apps"]
-    resources      = ["deployments"]
-    resource_names = ["opentelemetry-operator-controller-manager"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["cert-manager.io"]
-    resources      = ["certificates", "issuers"]
-    resource_names = ["opentelemetry-operator-serving-cert", "opentelemetry-operator-selfsigned-issuer"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps/status"]
-    verbs      = ["get", "update", "patch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["events"]
-    verbs      = ["create", "patch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["pods"]
-    verbs      = ["list"]
-  }
-}
-
-resource "kubernetes_role_binding_v1" "adot" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  metadata {
-    name      = local.eks_addon_role_name
-    namespace = kubernetes_namespace_v1.adot[0].metadata[0].name
-  }
-
-  subject {
-    kind      = "User"
-    name      = local.eks_addon_role_name
-    api_group = "rbac.authorization.k8s.io"
-  }
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "Role"
-    name      = local.eks_addon_role_name
-  }
-}
-
-resource "kubernetes_cluster_role_v1" "adot" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  metadata {
-    name = local.eks_addon_clusterrole_name
-  }
-
-  rule {
-    api_groups     = ["apiextensions.k8s.io"]
-    resources      = ["customresourcedefinitions"]
-    resource_names = ["opentelemetrycollectors.opentelemetry.io", "instrumentations.opentelemetry.io"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = [""]
-    resources      = ["namespaces"]
-    resource_names = [kubernetes_namespace_v1.adot[0].metadata[0].name]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["rbac.authorization.k8s.io"]
-    resources      = ["clusterroles"]
-    resource_names = ["opentelemetry-operator-manager-role", "opentelemetry-operator-metrics-reader", "opentelemetry-operator-proxy-role"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["rbac.authorization.k8s.io"]
-    resources      = ["clusterrolebindings"]
-    resource_names = ["opentelemetry-operator-manager-rolebinding", "opentelemetry-operator-proxy-rolebinding"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups     = ["admissionregistration.k8s.io"]
-    resources      = ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
-    resource_names = ["opentelemetry-operator-mutating-webhook-configuration", "opentelemetry-operator-validating-webhook-configuration"]
-    verbs          = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    non_resource_urls = ["/metrics"]
-    verbs             = ["get"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["events"]
-    verbs      = ["create", "patch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["namespaces"]
-    verbs      = ["list", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["serviceaccounts"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["services"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["apps"]
-    resources  = ["daemonsets"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["apps"]
-    resources  = ["deployments"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["apps"]
-    resources  = ["replicasets"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["apps"]
-    resources  = ["statefulsets"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["autoscaling"]
-    resources  = ["horizontalpodautoscalers"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["coordination.k8s.io"]
-    resources  = ["leases"]
-    verbs      = ["create", "get", "list", "update"]
-  }
-  rule {
-    api_groups = ["opentelemetry.io"]
-    resources  = ["opentelemetrycollectors"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["opentelemetry.io"]
-    resources  = ["opentelemetrycollectors/finalizers"]
-    verbs      = ["get", "patch", "update"]
-  }
-  rule {
-    api_groups = ["opentelemetry.io"]
-    resources  = ["opentelemetrycollectors/status"]
-    verbs      = ["get", "patch", "update"]
-  }
-  rule {
-    api_groups = ["opentelemetry.io"]
-    resources  = ["instrumentations"]
-    verbs      = ["get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = ["authentication.k8s.io"]
-    resources  = ["tokenreviews"]
-    verbs      = ["create"]
-  }
-  rule {
-    api_groups = ["authorization.k8s.io"]
-    resources  = ["subjectaccessreviews"]
-    verbs      = ["create"]
-  }
-  rule {
-    api_groups = ["networking.k8s.io"]
-    resources  = ["ingresses"]
-    verbs      = ["create", "delete", "get", "list", "patch", "update", "watch"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["endpoints"]
-    verbs      = ["get"]
-  }
-  rule {
-    api_groups = [""]
-    resources  = ["nodes/proxy"]
-    verbs      = ["get", "list", "watch"]
-  }
-  rule {
-    api_groups = ["extensions"]
-    resources  = ["ingresses"]
-    verbs      = ["get"]
-  }
-}
-
-resource "kubernetes_cluster_role_binding_v1" "adot" {
-  count = var.enable_amazon_eks_adot ? 1 : 0
-
-  metadata {
-    name = local.eks_addon_clusterrole_name
-  }
-  subject {
-    kind      = "User"
-    name      = local.eks_addon_role_name
-    api_group = "rbac.authorization.k8s.io"
-  }
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = local.eks_addon_clusterrole_name
-  }
-
-}
-
-
-module "helm_addon" {
-  source = "../helm-addon"
-  count  = var.enable_opentelemetry_operator ? 1 : 0
-
-  helm_config   = local.helm_config
-  addon_context = var.addon_context
-
-  depends_on = [module.cert_manager]
-}
diff --git a/modules/kubernetes-addons/opentelemetry-operator/outputs.tf b/modules/kubernetes-addons/opentelemetry-operator/outputs.tf
deleted file mode 100644
index a81c53eadc..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/outputs.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = try(module.helm_addon[0].release_metadata, null)
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = try(module.helm_addon[0].irsa_arn, null)
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = try(module.helm_addon[0].irsa_name, null)
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = try(module.helm_addon[0].service_account, null)
-}
diff --git a/modules/kubernetes-addons/opentelemetry-operator/variables.tf b/modules/kubernetes-addons/opentelemetry-operator/variables.tf
deleted file mode 100644
index bb7c0dd65c..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/variables.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for ADOT Operator AddOn"
-  type        = any
-  default     = {}
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-    tags                           = map(string)
-  })
-}
-
-variable "addon_config" {
-  description = "Amazon EKS Managed ADOT Add-on config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_amazon_eks_adot" {
-  description = "Enable Amazon EKS ADOT add-on"
-  type        = bool
-  default     = true
-}
-
-variable "enable_opentelemetry_operator" {
-  description = "Enable opentelemetry operator addon"
-  type        = bool
-  default     = false
-}
diff --git a/modules/kubernetes-addons/opentelemetry-operator/versions.tf b/modules/kubernetes-addons/opentelemetry-operator/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/opentelemetry-operator/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/outputs.tf b/modules/kubernetes-addons/outputs.tf
deleted file mode 100644
index b0fde0dbe9..0000000000
--- a/modules/kubernetes-addons/outputs.tf
+++ /dev/null
@@ -1,319 +0,0 @@
-output "adot_collector_haproxy" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.adot_collector_haproxy[0], null)
-}
-
-output "adot_collector_java" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.adot_collector_java[0], null)
-}
-
-output "adot_collector_memcached" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.adot_collector_memcached[0], null)
-}
-
-output "adot_collector_nginx" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.adot_collector_nginx[0], null)
-}
-
-output "agones" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.agones[0], null)
-}
-
-output "airflow" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.airflow[0], null)
-}
-
-output "appmesh_controller" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.appmesh_controller[0], null)
-}
-
-output "argocd" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.argocd[0], null)
-}
-
-output "argo_rollouts" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.argo_rollouts[0], null)
-}
-
-output "argo_workflows" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.argo_workflows[0], null)
-}
-
-output "aws_cloudwatch_metrics" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_cloudwatch_metrics[0], null)
-}
-
-output "aws_coredns" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_coredns[0], null)
-}
-
-output "aws_ebs_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_ebs_csi_driver[0], null)
-}
-
-output "aws_efs_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_efs_csi_driver[0], null)
-}
-
-output "aws_for_fluent_bit" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_for_fluent_bit[0], null)
-}
-
-output "aws_fsx_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_fsx_csi_driver[0], null)
-}
-
-output "aws_kube_proxy" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_kube_proxy[0], null)
-}
-
-output "aws_load_balancer_controller" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_load_balancer_controller[0], null)
-}
-
-output "aws_node_termination_handler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_node_termination_handler[0], null)
-}
-
-output "aws_privateca_issuer" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_privateca_issuer[0], null)
-}
-
-output "aws_vpc_cni" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.aws_vpc_cni[0], null)
-}
-
-output "calico" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.calico[0], null)
-}
-
-output "cert_manager" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.cert_manager[0], null)
-}
-
-output "cert_manager_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.cert_manager_csi_driver[0], null)
-}
-
-output "cert_manager_istio_csr" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.cert_manager_istio_csr[0], null)
-}
-
-output "chaos_mesh" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.chaos_mesh[0], null)
-}
-
-output "cilium" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.cilium[0], null)
-}
-
-output "cluster_autoscaler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.cluster_autoscaler[0], null)
-}
-
-output "coredns_autoscaler" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.coredns_autoscaler[0], null)
-}
-
-output "crossplane" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.crossplane[0], null)
-}
-
-output "csi_secrets_store_provider_aws" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.csi_secrets_store_provider_aws[0], null)
-}
-
-output "datadog_operator" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.datadog_operator[0], null)
-}
-
-output "external_dns" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.external_dns[0], null)
-}
-
-output "external_secrets" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.external_secrets[0], null)
-}
-
-output "fargate_fluentbit" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.fargate_fluentbit[0], null)
-}
-
-output "gatekeeper" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.gatekeeper[0], null)
-}
-
-output "grafana" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.grafana[0], null)
-}
-
-output "ingress_nginx" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.ingress_nginx[0], null)
-}
-
-output "karpenter" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.karpenter[0], null)
-}
-
-output "keda" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.keda[0], null)
-}
-
-output "kubecost" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kubecost[0], null)
-}
-
-output "kube_prometheus_stack" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kube_prometheus_stack[0], null)
-}
-
-output "kuberay_operator" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kuberay_operator[0], null)
-}
-
-output "kubernetes_dashboard" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kubernetes_dashboard[0], null)
-}
-
-output "kyverno" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kyverno[0], null)
-}
-
-output "local_volume_provisioner" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.local_volume_provisioner[0], null)
-}
-
-output "metrics_server" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.metrics_server[0], null)
-}
-
-output "kube_state_metrics" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.kube_state_metrics[0], null)
-}
-
-output "nvidia_device_plugin" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.nvidia_device_plugin[0], null)
-}
-
-output "opentelemetry_operator" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.opentelemetry_operator[0], null)
-}
-
-output "prometheus" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.prometheus[0], null)
-}
-
-output "promtail" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.promtail[0], null)
-}
-
-output "reloader" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.reloader[0], null)
-}
-
-output "secrets_store_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.secrets_store_csi_driver[0], null)
-}
-
-output "smb_csi_driver" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.smb_csi_driver[0], null)
-}
-
-output "spark_history_server" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.spark_history_server[0], null)
-}
-
-output "spark_k8s_operator" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.spark_k8s_operator[0], null)
-}
-
-output "strimzi_kafka_operator" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.strimzi_kafka_operator[0], null)
-}
-
-output "thanos" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.thanos[0], null)
-}
-
-output "traefik" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.traefik[0], null)
-}
-
-output "velero" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.velero[0], null)
-}
-
-output "vpa" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.vpa[0], null)
-}
-
-output "yunikorn" {
-  description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.yunikorn[0], null)
-}
-
-output "emr_on_eks" {
-  description = "EMR on EKS"
-  value       = module.emr_on_eks
-}
diff --git a/modules/kubernetes-addons/prometheus/README.md b/modules/kubernetes-addons/prometheus/README.md
deleted file mode 100644
index 908ee734e4..0000000000
--- a/modules/kubernetes-addons/prometheus/README.md
+++ /dev/null
@@ -1,94 +0,0 @@
-# Prometheus Helm Chart
-
-## Instructions to upload Prometheus Docker image to AWS ECR
-
-Step 1: Get the latest docker image from this link
-
-        https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml
-
-Step 2: Download the docker image to your local Mac/Laptop
-
-        $ docker pull quay.io/prometheus/prometheus:v2.31.1
-        $ docker pull quay.io/prometheus/alertmanager:v0.23.0
-        $ docker pull jimmidyson/configmap-reload:v0.5.0
-        $ docker pull quay.io/prometheus/node-exporter:v1.3.0
-        $ docker pull prom/pushgateway:v1.4.2
-
-Step 3: Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:
-
-        $ aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin <account id>.dkr.ecr.eu-west-1.amazonaws.com
-
-Step 4: Create an ECR repo for each image mentioned in Step 2 with the same in ECR. See example for
-
-        $ aws ecr create-repository \
-              --repository-name quay.io/prometheus/prometheus \
-              --image-scanning-configuration scanOnPush=true
-
-Repeat the above steps for other 4 images
-
-Step 5: After the build completes, tag your image so, you can push the image to this repository:
-
-        $ docker tag quay.io/prometheus/prometheus:v2.31.1 <accountid>.dkr.ecr.eu-west-1.amazonaws.com/quay.io/prometheus/prometheus:v2.31.1
-
-Repeat the above steps for other 4 images
-
-Step 6: Run the following command to push this image to your newly created AWS repository:
-
-        $ docker push <accountid>.dkr.ecr.eu-west-1.amazonaws.com/quay.io/prometheus/prometheus:v2.31.1
-
-Repeat the above steps for other 4 images
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-| <a name="module_irsa_amp_ingest"></a> [irsa\_amp\_ingest](#module\_irsa\_amp\_ingest) | ../../../modules/irsa | n/a |
-| <a name="module_irsa_amp_query"></a> [irsa\_amp\_query](#module\_irsa\_amp\_query) | ../../../modules/irsa | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [kubernetes_namespace_v1.prometheus](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [aws_iam_policy_document.ingest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.query](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_amazon_prometheus_workspace_endpoint"></a> [amazon\_prometheus\_workspace\_endpoint](#input\_amazon\_prometheus\_workspace\_endpoint) | Amazon Managed Prometheus Workspace Endpoint | `string` | `null` | no |
-| <a name="input_enable_amazon_prometheus"></a> [enable\_amazon\_prometheus](#input\_enable\_amazon\_prometheus) | Enable AWS Managed Prometheus service | `bool` | `false` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/prometheus/data.tf b/modules/kubernetes-addons/prometheus/data.tf
deleted file mode 100644
index 3bf3342651..0000000000
--- a/modules/kubernetes-addons/prometheus/data.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-# ------------------------------------------
-# AMP Ingest Permissions
-# ------------------------------------------
-data "aws_iam_policy_document" "ingest" {
-  statement {
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*",
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*/*",
-    ]
-
-    actions = [
-      "aps:ListWorkspaces",
-      "aps:GetLabels",
-      "aps:GetMetricMetadata",
-      "aps:GetSeries",
-      "aps:RemoteWrite",
-    ]
-  }
-}
-
-# ------------------------------------------
-# AMP Query Permissions
-# ------------------------------------------
-data "aws_iam_policy_document" "query" {
-  statement {
-    effect = "Allow"
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*",
-      "arn:${var.addon_context.aws_partition_id}:aps:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:workspace/*/*",
-    ]
-
-    actions = [
-      "aps:ListWorkspaces",
-      "aps:GetLabels",
-      "aps:GetMetricMetadata",
-      "aps:GetSeries",
-      "aps:QueryMetrics",
-    ]
-  }
-}
diff --git a/modules/kubernetes-addons/prometheus/main.tf b/modules/kubernetes-addons/prometheus/main.tf
deleted file mode 100644
index 0b01842ab2..0000000000
--- a/modules/kubernetes-addons/prometheus/main.tf
+++ /dev/null
@@ -1,130 +0,0 @@
-locals {
-  name             = try(var.helm_config.name, "prometheus")
-  namespace_name   = try(var.helm_config.namespace, "prometheus")
-  create_namespace = try(var.helm_config.create_namespace, true) && local.namespace_name != "kube-system"
-
-  # `namespace_name` is just the string representation of the namespace name
-  # `namespace` is the name of the resultant namespace to use - created or not
-  namespace = local.create_namespace ? kubernetes_namespace_v1.prometheus[0].metadata[0].name : local.namespace_name
-
-  workspace_url          = var.amazon_prometheus_workspace_endpoint != null ? "${var.amazon_prometheus_workspace_endpoint}api/v1/remote_write" : ""
-  ingest_service_account = "amp-ingest"
-  ingest_iam_role_arn    = var.enable_amazon_prometheus ? module.irsa_amp_ingest[0].irsa_iam_role_arn : ""
-
-  amp_gitops_config = var.enable_amazon_prometheus ? {
-    roleArn            = local.ingest_iam_role_arn
-    ampWorkspaceUrl    = local.workspace_url
-    serviceAccountName = local.ingest_service_account
-  } : {}
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-
-  # https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      version     = "15.17.0"
-      repository  = "https://prometheus-community.github.io/helm-charts"
-      namespace   = local.namespace_name
-      description = "Prometheus helm Chart deployment configuration"
-      values = [templatefile("${path.module}/values.yaml", {
-        operating_system = try(var.helm_config.operating_system, "linux")
-      })]
-    },
-    var.helm_config
-  )
-
-  set_values = var.enable_amazon_prometheus ? [
-    {
-      name  = "serviceAccounts.server.name"
-      value = local.ingest_service_account
-    },
-    {
-      name  = "serviceAccounts.server.create"
-      value = false
-    },
-    {
-      name  = "serviceAccounts.server.annotations.eks\\.amazonaws\\.com/role-arn"
-      value = local.ingest_iam_role_arn
-    },
-    {
-      name  = "server.remoteWrite[0].url"
-      value = local.workspace_url
-    },
-    {
-      name  = "server.remoteWrite[0].sigv4.region"
-      value = var.addon_context.aws_region_name
-    }
-  ] : []
-
-  addon_context = var.addon_context
-}
-
-resource "kubernetes_namespace_v1" "prometheus" {
-  count = local.create_namespace ? 1 : 0
-
-  metadata {
-    name = local.namespace_name
-  }
-}
-
-# ------------------------------------------
-# AMP Ingest Permissions
-# ------------------------------------------
-resource "aws_iam_policy" "ingest" {
-  count = var.enable_amazon_prometheus ? 1 : 0
-
-  name        = format("%s-%s", "amp-ingest", var.addon_context.eks_cluster_id)
-  description = "Set up the permission policy that grants ingest (remote write) permissions for AMP workspace"
-  policy      = data.aws_iam_policy_document.ingest.json
-  tags        = var.addon_context.tags
-}
-
-module "irsa_amp_ingest" {
-  source = "../../../modules/irsa"
-
-  count = var.enable_amazon_prometheus ? 1 : 0
-
-  create_kubernetes_namespace = false
-  kubernetes_namespace        = local.namespace
-
-  kubernetes_service_account    = local.ingest_service_account
-  irsa_iam_policies             = [try(aws_iam_policy.ingest[0].arn, "")]
-  irsa_iam_role_path            = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn         = var.addon_context.eks_oidc_provider_arn
-}
-
-# ------------------------------------------
-# AMP Query Permissions
-# ------------------------------------------
-resource "aws_iam_policy" "query" {
-  count = var.enable_amazon_prometheus ? 1 : 0
-
-  name        = format("%s-%s", "amp-query", var.addon_context.eks_cluster_id)
-  description = "Set up the permission policy that grants query permissions for AMP workspace"
-  policy      = data.aws_iam_policy_document.query.json
-  tags        = var.addon_context.tags
-}
-
-module "irsa_amp_query" {
-  source = "../../../modules/irsa"
-
-  count = var.enable_amazon_prometheus ? 1 : 0
-
-  create_kubernetes_namespace = false
-  kubernetes_namespace        = local.namespace
-
-  kubernetes_service_account    = "amp-query"
-  irsa_iam_policies             = [aws_iam_policy.query[0].arn]
-  irsa_iam_role_path            = var.addon_context.irsa_iam_role_path
-  irsa_iam_permissions_boundary = var.addon_context.irsa_iam_permissions_boundary
-  eks_cluster_id                = var.addon_context.eks_cluster_id
-  eks_oidc_provider_arn         = var.addon_context.eks_oidc_provider_arn
-}
diff --git a/modules/kubernetes-addons/prometheus/outputs.tf b/modules/kubernetes-addons/prometheus/outputs.tf
deleted file mode 100644
index c315e0d11a..0000000000
--- a/modules/kubernetes-addons/prometheus/outputs.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value = var.manage_via_gitops ? merge(
-    { enable = true },
-    local.amp_gitops_config
-  ) : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/prometheus/values.yaml b/modules/kubernetes-addons/prometheus/values.yaml
deleted file mode 100644
index fa3c05843b..0000000000
--- a/modules/kubernetes-addons/prometheus/values.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-server:
-  retention: 1h
-
-  global:
-    evaluation_interval: 30s
-    scrape_interval: 30s
-    scrape_timeout: 10s
-
-  resources:
-    requests:
-      cpu: 500m
-      memory: 1Gi
-
-  nodeSelector:
-    kubernetes.io/os: ${operating_system}
-
-  persistentVolume:
-    accessModes:
-      - ReadWriteOnce
-    enabled: true
-    mountPath: /data
-    size: 20Gi
-    storageClass: gp2
-
-alertmanager:
-  enabled: false
-  nodeSelector:
-    kubernetes.io/os: ${operating_system}
-
-kube-state-metrics:
-  enabled: true
-  nodeSelector:
-    kubernetes.io/os: ${operating_system}
-  resources:
-    limits:
-      cpu: 200m
-      memory: 512Mi
-    requests:
-      cpu: 200m
-      memory: 512Mi
-
-pushgateway:
-  enabled: false
-  nodeSelector:
-    kubernetes.io/os: ${operating_system}
-
-nodeExporter:
-  nodeSelector:
-    kubernetes.io/os: ${operating_system}
-
-  resources:
-    limits:
-      cpu: 200m
-      memory: 512Mi
-    requests:
-      cpu: 200m
-      memory: 512Mi
diff --git a/modules/kubernetes-addons/prometheus/variables.tf b/modules/kubernetes-addons/prometheus/variables.tf
deleted file mode 100644
index 160f2b7d0b..0000000000
--- a/modules/kubernetes-addons/prometheus/variables.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for Prometheus"
-  type        = any
-  default     = {}
-}
-
-variable "enable_amazon_prometheus" {
-  description = "Enable AWS Managed Prometheus service"
-  type        = bool
-  default     = false
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "Amazon Managed Prometheus Workspace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/prometheus/versions.tf b/modules/kubernetes-addons/prometheus/versions.tf
deleted file mode 100644
index d2ddf87cc2..0000000000
--- a/modules/kubernetes-addons/prometheus/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/promtail/README.md b/modules/kubernetes-addons/promtail/README.md
deleted file mode 100644
index 73e5ebf23a..0000000000
--- a/modules/kubernetes-addons/promtail/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# Promtail Helm Chart
-Promtail is an agent which ships the contents of local logs to a Loki instance
-
-For more details checkout [promtail](https://grafana.com/docs/loki/latest/clients/promtail/installation/) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for promtail | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/promtail/main.tf b/modules/kubernetes-addons/promtail/main.tf
deleted file mode 100644
index c51c4ec425..0000000000
--- a/modules/kubernetes-addons/promtail/main.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/grafana/helm-charts/blob/main/charts/promtail/Chart.yaml
-  helm_config = merge(
-    {
-      name             = "promtail"
-      chart            = "promtail"
-      repository       = "https://grafana.github.io/helm-charts"
-      version          = "6.6.0"
-      namespace        = "promtail"
-      create_namespace = true
-      description      = "Promtail helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/promtail/outputs.tf b/modules/kubernetes-addons/promtail/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/promtail/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/promtail/variables.tf b/modules/kubernetes-addons/promtail/variables.tf
deleted file mode 100644
index 1556b2392c..0000000000
--- a/modules/kubernetes-addons/promtail/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for promtail"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/promtail/versions.tf b/modules/kubernetes-addons/promtail/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/promtail/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/reloader/README.md b/modules/kubernetes-addons/reloader/README.md
deleted file mode 100644
index 1e0258023d..0000000000
--- a/modules/kubernetes-addons/reloader/README.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Reloader Helm Chart
-
-This add-on configures the [Reloader Helm Chart](https://github.com/stakater/Reloader)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Reloader. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/reloader/main.tf b/modules/kubernetes-addons/reloader/main.tf
deleted file mode 100644
index 6b2939029d..0000000000
--- a/modules/kubernetes-addons/reloader/main.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-locals {
-  name = "reloader"
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.name
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/chart/reloader/Chart.yaml
-  helm_config = merge(
-    {
-      name             = local.name
-      chart            = local.name
-      repository       = "https://stakater.github.io/stakater-charts"
-      version          = "v0.0.124"
-      namespace        = local.name
-      create_namespace = true
-      description      = "Reloader Helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/reloader/outputs.tf b/modules/kubernetes-addons/reloader/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/reloader/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/reloader/variables.tf b/modules/kubernetes-addons/reloader/variables.tf
deleted file mode 100644
index c4abc01a75..0000000000
--- a/modules/kubernetes-addons/reloader/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Reloader."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/reloader/versions.tf b/modules/kubernetes-addons/reloader/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/reloader/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/README.md b/modules/kubernetes-addons/secrets-store-csi-driver/README.md
deleted file mode 100644
index 546e654702..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# Secrets Store CSI Driver Helm Chart
-
-# Introduction
-
-Secrets Store CSI Driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/) volume.
-
-The Secrets Store CSI Driver `secrets-store.csi.k8s.io` allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.
-
-For more details, refer [Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/)
-
-# Helm Chart
-
-### Instructions to use the Helm Chart
-
-See the [secrets-store-csi-driver](https://secrets-store-csi-driver.sigs.k8s.io/getting-started/installation.html).
-
-<!--- BEGIN_TF_DOCS --->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace.secrets_store_csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Cluster Autoscaler Helm Config | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-
-<!--- END_TF_DOCS --->
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf b/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf
deleted file mode 100644
index e1fc7ea07c..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/locals.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-locals {
-  name = "secrets-store-csi-driver"
-
-  # https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/Chart.yaml
-  default_helm_config = {
-    name        = "csi-secrets-store"
-    chart       = local.name
-    repository  = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
-    version     = "1.3.1"
-    namespace   = local.name
-    description = "A Helm chart to install the Secrets Store CSI Driver"
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/main.tf b/modules/kubernetes-addons/secrets-store-csi-driver/main.tf
deleted file mode 100644
index 6d83665fe6..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/main.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-resource "kubernetes_namespace_v1" "secrets_store_csi_driver" {
-  metadata {
-    name = local.name
-
-    labels = {
-      "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints"
-    }
-  }
-}
-
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.secrets_store_csi_driver]
-}
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/outputs.tf b/modules/kubernetes-addons/secrets-store-csi-driver/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/variables.tf b/modules/kubernetes-addons/secrets-store-csi-driver/variables.tf
deleted file mode 100644
index 442d1aaa0f..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  type        = any
-  default     = {}
-  description = "CSI Secrets Store Provider Helm Configurations"
-}
-
-variable "manage_via_gitops" {
-  type        = bool
-  default     = false
-  description = "Determines if the add-on should be managed via GitOps."
-}
-
-variable "addon_context" {
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-  description = "Input configuration for the addon"
-}
diff --git a/modules/kubernetes-addons/secrets-store-csi-driver/versions.tf b/modules/kubernetes-addons/secrets-store-csi-driver/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/secrets-store-csi-driver/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/smb-csi-driver/README.md b/modules/kubernetes-addons/smb-csi-driver/README.md
deleted file mode 100644
index 9255f75db7..0000000000
--- a/modules/kubernetes-addons/smb-csi-driver/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-# SMB CSI Driver Helm Chart
-SMB CSI Driver allows Kubernetes to access SMB server on both Linux and Windows nodes.
-
-For more details checkout [SMB CSI Driver](https://github.com/kubernetes-csi/csi-driver-smb) docs
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for SMB CSI driver | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/smb-csi-driver/main.tf b/modules/kubernetes-addons/smb-csi-driver/main.tf
deleted file mode 100644
index 1b8745373d..0000000000
--- a/modules/kubernetes-addons/smb-csi-driver/main.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/kubernetes-csi/csi-driver-smb/blob/master/charts/latest/csi-driver-smb/Chart.yaml
-  helm_config = merge(
-    {
-      name        = "csi-driver-smb"
-      chart       = "csi-driver-smb"
-      repository  = "https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts"
-      version     = "v1.9.0"
-      namespace   = "kube-system"
-      description = "SMB CSI driver helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/smb-csi-driver/outputs.tf b/modules/kubernetes-addons/smb-csi-driver/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/smb-csi-driver/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/smb-csi-driver/variables.tf b/modules/kubernetes-addons/smb-csi-driver/variables.tf
deleted file mode 100644
index 61d6d8f682..0000000000
--- a/modules/kubernetes-addons/smb-csi-driver/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for SMB CSI driver"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/smb-csi-driver/versions.tf b/modules/kubernetes-addons/smb-csi-driver/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/smb-csi-driver/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/spark-history-server/README.md b/modules/kubernetes-addons/spark-history-server/README.md
deleted file mode 100644
index 4a9cedd54d..0000000000
--- a/modules/kubernetes-addons/spark-history-server/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Spark History Server
-
-Spark WebUI Add-on with Spark History Server
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Spark K8s Operator | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-| <a name="input_s3a_path"></a> [s3a\_path](#input\_s3a\_path) | s3a path with prefix for Spark history server e.g., s3a://<bucket\_name>/<spark\_event\_logs> | `string` | `""` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/spark-history-server/locals.tf b/modules/kubernetes-addons/spark-history-server/locals.tf
deleted file mode 100644
index 8bb3f18528..0000000000
--- a/modules/kubernetes-addons/spark-history-server/locals.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-locals {
-  name = "spark-history-server"
-
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://hyper-mesh.github.io/spark-history-server"
-    version     = "1.0.0"
-    namespace   = local.name
-    description = "Helm chart for deploying Spark WebUI with Spark History Server in EKS using S3 Spark Event logs"
-    values      = local.default_helm_values
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  set_values = [{
-    name  = "serviceAccount.name"
-    value = local.name
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    kubernetes_namespace                = local.helm_config["namespace"]
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-    create_kubernetes_namespace         = try(local.helm_config["create_namespace"], true)
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = length(var.irsa_policies) > 0 ? var.irsa_policies : ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  }
-
-  default_helm_values = [templatefile("${path.module}/values.yaml", {
-    s3a_path         = var.s3a_path
-    operating_system = "linux"
-  })]
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/spark-history-server/main.tf b/modules/kubernetes-addons/spark-history-server/main.tf
deleted file mode 100644
index e6793f4a94..0000000000
--- a/modules/kubernetes-addons/spark-history-server/main.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  set_values        = local.set_values
-  irsa_config       = local.irsa_config
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/spark-history-server/outputs.tf b/modules/kubernetes-addons/spark-history-server/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/spark-history-server/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/spark-history-server/values.yaml b/modules/kubernetes-addons/spark-history-server/values.yaml
deleted file mode 100644
index 660f33ff07..0000000000
--- a/modules/kubernetes-addons/spark-history-server/values.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-
-sparkHistoryOpts: "-Dspark.history.fs.logDirectory="${s3a_path}
-
-nodeSelector:
-  kubernetes.io/os: ${operating_system}
diff --git a/modules/kubernetes-addons/spark-history-server/variables.tf b/modules/kubernetes-addons/spark-history-server/variables.tf
deleted file mode 100644
index 9ce1c52527..0000000000
--- a/modules/kubernetes-addons/spark-history-server/variables.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Spark K8s Operator"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "s3a_path" {
-  description = "s3a path with prefix for Spark history server e.g., s3a://<bucket_name>/<spark_event_logs>"
-  type        = string
-  default     = ""
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/spark-history-server/versions.tf b/modules/kubernetes-addons/spark-history-server/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/spark-history-server/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/spark-k8s-operator/README.md b/modules/kubernetes-addons/spark-k8s-operator/README.md
deleted file mode 100644
index 1025a4ce22..0000000000
--- a/modules/kubernetes-addons/spark-k8s-operator/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# Spark on K8s Operator
-
-The Kubernetes Operator for Apache Spark aims to make specifying and running Spark applications as easy and idiomatic as running other workloads on Kubernetes.
-It uses Kubernetes custom resources for specifying, running, and surfacing status of Spark applications.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Spark K8s Operator | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/spark-k8s-operator/main.tf b/modules/kubernetes-addons/spark-k8s-operator/main.tf
deleted file mode 100644
index 8d74c0d3ed..0000000000
--- a/modules/kubernetes-addons/spark-k8s-operator/main.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "spark-operator")
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(var.helm_config.create_namespace, true) && local.namespace != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/master/charts/spark-operator-chart/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://googlecloudplatform.github.io/spark-on-k8s-operator"
-      version     = "1.1.26"
-      namespace   = try(kubernetes_namespace_v1.this[0].metadata[0].name, local.namespace)
-      description = "The spark_k8s_operator HelmChart Ingress Controller deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/spark-k8s-operator/outputs.tf b/modules/kubernetes-addons/spark-k8s-operator/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/spark-k8s-operator/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/spark-k8s-operator/variables.tf b/modules/kubernetes-addons/spark-k8s-operator/variables.tf
deleted file mode 100644
index 78f4ee4f59..0000000000
--- a/modules/kubernetes-addons/spark-k8s-operator/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Spark K8s Operator"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/spark-k8s-operator/versions.tf b/modules/kubernetes-addons/spark-k8s-operator/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/spark-k8s-operator/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/README.md b/modules/kubernetes-addons/strimzi-kafka-operator/README.md
deleted file mode 100644
index 4153f7bd65..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Strimzi Kafka Operator
-Deploying Kafka Operator using [Strimzi Operator](https://strimzi.io/downloads/). Strimzi makes it really easy to spin up a Kafka cluster in minutes.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for the kafka. | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/main.tf b/modules/kubernetes-addons/strimzi-kafka-operator/main.tf
deleted file mode 100644
index b31ab1b69d..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/main.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-locals {
-  name = "strimzi"
-  default_helm_config = {
-    name             = local.name
-    chart            = "strimzi-kafka-operator"
-    repository       = "https://strimzi.io/charts/"
-    version          = "0.31.1"
-    namespace        = local.name
-    create_namespace = true
-    values           = [templatefile("${path.module}/values.yaml", {})]
-    description      = "Strimzi - Apache Kafka on Kubernetes"
-  }
-  helm_config = merge(local.default_helm_config, var.helm_config)
-}
-
-#-------------------------------------------------
-# Strimzi Kafka Helm Add-on
-#-------------------------------------------------
-module "helm_addon" {
-  source            = "../helm-addon"
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-  manage_via_gitops = var.manage_via_gitops
-}
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/outputs.tf b/modules/kubernetes-addons/strimzi-kafka-operator/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/values.yaml b/modules/kubernetes-addons/strimzi-kafka-operator/values.yaml
deleted file mode 100644
index cce7760601..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/values.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# Default values for strimzi-kafka-operator.
-
-resources:
-  limits:
-    memory: 1Gi
-    cpu: 1000m
-  requests:
-    memory: 1Gi
-    cpu: 1000m
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/variables.tf b/modules/kubernetes-addons/strimzi-kafka-operator/variables.tf
deleted file mode 100644
index d2a4daaddb..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for the kafka."
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps."
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/strimzi-kafka-operator/versions.tf b/modules/kubernetes-addons/strimzi-kafka-operator/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/strimzi-kafka-operator/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/README.md b/modules/kubernetes-addons/tetrate-istio/README.md
deleted file mode 100644
index bdd5b53284..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/README.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# Tetrate Istio add-on
-
-## What is Tetrate Istio Distro
-
-[Tetrate Istio Distro](https://istio.tetratelabs.io/) is simple, safe enterprise-grade Istio distro.
-
-## Examples
-
-See [blueprints](https://github.com/tetratelabs/terraform-eksblueprints-tetrate-istio-addon/tree/main/blueprints).
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_base"></a> [base](#module\_base) | ../helm-addon | n/a |
-| <a name="module_cni"></a> [cni](#module\_cni) | ../helm-addon | n/a |
-| <a name="module_gateway"></a> [gateway](#module\_gateway) | ../helm-addon | n/a |
-| <a name="module_istiod"></a> [istiod](#module\_istiod) | ../helm-addon | n/a |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | `any` | n/a | yes |
-| <a name="input_base_helm_config"></a> [base\_helm\_config](#input\_base\_helm\_config) | Istio `base` Helm Chart Configuration | `any` | `{}` | no |
-| <a name="input_cni_helm_config"></a> [cni\_helm\_config](#input\_cni\_helm\_config) | Istio `cni` Helm Chart Configuration | `any` | `{}` | no |
-| <a name="input_distribution"></a> [distribution](#input\_distribution) | Istio distribution | `string` | `"TID"` | no |
-| <a name="input_distribution_version"></a> [distribution\_version](#input\_distribution\_version) | Istio version | `string` | `""` | no |
-| <a name="input_gateway_helm_config"></a> [gateway\_helm\_config](#input\_gateway\_helm\_config) | Istio `gateway` Helm Chart Configuration | `any` | `{}` | no |
-| <a name="input_install_base"></a> [install\_base](#input\_install\_base) | Install Istio `base` Helm Chart | `bool` | `true` | no |
-| <a name="input_install_cni"></a> [install\_cni](#input\_install\_cni) | Install Istio `cni` Helm Chart | `bool` | `true` | no |
-| <a name="input_install_gateway"></a> [install\_gateway](#input\_install\_gateway) | Install Istio `gateway` Helm Chart | `bool` | `true` | no |
-| <a name="input_install_istiod"></a> [install\_istiod](#input\_install\_istiod) | Install Istio `istiod` Helm Chart | `bool` | `true` | no |
-| <a name="input_istiod_helm_config"></a> [istiod\_helm\_config](#input\_istiod\_helm\_config) | Istio `istiod` Helm Chart Configuration | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/tetrate-istio/locals.tf b/modules/kubernetes-addons/tetrate-istio/locals.tf
deleted file mode 100644
index 8fc66f1dd4..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/locals.tf
+++ /dev/null
@@ -1,71 +0,0 @@
-locals {
-  default_version = coalesce(var.distribution_version, "1.12.2")
-
-  default_helm_config = {
-    name             = "undefined"
-    chart            = "undefined"
-    repository       = "https://istio-release.storage.googleapis.com/charts"
-    version          = local.default_version
-    namespace        = "istio-system"
-    create_namespace = true
-    description      = "Istio service mesh"
-  }
-
-  per_distribution_helm_configs = {
-    "TID" = local.tetrate_istio_distribution_helm_config
-  }
-
-  per_distribution_helm_values = {
-    "TID" = local.tetrate_istio_distribution_helm_values
-  }
-
-  distribution_helm_config = lookup(local.per_distribution_helm_configs, var.distribution, {})
-  distribution_helm_values = lookup(local.per_distribution_helm_values, var.distribution, {})
-
-  cni_helm_values = [yamlencode({
-    "istio_cni" : {
-      "enabled" : var.install_cni
-    }
-  })]
-
-  default_base_helm_values    = lookup(local.distribution_helm_values, "base", [])
-  default_cni_helm_values     = lookup(local.distribution_helm_values, "cni", [])
-  default_istiod_helm_values  = concat(lookup(local.distribution_helm_values, "istiod", []), local.cni_helm_values)
-  default_gateway_helm_values = lookup(local.distribution_helm_values, "gateway", [])
-
-  base_helm_config = merge(
-    local.default_helm_config,
-    local.distribution_helm_config,
-    { name = "istio-base", chart = "base" },
-    var.base_helm_config,
-    { values = concat(local.default_base_helm_values, lookup(var.base_helm_config, "values", [])) }
-  )
-
-  cni_helm_config = merge(
-    local.default_helm_config,
-    local.distribution_helm_config,
-    { name = "istio-cni", chart = "cni" },
-    var.cni_helm_config,
-    { values = concat(local.default_cni_helm_values, lookup(var.cni_helm_config, "values", [])) }
-  )
-
-  istiod_helm_config = merge(
-    local.default_helm_config,
-    local.distribution_helm_config,
-    { name = "istio-istiod", chart = "istiod" },
-    var.istiod_helm_config,
-    { values = concat(local.default_istiod_helm_values, lookup(var.istiod_helm_config, "values", [])) }
-  )
-
-  gateway_helm_config = merge(
-    local.default_helm_config,
-    local.distribution_helm_config,
-    { name = "istio-ingressgateway", chart = "gateway" },
-    var.gateway_helm_config,
-    { values = concat(local.default_gateway_helm_values, lookup(var.gateway_helm_config, "values", [])) }
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/locals_tid.tf b/modules/kubernetes-addons/tetrate-istio/locals_tid.tf
deleted file mode 100644
index add3c68913..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/locals_tid.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-locals {
-  tetrate_istio_distribution_helm_config = {
-    description = "Tetrate Istio Distribution - Simple, safe enterprise-grade Istio distribution"
-  }
-
-  tetrate_istio_distribution_helm_values = {
-    cni = tolist([yamlencode({
-      "global" : {
-        "hub" : "containers.istio.tetratelabs.com",
-        "tag" : "${lookup(var.cni_helm_config, "version", local.default_helm_config.version)}-tetratefips-v0",
-      }
-    })])
-    istiod = tolist([yamlencode({
-      "global" : {
-        "hub" : "containers.istio.tetratelabs.com",
-        "tag" : "${lookup(var.istiod_helm_config, "version", local.default_helm_config.version)}-tetratefips-v0",
-      }
-    })])
-  }
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/main.tf b/modules/kubernetes-addons/tetrate-istio/main.tf
deleted file mode 100644
index e0cd502471..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/main.tf
+++ /dev/null
@@ -1,45 +0,0 @@
-module "base" {
-  source = "../helm-addon"
-
-  count = var.install_base ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.base_helm_config
-  addon_context     = var.addon_context
-}
-
-module "cni" {
-  source = "../helm-addon"
-
-  count = var.install_cni ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.cni_helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [module.base]
-}
-
-module "istiod" {
-  source = "../helm-addon"
-
-  count = var.install_istiod ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.istiod_helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [module.cni]
-}
-
-module "gateway" {
-  source = "../helm-addon"
-
-  count = var.install_gateway ? 1 : 0
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.gateway_helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [module.istiod]
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/outputs.tf b/modules/kubernetes-addons/tetrate-istio/outputs.tf
deleted file mode 100644
index b30c86b380..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/outputs.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/variables.tf b/modules/kubernetes-addons/tetrate-istio/variables.tf
deleted file mode 100644
index 61626e4f95..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/variables.tf
+++ /dev/null
@@ -1,70 +0,0 @@
-variable "distribution" {
-  description = "Istio distribution"
-  type        = string
-  default     = "TID"
-}
-
-variable "distribution_version" {
-  description = "Istio version"
-  type        = string
-  default     = ""
-}
-
-variable "install_base" {
-  description = "Install Istio `base` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "install_cni" {
-  description = "Install Istio `cni` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "install_istiod" {
-  description = "Install Istio `istiod` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "install_gateway" {
-  description = "Install Istio `gateway` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "base_helm_config" {
-  description = "Istio `base` Helm Chart Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "cni_helm_config" {
-  description = "Istio `cni` Helm Chart Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "istiod_helm_config" {
-  description = "Istio `istiod` Helm Chart Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "gateway_helm_config" {
-  description = "Istio `gateway` Helm Chart Configuration"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type        = any
-}
diff --git a/modules/kubernetes-addons/tetrate-istio/versions.tf b/modules/kubernetes-addons/tetrate-istio/versions.tf
deleted file mode 100644
index 429c0b36d0..0000000000
--- a/modules/kubernetes-addons/tetrate-istio/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-}
diff --git a/modules/kubernetes-addons/thanos/README.md b/modules/kubernetes-addons/thanos/README.md
deleted file mode 100644
index ed74d685be..0000000000
--- a/modules/kubernetes-addons/thanos/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# thanos Helm Chart
-
-## Introduction
-
-[thanos](https://github.com/bitnami/charts/tree/main/bitnami/thanos) Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations.
diff --git a/modules/kubernetes-addons/thanos/locals.tf b/modules/kubernetes-addons/thanos/locals.tf
deleted file mode 100644
index 1ac05d31ea..0000000000
--- a/modules/kubernetes-addons/thanos/locals.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-locals {
-  name             = try(var.helm_config.name, "thanos")
-  namespace_name   = try(var.helm_config.namespace, local.name)
-  create_namespace = try(var.helm_config.create_namespace, true) && local.namespace_name != "kube-system"
-  namespace        = local.create_namespace ? kubernetes_namespace_v1.thanos[0].metadata[0].name : local.namespace_name
-  service_account  = try(var.helm_config.service_account, local.name)
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://charts.bitnami.com/bitnami"
-      version     = "11.6.4"
-      namespace   = local.namespace
-      description = "thanos helm Chart deployment configuration"
-    },
-    var.helm_config
-  )
-  set_values = [{
-    name  = "serviceAccount.name"
-    value = local.service_account
-    },
-    {
-      name  = "serviceAccount.create"
-      value = false
-    }
-  ]
-  irsa_config = {
-    kubernetes_namespace                = local.namespace
-    kubernetes_service_account          = local.service_account
-    create_kubernetes_namespace         = false
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false)
-    irsa_iam_policies                   = var.irsa_policies
-  }
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.service_account
-  }
-
-}
diff --git a/modules/kubernetes-addons/thanos/main.tf b/modules/kubernetes-addons/thanos/main.tf
deleted file mode 100644
index ca34475817..0000000000
--- a/modules/kubernetes-addons/thanos/main.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-module "helm_addon" {
-  source            = "../helm-addon"
-  helm_config       = local.helm_config
-  set_values        = local.set_values
-  irsa_config       = local.irsa_config
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
-
-resource "kubernetes_namespace_v1" "thanos" {
-  count = local.create_namespace ? 1 : 0
-
-  metadata {
-    name = local.namespace_name
-  }
-}
diff --git a/modules/kubernetes-addons/thanos/outputs.tf b/modules/kubernetes-addons/thanos/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/thanos/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/thanos/variables.tf b/modules/kubernetes-addons/thanos/variables.tf
deleted file mode 100644
index c2d18d3d4a..0000000000
--- a/modules/kubernetes-addons/thanos/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "helm_config" {
-  description = "Helm Config for kube-prometheus-stack"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
diff --git a/modules/kubernetes-addons/thanos/versions.tf b/modules/kubernetes-addons/thanos/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/thanos/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/traefik/README.md b/modules/kubernetes-addons/traefik/README.md
deleted file mode 100644
index f0bfc25b95..0000000000
--- a/modules/kubernetes-addons/traefik/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# Traefik Ingress Controller Deployment Guide
-
-## Introduction
-
-Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. Fore more details about [Traefik can be found here](https://doc.traefik.io/traefik/providers/kubernetes-ingress/)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Traefik | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/traefik/main.tf b/modules/kubernetes-addons/traefik/main.tf
deleted file mode 100644
index 16cf081e2c..0000000000
--- a/modules/kubernetes-addons/traefik/main.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "traefik")
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-
-resource "kubernetes_namespace_v1" "this" {
-  count = try(var.helm_config.create_namespace, true) && local.namespace != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/traefik/traefik-helm-chart/blob/master/traefik/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://helm.traefik.io/traefik"
-      version     = "18.1.0"
-      namespace   = try(kubernetes_namespace_v1.this[0].metadata[0].name, local.namespace)
-      description = "The Traefik Helm Chart is focused on Traefik deployment configuration"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/traefik/outputs.tf b/modules/kubernetes-addons/traefik/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/traefik/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/traefik/variables.tf b/modules/kubernetes-addons/traefik/variables.tf
deleted file mode 100644
index 08398ff533..0000000000
--- a/modules/kubernetes-addons/traefik/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Traefik"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/traefik/versions.tf b/modules/kubernetes-addons/traefik/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/traefik/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/variables.tf b/modules/kubernetes-addons/variables.tf
deleted file mode 100644
index 868e618501..0000000000
--- a/modules/kubernetes-addons/variables.tf
+++ /dev/null
@@ -1,1485 +0,0 @@
-variable "eks_cluster_id" {
-  description = "EKS Cluster Id"
-  type        = string
-}
-
-variable "eks_cluster_domain" {
-  description = "The domain for the EKS cluster"
-  type        = string
-  default     = ""
-}
-
-variable "eks_worker_security_group_id" {
-  description = "EKS Worker Security group Id created by EKS module"
-  type        = string
-  default     = ""
-}
-
-variable "data_plane_wait_arn" {
-  description = "Addon deployment will not proceed until this value is known. Set to node group/Fargate profile ARN to wait for data plane to be ready before provisioning addons"
-  type        = string
-  default     = ""
-}
-
-variable "auto_scaling_group_names" {
-  description = "List of self-managed node groups autoscaling group names"
-  type        = list(string)
-  default     = []
-}
-
-variable "tags" {
-  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
-  type        = map(string)
-  default     = {}
-}
-
-variable "irsa_iam_role_path" {
-  description = "IAM role path for IRSA roles"
-  type        = string
-  default     = "/"
-}
-
-variable "irsa_iam_permissions_boundary" {
-  description = "IAM permissions boundary for IRSA roles"
-  type        = string
-  default     = ""
-}
-
-variable "eks_oidc_provider" {
-  description = "The OpenID Connect identity provider (issuer URL without leading `https://`)"
-  type        = string
-  default     = null
-}
-
-variable "eks_oidc_provider_arn" {
-  description = "The OpenID Connect identity provider ARN"
-  type        = string
-  default     = null
-}
-
-variable "eks_cluster_endpoint" {
-  description = "Endpoint for your Kubernetes API server"
-  type        = string
-  default     = null
-}
-
-variable "eks_cluster_version" {
-  description = "The Kubernetes version for the cluster"
-  type        = string
-  default     = null
-}
-
-#-----------EKS MANAGED ADD-ONS------------
-variable "enable_ipv6" {
-  description = "Enable Ipv6 network. Attaches new VPC CNI policy to the IRSA role"
-  type        = bool
-  default     = false
-}
-
-variable "amazon_eks_vpc_cni_config" {
-  description = "ConfigMap of Amazon EKS VPC CNI add-on"
-  type        = any
-  default     = {}
-}
-
-variable "enable_amazon_eks_coredns" {
-  description = "Enable Amazon EKS CoreDNS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "amazon_eks_coredns_config" {
-  description = "Configuration for Amazon CoreDNS EKS add-on"
-  type        = any
-  default     = {}
-}
-
-variable "enable_self_managed_coredns" {
-  description = "Enable self-managed CoreDNS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "self_managed_coredns_helm_config" {
-  description = "Self-managed CoreDNS Helm chart config"
-  type        = any
-  default     = {}
-}
-
-variable "remove_default_coredns_deployment" {
-  description = "Determines whether the default deployment of CoreDNS is removed and ownership of kube-dns passed to Helm"
-  type        = bool
-  default     = false
-}
-
-variable "enable_coredns_cluster_proportional_autoscaler" {
-  description = "Enable cluster-proportional-autoscaler for CoreDNS"
-  type        = bool
-  default     = true
-}
-
-variable "coredns_cluster_proportional_autoscaler_helm_config" {
-  description = "Helm provider config for the CoreDNS cluster-proportional-autoscaler"
-  default     = {}
-  type        = any
-}
-
-
-variable "amazon_eks_kube_proxy_config" {
-  description = "ConfigMap for Amazon EKS Kube-Proxy add-on"
-  type        = any
-  default     = {}
-}
-
-variable "amazon_eks_aws_ebs_csi_driver_config" {
-  description = "configMap for AWS EBS CSI Driver add-on"
-  type        = any
-  default     = {}
-}
-
-variable "enable_amazon_eks_vpc_cni" {
-  description = "Enable VPC CNI add-on"
-  type        = bool
-  default     = false
-}
-
-variable "enable_amazon_eks_kube_proxy" {
-  description = "Enable Kube Proxy add-on"
-  type        = bool
-  default     = false
-}
-
-variable "enable_amazon_eks_aws_ebs_csi_driver" {
-  description = "Enable EKS Managed AWS EBS CSI Driver add-on; enable_amazon_eks_aws_ebs_csi_driver and enable_self_managed_aws_ebs_csi_driver are mutually exclusive"
-  type        = bool
-  default     = false
-}
-
-variable "enable_self_managed_aws_ebs_csi_driver" {
-  description = "Enable self-managed aws-ebs-csi-driver add-on; enable_self_managed_aws_ebs_csi_driver and enable_amazon_eks_aws_ebs_csi_driver are mutually exclusive"
-  type        = bool
-  default     = false
-}
-
-variable "self_managed_aws_ebs_csi_driver_helm_config" {
-  description = "Self-managed aws-ebs-csi-driver Helm chart config"
-  type        = any
-  default     = {}
-}
-
-variable "custom_image_registry_uri" {
-  description = "Custom image registry URI map of `{region = dkr.endpoint }`"
-  type        = map(string)
-  default     = {}
-}
-
-#-----------CLUSTER AUTOSCALER-------------
-variable "enable_cluster_autoscaler" {
-  description = "Enable Cluster autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cluster_autoscaler_helm_config" {
-  description = "Cluster Autoscaler Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------COREDNS AUTOSCALER-------------
-variable "enable_coredns_autoscaler" {
-  description = "Enable CoreDNS autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "coredns_autoscaler_helm_config" {
-  description = "CoreDNS Autoscaler Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------AWS Appmesh-------------
-variable "enable_appmesh_controller" {
-  description = "Enable AppMesh add-on"
-  type        = bool
-  default     = false
-}
-
-variable "appmesh_helm_config" {
-  description = "AppMesh Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "appmesh_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------Crossplane ADDON-------------
-variable "enable_crossplane" {
-  description = "Enable Crossplane add-on"
-  type        = bool
-  default     = false
-}
-
-variable "crossplane_helm_config" {
-  description = "Crossplane Helm Chart config"
-  type        = any
-  default     = null
-}
-
-variable "crossplane_aws_provider" {
-  description = "AWS Provider config for Crossplane"
-  type        = any
-  default = {
-    enable = false
-  }
-}
-
-variable "crossplane_upbound_aws_provider" {
-  description = "AWS Upbound Provider config for Crossplane"
-  type        = any
-  default = {
-    enable = false
-  }
-}
-
-variable "crossplane_jet_aws_provider" {
-  description = "AWS Provider Jet AWS config for Crossplane"
-  type = object({
-    enable                   = bool
-    provider_aws_version     = string
-    additional_irsa_policies = list(string)
-  })
-  default = {
-    enable                   = false
-    provider_aws_version     = "v0.24.1"
-    additional_irsa_policies = []
-  }
-}
-
-variable "crossplane_kubernetes_provider" {
-  description = "Kubernetes Provider config for Crossplane"
-  type        = any
-  default = {
-    enable = false
-  }
-}
-
-variable "crossplane_helm_provider" {
-  description = "Helm Provider config for Crossplane"
-  type        = any
-  default = {
-    enable = false
-  }
-}
-
-#-----------ONDAT ADDON-------------
-variable "enable_ondat" {
-  description = "Enable Ondat add-on"
-  type        = bool
-  default     = false
-}
-
-variable "ondat_helm_config" {
-  description = "Ondat Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "ondat_irsa_policies" {
-  description = "IAM policy ARNs for Ondat IRSA"
-  type        = list(string)
-  default     = []
-}
-
-variable "ondat_create_cluster" {
-  description = "Create cluster resources"
-  type        = bool
-  default     = true
-}
-
-variable "ondat_etcd_endpoints" {
-  description = "List of etcd endpoints for Ondat"
-  type        = list(string)
-  default     = []
-}
-
-variable "ondat_etcd_ca" {
-  description = "CA content for Ondat etcd"
-  type        = string
-  default     = null
-}
-
-variable "ondat_etcd_cert" {
-  description = "Certificate content for Ondat etcd"
-  type        = string
-  default     = null
-}
-
-variable "ondat_etcd_key" {
-  type        = string
-  description = "Private key content for Ondat etcd"
-  default     = null
-  sensitive   = true
-}
-
-variable "ondat_admin_username" {
-  description = "Username for Ondat admin user"
-  type        = string
-  default     = "storageos"
-}
-
-variable "ondat_admin_password" {
-  description = "Password for Ondat admin user"
-  type        = string
-  default     = "storageos"
-  sensitive   = true
-}
-
-#-----------External DNS ADDON-------------
-variable "enable_external_dns" {
-  description = "External DNS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "external_dns_helm_config" {
-  description = "External DNS Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "external_dns_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "external_dns_private_zone" {
-  type        = bool
-  description = "Determines if referenced Route53 zone is private."
-  default     = false
-}
-
-variable "external_dns_route53_zone_arns" {
-  description = "List of Route53 zones ARNs which external-dns will have access to create/manage records"
-  type        = list(string)
-  default     = []
-}
-
-#-----------Amazon Managed Service for Prometheus-------------
-variable "enable_amazon_prometheus" {
-  description = "Enable AWS Managed Prometheus service"
-  type        = bool
-  default     = false
-}
-
-variable "amazon_prometheus_workspace_endpoint" {
-  description = "AWS Managed Prometheus WorkSpace Endpoint"
-  type        = string
-  default     = null
-}
-
-variable "amazon_prometheus_workspace_region" {
-  description = "AWS Managed Prometheus WorkSpace Region"
-  type        = string
-  default     = null
-}
-
-#-----------PROMETHEUS-------------
-variable "enable_prometheus" {
-  description = "Enable Community Prometheus add-on"
-  type        = bool
-  default     = false
-}
-
-variable "prometheus_helm_config" {
-  description = "Community Prometheus Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------KUBE-PROMETHEUS-STACK-------------
-variable "enable_kube_prometheus_stack" {
-  description = "Enable Community kube-prometheus-stack add-on"
-  type        = bool
-  default     = false
-}
-
-variable "kube_prometheus_stack_helm_config" {
-  description = "Community kube-prometheus-stack Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------METRIC SERVER-------------
-variable "enable_metrics_server" {
-  description = "Enable metrics server add-on"
-  type        = bool
-  default     = false
-}
-
-variable "metrics_server_helm_config" {
-  description = "Metrics Server Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#---------KUBE STATE METRICS-----------
-variable "enable_kube_state_metrics" {
-  description = "Enable Kube State Metrics add-on"
-  type        = bool
-  default     = false
-}
-
-variable "kube_state_metrics_helm_config" {
-  description = "Kube State Metrics Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------SYSDIG-------------
-variable "enable_sysdig_agent" {
-  description = "Enable Sysdig Agent add-on"
-  type        = bool
-  default     = false
-}
-
-variable "sysdig_agent_helm_config" {
-  description = "Sysdig Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------TETRATE ISTIO-------------
-variable "enable_tetrate_istio" {
-  description = "Enable Tetrate Istio add-on"
-  type        = bool
-  default     = false
-}
-
-variable "tetrate_istio_distribution" {
-  description = "Istio distribution"
-  type        = string
-  default     = "TID"
-}
-
-variable "tetrate_istio_version" {
-  description = "Istio version"
-  type        = string
-  default     = ""
-}
-
-variable "tetrate_istio_install_base" {
-  description = "Install Istio `base` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "tetrate_istio_install_cni" {
-  description = "Install Istio `cni` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "tetrate_istio_install_istiod" {
-  description = "Install Istio `istiod` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "tetrate_istio_install_gateway" {
-  description = "Install Istio `gateway` Helm Chart"
-  type        = bool
-  default     = true
-}
-
-variable "tetrate_istio_base_helm_config" {
-  description = "Istio `base` Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "tetrate_istio_cni_helm_config" {
-  description = "Istio `cni` Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "tetrate_istio_istiod_helm_config" {
-  description = "Istio `istiod` Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "tetrate_istio_gateway_helm_config" {
-  description = "Istio `gateway` Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------THANOS-------------
-variable "enable_thanos" {
-  description = "Enable Thanos add-on"
-  type        = bool
-  default     = false
-}
-
-variable "thanos_helm_config" {
-  description = "Thanos Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "thanos_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------TRAEFIK-------------
-variable "enable_traefik" {
-  description = "Enable Traefik add-on"
-  type        = bool
-  default     = false
-}
-
-variable "traefik_helm_config" {
-  description = "Traefik Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------AGONES-------------
-variable "enable_agones" {
-  description = "Enable Agones GamServer add-on"
-  type        = bool
-  default     = false
-}
-
-variable "agones_helm_config" {
-  description = "Agones GameServer Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------AWS EFS CSI DRIVER ADDON-------------
-variable "enable_aws_efs_csi_driver" {
-  description = "Enable AWS EFS CSI driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_efs_csi_driver_helm_config" {
-  description = "AWS EFS CSI driver Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_efs_csi_driver_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------AWS EFS CSI DRIVER ADDON-------------
-variable "enable_aws_fsx_csi_driver" {
-  description = "Enable AWS FSx CSI driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_fsx_csi_driver_helm_config" {
-  description = "AWS FSx CSI driver Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_fsx_csi_driver_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-#-----------AWS LB Ingress Controller-------------
-variable "enable_aws_load_balancer_controller" {
-  description = "Enable AWS Load Balancer Controller add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_load_balancer_controller_helm_config" {
-  description = "AWS Load Balancer Controller Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------NGINX-------------
-variable "enable_ingress_nginx" {
-  description = "Enable Ingress Nginx add-on"
-  type        = bool
-  default     = false
-}
-
-variable "ingress_nginx_helm_config" {
-  description = "Ingress Nginx Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Spark History Server-------------
-variable "enable_spark_history_server" {
-  description = "Enable Spark History Server add-on"
-  type        = bool
-  default     = false
-}
-
-variable "spark_history_server_helm_config" {
-  description = "Spark History Server Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "spark_history_server_s3a_path" {
-  description = "s3a path with prefix for Spark history server e.g., s3a://<bucket_name>/<spark_event_logs>"
-  type        = string
-  default     = ""
-}
-
-variable "spark_history_server_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------SPARK K8S OPERATOR-------------
-variable "enable_spark_k8s_operator" {
-  description = "Enable Spark on K8s Operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "spark_k8s_operator_helm_config" {
-  description = "Spark on K8s Operator Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------AWS FOR FLUENT BIT-------------
-variable "enable_aws_for_fluentbit" {
-  description = "Enable AWS for FluentBit add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_for_fluentbit_helm_config" {
-  description = "AWS for FluentBit Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_for_fluentbit_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "aws_for_fluentbit_create_cw_log_group" {
-  description = "Set to false to use existing CloudWatch log group supplied via the cw_log_group_name variable."
-  type        = bool
-  default     = true
-}
-
-variable "aws_for_fluentbit_cw_log_group_name" {
-  description = "FluentBit CloudWatch Log group name"
-  type        = string
-  default     = null
-}
-
-variable "aws_for_fluentbit_cw_log_group_retention" {
-  description = "FluentBit CloudWatch Log group retention period"
-  type        = number
-  default     = 90
-}
-
-variable "aws_for_fluentbit_cw_log_group_kms_key_arn" {
-  description = "FluentBit CloudWatch Log group KMS Key"
-  type        = string
-  default     = null
-}
-
-#-----------AWS CloudWatch Metrics-------------
-variable "enable_aws_cloudwatch_metrics" {
-  description = "Enable AWS CloudWatch Metrics add-on for Container Insights"
-  type        = bool
-  default     = false
-}
-
-variable "aws_cloudwatch_metrics_helm_config" {
-  description = "AWS CloudWatch Metrics Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_cloudwatch_metrics_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------FARGATE FLUENT BIT-------------
-variable "enable_fargate_fluentbit" {
-  description = "Enable Fargate FluentBit add-on"
-  type        = bool
-  default     = false
-}
-
-variable "fargate_fluentbit_addon_config" {
-  description = "Fargate fluentbit add-on config"
-  type        = any
-  default     = {}
-}
-
-#-----------CERT MANAGER-------------
-variable "enable_cert_manager" {
-  description = "Enable Cert Manager add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cert_manager_helm_config" {
-  description = "Cert Manager Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "cert_manager_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "cert_manager_domain_names" {
-  description = "Domain names of the Route53 hosted zone to use with cert-manager"
-  type        = list(string)
-  default     = []
-}
-
-variable "cert_manager_install_letsencrypt_issuers" {
-  description = "Install Let's Encrypt Cluster Issuers"
-  type        = bool
-  default     = true
-}
-
-variable "cert_manager_letsencrypt_email" {
-  description = "Email address for expiration emails from Let's Encrypt"
-  type        = string
-  default     = ""
-}
-
-variable "enable_cert_manager_csi_driver" {
-  description = "Enable Cert Manager CSI Driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cert_manager_csi_driver_helm_config" {
-  description = "Cert Manager CSI Driver Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "cert_manager_kubernetes_svc_image_pull_secrets" {
-  description = "list(string) of kubernetes imagePullSecrets"
-  type        = list(string)
-  default     = []
-}
-
-variable "enable_cert_manager_istio_csr" {
-  description = "Enable Cert Manager istio-csr add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cert_manager_istio_csr_helm_config" {
-  description = "Cert Manager Istio CSR Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Argo workflows ADDON-------------
-variable "enable_argo_workflows" {
-  description = "Enable Argo workflows add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argo_workflows_helm_config" {
-  description = "Argo workflows Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------Argo Rollouts ADDON-------------
-variable "enable_argo_rollouts" {
-  description = "Enable Argo Rollouts add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argo_rollouts_helm_config" {
-  description = "Argo Rollouts Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------ARGOCD ADDON-------------
-variable "enable_argocd" {
-  description = "Enable Argo CD Kubernetes add-on"
-  type        = bool
-  default     = false
-}
-
-variable "argocd_helm_config" {
-  description = "Argo CD Kubernetes add-on config"
-  type        = any
-  default     = {}
-}
-
-variable "argocd_applications" {
-  description = "Argo CD Applications config to bootstrap the cluster"
-  type        = any
-  default     = {}
-}
-
-variable "argocd_manage_add_ons" {
-  description = "Enable managing add-on configuration via ArgoCD App of Apps"
-  type        = bool
-  default     = false
-}
-
-#-----------AWS NODE TERMINATION HANDLER-------------
-variable "enable_aws_node_termination_handler" {
-  description = "Enable AWS Node Termination Handler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "aws_node_termination_handler_helm_config" {
-  description = "AWS Node Termination Handler Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_node_termination_handler_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------KARPENTER ADDON-------------
-variable "enable_karpenter" {
-  description = "Enable Karpenter autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "karpenter_helm_config" {
-  description = "Karpenter autoscaler add-on config"
-  type        = any
-  default     = {}
-}
-
-variable "karpenter_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "karpenter_node_iam_instance_profile" {
-  description = "Karpenter Node IAM Instance profile id"
-  type        = string
-  default     = ""
-}
-
-variable "karpenter_enable_spot_termination_handling" {
-  description = "Determines whether to enable native spot termination handling"
-  type        = bool
-  default     = false
-}
-
-variable "karpenter_event_rule_name_prefix" {
-  description = "Prefix used for karpenter event bridge rules"
-  type        = string
-  default     = ""
-
-  validation {
-    condition     = length(var.karpenter_event_rule_name_prefix) <= 14
-    error_message = "Maximum input length exceeded. Please enter no more than 14 characters."
-  }
-}
-
-variable "sqs_queue_managed_sse_enabled" {
-  description = "Enable server-side encryption (SSE) for a SQS queue"
-  type        = bool
-  default     = true
-}
-
-variable "sqs_queue_kms_master_key_id" {
-  description = "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK"
-  type        = string
-  default     = null
-}
-
-variable "sqs_queue_kms_data_key_reuse_period_seconds" {
-  description = "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again"
-  type        = number
-  default     = null
-}
-
-#-----------KEDA ADDON-------------
-variable "enable_keda" {
-  description = "Enable KEDA Event-based autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "keda_helm_config" {
-  description = "KEDA Event-based autoscaler add-on config"
-  type        = any
-  default     = {}
-}
-
-variable "keda_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-#-----------Kubernetes Dashboard ADDON-------------
-variable "enable_kubernetes_dashboard" {
-  description = "Enable Kubernetes Dashboard add-on"
-  type        = bool
-  default     = false
-}
-
-variable "kubernetes_dashboard_helm_config" {
-  description = "Kubernetes Dashboard Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------HashiCorp Vault-------------
-variable "enable_vault" {
-  description = "Enable HashiCorp Vault add-on"
-  type        = bool
-  default     = false
-}
-
-variable "vault_helm_config" {
-  description = "HashiCorp Vault Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#------Vertical Pod Autoscaler(VPA) ADDON--------
-variable "enable_vpa" {
-  description = "Enable Vertical Pod Autoscaler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "vpa_helm_config" {
-  description = "VPA Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------Apache YuniKorn ADDON-------------
-variable "enable_yunikorn" {
-  description = "Enable Apache YuniKorn K8s scheduler add-on"
-  type        = bool
-  default     = false
-}
-
-variable "yunikorn_helm_config" {
-  description = "YuniKorn Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------AWS PCA ISSUER-------------
-variable "enable_aws_privateca_issuer" {
-  description = "Enable PCA Issuer"
-  type        = bool
-  default     = false
-}
-
-variable "aws_privateca_issuer_helm_config" {
-  description = "PCA Issuer Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "aws_privateca_acmca_arn" {
-  description = "ARN of AWS ACM PCA"
-  type        = string
-  default     = ""
-}
-
-variable "aws_privateca_issuer_irsa_policies" {
-  description = "IAM policy ARNs for AWS ACM PCA IRSA"
-  type        = list(string)
-  default     = []
-}
-
-#-----------OPENTELEMETRY OPERATOR-------------
-variable "enable_opentelemetry_operator" {
-  description = "Enable opentelemetry operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "opentelemetry_operator_helm_config" {
-  description = "Opentelemetry Operator Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_amazon_eks_adot" {
-  description = "Enable Amazon EKS ADOT addon"
-  type        = bool
-  default     = false
-}
-
-variable "amazon_eks_adot_config" {
-  description = "Configuration for Amazon EKS ADOT add-on"
-  type        = any
-  default     = {}
-}
-
-#-----------Kubernetes Velero ADDON-------------
-variable "enable_velero" {
-  description = "Enable Kubernetes Dashboard add-on"
-  type        = bool
-  default     = false
-}
-
-variable "velero_helm_config" {
-  description = "Kubernetes Velero Helm Chart config"
-  type        = any
-  default     = null
-}
-
-variable "velero_irsa_policies" {
-  description = "IAM policy ARNs for velero IRSA"
-  type        = list(string)
-  default     = []
-}
-
-variable "velero_backup_s3_bucket" {
-  description = "Bucket name for velero bucket"
-  type        = string
-  default     = ""
-}
-
-#-----------AWS Observability patterns-------------
-variable "enable_adot_collector_java" {
-  description = "Enable metrics for JMX workloads"
-  type        = bool
-  default     = false
-}
-
-variable "adot_collector_java_helm_config" {
-  description = "ADOT Collector Java Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_adot_collector_haproxy" {
-  description = "Enable metrics for HAProxy workloads"
-  type        = bool
-  default     = false
-}
-
-variable "adot_collector_haproxy_helm_config" {
-  description = "ADOT Collector HAProxy Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_adot_collector_memcached" {
-  description = "Enable metrics for Memcached workloads"
-  type        = bool
-  default     = false
-}
-
-variable "adot_collector_memcached_helm_config" {
-  description = "ADOT Collector Memcached Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "enable_adot_collector_nginx" {
-  description = "Enable metrics for Nginx workloads"
-  type        = bool
-  default     = false
-}
-
-variable "adot_collector_nginx_helm_config" {
-  description = "ADOT Collector Nginx Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------AWS CSI Secrets Store Provider-------------
-variable "enable_secrets_store_csi_driver_provider_aws" {
-  type        = bool
-  default     = false
-  description = "Enable AWS CSI Secrets Store Provider"
-}
-
-variable "csi_secrets_store_provider_aws_helm_config" {
-  type        = any
-  default     = null
-  description = "CSI Secrets Store Provider AWS Helm Configurations"
-}
-
-#-----------CSI Secrets Store Provider-------------
-variable "enable_secrets_store_csi_driver" {
-  type        = bool
-  default     = false
-  description = "Enable CSI Secrets Store Provider"
-}
-
-variable "secrets_store_csi_driver_helm_config" {
-  type        = any
-  default     = null
-  description = "CSI Secrets Store Provider Helm Configurations"
-}
-
-#-----------EXTERNAL SECRETS OPERATOR-----------
-variable "enable_external_secrets" {
-  type        = bool
-  default     = false
-  description = "Enable External Secrets operator add-on"
-}
-
-variable "external_secrets_helm_config" {
-  type        = any
-  default     = {}
-  description = "External Secrets operator Helm Chart config"
-}
-
-variable "external_secrets_irsa_policies" {
-  description = "Additional IAM policies for a IAM role for service accounts"
-  type        = list(string)
-  default     = []
-}
-
-variable "external_secrets_ssm_parameter_arns" {
-  description = "List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = ["arn:aws:ssm:*:*:parameter/*"]
-}
-
-variable "external_secrets_secrets_manager_arns" {
-  description = "List of Secrets Manager ARNs that contain secrets to mount using External Secrets"
-  type        = list(string)
-  default     = ["arn:aws:secretsmanager:*:*:secret:*"]
-}
-
-#-----------Grafana ADDON-------------
-variable "enable_grafana" {
-  description = "Enable Grafana add-on"
-  type        = bool
-  default     = false
-}
-variable "grafana_helm_config" {
-  description = "Kubernetes Grafana Helm Chart config"
-  type        = any
-  default     = null
-}
-
-variable "grafana_irsa_policies" {
-  description = "IAM policy ARNs for grafana IRSA"
-  type        = list(string)
-  default     = []
-}
-
-#-----------KUBERAY OPERATOR-------------
-variable "enable_kuberay_operator" {
-  description = "Enable KubeRay Operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "kuberay_operator_helm_config" {
-  description = "KubeRay Operator Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#----------- Reloader Addon-------------
-variable "enable_reloader" {
-  description = "Enable Reloader add-on"
-  type        = bool
-  default     = false
-}
-
-variable "reloader_helm_config" {
-  description = "Reloader Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Apache Airflow ADDON-------------
-variable "enable_airflow" {
-  description = "Enable Airflow add-on"
-  type        = bool
-  default     = false
-}
-
-variable "airflow_helm_config" {
-  description = "Apache Airflow v2 Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----Apache Kafka Strimzi Operator------
-variable "enable_strimzi_kafka_operator" {
-  description = "Enable Kafka add-on"
-  type        = bool
-  default     = false
-}
-
-variable "strimzi_kafka_operator_helm_config" {
-  description = "Kafka Strimzi Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Datadog Operator-------------
-variable "enable_datadog_operator" {
-  description = "Enable Datadog Operator add-on"
-  type        = bool
-  default     = false
-}
-
-variable "datadog_operator_helm_config" {
-  description = "Datadog Operator Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Promtail ADDON-------------
-variable "enable_promtail" {
-  description = "Enable Promtail add-on"
-  type        = bool
-  default     = false
-}
-
-variable "promtail_helm_config" {
-  description = "Promtail Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Calico ADDON-------------
-variable "enable_calico" {
-  description = "Enable Calico add-on"
-  type        = bool
-  default     = false
-}
-
-variable "calico_helm_config" {
-  description = "Calico add-on config"
-  type        = any
-  default     = {}
-}
-
-#-----------Kubecost ADDON-------------
-variable "enable_kubecost" {
-  description = "Enable Kubecost add-on"
-  type        = bool
-  default     = false
-}
-
-variable "kubecost_helm_config" {
-  description = "Kubecost Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Kyverno ADDON-------------
-
-variable "enable_kyverno" {
-  description = "Enable Kyverno add-on"
-  type        = bool
-  default     = false
-}
-
-variable "enable_kyverno_policies" {
-  description = "Enable Kyverno policies. Requires `enable_kyverno` to be `true`"
-  type        = bool
-  default     = false
-}
-
-variable "enable_kyverno_policy_reporter" {
-  description = "Enable Kyverno UI. Requires `enable_kyverno` to be `true`"
-  type        = bool
-  default     = false
-}
-
-variable "kyverno_helm_config" {
-  description = "Kyverno Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "kyverno_policies_helm_config" {
-  description = "Kyverno policies Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-variable "kyverno_policy_reporter_helm_config" {
-  description = "Kyverno UI Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------SMB CSI driver ADDON-------------
-variable "enable_smb_csi_driver" {
-  description = "Enable SMB CSI driver add-on"
-  type        = bool
-  default     = false
-}
-
-variable "smb_csi_driver_helm_config" {
-  description = "SMB CSI driver Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-
-#-----------Chaos Mesh ADDON-------------
-variable "enable_chaos_mesh" {
-  description = "Enable Chaos Mesh add-on"
-  type        = bool
-  default     = false
-}
-
-variable "chaos_mesh_helm_config" {
-  description = "Chaos Mesh Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Cilium ADDON-------------
-variable "enable_cilium" {
-  description = "Enable Cilium add-on"
-  type        = bool
-  default     = false
-}
-
-variable "cilium_helm_config" {
-  description = "Cilium Helm Chart config"
-  type        = any
-  default     = {}
-
-}
-
-variable "cilium_enable_wireguard" {
-  description = "Enable wireguard encryption"
-  type        = bool
-  default     = false
-}
-
-#-----------Gatekeeper ADDON-------------
-variable "enable_gatekeeper" {
-  description = "Enable Gatekeeper add-on"
-  type        = bool
-  default     = false
-}
-
-variable "gatekeeper_helm_config" {
-  description = "Gatekeeper Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------Kubernetes Portworx ADDON-------------
-variable "enable_portworx" {
-  description = "Enable Kubernetes Dashboard add-on"
-  type        = bool
-  default     = false
-}
-
-variable "portworx_helm_config" {
-  description = "Kubernetes Portworx Helm Chart config"
-  type        = any
-  default     = null
-}
-
-#-----------Local volume provisioner ADDON-------------
-variable "enable_local_volume_provisioner" {
-  description = "Enable Local volume provisioner add-on"
-  type        = bool
-  default     = false
-}
-
-variable "local_volume_provisioner_helm_config" {
-  description = "Local volume provisioner Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------NVIDIA DEVICE PLUGIN-----------------------
-variable "enable_nvidia_device_plugin" {
-  description = "Enable NVIDIA device plugin add-on"
-  type        = bool
-  default     = false
-}
-
-variable "nvidia_device_plugin_helm_config" {
-  description = "NVIDIA device plugin Helm Chart config"
-  type        = any
-  default     = {}
-}
-
-#-----------App 2048-----------------------
-variable "enable_app_2048" {
-  description = "Enable sample app 2048"
-  type        = bool
-  default     = false
-}
-
-#----------- EMR on EKS -----------------------
-variable "enable_emr_on_eks" {
-  description = "Enable EMR on EKS add-on"
-  type        = bool
-  default     = false
-}
-
-variable "emr_on_eks_config" {
-  description = "EMR on EKS Helm configuration values"
-  type        = any
-  default     = {}
-}
-
-#-----------Consul addon-----------------------
-variable "enable_consul" {
-  description = "Enable consul add-on"
-  type        = bool
-  default     = false
-}
-
-variable "consul_helm_config" {
-  description = "Consul Helm Chart config"
-  type        = any
-  default     = {}
-}
diff --git a/modules/kubernetes-addons/velero/README.md b/modules/kubernetes-addons/velero/README.md
deleted file mode 100644
index b3bef00dc9..0000000000
--- a/modules/kubernetes-addons/velero/README.md
+++ /dev/null
@@ -1,183 +0,0 @@
-# [Velero](https://velero.io/)
-
-Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.
-
-- [Helm chart](https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero)
-- [Plugin for AWS](https://github.com/vmware-tanzu/velero-plugin-for-aws)
-
-## Validate
-
-The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the Velero deployment.
-
-1. Run `update-kubeconfig` command:
-
-```bash
-aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
-```
-
-2. Test by listing velero resources provisioned:
-
-```bash
-kubectl get all -n velero
-
-# Output should look similar to below
-NAME                         READY   STATUS    RESTARTS   AGE
-pod/velero-b4d8fd5c7-5smp6   1/1     Running   0          112s
-
-NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
-service/velero   ClusterIP   172.20.217.203   <none>        8085/TCP   114s
-
-NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/velero   1/1     1            1           114s
-
-NAME                               DESIRED   CURRENT   READY   AGE
-replicaset.apps/velero-b4d8fd5c7   1         1         1       114s
-```
-
-3. Get backup location using velero [CLI](https://velero.io/docs/v1.8/basic-install/#install-the-cli)
-
-```bash
-velero backup-location get
-
-# Output should look similar to below
-NAME      PROVIDER   BUCKET/PREFIX             PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
-default   aws        velero-ssqwm44hvofzb32d   Available   2022-05-22 10:53:26 -0400 EDT   ReadWrite     true
-```
-
-4. To demonstrate creating a backup and restoring, create a new namespace and run nginx using below commands:
-
-```bash
-kubectl create namespace backupdemo
-kubectl run nginx --image=nginx -n backupdemo
-```
-
-5. Create backup of this namespace using velero
-
-```bash
-velero backup create backup1 --include-namespaces backupdemo
-
-# Output should look similar to below
-Backup request "backup1" submitted successfully.
-Run `velero backup describe backup1` or `velero backup logs backup1` for more details.
-```
-
-6. Describe the backup to check the backup status
-
-```bash
-velero backup describe backup1
-
-# Output should look similar to below
-Name:         backup1
-Namespace:    velero
-Labels:       velero.io/storage-location=default
-Annotations:  velero.io/source-cluster-k8s-gitversion=v1.21.9-eks-14c7a48
-              velero.io/source-cluster-k8s-major-version=1
-              velero.io/source-cluster-k8s-minor-version=21+
-
-Phase:  Completed
-
-Errors:    0
-Warnings:  0
-
-Namespaces:
-  Included:  backupdemo
-  Excluded:  <none>
-
-Resources:
-  Included:        *
-  Excluded:        <none>
-  Cluster-scoped:  auto
-
-Label selector:  <none>
-
-Storage Location:  default
-
-Velero-Native Snapshot PVs:  auto
-
-TTL:  720h0m0s
-
-Hooks:  <none>
-
-Backup Format Version:  1.1.0
-
-Started:    2022-05-22 10:54:32 -0400 EDT
-Completed:  2022-05-22 10:54:35 -0400 EDT
-
-Expiration:  2022-06-21 10:54:32 -0400 EDT
-
-Total items to be backed up:  10
-Items backed up:              10
-
-Velero-Native Snapshots: <none included>
-```
-
-7. Delete the namespace - this will be restored using the backup created
-
-```bash
-kubectl delete namespace backupdemo
-```
-
-8. Restore the namespace from your backup
-
-```bash
-velero restore create --from-backup backup1
-```
-
-9. Verify that the namespace is restored
-
-```bash
-kubectl get all -n backupdemo
-
-# Output should look similar to below
-NAME        READY   STATUS    RESTARTS   AGE
-pod/nginx   1/1     Running   0          21s
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_backup_s3_bucket"></a> [backup\_s3\_bucket](#input\_backup\_s3\_bucket) | Bucket name for velero bucket | `string` | `""` | no |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for velero | `any` | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policy ARNs for Velero IRSA | `list(string)` | `[]` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/velero/data.tf b/modules/kubernetes-addons/velero/data.tf
deleted file mode 100644
index 75f76602d0..0000000000
--- a/modules/kubernetes-addons/velero/data.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-# https://github.com/vmware-tanzu/velero-plugin-for-aws#option-1-set-permissions-with-an-iam-user
-data "aws_iam_policy_document" "velero" {
-  statement {
-    actions = [
-      "ec2:CreateSnapshot",
-      "ec2:CreateSnapshots",
-      "ec2:CreateTags",
-      "ec2:CreateVolume",
-      "ec2:DeleteSnapshot"
-    ]
-    resources = [
-      "arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:instance/*",
-      "arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}::snapshot/*",
-      "arn:${var.addon_context.aws_partition_id}:ec2:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:volume/*"
-    ]
-  }
-
-  statement {
-    actions = [
-      "ec2:DescribeSnapshots",
-      "ec2:DescribeVolumes"
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    actions = [
-      "s3:AbortMultipartUpload",
-      "s3:DeleteObject",
-      "s3:GetObject",
-      "s3:ListMultipartUploadParts",
-      "s3:PutObject",
-    ]
-    resources = ["arn:${var.addon_context.aws_partition_id}:s3:::${var.backup_s3_bucket}/*"]
-  }
-
-  statement {
-    actions   = ["s3:ListBucket"]
-    resources = ["arn:${var.addon_context.aws_partition_id}:s3:::${var.backup_s3_bucket}"]
-  }
-}
diff --git a/modules/kubernetes-addons/velero/main.tf b/modules/kubernetes-addons/velero/main.tf
deleted file mode 100644
index 6cef8500c7..0000000000
--- a/modules/kubernetes-addons/velero/main.tf
+++ /dev/null
@@ -1,64 +0,0 @@
-data "aws_region" "current" {}
-
-locals {
-  name      = "velero"
-  namespace = try(var.helm_config.namespace, local.name)
-
-  argocd_gitops_config = {
-    enable             = true
-    serviceAccountName = local.name
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/Chart.yaml
-  helm_config = merge({
-    name        = local.name
-    description = "A Helm chart for velero"
-    chart       = local.name
-    version     = "3.1.0"
-    repository  = "https://vmware-tanzu.github.io/helm-charts/"
-    namespace   = local.namespace
-    values = [templatefile("${path.module}/values.yaml", {
-      bucket = var.backup_s3_bucket,
-      region = data.aws_region.current.name
-    })]
-    },
-    var.helm_config
-  )
-
-  set_values = [
-    {
-      name  = "serviceAccount.server.name"
-      value = local.name
-    },
-    {
-      name  = "serviceAccount.server.create"
-      value = false
-    }
-  ]
-
-  irsa_config = {
-    create_kubernetes_namespace = try(var.helm_config["create_namespace"], true)
-    kubernetes_namespace        = local.namespace
-
-    create_kubernetes_service_account   = true
-    create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false)
-    kubernetes_service_account          = try(var.helm_config.service_account, local.name)
-
-    irsa_iam_policies = concat([aws_iam_policy.velero.arn], var.irsa_policies)
-  }
-
-  # Blueprints
-  addon_context = var.addon_context
-}
-
-resource "aws_iam_policy" "velero" {
-  name        = "${var.addon_context.eks_cluster_id}-velero"
-  description = "Provides Velero permissions to backup and restore cluster resources"
-  policy      = data.aws_iam_policy_document.velero.json
-
-  tags = var.addon_context.tags
-}
diff --git a/modules/kubernetes-addons/velero/outputs.tf b/modules/kubernetes-addons/velero/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/velero/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/velero/values.yaml b/modules/kubernetes-addons/velero/values.yaml
deleted file mode 100644
index ed63b27d74..0000000000
--- a/modules/kubernetes-addons/velero/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-initContainers:
-  - name: velero-plugin-for-aws
-    image: velero/velero-plugin-for-aws:v1.5.0
-    volumeMounts:
-      - mountPath: /target
-        name: plugins
-
-configuration:
-  provider: aws
-  backupStorageLocation:
-    bucket: ${bucket}
-  volumeSnapshotLocation:
-    config:
-      region: ${region}
-
-credentials:
-  useSecret: false
diff --git a/modules/kubernetes-addons/velero/variables.tf b/modules/kubernetes-addons/velero/variables.tf
deleted file mode 100644
index 300bb3ca4a..0000000000
--- a/modules/kubernetes-addons/velero/variables.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for velero"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "irsa_policies" {
-  description = "Additional IAM policy ARNs for Velero IRSA"
-  type        = list(string)
-  default     = []
-}
-
-variable "backup_s3_bucket" {
-  description = "Bucket name for velero bucket"
-  type        = string
-  default     = ""
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/velero/versions.tf b/modules/kubernetes-addons/velero/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/kubernetes-addons/velero/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/versions.tf b/modules/kubernetes-addons/versions.tf
deleted file mode 100644
index a02a4a7030..0000000000
--- a/modules/kubernetes-addons/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.8"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/vpa/README.md b/modules/kubernetes-addons/vpa/README.md
deleted file mode 100644
index cf76e0f184..0000000000
--- a/modules/kubernetes-addons/vpa/README.md
+++ /dev/null
@@ -1,55 +0,0 @@
-# Vertical Pod Autoscaling (VPA)
-
-## What is VPA
-
-[VPA](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) Vertical Pod Autoscaler (VPA) frees the users from necessity of setting up-to-date resource limits and requests for the containers in their pods. When configured, it will set the requests automatically based on usage and thus allow proper scheduling onto nodes so that appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial containers configuration.
-[VPA Helm Chart Repo](https://github.com/FairwindsOps/charts/blob/master/stable/vpa/values.yaml)
-
-## Prerequisites
-
-- Metrics Server Helm chart installed
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.vpa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for VPA | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/vpa/main.tf b/modules/kubernetes-addons/vpa/main.tf
deleted file mode 100644
index 1a36df1736..0000000000
--- a/modules/kubernetes-addons/vpa/main.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-locals {
-  name      = try(var.helm_config.name, "vpa")
-  namespace = try(var.helm_config.namespace, local.name)
-}
-
-resource "kubernetes_namespace_v1" "vpa" {
-  count = try(var.helm_config.create_namespace, true) && local.namespace != "kube-system" ? 1 : 0
-
-  metadata {
-    name = local.namespace
-  }
-}
-
-module "helm_addon" {
-  source = "../helm-addon"
-
-  # https://github.com/FairwindsOps/charts/blob/master/stable/vpa/Chart.yaml
-  helm_config = merge(
-    {
-      name        = local.name
-      chart       = local.name
-      repository  = "https://charts.fairwinds.com/stable"
-      version     = "1.5.0"
-      namespace   = try(kubernetes_namespace_v1.vpa[0].metadata[0].name, local.namespace)
-      description = "Kubernetes Vertical Pod Autoscaler"
-    },
-    var.helm_config
-  )
-
-  manage_via_gitops = var.manage_via_gitops
-  addon_context     = var.addon_context
-}
diff --git a/modules/kubernetes-addons/vpa/outputs.tf b/modules/kubernetes-addons/vpa/outputs.tf
deleted file mode 100644
index 4d3d2c6515..0000000000
--- a/modules/kubernetes-addons/vpa/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? { enable = true } : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/vpa/variables.tf b/modules/kubernetes-addons/vpa/variables.tf
deleted file mode 100644
index 6945bfac86..0000000000
--- a/modules/kubernetes-addons/vpa/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for VPA"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-  })
-}
diff --git a/modules/kubernetes-addons/vpa/versions.tf b/modules/kubernetes-addons/vpa/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/vpa/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/kubernetes-addons/yunikorn/README.md b/modules/kubernetes-addons/yunikorn/README.md
deleted file mode 100644
index d3ef5dafc5..0000000000
--- a/modules/kubernetes-addons/yunikorn/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# YuniKorn Helm Chart
-
-## What is YuniKorn
-
-[YuniKorn](https://yunikorn.apache.org/) Resource Scheduler for K8s. Fully K8s compatible, an alternative of the default K8s scheduler, but more powerful. Transparent for the existing K8s applications.
-
-[Apache YuniKorn (Incubating)](https://yunikorn.apache.org/) is a new Apache incubator project that offers rich scheduling capabilities on Kubernetes. It fills the scheduling gap while running Big Data workloads on Kubernetes, with a ton of useful features such as hierarchical queues, elastic queue quotas, resource fairness, and job ordering.
-
-Helm Chart Repo https://github.com/apache/incubator-yunikorn-release/tree/master/helm-charts
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [kubernetes_namespace_v1.yunikorn](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>    irsa_iam_role_path             = string<br>    irsa_iam_permissions_boundary  = string<br>  })</pre> | n/a | yes |
-| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm provider config for Yunikorn | `any` | `{}` | no |
-| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
-| <a name="output_irsa_arn"></a> [irsa\_arn](#output\_irsa\_arn) | IAM role ARN for the service account |
-| <a name="output_irsa_name"></a> [irsa\_name](#output\_irsa\_name) | IAM role name for the service account |
-| <a name="output_release_metadata"></a> [release\_metadata](#output\_release\_metadata) | Map of attributes of the Helm release metadata |
-| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | Name of Kubernetes service account |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/kubernetes-addons/yunikorn/locals.tf b/modules/kubernetes-addons/yunikorn/locals.tf
deleted file mode 100644
index 3a2538ae73..0000000000
--- a/modules/kubernetes-addons/yunikorn/locals.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-locals {
-  name = "yunikorn"
-
-  # https://github.com/apache/yunikorn-release/blob/master/helm-charts/yunikorn/Chart.yaml
-  default_helm_config = {
-    name        = local.name
-    chart       = local.name
-    repository  = "https://apache.github.io/yunikorn-release"
-    version     = "1.1.0"
-    namespace   = local.name
-    description = "Apache YuniKorn (Incubating) is a light-weight, universal resource scheduler for container orchestrator systems"
-    values      = [file("${path.module}/values.yaml")]
-  }
-
-  helm_config = merge(
-    local.default_helm_config,
-    var.helm_config
-  )
-
-  argocd_gitops_config = {
-    enable = true
-  }
-}
diff --git a/modules/kubernetes-addons/yunikorn/main.tf b/modules/kubernetes-addons/yunikorn/main.tf
deleted file mode 100644
index 1a27469b01..0000000000
--- a/modules/kubernetes-addons/yunikorn/main.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-module "helm_addon" {
-  source = "../helm-addon"
-
-  manage_via_gitops = var.manage_via_gitops
-  helm_config       = local.helm_config
-  addon_context     = var.addon_context
-
-  depends_on = [kubernetes_namespace_v1.yunikorn]
-}
-
-resource "kubernetes_namespace_v1" "yunikorn" {
-  count = try(local.helm_config["create_namespace"], true) && local.helm_config["namespace"] != "kube-system" ? 1 : 0
-  metadata {
-    name = local.helm_config["namespace"]
-  }
-}
diff --git a/modules/kubernetes-addons/yunikorn/outputs.tf b/modules/kubernetes-addons/yunikorn/outputs.tf
deleted file mode 100644
index 0776dcd7ef..0000000000
--- a/modules/kubernetes-addons/yunikorn/outputs.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-output "argocd_gitops_config" {
-  description = "Configuration used for managing the add-on with ArgoCD"
-  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
-}
-
-output "release_metadata" {
-  description = "Map of attributes of the Helm release metadata"
-  value       = module.helm_addon.release_metadata
-}
-
-output "irsa_arn" {
-  description = "IAM role ARN for the service account"
-  value       = module.helm_addon.irsa_arn
-}
-
-output "irsa_name" {
-  description = "IAM role name for the service account"
-  value       = module.helm_addon.irsa_name
-}
-
-output "service_account" {
-  description = "Name of Kubernetes service account"
-  value       = module.helm_addon.service_account
-}
diff --git a/modules/kubernetes-addons/yunikorn/values.yaml b/modules/kubernetes-addons/yunikorn/values.yaml
deleted file mode 100644
index 3b0770df3e..0000000000
--- a/modules/kubernetes-addons/yunikorn/values.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-operatorPlugins: general,spark-k8s-operator
-
-service:
-  type: ClusterIP
-  port: 9080
-  port_web: 9889
-
-# When this flag is true, the admission controller will be installed along with the scheduler.
-# When this flag is false, the admission controller will not be installed.
-# Once the admission controller is installed, all traffic will be routing to yunikorn.
-embedAdmissionController: false
diff --git a/modules/kubernetes-addons/yunikorn/variables.tf b/modules/kubernetes-addons/yunikorn/variables.tf
deleted file mode 100644
index 821eebe2b3..0000000000
--- a/modules/kubernetes-addons/yunikorn/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "helm_config" {
-  description = "Helm provider config for Yunikorn"
-  type        = any
-  default     = {}
-}
-
-variable "manage_via_gitops" {
-  description = "Determines if the add-on should be managed via GitOps"
-  type        = bool
-  default     = false
-}
-
-variable "addon_context" {
-  description = "Input configuration for the addon"
-  type = object({
-    aws_caller_identity_account_id = string
-    aws_caller_identity_arn        = string
-    aws_eks_cluster_endpoint       = string
-    aws_partition_id               = string
-    aws_region_name                = string
-    eks_cluster_id                 = string
-    eks_oidc_issuer_url            = string
-    eks_oidc_provider_arn          = string
-    tags                           = map(string)
-    irsa_iam_role_path             = string
-    irsa_iam_permissions_boundary  = string
-  })
-}
diff --git a/modules/kubernetes-addons/yunikorn/versions.tf b/modules/kubernetes-addons/yunikorn/versions.tf
deleted file mode 100644
index 55fba733ab..0000000000
--- a/modules/kubernetes-addons/yunikorn/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-  }
-}
diff --git a/modules/launch-templates/README.md b/modules/launch-templates/README.md
deleted file mode 100644
index 74626e66c6..0000000000
--- a/modules/launch-templates/README.md
+++ /dev/null
@@ -1,138 +0,0 @@
-# AWS Launch Templates
-
-This module used to create Launch Templates for Node groups or Karpenter.
-
-## Usage
-
-This example shows how to consume the `launch-templates` module. See this full [example](../../examples/karpenter/main.tf).
-
-```hcl
-module "launch_templates" {
-  source                         = "aws-ia/terraform-aws-eks-blueprints//modules/launch-templates"
-  tags                           = { Name = "eks-blueprints"}
-  eks_cluster_id                 = "<Enter EKS CLuster ID>"
-
-  launch_template_config = {
-    io1 = {
-      ami                         = "ami-0adc757be1e4e11a1"
-      launch_template_prefix      = "io1"
-      launch_template_os          = "amazonlinux2eks"
-      vpc_security_group_ids      = "<comma separated security groups ids>"
-      iam_instance_profile        = "IAM Instance Profile"
-      block_device_mappings       = [
-        {
-          device_name = "/dev/xvda"
-          volume_type = "io1"
-          volume_size = 200
-          iops = 100               # io1 and io2 -> Min: 100 IOPS, Max: 100000 IOPS (up to 1000 IOPS per GiB)
-        }
-      ]
-    },
-    io2 = {
-      ami                          = "ami-0adc757be1e4e11a1"
-      launch_template_prefix       = "io2"
-      launch_template_os           = "amazonlinux2eks"
-      vpc_security_group_ids       = "<comma separated security groups ids>"
-      iam_instance_profile         = "IAM Instance Profile"
-      block_device_mappings        = [
-        {
-          device_name = "/dev/xvda"
-          volume_type = "io2"
-          volume_size = 200
-          iops = 3000              #gp3-> Min: 3000 IOPS, Max: 16000 IOPS.
-        }
-      ]
-    },
-    gp3 = {
-      ami                          = "ami-0adc757be1e4e11a1"
-      launch_template_prefix       = "gp3"
-      launch_template_os           = "amazonlinux2eks"
-      vpc_security_group_ids       = "<comma separated security groups ids>"
-      iam_instance_profile         = "IAM Instance Profile"
-      block_device_mappings        = [
-        {
-          device_name = "/dev/xvda"
-          volume_type = "gp3"
-          volume_size = 200
-          iops        = 3000       # gp3 -> Min: 3000 IOPS, Max: 16000 IOPS.
-          throughput  = 1000       # gp3 -> 125 to 1000
-        }
-      ]
-    },
-    gp2 = {
-      ami = "ami-0adc757be1e4e11a1"
-      ami                          = "ami-0adc757be1e4e11a1"
-      launch_template_prefix       = "gp2"
-      launch_template_os           = "amazonlinux2eks"
-      vpc_security_group_ids       = "<comma separated security groups ids>"
-      iam_instance_profile         = "IAM Instance Profile"
-      block_device_mappings        = [
-        {
-          device_name = "/dev/xvda"
-          volume_type = "gp2"
-          volume_size = 200
-        }
-      ]
-    },
-    bottlerocket = {
-      ami                           = "ami-03909df9bfcc1e215"
-      launch_template_os            = "bottlerocket"
-      launch_template_prefix        = "bottle"
-      vpc_security_group_ids        = "<comma separated security groups ids>"
-      iam_instance_profile          = "IAM Instance Profile"
-      block_device_mappings         = [
-        {
-          device_name = "/dev/xvda"
-          volume_type = "gp2"
-          volume_size = 200
-        }
-      ]
-    },
-  }
-}
-```
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_launch_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
-| [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes |
-| <a name="input_launch_template_config"></a> [launch\_template\_config](#input\_launch\_template\_config) | Launch template configuration | `any` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_launch_template_arn"></a> [launch\_template\_arn](#output\_launch\_template\_arn) | Launch Template ARNs |
-| <a name="output_launch_template_default_version"></a> [launch\_template\_default\_version](#output\_launch\_template\_default\_version) | Launch Template Default Versions |
-| <a name="output_launch_template_id"></a> [launch\_template\_id](#output\_launch\_template\_id) | Launch Template IDs |
-| <a name="output_launch_template_image_id"></a> [launch\_template\_image\_id](#output\_launch\_template\_image\_id) | Launch Template Image IDs |
-| <a name="output_launch_template_latest_version"></a> [launch\_template\_latest\_version](#output\_launch\_template\_latest\_version) | Launch Template Latest Versions |
-| <a name="output_launch_template_name"></a> [launch\_template\_name](#output\_launch\_template\_name) | Launch Template Names |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/launch-templates/main.tf b/modules/launch-templates/main.tf
deleted file mode 100644
index 500a2ebfcb..0000000000
--- a/modules/launch-templates/main.tf
+++ /dev/null
@@ -1,123 +0,0 @@
-data "aws_eks_cluster" "eks" {
-  name = var.eks_cluster_id
-}
-
-#tfsec:ignore:aws-autoscaling-enforce-http-token-imds
-resource "aws_launch_template" "this" {
-  for_each = var.launch_template_config
-
-  name        = format("%s-%s", try(each.value.launch_template_prefix, ""), var.eks_cluster_id)
-  description = "Launch Template for Amazon EKS Worker Nodes"
-
-  image_id               = try(each.value.ami, null)
-  update_default_version = true
-
-  instance_type = try(each.value.instance_type, null)
-
-  user_data = base64encode(templatefile("${path.module}/templates/userdata-${try(each.value.launch_template_os, "amazonlinux2eks")}.tpl",
-    {
-      pre_userdata           = try(each.value.pre_userdata, "")
-      post_userdata          = try(each.value.post_userdata, "")
-      bootstrap_extra_args   = try(each.value.bootstrap_extra_args, "")
-      kubelet_extra_args     = try(each.value.kubelet_extra_args, "")
-      eks_cluster_id         = var.eks_cluster_id
-      cluster_ca_base64      = data.aws_eks_cluster.eks.certificate_authority[0].data
-      cluster_endpoint       = data.aws_eks_cluster.eks.endpoint
-      service_ipv6_cidr      = try(each.value.service_ipv6_cidr, "") == null ? "" : try(each.value.service_ipv6_cidr, "")
-      service_ipv4_cidr      = try(each.value.service_ipv4_cidr, "") == null ? "" : try(each.value.service_ipv4_cidr, "")
-      format_mount_nvme_disk = try(each.value.format_mount_nvme_disk, false)
-  }))
-
-  dynamic "iam_instance_profile" {
-    for_each = length(try(each.value.iam_instance_profile, {})) > 0 ? { iam_instance_profile : each.value.iam_instance_profile } : {}
-    iterator = iam
-    content {
-      name = iam.value
-    }
-  }
-
-  dynamic "instance_market_options" {
-    for_each = trimspace(lower(try(each.value.capacity_type, ""))) == "spot" ? { enabled = true } : {}
-
-    content {
-      market_type = each.value.capacity_type
-    }
-  }
-
-  ebs_optimized = true
-
-  dynamic "block_device_mappings" {
-    for_each = try(each.value.block_device_mappings, {})
-
-    content {
-      device_name = try(block_device_mappings.value.device_name, null)
-
-      ebs {
-        delete_on_termination = try(block_device_mappings.value.delete_on_termination, true)
-        encrypted             = try(block_device_mappings.value.encrypted, true)
-        kms_key_id            = try(block_device_mappings.value.kms_key_id, null)
-        volume_size           = try(block_device_mappings.value.volume_size, null)
-        volume_type           = try(block_device_mappings.value.volume_type, null)
-        iops                  = contains(["gp3", "io1", "io2"], try(block_device_mappings.value.volume_type, "")) ? try(block_device_mappings.value.iops, 3000) : null
-        throughput            = try(block_device_mappings.value.volume_type, "") == "gp3" ? try(block_device_mappings.value.throughput, 125) : null
-      }
-    }
-  }
-
-  dynamic "placement" {
-    for_each = try(each.value.placement, null) != null ? [each.value.placement] : []
-    content {
-      affinity          = lookup(placement.value, "affinity", null)
-      availability_zone = lookup(placement.value, "availability_zone", null)
-      group_name        = lookup(placement.value, "group_name", null)
-      host_id           = lookup(placement.value, "host_id", null)
-      tenancy           = lookup(placement.value, "tenancy", null)
-    }
-  }
-
-  vpc_security_group_ids = try(each.value.vpc_security_group_ids, null)
-
-  dynamic "network_interfaces" {
-    for_each = try(each.value.network_interfaces, {})
-
-    content {
-      associate_public_ip_address = try(network_interfaces.value.public_ip, false)
-      security_groups             = try(network_interfaces.value.security_groups, null)
-    }
-  }
-
-  dynamic "monitoring" {
-    for_each = try(each.value.monitoring, true) ? [1] : []
-
-    content {
-      enabled = true
-    }
-  }
-
-  dynamic "metadata_options" {
-    for_each = try(each.value.enable_metadata_options, true) ? [1] : []
-
-    content {
-      http_endpoint               = try(each.value.http_endpoint, "enabled")
-      http_tokens                 = try(each.value.http_tokens, "required")
-      http_put_response_hop_limit = try(each.value.http_put_response_hop_limit, 2)
-      http_protocol_ipv6          = try(each.value.http_protocol_ipv6, "disabled")
-      instance_metadata_tags      = try(each.value.instance_metadata_tags, "disabled")
-    }
-  }
-
-  dynamic "tag_specifications" {
-    for_each = toset(["instance", "volume", "network-interface"])
-
-    content {
-      resource_type = tag_specifications.value
-      tags          = var.tags
-    }
-  }
-
-  tags = var.tags
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
diff --git a/modules/launch-templates/outputs.tf b/modules/launch-templates/outputs.tf
deleted file mode 100644
index 6c39c16790..0000000000
--- a/modules/launch-templates/outputs.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-output "launch_template_id" {
-  description = "Launch Template IDs"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].id }
-}
-
-output "launch_template_image_id" {
-  description = "Launch Template Image IDs"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].image_id }
-}
-
-output "launch_template_arn" {
-  description = "Launch Template ARNs"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].arn }
-}
-
-output "launch_template_name" {
-  description = "Launch Template Names"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].name }
-}
-
-output "launch_template_default_version" {
-  description = "Launch Template Default Versions"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].default_version }
-}
-
-output "launch_template_latest_version" {
-  description = "Launch Template Latest Versions"
-  value       = { for template in sort(keys(var.launch_template_config)) : template => aws_launch_template.this[template].latest_version }
-}
diff --git a/modules/launch-templates/templates/userdata-amazonlinux2eks.tpl b/modules/launch-templates/templates/userdata-amazonlinux2eks.tpl
deleted file mode 100644
index 958959cd66..0000000000
--- a/modules/launch-templates/templates/userdata-amazonlinux2eks.tpl
+++ /dev/null
@@ -1,44 +0,0 @@
-MIME-Version: 1.0
-Content-Type: multipart/mixed; boundary="//"
-
---//
-Content-Type: text/x-shellscript; charset="us-ascii"
-#!/bin/bash
-set -ex
-
-# User-supplied pre userdata code
-${pre_userdata}
-
-if [ ${format_mount_nvme_disk} = true ];then
-echo "Format and Mount NVMe Disks if available"
-IDX=1
-DEVICES=$(lsblk -o NAME,TYPE -dsn | awk '/disk/ {print $1}')
-for DEV in $DEVICES
-do
-  mkfs.xfs /dev/$${DEV}
-  mkdir -p /local$${IDX}
-
-  echo /dev/$${DEV} /local$${IDX} xfs defaults,noatime 1 2 >> /etc/fstab
-
-  IDX=$(($${IDX} + 1))
-done
-mount -a
-fi
-
-if [ ${service_ipv4_cidr} ];then
-echo "Setting custom IPV4 CIDR"
-export SERVICE_IPV4_CIDR=${service_ipv4_cidr}
-fi
-
-if [ ${service_ipv6_cidr} ];then
-echo "Setting custom IPV6 CIDR"
-export SERVICE_IPV6_CIDR=${service_ipv6_cidr}
-fi
-
-# Bootstrap and join the cluster
-/etc/eks/bootstrap.sh --b64-cluster-ca '${cluster_ca_base64}' --apiserver-endpoint '${cluster_endpoint}' ${bootstrap_extra_args} --kubelet-extra-args "${kubelet_extra_args}" '${eks_cluster_id}'
-
-# User-supplied post userdata code
-${post_userdata}
-
---//--
diff --git a/modules/launch-templates/templates/userdata-bottlerocket.tpl b/modules/launch-templates/templates/userdata-bottlerocket.tpl
deleted file mode 100644
index 4db54603c9..0000000000
--- a/modules/launch-templates/templates/userdata-bottlerocket.tpl
+++ /dev/null
@@ -1,6 +0,0 @@
-${pre_userdata}
-[settings.kubernetes]
-api-server = "${cluster_endpoint}"
-cluster-certificate = "${cluster_ca_base64}"
-cluster-name = "${eks_cluster_id}"
-${post_userdata}
diff --git a/modules/launch-templates/templates/userdata-windows.tpl b/modules/launch-templates/templates/userdata-windows.tpl
deleted file mode 100644
index dc8d965a54..0000000000
--- a/modules/launch-templates/templates/userdata-windows.tpl
+++ /dev/null
@@ -1,28 +0,0 @@
-<powershell>
-${pre_userdata}
-
-# Deal with extra new disks
-$disks_to_adjust = Get-Disk | Select-Object Number,Size,PartitionStyle | Where-Object PartitionStyle -Match RAW
-if ($disks_to_adjust -ne $null) {
-  [int64] $partition_mbr_max_size = 2199023255552
-  $partition_style = "MBR"
-
-  foreach ($disk in $disks_to_adjust) {
-    if ($disk.Size -gt $partition_mbr_max_size) {
-      $partition_style = "GPT"
-    }
-
-    Initialize-Disk -Number $disk.Number -PartitionStyle $partition_style
-    New-Partition -DiskNumber $disk.Number -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem NTFS
-  }
-}
-
-# Bootstrap and join the cluster
-[string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS"
-[string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1'
-[string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName"
-& $EKSBootstrapScriptFile -EKSClusterName ${eks_cluster_id} ${bootstrap_extra_args} -KubeletExtraArgs '${kubelet_extra_args}' 3>&1 4>&1 5>&1 6>&1
-$LastError = if ($?) { 0 } else { $Error[0].Exception.HResult }
-
-${post_userdata}
-</powershell>
diff --git a/modules/launch-templates/variables.tf b/modules/launch-templates/variables.tf
deleted file mode 100644
index 2702804f54..0000000000
--- a/modules/launch-templates/variables.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-variable "launch_template_config" {
-  description = "Launch template configuration"
-  type        = any
-}
-
-variable "eks_cluster_id" {
-  description = "EKS Cluster ID"
-  type        = string
-}
-
-variable "tags" {
-  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
-  type        = map(string)
-  default     = {}
-}
diff --git a/modules/launch-templates/versions.tf b/modules/launch-templates/versions.tf
deleted file mode 100644
index f92f41b9e7..0000000000
--- a/modules/launch-templates/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72"
-    }
-  }
-}
diff --git a/outputs.tf b/outputs.tf
deleted file mode 100644
index 0d4baf2955..0000000000
--- a/outputs.tf
+++ /dev/null
@@ -1,203 +0,0 @@
-#-------------------------------
-# EKS Cluster Module Outputs
-#-------------------------------
-output "eks_cluster_arn" {
-  description = "Amazon EKS Cluster Name"
-  value       = module.aws_eks.cluster_arn
-}
-
-output "eks_cluster_id" {
-  description = "Amazon EKS Cluster Name"
-  value       = module.aws_eks.cluster_id
-}
-
-output "eks_cluster_certificate_authority_data" {
-  description = "Base64 encoded certificate data required to communicate with the cluster"
-  value       = module.aws_eks.cluster_certificate_authority_data
-}
-
-output "eks_cluster_endpoint" {
-  description = "Endpoint for your Kubernetes API server"
-  value       = module.aws_eks.cluster_endpoint
-}
-
-output "eks_oidc_issuer_url" {
-  description = "The URL on the EKS cluster OIDC Issuer"
-  value       = try(split("//", module.aws_eks.cluster_oidc_issuer_url)[1], "EKS Cluster not enabled") # TODO - remove `split()` since `oidc_provider` coverss https:// removal
-}
-
-output "oidc_provider" {
-  description = "The OpenID Connect identity provider (issuer URL without leading `https://`)"
-  value       = module.aws_eks.oidc_provider
-}
-
-output "eks_oidc_provider_arn" {
-  description = "The ARN of the OIDC Provider if `enable_irsa = true`."
-  value       = module.aws_eks.oidc_provider_arn
-}
-
-output "configure_kubectl" {
-  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
-  value       = "aws eks --region ${local.context.aws_region_name} update-kubeconfig --name ${module.aws_eks.cluster_id}"
-}
-
-output "eks_cluster_status" {
-  description = "Amazon EKS Cluster Status"
-  value       = module.aws_eks.cluster_status
-}
-
-output "eks_cluster_version" {
-  description = "The Kubernetes version for the cluster"
-  value       = module.aws_eks.cluster_version
-}
-
-#-------------------------------
-# Cluster Security Group
-#-------------------------------
-output "cluster_primary_security_group_id" {
-  description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console"
-  value       = module.aws_eks.cluster_primary_security_group_id
-}
-
-output "cluster_security_group_id" {
-  description = "EKS Control Plane Security Group ID"
-  value       = module.aws_eks.cluster_security_group_id
-}
-
-output "cluster_security_group_arn" {
-  description = "Amazon Resource Name (ARN) of the cluster security group"
-  value       = module.aws_eks.cluster_security_group_arn
-}
-
-#-------------------------------
-# EKS Worker Security Group
-#-------------------------------
-output "worker_node_security_group_arn" {
-  description = "Amazon Resource Name (ARN) of the worker node shared security group"
-  value       = try(module.aws_eks.node_security_group_arn, "EKS Node groups not enabled")
-}
-
-output "worker_node_security_group_id" {
-  description = "ID of the worker node shared security group"
-  value       = try(module.aws_eks.node_security_group_id, "EKS Node groups not enabled")
-}
-
-#---------------------------------
-# Self-managed Node Groups Outputs
-#---------------------------------
-output "self_managed_node_groups" {
-  description = "Outputs from EKS Self-managed node groups "
-  value       = var.create_eks && length(var.self_managed_node_groups) > 0 ? module.aws_eks_self_managed_node_groups[*] : []
-}
-
-output "self_managed_node_group_iam_role_arns" {
-  description = "IAM role arn's of self managed node groups"
-  value       = var.create_eks && length(var.self_managed_node_groups) > 0 ? values({ for nodes in sort(keys(var.self_managed_node_groups)) : nodes => join(",", module.aws_eks_self_managed_node_groups[nodes].self_managed_nodegroup_iam_role_arns) }) : []
-}
-
-output "self_managed_node_group_autoscaling_groups" {
-  description = "Autoscaling group names of self managed node groups"
-  value       = var.create_eks && length(var.self_managed_node_groups) > 0 ? values({ for nodes in sort(keys(var.self_managed_node_groups)) : nodes => join(",", module.aws_eks_self_managed_node_groups[nodes].self_managed_asg_names) }) : []
-}
-
-output "self_managed_node_group_iam_instance_profile_id" {
-  description = "IAM instance profile id of managed node groups"
-  value       = var.create_eks && length(var.self_managed_node_groups) > 0 ? values({ for nodes in sort(keys(var.self_managed_node_groups)) : nodes => join(",", module.aws_eks_self_managed_node_groups[nodes].self_managed_nodegroup_iam_instance_profile_id) }) : []
-}
-
-output "self_managed_node_group_aws_auth_config_map" {
-  description = "Self managed node groups AWS auth map"
-  value       = local.self_managed_node_group_aws_auth_config_map[*]
-}
-
-output "windows_node_group_aws_auth_config_map" {
-  description = "Windows node groups AWS auth map"
-  value       = local.windows_node_group_aws_auth_config_map[*]
-}
-
-#--------------------------------
-# EKS Managed Node Groups Outputs
-#--------------------------------
-output "managed_node_groups" {
-  description = "Outputs from EKS Managed node groups "
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? module.aws_eks_managed_node_groups[*] : []
-}
-
-output "managed_node_groups_id" {
-  description = "EKS Managed node groups id"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_id) }) : []
-}
-
-output "managed_node_groups_status" {
-  description = "EKS Managed node groups status"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_status) }) : []
-}
-
-output "managed_node_group_arn" {
-  description = "Managed node group arn"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_arn) }) : []
-}
-
-output "managed_node_group_iam_role_names" {
-  description = "IAM role names of managed node groups"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_iam_role_name) }) : []
-}
-
-output "managed_node_group_iam_role_arns" {
-  description = "IAM role arn's of managed node groups"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_iam_role_arn) }) : []
-}
-
-output "managed_node_group_iam_instance_profile_id" {
-  description = "IAM instance profile id of managed node groups"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_iam_instance_profile_id) }) : []
-}
-
-output "managed_node_group_iam_instance_profile_arns" {
-  description = "IAM instance profile arn's of managed node groups"
-  value       = var.create_eks && length(var.managed_node_groups) > 0 ? values({ for nodes in keys(var.managed_node_groups) : nodes => join(",", module.aws_eks_managed_node_groups[nodes].managed_nodegroup_iam_instance_profile_arn) }) : []
-}
-
-output "managed_node_group_aws_auth_config_map" {
-  description = "Managed node groups AWS auth map"
-  value       = local.managed_node_group_aws_auth_config_map[*]
-}
-
-#-------------------------------
-# Fargate Profile Outputs
-#-------------------------------
-output "fargate_profiles" {
-  description = "Outputs from EKS Fargate profiles groups "
-  value       = module.aws_eks_fargate_profiles
-}
-
-output "fargate_profiles_iam_role_arns" {
-  description = "IAM role arn's for Fargate Profiles"
-  value       = var.create_eks && length(var.fargate_profiles) > 0 ? { for nodes in sort(keys(var.fargate_profiles)) : nodes => module.aws_eks_fargate_profiles[nodes].eks_fargate_profile_role_name } : null
-}
-
-output "fargate_profiles_aws_auth_config_map" {
-  description = "Fargate profiles AWS auth map"
-  value       = local.fargate_profiles_aws_auth_config_map
-}
-
-#-------------------------------
-# EMR on EKS Outputs
-#-------------------------------
-output "emr_on_eks_role_arn" {
-  description = "IAM execution role ARN for EMR on EKS"
-  value       = var.create_eks && var.enable_emr_on_eks ? values({ for nodes in sort(keys(var.emr_on_eks_teams)) : nodes => join(",", module.emr_on_eks[nodes].emr_on_eks_role_arn) }) : []
-}
-
-output "emr_on_eks_role_id" {
-  description = "IAM execution role ID for EMR on EKS"
-  value       = var.create_eks && var.enable_emr_on_eks ? values({ for nodes in sort(keys(var.emr_on_eks_teams)) : nodes => join(",", module.emr_on_eks[nodes].emr_on_eks_role_id) }) : []
-}
-
-#-------------------------------
-# Teams(Soft Multi-tenancy) Outputs
-#-------------------------------
-output "teams" {
-  description = "Output of the teams module. This contains the IAM roles arn of platform and application teams"
-  value       = var.create_eks && (length(var.platform_teams) > 0 || length(var.application_teams) > 0) ? module.aws_eks_teams[*] : []
-}
diff --git a/variables.tf b/variables.tf
deleted file mode 100644
index e9167393ca..0000000000
--- a/variables.tf
+++ /dev/null
@@ -1,436 +0,0 @@
-variable "tags" {
-  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
-  type        = map(string)
-  default     = {}
-}
-
-#-------------------------------
-# VPC Config for EKS Cluster
-#-------------------------------
-variable "vpc_id" {
-  description = "VPC Id"
-  type        = string
-}
-
-variable "private_subnet_ids" {
-  description = "List of private subnets Ids for the cluster and worker nodes"
-  type        = list(string)
-  default     = []
-}
-
-variable "public_subnet_ids" {
-  description = "List of public subnets Ids for the worker nodes"
-  type        = list(string)
-  default     = []
-}
-
-variable "control_plane_subnet_ids" {
-  description = "A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane"
-  type        = list(string)
-  default     = []
-}
-
-#-------------------------------
-# EKS module variables (terraform-aws-modules/eks/aws)
-#-------------------------------
-variable "create_eks" {
-  description = "Create EKS cluster"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_timeouts" {
-  description = "Create, update, and delete timeout configurations for the cluster"
-  type        = map(string)
-  default     = {}
-}
-
-variable "cluster_name" {
-  description = "EKS Cluster Name"
-  type        = string
-  default     = ""
-}
-
-variable "cluster_version" {
-  description = "Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.24`)"
-  type        = string
-  default     = "1.24"
-}
-
-#-------------------------------
-# EKS Cluster Security Groups
-#-------------------------------
-variable "create_cluster_security_group" {
-  description = "Toggle to create or assign cluster security group"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_security_group_name" {
-  description = "Name to use on cluster security group created"
-  type        = string
-  default     = null
-}
-
-variable "cluster_security_group_use_name_prefix" {
-  description = "Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_security_group_description" {
-  description = "Description of the cluster security group created"
-  type        = string
-  default     = "EKS cluster security group"
-}
-
-variable "cluster_security_group_id" {
-  description = "Security group to be used if creation of cluster security group is turned off"
-  type        = string
-  default     = ""
-}
-
-variable "cluster_additional_security_group_ids" {
-  description = "List of additional, externally created security group IDs to attach to the cluster control plane"
-  type        = list(string)
-  default     = []
-}
-
-variable "cluster_security_group_additional_rules" {
-  description = "List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source"
-  type        = any
-  default     = {}
-}
-
-variable "cluster_security_group_tags" {
-  description = "A map of additional tags to add to the cluster security group created"
-  type        = map(string)
-  default     = {}
-}
-
-variable "create_cluster_primary_security_group_tags" {
-  description = "Indicates whether or not to tag the cluster's primary security group. This security group is created by the EKS service, not the module, and therefore tagging is handled after cluster creation"
-  type        = bool
-  default     = true
-}
-
-#-------------------------------
-# EKS Cluster VPC Config
-#-------------------------------
-variable "cluster_endpoint_public_access" {
-  description = "Indicates whether or not the EKS public API server endpoint is enabled. Default to EKS resource and it is true"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_endpoint_private_access" {
-  description = "Indicates whether or not the EKS private API server endpoint is enabled. Default to EKS resource and it is false"
-  type        = bool
-  default     = false
-}
-
-variable "cluster_endpoint_public_access_cidrs" {
-  description = "List of CIDR blocks which can access the Amazon EKS public API server endpoint"
-  type        = list(string)
-  default     = ["0.0.0.0/0"]
-}
-
-#-------------------------------
-# EKS Cluster ENCRYPTION
-#-------------------------------
-variable "cluster_kms_key_arn" {
-  description = "A valid EKS Cluster KMS Key ARN to encrypt Kubernetes secrets"
-  type        = string
-  default     = null
-}
-
-variable "cluster_kms_key_deletion_window_in_days" {
-  description = "The waiting period, specified in number of days (7 - 30). After the waiting period ends, AWS KMS deletes the KMS key"
-  type        = number
-  default     = 30
-}
-
-variable "cluster_kms_key_additional_admin_arns" {
-  description = "A list of additional IAM ARNs that should have FULL access (kms:*) in the KMS key policy"
-  type        = list(string)
-  default     = []
-}
-
-variable "enable_cluster_encryption" {
-  description = "Determines whether cluster encryption is enabled"
-  type        = bool
-  default     = true
-}
-
-variable "cluster_encryption_config" {
-  description = "Configuration block with encryption configuration for the cluster"
-  type = list(object({
-    provider_key_arn = string
-    resources        = list(string)
-  }))
-  default = []
-}
-
-#-------------------------------
-# EKS Cluster Kubernetes Network Config
-#-------------------------------
-variable "cluster_ip_family" {
-  description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created"
-  type        = string
-  default     = "ipv4"
-}
-
-variable "cluster_service_ipv4_cidr" {
-  description = "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
-  type        = string
-  default     = null
-}
-
-variable "cluster_service_ipv6_cidr" {
-  description = "The IPV6 Service CIDR block to assign Kubernetes service IP addresses"
-  type        = string
-  default     = null
-}
-
-#-------------------------------
-# EKS Cluster CloudWatch Logging
-#-------------------------------
-variable "create_cloudwatch_log_group" {
-  description = "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
-  type        = bool
-  default     = false
-}
-
-variable "cluster_enabled_log_types" {
-  description = "A list of the desired control plane logging to enable"
-  type        = list(string)
-  default     = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
-}
-
-variable "cloudwatch_log_group_retention_in_days" {
-  description = "Number of days to retain log events. Default retention - 90 days"
-  type        = number
-  default     = 90
-}
-
-variable "cloudwatch_log_group_kms_key_id" {
-  description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
-  type        = string
-  default     = null
-}
-
-#-------------------------------
-# EKS Cluster IAM role
-#-------------------------------
-
-variable "create_iam_role" {
-  description = "Determines whether a an IAM role is created or to use an existing IAM role"
-  type        = bool
-  default     = true
-}
-
-variable "iam_role_arn" {
-  description = "Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false`"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_name" {
-  description = "Name to use on IAM role created"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_path" {
-  description = "Cluster IAM role path"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_description" {
-  description = "Description of the role"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_permissions_boundary" {
-  description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
-  type        = string
-  default     = null
-}
-
-variable "iam_role_additional_policies" {
-  description = "Additional policies to be added to the IAM role"
-  type        = list(string)
-  default     = []
-}
-
-variable "enable_irsa" {
-  description = "Determines whether to create an OpenID Connect Provider for EKS to enable IRSA"
-  type        = bool
-  default     = true
-}
-
-variable "openid_connect_audiences" {
-  description = "List of OpenID Connect audience client IDs to add to the IRSA provider"
-  type        = list(string)
-  default     = []
-}
-
-variable "custom_oidc_thumbprints" {
-  description = "Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s)"
-  type        = list(string)
-  default     = []
-}
-
-variable "cluster_identity_providers" {
-  description = "Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA"
-  type        = any
-  default     = {}
-}
-
-#-------------------------------
-# Node Groups
-#-------------------------------
-variable "managed_node_groups" {
-  description = "Managed node groups configuration"
-  type        = any
-  default     = {}
-}
-
-variable "self_managed_node_groups" {
-  description = "Self-managed node groups configuration"
-  type        = any
-  default     = {}
-}
-
-variable "enable_windows_support" {
-  description = "Enable Windows support"
-  type        = bool
-  default     = false
-}
-
-#-------------------------------
-# Worker Additional Variables
-#-------------------------------
-variable "create_node_security_group" {
-  description = "Determines whether to create a security group for the node groups or use the existing `node_security_group_id`"
-  type        = bool
-  default     = true
-}
-
-variable "node_security_group_name" {
-  description = "Name to use on node security group created"
-  type        = string
-  default     = null
-}
-
-variable "node_security_group_use_name_prefix" {
-  description = "Determines whether node security group name (`node_security_group_name`) is used as a prefix"
-  type        = bool
-  default     = true
-}
-
-variable "node_security_group_description" {
-  description = "Description of the node security group created"
-  type        = string
-  default     = "EKS node shared security group"
-}
-
-variable "node_security_group_additional_rules" {
-  description = "List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source"
-  type        = any
-  default     = {}
-}
-
-variable "node_security_group_tags" {
-  description = "A map of additional tags to add to the node security group created"
-  type        = map(string)
-  default     = {}
-}
-
-variable "worker_additional_security_group_ids" {
-  description = "A list of additional security group ids to attach to worker instances"
-  type        = list(string)
-  default     = []
-}
-
-#-------------------------------
-# Fargate
-#-------------------------------
-variable "fargate_profiles" {
-  description = "Fargate profile configuration"
-  type        = any
-  default     = {}
-}
-
-#-------------------------------
-# aws-auth Config Map
-#-------------------------------
-variable "map_accounts" {
-  description = "Additional AWS account numbers to add to the aws-auth ConfigMap"
-  type        = list(string)
-  default     = []
-}
-
-variable "map_roles" {
-  description = "Additional IAM roles to add to the aws-auth ConfigMap"
-  type = list(object({
-    rolearn  = string
-    username = string
-    groups   = list(string)
-  }))
-  default = []
-}
-
-variable "map_users" {
-  description = "Additional IAM users to add to the aws-auth ConfigMap"
-  type = list(object({
-    userarn  = string
-    username = string
-    groups   = list(string)
-  }))
-  default = []
-}
-
-variable "aws_auth_additional_labels" {
-  description = "Additional kubernetes labels applied on aws-auth ConfigMap"
-  type        = map(string)
-  default     = {}
-}
-
-variable "eks_readiness_timeout" {
-  description = "The maximum time (in seconds) to wait for EKS API server endpoint to become healthy"
-  type        = number
-  default     = "600"
-}
-
-#-------------------------------
-# Amazon EMR on EKS
-#-------------------------------
-variable "enable_emr_on_eks" {
-  description = "Enable EMR on EKS"
-  type        = bool
-  default     = false
-}
-
-variable "emr_on_eks_teams" {
-  description = "EMR on EKS Teams config"
-  type        = any
-  default     = {}
-}
-
-#-------------------------------
-# TEAMS (Soft Multi-tenancy)
-#-------------------------------
-variable "application_teams" {
-  description = "Map of maps of Application Teams to create"
-  type        = any
-  default     = {}
-}
-
-variable "platform_teams" {
-  description = "Map of maps of platform teams to create"
-  type        = any
-  default     = {}
-}
diff --git a/versions.tf b/versions.tf
deleted file mode 100644
index 91d820498b..0000000000
--- a/versions.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-terraform {
-  required_version = ">= 1.0.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.47"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
-    local = {
-      source  = "hashicorp/local"
-      version = ">= 2.1"
-    }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 3.1"
-    }
-    http = {
-      source  = "terraform-aws-modules/http"
-      version = "2.4.1"
-    }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14"
-    }
-  }
-}

From f365bf9c05fc724f8c457c508b29c5ab74190f9e Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Sat, 3 Jun 2023 11:17:29 -0400
Subject: [PATCH 31/31] feat: Map blueprint readmes into doc generation site
 (#1629)

---
 CODEOWNERS => .github/CODEOWNERS              |  0
 docs/.pages                                   |  1 +
 docs/blueprints/agones-game-controller.md     |  7 ++++
 docs/blueprints/appmesh-mtls.md               |  7 ++++
 docs/blueprints/argocd.md                     |  7 ++++
 docs/blueprints/blue-green-upgrade.md         |  7 ++++
 docs/blueprints/elastic-fabric-adapter.md     |  7 ++++
 docs/blueprints/external-secrets.md           |  7 ++++
 docs/blueprints/fargate-serverless.md         |  7 ++++
 docs/blueprints/fully-private-cluster.md      |  7 ++++
 docs/blueprints/ipv4-prefix-delegation.md     |  7 ++++
 docs/blueprints/ipv6-eks-cluster.md           |  7 ++++
 docs/blueprints/karpenter.md                  |  7 ++++
 docs/blueprints/multi-tenancy-with-teams.md   |  7 ++++
 docs/blueprints/stateful.md                   |  7 ++++
 docs/blueprints/tls-with-aws-pca-issuer.md    |  7 ++++
 docs/blueprints/vpc-cni-custom-networking.md  |  7 ++++
 docs/blueprints/wireguard-with-cilium.md      |  7 ++++
 examples/agones-game-controller/README.md     |  2 +-
 examples/agones-game-controller/main.tf       | 31 +++---------------
 examples/agones-game-controller/versions.tf   | 12 +++----
 examples/appmesh-mtls/README.md               | 16 +++++-----
 examples/appmesh-mtls/main.tf                 | 29 +++--------------
 examples/appmesh-mtls/versions.tf             | 12 +++----
 examples/argocd/README.md                     |  2 +-
 examples/argocd/main.tf                       | 27 ++--------------
 examples/argocd/versions.tf                   | 12 +++----
 examples/blue-green-upgrade/README.md         |  2 +-
 examples/elastic-fabric-adapter/main.tf       |  2 +-
 examples/elastic-fabric-adapter/variables.tf  |  1 -
 examples/elastic-fabric-adapter/versions.tf   | 14 +++++---
 examples/external-secrets/README.md           |  2 +-
 examples/external-secrets/main.tf             | 32 +++----------------
 examples/external-secrets/versions.tf         | 12 +++----
 examples/fargate-serverless/README.md         |  6 ++--
 examples/fargate-serverless/main.tf           | 27 ++--------------
 examples/fargate-serverless/versions.tf       | 12 +++----
 examples/fully-private-cluster/README.md      |  6 ++--
 examples/fully-private-cluster/main.tf        |  8 ++---
 examples/fully-private-cluster/versions.tf    |  2 +-
 examples/ipv4-prefix-delegation/README.md     |  2 +-
 examples/ipv4-prefix-delegation/main.tf       |  4 +--
 examples/ipv4-prefix-delegation/versions.tf   | 12 +++----
 examples/ipv6-eks-cluster/README.md           |  2 +-
 examples/ipv6-eks-cluster/main.tf             |  4 +--
 examples/ipv6-eks-cluster/versions.tf         | 12 +++----
 examples/karpenter/main.tf                    |  4 +--
 examples/karpenter/versions.tf                | 10 +++---
 examples/multi-tenancy-with-teams/main.tf     |  6 ++--
 examples/multi-tenancy-with-teams/versions.tf | 12 +++----
 examples/stateful/README.md                   |  2 +-
 examples/stateful/main.tf                     | 32 +++----------------
 examples/stateful/versions.tf                 | 12 +++----
 examples/tls-with-aws-pca-issuer/main.tf      | 29 +++--------------
 examples/tls-with-aws-pca-issuer/versions.tf  | 12 +++----
 examples/vpc-cni-custom-networking/README.md  |  2 +-
 examples/vpc-cni-custom-networking/main.tf    |  4 +--
 .../vpc-cni-custom-networking/versions.tf     | 12 +++----
 examples/wireguard-with-cilium/main.tf        |  2 +-
 examples/wireguard-with-cilium/versions.tf    | 12 +++----
 60 files changed, 267 insertions(+), 302 deletions(-)
 rename CODEOWNERS => .github/CODEOWNERS (100%)
 create mode 100644 docs/blueprints/agones-game-controller.md
 create mode 100644 docs/blueprints/appmesh-mtls.md
 create mode 100644 docs/blueprints/argocd.md
 create mode 100644 docs/blueprints/blue-green-upgrade.md
 create mode 100644 docs/blueprints/elastic-fabric-adapter.md
 create mode 100644 docs/blueprints/external-secrets.md
 create mode 100644 docs/blueprints/fargate-serverless.md
 create mode 100644 docs/blueprints/fully-private-cluster.md
 create mode 100644 docs/blueprints/ipv4-prefix-delegation.md
 create mode 100644 docs/blueprints/ipv6-eks-cluster.md
 create mode 100644 docs/blueprints/karpenter.md
 create mode 100644 docs/blueprints/multi-tenancy-with-teams.md
 create mode 100644 docs/blueprints/stateful.md
 create mode 100644 docs/blueprints/tls-with-aws-pca-issuer.md
 create mode 100644 docs/blueprints/vpc-cni-custom-networking.md
 create mode 100644 docs/blueprints/wireguard-with-cilium.md

diff --git a/CODEOWNERS b/.github/CODEOWNERS
similarity index 100%
rename from CODEOWNERS
rename to .github/CODEOWNERS
diff --git a/docs/.pages b/docs/.pages
index fe13cd026e..2ff82ce715 100644
--- a/docs/.pages
+++ b/docs/.pages
@@ -1,4 +1,5 @@
 nav:
   - Overview: index.md
   - Getting Started: getting-started.md
+  - Blueprints: blueprints
   - IAM: iam
diff --git a/docs/blueprints/agones-game-controller.md b/docs/blueprints/agones-game-controller.md
new file mode 100644
index 0000000000..f1df1041e1
--- /dev/null
+++ b/docs/blueprints/agones-game-controller.md
@@ -0,0 +1,7 @@
+---
+title: Agones Game Controller
+---
+
+{%
+   include-markdown "../../examples/agones-game-controller/README.md"
+%}
diff --git a/docs/blueprints/appmesh-mtls.md b/docs/blueprints/appmesh-mtls.md
new file mode 100644
index 0000000000..ee9400a3ad
--- /dev/null
+++ b/docs/blueprints/appmesh-mtls.md
@@ -0,0 +1,7 @@
+---
+title: AWS AppMesh mTLS
+---
+
+{%
+   include-markdown "../../examples/appmesh-mtls/README.md"
+%}
diff --git a/docs/blueprints/argocd.md b/docs/blueprints/argocd.md
new file mode 100644
index 0000000000..b91434e55c
--- /dev/null
+++ b/docs/blueprints/argocd.md
@@ -0,0 +1,7 @@
+---
+title: ArgoCD
+---
+
+{%
+   include-markdown "../../examples/argocd/README.md"
+%}
diff --git a/docs/blueprints/blue-green-upgrade.md b/docs/blueprints/blue-green-upgrade.md
new file mode 100644
index 0000000000..9c79037e66
--- /dev/null
+++ b/docs/blueprints/blue-green-upgrade.md
@@ -0,0 +1,7 @@
+---
+title: Blue/Green Migration
+---
+
+{%
+   include-markdown "../../examples/blue-green-upgrade/README.md"
+%}
diff --git a/docs/blueprints/elastic-fabric-adapter.md b/docs/blueprints/elastic-fabric-adapter.md
new file mode 100644
index 0000000000..2f2aba96aa
--- /dev/null
+++ b/docs/blueprints/elastic-fabric-adapter.md
@@ -0,0 +1,7 @@
+---
+title: Elastic Fabric Adapter
+---
+
+{%
+   include-markdown "../../examples/elastic-fabric-adapter/README.md"
+%}
diff --git a/docs/blueprints/external-secrets.md b/docs/blueprints/external-secrets.md
new file mode 100644
index 0000000000..ff7ee31c5b
--- /dev/null
+++ b/docs/blueprints/external-secrets.md
@@ -0,0 +1,7 @@
+---
+title: External Secrets
+---
+
+{%
+   include-markdown "../../examples/external-secrets/README.md"
+%}
diff --git a/docs/blueprints/fargate-serverless.md b/docs/blueprints/fargate-serverless.md
new file mode 100644
index 0000000000..fe97d2784f
--- /dev/null
+++ b/docs/blueprints/fargate-serverless.md
@@ -0,0 +1,7 @@
+---
+title: Fargate Serverless
+---
+
+{%
+   include-markdown "../../examples/fargate-serverless/README.md"
+%}
diff --git a/docs/blueprints/fully-private-cluster.md b/docs/blueprints/fully-private-cluster.md
new file mode 100644
index 0000000000..8133b74cad
--- /dev/null
+++ b/docs/blueprints/fully-private-cluster.md
@@ -0,0 +1,7 @@
+---
+title: Fully Private Cluster
+---
+
+{%
+   include-markdown "../../examples/fully-private-cluster/README.md"
+%}
diff --git a/docs/blueprints/ipv4-prefix-delegation.md b/docs/blueprints/ipv4-prefix-delegation.md
new file mode 100644
index 0000000000..463d041fca
--- /dev/null
+++ b/docs/blueprints/ipv4-prefix-delegation.md
@@ -0,0 +1,7 @@
+---
+title: IPv4 Prefix Delegation
+---
+
+{%
+   include-markdown "../../examples/ipv4-prefix-delegation/README.md"
+%}
diff --git a/docs/blueprints/ipv6-eks-cluster.md b/docs/blueprints/ipv6-eks-cluster.md
new file mode 100644
index 0000000000..2befa8b970
--- /dev/null
+++ b/docs/blueprints/ipv6-eks-cluster.md
@@ -0,0 +1,7 @@
+---
+title: IPv6 Networking
+---
+
+{%
+   include-markdown "../../examples/ipv6-eks-cluster/README.md"
+%}
diff --git a/docs/blueprints/karpenter.md b/docs/blueprints/karpenter.md
new file mode 100644
index 0000000000..85288dd56d
--- /dev/null
+++ b/docs/blueprints/karpenter.md
@@ -0,0 +1,7 @@
+---
+title: Karpenter
+---
+
+{%
+   include-markdown "../../examples/karpenter/README.md"
+%}
diff --git a/docs/blueprints/multi-tenancy-with-teams.md b/docs/blueprints/multi-tenancy-with-teams.md
new file mode 100644
index 0000000000..329558c272
--- /dev/null
+++ b/docs/blueprints/multi-tenancy-with-teams.md
@@ -0,0 +1,7 @@
+---
+title: Multi-Tenancy w/ Teams
+---
+
+{%
+   include-markdown "../../examples/multi-tenancy-with-teams/README.md"
+%}
diff --git a/docs/blueprints/stateful.md b/docs/blueprints/stateful.md
new file mode 100644
index 0000000000..ec7ab17e48
--- /dev/null
+++ b/docs/blueprints/stateful.md
@@ -0,0 +1,7 @@
+---
+title: Stateful
+---
+
+{%
+   include-markdown "../../examples/stateful/README.md"
+%}
diff --git a/docs/blueprints/tls-with-aws-pca-issuer.md b/docs/blueprints/tls-with-aws-pca-issuer.md
new file mode 100644
index 0000000000..8335529c4c
--- /dev/null
+++ b/docs/blueprints/tls-with-aws-pca-issuer.md
@@ -0,0 +1,7 @@
+---
+title: TLS w/ AWS PCA Issuer
+---
+
+{%
+   include-markdown "../../examples/tls-with-aws-pca-issuer/README.md"
+%}
diff --git a/docs/blueprints/vpc-cni-custom-networking.md b/docs/blueprints/vpc-cni-custom-networking.md
new file mode 100644
index 0000000000..80b9725a31
--- /dev/null
+++ b/docs/blueprints/vpc-cni-custom-networking.md
@@ -0,0 +1,7 @@
+---
+title: VPC CNI Custom Networking
+---
+
+{%
+   include-markdown "../../examples/vpc-cni-custom-networking/README.md"
+%}
diff --git a/docs/blueprints/wireguard-with-cilium.md b/docs/blueprints/wireguard-with-cilium.md
new file mode 100644
index 0000000000..733fd4f9e2
--- /dev/null
+++ b/docs/blueprints/wireguard-with-cilium.md
@@ -0,0 +1,7 @@
+---
+title: Wireguard /w Cilium
+---
+
+{%
+   include-markdown "../../examples/wireguard-with-cilium/README.md"
+%}
diff --git a/examples/agones-game-controller/README.md b/examples/agones-game-controller/README.md
index 1a2d48f861..79414773a0 100644
--- a/examples/agones-game-controller/README.md
+++ b/examples/agones-game-controller/README.md
@@ -1,4 +1,4 @@
-# Amazon EKS Deployment with Agones Gaming Kubernetes Controller
+# Agones Game Controller on Amazon EKS
 
 This example shows how to deploy and run Gaming applications on Amazon EKS with Agones Kubernetes Controller
 
diff --git a/examples/agones-game-controller/main.tf b/examples/agones-game-controller/main.tf
index 92fbdf4fe8..14c432ad85 100644
--- a/examples/agones-game-controller/main.tf
+++ b/examples/agones-game-controller/main.tf
@@ -34,8 +34,6 @@ locals {
   name   = basename(path.cwd)
   region = "us-west-2"
 
-  cluster_version = "1.25"
-
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
@@ -58,7 +56,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = local.cluster_version
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -105,10 +103,8 @@ module "eks_blueprints_addons" {
 
   # EKS Add-Ons
   eks_addons = {
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    coredns    = {}
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -151,7 +147,7 @@ resource "helm_release" "agones" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -173,22 +169,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/agones-game-controller/versions.tf b/examples/agones-game-controller/versions.tf
index d89e94b43b..a4f611af01 100644
--- a/examples/agones-game-controller/versions.tf
+++ b/examples/agones-game-controller/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
   }
 
diff --git a/examples/appmesh-mtls/README.md b/examples/appmesh-mtls/README.md
index 1c66cf41a9..21788920ad 100644
--- a/examples/appmesh-mtls/README.md
+++ b/examples/appmesh-mtls/README.md
@@ -1,4 +1,4 @@
-# EKS Cluster with AppMesh mTLS
+# EKS Cluster w/ AppMesh mTLS
 
 This examples demonstrates how to deploy an Amazon EKS cluster with AppMesh mTLS enabled.
 
@@ -49,7 +49,7 @@ This example deploys the folowing Kubernetes resources:
 2. List the created Resources.
 
 ```sh
-kubectl get pods -A  
+kubectl get pods -A
 NAMESPACE          NAME                                       READY   STATUS    RESTARTS   AGE
 amazon-guardduty   aws-guardduty-agent-54tlt                  1/1     Running   0          4h42m
 amazon-guardduty   aws-guardduty-agent-tl574                  1/1     Running   0          4h42m
@@ -73,7 +73,7 @@ appmesh-mtls   4h42m
 ```
 
 ```sh
-kubectl get certificate  
+kubectl get certificate
 NAME      READY   SECRET                  AGE
 example   True    example-clusterissuer   4h12m
 ```
@@ -130,7 +130,7 @@ mesh.appmesh.k8s.aws/appmesh-example created
   3. Create a Virtual Node.
 
 ```sh
-cat <<EOF | kubectl apply -f -  
+cat <<EOF | kubectl apply -f -
 apiVersion: appmesh.k8s.aws/v1beta2
 kind: VirtualNode
 metadata:
@@ -166,7 +166,7 @@ EOF
   4. Create a Virtual Router.
 
 ```sh
-cat <<EOF | kubectl apply -f -  
+cat <<EOF | kubectl apply -f -
 apiVersion: appmesh.k8s.aws/v1beta2
 kind: VirtualRouter
 metadata:
@@ -193,7 +193,7 @@ EOF
   5. Create a Virtual Service.
 
 ```sh
-cat <<EOF | kubectl apply -f -  
+cat <<EOF | kubectl apply -f -
 apiVersion: appmesh.k8s.aws/v1beta2
 kind: VirtualService
 metadata:
@@ -211,7 +211,7 @@ EOF
   6. Create a Deployment and a Service in the `default` Namespace.
 
 ```sh
-cat <<EOF | kubectl apply -f -  
+cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Service
 metadata:
@@ -271,7 +271,7 @@ To teardown and remove the resources created in this example:
 kubectl delete deployments appmesh-example-app; kubectl delete service appmesh-example-svc
 kubectl delete virtualservices.appmesh.k8s.aws appmesh-example-vs
 kubectl delete virtualrouters.appmesh.k8s.aws appmesh-example-vr
-kubectl delete virtualnodes.appmesh.k8s.aws appmesh-example-vn  
+kubectl delete virtualnodes.appmesh.k8s.aws appmesh-example-vn
 kubectl delete meshes.appmesh.k8s.aws appmesh-example
 terraform destroy -target="module.appmesh_addon" -auto-approve
 terraform destroy -target="module.eks_blueprints_addons" -auto-approve
diff --git a/examples/appmesh-mtls/main.tf b/examples/appmesh-mtls/main.tf
index ce69ceaeef..3f9893ff66 100644
--- a/examples/appmesh-mtls/main.tf
+++ b/examples/appmesh-mtls/main.tf
@@ -70,7 +70,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -103,10 +103,8 @@ module "eks_blueprints_addons" {
   oidc_provider_arn = module.eks.oidc_provider_arn
 
   eks_addons = {
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    coredns    = {}
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -365,7 +363,7 @@ resource "kubectl_manifest" "pca_certificate" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -387,22 +385,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/appmesh-mtls/versions.tf b/examples/appmesh-mtls/versions.tf
index 56ca0fff60..4f2625b6a3 100644
--- a/examples/appmesh-mtls/versions.tf
+++ b/examples/appmesh-mtls/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"
diff --git a/examples/argocd/README.md b/examples/argocd/README.md
index 51c8b03c3e..c723552242 100644
--- a/examples/argocd/README.md
+++ b/examples/argocd/README.md
@@ -1,4 +1,4 @@
-# EKS Cluster with ArgoCD
+# Amazon EKS Cluster w/ ArgoCD
 
 This example shows how to provision an EKS cluster with:
 
diff --git a/examples/argocd/main.tf b/examples/argocd/main.tf
index 8945f12d98..423732c457 100644
--- a/examples/argocd/main.tf
+++ b/examples/argocd/main.tf
@@ -55,16 +55,14 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   # EKS Addons
   cluster_addons = {
     coredns    = {}
     kube-proxy = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    vpc-cni    = {}
   }
 
   vpc_id     = module.vpc.vpc_id
@@ -167,7 +165,7 @@ resource "aws_secretsmanager_secret_version" "argocd" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -189,22 +187,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/argocd/versions.tf b/examples/argocd/versions.tf
index 6d0c2ca7d3..aa00573a68 100644
--- a/examples/argocd/versions.tf
+++ b/examples/argocd/versions.tf
@@ -4,19 +4,19 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.20"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
       version = ">= 2.9"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
+    }
     random = {
       source  = "hashicorp/random"
-      version = "3.5.1"
+      version = ">= 3.5"
     }
     bcrypt = {
       source  = "viktorradnai/bcrypt"
diff --git a/examples/blue-green-upgrade/README.md b/examples/blue-green-upgrade/README.md
index a8e570c023..73d2f775da 100644
--- a/examples/blue-green-upgrade/README.md
+++ b/examples/blue-green-upgrade/README.md
@@ -1,4 +1,4 @@
-# Blue/Green or Canary Amazon EKS clusters migration for stateless ArgoCD workloads
+# Blue/Green Migration
 
 This directory provides a solution based on [EKS Blueprint for Terraform](https://aws-ia.github.io/terraform-aws-eks-blueprints) that shows how to leverage blue/green or canary application workload migration between EKS clusters, using [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-weighted.html) weighted routing feature. The workloads will be dynamically exposed using [AWS LoadBalancer Controller](https://aws-ia.github.io/terraform-aws-eks-blueprints/add-ons/aws-load-balancer-controller/) and [External DNS add-on](https://aws-ia.github.io/terraform-aws-eks-blueprints/add-ons/external-dns/).
 
diff --git a/examples/elastic-fabric-adapter/main.tf b/examples/elastic-fabric-adapter/main.tf
index 0efc8a859f..15a886284d 100644
--- a/examples/elastic-fabric-adapter/main.tf
+++ b/examples/elastic-fabric-adapter/main.tf
@@ -242,7 +242,7 @@ resource "kubectl_manifest" "efa_device_plugin" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/elastic-fabric-adapter/variables.tf b/examples/elastic-fabric-adapter/variables.tf
index 8b13789179..e69de29bb2 100644
--- a/examples/elastic-fabric-adapter/variables.tf
+++ b/examples/elastic-fabric-adapter/variables.tf
@@ -1 +0,0 @@
-
diff --git a/examples/elastic-fabric-adapter/versions.tf b/examples/elastic-fabric-adapter/versions.tf
index 7754959fca..d75641f32a 100644
--- a/examples/elastic-fabric-adapter/versions.tf
+++ b/examples/elastic-fabric-adapter/versions.tf
@@ -4,20 +4,24 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
+      version = ">= 4.47"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.9"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.20"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
     kubectl = {
       source  = "gavinbunney/kubectl"
       version = ">= 1.14"
     }
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.3"
+    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs
diff --git a/examples/external-secrets/README.md b/examples/external-secrets/README.md
index 1c6b3fb3fa..28fae1fb2d 100644
--- a/examples/external-secrets/README.md
+++ b/examples/external-secrets/README.md
@@ -1,4 +1,4 @@
-# External Secrets Operator Kubernetes addon
+# Amazon EKS Cluster w/ External Secrets Operator
 
 This example deploys an EKS Cluster with the External Secrets Operator. The cluster is populated with a ClusterSecretStore and SecretStore example using SecretManager and Parameter Store respectively. A secret for each store is also created. Both stores use IRSA to retrieve the secret values from AWS.
 
diff --git a/examples/external-secrets/main.tf b/examples/external-secrets/main.tf
index 7b4d40c167..f06aeab286 100644
--- a/examples/external-secrets/main.tf
+++ b/examples/external-secrets/main.tf
@@ -74,7 +74,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -111,10 +111,8 @@ module "eks_blueprints_addons" {
     aws-ebs-csi-driver = {
       service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
     }
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    coredns    = {}
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -130,7 +128,7 @@ module "eks_blueprints_addons" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -360,10 +358,9 @@ resource "aws_iam_policy" "secretstore" {
 POLICY
 }
 
-
 module "ebs_csi_driver_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
+  version = "~> 5.20"
 
   role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
 
@@ -378,22 +375,3 @@ module "ebs_csi_driver_irsa" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/external-secrets/versions.tf b/examples/external-secrets/versions.tf
index 7f9a2540c0..6c0c8a518a 100644
--- a/examples/external-secrets/versions.tf
+++ b/examples/external-secrets/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"
diff --git a/examples/fargate-serverless/README.md b/examples/fargate-serverless/README.md
index c7acab770e..fa30269973 100644
--- a/examples/fargate-serverless/README.md
+++ b/examples/fargate-serverless/README.md
@@ -1,4 +1,4 @@
-# Serverless EKS Cluster using Fargate Profiles
+# Serverless Amazon EKS Cluster
 
 This example shows how to provision an Amazon EKS Cluster (serverless data plane) using Fargate Profiles.
 
@@ -54,7 +54,7 @@ aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
 
 
 ```sh
-kubectl get nodes  
+kubectl get nodes
 NAME                                                STATUS   ROLES    AGE   VERSION
 fargate-ip-10-0-17-17.us-west-2.compute.internal    Ready    <none>   25m   v1.26.3-eks-f4dc2c0
 fargate-ip-10-0-20-244.us-west-2.compute.internal   Ready    <none>   71s   v1.26.3-eks-f4dc2c0
@@ -167,7 +167,7 @@ kubectl -n app-2048 create ingress app-2048 --class alb --rule="/*=app-2048:80"
 ```
 
 ```sh
-kubectl -n app-2048 get ingress  
+kubectl -n app-2048 get ingress
 NAME       CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
 app-2048   alb     *       k8s-app2048-app2048-6d9c5e92d6-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
 ```
diff --git a/examples/fargate-serverless/main.tf b/examples/fargate-serverless/main.tf
index 0f0d460678..818df28e14 100644
--- a/examples/fargate-serverless/main.tf
+++ b/examples/fargate-serverless/main.tf
@@ -54,7 +54,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -127,9 +127,7 @@ module "eks_blueprints_addons" {
         }
       })
     }
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -162,7 +160,7 @@ module "eks_blueprints_addons" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -253,22 +251,3 @@ resource "kubernetes_service_v1" "this" {
     type = "NodePort"
   }
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/fargate-serverless/versions.tf b/examples/fargate-serverless/versions.tf
index a29742772b..e3d13ea958 100644
--- a/examples/fargate-serverless/versions.tf
+++ b/examples/fargate-serverless/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.4.1"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
   }
 
diff --git a/examples/fully-private-cluster/README.md b/examples/fully-private-cluster/README.md
index 6e9c7adb54..ad1d0d0f29 100644
--- a/examples/fully-private-cluster/README.md
+++ b/examples/fully-private-cluster/README.md
@@ -1,4 +1,4 @@
-# Fully Private EKS Cluster
+# Fully Private Amazon EKS Cluster
 
 This examples demonstrates how to deploy an Amazon EKS cluster that is deployed on the AWS Cloud, but doesn't have outbound internet access. For that your cluster must pull images from a container registry that's in your VPC, and also must have endpoint private access enabled. This is required for nodes to register with the cluster endpoint.
 
@@ -66,7 +66,7 @@ aws eks --region <$AWS_REGION> update-kubeconfig --name <$CLUSTER_NAME>
 3. Test by listing Nodes in in the Cluster.
 
 ```sh
-kubectl get nodes  
+kubectl get nodes
 NAME                                        STATUS   ROLES    AGE     VERSION
 ip-10-0-19-90.us-west-2.compute.internal    Ready    <none>   8m34s   v1.26.2-eks-a59e1f0
 ip-10-0-44-110.us-west-2.compute.internal   Ready    <none>   8m36s   v1.26.2-eks-a59e1f0
@@ -76,7 +76,7 @@ ip-10-0-9-147.us-west-2.compute.internal    Ready    <none>   8m35s   v1.26.2-ek
 4. Test by listing all the Pods running currently. All the Pods should reach a status of `Running` after approximately 60 seconds:
 
 ```sh
-kubectl $ kubectl get pods -A  
+kubectl $ kubectl get pods -A
 NAMESPACE     NAME                       READY   STATUS    RESTARTS   AGE
 kube-system   aws-node-jvn9x             1/1     Running   0          7m42s
 kube-system   aws-node-mnjlf             1/1     Running   0          7m45s
diff --git a/examples/fully-private-cluster/main.tf b/examples/fully-private-cluster/main.tf
index bda680ab01..7490e5e534 100644
--- a/examples/fully-private-cluster/main.tf
+++ b/examples/fully-private-cluster/main.tf
@@ -27,7 +27,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name    = local.name
-  cluster_version = "1.26"
+  cluster_version = "1.27"
 
   # EKS Addons
   cluster_addons = {
@@ -58,7 +58,7 @@ module "eks" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   manage_default_vpc = true
 
@@ -79,7 +79,7 @@ module "vpc" {
 
 module "vpc_endpoints_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name        = "${local.name}-vpc-endpoints"
   description = "Security group for VPC endpoint access"
@@ -106,7 +106,7 @@ module "vpc_endpoints_sg" {
 
 module "vpc_endpoints" {
   source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   vpc_id             = module.vpc.vpc_id
   security_group_ids = [module.vpc_endpoints_sg.security_group_id]
diff --git a/examples/fully-private-cluster/versions.tf b/examples/fully-private-cluster/versions.tf
index b9a53d3b9c..95e312cfcd 100644
--- a/examples/fully-private-cluster/versions.tf
+++ b/examples/fully-private-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
+      version = ">= 4.47"
     }
   }
 
diff --git a/examples/ipv4-prefix-delegation/README.md b/examples/ipv4-prefix-delegation/README.md
index 45465644bf..f847da9a46 100644
--- a/examples/ipv4-prefix-delegation/README.md
+++ b/examples/ipv4-prefix-delegation/README.md
@@ -1,4 +1,4 @@
-# EKS Cluster w/ Prefix Delegation
+# Amazon EKS Cluster w/ Prefix Delegation
 
 This example shows how to provision an EKS cluster with prefix delegation enabled for increasing the number of available IP addresses for the EC2 nodes utilized.
 
diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf
index c7960439af..55745cd96d 100644
--- a/examples/ipv4-prefix-delegation/main.tf
+++ b/examples/ipv4-prefix-delegation/main.tf
@@ -53,7 +53,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   # EKS Addons
@@ -98,7 +98,7 @@ module "eks" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/ipv4-prefix-delegation/versions.tf b/examples/ipv4-prefix-delegation/versions.tf
index 50bbc69fa6..0f31391225 100644
--- a/examples/ipv4-prefix-delegation/versions.tf
+++ b/examples/ipv4-prefix-delegation/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
   }
 
diff --git a/examples/ipv6-eks-cluster/README.md b/examples/ipv6-eks-cluster/README.md
index d9bb1e71aa..87442dbc5f 100644
--- a/examples/ipv6-eks-cluster/README.md
+++ b/examples/ipv6-eks-cluster/README.md
@@ -1,4 +1,4 @@
-# IPv6 EKS Cluster
+# Amazon EKS Cluster w/ IPv6 Networking
 
 This example shows how to create an EKS cluster that utilizes IPv6 networking.
 
diff --git a/examples/ipv6-eks-cluster/main.tf b/examples/ipv6-eks-cluster/main.tf
index d1fa32aaa5..1d5d0e5ae4 100644
--- a/examples/ipv6-eks-cluster/main.tf
+++ b/examples/ipv6-eks-cluster/main.tf
@@ -53,7 +53,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   # IPV6
@@ -88,7 +88,7 @@ module "eks" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/ipv6-eks-cluster/versions.tf b/examples/ipv6-eks-cluster/versions.tf
index 61a7c662cb..63713abb40 100644
--- a/examples/ipv6-eks-cluster/versions.tf
+++ b/examples/ipv6-eks-cluster/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.4.1"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
   }
 
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index 809f39f119..b5a1fe793d 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -77,7 +77,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -280,7 +280,7 @@ resource "kubectl_manifest" "karpenter_example_deployment" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf
index d008ba9c97..24d5350878 100644
--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -4,16 +4,16 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
+      version = ">= 4.47"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.9"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">= 2.20"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.4.1"
-    }
     kubectl = {
       source  = "gavinbunney/kubectl"
       version = ">= 1.14"
diff --git a/examples/multi-tenancy-with-teams/main.tf b/examples/multi-tenancy-with-teams/main.tf
index 1fb3f4db79..18f9b60180 100644
--- a/examples/multi-tenancy-with-teams/main.tf
+++ b/examples/multi-tenancy-with-teams/main.tf
@@ -51,10 +51,10 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.12"
+  version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -180,7 +180,7 @@ module "eks_blueprints_dev_teams" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/multi-tenancy-with-teams/versions.tf b/examples/multi-tenancy-with-teams/versions.tf
index 702af14dc0..74b12895bd 100644
--- a/examples/multi-tenancy-with-teams/versions.tf
+++ b/examples/multi-tenancy-with-teams/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.4.1"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"
diff --git a/examples/stateful/README.md b/examples/stateful/README.md
index 1863bce45b..129c8030a3 100644
--- a/examples/stateful/README.md
+++ b/examples/stateful/README.md
@@ -1,4 +1,4 @@
-# EKS Cluster for Stateful Workloads
+# Amazon EKS Cluster for Stateful Workloads
 
 ## Features
 
diff --git a/examples/stateful/main.tf b/examples/stateful/main.tf
index 2d24118fcd..00b34b5db2 100644
--- a/examples/stateful/main.tf
+++ b/examples/stateful/main.tf
@@ -29,7 +29,6 @@ provider "helm" {
 }
 
 data "aws_caller_identity" "current" {}
-
 data "aws_availability_zones" "available" {}
 
 locals {
@@ -60,7 +59,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -208,10 +207,8 @@ module "eks_blueprints_addons" {
     aws-ebs-csi-driver = {
       service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
     }
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    coredns    = {}
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -302,7 +299,7 @@ resource "kubernetes_storage_class_v1" "efs" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -412,7 +409,7 @@ module "ebs_kms_key" {
 
 module "ebs_csi_driver_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
+  version = "~> 5.20"
 
   role_name_prefix = "${module.eks.cluster_name}-ebs-csi-driver-"
 
@@ -427,22 +424,3 @@ module "ebs_csi_driver_irsa" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/stateful/versions.tf b/examples/stateful/versions.tf
index 9b2e12d3ec..10a78e6071 100644
--- a/examples/stateful/versions.tf
+++ b/examples/stateful/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     random = {
       source  = "hashicorp/random"
diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/examples/tls-with-aws-pca-issuer/main.tf
index c416a7123f..dca7ea3796 100644
--- a/examples/tls-with-aws-pca-issuer/main.tf
+++ b/examples/tls-with-aws-pca-issuer/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   vpc_id     = module.vpc.vpc_id
@@ -102,10 +102,8 @@ module "eks_blueprints_addons" {
 
   # EKS Add-on
   eks_addons = {
-    coredns = {}
-    vpc-cni = {
-      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
-    }
+    coredns    = {}
+    vpc-cni    = {}
     kube-proxy = {}
   }
 
@@ -253,7 +251,7 @@ resource "kubectl_manifest" "pca_certificate" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -275,22 +273,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "vpc_cni_irsa" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.14"
-
-  role_name_prefix = "${module.eks.cluster_name}-vpc-cni-"
-
-  attach_vpc_cni_policy = true
-  vpc_cni_enable_ipv4   = true
-
-  oidc_providers = {
-    main = {
-      provider_arn               = module.eks.oidc_provider_arn
-      namespace_service_accounts = ["kube-system:aws-node"]
-    }
-  }
-
-  tags = local.tags
-}
diff --git a/examples/tls-with-aws-pca-issuer/versions.tf b/examples/tls-with-aws-pca-issuer/versions.tf
index 9009b6026d..2e3bb98d8f 100644
--- a/examples/tls-with-aws-pca-issuer/versions.tf
+++ b/examples/tls-with-aws-pca-issuer/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"
diff --git a/examples/vpc-cni-custom-networking/README.md b/examples/vpc-cni-custom-networking/README.md
index 55f50ba637..59df944dc8 100644
--- a/examples/vpc-cni-custom-networking/README.md
+++ b/examples/vpc-cni-custom-networking/README.md
@@ -1,4 +1,4 @@
-# EKS Cluster w/ VPC-CNI Custom Networking
+# VPC-CNI Custom Networking
 
 This example shows how to provision an EKS cluster with:
 
diff --git a/examples/vpc-cni-custom-networking/main.tf b/examples/vpc-cni-custom-networking/main.tf
index 33d39c79e2..07bc0e2c54 100644
--- a/examples/vpc-cni-custom-networking/main.tf
+++ b/examples/vpc-cni-custom-networking/main.tf
@@ -68,7 +68,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.25"
+  cluster_version                = "1.27"
   cluster_endpoint_public_access = true
 
   cluster_addons = {
@@ -141,7 +141,7 @@ resource "kubectl_manifest" "eni_config" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/vpc-cni-custom-networking/versions.tf b/examples/vpc-cni-custom-networking/versions.tf
index 8d3fd30590..9e1f772fa9 100644
--- a/examples/vpc-cni-custom-networking/versions.tf
+++ b/examples/vpc-cni-custom-networking/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.10"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.4.1"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"
diff --git a/examples/wireguard-with-cilium/main.tf b/examples/wireguard-with-cilium/main.tf
index 55ca941b67..be860c6447 100644
--- a/examples/wireguard-with-cilium/main.tf
+++ b/examples/wireguard-with-cilium/main.tf
@@ -260,7 +260,7 @@ resource "kubectl_manifest" "client" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name = local.name
   cidr = local.vpc_cidr
diff --git a/examples/wireguard-with-cilium/versions.tf b/examples/wireguard-with-cilium/versions.tf
index 895e26d778..d42480c1e6 100644
--- a/examples/wireguard-with-cilium/versions.tf
+++ b/examples/wireguard-with-cilium/versions.tf
@@ -4,15 +4,15 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.47, <5.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.17"
+      version = ">= 4.47"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.8"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
     }
     kubectl = {
       source  = "gavinbunney/kubectl"