fix: Only tag cluster node security group for Karpenter (#1985)

Signed-off-by: Sébastien Allamand <[email protected]>

patterns/karpenter-mng/eks.tf

@@ -61,12 +61,20 @@ module "eks" {
  }
  }
 
- tags = merge(local.tags, {
+ # cluster_tags = merge(local.tags, {
+ # NOTE - only use this option if you are using "attach_cluster_primary_security_group"
+ # and you know what you're doing. In this case, you can remove the "node_security_group_tags" below.
+ # "karpenter.sh/discovery" = local.name
+ # })
+
+ node_security_group_tags = merge(local.tags, {
  # NOTE - if creating multiple security groups with this module, only tag the
  # security group that Karpenter should utilize with the following tag
  # (i.e. - at most, only one security group should have this tag in your account)
  "karpenter.sh/discovery" = local.name
  })
+
+ tags = local.tags
 }
 
 output "configure_kubectl" {

patterns/karpenter-mng/main.tf

@@ -52,7 +52,13 @@ data "aws_ecrpublic_authorization_token" "token" {
  provider = aws.virginia
 }
 
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ #Do not include local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
 
 locals {
  name = "ex-${basename(path.cwd)}"