From dc954b5a90b4a37e966e8a1e449e6655364213a6 Mon Sep 17 00:00:00 2001
From: Miguel Harmant <miguel.harmant@dominodatalab.com>
Date: Thu, 20 Feb 2025 15:31:59 -0500
Subject: [PATCH] Allow to run the k8s setup with a toggle

---
 examples/deploy/terraform/cluster/README.md   | 12 +++++-----
 .../deploy/terraform/cluster/variables.tf     |  2 ++
 examples/deploy/terraform/infra/README.md     | 16 +++++++-------
 examples/deploy/terraform/infra/variables.tf  |  2 ++
 modules/eks/README.md                         | 16 +++++++-------
 modules/eks/k8s.tf                            |  2 +-
 modules/eks/variables.tf                      |  2 ++
 modules/infra/README.md                       | 18 +++++++--------
 modules/infra/variables.tf                    |  2 ++
 tests/plan/terraform/README.md                | 22 +++++++++----------
 tests/plan/terraform/variables.tf             |  6 +++--
 11 files changed, 55 insertions(+), 45 deletions(-)

diff --git a/examples/deploy/terraform/cluster/README.md b/examples/deploy/terraform/cluster/README.md
index 4197b74f2..594fc214e 100644
--- a/examples/deploy/terraform/cluster/README.md
+++ b/examples/deploy/terraform/cluster/README.md
@@ -37,11 +37,11 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(map(string))<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
-| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    enabled                         = optional(bool, false)<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
-| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br>    enabled             = optional(bool, false)<br>    hosted_zone_name    = optional(string, null)<br>    namespace           = optional(string, null)<br>    serviceaccount_name = optional(string, null)<br>    rm_role_policy = optional(object({<br>      remove           = optional(bool, false)<br>      detach_from_role = optional(bool, false)<br>      policy_name      = optional(string, "")<br>    }), {})<br>  })</pre> | `{}` | no |
-| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br>    name                = string<br>    namespace           = string<br>    serviceaccount_name = string<br>    policy              = string #json<br>  }))</pre> | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br>    {<br>      key\_id  = KMS key id.<br>      key\_arn = KMS key arn.<br>      enabled = KMS key is enabled.<br>    } | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | `null` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool)<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
+| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    hosted_zone_name    = optional(string, null)<br/>    namespace           = optional(string, null)<br/>    serviceaccount_name = optional(string, null)<br/>    rm_role_policy = optional(object({<br/>      remove           = optional(bool, false)<br/>      detach_from_role = optional(bool, false)<br/>      policy_name      = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Mappings for custom IRSA configurations. | <pre>list(object({<br/>    name                = string<br/>    namespace           = string<br/>    serviceaccount_name = string<br/>    policy              = string #json<br/>  }))</pre> | `[]` | no |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | Overrides the KMS key information. Meant for migrated configurations.<br/>    {<br/>      key\_id  = KMS key id.<br/>      key\_arn = KMS key arn.<br/>      enabled = KMS key is enabled.<br/>    } | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | `null` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
 ## Outputs
@@ -50,6 +50,6 @@
 |------|-------------|
 | <a name="output_eks"></a> [eks](#output\_eks) | EKS details. |
 | <a name="output_external_deployments_operator"></a> [external\_deployments\_operator](#output\_external\_deployments\_operator) | External deployments operator details. |
-| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br>  {<br>    irsa\_role = irsa role arn.<br>    zone\_id   = hosted zone id for external\_dns Iam policy<br>    zone\_name = hosted zone name for external\_dns Iam policy<br>  } |
+| <a name="output_external_dns_irsa_role_arn"></a> [external\_dns\_irsa\_role\_arn](#output\_external\_dns\_irsa\_role\_arn) | "External\_dns info"<br/>  {<br/>    irsa\_role = irsa role arn.<br/>    zone\_id   = hosted zone id for external\_dns Iam policy<br/>    zone\_name = hosted zone name for external\_dns Iam policy<br/>  } |
 | <a name="output_infra"></a> [infra](#output\_infra) | Infra details. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/deploy/terraform/cluster/variables.tf b/examples/deploy/terraform/cluster/variables.tf
index 1309deefb..6025f4617 100644
--- a/examples/deploy/terraform/cluster/variables.tf
+++ b/examples/deploy/terraform/cluster/variables.tf
@@ -2,6 +2,7 @@
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     service_ipv4_cidr = CIDR for EKS cluster kubernetes_network_config.
     creation_role_name = Name of the role to import.
     k8s_version = EKS cluster k8s version.
@@ -28,6 +29,7 @@ variable "eks" {
   EOF
 
   type = object({
+    run_k8s_setup      = optional(bool)
     service_ipv4_cidr  = optional(string)
     creation_role_name = optional(string, null)
     k8s_version        = optional(string)
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
index b7f7bd6a4..0fb6f384c 100644
--- a/examples/deploy/terraform/infra/README.md
+++ b/examples/deploy/terraform/infra/README.md
@@ -26,18 +26,18 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string)<br>    bootstrap_extra_args       = optional(string)<br>    instance_types             = list(string)<br>    spot                       = optional(bool)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })))<br>    tags = optional(map(string))<br>    gpu  = optional(bool)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string)<br>    instance_type            = optional(string)<br>    authorized_ssh_ip_ranges = optional(list(string))<br>    username                 = optional(string)<br>    install_binaries         = optional(bool)<br>  })</pre> | n/a | yes |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string)<br/>    bootstrap_extra_args       = optional(string)<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })))<br/>    tags = optional(map(string))<br/>    gpu  = optional(bool)<br/>    volume = object({<br/>      size = string<br/>      type = string<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string)<br/>    instance_type            = optional(string)<br/>    authorized_ssh_ip_ranges = optional(list(string))<br/>    username                 = optional(string)<br/>    install_binaries         = optional(bool)<br/>  })</pre> | n/a | yes |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string))<br/>          gpu  = optional(bool)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>          }))<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(map(string))<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool)<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null) | <pre>object({<br>    enabled = optional(bool)<br>    key_id  = optional(string)<br>  })</pre> | n/a | yes |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br/>    key\_id  = optional(string, null) | <pre>object({<br/>    enabled = optional(bool)<br/>    key_id  = optional(string)<br/>  })</pre> | n/a | yes |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>    }<br/>  } | <pre>object({<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
diff --git a/examples/deploy/terraform/infra/variables.tf b/examples/deploy/terraform/infra/variables.tf
index 59ad59499..4c2872dea 100644
--- a/examples/deploy/terraform/infra/variables.tf
+++ b/examples/deploy/terraform/infra/variables.tf
@@ -261,6 +261,7 @@ variable "kms" {
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     service_ipv4_cidr = CIDR for EKS cluster kubernetes_network_config.
     creation_role_name = Name of the role to import.
     k8s_version = EKS cluster k8s version.
@@ -288,6 +289,7 @@ variable "eks" {
   EOF
 
   type = object({
+    run_k8s_setup      = optional(bool)
     service_ipv4_cidr  = optional(string)
     creation_role_name = optional(string, null)
     k8s_version        = optional(string)
diff --git a/modules/eks/README.md b/modules/eks/README.md
index a615a6a25..3eaef6a23 100644
--- a/modules/eks/README.md
+++ b/modules/eks/README.md
@@ -68,20 +68,20 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br>    public\_ip           = Bastion public ip.<br>    security\_group\_id   = Bastion sg id.<br>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br>    user                = string<br>    public_ip           = string<br>    security_group_id   = string<br>    ssh_bastion_command = string<br>  })</pre> | n/a | yes |
-| <a name="input_calico"></a> [calico](#input\_calico) | calico = {<br>      version = Configure the version for Calico<br>      image\_registry = Configure the image registry for Calico<br>    } | <pre>object({<br>    image_registry = optional(string, "quay.io")<br>    version        = optional(string, "v3.28.2")<br>  })</pre> | `{}` | no |
+| <a name="input_bastion_info"></a> [bastion\_info](#input\_bastion\_info) | user                = Bastion username.<br/>    public\_ip           = Bastion public ip.<br/>    security\_group\_id   = Bastion sg id.<br/>    ssh\_bastion\_command = Command to ssh onto bastion. | <pre>object({<br/>    user                = string<br/>    public_ip           = string<br/>    security_group_id   = string<br/>    ssh_bastion_command = string<br/>  })</pre> | n/a | yes |
+| <a name="input_calico"></a> [calico](#input\_calico) | calico = {<br/>      version = Configure the version for Calico<br/>      image\_registry = Configure the image registry for Calico<br/>    } | <pre>object({<br/>    image_registry = optional(string, "quay.io")<br/>    version        = optional(string, "v3.28.2")<br/>  })</pre> | `{}` | no |
 | <a name="input_create_eks_role_arn"></a> [create\_eks\_role\_arn](#input\_create\_eks\_role\_arn) | Role arn to assume during the EKS cluster creation. | `string` | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_efs_security_group"></a> [efs\_security\_group](#input\_efs\_security\_group) | Security Group ID for EFS | `string` | `null` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn = string<br>      username = string<br>      groups = list(string)<br>    }<br>    master\_role\_names = IAM role names to be added as masters in eks.<br>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool, false)<br>      annotate_pod_ip   = optional(bool, true)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), []),<br>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn = string<br/>      username = string<br/>      groups = list(string)<br/>    }<br/>    master\_role\_names = IAM role names to be added as masters in eks.<br/>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool, true)<br/>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string, "1.27")<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool, false)<br/>      annotate_pod_ip   = optional(bool, true)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), []),<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
-| <a name="input_netapp"></a> [netapp](#input\_netapp) | Configuration for NETAPP | <pre>object({<br>    astra_trident_operator_role = optional(string, null)<br>    svm = optional(object({<br>      id            = optional(string, null)<br>      management_ip = optional(string, null)<br>      nfs_ip        = optional(string, null)<br>    }), null)<br>    filesystem = optional(object({<br>      id                = optional(string, null)<br>      security_group_id = optional(string, null)<br>    }), null)<br>  })</pre> | `null` | no |
-| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = optional(string, "10.0.0.0/16")<br>  })</pre> | n/a | yes |
+| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br/>    key\_arn = KMS key arn.<br/>    enabled = KMS key is enabled | <pre>object({<br/>    key_id  = string<br/>    key_arn = string<br/>    enabled = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_netapp"></a> [netapp](#input\_netapp) | Configuration for NETAPP | <pre>object({<br/>    astra_trident_operator_role = optional(string, null)<br/>    svm = optional(object({<br/>      id            = optional(string, null)<br/>      management_ip = optional(string, null)<br/>      nfs_ip        = optional(string, null)<br/>    }), null)<br/>    filesystem = optional(object({<br/>      id                = optional(string, null)<br/>      security_group_id = optional(string, null)<br/>    }), null)<br/>  })</pre> | `null` | no |
+| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br/>    subnets = {<br/>      public = List of public Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      private = List of private Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>      pod = List of pod Subnets.<br/>      [{<br/>        name = Subnet name.<br/>        subnet\_id = Subnet ud<br/>        az = Subnet availability\_zone<br/>        az\_id = Subnet availability\_zone\_id<br/>      }]<br/>    } | <pre>object({<br/>    vpc_id = string<br/>    subnets = object({<br/>      public = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      private = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>      pod = list(object({<br/>        name      = string<br/>        subnet_id = string<br/>        az        = string<br/>        az_id     = string<br/>      }))<br/>    })<br/>    vpc_cidrs = optional(string, "10.0.0.0/16")<br/>  })</pre> | n/a | yes |
 | <a name="input_node_iam_policies"></a> [node\_iam\_policies](#input\_node\_iam\_policies) | Additional IAM Policy Arns for Nodes | `list(string)` | n/a | yes |
-| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br>      enabled = Enable Private Link connections.<br>      namespace = Namespace for IAM Policy conditions.<br>      monitoring\_bucket = Bucket for NLBs monitoring.<br>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br>      vpc\_endpoint\_services = [{<br>        name      = Name of the VPC Endpoint Service.<br>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br>        private\_dns = Private DNS for the VPC Endpoint Service.<br>      }]<br>    } | <pre>object({<br>    enabled                  = optional(bool, false)<br>    namespace                = optional(string, "domino-platform")<br>    monitoring_bucket        = optional(string, null)<br>    route53_hosted_zone_name = optional(string, null)<br>    vpc_endpoint_services = optional(list(object({<br>      name        = optional(string)<br>      ports       = optional(list(number))<br>      cert_arn    = optional(string)<br>      private_dns = optional(string)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_privatelink"></a> [privatelink](#input\_privatelink) | {<br/>      enabled = Enable Private Link connections.<br/>      namespace = Namespace for IAM Policy conditions.<br/>      monitoring\_bucket = Bucket for NLBs monitoring.<br/>      route53\_hosted\_zone\_name = Hosted zone for External DNS zone.<br/>      vpc\_endpoint\_services = [{<br/>        name      = Name of the VPC Endpoint Service.<br/>        ports     = List of ports exposing the VPC Endpoint Service. i.e [8080, 8081]<br/>        cert\_arn  = Certificate ARN used by the NLB associated for the given VPC Endpoint Service.<br/>        private\_dns = Private DNS for the VPC Endpoint Service.<br/>      }]<br/>    } | <pre>object({<br/>    enabled                  = optional(bool, false)<br/>    namespace                = optional(string, "domino-platform")<br/>    monitoring_bucket        = optional(string, null)<br/>    route53_hosted_zone_name = optional(string, null)<br/>    vpc_endpoint_services = optional(list(object({<br/>      name        = optional(string)<br/>      ports       = optional(list(number))<br/>      cert_arn    = optional(string)<br/>      private_dns = optional(string)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
-| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br>    path          = string<br>    key_pair_name = string<br>  })</pre> | n/a | yes |
+| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path          = SSH private key filepath.<br/>    key\_pair\_name = AWS key\_pair name. | <pre>object({<br/>    path          = string<br/>    key_pair_name = string<br/>  })</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 
diff --git a/modules/eks/k8s.tf b/modules/eks/k8s.tf
index fe8562277..59b286124 100644
--- a/modules/eks/k8s.tf
+++ b/modules/eks/k8s.tf
@@ -1,5 +1,5 @@
 locals {
-  run_setup             = var.bastion_info != null || var.eks.public_access.enabled ? 1 : 0
+  run_setup             = (var.eks.run_k8s_setup || var.bastion_info != null || var.eks.public_access.enabled) ? 1 : 0
   k8s_pre_setup_sh_file = local.run_setup != 0 ? module.k8s_setup[0].filepath : null
 }
 
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
index f6caeec56..7d9552f51 100644
--- a/modules/eks/variables.tf
+++ b/modules/eks/variables.tf
@@ -121,6 +121,7 @@ variable "kms_info" {
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     service_ipv4_cidr = CIDR for EKS cluster kubernetes_network_config.
     creation_role_name = Name of the role to import.
     k8s_version = EKS cluster k8s version.
@@ -148,6 +149,7 @@ variable "eks" {
   EOF
 
   type = object({
+    run_k8s_setup      = optional(bool, true)
     service_ipv4_cidr  = optional(string, "172.20.0.0/16")
     creation_role_name = optional(string, null)
     k8s_version        = optional(string, "1.27")
diff --git a/modules/infra/README.md b/modules/infra/README.md
index ba43a3d82..7c51a30a5 100644
--- a/modules/infra/README.md
+++ b/modules/infra/README.md
@@ -53,21 +53,21 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size       = string<br>      type       = string<br>      iops       = optional(number)<br>      throughput = optional(number, 500)<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br>    instance_type            = optional(string, "t3.micro")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    username                 = optional(string, "ec2-user")<br>    install_binaries         = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size       = optional(number, 1000)<br>            type       = optional(string, "gp3")<br>            iops       = optional(number)<br>            throughput = optional(number, 500)<br>            }), {<br>            size       = 1000<br>            type       = "gp3"<br>            iops       = null<br>            throughput = 500<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string, null)<br/>    bootstrap_extra_args       = optional(string, "")<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool, false)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool, null)<br/>    volume = object({<br/>      size       = string<br/>      type       = string<br/>      iops       = optional(number)<br/>      throughput = optional(number, 500)<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'AL2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br/>    instance_type            = optional(string, "t3.micro")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    username                 = optional(string, "ec2-user")<br/>    install_binaries         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size       = optional(number, 1000)<br/>            type       = optional(string, "gp3")<br/>            iops       = optional(number)<br/>            throughput = optional(number, 500)<br/>            }), {<br/>            size       = 1000<br/>            type       = "gp3"<br/>            iops       = null<br/>            throughput = 500<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | `"domino-eks"` | no |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool, true)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string, "1.27")<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled             = "Toggle, if set use either the specified KMS key\_id or a Domino-generated one"<br>    key\_id              = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled             = "Toggle, if set use either the specified KMS key\_id or a Domino-generated one"<br/>    key\_id              = optional(string, null)<br/>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br/>    enabled             = optional(bool, true)<br/>    key_id              = optional(string, null)<br/>    additional_policies = optional(list(string), [])<br/>  })</pre> | `{}` | no |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }))<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }))<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
-| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br>    connections = List of VPN connections, each with:<br>      - name: Name for identification (optional).<br>      - shared\_ip: Customer's shared IP Address (optional).<br>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br>    create = optional(bool, false)<br>    connections = optional(list(object({<br>      name        = optional(string, "")<br>      shared_ip   = optional(string, "")<br>      cidr_blocks = optional(list(string), [])<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br/>    connections = List of VPN connections, each with:<br/>      - name: Name for identification (optional).<br/>      - shared\_ip: Customer's shared IP Address (optional).<br/>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br/>    create = optional(bool, false)<br/>    connections = optional(list(object({<br/>      name        = optional(string, "")<br/>      shared_ip   = optional(string, "")<br/>      cidr_blocks = optional(list(string), [])<br/>    })), [])<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/infra/variables.tf b/modules/infra/variables.tf
index 21a658e9a..df5fe03b0 100644
--- a/modules/infra/variables.tf
+++ b/modules/infra/variables.tf
@@ -49,6 +49,7 @@ variable "ssh_pvt_key_path" {
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     creation_role_name = Name of the role to import.
     k8s_version = EKS cluster k8s version.
     nodes_master  Grants the nodes role system:master access. NOT recomended
@@ -75,6 +76,7 @@ variable "eks" {
   EOF
 
   type = object({
+    run_k8s_setup      = optional(bool, true)
     creation_role_name = optional(string, null)
     k8s_version        = optional(string, "1.27")
     nodes_master       = optional(bool, false)
diff --git a/tests/plan/terraform/README.md b/tests/plan/terraform/README.md
index 4021814f3..49f80f4ff 100644
--- a/tests/plan/terraform/README.md
+++ b/tests/plan/terraform/README.md
@@ -38,25 +38,25 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number, null)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br>    instance_type            = optional(string, "t3.micro")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    username                 = optional(string, "ec2-user")<br>    install_binaries         = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
+| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br/>    ami                        = optional(string, null)<br/>    bootstrap_extra_args       = optional(string, "")<br/>    instance_types             = list(string)<br/>    spot                       = optional(bool, false)<br/>    min_per_az                 = number<br/>    max_per_az                 = number<br/>    max_unavailable_percentage = optional(number, 50)<br/>    max_unavailable            = optional(number, null)<br/>    desired_per_az             = number<br/>    availability_zone_ids      = list(string)<br/>    labels                     = map(string)<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    tags = optional(map(string), {})<br/>    gpu  = optional(bool, null)<br/>    volume = object({<br/>      size = string<br/>      type = string<br/>    })<br/>  }))</pre> | `{}` | no |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br/>    ami                      = Ami id. Defaults to latest 'al2023' ami.<br/>    instance\_type            = Instance type.<br/>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br/>    username                 = Bastion user.<br/>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br/>    enabled                  = optional(bool, true)<br/>    ami_id                   = optional(string, null) # default will use the latest 'al2023' ami<br/>    instance_type            = optional(string, "t3.micro")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    username                 = optional(string, "ec2-user")<br/>    install_binaries         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | `"domino-eks"` | no |
-| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    k8s_version  = optional(string, "1.27")<br>    nodes_master = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(map(string), null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup = optional(bool, true)<br/>    k8s_version   = optional(string, "1.27")<br/>    nodes_master  = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string, "")<br/>      path       = optional(string, null)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool, false)<br/>      cidrs   = optional(list(string), [])<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })), [])<br/>    master_role_names  = optional(list(string), [])<br/>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br/>    ssm_log_group_name = optional(string, "session-manager")<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string, null)<br/>      groups_prefix                 = optional(string, null)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string, null)<br/>      required_claims               = optional(map(string), null)<br/>      username_claim                = optional(string, null)<br/>      username_prefix               = optional(string, null)<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_enable_private_link"></a> [enable\_private\_link](#input\_enable\_private\_link) | Enable Private Link connections | `bool` | `false` | no |
-| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br>    enabled                         = optional(bool, false)<br>    namespace                       = optional(string, "domino-compute")<br>    operator_service_account_name   = optional(string, "pham-juno-operator")<br>    operator_role_suffix            = optional(string, "external-deployments-operator")<br>    repository_suffix               = optional(string, "external-deployments")<br>    bucket_suffix                   = optional(string, "external-deployments")<br>    enable_assume_any_external_role = optional(bool, true)<br>    enable_in_account_deployments   = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
-| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br/>    key\_id  = optional(string, null)<br/>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br/>    enabled             = optional(bool, true)<br/>    key_id              = optional(string, null)<br/>    additional_policies = optional(list(string), [])<br/>  })</pre> | `{}` | no |
+| <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_route53_hosted_zone_name"></a> [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | Optional hosted zone for External DNS zone. | `string` | `null` | no |
-| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br>    name                 = optional(string, "single-node")<br>    bootstrap_extra_args = optional(string, "")<br>    ami = optional(object({<br>      name_prefix = optional(string, null)<br>      owner       = optional(string, null)<br><br>    }))<br>    instance_type            = optional(string, "m6i.2xlarge")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    labels                   = optional(map(string))<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    volume = optional(object({<br>      size = optional(number, 1000)<br>      type = optional(string, "gp3")<br>    }), {})<br>  })</pre> | `null` | no |
+| <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br/>    name                 = optional(string, "single-node")<br/>    bootstrap_extra_args = optional(string, "")<br/>    ami = optional(object({<br/>      name_prefix = optional(string, null)<br/>      owner       = optional(string, null)<br/><br/>    }))<br/>    instance_type            = optional(string, "m6i.2xlarge")<br/>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br/>    labels                   = optional(map(string))<br/>    taints = optional(list(object({<br/>      key    = string<br/>      value  = optional(string)<br/>      effect = string<br/>    })), [])<br/>    volume = optional(object({<br/>      size = optional(number, 1000)<br/>      type = optional(string, "gp3")<br/>    }), {})<br/>  })</pre> | `null` | no |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }))<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }))<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
-| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br>    connections = List of VPN connections, each with:<br>      - name: Name for identification (optional).<br>      - shared\_ip: Customer's shared IP Address (optional).<br>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br>    create = optional(bool, false)<br>    connections = optional(list(object({<br>      name        = optional(string, "")<br>      shared_ip   = optional(string, "")<br>      cidr_blocks = optional(list(string), [])<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_vpn_connections"></a> [vpn\_connections](#input\_vpn\_connections) | create = Create a VPN connection.<br/>    connections = List of VPN connections, each with:<br/>      - name: Name for identification (optional).<br/>      - shared\_ip: Customer's shared IP Address (optional).<br/>      - cidr\_block: CIDR block for the customer's network (optional). | <pre>object({<br/>    create = optional(bool, false)<br/>    connections = optional(list(object({<br/>      name        = optional(string, "")<br/>      shared_ip   = optional(string, "")<br/>      cidr_blocks = optional(list(string), [])<br/>    })), [])<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/tests/plan/terraform/variables.tf b/tests/plan/terraform/variables.tf
index 7071a5094..b14e89b4e 100644
--- a/tests/plan/terraform/variables.tf
+++ b/tests/plan/terraform/variables.tf
@@ -59,6 +59,7 @@ variable "ssh_pvt_key_path" {
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     k8s_version = EKS cluster k8s version.
     nodes_master  Grants the nodes role system:master access. NOT recomended
     kubeconfig = {
@@ -84,8 +85,9 @@ variable "eks" {
   EOF
 
   type = object({
-    k8s_version  = optional(string, "1.27")
-    nodes_master = optional(bool, false)
+    run_k8s_setup = optional(bool, true)
+    k8s_version   = optional(string, "1.27")
+    nodes_master  = optional(bool, false)
     kubeconfig = optional(object({
       extra_args = optional(string, "")
       path       = optional(string, null)