diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 7be84f800..bc2c997db 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -37,7 +37,7 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.5
+        uses: clowdhaus/terraform-min-max@v1.2.6
         with:
           directory: ${{ matrix.directory }}
 
@@ -70,7 +70,7 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.5
+        uses: clowdhaus/terraform-min-max@v1.2.6
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
         uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2b72742f9..78fa170a4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.77.1
+  rev: v1.80.0
   hooks:
     - id: terraform_fmt
     - id: terraform_validate
diff --git a/README.md b/README.md
index 61548fd7c..72f9dbea1 100644
--- a/README.md
+++ b/README.md
@@ -21,14 +21,11 @@
 | [external-dns](https://github.com/kubernetes-incubator/external-dns)                                                          | sync ingress and service records in route53                                                      | :x:                 | :heavy_check_mark:  | :heavy_check_mark:  | :x:                 | :x:                 |
 | [flux2](https://github.com/fluxcd/flux2)                                                                                      | Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit       | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [ingress-nginx](https://github.com/kubernetes/ingress-nginx)                                                                  | processes `Ingress` object and acts as a HTTP/HTTPS proxy (compatible with cert-manager)         | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :x:                 | :x:                 |
-| [istio-operator](https://istio.io)                                                                                            | Service mesh for Kubernetes                                                                      | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [k8gb](https://www.k8gb.io/)                                                                                                  | A cloud native Kubernetes Global Balancer                                                        | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [karma](https://github.com/prymitive/karma)                                                                                   | An alertmanager dashboard                                                                        | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [keda](https://github.com/kedacore/keda)                                                                                      | Kubernetes Event-driven Autoscaling                                                              | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
-| [keycloak](https://www.keycloak.org/)                                                                                         | Identity and access management                                                                   | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [kong](https://konghq.com/kong)                                                                                               | API Gateway ingress controller                                                                   | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :x:                 | :x:                 |
 | [kube-prometheus-stack](https://github.com/prometheus-operator/kube-prometheus)                                               | Monitoring / Alerting / Dashboards                                                               | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :x:                 | :x:                 |
-| [kyverno](https://github.com/kyverno/kyverno)                                                                                 | Kubernetes Native Policy Management                                                              | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [loki-stack](https://grafana.com/oss/loki/)                                                                                   | Grafana Loki logging stack                                                                       | :heavy_check_mark:  | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
 | [promtail](https://grafana.com/docs/loki/latest/clients/promtail/)                                                            | Ship log to loki from other cluster (eg. mTLS)                                                   | :construction:      | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
 | [prometheus-adapter](https://github.com/kubernetes-sigs/prometheus-adapter)                                                   | Prometheus metrics for use with the autoscaling/v2 Horizontal Pod Autoscaler in Kubernetes 1.6+  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
@@ -39,12 +36,10 @@
 | [node-problem-detector](https://github.com/kubernetes/node-problem-detector)                                                  | Forwards node problems to Kubernetes events                                                      | :heavy_check_mark:  | :heavy_check_mark:  | Included            | Included            | Included            |
 | [secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) | Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume. | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets)                                                              | Technology agnostic, store secrets on git                                                        | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
-| [strimzi-kafka-operator](https://github.com/strimzi/strimzi-kafka-operator)                                                   | Apache Kafka running on Kubernetes                                                               | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 | [thanos](https://thanos.io/)                                                                                                  | Open source, highly available Prometheus setup with long term storage capabilities               | :x:                 | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
 | [thanos-memcached](https://thanos.io/tip/components/query-frontend.md/#memcached)                                             | Open source, highly available Prometheus setup with long term storage capabilities               | :x:                 | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
 | [thanos-storegateway](https://thanos.io/)                                                                                     | Additional storegateway to query multiple object stores                                          | :x:                 | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
 | [thanos-tls-querier](https://thanos.io/tip/operating/cross-cluster-tls-communication.md/)                                     | Thanos TLS querier for cross cluster collection                                                  | :x:                 | :heavy_check_mark:  | :construction:      | :x:                 | :x:                 |
-| [vault](https://www.vaultproject.io/)                                                                                         | A tool for secrets management, encryption as a service, and privileged access management         | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  | :heavy_check_mark:  |
 
 ## Submodules
 
@@ -87,7 +82,7 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 0.25 |
+| <a name="requirement_flux"></a> [flux](#requirement\_flux) | 1.0.0-rc.5 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
@@ -99,7 +94,7 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 0.25 |
+| <a name="provider_flux"></a> [flux](#provider\_flux) | 1.0.0-rc.5 |
 | <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
@@ -117,26 +112,19 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [flux_bootstrap_git.flux](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.5/docs/resources/bootstrap_git) | resource |
 | [github_branch_default.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [github_repository_deploy_key.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
-| [github_repository_file.install](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.kustomize](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.sync](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
 | [helm_release.admiralty](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.flux](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ingress-nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.k8gb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.karma](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.keycloak](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kong](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-control-plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -147,15 +135,11 @@ No modules.
 | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -163,22 +147,17 @@ No modules.
 | [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd-viz](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.flux2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.ingress-nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.istio-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.k8gb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.karma](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.keda](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.keycloak](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.kyverno](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd-viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -188,13 +167,10 @@ No modules.
 | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -204,17 +180,12 @@ No modules.
 | [kubernetes_network_policy.cert-manager_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -222,10 +193,6 @@ No modules.
 | [kubernetes_network_policy.karma_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -234,8 +201,6 @@ No modules.
 | [kubernetes_network_policy.kube-prometheus-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -257,56 +222,38 @@ No modules.
 | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
 | [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
-| [kubernetes_role.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_secret.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.loki-stack-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.promtail-tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.vault-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [random_string.grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
-| [tls_cert_request.vault-tls-client-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_locally_signed_cert.promtail-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
-| [tls_locally_signed_cert.vault-tls-client-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_private_key.identity](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.loki-stack-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.promtail-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-client-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_self_signed_cert.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.loki-stack-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [tls_self_signed_cert.vault-tls-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
-| [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
 | [http_http.calico_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
@@ -314,11 +261,9 @@ No modules.
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.tigera-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
-| [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
@@ -333,18 +278,14 @@ No modules.
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
 | <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
-| <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
 | <a name="input_helm_defaults"></a> [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no |
 | <a name="input_ingress-nginx"></a> [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no |
-| <a name="input_istio-operator"></a> [istio-operator](#input\_istio-operator) | Customize istio operator deployment, see `istio_operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_k8gb"></a> [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no |
 | <a name="input_karma"></a> [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no |
 | <a name="input_keda"></a> [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no |
-| <a name="input_keycloak"></a> [keycloak](#input\_keycloak) | Customize keycloak chart, see `keycloak.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kong"></a> [kong](#input\_kong) | Customize kong-ingress chart, see `kong.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kube-prometheus-stack"></a> [kube-prometheus-stack](#input\_kube-prometheus-stack) | Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_kyverno"></a> [kyverno](#input\_kyverno) | Customize kyverno chart, see `kyverno.tf` for supported values | `any` | `{}` | no |
 | <a name="input_labels_prefix"></a> [labels\_prefix](#input\_labels\_prefix) | Custom label prefix used for network policy namespace matching | `string` | `"particule.io"` | no |
 | <a name="input_linkerd"></a> [linkerd](#input\_linkerd) | Customize linkerd chart, see `linkerd.tf` for supported values | `any` | `{}` | no |
 | <a name="input_linkerd-viz"></a> [linkerd-viz](#input\_linkerd-viz) | Customize linkerd-viz chart, see `linkerd-viz.tf` for supported values | `any` | `{}` | no |
@@ -358,17 +299,14 @@ No modules.
 | <a name="input_prometheus-adapter"></a> [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_prometheus-blackbox-exporter"></a> [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_promtail"></a> [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_rabbitmq-operator"></a> [rabbitmq-operator](#input\_rabbitmq-operator) | Customize rabbitmq-operator chart, see `rabbitmq-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_sealed-secrets"></a> [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no |
 | <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
-| <a name="input_strimzi-kafka-operator"></a> [strimzi-kafka-operator](#input\_strimzi-kafka-operator) | Customize strimzi-kafka-operator chart, see `strimzi-kafka-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
-| <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
 ## Outputs
@@ -379,8 +317,4 @@ No modules.
 | <a name="output_loki-stack-ca"></a> [loki-stack-ca](#output\_loki-stack-ca) | n/a |
 | <a name="output_promtail-cert"></a> [promtail-cert](#output\_promtail-cert) | n/a |
 | <a name="output_promtail-key"></a> [promtail-key](#output\_promtail-key) | n/a |
-| <a name="output_vault_ca_key"></a> [vault\_ca\_key](#output\_vault\_ca\_key) | n/a |
-| <a name="output_vault_ca_pem"></a> [vault\_ca\_pem](#output\_vault\_ca\_pem) | n/a |
-| <a name="output_vault_tls_client_cert_pem"></a> [vault\_tls\_client\_cert\_pem](#output\_vault\_tls\_client\_cert\_pem) | n/a |
-| <a name="output_vault_tls_client_key"></a> [vault\_tls\_client\_key](#output\_vault\_tls\_client\_key) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/flux.tf b/flux.tf
deleted file mode 100644
index 084befae3..000000000
--- a/flux.tf
+++ /dev/null
@@ -1,181 +0,0 @@
-locals {
-
-  flux = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "flux")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "flux")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "flux")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "flux")].version
-      namespace              = "flux"
-      service_account_name   = "flux"
-      enabled                = false
-      default_network_policy = true
-    },
-    var.flux
-  )
-
-  values_flux = <<VALUES
-rbac:
-  create: true
-syncGarbageCollection:
-  enabled: true
-  dry: false
-prometheus:
-  enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
-  serviceMonitor:
-    create: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
-VALUES
-}
-
-resource "kubernetes_namespace" "flux" {
-  count = local.flux["enabled"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.flux["namespace"]
-    }
-
-    name = local.flux["namespace"]
-  }
-}
-
-resource "kubernetes_role" "flux" {
-  count = local.flux["enabled"] ? 1 : 0
-
-  metadata {
-    name      = "flux-${kubernetes_namespace.flux.*.metadata.0.name[count.index]}"
-    namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-  }
-
-  rule {
-    api_groups = ["", "batch", "extensions", "apps"]
-    resources  = ["*"]
-    verbs      = ["*"]
-  }
-}
-
-resource "kubernetes_role_binding" "flux" {
-  count = local.flux["enabled"] ? 1 : 0
-
-  metadata {
-    name      = "flux-${kubernetes_namespace.flux.*.metadata.0.name[count.index]}-binding"
-    namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "Role"
-    name      = kubernetes_role.flux.*.metadata.0.name[count.index]
-  }
-
-  subject {
-    kind      = "ServiceAccount"
-    name      = "flux"
-    namespace = "flux"
-  }
-}
-
-resource "helm_release" "flux" {
-  count                 = local.flux["enabled"] ? 1 : 0
-  repository            = local.flux["repository"]
-  name                  = local.flux["name"]
-  chart                 = local.flux["chart"]
-  version               = local.flux["chart_version"]
-  timeout               = local.flux["timeout"]
-  force_update          = local.flux["force_update"]
-  recreate_pods         = local.flux["recreate_pods"]
-  wait                  = local.flux["wait"]
-  atomic                = local.flux["atomic"]
-  cleanup_on_fail       = local.flux["cleanup_on_fail"]
-  dependency_update     = local.flux["dependency_update"]
-  disable_crd_hooks     = local.flux["disable_crd_hooks"]
-  disable_webhooks      = local.flux["disable_webhooks"]
-  render_subchart_notes = local.flux["render_subchart_notes"]
-  replace               = local.flux["replace"]
-  reset_values          = local.flux["reset_values"]
-  reuse_values          = local.flux["reuse_values"]
-  skip_crds             = local.flux["skip_crds"]
-  verify                = local.flux["verify"]
-  values = [
-    local.values_flux,
-    local.flux["extra_values"]
-  ]
-  namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-
-  depends_on = [
-    kubectl_manifest.prometheus-operator_crds
-  ]
-}
-
-resource "kubernetes_network_policy" "flux_default_deny" {
-  count = local.flux["enabled"] && local.flux["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.flux.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "flux_allow_namespace" {
-  count = local.flux["enabled"] && local.flux["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.flux.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "flux_allow_monitoring" {
-  count = local.flux["enabled"] && local.flux["default_network_policy"] && local.kube-prometheus-stack["enabled"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.flux.*.metadata.0.name[count.index]}-allow-monitoring"
-    namespace = kubernetes_namespace.flux.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      ports {
-        port     = "3030"
-        protocol = "TCP"
-      }
-
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.kube-prometheus-stack.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/flux2.tf b/flux2.tf
index dd0982b3c..eeae7d879 100644
--- a/flux2.tf
+++ b/flux2.tf
@@ -9,43 +9,18 @@ locals {
       enabled                  = false
       create_ns                = true
       namespace                = "flux-system"
-      target_path              = "production"
-      default_network_policy   = true
-      version                  = "v0.41.2"
-      github_url               = "ssh://git@<host>/<org>/<repository>"
+      path                     = "gitops/clusters/${var.cluster-name}"
+      version                  = "v2.0.0-rc.5"
       create_github_repository = false
-      github_token             = ""
       repository               = "gitops"
       repository_visibility    = "public"
       branch                   = "main"
-      flux_sync_branch         = ""
-      default_components       = ["source-controller", "kustomize-controller", "helm-controller", "notification-controller"]
-      components               = []
-      provider                 = "github"
-      auto_image_update        = false
-      custom_kustomize         = ""
-      ignore_fields_apply      = []
-      ignore_fields_sync       = []
-
-      known_hosts = [
-        "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=",
-        "gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY="
-      ]
+      components_extra         = ["image-reflector-controller", "image-automation-controller"]
+      read_only                = false
+      default_network_policy   = true
     },
     var.flux2
   )
-
-  apply = local.flux2["enabled"] ? [for v in data.kubectl_file_documents.apply[0].documents : {
-    data : yamldecode(v)
-    content : v
-    }
-  ] : null
-
-  sync = local.flux2["enabled"] ? [for v in data.kubectl_file_documents.sync[0].documents : {
-    data : yamldecode(v)
-    content : v
-    }
-  ] : null
 }
 
 resource "kubernetes_namespace" "flux2" {
@@ -72,126 +47,58 @@ resource "tls_private_key" "identity" {
   ecdsa_curve = "P521"
 }
 
-data "flux_install" "main" {
-  count          = local.flux2["enabled"] ? 1 : 0
-  namespace      = local.flux2["namespace"]
-  target_path    = local.flux2["target_path"]
-  network_policy = false
-  version        = local.flux2["version"]
-  components     = distinct(concat(local.flux2["default_components"], local.flux2["components"], local.flux2["auto_image_update"] ? ["image-reflector-controller", "image-automation-controller"] : []))
-}
-
-# Split multi-doc YAML with
-# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
-data "kubectl_file_documents" "apply" {
-  count   = local.flux2["enabled"] ? 1 : 0
-  content = data.flux_install.main[0].content
-}
-
-# Apply manifests on the cluster
-resource "kubectl_manifest" "apply" {
-  for_each      = local.flux2["enabled"] ? { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
-  depends_on    = [kubernetes_namespace.flux2]
-  yaml_body     = each.value
-  ignore_fields = local.flux2.ignore_fields_apply
-}
-
-# Generate manifests
-data "flux_sync" "main" {
-  count       = local.flux2["enabled"] ? 1 : 0
-  target_path = local.flux2["target_path"]
-  url         = local.flux2["github_url"]
-  branch      = local.flux2["flux_sync_branch"] != "" ? local.flux2["flux_sync_branch"] : local.flux2["branch"]
-  namespace   = local.flux2["namespace"]
-}
-
-# Split multi-doc YAML with
-# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
-data "kubectl_file_documents" "sync" {
-  count   = local.flux2["enabled"] ? 1 : 0
-  content = data.flux_sync.main[0].content
-}
-
-# Apply manifests on the cluster
-resource "kubectl_manifest" "sync" {
-  for_each = local.flux2["enabled"] ? { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
-  depends_on = [
-    kubernetes_namespace.flux2,
-    kubectl_manifest.apply
-  ]
-  yaml_body     = each.value
-  ignore_fields = local.flux2.ignore_fields_sync
-}
-
-# Generate a Kubernetes secret with the Git credentials
-resource "kubernetes_secret" "main" {
-  count      = local.flux2["enabled"] ? 1 : 0
-  depends_on = [kubectl_manifest.apply]
-
-  metadata {
-    name      = data.flux_sync.main[0].name
-    namespace = data.flux_sync.main[0].namespace
-  }
-
-  data = {
-    "identity.pub" = tls_private_key.identity[0].public_key_pem
-    identity       = tls_private_key.identity[0].private_key_pem
-    known_hosts    = join("\n", local.flux2["known_hosts"])
-  }
+data "github_repository" "main" {
+  count = local.flux2["enabled"] && !local.flux2["create_github_repository"] ? 1 : 0
+  name  = local.flux2["repository"]
 }
 
-# GitHub
 resource "github_repository" "main" {
-  count      = local.flux2["enabled"] && local.flux2["create_github_repository"] && (local.flux2["provider"] == "github") ? 1 : 0
+  count      = local.flux2["enabled"] && local.flux2["create_github_repository"] ? 1 : 0
   name       = local.flux2["repository"]
   visibility = local.flux2["repository_visibility"]
   auto_init  = true
 }
 
-data "github_repository" "main" {
-  count = local.flux2["enabled"] && !local.flux2["create_github_repository"] && (local.flux2["provider"] == "github") ? 1 : 0
-  name  = local.flux2["repository"]
-}
-
 resource "github_branch_default" "main" {
-  count      = local.flux2["enabled"] && local.flux2["create_github_repository"] && (local.flux2["provider"] == "github") ? 1 : 0
+  count      = local.flux2["enabled"] && local.flux2["create_github_repository"] ? 1 : 0
   repository = local.flux2["create_github_repository"] ? github_repository.main[0].name : data.github_repository.main[0].name
   branch     = local.flux2["branch"]
 }
 
 resource "github_repository_deploy_key" "main" {
-  count      = local.flux2["enabled"] && (local.flux2["provider"] == "github") ? 1 : 0
+  count      = local.flux2["enabled"] ? 1 : 0
   title      = "flux-${local.flux2["create_github_repository"] ? github_repository.main[0].name : local.flux2["repository"]}-${local.flux2["branch"]}"
   repository = local.flux2["create_github_repository"] ? github_repository.main[0].name : data.github_repository.main[0].name
   key        = tls_private_key.identity[0].public_key_openssh
-  read_only  = !local.flux2["auto_image_update"]
+  read_only  = local.flux2["read_only"]
 }
 
-resource "github_repository_file" "install" {
-  count               = local.flux2["enabled"] && (local.flux2["provider"] == "github") ? 1 : 0
-  repository          = local.flux2["create_github_repository"] ? github_repository.main[0].name : data.github_repository.main[0].name
-  file                = data.flux_install.main[0].path
-  content             = data.flux_install.main[0].content
-  branch              = local.flux2["branch"]
-  overwrite_on_create = true
-}
+resource "flux_bootstrap_git" "flux" {
+  count = local.flux2["enabled"] ? 1 : 0
 
-resource "github_repository_file" "sync" {
-  count               = local.flux2["enabled"] && (local.flux2["provider"] == "github") ? 1 : 0
-  repository          = local.flux2["create_github_repository"] ? github_repository.main[0].name : data.github_repository.main[0].name
-  file                = data.flux_sync.main[0].path
-  content             = data.flux_sync.main[0].content
-  branch              = local.flux2["branch"]
-  overwrite_on_create = true
-}
+  depends_on = [
+    github_repository_deploy_key.main,
+    kubernetes_namespace.flux2
+  ]
+
+  path                    = local.flux2["path"]
+  version                 = local.flux2["version"]
+  namespace               = local.flux2["namespace"]
+  cluster_domain          = try(local.flux2["cluster_domain"], null)
+  components              = try(local.flux2["components"], null)
+  components_extra        = try(local.flux2["components_extra"], null)
+  disable_secret_creation = try(local.flux2["disable_secret_creation"], null)
+  image_pull_secret       = try(local.flux2["image_pull_secrets"], null)
+  interval                = try(local.flux2["interval"], null)
+  kustomization_override  = try(local.flux2["kustomization_override"], null)
+  log_level               = try(local.flux2["log_level"], null)
+  network_policy          = try(local.flux2["network_policy"], null)
+  recurse_submodules      = try(local.flux2["recurse_submodules"], null)
+  registry                = try(local.flux2["registry"], null)
+  secret_name             = try(local.flux2["secret_name"], null)
+  toleration_keys         = try(local.flux2["toleration_keys"], null)
+  watch_all_namespaces    = try(local.flux2["watch_all_namespaces"], null)
 
-resource "github_repository_file" "kustomize" {
-  count               = local.flux2["enabled"] && (local.flux2["provider"] == "github") ? 1 : 0
-  repository          = local.flux2["create_github_repository"] ? github_repository.main[0].name : data.github_repository.main[0].name
-  file                = data.flux_sync.main[0].kustomize_path
-  content             = local.flux2.custom_kustomize == "" ? data.flux_sync.main[0].kustomize_content : local.flux2.custom_kustomize
-  branch              = local.flux2["branch"]
-  overwrite_on_create = true
 }
 
 resource "kubernetes_network_policy" "flux2_allow_monitoring" {
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 4390834d4..e03dfff5b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -9,31 +9,28 @@ dependencies:
     version: 1.3.3
     repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
   - name: aws-ebs-csi-driver
-    version: 2.18.0
+    version: 2.19.0
     repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
   - name: aws-efs-csi-driver
-    version: 2.4.1
+    version: 2.4.4
     repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
   - name: aws-for-fluent-bit
     version: 0.1.24
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.5.2
+    version: 1.5.3
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0
     repository: https://aws.github.io/eks-charts
-  - name: aws-calico
-    version: 0.3.11
-    repository: https://aws.github.io/eks-charts
   - name: cert-manager
-    version: v1.11.1
+    version: v1.12.1
     repository: https://charts.jetstack.io
   - name: cert-manager-csi-driver
     version: v0.5.0
     repository: https://charts.jetstack.io
   - name: cluster-autoscaler
-    version: 9.28.0
+    version: 9.29.0
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
     version: 1.12.2
@@ -42,55 +39,43 @@ dependencies:
     version: 1.13.3
     repository: https://charts.fluxcd.io
   - name: ingress-nginx
-    version: 4.6.0
+    version: 4.7.0
     repository: https://kubernetes.github.io/ingress-nginx
-  - name: istio-operator
-    version: 1.7.0
-    repository: https://clusterfrak-dynamics.github.io/istio/
   - name: k8gb
     version: v0.11.1
     repository: https://www.k8gb.io
   - name: karma
     version: 1.7.2
     repository: https://charts.helm.sh/stable
+  - name: karpenter
+    version: v0.27.5
+    repository: oci://public.ecr.aws/karpenter
   - name: keda
     version: 2.10.2
     repository: https://kedacore.github.io/charts
-  - name: keycloak
-    version: 18.4.0
-    repository: https://codecentric.github.io/helm-charts
   - name: kong
-    version: 2.20.0
+    version: 2.22.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 45.21.0
+    version: 46.6.0
     repository: https://prometheus-community.github.io/helm-charts
-  - name: kyverno
-    version: 2.7.2
-    repository: https://kyverno.github.io/kyverno/
-  - name: kyverno-crds
-    version: v2.0.3
-    repository: https://kyverno.github.io/kyverno/
   - name: linkerd2-cni
-    version: 30.8.2
+    version: 30.8.3
     repository: https://helm.linkerd.io/stable
   - name: linkerd-control-plane
-    version: 1.12.2
+    version: 1.12.4
     repository: https://helm.linkerd.io/stable
   - name: linkerd-crds
     version: 1.6.1
     repository: https://helm.linkerd.io/stable
   - name: linkerd-viz
-    version: 30.8.2
+    version: 30.8.4
     repository: https://helm.linkerd.io/stable
-  - name: loki-stack
-    version: 2.9.10
-    repository: https://grafana.github.io/helm-charts
   - name: loki
-    version: 5.3.0
+    version: 5.6.1
     repository: https://grafana.github.io/helm-charts
   - name: promtail
-    version: 6.11.0
+    version: 6.11.2
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
     version: 3.10.0
@@ -102,43 +87,34 @@ dependencies:
     version: 4.2.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-cloudwatch-exporter
-    version: 0.24.0
+    version: 0.25.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-blackbox-exporter
-    version: 7.7.0
+    version: 7.9.0
     repository: https://prometheus-community.github.io/helm-charts
-  - name: rabbitmq-cluster-operator
-    version: 3.2.10
-    repository: https://charts.bitnami.com/bitnami
   - name: scaleway-webhook
     version: v0.0.1
     repository: https://particuleio.github.io/charts
   - name: sealed-secrets
-    version: 2.8.2
+    version: 2.9.0
     repository: https://bitnami-labs.github.io/sealed-secrets
-  - name: strimzi-kafka-operator
-    version: 0.34.0
-    repository: https://strimzi.io/charts/
   - name: thanos
-    version: 12.4.3
+    version: 12.6.2
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.25.1
+    version: v3.26.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
     version: 23.0.1
     repository: https://helm.traefik.io/traefik
   - name: memcached
-    version: 6.3.14
+    version: 6.5.2
     repository: https://charts.bitnami.com/bitnami
-  - name: vault
-    version: 0.24.1
-    repository: https://helm.releases.hashicorp.com
   - name: velero
-    version: 3.2.0
+    version: 4.0.2
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.14.17
+    version: 0.16.3
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0
diff --git a/istio-operator.tf b/istio-operator.tf
deleted file mode 100644
index 84dc7a5e4..000000000
--- a/istio-operator.tf
+++ /dev/null
@@ -1,102 +0,0 @@
-locals {
-  istio-operator = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "istio-operator")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "istio-operator")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "istio-operator")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "istio-operator")].version
-      namespace              = "istio-system"
-      enabled                = false
-      version                = "1.7.4"
-      default_network_policy = true
-    },
-    var.istio-operator
-  )
-
-  values_istio-operator = <<VALUES
-hub: istio
-tag: ${local.istio-operator["version"]}-distroless
-VALUES
-}
-
-resource "kubernetes_namespace" "istio-operator" {
-  count = local.istio-operator["enabled"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.istio-operator["namespace"]
-    }
-
-    name = local.istio-operator["namespace"]
-  }
-}
-
-resource "helm_release" "istio-operator" {
-  count                 = local.istio-operator["enabled"] ? 1 : 0
-  repository            = local.istio-operator["repository"]
-  name                  = local.istio-operator["name"]
-  chart                 = local.istio-operator["chart"]
-  version               = local.istio-operator["chart_version"]
-  timeout               = local.istio-operator["timeout"]
-  force_update          = local.istio-operator["force_update"]
-  recreate_pods         = local.istio-operator["recreate_pods"]
-  wait                  = local.istio-operator["wait"]
-  atomic                = local.istio-operator["atomic"]
-  cleanup_on_fail       = local.istio-operator["cleanup_on_fail"]
-  dependency_update     = local.istio-operator["dependency_update"]
-  disable_crd_hooks     = local.istio-operator["disable_crd_hooks"]
-  disable_webhooks      = local.istio-operator["disable_webhooks"]
-  render_subchart_notes = local.istio-operator["render_subchart_notes"]
-  replace               = local.istio-operator["replace"]
-  reset_values          = local.istio-operator["reset_values"]
-  reuse_values          = local.istio-operator["reuse_values"]
-  skip_crds             = local.istio-operator["skip_crds"]
-  verify                = local.istio-operator["verify"]
-  values = [
-    local.values_istio-operator,
-    local.istio-operator["extra_values"]
-  ]
-  namespace = kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]
-}
-
-resource "kubernetes_network_policy" "istio-operator_default_deny" {
-  count = local.istio-operator["enabled"] && local.istio-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "istio-operator_allow_namespace" {
-  count = local.istio-operator["enabled"] && local.istio-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.istio-operator.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/keycloak.tf b/keycloak.tf
deleted file mode 100644
index 96b386f64..000000000
--- a/keycloak.tf
+++ /dev/null
@@ -1,163 +0,0 @@
-locals {
-  keycloak = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "keycloak")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "keycloak")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "keycloak")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "keycloak")].version
-      namespace              = "keycloak"
-      enabled                = false
-      default_network_policy = true
-    },
-    var.keycloak
-  )
-
-  values_keycloak = <<VALUES
-serviceMonitor:
-  enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
-priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
-VALUES
-}
-
-resource "kubernetes_namespace" "keycloak" {
-  count = local.keycloak["enabled"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.keycloak["namespace"]
-    }
-
-    name = local.keycloak["namespace"]
-  }
-}
-
-resource "helm_release" "keycloak" {
-  count                 = local.keycloak["enabled"] ? 1 : 0
-  repository            = local.keycloak["repository"]
-  name                  = local.keycloak["name"]
-  chart                 = local.keycloak["chart"]
-  version               = local.keycloak["chart_version"]
-  timeout               = local.keycloak["timeout"]
-  force_update          = local.keycloak["force_update"]
-  recreate_pods         = local.keycloak["recreate_pods"]
-  wait                  = local.keycloak["wait"]
-  atomic                = local.keycloak["atomic"]
-  cleanup_on_fail       = local.keycloak["cleanup_on_fail"]
-  dependency_update     = local.keycloak["dependency_update"]
-  disable_crd_hooks     = local.keycloak["disable_crd_hooks"]
-  disable_webhooks      = local.keycloak["disable_webhooks"]
-  render_subchart_notes = local.keycloak["render_subchart_notes"]
-  replace               = local.keycloak["replace"]
-  reset_values          = local.keycloak["reset_values"]
-  reuse_values          = local.keycloak["reuse_values"]
-  skip_crds             = local.keycloak["skip_crds"]
-  verify                = local.keycloak["verify"]
-  values = [
-    local.values_keycloak,
-    local.keycloak["extra_values"]
-  ]
-  namespace = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-
-  depends_on = [
-    kubectl_manifest.prometheus-operator_crds
-  ]
-}
-
-resource "kubernetes_network_policy" "keycloak_default_deny" {
-  count = local.keycloak["enabled"] && local.keycloak["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.keycloak.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "keycloak_allow_namespace" {
-  count = local.keycloak["enabled"] && local.keycloak["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.keycloak.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "keycloak_allow_monitoring" {
-  count = local.keycloak["enabled"] && local.keycloak["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.keycloak.*.metadata.0.name[count.index]}-allow-monitoring"
-    namespace = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      ports {
-        port     = "9990"
-        protocol = "TCP"
-      }
-
-      from {
-        namespace_selector {
-          match_labels = {
-            "${local.labels_prefix}/component" = "monitoring"
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "keycloak_allow_ingress" {
-  count = local.keycloak["enabled"] && local.keycloak["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.keycloak.*.metadata.0.name[count.index]}-allow-ingress"
-    namespace = kubernetes_namespace.keycloak.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            "${local.labels_prefix}/component" = "ingress"
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/kyverno.tf b/kyverno.tf
deleted file mode 100644
index 75a54db9d..000000000
--- a/kyverno.tf
+++ /dev/null
@@ -1,148 +0,0 @@
-locals {
-  kyverno = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno")].version
-      namespace              = "kyverno"
-      create_ns              = false
-      enabled                = false
-      default_network_policy = true
-    },
-    var.kyverno
-  )
-
-  values_kyverno = <<VALUES
-VALUES
-
-  kyverno-crds = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno-crds")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno-crds")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno-crds")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "kyverno-crds")].version
-      namespace              = "kyverno"
-      create_ns              = false
-      enabled                = local.kyverno["enabled"] && !local.kyverno["skip_crds"]
-      default_network_policy = true
-    },
-  )
-}
-
-resource "kubernetes_namespace" "kyverno" {
-  count = local.kyverno["enabled"] && local.kyverno["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name                               = local.kyverno["namespace"]
-      "${local.labels_prefix}/component" = "kyverno"
-    }
-
-    name = local.kyverno["namespace"]
-  }
-}
-
-resource "helm_release" "kyverno" {
-  count                 = local.kyverno["enabled"] ? 1 : 0
-  repository            = local.kyverno["repository"]
-  name                  = local.kyverno["name"]
-  chart                 = local.kyverno["chart"]
-  version               = local.kyverno["chart_version"]
-  timeout               = local.kyverno["timeout"]
-  force_update          = local.kyverno["force_update"]
-  recreate_pods         = local.kyverno["recreate_pods"]
-  wait                  = local.kyverno["wait"]
-  atomic                = local.kyverno["atomic"]
-  cleanup_on_fail       = local.kyverno["cleanup_on_fail"]
-  dependency_update     = local.kyverno["dependency_update"]
-  disable_crd_hooks     = local.kyverno["disable_crd_hooks"]
-  disable_webhooks      = local.kyverno["disable_webhooks"]
-  render_subchart_notes = local.kyverno["render_subchart_notes"]
-  replace               = local.kyverno["replace"]
-  reset_values          = local.kyverno["reset_values"]
-  reuse_values          = local.kyverno["reuse_values"]
-  skip_crds             = local.kyverno["skip_crds"]
-  verify                = local.kyverno["verify"]
-  values = [
-    local.values_kyverno,
-    local.kyverno["extra_values"]
-  ]
-  namespace = local.kyverno["create_ns"] ? kubernetes_namespace.kyverno.*.metadata.0.name[count.index] : local.kyverno["namespace"]
-
-  depends_on = [
-    kubectl_manifest.prometheus-operator_crds,
-    helm_release.kyverno-crds
-  ]
-}
-
-resource "helm_release" "kyverno-crds" {
-  count                 = local.kyverno["enabled"] && !local.kyverno["skip_crds"] ? 1 : 0
-  repository            = local.kyverno["repository"]
-  name                  = local.kyverno-crds["name"]
-  chart                 = local.kyverno-crds["chart"]
-  version               = local.kyverno-crds["chart_version"]
-  timeout               = local.kyverno["timeout"]
-  force_update          = local.kyverno["force_update"]
-  recreate_pods         = local.kyverno["recreate_pods"]
-  wait                  = local.kyverno["wait"]
-  atomic                = local.kyverno["atomic"]
-  cleanup_on_fail       = local.kyverno["cleanup_on_fail"]
-  dependency_update     = local.kyverno["dependency_update"]
-  disable_crd_hooks     = local.kyverno["disable_crd_hooks"]
-  disable_webhooks      = local.kyverno["disable_webhooks"]
-  render_subchart_notes = local.kyverno["render_subchart_notes"]
-  replace               = local.kyverno["replace"]
-  reset_values          = local.kyverno["reset_values"]
-  reuse_values          = local.kyverno["reuse_values"]
-  skip_crds             = local.kyverno["skip_crds"]
-  verify                = local.kyverno["verify"]
-  values = [
-    local.values_kyverno,
-    local.kyverno["extra_values"]
-  ]
-  namespace = local.kyverno["create_ns"] ? kubernetes_namespace.kyverno.*.metadata.0.name[count.index] : local.kyverno["namespace"]
-}
-
-resource "kubernetes_network_policy" "kyverno_default_deny" {
-  count = local.kyverno["create_ns"] && local.kyverno["enabled"] && local.kyverno["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.kyverno.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.kyverno.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "kyverno_allow_namespace" {
-  count = local.kyverno["create_ns"] && local.kyverno["enabled"] && local.kyverno["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.kyverno.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.kyverno.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.kyverno.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/modules/aws/README.md b/modules/aws/README.md
index 791c05398..7c2659bde 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -22,7 +22,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.42 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 0.25 |
+| <a name="requirement_flux"></a> [flux](#requirement\_flux) | 1.0.0-rc.5 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
@@ -35,7 +35,8 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.42 |
-| <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 0.25 |
+| <a name="provider_aws.ecr_public"></a> [aws.ecr\_public](#provider\_aws.ecr\_public) | >= 4.42 |
+| <a name="provider_flux"></a> [flux](#provider\_flux) | 1.0.0-rc.5 |
 | <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
@@ -63,13 +64,13 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="module_iam_assumable_role_prometheus-cloudwatch-exporter"></a> [iam\_assumable\_role\_prometheus-cloudwatch-exporter](#module\_iam\_assumable\_role\_prometheus-cloudwatch-exporter) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_thanos"></a> [iam\_assumable\_role\_thanos](#module\_iam\_assumable\_role\_thanos) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_thanos-storegateway"></a> [iam\_assumable\_role\_thanos-storegateway](#module\_iam\_assumable\_role\_thanos-storegateway) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
-| <a name="module_iam_assumable_role_vault"></a> [iam\_assumable\_role\_vault](#module\_iam\_assumable\_role\_vault) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_velero"></a> [iam\_assumable\_role\_velero](#module\_iam\_assumable\_role\_velero) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_yet-another-cloudwatch-exporter"></a> [iam\_assumable\_role\_yet-another-cloudwatch-exporter](#module\_iam\_assumable\_role\_yet-another-cloudwatch-exporter) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
+| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | ~> 19.0 |
 | <a name="module_kube-prometheus-stack_thanos_bucket"></a> [kube-prometheus-stack\_thanos\_bucket](#module\_kube-prometheus-stack\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 | <a name="module_loki_bucket"></a> [loki\_bucket](#module\_loki\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 | <a name="module_s3_logging_bucket"></a> [s3\_logging\_bucket](#module\_s3\_logging\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
-| <a name="module_security-group-efs-csi-driver"></a> [security-group-efs-csi-driver](#module\_security-group-efs-csi-driver) | terraform-aws-modules/security-group/aws//modules/nfs | ~> 4.0 |
+| <a name="module_security-group-efs-csi-driver"></a> [security-group-efs-csi-driver](#module\_security-group-efs-csi-driver) | terraform-aws-modules/security-group/aws//modules/nfs | ~> 5.0 |
 | <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 | <a name="module_velero_thanos_bucket"></a> [velero\_thanos\_bucket](#module\_velero\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 
@@ -88,47 +89,38 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [aws_iam_policy.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.cni-metrics-helper](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.external-dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.karpenter_additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.kube-prometheus-stack_grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.kube-prometheus-stack_thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.loki-stack](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.yet-another-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_kms_alias.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
-| [aws_kms_alias.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_key.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-| [aws_kms_key.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [flux_bootstrap_git.flux](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.5/docs/resources/bootstrap_git) | resource |
 | [github_branch_default.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [github_repository_deploy_key.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
-| [github_repository_file.install](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.kustomize](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.sync](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
 | [helm_release.admiralty](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.aws-efs-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.aws-for-fluent-bit](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.aws-node-termination-handler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.calico](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.external-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.flux](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ingress-nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.k8gb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.karma](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.karpenter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.keycloak](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kong](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-control-plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -140,21 +132,17 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-memcached](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.yet-another-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.aws-ebs-csi-driver_vsc](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -165,7 +153,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubectl_manifest.linkerd-viz](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -174,21 +161,17 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_namespace.aws-for-fluent-bit](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.aws-node-termination-handler](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.calico](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.external-dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.flux2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.ingress-nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.istio-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.k8gb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.karma](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.karpenter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.keda](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.keycloak](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.kyverno](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd-viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -199,14 +182,11 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.yet-another-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -223,8 +203,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.aws-load-balancer-controller_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.aws-node-termination-handler_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.aws-node-termination-handler_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.calico_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.calico_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.cert-manager_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.cert-manager_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.cert-manager_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -237,28 +215,23 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.external-dns_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.karpenter_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.karpenter_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.karpenter_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.karpenter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -267,8 +240,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.kube-prometheus-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -292,23 +263,16 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -320,15 +284,11 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.yet-another-cloudwatch-exporter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
 | [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
-| [kubernetes_role.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_secret.kube-prometheus-stack_thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.loki-stack-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.promtail-tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.thanos-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.vault-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_storage_class.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.aws-efs-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -336,25 +296,21 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_cert_request.thanos-tls-querier-cert-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
-| [tls_cert_request.vault-tls-client-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_locally_signed_cert.promtail-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_locally_signed_cert.thanos-tls-querier-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
-| [tls_locally_signed_cert.vault-tls-client-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_private_key.identity](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.loki-stack-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.promtail-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.thanos-tls-querier-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.thanos-tls-querier-cert-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-client-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_self_signed_cert.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.loki-stack-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.thanos-tls-querier-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [tls_self_signed_cert.vault-tls-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source |
 | [aws_iam_policy_document.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.aws-ebs-csi-driver_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.aws-ebs-csi-driver_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -366,21 +322,19 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [aws_iam_policy_document.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cni-metrics-helper](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.external-dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.karpenter_additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.kube-prometheus-stack_grafana](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.kube-prometheus-stack_thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.loki-stack](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.velero_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.velero_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.yet-another-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
-| [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
 | [http_http.calico_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
@@ -389,12 +343,10 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.tigera-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
-| [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
@@ -410,7 +362,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_aws-for-fluent-bit"></a> [aws-for-fluent-bit](#input\_aws-for-fluent-bit) | Customize aws-for-fluent-bit helm chart, see `aws-fluent-bit.tf` | `any` | `{}` | no |
 | <a name="input_aws-load-balancer-controller"></a> [aws-load-balancer-controller](#input\_aws-load-balancer-controller) | Customize aws-load-balancer-controller chart, see `aws-load-balancer-controller.tf` for supported values | `any` | `{}` | no |
 | <a name="input_aws-node-termination-handler"></a> [aws-node-termination-handler](#input\_aws-node-termination-handler) | Customize aws-node-termination-handler chart, see `aws-node-termination-handler.tf` | `any` | `{}` | no |
-| <a name="input_calico"></a> [calico](#input\_calico) | Customize calico helm chart, see `calico.tf` | `any` | `{}` | no |
 | <a name="input_cert-manager"></a> [cert-manager](#input\_cert-manager) | Customize cert-manager chart, see `cert-manager.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cert-manager-csi-driver"></a> [cert-manager-csi-driver](#input\_cert-manager-csi-driver) | Customize cert-manager-csi-driver chart, see `cert-manager.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-autoscaler"></a> [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no |
@@ -426,6 +377,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_istio-operator"></a> [istio-operator](#input\_istio-operator) | Customize istio operator deployment, see `istio_operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_k8gb"></a> [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no |
 | <a name="input_karma"></a> [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no |
+| <a name="input_karpenter"></a> [karpenter](#input\_karpenter) | Customize karpenter chart, see `karpenter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_keda"></a> [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no |
 | <a name="input_keycloak"></a> [keycloak](#input\_keycloak) | Customize keycloak chart, see `keycloak.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kong"></a> [kong](#input\_kong) | Customize kong-ingress chart, see `kong.tf` for supported values | `any` | `{}` | no |
@@ -467,14 +419,11 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 
 | Name | Description |
 |------|-------------|
+| <a name="output_karpenter_iam"></a> [karpenter\_iam](#output\_karpenter\_iam) | n/a |
 | <a name="output_kube-prometheus-stack"></a> [kube-prometheus-stack](#output\_kube-prometheus-stack) | n/a |
 | <a name="output_kube-prometheus-stack_sensitive"></a> [kube-prometheus-stack\_sensitive](#output\_kube-prometheus-stack\_sensitive) | n/a |
 | <a name="output_loki-stack-ca"></a> [loki-stack-ca](#output\_loki-stack-ca) | n/a |
 | <a name="output_promtail-cert"></a> [promtail-cert](#output\_promtail-cert) | n/a |
 | <a name="output_promtail-key"></a> [promtail-key](#output\_promtail-key) | n/a |
 | <a name="output_thanos_ca"></a> [thanos\_ca](#output\_thanos\_ca) | n/a |
-| <a name="output_vault_ca_key"></a> [vault\_ca\_key](#output\_vault\_ca\_key) | n/a |
-| <a name="output_vault_ca_pem"></a> [vault\_ca\_pem](#output\_vault\_ca\_pem) | n/a |
-| <a name="output_vault_tls_client_cert_pem"></a> [vault\_tls\_client\_cert\_pem](#output\_vault\_tls\_client\_cert\_pem) | n/a |
-| <a name="output_vault_tls_client_key"></a> [vault\_tls\_client\_key](#output\_vault\_tls\_client\_key) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/aws/aws-efs-csi-driver.tf b/modules/aws/aws-efs-csi-driver.tf
index 260a6c5aa..ec902e494 100644
--- a/modules/aws/aws-efs-csi-driver.tf
+++ b/modules/aws/aws-efs-csi-driver.tf
@@ -25,6 +25,7 @@ locals {
       sg_egress_ipv6_cidr_blocks                     = null
       sg_auto_ingress_with_self                      = []
       sg_input_ingress_with_source_security_group_id = []
+      subnets                                        = []
       name_prefix                                    = "${var.cluster-name}-aws-efs-csi-driver"
     },
     var.aws-efs-csi-driver
@@ -113,7 +114,7 @@ resource "aws_efs_mount_target" "aws-efs-csi-driver" {
 module "security-group-efs-csi-driver" {
   count                                 = local.aws-efs-csi-driver["enabled"] ? 1 : 0
   source                                = "terraform-aws-modules/security-group/aws//modules/nfs"
-  version                               = "~> 4.0"
+  version                               = "~> 5.0"
   name                                  = local.aws-efs-csi-driver["name_prefix"]
   description                           = "NFS access to ${local.aws-efs-csi-driver["name_prefix"]}"
   vpc_id                                = local.aws-efs-csi-driver["sg_vpc_id"]
diff --git a/modules/aws/calico.tf b/modules/aws/calico.tf
deleted file mode 100644
index 31199a3f3..000000000
--- a/modules/aws/calico.tf
+++ /dev/null
@@ -1,103 +0,0 @@
-locals {
-
-  calico = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "aws-calico")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "aws-calico")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "aws-calico")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "aws-calico")].version
-      namespace              = "kube-system"
-      enabled                = false
-      default_network_policy = true
-      create_ns              = false
-
-    },
-    var.calico
-  )
-
-  values_calico = <<VALUES
-VALUES
-
-}
-
-resource "kubernetes_namespace" "calico" {
-  count = local.calico["enabled"] && local.calico["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.calico["namespace"]
-    }
-
-    name = local.calico["namespace"]
-  }
-}
-
-resource "helm_release" "calico" {
-  count                 = local.calico["enabled"] ? 1 : 0
-  repository            = local.calico["repository"]
-  name                  = local.calico["name"]
-  chart                 = local.calico["chart"]
-  version               = local.calico["chart_version"]
-  timeout               = local.calico["timeout"]
-  force_update          = local.calico["force_update"]
-  recreate_pods         = local.calico["recreate_pods"]
-  wait                  = local.calico["wait"]
-  atomic                = local.calico["atomic"]
-  cleanup_on_fail       = local.calico["cleanup_on_fail"]
-  dependency_update     = local.calico["dependency_update"]
-  disable_crd_hooks     = local.calico["disable_crd_hooks"]
-  disable_webhooks      = local.calico["disable_webhooks"]
-  render_subchart_notes = local.calico["render_subchart_notes"]
-  replace               = local.calico["replace"]
-  reset_values          = local.calico["reset_values"]
-  reuse_values          = local.calico["reuse_values"]
-  skip_crds             = local.calico["skip_crds"]
-  verify                = local.calico["verify"]
-  values = [
-    local.values_calico,
-    local.calico["extra_values"]
-  ]
-  namespace = local.calico["create_ns"] ? kubernetes_namespace.calico.*.metadata.0.name[count.index] : local.calico["namespace"]
-}
-
-resource "kubernetes_network_policy" "calico_default_deny" {
-  count = local.calico["enabled"] && local.calico["default_network_policy"] && local.calico["create_ns"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.calico.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.calico.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "calico_allow_namespace" {
-  count = local.calico["enabled"] && local.calico["default_network_policy"] && local.calico["create_ns"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.calico.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.calico.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.calico.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/modules/aws/flux.tf b/modules/aws/flux.tf
deleted file mode 120000
index ece85c1fa..000000000
--- a/modules/aws/flux.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../flux.tf
\ No newline at end of file
diff --git a/modules/aws/iam/aws-ebs-csi-driver.json b/modules/aws/iam/aws-ebs-csi-driver.json
index 50b3333a0..0c8b5b7a6 100644
--- a/modules/aws/iam/aws-ebs-csi-driver.json
+++ b/modules/aws/iam/aws-ebs-csi-driver.json
@@ -69,18 +69,6 @@
         }
       }
     },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ec2:CreateVolume"
-      ],
-      "Resource": "*",
-      "Condition": {
-        "StringLike": {
-          "aws:RequestTag/kubernetes.io/cluster/*": "owned"
-        }
-      }
-    },
     {
       "Effect": "Allow",
       "Action": [
@@ -113,7 +101,7 @@
       "Resource": "*",
       "Condition": {
         "StringLike": {
-          "ec2:ResourceTag/kubernetes.io/cluster/*": "owned"
+          "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
         }
       }
     },
diff --git a/modules/aws/iam/aws-ebs-csi-driver_kms.json b/modules/aws/iam/aws-ebs-csi-driver_kms.json
index 341fa79e6..f5074d60f 100644
--- a/modules/aws/iam/aws-ebs-csi-driver_kms.json
+++ b/modules/aws/iam/aws-ebs-csi-driver_kms.json
@@ -8,7 +8,9 @@
         "kms:ListGrants",
         "kms:RevokeGrant"
       ],
-      "Resource": ["${kmsKeyId}"],
+      "Resource": [
+        "${kmsKeyId}"
+      ],
       "Condition": {
         "Bool": {
           "kms:GrantIsForAWSResource": "true"
@@ -24,7 +26,9 @@
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
       ],
-      "Resource": ["${kmsKeyId}"]
+      "Resource": [
+        "${kmsKeyId}"
+      ]
     }
   ]
 }
diff --git a/modules/aws/iam/aws-efs-csi-driver.json b/modules/aws/iam/aws-efs-csi-driver.json
index 7edf7a100..5321b24b9 100644
--- a/modules/aws/iam/aws-efs-csi-driver.json
+++ b/modules/aws/iam/aws-efs-csi-driver.json
@@ -5,7 +5,9 @@
       "Effect": "Allow",
       "Action": [
         "elasticfilesystem:DescribeAccessPoints",
-        "elasticfilesystem:DescribeFileSystems"
+        "elasticfilesystem:DescribeFileSystems",
+        "elasticfilesystem:DescribeMountTargets",
+        "ec2:DescribeAvailabilityZones"
       ],
       "Resource": "*"
     },
@@ -21,6 +23,18 @@
         }
       }
     },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticfilesystem:TagResource"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "StringLike": {
+          "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
+        }
+      }
+    },
     {
       "Effect": "Allow",
       "Action": "elasticfilesystem:DeleteAccessPoint",
diff --git a/modules/aws/iam/aws-load-balancer-controller.json b/modules/aws/iam/aws-load-balancer-controller.json
index c7d306cc4..dfba7a9b4 100644
--- a/modules/aws/iam/aws-load-balancer-controller.json
+++ b/modules/aws/iam/aws-load-balancer-controller.json
@@ -1,241 +1,241 @@
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "iam:CreateServiceLinkedRole"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "StringEquals": {
-                    "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:DescribeAccountAttributes",
-                "ec2:DescribeAddresses",
-                "ec2:DescribeAvailabilityZones",
-                "ec2:DescribeInternetGateways",
-                "ec2:DescribeVpcs",
-                "ec2:DescribeVpcPeeringConnections",
-                "ec2:DescribeSubnets",
-                "ec2:DescribeSecurityGroups",
-                "ec2:DescribeInstances",
-                "ec2:DescribeNetworkInterfaces",
-                "ec2:DescribeTags",
-                "ec2:GetCoipPoolUsage",
-                "ec2:DescribeCoipPools",
-                "elasticloadbalancing:DescribeLoadBalancers",
-                "elasticloadbalancing:DescribeLoadBalancerAttributes",
-                "elasticloadbalancing:DescribeListeners",
-                "elasticloadbalancing:DescribeListenerCertificates",
-                "elasticloadbalancing:DescribeSSLPolicies",
-                "elasticloadbalancing:DescribeRules",
-                "elasticloadbalancing:DescribeTargetGroups",
-                "elasticloadbalancing:DescribeTargetGroupAttributes",
-                "elasticloadbalancing:DescribeTargetHealth",
-                "elasticloadbalancing:DescribeTags"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "cognito-idp:DescribeUserPoolClient",
-                "acm:ListCertificates",
-                "acm:DescribeCertificate",
-                "iam:ListServerCertificates",
-                "iam:GetServerCertificate",
-                "waf-regional:GetWebACL",
-                "waf-regional:GetWebACLForResource",
-                "waf-regional:AssociateWebACL",
-                "waf-regional:DisassociateWebACL",
-                "wafv2:GetWebACL",
-                "wafv2:GetWebACLForResource",
-                "wafv2:AssociateWebACL",
-                "wafv2:DisassociateWebACL",
-                "shield:GetSubscriptionState",
-                "shield:DescribeProtection",
-                "shield:CreateProtection",
-                "shield:DeleteProtection"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:AuthorizeSecurityGroupIngress",
-                "ec2:RevokeSecurityGroupIngress"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateSecurityGroup"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateTags"
-            ],
-            "Resource": "arn:${arn-partition}:ec2:*:*:security-group/*",
-            "Condition": {
-                "StringEquals": {
-                    "ec2:CreateAction": "CreateSecurityGroup"
-                },
-                "Null": {
-                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateTags",
-                "ec2:DeleteTags"
-            ],
-            "Resource": "arn:${arn-partition}:ec2:*:*:security-group/*",
-            "Condition": {
-                "Null": {
-                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
-                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ec2:AuthorizeSecurityGroupIngress",
-                "ec2:RevokeSecurityGroupIngress",
-                "ec2:DeleteSecurityGroup"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:CreateLoadBalancer",
-                "elasticloadbalancing:CreateTargetGroup"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "Null": {
-                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:CreateListener",
-                "elasticloadbalancing:DeleteListener",
-                "elasticloadbalancing:CreateRule",
-                "elasticloadbalancing:DeleteRule"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:AddTags",
-                "elasticloadbalancing:RemoveTags"
-            ],
-            "Resource": [
-                "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
-            ],
-            "Condition": {
-                "Null": {
-                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
-                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:AddTags",
-                "elasticloadbalancing:RemoveTags"
-            ],
-            "Resource": [
-                "arn:${arn-partition}:elasticloadbalancing:*:*:listener/net/*/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:listener/app/*/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:ModifyLoadBalancerAttributes",
-                "elasticloadbalancing:SetIpAddressType",
-                "elasticloadbalancing:SetSecurityGroups",
-                "elasticloadbalancing:SetSubnets",
-                "elasticloadbalancing:DeleteLoadBalancer",
-                "elasticloadbalancing:ModifyTargetGroup",
-                "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:AddTags"
-            ],
-            "Resource": [
-                "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
-                "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
-            ],
-            "Condition": {
-                "StringEquals": {
-                    "elasticloadbalancing:CreateAction": [
-                        "CreateTargetGroup",
-                        "CreateLoadBalancer"
-                    ]
-                },
-                "Null": {
-                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iam:CreateServiceLinkedRole"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "StringEquals": {
+          "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:DescribeAccountAttributes",
+        "ec2:DescribeAddresses",
+        "ec2:DescribeAvailabilityZones",
+        "ec2:DescribeInternetGateways",
+        "ec2:DescribeVpcs",
+        "ec2:DescribeVpcPeeringConnections",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeInstances",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DescribeTags",
+        "ec2:GetCoipPoolUsage",
+        "ec2:DescribeCoipPools",
+        "elasticloadbalancing:DescribeLoadBalancers",
+        "elasticloadbalancing:DescribeLoadBalancerAttributes",
+        "elasticloadbalancing:DescribeListeners",
+        "elasticloadbalancing:DescribeListenerCertificates",
+        "elasticloadbalancing:DescribeSSLPolicies",
+        "elasticloadbalancing:DescribeRules",
+        "elasticloadbalancing:DescribeTargetGroups",
+        "elasticloadbalancing:DescribeTargetGroupAttributes",
+        "elasticloadbalancing:DescribeTargetHealth",
+        "elasticloadbalancing:DescribeTags"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cognito-idp:DescribeUserPoolClient",
+        "acm:ListCertificates",
+        "acm:DescribeCertificate",
+        "iam:ListServerCertificates",
+        "iam:GetServerCertificate",
+        "waf-regional:GetWebACL",
+        "waf-regional:GetWebACLForResource",
+        "waf-regional:AssociateWebACL",
+        "waf-regional:DisassociateWebACL",
+        "wafv2:GetWebACL",
+        "wafv2:GetWebACLForResource",
+        "wafv2:AssociateWebACL",
+        "wafv2:DisassociateWebACL",
+        "shield:GetSubscriptionState",
+        "shield:DescribeProtection",
+        "shield:CreateProtection",
+        "shield:DeleteProtection"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:AuthorizeSecurityGroupIngress",
+        "ec2:RevokeSecurityGroupIngress"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateSecurityGroup"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateTags"
+      ],
+      "Resource": "arn:${arn-partition}:ec2:*:*:security-group/*",
+      "Condition": {
+        "StringEquals": {
+          "ec2:CreateAction": "CreateSecurityGroup"
         },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:RegisterTargets",
-                "elasticloadbalancing:DeregisterTargets"
-            ],
-            "Resource": "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*"
+        "Null": {
+          "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ],
+      "Resource": "arn:${arn-partition}:ec2:*:*:security-group/*",
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:AuthorizeSecurityGroupIngress",
+        "ec2:RevokeSecurityGroupIngress",
+        "ec2:DeleteSecurityGroup"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "Null": {
+          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:CreateLoadBalancer",
+        "elasticloadbalancing:CreateTargetGroup"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:CreateListener",
+        "elasticloadbalancing:DeleteListener",
+        "elasticloadbalancing:CreateRule",
+        "elasticloadbalancing:DeleteRule"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:AddTags",
+        "elasticloadbalancing:RemoveTags"
+      ],
+      "Resource": [
+        "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+      ],
+      "Condition": {
+        "Null": {
+          "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:AddTags",
+        "elasticloadbalancing:RemoveTags"
+      ],
+      "Resource": [
+        "arn:${arn-partition}:elasticloadbalancing:*:*:listener/net/*/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:listener/app/*/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:ModifyLoadBalancerAttributes",
+        "elasticloadbalancing:SetIpAddressType",
+        "elasticloadbalancing:SetSecurityGroups",
+        "elasticloadbalancing:SetSubnets",
+        "elasticloadbalancing:DeleteLoadBalancer",
+        "elasticloadbalancing:ModifyTargetGroup",
+        "elasticloadbalancing:ModifyTargetGroupAttributes",
+        "elasticloadbalancing:DeleteTargetGroup"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "Null": {
+          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:AddTags"
+      ],
+      "Resource": [
+        "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+        "arn:${arn-partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "elasticloadbalancing:CreateAction": [
+            "CreateTargetGroup",
+            "CreateLoadBalancer"
+          ]
         },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:SetWebAcl",
-                "elasticloadbalancing:ModifyListener",
-                "elasticloadbalancing:AddListenerCertificates",
-                "elasticloadbalancing:RemoveListenerCertificates",
-                "elasticloadbalancing:ModifyRule"
-            ],
-            "Resource": "*"
+        "Null": {
+          "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
         }
-    ]
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:RegisterTargets",
+        "elasticloadbalancing:DeregisterTargets"
+      ],
+      "Resource": "arn:${arn-partition}:elasticloadbalancing:*:*:targetgroup/*/*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:SetWebAcl",
+        "elasticloadbalancing:ModifyListener",
+        "elasticloadbalancing:AddListenerCertificates",
+        "elasticloadbalancing:RemoveListenerCertificates",
+        "elasticloadbalancing:ModifyRule"
+      ],
+      "Resource": "*"
+    }
+  ]
 }
diff --git a/modules/aws/istio-operator.tf b/modules/aws/istio-operator.tf
deleted file mode 120000
index da91f1487..000000000
--- a/modules/aws/istio-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../istio-operator.tf
\ No newline at end of file
diff --git a/modules/aws/karpenter.tf b/modules/aws/karpenter.tf
new file mode 100644
index 000000000..49f459e4a
--- /dev/null
+++ b/modules/aws/karpenter.tf
@@ -0,0 +1,273 @@
+locals {
+
+  karpenter = merge(
+    local.helm_defaults,
+    {
+      name                            = local.helm_dependencies[index(local.helm_dependencies.*.name, "karpenter")].name
+      chart                           = local.helm_dependencies[index(local.helm_dependencies.*.name, "karpenter")].name
+      repository                      = local.helm_dependencies[index(local.helm_dependencies.*.name, "karpenter")].repository
+      chart_version                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "karpenter")].version
+      namespace                       = "karpenter"
+      enabled                         = false
+      create_ns                       = true
+      default_network_policy          = true
+      irsa_oidc_provider_arn          = var.eks["oidc_provider_arn"]
+      irsa_namespace_service_accounts = ["karpenter:karpenter"]
+      allowed_cidrs                   = ["0.0.0.0/0"]
+      iam_role_arn                    = ""
+    },
+    var.karpenter
+  )
+
+  values_karpenter = <<-VALUES
+    settings:
+      aws:
+        enablePodENI: true
+    controller:
+      resources:
+        requests:
+          cpu: 1
+          memory: 1Gi
+    serviceMonitor:
+      enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+    VALUES
+
+}
+
+data "aws_ecrpublic_authorization_token" "token" {
+  provider = aws.ecr_public
+}
+
+provider "aws" {
+  region = "us-east-1"
+  alias  = "ecr_public"
+}
+
+
+data "aws_iam_policy_document" "karpenter_additional" {
+  count = local.karpenter["enabled"] ? 1 : 0
+
+  statement {
+    sid    = "Karpenter"
+    effect = "Allow"
+    actions = [
+      "kms:Decrypt",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+      "kms:DescribeKey",
+      "kms:CreateGrant",
+      "kms:Describe",
+      "kms:Get*",
+      "kms:List*",
+      "kms:RevokeGrant"
+    ]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "karpenter_additional" {
+  count       = local.karpenter["enabled"] ? 1 : 0
+  name        = "${var.cluster-name}-karpenter-additional"
+  description = "Karpenter additional policy for KMS"
+  policy      = data.aws_iam_policy_document.karpenter_additional[0].json
+}
+
+module "karpenter" {
+  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
+  version = "~> 19.0"
+
+  create = local.karpenter["enabled"]
+
+  cluster_name = var.cluster-name
+
+  policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+    KarpeneterAdditional         = local.karpenter["enabled"] ? aws_iam_policy.karpenter_additional[0].arn : ""
+  }
+
+  irsa_use_name_prefix            = false
+  irsa_oidc_provider_arn          = local.karpenter["irsa_oidc_provider_arn"]
+  irsa_namespace_service_accounts = local.karpenter["irsa_namespace_service_accounts"]
+
+  create_iam_role = false
+  iam_role_arn    = local.karpenter["iam_role_arn"]
+
+  tags = local.tags
+}
+
+resource "kubernetes_namespace" "karpenter" {
+  count = local.karpenter["enabled"] && local.karpenter["create_ns"] ? 1 : 0
+
+  metadata {
+    labels = {
+      name = local.karpenter["namespace"]
+    }
+
+    name = local.karpenter["namespace"]
+  }
+}
+
+resource "helm_release" "karpenter" {
+  count                 = local.karpenter["enabled"] ? 1 : 0
+  repository            = local.karpenter["repository"]
+  repository_username   = data.aws_ecrpublic_authorization_token.token.user_name
+  repository_password   = data.aws_ecrpublic_authorization_token.token.password
+  name                  = local.karpenter["name"]
+  chart                 = local.karpenter["chart"]
+  version               = local.karpenter["chart_version"]
+  timeout               = local.karpenter["timeout"]
+  force_update          = local.karpenter["force_update"]
+  recreate_pods         = local.karpenter["recreate_pods"]
+  wait                  = local.karpenter["wait"]
+  atomic                = local.karpenter["atomic"]
+  cleanup_on_fail       = local.karpenter["cleanup_on_fail"]
+  dependency_update     = local.karpenter["dependency_update"]
+  disable_crd_hooks     = local.karpenter["disable_crd_hooks"]
+  disable_webhooks      = local.karpenter["disable_webhooks"]
+  render_subchart_notes = local.karpenter["render_subchart_notes"]
+  replace               = local.karpenter["replace"]
+  reset_values          = local.karpenter["reset_values"]
+  reuse_values          = local.karpenter["reuse_values"]
+  skip_crds             = local.karpenter["skip_crds"]
+  verify                = local.karpenter["verify"]
+  values = [
+    local.values_karpenter,
+    local.karpenter["extra_values"]
+  ]
+  namespace = local.karpenter["create_ns"] ? kubernetes_namespace.karpenter.*.metadata.0.name[count.index] : local.karpenter["namespace"]
+
+  set {
+    name  = "settings.aws.clusterName"
+    value = var.cluster-name
+  }
+
+  set {
+    name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = module.karpenter.irsa_arn
+  }
+
+  set {
+    name  = "settings.aws.defaultInstanceProfile"
+    value = module.karpenter.instance_profile_name
+  }
+
+  set {
+    name  = "settings.aws.interruptionQueueName"
+    value = module.karpenter.queue_name
+  }
+
+}
+
+resource "kubernetes_network_policy" "karpenter_default_deny" {
+  count = local.karpenter["create_ns"] && local.karpenter["enabled"] && local.karpenter["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.karpenter.*.metadata.0.name[count.index]}-default-deny"
+    namespace = kubernetes_namespace.karpenter.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "karpenter_allow_namespace" {
+  count = local.karpenter["create_ns"] && local.karpenter["enabled"] && local.karpenter["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.karpenter.*.metadata.0.name[count.index]}-allow-namespace"
+    namespace = kubernetes_namespace.karpenter.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            name = kubernetes_namespace.karpenter.*.metadata.0.name[count.index]
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "karpenter_allow_monitoring" {
+  count = local.karpenter["create_ns"] && local.karpenter["enabled"] && local.karpenter["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.karpenter.*.metadata.0.name[count.index]}-allow-monitoring"
+    namespace = kubernetes_namespace.karpenter.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      ports {
+        port     = "8080"
+        protocol = "TCP"
+      }
+
+      from {
+        namespace_selector {
+          match_labels = {
+            "${local.labels_prefix}/component" = "monitoring"
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "karpenter_allow_control_plane" {
+  count = local.karpenter["create_ns"] && local.karpenter["enabled"] && local.karpenter["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.karpenter.*.metadata.0.name[count.index]}-allow-control-plane"
+    namespace = kubernetes_namespace.karpenter.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+      match_expressions {
+        key      = "app.kubernetes.io/name"
+        operator = "In"
+        values   = ["karpenter"]
+      }
+    }
+
+    ingress {
+      ports {
+        port     = "8443"
+        protocol = "TCP"
+      }
+
+      dynamic "from" {
+        for_each = local.karpenter["allowed_cidrs"]
+        content {
+          ip_block {
+            cidr = from.value
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
+
+output "karpenter_iam" {
+  value = module.karpenter
+}
diff --git a/modules/aws/keycloak.tf b/modules/aws/keycloak.tf
deleted file mode 120000
index 8603ab0d9..000000000
--- a/modules/aws/keycloak.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../keycloak.tf
\ No newline at end of file
diff --git a/modules/aws/kube-prometheus.tf b/modules/aws/kube-prometheus.tf
index 5eba82da6..e0cfb7c6a 100644
--- a/modules/aws/kube-prometheus.tf
+++ b/modules/aws/kube-prometheus.tf
@@ -18,7 +18,7 @@ locals {
       thanos_bucket                     = "thanos-store-${var.cluster-name}"
       thanos_bucket_force_destroy       = false
       thanos_store_config               = null
-      thanos_version                    = "v0.30.2"
+      thanos_version                    = "v0.31.0"
       enabled                           = false
       allowed_cidrs                     = ["0.0.0.0/0"]
       default_network_policy            = true
@@ -401,10 +401,8 @@ module "kube-prometheus-stack_thanos_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
-  block_public_acls       = true
-  block_public_policy     = true
-  restrict_public_buckets = true
-  ignore_public_acls      = true
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
 
   force_destroy = local.kube-prometheus-stack["thanos_bucket_force_destroy"]
 
diff --git a/modules/aws/kyverno.tf b/modules/aws/kyverno.tf
deleted file mode 120000
index c4c6b2eee..000000000
--- a/modules/aws/kyverno.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../kyverno.tf
\ No newline at end of file
diff --git a/modules/aws/loki-stack.tf b/modules/aws/loki-stack.tf
index 68ec2ad7f..c72a2f774 100644
--- a/modules/aws/loki-stack.tf
+++ b/modules/aws/loki-stack.tf
@@ -188,10 +188,8 @@ module "loki_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
-  block_public_acls       = true
-  block_public_policy     = true
-  restrict_public_buckets = true
-  ignore_public_acls      = true
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
 
   force_destroy = local.loki-stack["bucket_force_destroy"]
 
diff --git a/modules/aws/rabbitmq-operator.tf b/modules/aws/rabbitmq-operator.tf
deleted file mode 120000
index 8c3659b30..000000000
--- a/modules/aws/rabbitmq-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../rabbitmq-operator.tf
\ No newline at end of file
diff --git a/modules/aws/s3-logging.tf b/modules/aws/s3-logging.tf
index aea062cd1..a897703ec 100644
--- a/modules/aws/s3-logging.tf
+++ b/modules/aws/s3-logging.tf
@@ -15,10 +15,8 @@ module "s3_logging_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
-  block_public_acls       = true
-  block_public_policy     = true
-  restrict_public_buckets = true
-  ignore_public_acls      = true
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
 
   bucket = "${var.cluster-name}-eks-addons-s3-logging"
   acl    = "private"
diff --git a/modules/aws/strimzi-kafka-operator.tf b/modules/aws/strimzi-kafka-operator.tf
deleted file mode 120000
index 3d31fe0bc..000000000
--- a/modules/aws/strimzi-kafka-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../strimzi-kafka-operator.tf
\ No newline at end of file
diff --git a/modules/aws/thanos.tf b/modules/aws/thanos.tf
index 8fafacfe5..3288a569a 100644
--- a/modules/aws/thanos.tf
+++ b/modules/aws/thanos.tf
@@ -269,10 +269,8 @@ module "thanos_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
-  block_public_acls       = true
-  block_public_policy     = true
-  restrict_public_buckets = true
-  ignore_public_acls      = true
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
 
   force_destroy = local.thanos["bucket_force_destroy"]
 
diff --git a/modules/aws/variables-aws.tf b/modules/aws/variables-aws.tf
index c59ce041d..f342dd765 100644
--- a/modules/aws/variables-aws.tf
+++ b/modules/aws/variables-aws.tf
@@ -40,12 +40,6 @@ variable "aws-node-termination-handler" {
   default     = {}
 }
 
-variable "calico" {
-  description = "Customize calico helm chart, see `calico.tf`"
-  type        = any
-  default     = {}
-}
-
 variable "cni-metrics-helper" {
   description = "Customize cni-metrics-helper deployment, see `cni-metrics-helper.tf` for supported values"
   type        = any
@@ -58,6 +52,12 @@ variable "eks" {
   default     = {}
 }
 
+variable "karpenter" {
+  description = "Customize karpenter chart, see `karpenter.tf` for supported values"
+  type        = any
+  default     = {}
+}
+
 variable "prometheus-cloudwatch-exporter" {
   description = "Customize prometheus-cloudwatch-exporter chart, see `prometheus-cloudwatch-exporter.tf` for supported values"
   type        = any
diff --git a/modules/aws/vault.tf b/modules/aws/vault.tf
deleted file mode 100644
index c0e6f0e81..000000000
--- a/modules/aws/vault.tf
+++ /dev/null
@@ -1,348 +0,0 @@
-locals {
-  vault = merge(
-    local.helm_defaults,
-    {
-      name                      = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].name
-      chart                     = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].name
-      repository                = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].repository
-      chart_version             = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].version
-      namespace                 = "vault"
-      service_account_name      = "vault"
-      create_iam_resources_irsa = true
-      enabled                   = false
-      create_ns                 = true
-      default_network_policy    = true
-      create_kms_key            = true
-      existing_kms_key_arn      = null
-      override_kms_alias        = null
-      allowed_cidrs             = ["0.0.0.0/0"]
-      iam_policy_override       = null
-      use_kms                   = true
-      kms_enable_key_rotation   = true
-      generate_ca               = false
-      trusted_ca_content        = null
-      name_prefix               = "${var.cluster-name}-vault"
-    },
-    var.vault
-  )
-
-  values_vault_no_kms = <<-VALUES
-    injector:
-      replicas: 2
-      metrics:
-        enabled: ${local.kube-prometheus-stack.enabled}
-      failurePolicy: Fail
-      priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
-  VALUES
-
-  values_vault = <<-VALUES
-    injector:
-      replicas: 2
-      metrics:
-        enabled: ${local.kube-prometheus-stack.enabled}
-      failurePolicy: Fail
-      priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
-    server:
-      auditStorage:
-        enabled: true
-      serviceAccount:
-        name: ${local.vault["service_account_name"]}
-        annotations:
-          eks.amazonaws.com/role-arn: "${local.vault["enabled"] && local.vault["create_iam_resources_irsa"] ? module.iam_assumable_role_vault.iam_role_arn : ""}"
-        updateStrategyType: "RollingUpdate"
-      priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
-      ha:
-        enabled: true
-        replicas: 3
-        raft:
-          enabled: true
-          setNodeId: true
-          config: |
-            ui = true
-            listener "tcp" {
-              tls_disable = 1
-              address = "[::]:8200"
-              cluster_address = "[::]:8201"
-            }
-            storage "raft" {
-              path       = "/vault/data"
-              retry_join = {
-                leader_api_addr = "http://${local.vault.name}-0.${local.vault.name}-internal:8200"
-              }
-              retry_join = {
-                leader_api_addr = "http://${local.vault.name}-1.${local.vault.name}-internal:8200"
-              }
-              retry_join = {
-                leader_api_addr = "http://${local.vault.name}-2.${local.vault.name}-internal:8200"
-              }
-            }
-            service_registration "kubernetes" {}
-            seal "awskms" {
-              region     = "${local.vault.enabled && local.vault.use_kms ? local.vault.create_kms_key ? data.aws_region.current.name : element(split(":", local.vault.existing_kms_key_arn), 3) : ""}"
-              kms_key_id = "${local.vault.enabled && local.vault.use_kms ? local.vault.create_kms_key ? aws_kms_key.vault.0.id : element(split("/", local.vault.existing_kms_key_arn), 1) : ""}"
-            }
-    VALUES
-}
-
-module "iam_assumable_role_vault" {
-  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
-  version                       = "~> 5.0"
-  create_role                   = local.vault["enabled"] && local.vault["create_iam_resources_irsa"] && local.vault["use_kms"]
-  role_name                     = local.vault["name_prefix"]
-  provider_url                  = replace(var.eks["cluster_oidc_issuer_url"], "https://", "")
-  role_policy_arns              = local.vault["enabled"] && local.vault["create_iam_resources_irsa"] && local.vault.use_kms ? [aws_iam_policy.vault[0].arn] : []
-  number_of_role_policy_arns    = 1
-  oidc_fully_qualified_subjects = ["system:serviceaccount:${local.vault["namespace"]}:${local.vault["service_account_name"]}"]
-  tags                          = local.tags
-}
-
-resource "aws_iam_policy" "vault" {
-  count  = local.vault["enabled"] && local.vault["create_iam_resources_irsa"] && local.vault.use_kms ? 1 : 0
-  name   = local.vault["name_prefix"]
-  policy = local.vault["iam_policy_override"] == null ? data.aws_iam_policy_document.vault.0.json : local.vault["iam_policy_override"]
-  tags   = local.tags
-}
-
-data "aws_iam_policy_document" "vault" {
-  count = local.vault.enabled && local.vault["create_iam_resources_irsa"] && local.vault.use_kms ? 1 : 0
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "kms:Encrypt",
-      "kms:Decrypt",
-      "kms:DescribeKey"
-    ]
-
-    resources = [local.vault.create_kms_key ? aws_kms_key.vault.0.arn : local.vault.existing_kms_key_arn]
-  }
-}
-
-resource "aws_kms_key" "vault" {
-  count               = local.vault.enabled && local.vault.use_kms && local.vault.create_kms_key ? 1 : 0
-  tags                = local.tags
-  enable_key_rotation = local.vault.kms_enable_key_rotation
-}
-
-resource "aws_kms_alias" "vault" {
-  count         = local.vault.enabled && local.vault.use_kms && local.vault.create_kms_key ? 1 : 0
-  name          = "alias/vault-${local.vault.override_kms_alias != null ? local.vault.override_kms_alias : var.cluster-name}"
-  target_key_id = aws_kms_key.vault.0.id
-}
-
-resource "kubernetes_namespace" "vault" {
-  count = local.vault["enabled"] && local.vault["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.vault["namespace"]
-    }
-
-    name = local.vault["namespace"]
-  }
-
-  lifecycle {
-    ignore_changes = [
-      metadata[0].annotations,
-      metadata[0].labels,
-    ]
-  }
-}
-
-resource "helm_release" "vault" {
-  count                 = local.vault["enabled"] ? 1 : 0
-  repository            = local.vault["repository"]
-  name                  = local.vault["name"]
-  chart                 = local.vault["chart"]
-  version               = local.vault["chart_version"]
-  timeout               = local.vault["timeout"]
-  force_update          = local.vault["force_update"]
-  recreate_pods         = local.vault["recreate_pods"]
-  wait                  = local.vault["wait"]
-  atomic                = local.vault["atomic"]
-  cleanup_on_fail       = local.vault["cleanup_on_fail"]
-  dependency_update     = local.vault["dependency_update"]
-  disable_crd_hooks     = local.vault["disable_crd_hooks"]
-  disable_webhooks      = local.vault["disable_webhooks"]
-  render_subchart_notes = local.vault["render_subchart_notes"]
-  replace               = local.vault["replace"]
-  reset_values          = local.vault["reset_values"]
-  reuse_values          = local.vault["reuse_values"]
-  skip_crds             = local.vault["skip_crds"]
-  verify                = local.vault["verify"]
-  values = compact([
-    local.vault.use_kms ? local.values_vault : local.values_vault_no_kms,
-    local.vault["extra_values"]
-  ])
-  namespace = local.vault["create_ns"] ? kubernetes_namespace.vault.*.metadata.0.name[count.index] : local.vault["namespace"]
-}
-
-resource "kubernetes_network_policy" "vault_default_deny" {
-  count = local.vault["enabled"] && local.vault["default_network_policy"] && local.vault.create_ns ? 1 : 0
-
-  metadata {
-    name      = "${local.vault["namespace"]}-${local.vault["name"]}-default-deny"
-    namespace = local.vault["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "vault_allow_namespace" {
-  count = local.vault["enabled"] && local.vault["default_network_policy"] && local.vault.create_ns ? 1 : 0
-
-  metadata {
-    name      = "${local.vault["namespace"]}-${local.vault["name"]}-default-namespace"
-    namespace = local.vault["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = local.vault["namespace"]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "vault_allow_control_plane" {
-  count = local.vault["enabled"] && local.vault["default_network_policy"] && local.vault.create_ns ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.vault.*.metadata.0.name[count.index]}-allow-control-plane"
-    namespace = kubernetes_namespace.vault.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-      match_expressions {
-        key      = "app.kubernetes.io/name"
-        operator = "In"
-        values   = ["${local.vault["name"]}-agent-injector"]
-      }
-    }
-
-    ingress {
-      ports {
-        port     = "8080"
-        protocol = "TCP"
-      }
-
-      dynamic "from" {
-        for_each = local.vault["allowed_cidrs"]
-        content {
-          ip_block {
-            cidr = from.value
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "tls_private_key" "vault-tls-ca-key" {
-  count       = local.vault["generate_ca"] ? 1 : 0
-  algorithm   = "ECDSA"
-  ecdsa_curve = "P384"
-}
-
-resource "tls_self_signed_cert" "vault-tls-ca-cert" {
-  count             = local.vault["generate_ca"] ? 1 : 0
-  private_key_pem   = tls_private_key.vault-tls-ca-key[0].private_key_pem
-  is_ca_certificate = true
-
-  subject {
-    common_name  = var.cluster-name
-    organization = var.cluster-name
-  }
-
-  validity_period_hours = 87600
-  early_renewal_hours   = 720
-
-  allowed_uses = [
-    "cert_signing"
-  ]
-}
-
-resource "tls_private_key" "vault-tls-client-key" {
-  count       = local.vault["generate_ca"] ? 1 : 0
-  algorithm   = "ECDSA"
-  ecdsa_curve = "P384"
-}
-
-resource "tls_cert_request" "vault-tls-client-csr" {
-  count           = local.vault["generate_ca"] ? 1 : 0
-  private_key_pem = tls_private_key.vault-tls-client-key[count.index].private_key_pem
-
-  subject {
-    common_name = "vault-tls-client"
-  }
-
-  dns_names = [
-    "vault-tls-client"
-  ]
-}
-
-resource "tls_locally_signed_cert" "vault-tls-client-cert" {
-  count              = local.vault["generate_ca"] ? 1 : 0
-  cert_request_pem   = tls_cert_request.vault-tls-client-csr[count.index].cert_request_pem
-  ca_private_key_pem = tls_private_key.vault-tls-ca-key[count.index].private_key_pem
-  ca_cert_pem        = tls_self_signed_cert.vault-tls-ca-cert[count.index].cert_pem
-
-  validity_period_hours = 8760
-  early_renewal_hours   = 720
-
-  allowed_uses = [
-    "key_encipherment",
-    "digital_signature",
-    "client_auth"
-  ]
-}
-
-resource "kubernetes_secret" "vault-ca" {
-  count = local.vault["enabled"] && (local.vault["generate_ca"] || local.vault["trusted_ca_content"] != null) ? 1 : 0
-  metadata {
-    name      = "${local.vault["name"]}-ca"
-    namespace = local.vault["create_ns"] ? kubernetes_namespace.vault.*.metadata.0.name[count.index] : local.vault["namespace"]
-  }
-
-  data = {
-    "ca.crt" = local.vault["generate_ca"] ? tls_self_signed_cert.vault-tls-ca-cert[count.index].cert_pem : local.vault["trusted_ca_content"]
-  }
-}
-
-output "vault_ca_pem" {
-  value = element(concat(tls_self_signed_cert.vault-tls-ca-cert[*].cert_pem, [""]), 0)
-}
-
-
-output "vault_ca_key" {
-  value     = element(concat(tls_private_key.vault-tls-ca-key[*].private_key_pem, [""]), 0)
-  sensitive = true
-}
-
-output "vault_tls_client_cert_pem" {
-  value = element(concat(tls_locally_signed_cert.vault-tls-client-cert[*].cert_pem, [""]), 0)
-}
-
-
-output "vault_tls_client_key" {
-  value     = element(concat(tls_private_key.vault-tls-client-key[*].private_key_pem, [""]), 0)
-  sensitive = true
-}
diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
index cca3c8f76..b05a5fca3 100644
--- a/modules/aws/velero.tf
+++ b/modules/aws/velero.tf
@@ -27,16 +27,20 @@ metrics:
   serviceMonitor:
     enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
 configuration:
-  provider: aws
+  namespace: ${local.velero.namespace}
   features: EnableCSI
   backupStorageLocation:
-    bucket: ${local.velero.bucket}
-    default: true
-    config:
-      region: ${data.aws_region.current.name}
+    - name: aws
+      provider: aws
+      bucket: ${local.velero.bucket}
+      default: true
+      config:
+        region: ${data.aws_region.current.name}
   volumeSnapshotLocation:
-    config:
-      region: ${data.aws_region.current.name}
+    - name: aws
+      provider: aws
+      config:
+        region: ${data.aws_region.current.name}
 serviceAccount:
   server:
     name: ${local.velero["service_account_name"]}
@@ -47,13 +51,13 @@ credentials:
   useSecret: false
 initContainers:
    - name: velero-plugin-for-aws
-     image: velero/velero-plugin-for-aws:v1.5.1
+     image: velero/velero-plugin-for-aws:v1.7.0
      imagePullPolicy: IfNotPresent
      volumeMounts:
        - mountPath: /target
          name: plugins
    - name: velero-plugin-for-csi
-     image: velero/velero-plugin-for-csi:v0.3.1
+     image: velero/velero-plugin-for-csi:v0.5.0
      imagePullPolicy: IfNotPresent
      volumeMounts:
        - mountPath: /target
@@ -163,10 +167,8 @@ module "velero_thanos_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
-  block_public_acls       = true
-  block_public_policy     = true
-  restrict_public_buckets = true
-  ignore_public_acls      = true
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
 
   force_destroy = local.velero.bucket_force_destroy
 
diff --git a/modules/aws/versions.tf b/modules/aws/versions.tf
index 1b2fb2354..9db3e61f8 100644
--- a/modules/aws/versions.tf
+++ b/modules/aws/versions.tf
@@ -10,7 +10,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "~> 0.25"
+      version = "1.0.0-rc.5"
     }
     github = {
       source  = "integrations/github"
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 3cbeb1737..a38fb442f 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -9,7 +9,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.0 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 0.25 |
+| <a name="requirement_flux"></a> [flux](#requirement\_flux) | 1.0.0-rc.5 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
@@ -21,7 +21,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
 
 | Name | Version |
 |------|---------|
-| <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 0.25 |
+| <a name="provider_flux"></a> [flux](#provider\_flux) | 1.0.0-rc.5 |
 | <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
@@ -39,26 +39,19 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [flux_bootstrap_git.flux](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.5/docs/resources/bootstrap_git) | resource |
 | [github_branch_default.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [github_repository_deploy_key.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
-| [github_repository_file.install](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.kustomize](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.sync](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
 | [helm_release.admiralty](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.flux](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ingress-nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.k8gb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.karma](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.keycloak](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kong](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-control-plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -67,15 +60,11 @@ No modules.
 | [helm_release.node-problem-detector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -83,22 +72,17 @@ No modules.
 | [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd-viz](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.flux2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.ingress-nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.istio-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.k8gb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.karma](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.keda](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.keycloak](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.kyverno](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd-viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -106,13 +90,10 @@ No modules.
 | [kubernetes_namespace.node-problem-detector](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -122,11 +103,6 @@ No modules.
 | [kubernetes_network_policy.cert-manager_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -134,10 +110,6 @@ No modules.
 | [kubernetes_network_policy.karma_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -146,8 +118,6 @@ No modules.
 | [kubernetes_network_policy.kube-prometheus-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -163,55 +133,37 @@ No modules.
 | [kubernetes_network_policy.prometheus-adapter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.prometheus-blackbox-exporter_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.prometheus-blackbox-exporter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.secrets-store-csi-driver_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
 | [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
-| [kubernetes_role.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_secret.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.loki-stack-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.vault-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [random_string.grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
-| [tls_cert_request.vault-tls-client-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_locally_signed_cert.promtail-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
-| [tls_locally_signed_cert.vault-tls-client-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_private_key.identity](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.loki-stack-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.promtail-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-client-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_self_signed_cert.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.loki-stack-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [tls_self_signed_cert.vault-tls-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
-| [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
 | [http_http.calico_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
@@ -219,11 +171,9 @@ No modules.
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.tigera-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
-| [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
@@ -238,18 +188,14 @@ No modules.
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
 | <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
-| <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
 | <a name="input_helm_defaults"></a> [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no |
 | <a name="input_ingress-nginx"></a> [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no |
-| <a name="input_istio-operator"></a> [istio-operator](#input\_istio-operator) | Customize istio operator deployment, see `istio_operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_k8gb"></a> [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no |
 | <a name="input_karma"></a> [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no |
 | <a name="input_keda"></a> [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no |
-| <a name="input_keycloak"></a> [keycloak](#input\_keycloak) | Customize keycloak chart, see `keycloak.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kong"></a> [kong](#input\_kong) | Customize kong-ingress chart, see `kong.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kube-prometheus-stack"></a> [kube-prometheus-stack](#input\_kube-prometheus-stack) | Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_kyverno"></a> [kyverno](#input\_kyverno) | Customize kyverno chart, see `kyverno.tf` for supported values | `any` | `{}` | no |
 | <a name="input_labels_prefix"></a> [labels\_prefix](#input\_labels\_prefix) | Custom label prefix used for network policy namespace matching | `string` | `"particule.io"` | no |
 | <a name="input_linkerd"></a> [linkerd](#input\_linkerd) | Customize linkerd chart, see `linkerd.tf` for supported values | `any` | `{}` | no |
 | <a name="input_linkerd-viz"></a> [linkerd-viz](#input\_linkerd-viz) | Customize linkerd-viz chart, see `linkerd-viz.tf` for supported values | `any` | `{}` | no |
@@ -263,17 +209,14 @@ No modules.
 | <a name="input_prometheus-adapter"></a> [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_prometheus-blackbox-exporter"></a> [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_promtail"></a> [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_rabbitmq-operator"></a> [rabbitmq-operator](#input\_rabbitmq-operator) | Customize rabbitmq-operator chart, see `rabbitmq-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_sealed-secrets"></a> [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no |
 | <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
-| <a name="input_strimzi-kafka-operator"></a> [strimzi-kafka-operator](#input\_strimzi-kafka-operator) | Customize strimzi-kafka-operator chart, see `strimzi-kafka-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
-| <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
 ## Outputs
@@ -284,8 +227,4 @@ No modules.
 | <a name="output_loki-stack-ca"></a> [loki-stack-ca](#output\_loki-stack-ca) | n/a |
 | <a name="output_promtail-cert"></a> [promtail-cert](#output\_promtail-cert) | n/a |
 | <a name="output_promtail-key"></a> [promtail-key](#output\_promtail-key) | n/a |
-| <a name="output_vault_ca_key"></a> [vault\_ca\_key](#output\_vault\_ca\_key) | n/a |
-| <a name="output_vault_ca_pem"></a> [vault\_ca\_pem](#output\_vault\_ca\_pem) | n/a |
-| <a name="output_vault_tls_client_cert_pem"></a> [vault\_tls\_client\_cert\_pem](#output\_vault\_tls\_client\_cert\_pem) | n/a |
-| <a name="output_vault_tls_client_key"></a> [vault\_tls\_client\_key](#output\_vault\_tls\_client\_key) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/azure/flux.tf b/modules/azure/flux.tf
deleted file mode 120000
index ece85c1fa..000000000
--- a/modules/azure/flux.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../flux.tf
\ No newline at end of file
diff --git a/modules/azure/istio-operator.tf b/modules/azure/istio-operator.tf
deleted file mode 120000
index da91f1487..000000000
--- a/modules/azure/istio-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../istio-operator.tf
\ No newline at end of file
diff --git a/modules/azure/keycloak.tf b/modules/azure/keycloak.tf
deleted file mode 120000
index 8603ab0d9..000000000
--- a/modules/azure/keycloak.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../keycloak.tf
\ No newline at end of file
diff --git a/modules/azure/kyverno.tf b/modules/azure/kyverno.tf
deleted file mode 120000
index c4c6b2eee..000000000
--- a/modules/azure/kyverno.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../kyverno.tf
\ No newline at end of file
diff --git a/modules/azure/rabbitmq-operator.tf b/modules/azure/rabbitmq-operator.tf
deleted file mode 120000
index 8c3659b30..000000000
--- a/modules/azure/rabbitmq-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../rabbitmq-operator.tf
\ No newline at end of file
diff --git a/modules/azure/strimzi-kafka-operator.tf b/modules/azure/strimzi-kafka-operator.tf
deleted file mode 120000
index 3d31fe0bc..000000000
--- a/modules/azure/strimzi-kafka-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../strimzi-kafka-operator.tf
\ No newline at end of file
diff --git a/modules/azure/vault.tf b/modules/azure/vault.tf
deleted file mode 120000
index 79b4baaf4..000000000
--- a/modules/azure/vault.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../vault.tf
\ No newline at end of file
diff --git a/modules/azure/version.tf b/modules/azure/version.tf
index 416b723aa..1ea58ca28 100644
--- a/modules/azure/version.tf
+++ b/modules/azure/version.tf
@@ -10,7 +10,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "~> 0.25"
+      version = "1.0.0-rc.5"
     }
     github = {
       source  = "integrations/github"
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index 4871a0504..e93d06c8b 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -20,7 +20,7 @@ User guides, feature documentation and examples are available [here](https://git
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 0.25 |
+| <a name="requirement_flux"></a> [flux](#requirement\_flux) | 1.0.0-rc.5 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
@@ -33,7 +33,7 @@ User guides, feature documentation and examples are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 0.25 |
+| <a name="provider_flux"></a> [flux](#provider\_flux) | 1.0.0-rc.5 |
 | <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
@@ -52,27 +52,20 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [flux_bootstrap_git.flux](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.5/docs/resources/bootstrap_git) | resource |
 | [github_branch_default.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [github_repository_deploy_key.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
-| [github_repository_file.install](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.kustomize](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
-| [github_repository_file.sync](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
 | [helm_release.admiralty](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cert-manager-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.external-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.flux](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ingress-nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.k8gb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.karma](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.keycloak](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kong](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.kyverno-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-control-plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.linkerd-viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -81,40 +74,31 @@ No modules.
 | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.scaleway-webhook-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-memcached](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd-viz](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
-| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.external-dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.flux2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.ingress-nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.istio-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.k8gb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.karma](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.keda](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.keycloak](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.kyverno](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd-viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -122,12 +106,9 @@ No modules.
 | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.rabbitmq-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -140,17 +121,12 @@ No modules.
 | [kubernetes_network_policy.external-dns_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.flux2_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.flux_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.ingress-nginx_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.istio-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.k8gb_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.karma_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -158,10 +134,6 @@ No modules.
 | [kubernetes_network_policy.karma_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.keda_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.keycloak_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kong_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -170,8 +142,6 @@ No modules.
 | [kubernetes_network_policy.kube-prometheus-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.kube-prometheus-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.kyverno_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.linkerd-viz_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -188,36 +158,25 @@ No modules.
 | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.rabbitmq-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
-| [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
 | [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource |
-| [kubernetes_role.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role) | resource |
-| [kubernetes_role_binding.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
 | [kubernetes_secret.cert-manager_scaleway_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.external-dns_scaleway_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.kube-prometheus-stack_thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.loki-stack-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.promtail-tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.thanos-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
-| [kubernetes_secret.vault-ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [kubernetes_secret.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
 | [random_string.grafana_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [scaleway_object_bucket.kube-prometheus-stack_thanos_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
@@ -226,35 +185,26 @@ No modules.
 | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_cert_request.thanos-tls-querier-cert-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
-| [tls_cert_request.vault-tls-client-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
 | [tls_locally_signed_cert.promtail-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_locally_signed_cert.thanos-tls-querier-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
-| [tls_locally_signed_cert.vault-tls-client-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |
 | [tls_private_key.identity](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.loki-stack-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.promtail-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.thanos-tls-querier-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.thanos-tls-querier-cert-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-ca-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [tls_private_key.vault-tls-client-key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_private_key.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [tls_self_signed_cert.linkerd_trust_anchor](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.loki-stack-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.thanos-tls-querier-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [tls_self_signed_cert.vault-tls-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
-| [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
-| [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
-| [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
-| [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
 ## Inputs
@@ -269,19 +219,15 @@ No modules.
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
 | <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
-| <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
 | <a name="input_helm_defaults"></a> [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no |
 | <a name="input_ingress-nginx"></a> [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no |
-| <a name="input_istio-operator"></a> [istio-operator](#input\_istio-operator) | Customize istio operator deployment, see `istio_operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_k8gb"></a> [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kapsule"></a> [kapsule](#input\_kapsule) | Kapsule cluster inputs | `any` | `{}` | no |
 | <a name="input_karma"></a> [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no |
 | <a name="input_keda"></a> [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no |
-| <a name="input_keycloak"></a> [keycloak](#input\_keycloak) | Customize keycloak chart, see `keycloak.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kong"></a> [kong](#input\_kong) | Customize kong-ingress chart, see `kong.tf` for supported values | `any` | `{}` | no |
 | <a name="input_kube-prometheus-stack"></a> [kube-prometheus-stack](#input\_kube-prometheus-stack) | Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_kyverno"></a> [kyverno](#input\_kyverno) | Customize kyverno chart, see `kyverno.tf` for supported values | `any` | `{}` | no |
 | <a name="input_labels_prefix"></a> [labels\_prefix](#input\_labels\_prefix) | Custom label prefix used for network policy namespace matching | `string` | `"particule.io"` | no |
 | <a name="input_linkerd"></a> [linkerd](#input\_linkerd) | Customize linkerd chart, see `linkerd.tf` for supported values | `any` | `{}` | no |
 | <a name="input_linkerd-viz"></a> [linkerd-viz](#input\_linkerd-viz) | Customize linkerd-viz chart, see `linkerd-viz.tf` for supported values | `any` | `{}` | no |
@@ -295,18 +241,15 @@ No modules.
 | <a name="input_prometheus-adapter"></a> [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_prometheus-blackbox-exporter"></a> [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_promtail"></a> [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no |
-| <a name="input_rabbitmq-operator"></a> [rabbitmq-operator](#input\_rabbitmq-operator) | Customize rabbitmq-operator chart, see `rabbitmq-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_scaleway"></a> [scaleway](#input\_scaleway) | Scaleway provider customization | `any` | `{}` | no |
 | <a name="input_sealed-secrets"></a> [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no |
 | <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
-| <a name="input_strimzi-kafka-operator"></a> [strimzi-kafka-operator](#input\_strimzi-kafka-operator) | Customize strimzi-kafka-operator chart, see `strimzi-kafka-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
-| <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
 ## Outputs
@@ -318,8 +261,4 @@ No modules.
 | <a name="output_promtail-cert"></a> [promtail-cert](#output\_promtail-cert) | n/a |
 | <a name="output_promtail-key"></a> [promtail-key](#output\_promtail-key) | n/a |
 | <a name="output_thanos_ca"></a> [thanos\_ca](#output\_thanos\_ca) | n/a |
-| <a name="output_vault_ca_key"></a> [vault\_ca\_key](#output\_vault\_ca\_key) | n/a |
-| <a name="output_vault_ca_pem"></a> [vault\_ca\_pem](#output\_vault\_ca\_pem) | n/a |
-| <a name="output_vault_tls_client_cert_pem"></a> [vault\_tls\_client\_cert\_pem](#output\_vault\_tls\_client\_cert\_pem) | n/a |
-| <a name="output_vault_tls_client_key"></a> [vault\_tls\_client\_key](#output\_vault\_tls\_client\_key) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/scaleway/flux.tf b/modules/scaleway/flux.tf
deleted file mode 120000
index ece85c1fa..000000000
--- a/modules/scaleway/flux.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../flux.tf
\ No newline at end of file
diff --git a/modules/scaleway/istio-operator.tf b/modules/scaleway/istio-operator.tf
deleted file mode 120000
index da91f1487..000000000
--- a/modules/scaleway/istio-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../istio-operator.tf
\ No newline at end of file
diff --git a/modules/scaleway/keycloak.tf b/modules/scaleway/keycloak.tf
deleted file mode 120000
index 8603ab0d9..000000000
--- a/modules/scaleway/keycloak.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../keycloak.tf
\ No newline at end of file
diff --git a/modules/scaleway/kube-prometheus.tf b/modules/scaleway/kube-prometheus.tf
index 2356005ca..af0cb6abd 100644
--- a/modules/scaleway/kube-prometheus.tf
+++ b/modules/scaleway/kube-prometheus.tf
@@ -12,7 +12,7 @@ locals {
       thanos_bucket           = "thanos-store-${var.cluster-name}"
       thanos_bucket_region    = local.scaleway["region"]
       thanos_store_config     = null
-      thanos_version          = "v0.30.2"
+      thanos_version          = "v0.31.0"
       enabled                 = false
       allowed_cidrs           = ["0.0.0.0/0"]
       default_network_policy  = true
diff --git a/modules/scaleway/kyverno.tf b/modules/scaleway/kyverno.tf
deleted file mode 120000
index c4c6b2eee..000000000
--- a/modules/scaleway/kyverno.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../kyverno.tf
\ No newline at end of file
diff --git a/modules/scaleway/rabbitmq-operator.tf b/modules/scaleway/rabbitmq-operator.tf
deleted file mode 120000
index 8c3659b30..000000000
--- a/modules/scaleway/rabbitmq-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../rabbitmq-operator.tf
\ No newline at end of file
diff --git a/modules/scaleway/strimzi-kafka-operator.tf b/modules/scaleway/strimzi-kafka-operator.tf
deleted file mode 120000
index 3d31fe0bc..000000000
--- a/modules/scaleway/strimzi-kafka-operator.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../strimzi-kafka-operator.tf
\ No newline at end of file
diff --git a/modules/scaleway/vault.tf b/modules/scaleway/vault.tf
deleted file mode 120000
index 79b4baaf4..000000000
--- a/modules/scaleway/vault.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../vault.tf
\ No newline at end of file
diff --git a/modules/scaleway/versions.tf b/modules/scaleway/versions.tf
index 2e3af8e69..25a77e798 100644
--- a/modules/scaleway/versions.tf
+++ b/modules/scaleway/versions.tf
@@ -9,7 +9,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "~> 0.25"
+      version = "1.0.0-rc.5"
     }
     github = {
       source  = "integrations/github"
diff --git a/rabbitmq-operator.tf b/rabbitmq-operator.tf
deleted file mode 100644
index 38db67969..000000000
--- a/rabbitmq-operator.tf
+++ /dev/null
@@ -1,105 +0,0 @@
-locals {
-  rabbitmq-operator = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "rabbitmq-cluster-operator")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "rabbitmq-cluster-operator")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "rabbitmq-cluster-operator")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "rabbitmq-cluster-operator")].version
-      namespace              = "rabbitmq-operator"
-      create_ns              = true
-      enabled                = false
-      default_network_policy = true
-    },
-    var.rabbitmq-operator
-  )
-
-  values_rabbitmq-operator = <<VALUES
-VALUES
-}
-
-resource "kubernetes_namespace" "rabbitmq-operator" {
-  count = local.rabbitmq-operator["enabled"] && local.rabbitmq-operator["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name                               = local.rabbitmq-operator["namespace"]
-      "${local.labels_prefix}/component" = "rabbitmq-operator"
-    }
-
-    name = local.rabbitmq-operator["namespace"]
-  }
-}
-
-resource "helm_release" "rabbitmq-operator" {
-  count                 = local.rabbitmq-operator["enabled"] ? 1 : 0
-  repository            = local.rabbitmq-operator["repository"]
-  name                  = local.rabbitmq-operator["name"]
-  chart                 = local.rabbitmq-operator["chart"]
-  version               = local.rabbitmq-operator["chart_version"]
-  timeout               = local.rabbitmq-operator["timeout"]
-  force_update          = local.rabbitmq-operator["force_update"]
-  recreate_pods         = local.rabbitmq-operator["recreate_pods"]
-  wait                  = local.rabbitmq-operator["wait"]
-  atomic                = local.rabbitmq-operator["atomic"]
-  cleanup_on_fail       = local.rabbitmq-operator["cleanup_on_fail"]
-  dependency_update     = local.rabbitmq-operator["dependency_update"]
-  disable_crd_hooks     = local.rabbitmq-operator["disable_crd_hooks"]
-  disable_webhooks      = local.rabbitmq-operator["disable_webhooks"]
-  render_subchart_notes = local.rabbitmq-operator["render_subchart_notes"]
-  replace               = local.rabbitmq-operator["replace"]
-  reset_values          = local.rabbitmq-operator["reset_values"]
-  reuse_values          = local.rabbitmq-operator["reuse_values"]
-  skip_crds             = local.rabbitmq-operator["skip_crds"]
-  verify                = local.rabbitmq-operator["verify"]
-  values = [
-    local.values_rabbitmq-operator,
-    local.rabbitmq-operator["extra_values"]
-  ]
-  namespace = local.rabbitmq-operator["create_ns"] ? kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index] : local.rabbitmq-operator["namespace"]
-
-  depends_on = [
-    kubectl_manifest.prometheus-operator_crds
-  ]
-}
-
-resource "kubernetes_network_policy" "rabbitmq-operator_default_deny" {
-  count = local.rabbitmq-operator["create_ns"] && local.rabbitmq-operator["enabled"] && local.rabbitmq-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index]}-default-deny"
-    namespace = kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "rabbitmq-operator_allow_namespace" {
-  count = local.rabbitmq-operator["create_ns"] && local.rabbitmq-operator["enabled"] && local.rabbitmq-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index]}-allow-namespace"
-    namespace = kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = kubernetes_namespace.rabbitmq-operator.*.metadata.0.name[count.index]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/strimzi-kafka-operator.tf b/strimzi-kafka-operator.tf
deleted file mode 100644
index ece8f7378..000000000
--- a/strimzi-kafka-operator.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-locals {
-  strimzi-kafka-operator = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "strimzi-kafka-operator")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "strimzi-kafka-operator")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "strimzi-kafka-operator")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "strimzi-kafka-operator")].version
-      namespace              = "strimzi-kafka-operator"
-      enabled                = false
-      create_ns              = true
-      default_network_policy = true
-    },
-    var.strimzi-kafka-operator
-  )
-
-  values_strimzi-kafka-operator = <<-VALUES
-    watchAnyNamespace: true
-    VALUES
-}
-
-resource "kubernetes_namespace" "strimzi-kafka-operator" {
-  count = local.strimzi-kafka-operator["enabled"] && local.strimzi-kafka-operator["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.strimzi-kafka-operator["namespace"]
-    }
-
-    name = local.strimzi-kafka-operator["namespace"]
-  }
-}
-
-resource "helm_release" "strimzi-kafka-operator" {
-  count                 = local.strimzi-kafka-operator["enabled"] ? 1 : 0
-  repository            = local.strimzi-kafka-operator["repository"]
-  name                  = local.strimzi-kafka-operator["name"]
-  chart                 = local.strimzi-kafka-operator["chart"]
-  version               = local.strimzi-kafka-operator["chart_version"]
-  timeout               = local.strimzi-kafka-operator["timeout"]
-  force_update          = local.strimzi-kafka-operator["force_update"]
-  recreate_pods         = local.strimzi-kafka-operator["recreate_pods"]
-  wait                  = local.strimzi-kafka-operator["wait"]
-  atomic                = local.strimzi-kafka-operator["atomic"]
-  cleanup_on_fail       = local.strimzi-kafka-operator["cleanup_on_fail"]
-  dependency_update     = local.strimzi-kafka-operator["dependency_update"]
-  disable_crd_hooks     = local.strimzi-kafka-operator["disable_crd_hooks"]
-  disable_webhooks      = local.strimzi-kafka-operator["disable_webhooks"]
-  render_subchart_notes = local.strimzi-kafka-operator["render_subchart_notes"]
-  replace               = local.strimzi-kafka-operator["replace"]
-  reset_values          = local.strimzi-kafka-operator["reset_values"]
-  reuse_values          = local.strimzi-kafka-operator["reuse_values"]
-  skip_crds             = local.strimzi-kafka-operator["skip_crds"]
-  verify                = local.strimzi-kafka-operator["verify"]
-  values = [
-    local.values_strimzi-kafka-operator,
-    local.strimzi-kafka-operator["extra_values"]
-  ]
-  namespace = local.strimzi-kafka-operator["create_ns"] ? kubernetes_namespace.strimzi-kafka-operator.*.metadata.0.name[count.index] : local.strimzi-kafka-operator["namespace"]
-}
-
-resource "kubernetes_network_policy" "strimzi-kafka-operator_default_deny" {
-  count = local.strimzi-kafka-operator["enabled"] && local.strimzi-kafka-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${local.strimzi-kafka-operator["namespace"]}-${local.strimzi-kafka-operator["name"]}-default-deny"
-    namespace = local.strimzi-kafka-operator["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "strimzi-kafka-operator_allow_namespace" {
-  count = local.strimzi-kafka-operator["enabled"] && local.strimzi-kafka-operator["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${local.strimzi-kafka-operator["namespace"]}-${local.strimzi-kafka-operator["name"]}-default-namespace"
-    namespace = local.strimzi-kafka-operator["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = local.strimzi-kafka-operator["namespace"]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
diff --git a/variables.tf b/variables.tf
index e904a6c78..d19cdee61 100644
--- a/variables.tf
+++ b/variables.tf
@@ -40,12 +40,6 @@ variable "external-dns" {
   default     = {}
 }
 
-variable "flux" {
-  description = "Customize Flux chart, see `flux.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "flux2" {
   description = "Customize Flux chart, see `flux2.tf` for supported values"
   type        = any
@@ -58,12 +52,6 @@ variable "helm_defaults" {
   default     = {}
 }
 
-variable "istio-operator" {
-  description = "Customize istio operator deployment, see `istio_operator.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "k8gb" {
   description = "Customize k8gb chart, see `k8gb.tf` for supported values"
   type        = any
@@ -82,12 +70,6 @@ variable "keda" {
   default     = {}
 }
 
-variable "keycloak" {
-  description = "Customize keycloak chart, see `keycloak.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "kong" {
   description = "Customize kong-ingress chart, see `kong.tf` for supported values"
   type        = any
@@ -100,12 +82,6 @@ variable "kube-prometheus-stack" {
   default     = {}
 }
 
-variable "kyverno" {
-  description = "Customize kyverno chart, see `kyverno.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "labels_prefix" {
   description = "Custom label prefix used for network policy namespace matching"
   type        = string
@@ -190,12 +166,6 @@ variable "promtail" {
   default     = {}
 }
 
-variable "rabbitmq-operator" {
-  description = "Customize rabbitmq-operator chart, see `rabbitmq-operator.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "sealed-secrets" {
   description = "Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values"
   type        = any
@@ -208,12 +178,6 @@ variable "secrets-store-csi-driver" {
   default     = {}
 }
 
-variable "strimzi-kafka-operator" {
-  description = "Customize strimzi-kafka-operator chart, see `strimzi-kafka-operator.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "thanos" {
   description = "Customize thanos chart, see `thanos.tf` for supported values"
   type        = any
@@ -250,12 +214,6 @@ variable "traefik" {
   default     = {}
 }
 
-variable "vault" {
-  description = "Customize Hashicorp Vault chart, see `vault.tf` for supported values"
-  type        = any
-  default     = {}
-}
-
 variable "victoria-metrics-k8s-stack" {
   description = "Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values"
   type        = any
diff --git a/vault.tf b/vault.tf
deleted file mode 100644
index 91a10addc..000000000
--- a/vault.tf
+++ /dev/null
@@ -1,233 +0,0 @@
-locals {
-  vault = merge(
-    local.helm_defaults,
-    {
-      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].name
-      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].name
-      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].repository
-      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "vault")].version
-      namespace              = "vault"
-      enabled                = false
-      create_ns              = true
-      default_network_policy = true
-      generate_ca            = false
-      trusted_ca_content     = null
-    },
-    var.vault
-  )
-
-  values_vault = <<-VALUES
-    injector:
-      replicas: 2
-      metrics:
-        enabled: ${local.kube-prometheus-stack.enabled}
-      failurePolicy: Fail
-      priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
-    VALUES
-}
-
-resource "kubernetes_namespace" "vault" {
-  count = local.vault["enabled"] && local.vault["create_ns"] ? 1 : 0
-
-  metadata {
-    labels = {
-      name = local.vault["namespace"]
-    }
-
-    name = local.vault["namespace"]
-  }
-}
-
-resource "helm_release" "vault" {
-  count                 = local.vault["enabled"] ? 1 : 0
-  repository            = local.vault["repository"]
-  name                  = local.vault["name"]
-  chart                 = local.vault["chart"]
-  version               = local.vault["chart_version"]
-  timeout               = local.vault["timeout"]
-  force_update          = local.vault["force_update"]
-  recreate_pods         = local.vault["recreate_pods"]
-  wait                  = local.vault["wait"]
-  atomic                = local.vault["atomic"]
-  cleanup_on_fail       = local.vault["cleanup_on_fail"]
-  dependency_update     = local.vault["dependency_update"]
-  disable_crd_hooks     = local.vault["disable_crd_hooks"]
-  disable_webhooks      = local.vault["disable_webhooks"]
-  render_subchart_notes = local.vault["render_subchart_notes"]
-  replace               = local.vault["replace"]
-  reset_values          = local.vault["reset_values"]
-  reuse_values          = local.vault["reuse_values"]
-  skip_crds             = local.vault["skip_crds"]
-  verify                = local.vault["verify"]
-  values = [
-    local.values_vault,
-    local.vault["extra_values"]
-  ]
-  namespace = local.vault["create_ns"] ? kubernetes_namespace.vault.*.metadata.0.name[count.index] : local.vault["namespace"]
-}
-
-resource "kubernetes_network_policy" "vault_default_deny" {
-  count = local.vault["enabled"] && local.vault["create_ns"] && local.vault["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${local.vault["namespace"]}-${local.vault["name"]}-default-deny"
-    namespace = local.vault["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "vault_allow_namespace" {
-  count = local.vault["enabled"] && local.vault["create_ns"] && local.vault["default_network_policy"] ? 1 : 0
-
-  metadata {
-    name      = "${local.vault["namespace"]}-${local.vault["name"]}-default-namespace"
-    namespace = local.vault["namespace"]
-  }
-
-  spec {
-    pod_selector {
-    }
-
-    ingress {
-      from {
-        namespace_selector {
-          match_labels = {
-            name = local.vault["namespace"]
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "kubernetes_network_policy" "vault_allow_control_plane" {
-  count = local.vault["enabled"] && local.vault["default_network_policy"] && local.vault.create_ns ? 1 : 0
-
-  metadata {
-    name      = "${kubernetes_namespace.vault.*.metadata.0.name[count.index]}-allow-control-plane"
-    namespace = kubernetes_namespace.vault.*.metadata.0.name[count.index]
-  }
-
-  spec {
-    pod_selector {
-      match_expressions {
-        key      = "app.kubernetes.io/name"
-        operator = "In"
-        values   = ["${local.vault["name"]}-agent-injector"]
-      }
-    }
-
-    ingress {
-      ports {
-        port     = "8080"
-        protocol = "TCP"
-      }
-
-      dynamic "from" {
-        for_each = local.vault["allowed_cidrs"]
-        content {
-          ip_block {
-            cidr = from.value
-          }
-        }
-      }
-    }
-
-    policy_types = ["Ingress"]
-  }
-}
-
-resource "tls_private_key" "vault-tls-ca-key" {
-  count       = local.vault["generate_ca"] ? 1 : 0
-  algorithm   = "ECDSA"
-  ecdsa_curve = "P384"
-}
-
-resource "tls_self_signed_cert" "vault-tls-ca-cert" {
-  count             = local.vault["generate_ca"] ? 1 : 0
-  private_key_pem   = tls_private_key.vault-tls-ca-key[0].private_key_pem
-  is_ca_certificate = true
-
-  subject {
-    common_name  = var.cluster-name
-    organization = var.cluster-name
-  }
-
-  validity_period_hours = 87600
-
-  allowed_uses = [
-    "cert_signing"
-  ]
-}
-
-resource "tls_private_key" "vault-tls-client-key" {
-  count       = local.vault["generate_ca"] ? 1 : 0
-  algorithm   = "ECDSA"
-  ecdsa_curve = "P384"
-}
-
-resource "tls_cert_request" "vault-tls-client-csr" {
-  count           = local.vault["generate_ca"] ? 1 : 0
-  private_key_pem = tls_private_key.vault-tls-client-key[count.index].private_key_pem
-
-  subject {
-    common_name = "vault-tls-client"
-  }
-
-  dns_names = [
-    "vault-tls-client"
-  ]
-}
-
-resource "tls_locally_signed_cert" "vault-tls-client-cert" {
-  count              = local.vault["generate_ca"] ? 1 : 0
-  cert_request_pem   = tls_cert_request.vault-tls-client-csr[count.index].cert_request_pem
-  ca_private_key_pem = tls_private_key.vault-tls-ca-key[count.index].private_key_pem
-  ca_cert_pem        = tls_self_signed_cert.vault-tls-ca-cert[count.index].cert_pem
-
-  validity_period_hours = 8760
-
-  allowed_uses = [
-    "key_encipherment",
-    "digital_signature",
-    "client_auth"
-  ]
-}
-
-resource "kubernetes_secret" "vault-ca" {
-  count = local.vault["enabled"] && (local.vault["generate_ca"] || local.vault["trusted_ca_content"] != null) ? 1 : 0
-  metadata {
-    name      = "${local.vault["name"]}-ca"
-    namespace = local.vault["create_ns"] ? kubernetes_namespace.vault.*.metadata.0.name[count.index] : local.vault["namespace"]
-  }
-
-  data = {
-    "ca.crt" = local.vault["generate_ca"] ? tls_self_signed_cert.vault-tls-ca-cert[count.index].cert_pem : local.vault["trusted_ca_content"]
-  }
-}
-
-output "vault_ca_pem" {
-  value = element(concat(tls_self_signed_cert.vault-tls-ca-cert[*].cert_pem, [""]), 0)
-}
-
-output "vault_ca_key" {
-  value     = element(concat(tls_private_key.vault-tls-ca-key[*].private_key_pem, [""]), 0)
-  sensitive = true
-}
-
-output "vault_tls_client_cert_pem" {
-  value = element(concat(tls_locally_signed_cert.vault-tls-client-cert[*].cert_pem, [""]), 0)
-}
-
-
-output "vault_tls_client_key" {
-  value     = element(concat(tls_private_key.vault-tls-client-key[*].private_key_pem, [""]), 0)
-  sensitive = true
-}
diff --git a/versions.tf b/versions.tf
index c1aa0c5a5..409b69edc 100644
--- a/versions.tf
+++ b/versions.tf
@@ -9,7 +9,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "~> 0.25"
+      version = "1.0.0-rc.5"
     }
     github = {
       source  = "integrations/github"