From 24246d3fd752ce56b3fc24e170143eff4d5c0328 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Sun, 6 Feb 2022 14:24:12 -0500
Subject: [PATCH] feat: enable IRSA by default

---
 README.md                                | 2 +-
 examples/complete/main.tf                | 2 --
 examples/eks_managed_node_group/main.tf  | 2 --
 examples/fargate_profile/main.tf         | 2 --
 examples/irsa_autoscale_refresh/main.tf  | 2 --
 examples/self_managed_node_group/main.tf | 2 --
 variables.tf                             | 2 +-
 7 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 17d4a325db..4223483aa8 100644
--- a/README.md
+++ b/README.md
@@ -793,7 +793,7 @@ Full contributing [guidelines are covered here](https://github.com/terraform-aws
 | <a name="input_create_node_security_group"></a> [create\_node\_security\_group](#input\_create\_node\_security\_group) | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | `bool` | `true` | no |
 | <a name="input_eks_managed_node_group_defaults"></a> [eks\_managed\_node\_group\_defaults](#input\_eks\_managed\_node\_group\_defaults) | Map of EKS managed node group default configurations | `any` | `{}` | no |
 | <a name="input_eks_managed_node_groups"></a> [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | Map of EKS managed node group definitions to create | `any` | `{}` | no |
-| <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no |
+| <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
 | <a name="input_fargate_profile_defaults"></a> [fargate\_profile\_defaults](#input\_fargate\_profile\_defaults) | Map of Fargate Profile default configurations | `any` | `{}` | no |
 | <a name="input_fargate_profiles"></a> [fargate\_profiles](#input\_fargate\_profiles) | Map of Fargate Profile definitions to create | `any` | `{}` | no |
 | <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `list(string)` | `[]` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 85b02b1d15..8543f34db1 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -44,8 +44,6 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  enable_irsa = true
-
   # Extend cluster security group rules
   cluster_security_group_additional_rules = {
     egress_nodes_ephemeral_ports_tcp = {
diff --git a/examples/eks_managed_node_group/main.tf b/examples/eks_managed_node_group/main.tf
index 2739f2afcb..f985b49c57 100644
--- a/examples/eks_managed_node_group/main.tf
+++ b/examples/eks_managed_node_group/main.tf
@@ -50,8 +50,6 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  enable_irsa = true
-
   # Extend cluster security group rules
   cluster_security_group_additional_rules = {
     egress_nodes_ephemeral_ports_tcp = {
diff --git a/examples/fargate_profile/main.tf b/examples/fargate_profile/main.tf
index 61fbb43671..6106a272b4 100644
--- a/examples/fargate_profile/main.tf
+++ b/examples/fargate_profile/main.tf
@@ -45,8 +45,6 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  enable_irsa = true
-
   # You require a node group to schedule coredns which is critical for running correctly internal DNS.
   # If you want to use only fargate you must follow docs `(Optional) Update CoreDNS`
   # available under https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html
diff --git a/examples/irsa_autoscale_refresh/main.tf b/examples/irsa_autoscale_refresh/main.tf
index 9e74e3d9fe..6ad656de3f 100644
--- a/examples/irsa_autoscale_refresh/main.tf
+++ b/examples/irsa_autoscale_refresh/main.tf
@@ -35,8 +35,6 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  enable_irsa = true
-
   # Self Managed Node Group(s)
   self_managed_node_groups = {
     refresh = {
diff --git a/examples/self_managed_node_group/main.tf b/examples/self_managed_node_group/main.tf
index b8598d7065..43da796503 100644
--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -46,8 +46,6 @@ module "eks" {
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
-  enable_irsa = true
-
   # Extend cluster security group rules
   cluster_security_group_additional_rules = {
     egress_nodes_ephemeral_ports_tcp = {
diff --git a/variables.tf b/variables.tf
index 5452649421..0d166fd24a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -238,7 +238,7 @@ variable "node_security_group_tags" {
 variable "enable_irsa" {
   description = "Determines whether to create an OpenID Connect Provider for EKS to enable IRSA"
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "openid_connect_audiences" {