diff --git a/addons.tf b/addons.tf
index b44b694..a060a4f 100644
--- a/addons.tf
+++ b/addons.tf
@@ -1,59 +1,165 @@
-locals {
-  cloud_controller_addons_md5 = flatten([
-    for file in fileset(path.module, "addons/cloud-controller/**") : [
-      md5(file("${path.module}/${file}"))
-    ]
-  ])
-  rolling_updater_addons_md5 = flatten([
-    for file in fileset(path.module, "addons/rolling-update/**") : [
-      md5(file("${path.module}/${file}"))
-    ]
-  ])
+resource "helm_release" "aws_lb_controller" {
+  namespace  = "kube-system"
+  name       = "aws-cloud-controller-manager"
+  repository = "https://kubernetes.github.io/cloud-provider-aws"
+  chart      = "aws-cloud-controller-manager"
+  version    = "0.0.8"
+  values = [
+    file("${path.module}/values/cloud-controller.yaml")
+  ]
+}
+
+resource "helm_release" "aws_lb_csi" {
+  namespace  = "kube-system"
+  name       = "aws-ebs-csi-driver"
+  repository = "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
+  chart      = "aws-ebs-csi-driver"
+  version    = "2.24.0"
+  values = [
+    file("${path.module}/values/csi.yaml")
+  ]
 }
 
-resource "null_resource" "cloud_controller_addon_install" {
-  triggers = {
-    md5 = join(" ", local.cloud_controller_addons_md5)
+resource "kubernetes_service_account" "asg_roller" {
+  metadata {
+    name      = "asg-roller"
+    namespace = "kube-system"
+    labels = {
+      name = "asg-roller"
+    }
   }
-  provisioner "local-exec" {
-    command     = "kubectl apply --kubeconfig <(echo $KUBECONFIG | base64 -d) -R -f ${path.module}/addons/cloud-controller/"
-    interpreter = ["/bin/bash", "-c"]
-    environment = {
-      KUBECONFIG = base64encode(data.aws_s3_bucket_object.get_kubeconfig.body)
+}
+
+resource "kubernetes_cluster_role" "asg_roller" {
+  metadata {
+    name = "asg-roller"
+    labels = {
+      name = "asg-roller"
     }
   }
-  depends_on = [
-    null_resource.wait_cluster_ready
-  ]
+  rule {
+    verbs      = ["get", "list", "watch"]
+    api_groups = ["*"]
+    resources  = ["*"]
+  }
+  rule {
+    verbs      = ["get", "list", "watch", "update", "patch"]
+    api_groups = ["*"]
+    resources  = ["nodes"]
+  }
+  rule {
+    verbs      = ["get", "list", "create"]
+    api_groups = ["*"]
+    resources  = ["pods/eviction"]
+  }
+  rule {
+    verbs      = ["get", "list"]
+    api_groups = ["*"]
+    resources  = ["pods"]
+  }
 }
 
-data "template_file" "rolling_updater" {
-  count    = var.enable_asg_rolling_auto_update == true ? 1 : 0
-  template = file("${path.module}/addons/rolling-update/main.yaml")
-  vars = {
-    asg_list = join(",", [for key, value in aws_autoscaling_group.worker :
-      value.name
-    ])
-    aws_region = var.region
-  }
-  depends_on = [
-    null_resource.wait_cluster_ready
-  ]
+resource "kubernetes_cluster_role_binding" "asg_roller" {
+  metadata {
+    name = "asg-roller"
+    labels = {
+      name = "asg-roller"
+    }
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = "asg-roller"
+    namespace = "kube-system"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "asg-roller"
+  }
 }
 
-resource "null_resource" "rolling_updater_addon_install" {
-  count = var.enable_asg_rolling_auto_update == true ? 1 : 0
-  triggers = {
-    yaml = data.template_file.rolling_updater[0].rendered
+resource "kubernetes_deployment" "aws_asg_roller" {
+  metadata {
+    name      = "aws-asg-roller"
+    namespace = "kube-system"
+    labels = {
+      name = "aws-asg-roller"
+    }
   }
-  provisioner "local-exec" {
-    command     = "kubectl apply --kubeconfig <(echo $KUBECONFIG | base64 -d) -R -f -<<EOF\n${self.triggers.yaml}\nEOF"
-    interpreter = ["/bin/bash", "-c"]
-    environment = {
-      KUBECONFIG = base64encode(data.aws_s3_bucket_object.get_kubeconfig.body)
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        name = "aws-asg-roller"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          name = "aws-asg-roller"
+        }
+      }
+
+      spec {
+        container {
+          name  = "aws-asg-roller"
+          image = "deitch/aws-asg-roller:802da75cec20116ca499cef5abd3292136a32b07"
+          env {
+            name  = "ROLLER_ASG"
+            value = local.asg_list
+          }
+          env {
+            name  = "ROLLER_KUBERNETES"
+            value = "true"
+          }
+          env {
+            name  = "ROLLER_VERBOSE"
+            value = "true"
+          }
+          env {
+            name  = "ROLLER_ORIGINAL_DESIRED_ON_TAG"
+            value = "true"
+          }
+          env {
+            name  = "ROLLER_DELETE_LOCAL_DATA"
+            value = "true"
+          }
+          env {
+            name  = "ROLLER_IGNORE_DAEMONSETS"
+            value = "true"
+          }
+          env {
+            name  = "AWS_REGION"
+            value = var.region
+          }
+          image_pull_policy = "Always"
+        }
+
+        restart_policy       = "Always"
+        service_account_name = "asg-roller"
+
+        affinity {
+          node_affinity {
+            required_during_scheduling_ignored_during_execution {
+              node_selector_term {
+                match_expressions {
+                  key      = "node-role.kubernetes.io/master"
+                  operator = "In"
+                  values   = ["true"]
+                }
+              }
+            }
+          }
+        }
+
+        toleration {
+          key      = "node-role.kubernetes.io/master"
+          operator = "Exists"
+          effect   = "NoSchedule"
+        }
+      }
     }
   }
-  depends_on = [
-    null_resource.wait_cluster_ready
-  ]
 }
+
diff --git a/addons/cloud-controller/main.yaml b/addons/cloud-controller/main.yaml
deleted file mode 100644
index f9ea69f..0000000
--- a/addons/cloud-controller/main.yaml
+++ /dev/null
@@ -1,178 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: system:cloud-controller-manager
-  labels:
-    kubernetes.io/cluster-service: "true"
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - services
-  verbs:
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - services/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-  - update
-# For leader election
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  resourceNames:
-  - "cloud-controller-manager"
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  resourceNames:
-  - "cloud-controller-manager"
-  verbs:
-  - get
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - "coordination.k8s.io"
-  resources:
-  - leases
-  verbs:
-  - get
-  - create
-  - update
-  - list
-# For the PVL
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumes
-  verbs:
-  - list
-  - watch
-  - patch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: aws-cloud-controller-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:cloud-controller-manager
-subjects:
-- kind: ServiceAccount
-  name: cloud-controller-manager
-  namespace: kube-system
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: aws-cloud-controller-manager-ext
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: cloud-controller-manager
-  namespace: kube-system
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: aws-cloud-controller-manager
-  namespace: kube-system
-  labels:
-    k8s-app: aws-cloud-controller-manager
-spec:
-  selector:
-    matchLabels:
-      component: aws-cloud-controller-manager
-      tier: control-plane
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        component: aws-cloud-controller-manager
-        tier: control-plane
-    spec:
-      serviceAccountName: cloud-controller-manager
-      hostNetwork: true
-      nodeSelector:
-        node-role.kubernetes.io/master: "true"
-      tolerations:
-      - key: node.cloudprovider.kubernetes.io/uninitialized
-        value: "true"
-        effect: NoSchedule
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-        effect: NoSchedule
-      containers:
-        - name: aws-cloud-controller-manager
-          image: gcr.io/k8s-staging-provider-aws/cloud-controller-manager:v1.19.0-alpha.1
-          args:
-            - --v=5
-            - --cloud-provider=aws
diff --git a/data.tf b/data.tf
index 4378b04..34a0d57 100644
--- a/data.tf
+++ b/data.tf
@@ -70,6 +70,7 @@ resource "random_password" "k3s_server_token" {
 }
 
 data "aws_route53_zone" "main_zone" {
+  count        = var.domain == "" ? 0 : 1
   name         = var.domain
   private_zone = false
 }
diff --git a/examples/simple/locals.tf b/examples/simple/locals.tf
new file mode 100644
index 0000000..26f2267
--- /dev/null
+++ b/examples/simple/locals.tf
@@ -0,0 +1,32 @@
+data "aws_availability_zones" "available" {}
+data "aws_caller_identity" "current" {}
+
+locals {
+  name            = "k3s-test"
+  region = "eu-central-1"
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+  tags = {
+    Example = local.name
+  }
+  master_node_labels      = ["node-type=master"]
+  awsprofile              = "cluster-dev"
+  master_instance_type    = "t3.medium"
+  master_root_volume_size = 50
+  domain                  = "k3s-test.cluster.dev"
+  k3s_version             = "1.25.11+k3s1"
+  s3_bucket               = "cluster-dev-k3s"
+  key_name                = "arti-key"
+  worker_node_groups      = []
+  extra_api_args = {
+    oidc-issuer-url     = "https://example.com/my"
+    oidc-username-claim = "email"
+    oidc-groups-claim   = "groups"
+    oidc-client-id      = "login"
+    allow-privileged    = "true"
+  }
+  extra_args = [
+    "--disable traefik"
+  ]
+
+}
\ No newline at end of file
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
index d155685..5942061 100644
--- a/examples/simple/main.tf
+++ b/examples/simple/main.tf
@@ -1,16 +1,44 @@
+module "vpc" {
+  source                       = "terraform-aws-modules/vpc/aws"
+  version                      = "4.0.2"
+  one_nat_gateway_per_az       = false
+  create_egress_only_igw       = true
+  azs                          = local.azs
+  name                         = local.name
+  enable_nat_gateway           = true
+  single_nat_gateway           = true
+  enable_dns_support           = true
+  enable_dns_hostnames         = true
+  enable_vpn_gateway           = true
+  create_database_subnet_group = true
+  private_subnets              = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets               = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+  cidr                         = local.vpc_cidr
+  public_subnet_tags = {
+    "kubernetes.io/cluster/k3s-demo-boston" = "owned"
+    "kubernetes.io/role/lb"                 = 1
+  }
+  private_subnet_tags = {
+    "kubernetes.io/cluster/k3s-demo-boston" = "owned"
+    "kubernetes.io/role/internal-lb"        = 1
+  }
+  map_public_ip_on_launch = true
+}
+
+
 module "k3s" {
   source                  = "../../"
-  master_instance_type    = var.master_instance_type
-  master_root_volume_size = var.master_root_volume_size
-  master_node_labels      = var.master_node_labels
-  cluster_name            = var.cluster_name
-  region                  = var.region
-  key_name                = var.key_name
-  k3s_version             = var.k3s_version
-  public_subnets          = ["subnet-6696651a"]
-  s3_bucket               = var.s3_bucket
-  domain                  = var.domain
-  worker_node_groups      = var.worker_node_groups
+  master_instance_type    = local.master_instance_type
+  master_root_volume_size = local.master_root_volume_size
+  master_node_labels      = local.master_node_labels
+  cluster_name            = local.name
+  region                  = local.region
+  key_name                = local.key_name
+  k3s_version             = local.k3s_version
+  public_subnets          = module.vpc.private_subnets
+  s3_bucket               = local.s3_bucket
+  domain                  = local.domain
+  worker_node_groups      = local.worker_node_groups
 }
 
 output "kub_config" {
diff --git a/examples/simple/provider.tf b/examples/simple/provider.tf
index a3feb0d..c291cce 100644
--- a/examples/simple/provider.tf
+++ b/examples/simple/provider.tf
@@ -1,6 +1,3 @@
 provider "aws" {
-  region                  = var.region
-  profile                 = var.awsprofile
-  shared_credentials_file = "$HOME/.aws/credentials"
-  version                 = "~> 3.0"
+  region = local.region
 }
diff --git a/examples/simple/terraform.tfvars b/examples/simple/terraform.tfvars
index 54dd723..e69de29 100644
--- a/examples/simple/terraform.tfvars
+++ b/examples/simple/terraform.tfvars
@@ -1,24 +0,0 @@
-awsprofile              = "cluster-dev"
-azs                     = ["eu-central-1a", "eu-central-1b"]
-region                  = "eu-central-1"
-master_instance_type    = "t3.medium"
-master_root_volume_size = 50
-master_node_labels      = ["node-type=master"]
-domain                  = "k3s-test.cluster.dev"
-k3s_version             = "1.19.3+k3s1"
-s3_bucket               = "cluster-dev-k3s"
-cluster_name            = "k3s-test"
-key_name                = "arti-key"
-worker_node_groups      = []
-
-extra_api_args = {
-  oidc-issuer-url     = "https://example.com/my"
-  oidc-username-claim = "email"
-  oidc-groups-claim   = "groups"
-  oidc-client-id      = "login"
-  allow-privileged    = "true"
-}
-
-extra_args = [
-  "--disable traefik"
-]
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
index ec0ff86..4b0781b 100644
--- a/examples/simple/variables.tf
+++ b/examples/simple/variables.tf
@@ -1,59 +1,59 @@
-variable awsprofile {
+variable "awsprofile" {
   type        = string
   default     = "default"
   description = "The aws credential profile alias in ~/.aws/credentials"
 }
 
-variable azs {
-  type        = list
+variable "azs" {
+  type        = list(any)
   description = "Availability Zones to deploy cluster"
 }
 
-variable region {
+variable "region" {
   type        = string
   description = "The AWS region."
 }
 
-variable master_instance_type {
+variable "master_instance_type" {
   type = string
 }
 
-variable k3s_version {
+variable "k3s_version" {
   type        = string
   description = "k3s version"
 }
 
-variable data_volume_size {
+variable "data_volume_size" {
   type        = string
   default     = "50"
   description = "Instances data volume size in Gb"
 }
 
-variable key_name {
+variable "key_name" {
   type = string
 }
 
-variable s3_bucket {
+variable "s3_bucket" {
   type = string
 }
 
-variable domain {
+variable "domain" {
   type = string
 }
 
-variable cluster_name {
+variable "cluster_name" {
   type = string
 }
 
-variable worker_node_groups {
+variable "worker_node_groups" {
   description = "A list of worker groups configs. See description in comments"
   type        = any
 }
 
-variable master_node_labels {
-  type = list
+variable "master_node_labels" {
+  type = list(any)
 }
 
-variable master_root_volume_size {
+variable "master_root_volume_size" {
   type = number
 }
diff --git a/files/k3s.tpl.sh b/files/k3s.tpl.sh
index b732e44..991c518 100644
--- a/files/k3s.tpl.sh
+++ b/files/k3s.tpl.sh
@@ -26,6 +26,7 @@ software_install() {
   START_ARGS="server --cluster-domain ${cluster_domain} --secrets-encryption --node-name $(curl http://169.254.169.254/latest/meta-data/local-hostname) \
   --disable-cloud-controller \
   --disable servicelb \
+  --tls-san ${cluster_domain} \
   --kubelet-arg="cloud-provider=external" \
   --kubelet-arg="provider-id=aws:///$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)/$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" \
   "
@@ -46,7 +47,7 @@ software_install() {
         sleep 2
     done
   fi
-  curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION='v${k3s_version}' sh -s - $${START_ARGS} --token ${k3s_server_token} $${SERVER_URL} $${CLUSTER_INIT}
+  curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION='${k3s_version}' sh -s - $${START_ARGS} --token ${k3s_server_token} $${SERVER_URL} $${CLUSTER_INIT}
 
 %{ if instance_role == "master" }
   until (kubectl version); do
diff --git a/iam.tf b/iam.tf
index 737ed22..0449b54 100644
--- a/iam.tf
+++ b/iam.tf
@@ -21,7 +21,7 @@ resource "aws_iam_role" "master_role" {
         {
             "Action": "sts:AssumeRole",
             "Principal": {
-               "Service": "ec2.amazonaws.com"
+              "Service": "ec2.amazonaws.com"
             },
             "Effect": "Allow",
             "Sid": ""
@@ -76,7 +76,7 @@ resource "aws_iam_role" "worker_role" {
         {
             "Action": "sts:AssumeRole",
             "Principal": {
-               "Service": "ec2.amazonaws.com"
+              "Service": "ec2.amazonaws.com"
             },
             "Effect": "Allow",
             "Sid": ""
diff --git a/infra.tf b/infra.tf
index 8ad57b4..c7cec40 100644
--- a/infra.tf
+++ b/infra.tf
@@ -74,7 +74,6 @@ resource "aws_autoscaling_group" "master" {
     }
   }
   depends_on = [
-    aws_route53_record.alb_ingress,
     aws_lb.kubeapi
   ]
 }
@@ -102,7 +101,6 @@ resource "aws_autoscaling_group" "worker" {
   }
 
   depends_on = [
-    aws_route53_record.alb_ingress,
     aws_lb.kubeapi
   ]
 }
diff --git a/init.tf b/init.tf
index 7db2b07..235e0a8 100644
--- a/init.tf
+++ b/init.tf
@@ -14,3 +14,19 @@ terraform {
 provider "aws" {
   region = var.region
 }
+
+provider "kubernetes" {
+  host                   = "${var.domain == "" ? aws_lb.kubeapi.dns_name : "cp.${var.domain}"}:6443"
+  cluster_ca_certificate = local.k_config.host_cert
+  client_key             = local.k_config.cert_data
+  client_certificate     = local.k_config.user_crt
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = "${var.domain == "" ? aws_lb.kubeapi.dns_name : "cp.${var.domain}"}:6443"
+    cluster_ca_certificate = local.k_config.host_cert
+    client_key             = local.k_config.cert_data
+    client_certificate     = local.k_config.user_crt
+  }
+}
diff --git a/kubeconfig.tf b/kubeconfig.tf
index 6fbf03e..010b94d 100644
--- a/kubeconfig.tf
+++ b/kubeconfig.tf
@@ -10,7 +10,7 @@ resource "null_resource" "wait_cluster_ready" {
 }
 
 # Not really secure as it will keep entire file as a plain text in tfstate
-data "aws_s3_bucket_object" "get_kubeconfig" {
+data "aws_s3_object" "get_kubeconfig" {
   key    = "${var.cluster_name}/${local.s3_kubeconfig_filename}"
   bucket = var.s3_bucket
   depends_on = [
@@ -20,8 +20,8 @@ data "aws_s3_bucket_object" "get_kubeconfig" {
 
 locals {
   k_config = element(flatten([
-    for cl in yamldecode(data.aws_s3_bucket_object.get_kubeconfig.body).clusters : [
-      for u in yamldecode(data.aws_s3_bucket_object.get_kubeconfig.body).users : {
+    for cl in yamldecode(data.aws_s3_object.get_kubeconfig.body).clusters : [
+      for u in yamldecode(data.aws_s3_object.get_kubeconfig.body).users : {
         host      = cl.cluster.server
         host_cert = base64decode(cl.cluster.certificate-authority-data)
         user_crt  = base64decode(u.user.client-certificate-data)
diff --git a/locals.tf b/locals.tf
index 034ef2d..cdd7b6c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,7 +1,8 @@
 
 locals {
   name                   = var.cluster_name
-  cluster_domain         = "cp.${var.domain}"
+  controlplain_domain    = "cp.${var.domain}"
+  cluster_domain         = var.domain == "" ? aws_lb.kubeapi.dns_name : "cp.${var.domain}"
   s3_kubeconfig_filename = "kubeconfig"
   common_tags = {
     "kubernetes.io/cluster/${var.cluster_name}" = "owned"
@@ -65,10 +66,13 @@ locals {
 
   master_iam_policy_default = file("${path.module}/policies/master.json")
   worker_iam_policy_default = file("${path.module}/policies/worker.json")
+  asg_list = join(",", [for key, value in aws_autoscaling_group.worker :
+    value.name
+  ])
 }
 
 resource "null_resource" "validate_domain_length" {
   provisioner "local-exec" {
-    command = "if [ ${length(local.cluster_domain)} -ge 38 ]; then echo \"ERR: \nThe length of the domain for kubeapi (domain:${local.cluster_domain}, length:${length(local.cluster_domain)}) must not exceed 37 characters.\nDomain name includes variables 'var.cluster_name' (${var.cluster_name}) and 'var.domain' (${var.domain}).\nCheck the length of these variables.\" ; exit 1; fi"
+    command = var.domain == "" ? "exit 0" : "if [ ${length(local.controlplain_domain)} -ge 38 ]; then echo \"ERR: \nThe length of the domain for kubeapi (domain:${local.controlplain_domain}, length:${length(local.controlplain_domain)}) must not exceed 37 characters.\nDomain name includes variables 'var.cluster_name' (${var.cluster_name}) and 'var.domain' (${var.domain}).\nCheck the length of these variables.\" ; exit 1; fi"
   }
 }
diff --git a/nlb.tf b/nlb.tf
index 4630ee0..838c80e 100644
--- a/nlb.tf
+++ b/nlb.tf
@@ -4,9 +4,9 @@ resource "aws_lb" "kubeapi" {
   load_balancer_type = "network"
   subnets            = var.public_subnets
   tags               = local.common_tags
-  depends_on = [
-    null_resource.validate_domain_length
-  ]
+  # depends_on = [
+  #   null_resource.validate_domain_length
+  # ]
 }
 
 resource "aws_lb_listener" "kubeapi" {
@@ -44,8 +44,9 @@ resource "aws_lb_target_group" "kubeapi" {
 }
 
 resource "aws_route53_record" "alb_ingress" {
+  count           = var.domain == "" ? 0 : 1
   allow_overwrite = true
-  zone_id         = data.aws_route53_zone.main_zone.id
+  zone_id         = data.aws_route53_zone.main_zone.0.id
   name            = local.cluster_domain
   type            = "A"
 
diff --git a/outputs.tf b/outputs.tf
index b927b87..e37a4cc 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -3,7 +3,7 @@ output "k8s_nlb_dns_name" {
 }
 
 output "kubeconfig" {
-  value = data.aws_s3_bucket_object.get_kubeconfig.body
+  value = data.aws_s3_object.get_kubeconfig.body
 }
 
 output "kubeconfig_s3_url" {
diff --git a/policies/master.json b/policies/master.json
index 35b7b6b..353b9f0 100644
--- a/policies/master.json
+++ b/policies/master.json
@@ -19,6 +19,7 @@
         "ec2:DescribeSecurityGroups",
         "ec2:DescribeSubnets",
         "ec2:DescribeVolumes",
+        "ec2:DescribeAvailabilityZones",
         "ec2:CreateSecurityGroup",
         "ec2:CreateTags",
         "ec2:CreateVolume",
diff --git a/values/cloud-controller.yaml b/values/cloud-controller.yaml
new file mode 100644
index 0000000..559a29d
--- /dev/null
+++ b/values/cloud-controller.yaml
@@ -0,0 +1,9 @@
+args:
+  - --v=2
+  - --cloud-provider=aws
+  - --configure-cloud-routes=false
+hostNetworking: true
+nodeSelector:
+  node-role.kubernetes.io/control-plane: "true"
+image:
+  tag: "v1.27.1"
\ No newline at end of file
diff --git a/values/csi.yaml b/values/csi.yaml
new file mode 100644
index 0000000..b0f1b1e
--- /dev/null
+++ b/values/csi.yaml
@@ -0,0 +1,34 @@
+enableVolumeResizing: true
+enableVolumeSnapshot: false
+
+tolerateAllTaints: true
+
+tolerations:
+  - operator: Exists
+
+affinity:
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: app
+              operator: In
+              values:
+                - ebs-csi-controller
+        topologyKey: "kubernetes.io/hostname"
+
+# If set, add pv/pvc metadata to plugin create requests as parameters.
+extraCreateMetadata: false
+
+node:
+  nodeSelector: {}
+  podAnnotations:
+    iam.amazonaws.com/role: k8s_ebs_csi_driver
+  tolerateAllTaints: true
+  tolerations: []
+
+serviceAccount:
+  controller:
+    annotations: {}
+  snapshot:
+    annotations: {}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 7b88e7e..898d3c9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -66,6 +66,7 @@ variable "s3_bucket" {
 
 variable "domain" {
   description = "DNS zone record to assign to NLB"
+  default     = ""
   type        = string
 }