diff --git a/terraform/live/sample/eks-addons/terraform.tfvars b/terraform/live/sample/eks-addons/terraform.tfvars
index ec5e45e5..354c0358 100644
--- a/terraform/live/sample/eks-addons/terraform.tfvars
+++ b/terraform/live/sample/eks-addons/terraform.tfvars
@@ -9,17 +9,20 @@ terragrunt = {
 
   terraform {
     source = "../../../modules//eks-addons"
+
     before_hook "kubeconfig" {
-      commands = ["apply","plan"]
-      execute = ["bash","-c","cp ${get_tfvars_dir()}/../eks/kubeconfig kubeconfig"]
+      commands = ["apply", "plan"]
+      execute  = ["bash", "-c", "cp ${get_tfvars_dir()}/../eks/kubeconfig kubeconfig"]
     }
+
     before_hook "helm_repo_update" {
-      commands = ["apply","plan"]
-      execute = ["bash","-c","helm repo update"]
+      commands = ["apply", "plan"]
+      execute  = ["bash", "-c", "helm repo update"]
     }
+
     after_hook "cert_manager_cluster_issuers" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output cert_manager_cluster_issuers 2>/dev/null | kubectl --kubeconfig kubeconfig apply -f - | true"]
+      execute  = ["bash", "-c", "terraform output cert_manager_cluster_issuers 2>/dev/null | kubectl --kubeconfig kubeconfig apply -f - | true"]
     }
   }
 }
@@ -32,108 +35,153 @@ aws = {
 }
 
 eks = {
-  "kubeconfig_path" = "./kubeconfig"
+  "kubeconfig_path"     = "./kubeconfig"
   "remote_state_bucket" = "sample-terraform-remote-state"
-  "remote_state_key" = "sample/eks"
+  "remote_state_key"    = "sample/eks"
 }
 
 //
 // [nginx_ingress]
 //
 nginx_ingress = {
-  version = "0.21.0"
-  chart_version = "1.1.2"
-  enabled = false
-  namespace = "ingress-nginx"
-  extra_values = ""
-  use_nlb = false
+  version                = "0.24.1"
+  chart_version          = "1.6.16"
+  enabled                = true
+  default_network_policy = false
+  ingress_cidr           = "0.0.0.0/0"
+  namespace              = "ingress-nginx"
+  extra_values           = <<EXTRA_VALUES
+EXTRA_VALUES
+
+  use_nlb = true
+  use_l7  = false
 }
 
 //
 // [cluster_autoscaler]
 //
 cluster_autoscaler = {
-  use_kiam = false
-  version = "v1.3.5"
-  chart_version = "0.11.0"
-  enabled = false
-  namespace = "cluster-autoscaler"
-  cluster_name = "sample"
-  extra_values = ""
+  use_kiam               = false
+  version                = "v1.12.5"
+  chart_version          = "0.13.2"
+  enabled                = true
+  default_network_policy = false
+  namespace              = "cluster-autoscaler"
+  cluster_name           = "sample"
+  extra_values           = ""
 }
 
 //
 // [external_dns]
 //
 external_dns = {
-  use_kiam = false
-  version = "v0.5.9"
-  chart_version = "1.3.0"
-  enabled = false
-  namespace = "external-dns"
-  extra_values = ""
+  use_kiam               = false
+  version                = "v0.5.9"
+  chart_version          = "1.3.0"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "external-dns"
+  extra_values           = <<EXTRA_VALUES
+EXTRA_VALUES
 }
 
 //
 // [cert_manager]
 //
 cert_manager = {
-  use_kiam = false
-  version = "v0.5.2"
-  chart_version = "v0.5.2"
-  enabled = false
-  namespace = "cert-manager"
-  extra_values = ""
-  acme_email =  "example@email.com"
+  use_kiam               = false
+  version                = "v0.5.2"
+  chart_version          = "v0.5.2"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "cert-manager"
+  extra_values           = ""
+  acme_email             = "example@email.com"
 }
 
 //
 // [kiam]
 //
 kiam = {
-  version = "v3.0"
-  chart_version = "2.0.1-rc6"
-  enabled = false
-  namespace = "kiam"
+  version                 = "v3.2"
+  chart_version           = "2.3.0"
+  enabled                 = false
+  default_network_policy  = false
+  namespace               = "kiam"
   server_use_host_network = "true"
-  extra_values = ""
+  extra_values            = ""
 }
 
 //
 // [metrics-server]
 //
 metrics_server = {
-  version = "v0.3.1"
-  chart_version = "2.0.4"
-  enabled = false
-  namespace = "metrics-server"
-  extra_values = ""
+  version                    = "v0.3.3"
+  chart_version              = "2.8.0"
+  enabled                    = false
+  default_network_policy     = false
+  namespace                  = "metrics-server"
+  extra_values               = ""
+  control_plane_private_cidr = ""
+  control_plane_public_cidr  = ""
+}
+
+//
+// [flux]
+//
+flux = {
+  version                = "1.12.3"
+  chart_version          = "0.9.5"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "flux"
+  allowed_namespaces     = ""
+
+  extra_values = <<EXTRA_VALUES
+git:
+  url: "ssh://git@github.com/YOUR_REPO"
+  pollInterval: "1m"
+helmOperator:
+  create: false
+  tillerNamespace: "flux"
+  allowNamespace: "flux"
+registry:
+  excludeImage: "*"
+rbac:
+  create: false
+syncGarbageCollection:
+  enabled: true
+  dry: false
+EXTRA_VALUES
 }
 
 //
 // [virtual-kubelet]
 //
 virtual_kubelet = {
-  use_kiam = true
-  version = "0.7.4"
-  enabled = false
-  namespace = "virtual-kubelet"
-  cpu = "20"
-  memory = "40Gi"
-  pods = "20"
-  operatingsystem = "Linux"
-  platformversion = "LATEST"
+  use_kiam                = true
+  version                 = "0.7.4"
+  enabled                 = false
+  default_network_policy  = false
+  namespace               = "virtual-kubelet"
+  cpu                     = "20"
+  memory                  = "40Gi"
+  pods                    = "20"
+  operatingsystem         = "Linux"
+  platformversion         = "LATEST"
   assignpublicipv4address = false
-  fargate_cluster_name = "sample"
+  fargate_cluster_name    = "sample"
 }
 
 //
 // [prometheus_operator]
 //
 prometheus_operator = {
-  chart_version = "1.5.1"
-  enabled = false
-  namespace = "monitoring"
+  chart_version          = "5.12.0"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "monitoring"
+
   extra_values = <<EXTRA_VALUES
 grafana:
   ingress:
@@ -157,22 +205,36 @@ EXTRA_VALUES
 // [fluentd_cloudwatch]
 //
 fluentd_cloudwatch = {
-  chart_version = "0.7.0"
-  version = "v1.3-debian-cloudwatch"
-  use_kiam = false
-  enabled = false
-  namespace = "fluentd-cloudwatch"
-  extra_values = ""
-  log_group_name = "eks-sample-logs"
+  chart_version          = "0.7.0"
+  version                = "v1.3-debian-cloudwatch"
+  use_kiam               = false
+  enabled                = false
+  default_network_policy = false
+  namespace              = "fluentd-cloudwatch"
+  extra_values           = ""
+  log_group_name         = "eks-sample-logs"
 }
 
 //
 // [node_problem_detector]
 //
 npd = {
-  chart_version = "1.1.4"
-  version = "v0.6.2"
-  enabled = false
-  namespace = "node-problem-detector"
-  extra_values = ""
+  chart_version          = "1.4.3"
+  version                = "v0.6.3"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "node-problem-detector"
+  extra_values           = ""
+}
+
+//
+// [sealed_secrets]
+//
+sealed_secrets = {
+  chart_version          = "1.0.2"
+  version                = "v0.7.0"
+  enabled                = false
+  default_network_policy = false
+  namespace              = "sealed-secrets"
+  extra_values           = ""
 }
diff --git a/terraform/live/sample/eks/terraform.tfvars b/terraform/live/sample/eks/terraform.tfvars
index ec83850c..422c032f 100644
--- a/terraform/live/sample/eks/terraform.tfvars
+++ b/terraform/live/sample/eks/terraform.tfvars
@@ -2,27 +2,43 @@ terragrunt = {
   include {
     path = "${find_in_parent_folders()}"
   }
+
   terraform {
     source = "../../../modules//eks"
+
     after_hook "kubeconfig" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output kubeconfig 2>/dev/null > ${get_tfvars_dir()}/kubeconfig"]
+      execute  = ["bash", "-c", "terraform output kubeconfig 2>/dev/null > ${get_tfvars_dir()}/kubeconfig"]
     }
+
     after_hook "configmap" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output config_map_aws_auth 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
+      execute  = ["bash", "-c", "terraform output config_map_aws_auth 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
     }
+
     after_hook "calico" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output calico_yaml 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
+      execute  = ["bash", "-c", "terraform output calico_yaml 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
     }
+
     after_hook "cni_metrics_helper" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output cni_metrics_helper_yaml 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
+      execute  = ["bash", "-c", "terraform output cni_metrics_helper_yaml 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
     }
+
     after_hook "helm" {
       commands = ["apply"]
-      execute = ["bash","-c","terraform output helm_rbac 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
+      execute  = ["bash", "-c", "terraform output helm_rbac 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
+    }
+
+    after_hook "kube-system-label" {
+      commands = ["apply"]
+      execute  = ["bash", "-c", "kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig label --overwrite ns kube-system name=kube-system"]
+    }
+
+    after_hook "network-policies" {
+      commands = ["apply"]
+      execute  = ["bash", "-c", "terraform output network_policies 2>/dev/null | kubectl --kubeconfig ${get_tfvars_dir()}/kubeconfig apply -f -"]
     }
   }
 }
@@ -38,10 +54,10 @@ aws = {
 // [vpc]
 //
 vpc = {
-  create = true
-  cidr = "10.0.0.0/16"
-  vpc_id = "vpc-0fd2efe63408f5aba"
-  public_subnets_id = "subnet-0a60f7202528d8f64,subnet-0f7deaa3e53b86817,subnet-0f58143b87ef10257"
+  create             = true
+  cidr               = "10.0.0.0/16"
+  vpc_id             = "vpc-0fd2efe63408f5aba"
+  public_subnets_id  = "subnet-0a60f7202528d8f64,subnet-0f7deaa3e53b86817,subnet-0f58143b87ef10257"
   private_subnets_id = "subnet-0b0cca9118459c6c9,subnet-0296207fa6ff0c9ce,subnet-00f139ff79e016c19"
 }
 
@@ -49,22 +65,48 @@ vpc = {
 // [dns]
 //
 use_route53 = false
+
 domain_name = "example.domain"
+
 subdomain_name = "eks"
 
 //
 // [kubernetes]
 //
 cluster-name = "sample"
-kubernetes_version = "1.11"
+
+kubernetes_version = "1.12"
+
+endpoint_private_access = true
+
+endpoint_public_access = true
+
+enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
+
+cluster_log_retention_in_days = 180
+
+allowed_cidr_blocks = ["0.0.0.0/0"]
+
+ssh_remote_security_group_id = ""
+
+map_users = <<MAP_USERS
+- userarn: arn:aws:iam::000000000000:user/MyUser
+  username: admin
+  groups:
+    - system:masters
+MAP_USERS
+
+extra_network_policies = <<EXTRA_NETWORK_POLICIES
+EXTRA_NETWORK_POLICIES
 
 //
 // [cluster_autoscaler]
 //
 cluster_autoscaler = {
-  create_iam_resources = false
+  create_iam_resources      = true
   create_iam_resources_kiam = false
-  attach_to_pool = 0
+  attach_to_pool            = 0
+
   iam_policy = <<POLICY
 {
   "Version": "2012-10-17",
@@ -90,9 +132,10 @@ POLICY
 // [external_dns]
 //
 external_dns = {
-  create_iam_resources = false
+  create_iam_resources      = false
   create_iam_resources_kiam = false
-  attach_to_pool = 0
+  attach_to_pool            = 0
+
   iam_policy = <<POLICY
 {
   "Version": "2012-10-17",
@@ -125,9 +168,10 @@ POLICY
 // [cert_manager]
 //
 cert_manager = {
-  create_iam_resources = false
+  create_iam_resources      = false
   create_iam_resources_kiam = false
-  attach_to_pool = 0
+  attach_to_pool            = 0
+
   iam_policy = <<POLICY
 {
   "Version": "2012-10-17",
@@ -157,12 +201,13 @@ POLICY
 //
 kiam = {
   create_iam_resources = false
-  attach_to_pool = 0
+  attach_to_pool       = 0
 }
 
 fluentd_cloudwatch = {
-  create_iam_resources = false
+  create_iam_resources      = false
   create_iam_resources_kiam = false
+
   iam_policy = <<POLICY
 {
     "Version": "2012-10-17",
@@ -184,16 +229,17 @@ POLICY
 }
 
 virtual_kubelet = {
-  create_iam_resources_kiam = false
+  create_iam_resources_kiam   = false
   create_cloudwatch_log_group = false
-  cloudwatch_log_group = "eks-virtual-kubelet"
+  cloudwatch_log_group        = "eks-virtual-kubelet"
 }
 
 cni_metrics_helper = {
-  create_iam_resources = true
+  create_iam_resources      = true
   create_iam_resources_kiam = false
-  use_kiam = false
-  attach_to_pool = 0
+  use_kiam                  = false
+  attach_to_pool            = 0
+
   iam_policy = <<POLICY
 {
   "Version": "2012-10-17",
@@ -206,6 +252,7 @@ cni_metrics_helper = {
   ]
 }
 POLICY
+
   deployment_scheduling = <<EXTRA_SCHEDULING
 affinity:
   nodeAffinity:
@@ -219,33 +266,57 @@ tolerations:
     effect: NoSchedule
     key: "node-role.kubernetes.io/controller"
 EXTRA_SCHEDULING
+
   deployment_scheduling_kiam = <<EXTRA_SCHEDULING
 EXTRA_SCHEDULING
 }
 
 node-pools = [
   {
-    name = "controller"
-    min_size = 1
-    max_size = 1
-    desired_capacity = 1
-    instance_type = "t3.medium"
-    key_name = "keypair"
-    volume_size = 30
-    volume_type = "gp2"
-    autoscaling = "disabled"
+    name            = "controller"
+    extra_user_data = <<EXTRA_USER_DATA
+EXTRA_USER_DATA
+
+    min_size           = 1
+    max_size           = 1
+    desired_capacity   = 1
+    instance_type      = "t3.medium"
+    key_name           = "ocelot"
+    volume_size        = 30
+    volume_type        = "gp2"
+    autoscaling        = "disabled"
     kubelet_extra_args = "--kubelet-extra-args '--node-labels node-role.kubernetes.io/controller=\"\" --register-with-taints node-role.kubernetes.io/controller=:NoSchedule --kube-reserved cpu=250m,memory=0.5Gi,ephemeral-storage=1Gi --system-reserved cpu=250m,memory=0.2Gi,ephemeral-storage=1Gi --eviction-hard memory.available<500Mi,nodefs.available<10%'"
   },
   {
-    name = "default"
-    min_size = 3
-    max_size = 9
-    desired_capacity = 3
-    instance_type = "t3.medium"
-    key_name = "keypair"
-    volume_size = 30
-    volume_type = "gp2"
-    autoscaling = "enabled"
+    name            = "default"
+    extra_user_data = <<EXTRA_USER_DATA
+EXTRA_USER_DATA
+
+    min_size           = 3
+    max_size           = 9
+    desired_capacity   = 3
+    instance_type      = "t3.medium"
+    key_name           = "ocelot"
+    volume_size        = 30
+    volume_type        = "gp2"
+    autoscaling        = "enabled"
     kubelet_extra_args = "--kubelet-extra-args '--node-labels node-role.kubernetes.io/node=\"\" --kube-reserved cpu=250m,memory=0.5Gi,ephemeral-storage=1Gi --system-reserved cpu=250m,memory=0.2Gi,ephemeral-storage=1Gi --eviction-hard memory.available<500Mi,nodefs.available<10%'"
   },
 ]
+
+node-pools-tags = [
+  [
+    {
+      key                 = "Env"
+      value               = "Sample"
+      propagate_at_launch = true
+    },
+  ],
+  [
+    {
+      key                 = "Env"
+      value               = "Sample"
+      propagate_at_launch = true
+    },
+  ],
+]