Do not set any service CIDR unless user sets it

The approach I'm taking here leaves the attribute null.

If not set by the user, whatever EKS uses as the default
will be used. If the user overwrites it, their value will
be used.

I prefer this approach, because I do not have to concern
myself at all with whatever the EKS default is.

aws/_modules/eks/master.tf

@@ -10,8 +10,11 @@ resource "aws_eks_cluster" "current" {
     public_access_cidrs     = var.cluster_public_access_cidrs
   }
 
-  kubernetes_network_config {
-    service_ipv4_cidr = var.cluster_service_cidr
+  dynamic "kubernetes_network_config" {
+    for_each = var.cluster_service_cidr != null ? toset([1]) : toset([])
+    content {
+      service_ipv4_cidr = var.cluster_service_cidr
+    }
   }
 
   dynamic "encryption_config" {

aws/_modules/eks/variables.tf

@@ -163,7 +163,7 @@ variable "cluster_public_access_cidrs" {
 variable "cluster_service_cidr" {
   type        = string
   default     = null
-  description = "Sets the Service CIDR for the EKS cluster. EKS defaults this to 172.20.0.0/0."
+  description = "Sets the Service CIDR for the EKS cluster."
 }
 
 variable "cluster_encryption_key_arn" {

aws/cluster/configuration.tf

@@ -82,7 +82,7 @@ locals {
   cluster_endpoint_public_access     = lookup(local.cfg, "cluster_endpoint_public_access", true)
   cluster_public_access_cidrs_lookup = lookup(local.cfg, "cluster_public_access_cidrs", null)
   cluster_public_access_cidrs        = local.cluster_public_access_cidrs_lookup == null ? null : split(",", local.cluster_public_access_cidrs_lookup)
-  cluster_service_cidr               = lookup(local.cfg, "cluster_service_cidr", "172.20.0.0/16")
+  cluster_service_cidr               = lookup(local.cfg, "cluster_service_cidr", null)
 
   cluster_encryption_key_arn = lookup(local.cfg, "cluster_encryption_key_arn", null)
 }