I’m wondering on using Security Groups for Pods on EKS — I’ve got most of it automated with a Managed Node Group + using the EKS Addons. — general instructions are here: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html One spot I’ve ran into an issue is with patching the

ENABLE_POD_ENI

environment variable? Any ideas on how to best do this with Pulumi? The AWS documentation says to run ”

kubectl set env daemonset aws-node -n kube-system ENABLE_POD_ENI=true

Have you looked at the pulumi-eks provider? It should be able to handle most of this, e.g.: https://github.com/pulumi/pulumi-eks/blob/4f4a75b17de98cf2f9c3d34a960b59503cbc4f0a/python/pulumi_eks/vpc_cni.py#L21

I’m currently using it - but i’m doing the VPC CNI outside of it, because I needed to upgrade the VPC CNI in order to use SecurityGroups for pods? also as I;’ve been using it, I’ve kinda been starting to agree with this Issue: https://github.com/pulumi/pulumi-eks/issues/592

Yeah sadly this gets a bit ugly. You could either try importing the daemonset into pulumi and updating the environment variable in the spec or use a dynamic provider to set it on the existing daemonset - essentially wrapping kubectl command you mentioned…