https://pulumi.com logo
Title
i

important-sandwich-62391

07/12/2021, 6:15 PM
I’m wondering on using Security Groups for Pods on EKS — I’ve got most of it automated with a Managed Node Group + using the EKS Addons. — general instructions are here: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html One spot I’ve ran into an issue is with patching the
ENABLE_POD_ENI
environment variable? Any ideas on how to best do this with Pulumi? The AWS documentation says to run ”
kubectl set env daemonset aws-node -n kube-system ENABLE_POD_ENI=true
s

sparse-park-68967

07/13/2021, 9:58 PM
Have you looked at the pulumi-eks provider? It should be able to handle most of this, e.g.: https://github.com/pulumi/pulumi-eks/blob/4f4a75b17de98cf2f9c3d34a960b59503cbc4f0a/python/pulumi_eks/vpc_cni.py#L21
i

important-sandwich-62391

07/14/2021, 11:09 PM
I’m currently using it - but i’m doing the VPC CNI outside of it, because I needed to upgrade the VPC CNI in order to use SecurityGroups for pods? also as I;’ve been using it, I’ve kinda been starting to agree with this Issue: https://github.com/pulumi/pulumi-eks/issues/592
s

sparse-park-68967

07/15/2021, 6:32 PM
Yeah sadly this gets a bit ugly. You could either try importing the daemonset into pulumi and updating the environment variable in the spec or use a dynamic provider to set it on the existing daemonset - essentially wrapping kubectl command you mentioned…