pulumi-eks 3.9.0a1742626547__py3-none-any.whl → 4.2.0__py3-none-any.whl

pulumi_eks/vpc_cni_addon.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by pulumi-gen-eks. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -20,90 +21,90 @@ __all__ = ['VpcCniAddonArgs', 'VpcCniAddon']
 @pulumi.input_type
 class VpcCniAddonArgs:
     def __init__(__self__, *,
-                 cluster_name: pulumi.Input[str],
-                 addon_version: Optional[pulumi.Input[str]] = None,
-                 cluster_version: Optional[pulumi.Input[str]] = None,
-                 cni_configure_rpfilter: Optional[pulumi.Input[bool]] = None,
-                 cni_custom_network_cfg: Optional[pulumi.Input[bool]] = None,
-                 cni_external_snat: Optional[pulumi.Input[bool]] = None,
+                 cluster_name: pulumi.Input[builtins.str],
+                 addon_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[builtins.bool]] = None,
                  configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 custom_network_config: Optional[pulumi.Input[bool]] = None,
-                 disable_tcp_early_demux: Optional[pulumi.Input[bool]] = None,
-                 enable_network_policy: Optional[pulumi.Input[bool]] = None,
-                 enable_pod_eni: Optional[pulumi.Input[bool]] = None,
-                 enable_prefix_delegation: Optional[pulumi.Input[bool]] = None,
-                 eni_config_label_def: Optional[pulumi.Input[str]] = None,
-                 eni_mtu: Optional[pulumi.Input[int]] = None,
-                 external_snat: Optional[pulumi.Input[bool]] = None,
-                 log_file: Optional[pulumi.Input[str]] = None,
-                 log_level: Optional[pulumi.Input[str]] = None,
-                 node_port_support: Optional[pulumi.Input[bool]] = None,
+                 custom_network_config: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[builtins.bool]] = None,
                  resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
                  resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
-                 security_context_privileged: Optional[pulumi.Input[bool]] = None,
-                 service_account_role_arn: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
-                 veth_prefix: Optional[pulumi.Input[str]] = None,
-                 warm_eni_target: Optional[pulumi.Input[int]] = None,
-                 warm_ip_target: Optional[pulumi.Input[int]] = None,
-                 warm_prefix_target: Optional[pulumi.Input[int]] = None):
+                 security_context_privileged: Optional[pulumi.Input[builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[builtins.int]] = None):
         """
         The set of arguments for constructing a VpcCniAddon resource.
-        :param pulumi.Input[str] cluster_name: The name of the EKS cluster.
-        :param pulumi.Input[str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
-        :param pulumi.Input[str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
-        :param pulumi.Input[bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
-        :param pulumi.Input[bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
-        :param pulumi.Input[bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
+        :param pulumi.Input[builtins.str] cluster_name: The name of the EKS cluster.
+        :param pulumi.Input[builtins.str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
+        :param pulumi.Input[builtins.str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
+        :param pulumi.Input[builtins.bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
+        :param pulumi.Input[builtins.bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
+        :param pulumi.Input[builtins.bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
         :param pulumi.Input[Mapping[str, Any]] configuration_values: Custom configuration values for the vpc-cni addon. This object must match the schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
-        :param pulumi.Input[bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
+        :param pulumi.Input[builtins.bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
                
                Defaults to false.
-        :param pulumi.Input[bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
-        :param pulumi.Input[bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
+        :param pulumi.Input[builtins.bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
+        :param pulumi.Input[builtins.bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
                
                See for more information: [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
-        :param pulumi.Input[bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
-        :param pulumi.Input[bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
-        :param pulumi.Input[str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
+        :param pulumi.Input[builtins.bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
+        :param pulumi.Input[builtins.bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
+        :param pulumi.Input[builtins.str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
                Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
                
                Defaults to the official AWS CNI image in ECR.
-        :param pulumi.Input[int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
+        :param pulumi.Input[builtins.int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
                
                Defaults to 9001.
-        :param pulumi.Input[bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
+        :param pulumi.Input[builtins.bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
                
                Defaults to false.
-        :param pulumi.Input[str] log_file: Specifies the file path used for logs.
+        :param pulumi.Input[builtins.str] log_file: Specifies the file path used for logs.
                
                Defaults to "stdout" to emit Pod logs for `kubectl logs`.
-        :param pulumi.Input[str] log_level: Specifies the log level used for logs.
+        :param pulumi.Input[builtins.str] log_level: Specifies the log level used for logs.
                
                Defaults to "DEBUG"
                Valid values: "DEBUG", "INFO", "WARN", "ERROR", or "FATAL".
-        :param pulumi.Input[bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
+        :param pulumi.Input[builtins.bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
                
                Defaults to true.
         :param 'ResolveConflictsOnCreate' resolve_conflicts_on_create: How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Docs.
         :param 'ResolveConflictsOnUpdate' resolve_conflicts_on_update: How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value.  Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Docs.
-        :param pulumi.Input[bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
-        :param pulumi.Input[str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
+        :param pulumi.Input[builtins.bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
+        :param pulumi.Input[builtins.str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
                
                For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the Amazon EKS User Guide.
                
                Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the Amazon EKS User Guide.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
-        :param pulumi.Input[str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+        :param pulumi.Input[builtins.str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
                
                The prefix can be at most 4 characters long.
                
                Defaults to "eni".
-        :param pulumi.Input[int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[builtins.int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
                
                Defaults to 1.
-        :param pulumi.Input[int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
-        :param pulumi.Input[int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
+        :param pulumi.Input[builtins.int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[builtins.int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
         """
         pulumi.set(__self__, "cluster_name", cluster_name)
         if addon_version is not None:
@@ -165,74 +166,74 @@ class VpcCniAddonArgs:
 
     @property
     @pulumi.getter(name="clusterName")
-    def cluster_name(self) -> pulumi.Input[str]:
+    def cluster_name(self) -> pulumi.Input[builtins.str]:
         """
         The name of the EKS cluster.
         """
         return pulumi.get(self, "cluster_name")
 
     @cluster_name.setter
-    def cluster_name(self, value: pulumi.Input[str]):
+    def cluster_name(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "cluster_name", value)
 
     @property
     @pulumi.getter(name="addonVersion")
-    def addon_version(self) -> Optional[pulumi.Input[str]]:
+    def addon_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
         """
         return pulumi.get(self, "addon_version")
 
     @addon_version.setter
-    def addon_version(self, value: Optional[pulumi.Input[str]]):
+    def addon_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "addon_version", value)
 
     @property
     @pulumi.getter(name="clusterVersion")
-    def cluster_version(self) -> Optional[pulumi.Input[str]]:
+    def cluster_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
         """
         return pulumi.get(self, "cluster_version")
 
     @cluster_version.setter
-    def cluster_version(self, value: Optional[pulumi.Input[str]]):
+    def cluster_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "cluster_version", value)
 
     @property
     @pulumi.getter(name="cniConfigureRpfilter")
-    def cni_configure_rpfilter(self) -> Optional[pulumi.Input[bool]]:
+    def cni_configure_rpfilter(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
         """
         return pulumi.get(self, "cni_configure_rpfilter")
 
     @cni_configure_rpfilter.setter
-    def cni_configure_rpfilter(self, value: Optional[pulumi.Input[bool]]):
+    def cni_configure_rpfilter(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "cni_configure_rpfilter", value)
 
     @property
     @pulumi.getter(name="cniCustomNetworkCfg")
-    def cni_custom_network_cfg(self) -> Optional[pulumi.Input[bool]]:
+    def cni_custom_network_cfg(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
         """
         return pulumi.get(self, "cni_custom_network_cfg")
 
     @cni_custom_network_cfg.setter
-    def cni_custom_network_cfg(self, value: Optional[pulumi.Input[bool]]):
+    def cni_custom_network_cfg(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "cni_custom_network_cfg", value)
 
     @property
     @pulumi.getter(name="cniExternalSnat")
-    def cni_external_snat(self) -> Optional[pulumi.Input[bool]]:
+    def cni_external_snat(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
         """
         return pulumi.get(self, "cni_external_snat")
 
     @cni_external_snat.setter
-    def cni_external_snat(self, value: Optional[pulumi.Input[bool]]):
+    def cni_external_snat(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "cni_external_snat", value)
 
     @property
@@ -249,7 +250,7 @@ class VpcCniAddonArgs:
 
     @property
     @pulumi.getter(name="customNetworkConfig")
-    def custom_network_config(self) -> Optional[pulumi.Input[bool]]:
+    def custom_network_config(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
 
@@ -258,24 +259,24 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "custom_network_config")
 
     @custom_network_config.setter
-    def custom_network_config(self, value: Optional[pulumi.Input[bool]]):
+    def custom_network_config(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "custom_network_config", value)
 
     @property
     @pulumi.getter(name="disableTcpEarlyDemux")
-    def disable_tcp_early_demux(self) -> Optional[pulumi.Input[bool]]:
+    def disable_tcp_early_demux(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
         """
         return pulumi.get(self, "disable_tcp_early_demux")
 
     @disable_tcp_early_demux.setter
-    def disable_tcp_early_demux(self, value: Optional[pulumi.Input[bool]]):
+    def disable_tcp_early_demux(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable_tcp_early_demux", value)
 
     @property
     @pulumi.getter(name="enableNetworkPolicy")
-    def enable_network_policy(self) -> Optional[pulumi.Input[bool]]:
+    def enable_network_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
 
@@ -284,36 +285,36 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "enable_network_policy")
 
     @enable_network_policy.setter
-    def enable_network_policy(self, value: Optional[pulumi.Input[bool]]):
+    def enable_network_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_network_policy", value)
 
     @property
     @pulumi.getter(name="enablePodEni")
-    def enable_pod_eni(self) -> Optional[pulumi.Input[bool]]:
+    def enable_pod_eni(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
         """
         return pulumi.get(self, "enable_pod_eni")
 
     @enable_pod_eni.setter
-    def enable_pod_eni(self, value: Optional[pulumi.Input[bool]]):
+    def enable_pod_eni(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_pod_eni", value)
 
     @property
     @pulumi.getter(name="enablePrefixDelegation")
-    def enable_prefix_delegation(self) -> Optional[pulumi.Input[bool]]:
+    def enable_prefix_delegation(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
         """
         return pulumi.get(self, "enable_prefix_delegation")
 
     @enable_prefix_delegation.setter
-    def enable_prefix_delegation(self, value: Optional[pulumi.Input[bool]]):
+    def enable_prefix_delegation(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_prefix_delegation", value)
 
     @property
     @pulumi.getter(name="eniConfigLabelDef")
-    def eni_config_label_def(self) -> Optional[pulumi.Input[str]]:
+    def eni_config_label_def(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
         Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
@@ -323,12 +324,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "eni_config_label_def")
 
     @eni_config_label_def.setter
-    def eni_config_label_def(self, value: Optional[pulumi.Input[str]]):
+    def eni_config_label_def(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "eni_config_label_def", value)
 
     @property
     @pulumi.getter(name="eniMtu")
-    def eni_mtu(self) -> Optional[pulumi.Input[int]]:
+    def eni_mtu(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
 
@@ -337,12 +338,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "eni_mtu")
 
     @eni_mtu.setter
-    def eni_mtu(self, value: Optional[pulumi.Input[int]]):
+    def eni_mtu(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "eni_mtu", value)
 
     @property
     @pulumi.getter(name="externalSnat")
-    def external_snat(self) -> Optional[pulumi.Input[bool]]:
+    def external_snat(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
 
@@ -351,12 +352,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "external_snat")
 
     @external_snat.setter
-    def external_snat(self, value: Optional[pulumi.Input[bool]]):
+    def external_snat(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "external_snat", value)
 
     @property
     @pulumi.getter(name="logFile")
-    def log_file(self) -> Optional[pulumi.Input[str]]:
+    def log_file(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the file path used for logs.
 
@@ -365,12 +366,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "log_file")
 
     @log_file.setter
-    def log_file(self, value: Optional[pulumi.Input[str]]):
+    def log_file(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "log_file", value)
 
     @property
     @pulumi.getter(name="logLevel")
-    def log_level(self) -> Optional[pulumi.Input[str]]:
+    def log_level(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the log level used for logs.
 
@@ -380,12 +381,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "log_level")
 
     @log_level.setter
-    def log_level(self, value: Optional[pulumi.Input[str]]):
+    def log_level(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "log_level", value)
 
     @property
     @pulumi.getter(name="nodePortSupport")
-    def node_port_support(self) -> Optional[pulumi.Input[bool]]:
+    def node_port_support(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
 
@@ -394,7 +395,7 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "node_port_support")
 
     @node_port_support.setter
-    def node_port_support(self, value: Optional[pulumi.Input[bool]]):
+    def node_port_support(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "node_port_support", value)
 
     @property
@@ -423,19 +424,19 @@ class VpcCniAddonArgs:
 
     @property
     @pulumi.getter(name="securityContextPrivileged")
-    def security_context_privileged(self) -> Optional[pulumi.Input[bool]]:
+    def security_context_privileged(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
         """
         return pulumi.get(self, "security_context_privileged")
 
     @security_context_privileged.setter
-    def security_context_privileged(self, value: Optional[pulumi.Input[bool]]):
+    def security_context_privileged(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "security_context_privileged", value)
 
     @property
     @pulumi.getter(name="serviceAccountRoleArn")
-    def service_account_role_arn(self) -> Optional[pulumi.Input[str]]:
+    def service_account_role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
 
@@ -446,24 +447,24 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "service_account_role_arn")
 
     @service_account_role_arn.setter
-    def service_account_role_arn(self, value: Optional[pulumi.Input[str]]):
+    def service_account_role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "service_account_role_arn", value)
 
     @property
     @pulumi.getter
-    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]:
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]:
         """
         Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
         """
         return pulumi.get(self, "tags")
 
     @tags.setter
-    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]]):
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]):
         pulumi.set(self, "tags", value)
 
     @property
     @pulumi.getter(name="vethPrefix")
-    def veth_prefix(self) -> Optional[pulumi.Input[str]]:
+    def veth_prefix(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the veth prefix used to generate the host-side veth device name for the CNI.
 
@@ -474,12 +475,12 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "veth_prefix")
 
     @veth_prefix.setter
-    def veth_prefix(self, value: Optional[pulumi.Input[str]]):
+    def veth_prefix(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "veth_prefix", value)
 
     @property
     @pulumi.getter(name="warmEniTarget")
-    def warm_eni_target(self) -> Optional[pulumi.Input[int]]:
+    def warm_eni_target(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
 
@@ -488,66 +489,67 @@ class VpcCniAddonArgs:
         return pulumi.get(self, "warm_eni_target")
 
     @warm_eni_target.setter
-    def warm_eni_target(self, value: Optional[pulumi.Input[int]]):
+    def warm_eni_target(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "warm_eni_target", value)
 
     @property
     @pulumi.getter(name="warmIpTarget")
-    def warm_ip_target(self) -> Optional[pulumi.Input[int]]:
+    def warm_ip_target(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
         """
         return pulumi.get(self, "warm_ip_target")
 
     @warm_ip_target.setter
-    def warm_ip_target(self, value: Optional[pulumi.Input[int]]):
+    def warm_ip_target(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "warm_ip_target", value)
 
     @property
     @pulumi.getter(name="warmPrefixTarget")
-    def warm_prefix_target(self) -> Optional[pulumi.Input[int]]:
+    def warm_prefix_target(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
         """
         return pulumi.get(self, "warm_prefix_target")
 
     @warm_prefix_target.setter
-    def warm_prefix_target(self, value: Optional[pulumi.Input[int]]):
+    def warm_prefix_target(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "warm_prefix_target", value)
 
 
+@pulumi.type_token("eks:index:VpcCniAddon")
 class VpcCniAddon(pulumi.ComponentResource):
     @overload
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 addon_version: Optional[pulumi.Input[str]] = None,
-                 cluster_name: Optional[pulumi.Input[str]] = None,
-                 cluster_version: Optional[pulumi.Input[str]] = None,
-                 cni_configure_rpfilter: Optional[pulumi.Input[bool]] = None,
-                 cni_custom_network_cfg: Optional[pulumi.Input[bool]] = None,
-                 cni_external_snat: Optional[pulumi.Input[bool]] = None,
+                 addon_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cluster_name: Optional[pulumi.Input[builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[builtins.bool]] = None,
                  configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 custom_network_config: Optional[pulumi.Input[bool]] = None,
-                 disable_tcp_early_demux: Optional[pulumi.Input[bool]] = None,
-                 enable_network_policy: Optional[pulumi.Input[bool]] = None,
-                 enable_pod_eni: Optional[pulumi.Input[bool]] = None,
-                 enable_prefix_delegation: Optional[pulumi.Input[bool]] = None,
-                 eni_config_label_def: Optional[pulumi.Input[str]] = None,
-                 eni_mtu: Optional[pulumi.Input[int]] = None,
-                 external_snat: Optional[pulumi.Input[bool]] = None,
-                 log_file: Optional[pulumi.Input[str]] = None,
-                 log_level: Optional[pulumi.Input[str]] = None,
-                 node_port_support: Optional[pulumi.Input[bool]] = None,
+                 custom_network_config: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[builtins.bool]] = None,
                  resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
                  resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
-                 security_context_privileged: Optional[pulumi.Input[bool]] = None,
-                 service_account_role_arn: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
-                 veth_prefix: Optional[pulumi.Input[str]] = None,
-                 warm_eni_target: Optional[pulumi.Input[int]] = None,
-                 warm_ip_target: Optional[pulumi.Input[int]] = None,
-                 warm_prefix_target: Optional[pulumi.Input[int]] = None,
+                 security_context_privileged: Optional[pulumi.Input[builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[builtins.int]] = None,
                  __props__=None):
         """
         VpcCniAddon manages the configuration of the Amazon VPC CNI plugin for Kubernetes by leveraging the EKS managed add-on.
@@ -555,61 +557,61 @@ class VpcCniAddon(pulumi.ComponentResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
-        :param pulumi.Input[str] cluster_name: The name of the EKS cluster.
-        :param pulumi.Input[str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
-        :param pulumi.Input[bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
-        :param pulumi.Input[bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
-        :param pulumi.Input[bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
+        :param pulumi.Input[builtins.str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
+        :param pulumi.Input[builtins.str] cluster_name: The name of the EKS cluster.
+        :param pulumi.Input[builtins.str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
+        :param pulumi.Input[builtins.bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
+        :param pulumi.Input[builtins.bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
+        :param pulumi.Input[builtins.bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
         :param pulumi.Input[Mapping[str, Any]] configuration_values: Custom configuration values for the vpc-cni addon. This object must match the schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
-        :param pulumi.Input[bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
+        :param pulumi.Input[builtins.bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
                
                Defaults to false.
-        :param pulumi.Input[bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
-        :param pulumi.Input[bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
+        :param pulumi.Input[builtins.bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
+        :param pulumi.Input[builtins.bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
                
                See for more information: [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
-        :param pulumi.Input[bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
-        :param pulumi.Input[bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
-        :param pulumi.Input[str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
+        :param pulumi.Input[builtins.bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
+        :param pulumi.Input[builtins.bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
+        :param pulumi.Input[builtins.str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
                Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
                
                Defaults to the official AWS CNI image in ECR.
-        :param pulumi.Input[int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
+        :param pulumi.Input[builtins.int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
                
                Defaults to 9001.
-        :param pulumi.Input[bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
+        :param pulumi.Input[builtins.bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
                
                Defaults to false.
-        :param pulumi.Input[str] log_file: Specifies the file path used for logs.
+        :param pulumi.Input[builtins.str] log_file: Specifies the file path used for logs.
                
                Defaults to "stdout" to emit Pod logs for `kubectl logs`.
-        :param pulumi.Input[str] log_level: Specifies the log level used for logs.
+        :param pulumi.Input[builtins.str] log_level: Specifies the log level used for logs.
                
                Defaults to "DEBUG"
                Valid values: "DEBUG", "INFO", "WARN", "ERROR", or "FATAL".
-        :param pulumi.Input[bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
+        :param pulumi.Input[builtins.bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
                
                Defaults to true.
         :param 'ResolveConflictsOnCreate' resolve_conflicts_on_create: How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Docs.
         :param 'ResolveConflictsOnUpdate' resolve_conflicts_on_update: How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value.  Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Docs.
-        :param pulumi.Input[bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
-        :param pulumi.Input[str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
+        :param pulumi.Input[builtins.bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
+        :param pulumi.Input[builtins.str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
                
                For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the Amazon EKS User Guide.
                
                Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the Amazon EKS User Guide.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
-        :param pulumi.Input[str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+        :param pulumi.Input[builtins.str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
                
                The prefix can be at most 4 characters long.
                
                Defaults to "eni".
-        :param pulumi.Input[int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[builtins.int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
                
                Defaults to 1.
-        :param pulumi.Input[int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
-        :param pulumi.Input[int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
+        :param pulumi.Input[builtins.int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[builtins.int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
         """
         ...
     @overload
@@ -636,33 +638,33 @@ class VpcCniAddon(pulumi.ComponentResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 addon_version: Optional[pulumi.Input[str]] = None,
-                 cluster_name: Optional[pulumi.Input[str]] = None,
-                 cluster_version: Optional[pulumi.Input[str]] = None,
-                 cni_configure_rpfilter: Optional[pulumi.Input[bool]] = None,
-                 cni_custom_network_cfg: Optional[pulumi.Input[bool]] = None,
-                 cni_external_snat: Optional[pulumi.Input[bool]] = None,
+                 addon_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cluster_name: Optional[pulumi.Input[builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[builtins.bool]] = None,
                  configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 custom_network_config: Optional[pulumi.Input[bool]] = None,
-                 disable_tcp_early_demux: Optional[pulumi.Input[bool]] = None,
-                 enable_network_policy: Optional[pulumi.Input[bool]] = None,
-                 enable_pod_eni: Optional[pulumi.Input[bool]] = None,
-                 enable_prefix_delegation: Optional[pulumi.Input[bool]] = None,
-                 eni_config_label_def: Optional[pulumi.Input[str]] = None,
-                 eni_mtu: Optional[pulumi.Input[int]] = None,
-                 external_snat: Optional[pulumi.Input[bool]] = None,
-                 log_file: Optional[pulumi.Input[str]] = None,
-                 log_level: Optional[pulumi.Input[str]] = None,
-                 node_port_support: Optional[pulumi.Input[bool]] = None,
+                 custom_network_config: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[builtins.bool]] = None,
                  resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
                  resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
-                 security_context_privileged: Optional[pulumi.Input[bool]] = None,
-                 service_account_role_arn: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[str]]]]]] = None,
-                 veth_prefix: Optional[pulumi.Input[str]] = None,
-                 warm_eni_target: Optional[pulumi.Input[int]] = None,
-                 warm_ip_target: Optional[pulumi.Input[int]] = None,
-                 warm_prefix_target: Optional[pulumi.Input[int]] = None,
+                 security_context_privileged: Optional[pulumi.Input[builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[builtins.int]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):