pulumi-eks 4.3.0a1768463252__py3-none-any.whl

pulumi_eks/vpc_cni_addon.py

@@ -0,0 +1,719 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-gen-eks. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from ._enums import *
+
+__all__ = ['VpcCniAddonArgs', 'VpcCniAddon']
+
+@pulumi.input_type
+class VpcCniAddonArgs:
+    def __init__(__self__, *,
+                 cluster_name: pulumi.Input[_builtins.str],
+                 addon_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_network_config: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[_builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[_builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[_builtins.bool]] = None,
+                 resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
+                 resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
+                 security_context_privileged: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[_builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[_builtins.int]] = None):
+        """
+        The set of arguments for constructing a VpcCniAddon resource.
+        :param pulumi.Input[_builtins.str] cluster_name: The name of the EKS cluster.
+        :param pulumi.Input[_builtins.str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
+        :param pulumi.Input[_builtins.str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
+        :param pulumi.Input[_builtins.bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
+        :param pulumi.Input[_builtins.bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
+        :param pulumi.Input[_builtins.bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
+        :param pulumi.Input[Mapping[str, Any]] configuration_values: Custom configuration values for the vpc-cni addon. This object must match the schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
+        :param pulumi.Input[_builtins.bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
+               
+               Defaults to false.
+        :param pulumi.Input[_builtins.bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
+        :param pulumi.Input[_builtins.bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
+               
+               See for more information: [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
+        :param pulumi.Input[_builtins.bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
+        :param pulumi.Input[_builtins.bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
+        :param pulumi.Input[_builtins.str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
+               Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
+               
+               Defaults to the official AWS CNI image in ECR.
+        :param pulumi.Input[_builtins.int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
+               
+               Defaults to 9001.
+        :param pulumi.Input[_builtins.bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
+               
+               Defaults to false.
+        :param pulumi.Input[_builtins.str] log_file: Specifies the file path used for logs.
+               
+               Defaults to "stdout" to emit Pod logs for `kubectl logs`.
+        :param pulumi.Input[_builtins.str] log_level: Specifies the log level used for logs.
+               
+               Defaults to "DEBUG"
+               Valid values: "DEBUG", "INFO", "WARN", "ERROR", or "FATAL".
+        :param pulumi.Input[_builtins.bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
+               
+               Defaults to true.
+        :param 'ResolveConflictsOnCreate' resolve_conflicts_on_create: How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Docs.
+        :param 'ResolveConflictsOnUpdate' resolve_conflicts_on_update: How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value.  Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Docs.
+        :param pulumi.Input[_builtins.bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
+        :param pulumi.Input[_builtins.str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
+               
+               For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the Amazon EKS User Guide.
+               
+               Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the Amazon EKS User Guide.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+        :param pulumi.Input[_builtins.str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
+               
+               The prefix can be at most 4 characters long.
+               
+               Defaults to "eni".
+        :param pulumi.Input[_builtins.int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
+               
+               Defaults to 1.
+        :param pulumi.Input[_builtins.int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[_builtins.int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
+        """
+        pulumi.set(__self__, "cluster_name", cluster_name)
+        if addon_version is not None:
+            pulumi.set(__self__, "addon_version", addon_version)
+        if cluster_version is not None:
+            pulumi.set(__self__, "cluster_version", cluster_version)
+        if cni_configure_rpfilter is not None:
+            pulumi.set(__self__, "cni_configure_rpfilter", cni_configure_rpfilter)
+        if cni_custom_network_cfg is not None:
+            pulumi.set(__self__, "cni_custom_network_cfg", cni_custom_network_cfg)
+        if cni_external_snat is not None:
+            pulumi.set(__self__, "cni_external_snat", cni_external_snat)
+        if configuration_values is not None:
+            pulumi.set(__self__, "configuration_values", configuration_values)
+        if custom_network_config is not None:
+            pulumi.set(__self__, "custom_network_config", custom_network_config)
+        if disable_tcp_early_demux is not None:
+            pulumi.set(__self__, "disable_tcp_early_demux", disable_tcp_early_demux)
+        if enable_network_policy is not None:
+            pulumi.set(__self__, "enable_network_policy", enable_network_policy)
+        if enable_pod_eni is not None:
+            pulumi.set(__self__, "enable_pod_eni", enable_pod_eni)
+        if enable_prefix_delegation is not None:
+            pulumi.set(__self__, "enable_prefix_delegation", enable_prefix_delegation)
+        if eni_config_label_def is not None:
+            pulumi.set(__self__, "eni_config_label_def", eni_config_label_def)
+        if eni_mtu is not None:
+            pulumi.set(__self__, "eni_mtu", eni_mtu)
+        if external_snat is not None:
+            pulumi.set(__self__, "external_snat", external_snat)
+        if log_file is not None:
+            pulumi.set(__self__, "log_file", log_file)
+        if log_level is not None:
+            pulumi.set(__self__, "log_level", log_level)
+        if node_port_support is not None:
+            pulumi.set(__self__, "node_port_support", node_port_support)
+        if resolve_conflicts_on_create is None:
+            resolve_conflicts_on_create = 'OVERWRITE'
+        if resolve_conflicts_on_create is not None:
+            pulumi.set(__self__, "resolve_conflicts_on_create", resolve_conflicts_on_create)
+        if resolve_conflicts_on_update is None:
+            resolve_conflicts_on_update = 'OVERWRITE'
+        if resolve_conflicts_on_update is not None:
+            pulumi.set(__self__, "resolve_conflicts_on_update", resolve_conflicts_on_update)
+        if security_context_privileged is not None:
+            pulumi.set(__self__, "security_context_privileged", security_context_privileged)
+        if service_account_role_arn is not None:
+            pulumi.set(__self__, "service_account_role_arn", service_account_role_arn)
+        if tags is not None:
+            pulumi.set(__self__, "tags", tags)
+        if veth_prefix is not None:
+            pulumi.set(__self__, "veth_prefix", veth_prefix)
+        if warm_eni_target is not None:
+            pulumi.set(__self__, "warm_eni_target", warm_eni_target)
+        if warm_ip_target is not None:
+            pulumi.set(__self__, "warm_ip_target", warm_ip_target)
+        if warm_prefix_target is not None:
+            pulumi.set(__self__, "warm_prefix_target", warm_prefix_target)
+
+    @_builtins.property
+    @pulumi.getter(name="clusterName")
+    def cluster_name(self) -> pulumi.Input[_builtins.str]:
+        """
+        The name of the EKS cluster.
+        """
+        return pulumi.get(self, "cluster_name")
+
+    @cluster_name.setter
+    def cluster_name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "cluster_name", value)
+
+    @_builtins.property
+    @pulumi.getter(name="addonVersion")
+    def addon_version(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
+        """
+        return pulumi.get(self, "addon_version")
+
+    @addon_version.setter
+    def addon_version(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "addon_version", value)
+
+    @_builtins.property
+    @pulumi.getter(name="clusterVersion")
+    def cluster_version(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
+        """
+        return pulumi.get(self, "cluster_version")
+
+    @cluster_version.setter
+    def cluster_version(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "cluster_version", value)
+
+    @_builtins.property
+    @pulumi.getter(name="cniConfigureRpfilter")
+    def cni_configure_rpfilter(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
+        """
+        return pulumi.get(self, "cni_configure_rpfilter")
+
+    @cni_configure_rpfilter.setter
+    def cni_configure_rpfilter(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "cni_configure_rpfilter", value)
+
+    @_builtins.property
+    @pulumi.getter(name="cniCustomNetworkCfg")
+    def cni_custom_network_cfg(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
+        """
+        return pulumi.get(self, "cni_custom_network_cfg")
+
+    @cni_custom_network_cfg.setter
+    def cni_custom_network_cfg(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "cni_custom_network_cfg", value)
+
+    @_builtins.property
+    @pulumi.getter(name="cniExternalSnat")
+    def cni_external_snat(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
+        """
+        return pulumi.get(self, "cni_external_snat")
+
+    @cni_external_snat.setter
+    def cni_external_snat(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "cni_external_snat", value)
+
+    @_builtins.property
+    @pulumi.getter(name="configurationValues")
+    def configuration_values(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+        """
+        Custom configuration values for the vpc-cni addon. This object must match the schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
+        """
+        return pulumi.get(self, "configuration_values")
+
+    @configuration_values.setter
+    def configuration_values(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+        pulumi.set(self, "configuration_values", value)
+
+    @_builtins.property
+    @pulumi.getter(name="customNetworkConfig")
+    def custom_network_config(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
+
+        Defaults to false.
+        """
+        return pulumi.get(self, "custom_network_config")
+
+    @custom_network_config.setter
+    def custom_network_config(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "custom_network_config", value)
+
+    @_builtins.property
+    @pulumi.getter(name="disableTcpEarlyDemux")
+    def disable_tcp_early_demux(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
+        """
+        return pulumi.get(self, "disable_tcp_early_demux")
+
+    @disable_tcp_early_demux.setter
+    def disable_tcp_early_demux(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "disable_tcp_early_demux", value)
+
+    @_builtins.property
+    @pulumi.getter(name="enableNetworkPolicy")
+    def enable_network_policy(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
+
+        See for more information: [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
+        """
+        return pulumi.get(self, "enable_network_policy")
+
+    @enable_network_policy.setter
+    def enable_network_policy(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "enable_network_policy", value)
+
+    @_builtins.property
+    @pulumi.getter(name="enablePodEni")
+    def enable_pod_eni(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
+        """
+        return pulumi.get(self, "enable_pod_eni")
+
+    @enable_pod_eni.setter
+    def enable_pod_eni(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "enable_pod_eni", value)
+
+    @_builtins.property
+    @pulumi.getter(name="enablePrefixDelegation")
+    def enable_prefix_delegation(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
+        """
+        return pulumi.get(self, "enable_prefix_delegation")
+
+    @enable_prefix_delegation.setter
+    def enable_prefix_delegation(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "enable_prefix_delegation", value)
+
+    @_builtins.property
+    @pulumi.getter(name="eniConfigLabelDef")
+    def eni_config_label_def(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
+        Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
+
+        Defaults to the official AWS CNI image in ECR.
+        """
+        return pulumi.get(self, "eni_config_label_def")
+
+    @eni_config_label_def.setter
+    def eni_config_label_def(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "eni_config_label_def", value)
+
+    @_builtins.property
+    @pulumi.getter(name="eniMtu")
+    def eni_mtu(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
+
+        Defaults to 9001.
+        """
+        return pulumi.get(self, "eni_mtu")
+
+    @eni_mtu.setter
+    def eni_mtu(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "eni_mtu", value)
+
+    @_builtins.property
+    @pulumi.getter(name="externalSnat")
+    def external_snat(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
+
+        Defaults to false.
+        """
+        return pulumi.get(self, "external_snat")
+
+    @external_snat.setter
+    def external_snat(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "external_snat", value)
+
+    @_builtins.property
+    @pulumi.getter(name="logFile")
+    def log_file(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Specifies the file path used for logs.
+
+        Defaults to "stdout" to emit Pod logs for `kubectl logs`.
+        """
+        return pulumi.get(self, "log_file")
+
+    @log_file.setter
+    def log_file(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "log_file", value)
+
+    @_builtins.property
+    @pulumi.getter(name="logLevel")
+    def log_level(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Specifies the log level used for logs.
+
+        Defaults to "DEBUG"
+        Valid values: "DEBUG", "INFO", "WARN", "ERROR", or "FATAL".
+        """
+        return pulumi.get(self, "log_level")
+
+    @log_level.setter
+    def log_level(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "log_level", value)
+
+    @_builtins.property
+    @pulumi.getter(name="nodePortSupport")
+    def node_port_support(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
+
+        Defaults to true.
+        """
+        return pulumi.get(self, "node_port_support")
+
+    @node_port_support.setter
+    def node_port_support(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "node_port_support", value)
+
+    @_builtins.property
+    @pulumi.getter(name="resolveConflictsOnCreate")
+    def resolve_conflicts_on_create(self) -> Optional['ResolveConflictsOnCreate']:
+        """
+        How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Docs.
+        """
+        return pulumi.get(self, "resolve_conflicts_on_create")
+
+    @resolve_conflicts_on_create.setter
+    def resolve_conflicts_on_create(self, value: Optional['ResolveConflictsOnCreate']):
+        pulumi.set(self, "resolve_conflicts_on_create", value)
+
+    @_builtins.property
+    @pulumi.getter(name="resolveConflictsOnUpdate")
+    def resolve_conflicts_on_update(self) -> Optional['ResolveConflictsOnUpdate']:
+        """
+        How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value.  Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Docs.
+        """
+        return pulumi.get(self, "resolve_conflicts_on_update")
+
+    @resolve_conflicts_on_update.setter
+    def resolve_conflicts_on_update(self, value: Optional['ResolveConflictsOnUpdate']):
+        pulumi.set(self, "resolve_conflicts_on_update", value)
+
+    @_builtins.property
+    @pulumi.getter(name="securityContextPrivileged")
+    def security_context_privileged(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
+        """
+        return pulumi.get(self, "security_context_privileged")
+
+    @security_context_privileged.setter
+    def security_context_privileged(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "security_context_privileged", value)
+
+    @_builtins.property
+    @pulumi.getter(name="serviceAccountRoleArn")
+    def service_account_role_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
+
+        For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the Amazon EKS User Guide.
+
+        Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the Amazon EKS User Guide.
+        """
+        return pulumi.get(self, "service_account_role_arn")
+
+    @service_account_role_arn.setter
+    def service_account_role_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "service_account_role_arn", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]:
+        """
+        Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+        """
+        return pulumi.get(self, "tags")
+
+    @tags.setter
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]):
+        pulumi.set(self, "tags", value)
+
+    @_builtins.property
+    @pulumi.getter(name="vethPrefix")
+    def veth_prefix(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Specifies the veth prefix used to generate the host-side veth device name for the CNI.
+
+        The prefix can be at most 4 characters long.
+
+        Defaults to "eni".
+        """
+        return pulumi.get(self, "veth_prefix")
+
+    @veth_prefix.setter
+    def veth_prefix(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "veth_prefix", value)
+
+    @_builtins.property
+    @pulumi.getter(name="warmEniTarget")
+    def warm_eni_target(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
+
+        Defaults to 1.
+        """
+        return pulumi.get(self, "warm_eni_target")
+
+    @warm_eni_target.setter
+    def warm_eni_target(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "warm_eni_target", value)
+
+    @_builtins.property
+    @pulumi.getter(name="warmIpTarget")
+    def warm_ip_target(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        """
+        return pulumi.get(self, "warm_ip_target")
+
+    @warm_ip_target.setter
+    def warm_ip_target(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "warm_ip_target", value)
+
+    @_builtins.property
+    @pulumi.getter(name="warmPrefixTarget")
+    def warm_prefix_target(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
+        """
+        return pulumi.get(self, "warm_prefix_target")
+
+    @warm_prefix_target.setter
+    def warm_prefix_target(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "warm_prefix_target", value)
+
+
+@pulumi.type_token("eks:index:VpcCniAddon")
+class VpcCniAddon(pulumi.ComponentResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 addon_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cluster_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_network_config: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[_builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[_builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[_builtins.bool]] = None,
+                 resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
+                 resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
+                 security_context_privileged: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[_builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        """
+        VpcCniAddon manages the configuration of the Amazon VPC CNI plugin for Kubernetes by leveraging the EKS managed add-on.
+        For more information see: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] addon_version: The version of the addon to use. If not specified, the latest version of the addon for the cluster's Kubernetes version will be used.
+        :param pulumi.Input[_builtins.str] cluster_name: The name of the EKS cluster.
+        :param pulumi.Input[_builtins.str] cluster_version: The Kubernetes version of the cluster. This is used to determine the addon version to use if `addonVersion` is not specified.
+        :param pulumi.Input[_builtins.bool] cni_configure_rpfilter: Specifies whether ipamd should configure rp filter for primary interface. Default is `false`.
+        :param pulumi.Input[_builtins.bool] cni_custom_network_cfg: Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration. By default, pods share the same subnet and security groups as the worker node's primary interface. Setting this variable to true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interface allocation. You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or label each worker node to use a specific ENIConfig (multiple worker nodes can be annotated or labelled with the same ENIConfig). Worker nodes can only be annotated with a single ENIConfig at a time, and the subnet in the ENIConfig must belong to the same Availability Zone that the worker node resides in. For more information, see CNI Custom Networking in the Amazon EKS User Guide. Default is `false`
+        :param pulumi.Input[_builtins.bool] cni_external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied. Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs, and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device. Default is `false`
+        :param pulumi.Input[Mapping[str, Any]] configuration_values: Custom configuration values for the vpc-cni addon. This object must match the schema derived from [describe-addon-configuration](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-configuration.html).
+        :param pulumi.Input[_builtins.bool] custom_network_config: Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster's `resourcesVpcConfig`.
+               
+               Defaults to false.
+        :param pulumi.Input[_builtins.bool] disable_tcp_early_demux: Allows the kubelet's liveness and readiness probes to connect via TCP when pod ENI is enabled. This will slightly increase local TCP connection latency.
+        :param pulumi.Input[_builtins.bool] enable_network_policy: Enables using Kubernetes network policies. In Kubernetes, by default, all pod-to-pod communication is allowed. Communication can be restricted with Kubernetes NetworkPolicy objects.
+               
+               See for more information: [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
+        :param pulumi.Input[_builtins.bool] enable_pod_eni: Specifies whether to allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI. Default is `false`. If using liveness and readiness probes, you will also need to disable TCP early demux.
+        :param pulumi.Input[_builtins.bool] enable_prefix_delegation: IPAMD will start allocating (/28) prefixes to the ENIs with ENABLE_PREFIX_DELEGATION set to true.
+        :param pulumi.Input[_builtins.str] eni_config_label_def: Specifies the ENI_CONFIG_LABEL_DEF environment variable value for worker nodes. This is used to tell Kubernetes to automatically apply the ENIConfig for each Availability Zone
+               Ref: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html (step 5(c))
+               
+               Defaults to the official AWS CNI image in ECR.
+        :param pulumi.Input[_builtins.int] eni_mtu: Used to configure the MTU size for attached ENIs. The valid range is from 576 to 9001.
+               
+               Defaults to 9001.
+        :param pulumi.Input[_builtins.bool] external_snat: Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.
+               
+               Defaults to false.
+        :param pulumi.Input[_builtins.str] log_file: Specifies the file path used for logs.
+               
+               Defaults to "stdout" to emit Pod logs for `kubectl logs`.
+        :param pulumi.Input[_builtins.str] log_level: Specifies the log level used for logs.
+               
+               Defaults to "DEBUG"
+               Valid values: "DEBUG", "INFO", "WARN", "ERROR", or "FATAL".
+        :param pulumi.Input[_builtins.bool] node_port_support: Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
+               
+               Defaults to true.
+        :param 'ResolveConflictsOnCreate' resolve_conflicts_on_create: How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are `NONE` and `OVERWRITE`. For more details see the [CreateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateAddon.html) API Docs.
+        :param 'ResolveConflictsOnUpdate' resolve_conflicts_on_update: How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value.  Valid values are `NONE`, `OVERWRITE`, and `PRESERVE`. For more details see the [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) API Docs.
+        :param pulumi.Input[_builtins.bool] security_context_privileged: Pass privilege to containers securityContext. This is required when SELinux is enabled. This value will not be passed to the CNI config by default
+        :param pulumi.Input[_builtins.str] service_account_role_arn: The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role.
+               
+               For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the Amazon EKS User Guide.
+               
+               Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the Amazon EKS User Guide.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] tags: Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+        :param pulumi.Input[_builtins.str] veth_prefix: Specifies the veth prefix used to generate the host-side veth device name for the CNI.
+               
+               The prefix can be at most 4 characters long.
+               
+               Defaults to "eni".
+        :param pulumi.Input[_builtins.int] warm_eni_target: Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.
+               
+               Defaults to 1.
+        :param pulumi.Input[_builtins.int] warm_ip_target: Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.
+        :param pulumi.Input[_builtins.int] warm_prefix_target: WARM_PREFIX_TARGET will allocate one full (/28) prefix even if a single IP  is consumed with the existing prefix. Ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/prefix-and-ip-target.md
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: VpcCniAddonArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        VpcCniAddon manages the configuration of the Amazon VPC CNI plugin for Kubernetes by leveraging the EKS managed add-on.
+        For more information see: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
+
+        :param str resource_name: The name of the resource.
+        :param VpcCniAddonArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(VpcCniAddonArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 addon_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cluster_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 cluster_version: Optional[pulumi.Input[_builtins.str]] = None,
+                 cni_configure_rpfilter: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_custom_network_cfg: Optional[pulumi.Input[_builtins.bool]] = None,
+                 cni_external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 configuration_values: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_network_config: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_tcp_early_demux: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_network_policy: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_pod_eni: Optional[pulumi.Input[_builtins.bool]] = None,
+                 enable_prefix_delegation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 eni_config_label_def: Optional[pulumi.Input[_builtins.str]] = None,
+                 eni_mtu: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_snat: Optional[pulumi.Input[_builtins.bool]] = None,
+                 log_file: Optional[pulumi.Input[_builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[_builtins.str]] = None,
+                 node_port_support: Optional[pulumi.Input[_builtins.bool]] = None,
+                 resolve_conflicts_on_create: Optional['ResolveConflictsOnCreate'] = None,
+                 resolve_conflicts_on_update: Optional['ResolveConflictsOnUpdate'] = None,
+                 security_context_privileged: Optional[pulumi.Input[_builtins.bool]] = None,
+                 service_account_role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+                 veth_prefix: Optional[pulumi.Input[_builtins.str]] = None,
+                 warm_eni_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_ip_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 warm_prefix_target: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is not None:
+            raise ValueError('ComponentResource classes do not support opts.id')
+        else:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = VpcCniAddonArgs.__new__(VpcCniAddonArgs)
+
+            __props__.__dict__["addon_version"] = addon_version
+            if cluster_name is None and not opts.urn:
+                raise TypeError("Missing required property 'cluster_name'")
+            __props__.__dict__["cluster_name"] = cluster_name
+            __props__.__dict__["cluster_version"] = cluster_version
+            __props__.__dict__["cni_configure_rpfilter"] = cni_configure_rpfilter
+            __props__.__dict__["cni_custom_network_cfg"] = cni_custom_network_cfg
+            __props__.__dict__["cni_external_snat"] = cni_external_snat
+            __props__.__dict__["configuration_values"] = configuration_values
+            __props__.__dict__["custom_network_config"] = custom_network_config
+            __props__.__dict__["disable_tcp_early_demux"] = disable_tcp_early_demux
+            __props__.__dict__["enable_network_policy"] = enable_network_policy
+            __props__.__dict__["enable_pod_eni"] = enable_pod_eni
+            __props__.__dict__["enable_prefix_delegation"] = enable_prefix_delegation
+            __props__.__dict__["eni_config_label_def"] = eni_config_label_def
+            __props__.__dict__["eni_mtu"] = eni_mtu
+            __props__.__dict__["external_snat"] = external_snat
+            __props__.__dict__["log_file"] = log_file
+            __props__.__dict__["log_level"] = log_level
+            __props__.__dict__["node_port_support"] = node_port_support
+            if resolve_conflicts_on_create is None:
+                resolve_conflicts_on_create = 'OVERWRITE'
+            __props__.__dict__["resolve_conflicts_on_create"] = resolve_conflicts_on_create
+            if resolve_conflicts_on_update is None:
+                resolve_conflicts_on_update = 'OVERWRITE'
+            __props__.__dict__["resolve_conflicts_on_update"] = resolve_conflicts_on_update
+            __props__.__dict__["security_context_privileged"] = security_context_privileged
+            __props__.__dict__["service_account_role_arn"] = service_account_role_arn
+            __props__.__dict__["tags"] = tags
+            __props__.__dict__["veth_prefix"] = veth_prefix
+            __props__.__dict__["warm_eni_target"] = warm_eni_target
+            __props__.__dict__["warm_ip_target"] = warm_ip_target
+            __props__.__dict__["warm_prefix_target"] = warm_prefix_target
+        alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="eks:index:VpcCni")])
+        opts = pulumi.ResourceOptions.merge(opts, alias_opts)
+        super(VpcCniAddon, __self__).__init__(
+            'eks:index:VpcCniAddon',
+            resource_name,
+            __props__,
+            opts,
+            remote=True)
+