Allow setting custom nodeagent container images (#1094)

### Proposed changes

This PR exposes an additional option for `VpcCni` resources. The
`nodeImage` option will allow users to specify a custom
`aws-eks-nodeagent` container image.

#### Changes made:

- Added logic to enable customizing nodeagent container images
- Added jest unit test to validate images can be set
- Exposed the `nodeImage` option as a customizable argument in schema
- Rebuilt SDKs

### Related issues (optional)

Fixes: #1078

nodejs/eks/cmd/provider/cni.ts

@@ -36,6 +36,7 @@ interface VpcCniInputs {
     logLevel?: string;
     logFile?: string;
     image?: string;
+    nodeAgentImage?: string;
     initImage?: string;
     vethPrefix?: string;
     eniMtu?: number;
@@ -50,6 +51,17 @@ interface VpcCniInputs {
     securityContextPrivileged?: boolean;
 }
 
+export function updateImage(daemonSet: any, containerName: string, image: string): void {
+    for (const container of daemonSet.spec.template.spec.containers) {
+        if (container.name === containerName) {
+            container.image = image;
+            return;
+        }
+    }
+
+    throw new Error(`Container ${containerName} not found in daemonset`);
+}
+
 function computeVpcCniYaml(cniYamlText: string, args: VpcCniInputs): string {
     const cniYaml: any[] = jsyaml.loadAll(cniYamlText);
 
@@ -137,7 +149,10 @@ function computeVpcCniYaml(cniYamlText: string, args: VpcCniInputs): string {
         env.push({ name: "AWS_VPC_ENI_MTU", value: "9001" });
     }
     if (args.image) {
-        daemonSet.spec.template.spec.containers[0].image = args.image.toString();
+        updateImage(daemonSet, "aws-node", args.image.toString());
+    }
+    if (args.nodeAgentImage) {
+        updateImage(daemonSet, "aws-eks-nodeagent", args.nodeAgentImage.toString());
     }
     if (args.initImage) {
         daemonSet.spec.template.spec.initContainers[0].image = args.initImage.toString();
@@ -226,7 +241,7 @@ function computeVpcCniYaml(cniYamlText: string, args: VpcCniInputs): string {
     return cniYaml.map((o) => `---\n${jsyaml.dump(o)}`).join("");
 }
 
-function getBaseVpcCniYaml(): string {
+export function getBaseVpcCniYaml(): string {
     const yamlPath = path.join(__dirname, "../../cni/aws-k8s-cni.yaml");
     const cniYamlText = fs.readFileSync(yamlPath).toString();
 

nodejs/eks/cni.ts

@@ -93,12 +93,19 @@ export interface VpcCniOptions {
     logFile?: pulumi.Input<string>;
 
     /**
-     * Specifies the container image to use in the AWS CNI cluster DaemonSet.
+     * Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.
      *
      * Defaults to the official AWS CNI image in ECR.
      */
     image?: pulumi.Input<string>;
 
+    /**
+     * Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.
+     *
+     * Defaults to the official AWS CNI image in ECR.
+     */
+    nodeAgentImage?: pulumi.Input<string>;
+
     /**
      * Specifies the init container image to use in the AWS CNI cluster DaemonSet.
      *
@@ -244,6 +251,7 @@ export class VpcCni extends pulumi.CustomResource {
                 logLevel: args?.logLevel,
                 logFile: args?.logFile,
                 image: args?.image,
+                nodeAgentImage: args?.nodeAgentImage,
                 initImage: args?.initImage,
                 eniConfigLabelDef: args?.eniConfigLabelDef,
                 pluginLogLevel: args?.pluginLogLevel,

provider/cmd/pulumi-gen-eks/main.go

@@ -1688,9 +1688,14 @@ func vpcCniProperties(kubeconfig bool) map[string]schema.PropertySpec {
 		},
 		"image": {
 			TypeSpec: schema.TypeSpec{Type: "string"},
-			Description: "Specifies the container image to use in the AWS CNI cluster DaemonSet.\n\n" +
+			Description: "Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.\n\n" +
 				"Defaults to the official AWS CNI image in ECR.",
 		},
+		"nodeAgentImage": {
+			TypeSpec: schema.TypeSpec{Type: "string"},
+			Description: "Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.\n\n" +
+				"Defaults to the official AWS CNI nodeagent image in ECR.",
+		},
 		"initImage": {
 			TypeSpec: schema.TypeSpec{Type: "string"},
 			Description: "Specifies the init container image to use in the AWS CNI cluster DaemonSet.\n\n" +

provider/cmd/pulumi-resource-eks/schema.json

@@ -555,7 +555,7 @@
                 },
                 "image": {
                     "type": "string",
-                    "description": "Specifies the container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI image in ECR."
+                    "description": "Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI image in ECR."
                 },
                 "initImage": {
                     "type": "string",
@@ -569,6 +569,10 @@
                     "type": "string",
                     "description": "Specifies the log level used for logs.\n\nDefaults to \"DEBUG\"\nValid values: \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\", or \"FATAL\"."
                 },
+                "nodeAgentImage": {
+                    "type": "string",
+                    "description": "Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI nodeagent image in ECR."
+                },
                 "nodePortSupport": {
                     "type": "boolean",
                     "description": "Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.\n\nDefaults to true."
@@ -1522,7 +1526,7 @@
                 },
                 "image": {
                     "type": "string",
-                    "description": "Specifies the container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI image in ECR."
+                    "description": "Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI image in ECR."
                 },
                 "initImage": {
                     "type": "string",
@@ -1540,6 +1544,10 @@
                     "type": "string",
                     "description": "Specifies the log level used for logs.\n\nDefaults to \"DEBUG\"\nValid values: \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\", or \"FATAL\"."
                 },
+                "nodeAgentImage": {
+                    "type": "string",
+                    "description": "Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.\n\nDefaults to the official AWS CNI nodeagent image in ECR."
+                },
                 "nodePortSupport": {
                     "type": "boolean",
                     "description": "Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.\n\nDefaults to true."

sdk/dotnet/Inputs/VpcCniOptionsArgs.cs

@@ -91,7 +91,7 @@ public sealed class VpcCniOptionsArgs : global::Pulumi.ResourceArgs
         public Input<bool>? ExternalSnat { get; set; }
 
         /// <summary>
-        /// Specifies the container image to use in the AWS CNI cluster DaemonSet.
+        /// Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.
         /// 
         /// Defaults to the official AWS CNI image in ECR.
         /// </summary>
@@ -123,6 +123,14 @@ public sealed class VpcCniOptionsArgs : global::Pulumi.ResourceArgs
         [Input("logLevel")]
         public Input<string>? LogLevel { get; set; }
 
+        /// <summary>
+        /// Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.
+        /// 
+        /// Defaults to the official AWS CNI nodeagent image in ECR.
+        /// </summary>
+        [Input("nodeAgentImage")]
+        public Input<string>? NodeAgentImage { get; set; }
+
         /// <summary>
         /// Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
         /// 

sdk/dotnet/VpcCni.cs

@@ -135,7 +135,7 @@ public sealed class VpcCniArgs : global::Pulumi.ResourceArgs
         public Input<bool>? ExternalSnat { get; set; }
 
         /// <summary>
-        /// Specifies the container image to use in the AWS CNI cluster DaemonSet.
+        /// Specifies the aws-node container image to use in the AWS CNI cluster DaemonSet.
         /// 
         /// Defaults to the official AWS CNI image in ECR.
         /// </summary>
@@ -173,6 +173,14 @@ public sealed class VpcCniArgs : global::Pulumi.ResourceArgs
         [Input("logLevel")]
         public Input<string>? LogLevel { get; set; }
 
+        /// <summary>
+        /// Specifies the aws-eks-nodeagent container image to use in the AWS CNI cluster DaemonSet.
+        /// 
+        /// Defaults to the official AWS CNI nodeagent image in ECR.
+        /// </summary>
+        [Input("nodeAgentImage")]
+        public Input<string>? NodeAgentImage { get; set; }
+
         /// <summary>
         /// Specifies whether NodePort services are enabled on a worker node's primary network interface. This requires additional iptables rules and that the kernel's reverse path filter on the primary interface is set to loose.
         ///