From 59ecfc0f3eea9c3d1e4b9660cb52b4bffad0dd94 Mon Sep 17 00:00:00 2001
From: Hao Wang <forwanghao@gmail.com>
Date: Tue, 9 Sep 2025 13:16:04 -0700
Subject: [PATCH] Karpenter security group tagging

---
 docs/clusters/eksctl-karpenter.adoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/clusters/eksctl-karpenter.adoc b/docs/clusters/eksctl-karpenter.adoc
index e4c0eed..a9556a1 100644
--- a/docs/clusters/eksctl-karpenter.adoc
+++ b/docs/clusters/eksctl-karpenter.adoc
@@ -80,3 +80,7 @@ spec:
 
 Note that unless `defaultInstanceProfile` is defined, the name used for `instanceProfile` is
 `eksctl-KarpenterNodeInstanceProfile-<cluster-name>`.
+
+## Automatic Security Group Tagging
+
+`eksctl` automatically tags the cluster's shared node security group with `karpenter.sh/discovery` when both Karpenter is enabled (`karpenter.version` specified) and the `karpenter.sh/discovery` tag exists in `metadata.tags`. This enables AWS Load Balancer Controller compatibility.