Merge pull request #3512 from Ankitasw/additional-tags-unmanaged-subnets

Removed additionalTag application on unmanaged subnets
kubernetes-sigs · Jun 23, 2022 · fde49ea · fde49ea
2 parents b6b66b1 + 5bca8f0
commit fde49ea
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/docs/book/src/topics/bring-your-own-aws-infrastructure.md b/docs/book/src/topics/bring-your-own-aws-infrastructure.md
@@ -44,6 +44,7 @@ Cluster API itself does tag AWS resources it creates. The `sigs.k8s.io/cluster-a
 When consuming existing AWS infrastructure, the Cluster API AWS provider does not require any tags to be present. The absence of the tags on an AWS resource indicates to Cluster API that it should not modify the resource or attempt to manage the lifecycle of the resource.
 
 However, the built-in Kubernetes AWS cloud provider _does_ require certain tags in order to function properly. Specifically, all subnets where Kubernetes nodes reside should have the `kubernetes.io/cluster/<cluster-name>` tag present. Private subnets should also have the `kubernetes.io/role/internal-elb` tag with a value of 1, and public subnets should have the `kubernetes.io/role/elb` tag with a value of 1. These latter two tags help the cloud provider understand which subnets to use when creating load balancers.
+> **Note**: The subnet tagging above is taken care by the CAPA controllers but additionalTags provided by users won't be propagated to the unmanaged VPC subnets.
 
 Finally, if the controller manager isn't started with the `--configure-cloud-routes: "false"` parameter, the route table(s) will also need the `kubernetes.io/cluster/<cluster-name>` tag. (This parameter can be added by customizing the `KubeadmConfigSpec` object of the `KubeadmControlPlane` object.)
 

diff --git a/pkg/cloud/services/network/subnets.go b/pkg/cloud/services/network/subnets.go
@@ -415,7 +415,11 @@ func (s *Service) deleteSubnet(id string) error {
 
 func (s *Service) getSubnetTagParams(unmanagedVPC bool, id string, public bool, zone string, manualTags infrav1.Tags) infrav1.BuildParams {
 	var role string
-	additionalTags := s.scope.AdditionalTags()
+	additionalTags := make(map[string]string)
+
+	if !unmanagedVPC {
+		additionalTags = s.scope.AdditionalTags()
+	}
 
 	if public {
 		role = infrav1.PublicRoleTagValue
@@ -428,11 +432,11 @@ func (s *Service) getSubnetTagParams(unmanagedVPC bool, id string, public bool,
 	// Add tag needed for Service type=LoadBalancer
 	additionalTags[infrav1.NameKubernetesAWSCloudProviderPrefix+s.scope.KubernetesClusterName()] = string(infrav1.ResourceLifecycleShared)
 
-	for k, v := range manualTags {
-		additionalTags[k] = v
-	}
-
 	if !unmanagedVPC {
+		for k, v := range manualTags {
+			additionalTags[k] = v
+		}
+
 		var name strings.Builder
 		name.WriteString(s.scope.Name())
 		name.WriteString("-subnet-")

diff --git a/pkg/cloud/services/network/subnets_test.go b/pkg/cloud/services/network/subnets_test.go
@@ -168,7 +168,8 @@ func TestReconcileSubnets(t *testing.T) {
 				},
 				Subnets: []infrav1.SubnetSpec{
 					{
-						ID: "subnet-1",
+						ID:   "subnet-1",
+						Tags: map[string]string{"foo": "bar"}, // adding additional tag here which won't be added in unmanaged subnet hence not present in expect calls
 					},
 					{
 						ID: "subnet-2",