diff --git a/docs/book/src/topics/bring-your-own-aws-infrastructure.md b/docs/book/src/topics/bring-your-own-aws-infrastructure.md index 837d15708b..d4c4369c9a 100644 --- a/docs/book/src/topics/bring-your-own-aws-infrastructure.md +++ b/docs/book/src/topics/bring-your-own-aws-infrastructure.md @@ -44,6 +44,7 @@ Cluster API itself does tag AWS resources it creates. The `sigs.k8s.io/cluster-a When consuming existing AWS infrastructure, the Cluster API AWS provider does not require any tags to be present. The absence of the tags on an AWS resource indicates to Cluster API that it should not modify the resource or attempt to manage the lifecycle of the resource. However, the built-in Kubernetes AWS cloud provider _does_ require certain tags in order to function properly. Specifically, all subnets where Kubernetes nodes reside should have the `kubernetes.io/cluster/` tag present. Private subnets should also have the `kubernetes.io/role/internal-elb` tag with a value of 1, and public subnets should have the `kubernetes.io/role/elb` tag with a value of 1. These latter two tags help the cloud provider understand which subnets to use when creating load balancers. +> **Note**: The subnet tagging above is taken care by the CAPA controllers but additionalTags provided by users won't be propagated to the unmanaged VPC subnets. Finally, if the controller manager isn't started with the `--configure-cloud-routes: "false"` parameter, the route table(s) will also need the `kubernetes.io/cluster/` tag. (This parameter can be added by customizing the `KubeadmConfigSpec` object of the `KubeadmControlPlane` object.) diff --git a/pkg/cloud/services/network/subnets.go b/pkg/cloud/services/network/subnets.go index d7b4cce6b1..fc4e5c72b6 100644 --- a/pkg/cloud/services/network/subnets.go +++ b/pkg/cloud/services/network/subnets.go @@ -415,7 +415,11 @@ func (s *Service) deleteSubnet(id string) error { func (s *Service) getSubnetTagParams(unmanagedVPC bool, id string, public bool, zone string, manualTags infrav1.Tags) infrav1.BuildParams { var role string - additionalTags := s.scope.AdditionalTags() + additionalTags := make(map[string]string) + + if !unmanagedVPC { + additionalTags = s.scope.AdditionalTags() + } if public { role = infrav1.PublicRoleTagValue @@ -428,11 +432,11 @@ func (s *Service) getSubnetTagParams(unmanagedVPC bool, id string, public bool, // Add tag needed for Service type=LoadBalancer additionalTags[infrav1.NameKubernetesAWSCloudProviderPrefix+s.scope.KubernetesClusterName()] = string(infrav1.ResourceLifecycleShared) - for k, v := range manualTags { - additionalTags[k] = v - } - if !unmanagedVPC { + for k, v := range manualTags { + additionalTags[k] = v + } + var name strings.Builder name.WriteString(s.scope.Name()) name.WriteString("-subnet-") diff --git a/pkg/cloud/services/network/subnets_test.go b/pkg/cloud/services/network/subnets_test.go index 0cac90c535..70d0e4fb63 100644 --- a/pkg/cloud/services/network/subnets_test.go +++ b/pkg/cloud/services/network/subnets_test.go @@ -168,7 +168,8 @@ func TestReconcileSubnets(t *testing.T) { }, Subnets: []infrav1.SubnetSpec{ { - ID: "subnet-1", + ID: "subnet-1", + Tags: map[string]string{"foo": "bar"}, // adding additional tag here which won't be added in unmanaged subnet hence not present in expect calls }, { ID: "subnet-2",