Support writing AWS cloud provider tags on pre-existing infrastructure

[scottslowe]

User Story

As a user/operator I would like to be able to have CAPA write the necessary AWS tags required for proper AWS cloud provider operation onto pre-existing/pre-provisioned infrastructure, so that shared infrastructure can used to support multiple CAPI workload clusters.

Detailed Description

Currently, CAPA will write AWS cloud provider tags (kubernetes.io/cluster/<name> = [owned | shared]) onto AWS infrastructure it creates, but it will not write AWS cloud provider tags onto pre-existing/pre-provisioned AWS infrastructure. In such cases, the ability to support multiple workload clusters within a single set of shared AWS infrastructure is limited unless the names of the workload clusters are known or assigned in advance. When the names are known or assigned in advance, the appropriate tags can be added to the shared AWS infrastructure before the workload clusters are provisioned. When the names are not known or assigned in advance, then the tags must be managed separately and independently.

Anything else you would like to add:

Not that I can think of at this time.

/kind feature

[vincepri]

@scottslowe Should this be filed in CAPA? I can transfer if that's the case

[scottslowe]

@vincepri Doh! Yes, you are correct, my apologies, and thank you for transferring it over.

[randomvariable]

@vincepri can you transfer it?

[scottslowe]

@vincepri @randomvariable Do you all need/want me to close this and re-open in the appropriate repo?

[sedefsavas]

/milestone v0.7.x
/good-first-issue

[k8s-ci-robot]

@sedefsavas:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

/milestone v0.7.x
/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pydctw]

/assign

[pydctw]

@scottslowe, which pre-existing AWS resources need these tags?
Is adding kubernetes.io/cluster/<name> = shared tag to subnets enough? Or are there other AWS resources that need the tags?

[scottslowe]

We need that tag on all subnets, yes, but we also need kubernetes.io/role/internal-elb = 1 for private subnets and kubernetes.io/role/elb = 1 for public subnets. We also need the kubernetes.io/cluster/<name> = shared tag on the VPC.

[pydctw]

Thanks. I will add appropriate elb tags to subnets.
For kubernetes.io/cluster/<name> = shared tag on the VPC, is this needed? I am asking because I don't see kubernetes.io/cluster/<name> = owned tag on the VPC created by CAPA. It has sigs.k8s.io/cluster-api-provider-aws/cluster/<name> = owned tag instead.

[scottslowe]

I was under the impression/belief that the kubernetes.io/cluster/<name> = shared | owned tag needed to be on the VPC for the AWS cloud provider to work, but I could be mistaken. If we have examples of the AWS cloud provider being functional with the tag on the VPC, then let's leave it off.

[pydctw]

Sounds great. FYI, these are the tags for VPC created by CAPA when I followed cluster-api book quick start.

[scottslowe]

The documentation for the AWS cloud provider (both the deprecated in-tree version and the out-of-tree version) is sadly lacking any information on required tags and what objects need which tags.

[scottslowe]

I saw that #2715 had been merged; I'm guessing this will hit the 0.7.1 release?

[pydctw]

I think so as 0.7.1 hasn't been released yet. cc @sedefsavas

[randomvariable]

Released in v0.7.1 and v1.0.0

/close

[k8s-ci-robot]

@randomvariable: Closing this issue.

In response to this:

Released in v0.7.1 and v1.0.0

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.