Skip to content
Browse files

Fix #73479 AWS NLB target groups missing tags

`elbv2.AddTags` doesn't seem to support assigning the same set of
tags to multiple resources at once leading to the following error:
  Error adding tags after modifying load balancer targets:
  "ValidationError: Only one resource can be tagged at a time"

This can happen when using AWS NLB with multiple listeners pointing
to different node ports.

When k8s creates a NLB it creates a target group per listener along
with installing security group ingress rules allowing the traffic to
reach the k8s nodes.

Unfortunately if those target groups are not tagged, k8s will not
manage them, thinking it is not the owner.

This small changes assigns tags one resource at a time instead of
batching them as before.

Signed-off-by: Brice Figureau <>
  • Loading branch information...
masterzen committed Jan 30, 2019
1 parent 7ee1441 commit 88f8e9af74750024c16b2f4c1acae9217c11a4c6
Showing with 15 additions and 10 deletions.
  1. +15 −10 pkg/cloudprovider/providers/aws/aws_loadbalancer.go
@@ -138,10 +138,7 @@ func (c *Cloud) ensureLoadBalancerv2(namespacedName types.NamespacedName, loadBa
loadBalancer = createResponse.LoadBalancers[0]

// Create Target Groups
addTagsInput := &elbv2.AddTagsInput{
ResourceArns: []*string{},
Tags: []*elbv2.Tag{},
resourceArns := make([]*string, 0, len(mappings))

for i := range mappings {
// It is easier to keep track of updates by having possibly
@@ -150,20 +147,28 @@ func (c *Cloud) ensureLoadBalancerv2(namespacedName types.NamespacedName, loadBa
if err != nil {
return nil, fmt.Errorf("Error creating listener: %q", err)
addTagsInput.ResourceArns = append(addTagsInput.ResourceArns, targetGroupArn)
resourceArns = append(resourceArns, targetGroupArn)


// Add tags to targets
targetGroupTags := make([]*elbv2.Tag, 0, len(tags))

for k, v := range tags {
addTagsInput.Tags = append(addTagsInput.Tags, &elbv2.Tag{
targetGroupTags = append(targetGroupTags, &elbv2.Tag{
Key: aws.String(k), Value: aws.String(v),
if len(addTagsInput.ResourceArns) > 0 && len(addTagsInput.Tags) > 0 {
_, err = c.elbv2.AddTags(addTagsInput)
if err != nil {
return nil, fmt.Errorf("Error adding tags after creating Load Balancer: %q", err)
if len(resourceArns) > 0 && len(targetGroupTags) > 0 {
// elbv2.AddTags doesn't allow to tag multiple resources at once
for _, arn := range resourceArns {
_, err = c.elbv2.AddTags(&elbv2.AddTagsInput{
ResourceArns: []*string{arn},
Tags: targetGroupTags,
if err != nil {
return nil, fmt.Errorf("Error adding tags after creating Load Balancer: %q", err)
} else {

0 comments on commit 88f8e9a

Please sign in to comment.
You can’t perform that action at this time.