Fix: add custom tags on managed node's ASG (fixes scale-up by the

autoscaler) The tags specified on the resource type "aws_eks_node_group" are not propagated to the ASG that represents this node group (issue aws/containers-roadmap#608). As a workaround, we add tags to the ASG after the nodegroup creation/updates using the AWS command-line. This will fix scaling up from 0, in EKS-managed node groups, when pods have affinities/nodeSelectors defined on custom tags.
quortex · Apr 11, 2024 · f203c88 · f203c88
1 parent c14de57
commit f203c88
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/kubernetes.tf b/kubernetes.tf
@@ -103,6 +103,45 @@ resource "aws_eks_node_group" "quortex" {
   ]
 }
 
+# This datasource is used to get the region currently used by the AWS provider
+data "aws_region" "current" {
+}
+
+# This AWS CLI command will add tags to the ASG created by EKS
+#
+# The tags specified on the resource type "aws_eks_node_group" are not propagated to the ASG that 
+# represents this node group (issue https://github.com/aws/containers-roadmap/issues/608).
+#
+# As a workaround, we add tags to the ASG after the nodegroup creation/updates using the AWS 
+# command-line.
+#
+# Thanks to the PropagateAtLaunch=true argument, these tags will also be propagated to instances 
+# created in this ASG.
+#
+# Note: on tag updates, the command will not be run again (the command is triggered by changes in 
+# the ASG name). The tags update can be forced by the terraform command:
+#     terraform taint module.eks.null_resource.add_custom_tags_to_asg[\"main\"]
+resource "null_resource" "add_custom_tags_to_asg" {
+  for_each = aws_eks_node_group.quortex
+
+  triggers = {
+    node_group = each.value["resources"][0]["autoscaling_groups"][0]["name"]
+  }
+
+  provisioner "local-exec" {
+    command = <<EOF
+aws autoscaling create-or-update-tags \
+--region ${data.aws_region.current.name} \
+--tags \
+ResourceId=${each.value["resources"][0]["autoscaling_groups"][0]["name"]},ResourceType=auto-scaling-group,Key=nodegroup,Value=${each.key},PropagateAtLaunch=true \
+ResourceId=${each.value["resources"][0]["autoscaling_groups"][0]["name"]},ResourceType=auto-scaling-group,Key=k8s.io/cluster-autoscaler/node-template/label/nodegroup,Value=${each.key},PropagateAtLaunch=true \
+%{ for k,v in var.tags ~}
+ResourceId=${each.value["resources"][0]["autoscaling_groups"][0]["name"]},ResourceType=auto-scaling-group,Key=${k},Value=${v},PropagateAtLaunch=true \
+%{ endfor }
+EOF
+  }
+}
+
 resource "aws_security_group" "remote_access" {
   # Create this security group only if remote access is requested
   count = var.remote_access_ssh_key != null ? 1 : 0

diff --git a/versions.tf b/versions.tf
@@ -19,5 +19,6 @@ terraform {
 
   required_providers {
     aws = ">= 2.70.0"
+    null = ">= 3.1.0"
   }
 }