Eksctl: tag node root volumes properly

Created on 17 Jul 2019  ·  5Comments  ·  Source: weaveworks/eksctl

see https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-instance-tag-root-volume/ for a potential work around to this

kinfeature prioritbacklog
Source
picture errordeveloper
👍1

All 5 comments

As it took me a bit of time to figure out how to do that with eksctl, here is an example

First create an IAM policy to allow tag creation

Cust-Ec2Tags-Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Then in your config file update your nodeGroups section with :

nodeGroups:
  - name: mynodegroup
    iam:
      attachPolicyARNs:
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
        - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
        - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
        - arn:aws:iam::<aws account id>:policy/Cust-Ec2Tags-Policy
[...]
    preBootstrapCommands:
      - |
        cat <<EOF > /usr/local/sbin/tag_ebs_volume.sh
        #!/bin/bash
        AWS_AVAIL_ZONE=\$(curl -S http://169.254.169.254/latest/meta-data/placement/availability-zone)
        AWS_REGION="\`echo \"\$AWS_AVAIL_ZONE\" | sed 's/[a-z]$//'\`"
        AWS_INSTANCE_ID=\$(curl -S http://169.254.169.254/latest/meta-data/instance-id)
        ROOT_VOLUME_IDS=\$(aws ec2 describe-instances --region \$AWS_REGION --instance-id \$AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)
        while IFS=$'\t' read -r key val
        do
          aws ec2 create-tags --resources \$ROOT_VOLUME_IDS --region \$AWS_REGION --tags Key=\${key},Value="\${val}"
        done < <(aws ec2 describe-instances --region \$AWS_REGION --instance-id \${AWS_INSTANCE_ID} --query "Reservations[*].Instances[*].[Tags[*]]" --output text | grep ^prefix_)
        EOF
      - "chmod +x /usr/local/sbin/tag_ebs_volume.sh"
      - "/usr/local/sbin/tag_ebs_volume.sh"

Note that in this example it will propagate only tags with a specific prefix "prefix_"

Hope that may help someone

JeremJR picture JeremJR on 7 Apr 2020
👀1 👍1

Thank you @JeremJR , this helped a lot! 👍

log2 picture log2 on 21 Aug 2020
🎉1

Doing it from a script within the new instance won't be good enough for billing tags, as there is a short period where the volume exists, but is not tagged.

According to this https://forums.aws.amazon.com/thread.jspa?threadID=122354&start=25&tstart=0, There is a way to tag the volumes within an Auto Scaling Group via Launch Templates.

Apparently eksctl already uses launch templates, maybe all we need is a way to populate them with the tags.

MartinEmrich picture MartinEmrich on 5 Oct 2020

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] picture github-actions[bot] on 25 Jan 2021

Just to confirm: It's the year 2021 and we have to manually add tags to EBS volumes mounted on to EC2 instances launched from EKS manually?

Like using that bash script above.

NOT COMPLAINING. just verifying :)

bitva77 picture bitva77 on 27 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

scottyhq picture scottyhq  ·  3Comments
brunojcm picture brunojcm  ·  3Comments
xakraz picture xakraz  ·  4Comments
martina-if picture martina-if  ·  4Comments
errordeveloper picture errordeveloper  ·  4Comments