feat: Add default tags CLI option [K8SPCORE-1707]

Author: mirozoe

README.md

@@ -250,6 +250,9 @@ spec:
     podName: some-pod
 ```
 
+##### Default tags
+Tags can be defined from CLI as default tags, what will be applied to EIP and ENI resources.
+
 ### ENIs
 
 To be documented

api/v1alpha1/eni_types.go

@@ -37,6 +37,10 @@ type ENISpec struct {
 	Attachment *ENIAttachment `json:"attachment,omitempty"`
 
 	Description string `json:"description,omitempty"`
+
+	// Tags that will be applied to the created EIP.
+	// +optional
+	Tags *map[string]string `json:"tags,omitempty"`
 }
 
 // ENIStatus defines the observed state of ENI

config/samples/aws_v1alpha1_eip.yaml

@@ -3,7 +3,7 @@ kind: EIP
 metadata:
   name: eip-sample
 spec:
-  tags:
+  tags:             # Optional tags to apply to the EIP
     owner: Myself
   assignment:
     eni: eni-sample

config/samples/aws_v1alpha1_eni.yaml

@@ -8,3 +8,5 @@ spec:
   secondaryPrivateIPAddressCount: 2
   securityGroups:
   - sg-abcdef12
+  tags:           # Optional tags to apply to the ENI
+    team: VCS

controllers/eip_controller.go

@@ -40,6 +40,7 @@ type EIPReconciler struct {
 	NonCachingClient client.Client
 	Log              logr.Logger
 	EC2              *ec2.EC2
+	Tags             map[string]string
 }
 
 // +kubebuilder:rbac:groups=aws.k8s.logmein.com,resources=eips,verbs=get;list;watch;create;update;patch;delete
@@ -190,6 +191,12 @@ func (r *EIPReconciler) allocateEIP(ctx context.Context, eip *awsv1alpha1.EIP, l
 		}
 	}
 
+	tags := ec2.TagSpecification{
+		ResourceType: aws.String("elastic-ip"),
+		Tags:         r.combineDefaultAndDefinedTags(eip),
+	}
+	input.TagSpecifications = []*ec2.TagSpecification{&tags}
+
 	if resp, err := r.EC2.AllocateAddressWithContext(ctx, input); err != nil {
 		return err
 	} else {
@@ -202,7 +209,17 @@ func (r *EIPReconciler) allocateEIP(ctx context.Context, eip *awsv1alpha1.EIP, l
 		}
 	}
 
-	return r.reconcileTags(ctx, eip, []*ec2.Tag{})
+	return nil
+}
+
+// combineDefaultAndDefinedTags combines the default tags defined in the controller
+// with the tags defined in the EIP spec. Tags defined in the EIP spec override
+// default tags in case of key conflicts.
+func (r EIPReconciler) combineDefaultAndDefinedTags(eip *awsv1alpha1.EIP) []*ec2.Tag {
+	var tags []*ec2.Tag
+	tags = convertMapToTags(r.Tags)
+	tags = append(tags, convertMapToTags(*eip.Spec.Tags)...)
+	return tags
 }
 
 func (r *EIPReconciler) reconcileTags(ctx context.Context, eip *awsv1alpha1.EIP, existingTags []*ec2.Tag) error {
@@ -225,6 +242,7 @@ func (r *EIPReconciler) reconcileTags(ctx context.Context, eip *awsv1alpha1.EIP,
 			tagsToCreate = append(tagsToCreate, &ec2.Tag{Key: aws.String(k), Value: aws.String(v)})
 		}
 	}
+
 	if len(tagsToCreate) > 0 {
 		if _, err := r.EC2.CreateTagsWithContext(ctx, &ec2.CreateTagsInput{
 			Resources: resources,
@@ -234,12 +252,14 @@ func (r *EIPReconciler) reconcileTags(ctx context.Context, eip *awsv1alpha1.EIP,
 		}
 	}
 
+	// remove tags that are not defined in the spec and are not default ones
 	var tagsToRemove []*ec2.Tag
 	for _, tag := range existingTags {
-		if _, ok := (*eip.Spec.Tags)[aws.StringValue(tag.Key)]; !ok {
+		if !isTagPresent(r.combineDefaultAndDefinedTags(eip), tag) {
 			tagsToRemove = append(tagsToRemove, tag)
 		}
 	}
+
 	if len(tagsToRemove) > 0 {
 		_, err := r.EC2.DeleteTagsWithContext(ctx, &ec2.DeleteTagsInput{
 			Resources: resources,

controllers/eni_controller.go

@@ -41,6 +41,7 @@ type ENIReconciler struct {
 	NonCachingClient client.Client
 	Log              logr.Logger
 	EC2              *ec2.EC2
+	Tags             map[string]string
 }
 
 // +kubebuilder:rbac:groups=aws.k8s.logmein.com,resources=enis,verbs=get;list;watch;create;update;patch;delete
@@ -74,6 +75,13 @@ func (r *ENIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 			if eni.Spec.SecondaryPrivateIPAddressCount > 0 {
 				input.SecondaryPrivateIpAddressCount = aws.Int64(eni.Spec.SecondaryPrivateIPAddressCount)
 			}
+
+			tags := ec2.TagSpecification{
+				ResourceType: aws.String("network-interface"),
+			}
+			tags.Tags = convertMapToTags(r.Tags)
+			input.TagSpecifications = []*ec2.TagSpecification{&tags}
+
 			resp, err := r.EC2.CreateNetworkInterface(input)
 			if err != nil {
 				return ctrl.Result{}, err
@@ -200,6 +208,12 @@ func (r *ENIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 				return ctrl.Result{RequeueAfter: 3 * time.Second}, err
 			}
 		}
+
+		// reconcile tags
+		if err := r.reconcileTags(ctx, &eni, eniInfo.TagSet); err != nil {
+			return ctrl.Result{}, err
+		}
+
 		eni.Status.Attachment = eni.Spec.Attachment
 		return ctrl.Result{}, r.Update(ctx, &eni)
 	} else if containsString(eni.ObjectMeta.Finalizers, finalizerName) {
@@ -356,3 +370,59 @@ func (r *ENIReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		For(&awsv1alpha1.ENI{}).
 		Complete(r)
 }
+
+// combineDefaultAndDefinedTags combines the default tags defined in the controller
+// with the tags defined in the ENI spec. Tags defined in the ENI spec override
+// default tags in case of key conflicts.
+func (r ENIReconciler) combineDefaultAndDefinedTags(eni *awsv1alpha1.ENI) []*ec2.Tag {
+	var tags []*ec2.Tag
+	tags = convertMapToTags(r.Tags)
+	tags = append(tags, convertMapToTags(*eni.Spec.Tags)...)
+	return tags
+}
+
+func (r *ENIReconciler) reconcileTags(ctx context.Context, eni *awsv1alpha1.ENI, existingTags []*ec2.Tag) error {
+	resources := []*string{aws.String(eni.Status.NetworkInterfaceID)}
+
+	// create tags that are defined in the spec but not present yet
+	var tagsToCreate []*ec2.Tag
+	for k, v := range *eni.Spec.Tags {
+		create := true
+		for _, tag := range existingTags {
+			if aws.StringValue(tag.Key) == k && aws.StringValue(tag.Value) == v {
+				create = false
+				break
+			}
+		}
+		if create {
+			tagsToCreate = append(tagsToCreate, &ec2.Tag{Key: aws.String(k), Value: aws.String(v)})
+		}
+	}
+
+	if len(tagsToCreate) > 0 {
+		if _, err := r.EC2.CreateTagsWithContext(ctx, &ec2.CreateTagsInput{
+			Resources: resources,
+			Tags:      tagsToCreate,
+		}); err != nil {
+			return err
+		}
+	}
+
+	// remove tags that are not defined in the spec and are not default ones
+	var tagsToRemove []*ec2.Tag
+	for _, tag := range existingTags {
+		if !isTagPresent(r.combineDefaultAndDefinedTags(eni), tag) {
+			tagsToRemove = append(tagsToRemove, tag)
+		}
+	}
+
+	if len(tagsToRemove) > 0 {
+		_, err := r.EC2.DeleteTagsWithContext(ctx, &ec2.DeleteTagsInput{
+			Resources: resources,
+			Tags:      tagsToRemove,
+		})
+		return err
+	}
+
+	return nil
+}

controllers/utils.go

@@ -1,5 +1,10 @@
 package controllers
 
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+)
+
 const (
 	finalizerName = "aws.k8s.logmein.com"
 )
@@ -22,3 +27,23 @@ func removeString(slice []string, s string) (result []string) {
 	}
 	return
 }
+
+func isTagPresent(tags []*ec2.Tag, searchedTag *ec2.Tag) bool {
+	for _, tag := range tags {
+		if tag.Key != nil && *tag.Key == *searchedTag.Key {
+			return true
+		}
+	}
+	return false
+}
+
+func convertMapToTags(tagMap map[string]string) []*ec2.Tag {
+	var tags []*ec2.Tag
+	for k, v := range tagMap {
+		tags = append(tags, &ec2.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v),
+		})
+	}
+	return tags
+}

main.go

@@ -18,6 +18,7 @@ package main
 import (
 	"flag"
 	"os"
+	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
@@ -45,11 +46,12 @@ func init() {
 }
 
 func main() {
-	var metricsAddr, region, leaderElectionID, leaderElectionNamespace string
+	var metricsAddr, region, leaderElectionID, leaderElectionNamespace, defaultTags string
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&region, "region", "", "AWS region")
 	flag.StringVar(&leaderElectionID, "leader-election-id", "k8s-aws-operator", "the name of the configmap do use as leader election lock")
 	flag.StringVar(&leaderElectionNamespace, "leader-election-namespace", "", "the namespace in which the leader election lock will be held")
+	flag.StringVar(&defaultTags, "default-tags", "", "default tags to add to created resources, in the format key1=value1,key2=value2")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -90,11 +92,18 @@ func main() {
 		os.Exit(1)
 	}
 
+	defaultTagsMap := make(map[string]string)
+	if defaultTags != "" {
+		parseTags(&defaultTagsMap, defaultTags)
+		setupLog.Info("Default tags set", "tags", defaultTagsMap)
+	}
+
 	err = (&controllers.EIPReconciler{
 		Client:           cachingClient,
 		NonCachingClient: nonCachingClient,
 		Log:              ctrl.Log.WithName("controllers").WithName("EIP"),
 		EC2:              ec2,
+		Tags:             defaultTagsMap,
 	}).SetupWithManager(mgr)
 	if err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "EIP")
@@ -105,6 +114,7 @@ func main() {
 		NonCachingClient: nonCachingClient,
 		Log:              ctrl.Log.WithName("controllers").WithName("ENI"),
 		EC2:              ec2,
+		Tags:             defaultTagsMap,
 	}).SetupWithManager(mgr)
 	if err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "ENI")
@@ -126,3 +136,12 @@ func main() {
 		os.Exit(1)
 	}
 }
+
+func parseTags(tagMap *map[string]string, tags string) {
+	for _, tag := range strings.Split(tags, ",") {
+		kv := strings.SplitN(tag, "=", 2)
+		if len(kv) == 2 {
+			(*tagMap)[strings.TrimSpace(kv[0])] = strings.TrimSpace(kv[1])
+		}
+	}
+}