feat: add additionalTags EKS handlers

Author: dkoshkin

docs/content/customization/eks/tags.md

@@ -0,0 +1,87 @@
++++
+title = "EKS Additional Tags"
++++
+
+The EKS additional tags customization allows the user to specify custom tags to be applied to AWS resources created by the EKS cluster.
+The customization can be applied at the cluster level and worker node level.
+This customization will be available when the
+[provider-specific cluster configuration patch]({{< ref "..">}}) is included in the `ClusterClass`.
+
+## Example
+
+To specify additional tags for EKS resources, use the following configuration:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          eks:
+            additionalTags:
+              Environment: production
+              Team: platform
+              CostCenter: "12345"
+```
+
+We can further customize individual MachineDeployments by using the overrides field with the following configuration:
+
+```yaml
+spec:
+  topology:
+    # ...
+    workers:
+      machineDeployments:
+        - class: default-worker
+          name: md-0
+          variables:
+            overrides:
+              - name: workerConfig
+                value:
+                  eks:
+                    additionalTags:
+                      NodeType: worker
+                      Workload: database
+                      Environment: production
+```
+
+## Tag Precedence
+
+When tags are specified at multiple levels, the following precedence applies (higher precedence overrides lower):
+
+1. **Worker level tags** (highest precedence)
+2. **Cluster level tags** (lowest precedence)
+
+This means that if the same tag key is specified at multiple levels, the worker level values will take precedence over the cluster level values.
+
+## Applying this configuration will result in the following values being set
+
+- `AWSManagedControlPlane`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+    ```
+
+- worker `AWSMachineTemplate`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+            NodeType: worker
+            Workload: general
+    ```

pkg/handlers/eks/mutation/metapatch_handler.go

@@ -16,6 +16,7 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/placementgroup"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/region"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/securitygroups"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/tags"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/volumes"
 )
 
@@ -25,6 +26,7 @@ func MetaPatchHandler(mgr manager.Manager) handlers.Named {
 		region.NewPatch(),
 		network.NewPatch(),
 		identityref.NewPatch(),
+		tags.NewClusterPatch(),
 	}
 	patchHandlers = append(patchHandlers, metaMutators()...)
 
@@ -44,6 +46,7 @@ func MetaWorkerPatchHandler(mgr manager.Manager) handlers.Named {
 		securitygroups.NewWorkerPatch(),
 		volumes.NewWorkerPatch(),
 		placementgroup.NewWorkerPatch(),
+		tags.NewWorkerPatch(),
 	}
 	patchHandlers = append(patchHandlers, workerMetaMutators()...)
 

pkg/handlers/eks/mutation/tags/inject_cluster.go

@@ -0,0 +1,115 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package tags
+
+import (
+	"context"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	capav1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	eksv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/variables"
+)
+
+const (
+	// VariableName is the external patch variable name.
+	VariableName = "additionalTags"
+)
+
+type eksTagsClusterPatchHandler struct {
+	metaVariableName  string
+	variableFieldPath []string
+	patchSelector     clusterv1.PatchSelector
+}
+
+func newEKSClusterPatchHandler(
+	metaVariableName string,
+	variableFieldPath []string,
+	patchSelector clusterv1.PatchSelector,
+) *eksTagsClusterPatchHandler {
+	return &eksTagsClusterPatchHandler{
+		metaVariableName:  metaVariableName,
+		variableFieldPath: variableFieldPath,
+		patchSelector:     patchSelector,
+	}
+}
+
+func (h *eksTagsClusterPatchHandler) Mutate(
+	ctx context.Context,
+	obj *unstructured.Unstructured,
+	vars map[string]apiextensionsv1.JSON,
+	holderRef runtimehooksv1.HolderReference,
+	_ client.ObjectKey,
+	_ mutation.ClusterGetter,
+) error {
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"holderRef", holderRef,
+	)
+
+	additionalTagsVar, err := variables.Get[capav1.Tags](
+		vars,
+		h.metaVariableName,
+		h.variableFieldPath...,
+	)
+	if err != nil {
+		if variables.IsNotFoundError(err) {
+			log.V(5).Info("EKS additionalTags variable for control plane not defined")
+			return nil
+		}
+		return err
+	}
+
+	log = log.WithValues(
+		"variableName",
+		h.metaVariableName,
+		"variableFieldPath",
+		h.variableFieldPath,
+		"variableValue",
+		additionalTagsVar,
+	)
+
+	return patches.MutateIfApplicable(
+		obj,
+		vars,
+		&holderRef,
+		h.patchSelector,
+		log,
+		func(obj *eksv1.AWSManagedControlPlaneTemplate) error {
+			log.WithValues(
+				"patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(),
+				"patchedObjectName", client.ObjectKeyFromObject(obj),
+			).Info("setting additionalTags in AWSManagedControlPlaneTemplate spec")
+
+			obj.Spec.Template.Spec.AdditionalTags = additionalTagsVar
+
+			return nil
+		},
+	)
+}
+
+func NewClusterPatch() *eksTagsClusterPatchHandler {
+	return newEKSClusterPatchHandler(
+		v1alpha1.ClusterConfigVariableName,
+		[]string{
+			v1alpha1.EKSVariableName,
+			VariableName,
+		},
+		clusterv1.PatchSelector{
+			APIVersion: eksv1.GroupVersion.String(),
+			Kind:       "AWSManagedControlPlaneTemplate",
+			MatchResources: clusterv1.PatchSelectorMatch{
+				ControlPlane: true,
+			},
+		},
+	)
+}

pkg/handlers/eks/mutation/tags/inject_cluster_test.go

@@ -0,0 +1,101 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package tags
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+
+	capav1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/testutils/capitest"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/eks/mutation/testutils"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/test/helpers"
+)
+
+var _ = Describe("Generate EKS Tags patches for managed control plane", func() {
+	patchGenerator := func() mutation.GeneratePatches {
+		return mutation.NewMetaGeneratePatchesHandler("", helpers.TestEnv.Client, NewClusterPatch()).(mutation.GeneratePatches)
+	}
+
+	testDefs := []capitest.PatchTestDef{
+		{
+			Name: "unset variable",
+		},
+		{
+			Name: "additionalTags set for managed control plane",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					v1alpha1.ClusterConfigVariableName,
+					capav1.Tags{
+						"Environment": "production",
+						"Team":        "platform",
+					},
+					v1alpha1.EKSVariableName,
+					VariableName,
+				),
+			},
+			RequestItem: testutils.NewEKSControlPlaneRequestItem("1234"),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+				Operation: "add",
+				Path:      "/spec/template/spec/additionalTags",
+				ValueMatcher: gomega.And(
+					gomega.HaveKeyWithValue("Environment", "production"),
+					gomega.HaveKeyWithValue("Team", "platform"),
+				),
+			}},
+		},
+		{
+			Name: "empty additionalTags for managed control plane",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					v1alpha1.ClusterConfigVariableName,
+					capav1.Tags{},
+					v1alpha1.EKSVariableName,
+					VariableName,
+				),
+			},
+			RequestItem:           testutils.NewEKSControlPlaneRequestItem("1234"),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{},
+		},
+		{
+			Name: "additionalTags with special characters for managed control plane",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					v1alpha1.ClusterConfigVariableName,
+					capav1.Tags{
+						"kubernetes.io/cluster/test-cluster": "owned",
+						"Cost-Center":                        "12345",
+						"Environment":                        "dev-test",
+					},
+					v1alpha1.EKSVariableName,
+					VariableName,
+				),
+			},
+			RequestItem: testutils.NewEKSControlPlaneRequestItem("1234"),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+				Operation: "add",
+				Path:      "/spec/template/spec/additionalTags",
+				ValueMatcher: gomega.And(
+					gomega.HaveKeyWithValue("kubernetes.io/cluster/test-cluster", "owned"),
+					gomega.HaveKeyWithValue("Cost-Center", "12345"),
+					gomega.HaveKeyWithValue("Environment", "dev-test"),
+				),
+			}},
+		},
+	}
+
+	// create test node for each case
+	for _, tt := range testDefs {
+		It(tt.Name, func() {
+			capitest.AssertGeneratePatches(
+				GinkgoT(),
+				patchGenerator,
+				&tt,
+			)
+		})
+	}
+})

pkg/handlers/eks/mutation/tags/inject_suite_test.go

@@ -0,0 +1,16 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package tags
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+)
+
+func TestEKSTagsPatch(t *testing.T) {
+	gomega.RegisterFailHandler(Fail)
+	RunSpecs(t, "EKS Tags mutator suite")
+}

pkg/handlers/eks/mutation/tags/inject_worker.go

@@ -0,0 +1,26 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package tags
+
+import (
+	capav1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches/selectors"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/tags"
+)
+
+func NewWorkerPatch() mutation.MetaMutator {
+	return tags.NewAWSTagsPatchHandler(
+		v1alpha1.WorkerConfigVariableName,
+		[]string{
+			v1alpha1.EKSVariableName,
+			tags.VariableName,
+		},
+		selectors.InfrastructureWorkerMachineTemplates(
+			capav1.GroupVersion.Version,
+			"AWSMachineTemplate",
+		),
+	)
+}