nutanix-cloud-native · faiq · Oct 2, 2025 · Sep 30, 2025 · Oct 1, 2025 · Oct 1, 2025
diff --git a/api/v1alpha1/aws_clusterconfig_types.go b/api/v1alpha1/aws_clusterconfig_types.go
@@ -8,6 +8,11 @@ import (
 )
 
 type AWSSpec struct {
+	// AdditionalTags is an optional set of tags to add to an instance,
+	// in addition to the ones added by default by the AWS provider.
+	// +optional
+	AdditionalTags capav1.Tags `json:"additionalTags,omitempty"`
+
 	// IdentityRef is a reference to an identity to be used when reconciling the managed control plane.
 	// If no identity is specified, the default identity for this controller will be used.
 	// +kubebuilder:validation:Optional

diff --git a/api/v1alpha1/aws_node_types.go b/api/v1alpha1/aws_node_types.go
@@ -43,6 +43,11 @@ type AWSWorkerNodeSpec struct {
 }
 
 type AWSGenericNodeSpec struct {
+	// AdditionalTags is an optional set of tags to add to an instance,
+	// in addition to the ones added by default by the AWS provider.
+	// +optional
+	AdditionalTags capav1.Tags `json:"additionalTags,omitempty"`
+
 	// AMI or AMI Lookup arguments for machine image of a AWS machine.
 	// If both AMI ID and AMI lookup arguments are provided then AMI ID takes precedence
 	// +kubebuilder:validation:Optional

diff --git a/api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml
@@ -290,6 +290,13 @@ spec:
                 aws:
                   description: AWS cluster configuration.
                   properties:
+                    additionalTags:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        AdditionalTags is an optional set of tags to add to an instance,
+                        in addition to the ones added by default by the AWS provider.
+                      type: object
                     controlPlaneLoadBalancer:
                       description: AWSLoadBalancerSpec configures an AWS control-plane LoadBalancer.
                       properties:
@@ -388,6 +395,13 @@ spec:
                             type: object
                           maxItems: 32
                           type: array
+                        additionalTags:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            AdditionalTags is an optional set of tags to add to an instance,
+                            in addition to the ones added by default by the AWS provider.
+                          type: object
                         ami:
                           description: |-
                             AMI or AMI Lookup arguments for machine image of a AWS machine.

diff --git a/api/v1alpha1/crds/caren.nutanix.com_awsworkernodeconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_awsworkernodeconfigs.yaml
@@ -57,6 +57,13 @@ spec:
                       type: object
                     maxItems: 32
                     type: array
+                  additionalTags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      AdditionalTags is an optional set of tags to add to an instance,
+                      in addition to the ones added by default by the AWS provider.
+                    type: object
                   ami:
                     description: |-
                       AMI or AMI Lookup arguments for machine image of a AWS machine.

diff --git a/api/v1alpha1/crds/caren.nutanix.com_eksclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_eksclusterconfigs.yaml
@@ -292,6 +292,13 @@ spec:
                 eks:
                   description: EKS cluster configuration.
                   properties:
+                    additionalTags:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        AdditionalTags is an optional set of tags to add to an instance,
+                        in addition to the ones added by default by the AWS provider.
+                      type: object
                     identityRef:
                       description: |-
                         IdentityRef is a reference to an identity to be used when reconciling the managed control plane.

diff --git a/api/v1alpha1/crds/caren.nutanix.com_eksworkernodeconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_eksworkernodeconfigs.yaml
@@ -57,6 +57,13 @@ spec:
                       type: object
                     maxItems: 32
                     type: array
+                  additionalTags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      AdditionalTags is an optional set of tags to add to an instance,
+                      in addition to the ones added by default by the AWS provider.
+                    type: object
                   ami:
                     description: |-
                       AMI or AMI Lookup arguments for machine image of a AWS machine.

diff --git a/api/v1alpha1/eks_clusterconfig_types.go b/api/v1alpha1/eks_clusterconfig_types.go
@@ -8,6 +8,11 @@ import (
 )
 
 type EKSSpec struct {
+	// AdditionalTags is an optional set of tags to add to an instance,
+	// in addition to the ones added by default by the AWS provider.
+	// +optional
+	AdditionalTags capav1.Tags `json:"additionalTags,omitempty"`
+
 	// IdentityRef is a reference to an identity to be used when reconciling the managed control plane.
 	// If no identity is specified, the default identity for this controller will be used.
 	// +kubebuilder:validation:Optional

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/docs/content/customization/aws/tags.md b/docs/content/customization/aws/tags.md
@@ -0,0 +1,110 @@
++++
+title = "AWS Additional Tags"
++++
+
+The AWS additional tags customization allows the user to specify custom tags to be applied to AWS resources created by the cluster.
+The customization can be applied at the cluster level, control plane level, and worker node level.
+This customization will be available when the
+[provider-specific cluster configuration patch]({{< ref "..">}}) is included in the `ClusterClass`.
+
+## Example
+
+To specify additional tags for all AWS resources, use the following configuration:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          aws:
+            additionalTags:
+              Environment: production
+              Team: platform
+              CostCenter: "12345"
+          controlPlane:
+            aws:
+              additionalTags:
+                NodeType: control-plane
+      - name: workerConfig
+        value:
+          aws:
+            additionalTags:
+              NodeType: worker
+              Workload: general
+```
+
+We can further customize individual MachineDeployments by using the overrides field with the following configuration:
+
+```yaml
+spec:
+  topology:
+    # ...
+    workers:
+      machineDeployments:
+        - class: default-worker
+          name: md-0
+          variables:
+            overrides:
+              - name: workerConfig
+                value:
+                  aws:
+                    additionalTags:
+                      NodeType: worker
+                      Workload: database
+                      Environment: production
+```
+
+## Tag Precedence
+
+When tags are specified at multiple levels, the following precedence applies (higher precedence overrides lower):
+
+1. **Worker level tags** and **Control plane level tags** (highest precedence)
+1. **Cluster level tags** (lowest precedence)
+
+This means that if the same tag key is specified at multiple levels, the worker and contorl-plane level values will take precedence over the cluster level values.
+
+## Applying this configuration will result in the following values being set
+
+- `AWSCluster`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+    ```
+
+- control-plane `AWSMachineTemplate`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+            NodeType: control-plane
+    ```
+
+- worker `AWSMachineTemplate`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+            NodeType: worker
+            Workload: general
+    ```
diff --git a/docs/content/customization/eks/tags.md b/docs/content/customization/eks/tags.md
@@ -0,0 +1,87 @@
++++
+title = "EKS Additional Tags"
++++
+
+The EKS additional tags customization allows the user to specify custom tags to be applied to AWS resources created by the EKS cluster.
+The customization can be applied at the cluster level and worker node level.
+This customization will be available when the
+[provider-specific cluster configuration patch]({{< ref "..">}}) is included in the `ClusterClass`.
+
+## Example
+
+To specify additional tags for EKS resources, use the following configuration:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          eks:
+            additionalTags:
+              Environment: production
+              Team: platform
+              CostCenter: "12345"
+```
+
+We can further customize individual MachineDeployments by using the overrides field with the following configuration:
+
+```yaml
+spec:
+  topology:
+    # ...
+    workers:
+      machineDeployments:
+        - class: default-worker
+          name: md-0
+          variables:
+            overrides:
+              - name: workerConfig
+                value:
+                  eks:
+                    additionalTags:
+                      NodeType: worker
+                      Workload: database
+                      Environment: production
+```
+
+## Tag Precedence
+
+When tags are specified at multiple levels, the following precedence applies (higher precedence overrides lower):
+
+1. **Worker level tags** (highest precedence)
+2. **Cluster level tags** (lowest precedence)
+
+This means that if the same tag key is specified at multiple levels, the worker level values will take precedence over the cluster level values.
+
+## Applying this configuration will result in the following values being set
+
+- `AWSManagedControlPlane`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+    ```
+
+- worker `AWSMachineTemplate`:
+
+  - ```yaml
+    spec:
+      template:
+        spec:
+          additionalTags:
+            Environment: production
+            Team: platform
+            CostCenter: "12345"
+            NodeType: worker
+            Workload: general
+    ```
diff --git a/pkg/handlers/aws/mutation/metapatch_handler.go b/pkg/handlers/aws/mutation/metapatch_handler.go
@@ -18,6 +18,7 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/placementgroup"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/region"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/securitygroups"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/tags"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/aws/mutation/volumes"
 	genericmutation "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/mutation"
 )
@@ -26,9 +27,11 @@ import (
 func MetaPatchHandler(mgr manager.Manager) handlers.Named {
 	patchHandlers := []mutation.MetaMutator{
 		calico.NewPatch(),
+		tags.NewClusterPatch(),
 		region.NewPatch(),
 		network.NewPatch(),
 		controlplaneloadbalancer.NewPatch(),
+		tags.NewControlPlanePatch(),
 		identityref.NewPatch(),
 		iaminstanceprofile.NewControlPlanePatch(),
 		instancetype.NewControlPlanePatch(),
@@ -50,6 +53,7 @@ func MetaPatchHandler(mgr manager.Manager) handlers.Named {
 // MetaWorkerPatchHandler returns a meta patch handler for mutating CAPA workers.
 func MetaWorkerPatchHandler(mgr manager.Manager) handlers.Named {
 	patchHandlers := []mutation.MetaMutator{
+		tags.NewWorkerPatch(),
 		iaminstanceprofile.NewWorkerPatch(),
 		instancetype.NewWorkerPatch(),
 		ami.NewWorkerPatch(),