View a markdown version of this page

Amazon EKS - Resource Tagging - AWS Partner Revenue Measurement
Tagging the Kubernetes clusterTagging nodes within a node groupTagging load balancersTagging EBS volumesFargate on EKSIsolating partner solution resources on a shared EKS cluster

Amazon EKS - Resource Tagging

Amazon EKS clusters run containerized applications on a set of nodes. Customers pay for EKS cluster hours and the underlying AWS resources including nodes (EC2 instances), load balancers, and EBS volumes. To measure revenue with Partner Revenue Measurement, you must tag both the Kubernetes cluster and its underlying AWS resources.

Note

The tag value must use the format pc:product-code, where product-code is your AWS Marketplace product code. To retrieve your product code, see Product Code Retrieval.

Tagging the Kubernetes cluster

You can add tags to new or existing Kubernetes clusters using the Amazon EKS console, eksctl, AWS CLI, AWS API, or infrastructure-as-code tools like Terraform.

  • New clusters – Apply tags during cluster creation using the tags parameter on the CreateCluster API action.

  • Existing clusters – Apply tags using the TagResource API, or the Tags tab in the Amazon EKS console.

  • Terraform – Use the tags argument when creating an EKS cluster. For more information, see Terraform EKS cluster resource.

aws eks tag-resource \
  --resource-arn arn:aws:eks:region:account-id:cluster/cluster-name \
  --tags aws-apn-id=pc:5ugbbrmu7ud3u5hsipfzug61p

Tagging nodes within a node group

Amazon EKS clusters can schedule pods on any combination of self-managed nodes and EKS managed nodes. In all cases, ensure nodes are tagged with aws-apn-id using the format pc:product-code.

  • Managed nodes – Use a custom launch template with the TagSpecification parameter to specify tags to apply to nodes (EC2 instances) in the node group. For example:

    "TagSpecifications": [
  {
    "ResourceType": "instance",
    "Tags": [
      {
        "Key": "aws-apn-id",
        "Value": "pc:5ugbbrmu7ud3u5hsipfzug61p"
      }
    ]
  }
]

    You can launch a managed node group with a custom launch template using the EKS API, AWS CLI, CloudFormation, or the EKS console. For more information, see Launch template support.

  • Self-managed nodes – Apply tags by creating a node group with eksctl using the tags parameter. Tags are applied to all EC2 instances created as part of the node group. You can also apply tags using the AWS Management Console. For more information, see Tagging your Amazon EC2 resources.

Tagging load balancers

The AWS Load Balancer Controller manages Elastic Load Balancers for a Kubernetes cluster.

  • Application Load Balancer (ALB) – The controller creates an ALB when you create a Kubernetes Ingress. To tag ALBs, add the following annotation to the Ingress:

    alb.ingress.kubernetes.io/tags: aws-apn-id=pc:5ugbbrmu7ud3u5hsipfzug61p

    For more information, see Application load balancing on Amazon EKS.

  • Network Load Balancer (NLB) – The controller creates an NLB when you create a Kubernetes Service of type LoadBalancer using IP targets. To tag NLBs, add the following annotation to the Service:

    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: aws-apn-id=pc:5ugbbrmu7ud3u5hsipfzug61p

    For more information, see Network load balancing on Amazon EKS.

Tagging EBS volumes

The Amazon EBS Container Storage Interface (CSI) driver provides a CSI interface that allows Amazon EKS clusters to manage the lifecycle of EBS volumes. To add tags to dynamically provisioned EBS volumes, use the --extra-tags command option in the CSI driver. For detailed instructions, see the Amazon EBS CSI driver documentation.

Fargate on EKS

Fargate on EKS is not supported for Partner Revenue Measurement resource tagging.

Isolating partner solution resources on a shared EKS cluster

If a customer runs both partner solution workloads and other workloads in the same EKS cluster, you cannot tag the cluster itself (the control plane). Instead, tag only the load balancers and the nodes running partner solution workloads. To isolate the workloads, use Kubernetes affinities and taints.

  1. Create a partner-solution-only node group.

    • Tag this node group following the instructions in Tagging nodes within a node group.

    • Add a taint with effect NO_SCHEDULE.

    • Add a label (for example, partner-solution: "true").

  2. Create partner solution pods.

    • Add a toleration to the pods with a key/value matching the taint from step 1 and an effect of NoSchedule.

    • Add a requiredDuringSchedulingIgnoredDuringExecution affinity with a matchExpression that matches the label from step 1.

Steps 1 and 2a prevent non-partner-solution pods from deploying on partner solution nodes. Steps 1b and 2b prevent partner solution pods from deploying on non-partner-solution nodes. No changes are required to existing non-partner-solution pods or nodes.

For more information, see: