Skip to content

Add aws-apn-id PRM tag to AWS EKS sample cluster configs#172

Merged
VWang1111 merged 3 commits into
mainfrom
feat.aws-apn-id-prm-tag
Jun 23, 2026
Merged

Add aws-apn-id PRM tag to AWS EKS sample cluster configs#172
VWang1111 merged 3 commits into
mainfrom
feat.aws-apn-id-prm-tag

Conversation

@VWang1111

@VWang1111 VWang1111 commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Proposed changes

Tags AWS deployments with aws-apn-id = pc:ajk5xy316takzneuu4ykhhj8c for AWS Partner Relationship Management (PRM) attribution. The tag is metadata-only (no cost, no runtime effect) and is highly recommended to leave in place.

The value follows the PRM manual-tagging canonical format pc:<product-code>pc: prefix, no space.

AWS does not propagate tags across resource types, so the tag is applied at each layer that creates AWS resources — scoped entirely to AWS sample files so non-AWS deployments are unaffected:

  • EKS cluster, networking, and EC2 nodes — added to all four *.cluster-config.yaml files at metadata.tags (cluster + CloudFormation stacks) and on every managedNodeGroups[].tags (EKS nodegroup → ASG → EC2 instances, via the existing propagateASGTags: true). Both levels are required: metadata.tags alone does not reach the instances.
  • Load balancers (NLB/ALB) — created at runtime by the AWS Load Balancer Controller / in-tree cloud provider, not by eksctl, and do not inherit cluster tags. The four AWS *.values.yaml samples include a commented service.annotations example with service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags; it rides along when a user uncomments type: LoadBalancer, tagging the provisioned LB.
  • EBS volumes — only used for billing journals when billing.journal.aws.efs.enabled: false (EFS is the default, so no sample hits this path). Documented in samples/README.md: point billing.journal.storageClass at an ebs.csi.aws.com StorageClass with parameters.tagSpecification_1, or set the EBS CSI driver --extra-tags.
  • EFS file system — customer-created outside this chart; tag at creation time. Documented in samples/README.md.

Validation (live EKS cluster)

Beyond YAML/syntactic checks, I deployed a real cluster via eksctl using the same tagging mechanism as the samples, plus a type: LoadBalancer NLB Service carrying the sample's exact annotation, and confirmed aws-apn-id=pc:ajk5xy316takzneuu4ykhhj8c landed verbatim on every resource type:

Resource source result
EKS cluster eks describe-cluster
CloudFormation stacks (cluster + nodegroup) cloudformation describe-stacks
Auto Scaling Group autoscaling describe-auto-scaling-groups
EC2 instance ec2 describe-instances
NLB (load balancer) elbv2 describe-tags

The NLB result confirms the value passes through the cloud provider's tag parser unmangled (the no-space form removes the earlier ambiguity). Test cluster torn down after verification. See the comment thread for details.

Safety: non-AWS deployments are provably unaffected

No chart templates and not the default charts/deepgram-self-hosted/values.yaml were modified — every change lives in AWS-only sample files (commented/uncommentable), samples/README.md, and CHANGELOG.md. GCP (02), on-premises (03), aura-2 (04/06), Docker, and Podman deployments render byte-for-byte identically.

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update or tests (if none of the other choices apply)

Checklist

  • I have read the CONTRIBUTING doc
  • I have tested my changes in my local self-hosted environment
    • Deployed an EKS cluster via eksctl (us-west-2) exercising metadata.tags + managedNodeGroups[].tags + propagateASGTags, plus an NLB Service with the sample annotation. Verified the aws-apn-id tag landed verbatim on the cluster, both CloudFormation stacks, the ASG, the EC2 instance, and the NLB. Cluster torn down afterward.
  • I have added necessary documentation (if appropriate)

Further comments

Tag value confirmed canonical against the PRM manual-tagging guide: pc: prefix, no space.

@VWang1111
Add aws-apn-id PRM tag to AWS EKS sample cluster configs
a87f038 
Adds the `aws-apn-id` tag (value `pc: ajk5xy316takzneuu4ykhhj8c`) to all
four AWS eksctl ClusterConfig samples, at both the cluster level
(`metadata.tags`) and on every managed node group
(`managedNodeGroups[].tags`). The per-node-group tags, combined with the
existing `propagateASGTags: true`, ensure the tag reaches the EC2
instances; `metadata.tags` alone tags only the cluster/stack resources.

This metadata-only tag identifies the deployment to AWS for Partner
Relationship Management (PRM) attribution and has no cost or runtime
effect. Each location carries a public-facing comment explaining its
purpose, linking the AWS PRM onboarding docs, and noting it is highly
recommended to leave in place.

Scope is AWS-only: GCP, on-prem, Docker, Podman, and the Helm chart
(values.yaml + templates) are untouched. Documented in the chart
CHANGELOG (Unreleased) and samples/README.md.
@VWang1111 VWang1111 requested review from a team and therealevanhenry as code owners June 22, 2026 06:14
@VWang1111
Extend aws-apn-id PRM tag to load balancers and document EBS/EFS
21c1ad0 
Full-coverage follow-up to the cluster/node tagging. Adds the PRM tag to
the AWS resources the chart can create at runtime, scoped so non-AWS
deployments are completely unaffected:

- Load balancers: add a commented
  `service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags`
  annotation (aws-apn-id=pc: ajk5xy316takzneuu4ykhhj8c) to the
  `service.annotations` example in all four AWS sample values files
  (01, 05, 07, voice-agent/aws/self-hosted-llm). It rides along when a
  user uncomments `type: LoadBalancer`, tagging the provisioned NLB/ALB.
- EBS / EFS: documented in samples/README.md (EBS via a StorageClass
  `tagSpecification`/CSI `--extra-tags`; EFS at filesystem creation),
  since EBS journals are a non-default path (EFS is the default) and the
  EFS filesystem is customer-created.

No chart templates or the default values.yaml were changed, so GCP,
on-premises, Docker, Podman, and generic Kubernetes deployments render
identically and cannot fail. All additions live in AWS-only sample files
(commented/uncommentable) plus the samples README and CHANGELOG.
@jkroll-deepgram

jkroll-deepgram commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

@VWang1111 The intent of the PR is great. The validation is syntactic so far (YAML parse + presence).

Can you also confirm (1) whether the value should carry the pc: prefix, and (2) whether the space survives the LB controller's tag parser at runtime? A wrong or mangled value could fail silently. Can you confirm the canonical value before a merge?

@VWang1111
Fix PRM tag value to canonical no-space form (pc:<product-code>)
f099385 
Per the AWS PRM manual tagging guide, the aws-apn-id value format is
`pc:<product-code>` with no space (example `pc:5ugbbrmu7ud3u5hsipfzug61p`),
and best practice is to "ensure 'pc:' prefix in value". The earlier value
included a space after the colon (`pc: ajk5x...`), which was non-canonical
and risked being mangled by the load balancer controller's tag parser.

Updated all occurrences to `pc:ajk5xy316takzneuu4ykhhj8c` across the AWS
cluster-config files, the load balancer annotation in the AWS values
samples, the samples README, and the CHANGELOG.

Ref: https://docs.aws.amazon.com/PRM/latest/aws-prm-onboarding-guide/manual-tagging.html
@VWang1111

VWang1111 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Confirmed the canonical value and validated end-to-end on a live EKS cluster.

1. pc: prefix — yes, but no space. Per the AWS PRM manual tagging guide: Tag Key aws-apn-id, Tag Value pc:<product-code> (example pc:5ugbbrmu7ud3u5hsipfzug61p), best practice "ensure 'pc:' prefix in value." The prefix is required; the space after the colon was non-canonical. Canonical value is pc:ajk5xy316takzneuu4ykhhj8c (no space). Fixed in f099385 across all cluster configs, the LB annotation, README, and CHANGELOG.

2. Does it survive the LB parser? Removing the space makes it unambiguous, and I verified it lands intact at runtime. I stood up an EKS cluster via eksctl using the same tagging mechanism as the samples (metadata.tags + managedNodeGroups[].tags + propagateASGTags: true), plus a type: LoadBalancer Service carrying the sample's exact annotation:

service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "aws-apn-id=pc:ajk5xy316takzneuu4ykhhj8c"

Tag value observed on every resource type (verbatim, no mangling):

Resource aws-apn-id value source
EKS cluster pc:ajk5xy316takzneuu4ykhhj8c eks describe-cluster
CloudFormation stacks (cluster + nodegroup) pc:ajk5xy316takzneuu4ykhhj8c cloudformation describe-stacks
Auto Scaling Group pc:ajk5xy316takzneuu4ykhhj8c autoscaling describe-auto-scaling-groups
EC2 instance pc:ajk5xy316takzneuu4ykhhj8c ec2 describe-instances
NLB (load balancer) pc:ajk5xy316takzneuu4ykhhj8c elbv2 describe-tags

The NLB tag confirms the annotation value passes through the cloud provider's tag parser unmangled. Test cluster has been torn down.

@VWang1111 VWang1111 merged commit 246e910 into main Jun 23, 2026
2 checks passed
@VWang1111 VWang1111 deleted the feat.aws-apn-id-prm-tag branch June 23, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkroll-deepgram jkroll-deepgram jkroll-deepgram approved these changes
@therealevanhenry therealevanhenry Awaiting requested review from therealevanhenry therealevanhenry is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@VWang1111 @jkroll-deepgram