IBM Cloud Docs
Tagging and labeling clusters and services

Tagging and labeling clusters and services

When you create a cluster, services or resources that are created and used by that cluster are tagged to indicate which cluster is using them. You can also manually tag Red Hat OpenShift on IBM Cloud clusters to help manage your IBM Cloud resources. For example, you might add key:value tags to your cluster and other cloud resources so that your billing department track resources, such as costctr:1234. Tags are visible account-wide. For more information, see Working with tags.

  • Service tags added to services used by Red Hat OpenShift on IBM Cloud are in the format containers-kubernetes:cluster:CLUSTER-ID.
  • Service tags are added asynchronously after services are provisioned and can take some time to appear.
  • Service tags cannot be modified or deleted by the customer only the service that creates them.
  • User tags are added manually by users in the account.
  • The following resources are tagged with Red Hat OpenShift on IBM Cloud service tags.
    • Secondary storage volumes.

Tags are not the same thing as Kubernetes labels. Kubernetes labels are key:value pairs that can be used as selectors for the resources that are in your cluster, such as adding a label to worker pool to deploy an app to only certain worker nodes. Tags are an IBM Cloud tool that you can use to filter your IBM Cloud resources, such as clusters, storage devices, or Watson services.

Do not include personal information in your tags. Learn more about securing your personal information when you work with Kubernetes resources.

Finding IBM Cloud resources with service tags from a specific cluster

  1. Get your cluster ID.
    ibmcloud oc cluster ls
  2. To find a list of services that were created or are being used by that cluster, run the following command.
    ibmcloud resource search 'service_tags:"containers-kubernetes:cluster:CLUSTER-ID"'
    Example command.
    ibmcloud resource search 'service_tags:"containers-kubernetes:cluster:d4f0si2w06ftldhe3s80"'

Manually adding user tags to clusters in the console

  1. Log in to the IBM Cloud clusters console.

  2. Select a cluster with existing tags.

  3. Next to the cluster name and status, click the Edit tags pencil icon. If your cluster does not have any existing tags, you don't have an Edit tags pencil icon. Instead, use the resource list or CLI.

  4. Enter the tag that you want to add to your cluster. To assign a key-value pair, use a colon such as costctr:1234.

Manually adding user tags to clusters by using the CLI

  1. Log in to the IBM Cloud CLI.

    ibmcloud login [--sso]

  2. Tag your cluster. Replace the --resource-name with the name of your cluster. To list available clusters, run ibmcloud oc cluster ls. If you want to check your existing tags so as not to duplicate any, run ibmcloud resource tags.

    ibmcloud resource tag-attach --resource-name <cluster_name> --tag-names <tag1,tag2>

    If you have more than one resource of the same name in your IBM Cloud account, the error message lists the resource CRNs and details, and instructs you to try again with the --resource-idoption.

Manually adding labels to existing worker pools

You can assign a worker pool a label when you create the worker pool, or later by following these steps. After a worker pool is labeled, all existing and subsequent worker nodes get this label. You might use labels to deploy specific workloads only to worker nodes in the worker pool, such as edge nodes for load balancer network traffic.

Do not include personal information in your labels. Learn more about securing your personal information when you work with Kubernetes resources.

Before you begin: Access your Red Hat OpenShift cluster.

  1. List the worker pools in your cluster.

    ibmcloud oc worker-pool ls --cluster <cluster_name_or_ID>

  2. List the existing custom labels on worker nodes in the worker pool that you want to label.

    ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <pool>

  3. Label the worker pool with a key=value label. When you set a worker pool label, all the existing custom labels are replaced. To keep any existing custom labels on the worker pool, include those labels with this option.

    You can also rename an existing label by assigning the same key a new value. However, don't modify the worker pool or worker node labels that are provided by default because these labels are required for worker pools to function properly. Modify only custom labels that you previously added.

    ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label <key=value>

    Example to set <key>: <value> as a new custom label in a worker pool with existing labels team: DevOps and app: test:

    ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label <key=value> --label team=DevOps --label app=test

  4. Verify that the worker pool and worker node have the key=value label that you assigned.

    • To check worker pools:
      ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
    • To check worker nodes:
      1. List the worker nodes in the worker pool and note the Private IP.
        ibmcloud oc worker ls --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
      2. Review the Labels field of the output.
        oc describe node <worker_node_private_IP>
        Example output for an added label (app=test):
        Labels:   app=test
arch=amd64
...
        Example output for a removed label (the app=test label is gone):
        Labels:   arch=amd64
...

  5. Optional: To remove an individual label from a worker pool, you can run the ibmcloud oc worker-pool label set command with only the custom labels that you want to keep. To remove all custom labels from a worker pool, you can run the ibmcloud oc worker-pool label rm command.

    Do not remove the worker pool and worker node labels that are provided by default because these labels are required for worker pools to function properly. Remove only custom labels that you previously added.

    Example to keep only the team: DevOps and app: test labels and remove all other custom labels from a worker pool:

    ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label team=DevOps --label app=test

    Example to remove all custom label from a worker pool:

    ibmcloud oc worker-pool label rm --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>

After you label your worker pool, you can use the label in your app deployments so that your workloads run on only these worker nodes, or taints to prevent deployments from running on these worker nodes.