Adding tags and labels to clusters

You can assign a tag to Red Hat OpenShift on IBM Cloud clusters to help manage your IBM Cloud resources. For example, you might add key:value tags to your cluster and other cloud resources so that your billing department track resources, such as costctr:1234. Tags are visible account-wide. For more information, see Working with tags.

Tags are not the same thing as Kubernetes labels. Kubernetes labels are key:value pairs that can be used as selectors for the resources that are in your cluster, such as adding a label to worker pool to deploy an app to only certain worker nodes. Tags are an IBM Cloud tool that you can use to filter your IBM Cloud resources, such as clusters, storage devices, or Watson services.

Do not include personal information in your tags. Learn more about securing your personal information when you work with Kubernetes resources.

Choose among the following options:

Create a cluster in the console with a tag. You can't create a cluster with a tag in the CLI.
Add tags to an existing cluster in the console or CLI.

Adding tags to clusters with the console

Log in to the IBM Cloud clusters console.
Select a cluster with existing tags.
Next to the cluster name and status, click the Edit tags pencil icon. If your cluster does not have any existing tags, you don't have an Edit tags pencil icon. Instead, use the resource list or CLI.
Enter the tag that you want to add to your cluster. To assign a key-value pair, use a colon such as costctr:1234.

Adding tags to clusters with the CLI

Log in to the IBM Cloud CLI.
```
ibmcloud login [--sso]
```
Tag your cluster. Replace the --resource-name with the name of your cluster. To list available clusters, run ibmcloud oc cluster ls. If you want to check your existing tags so as not to duplicate any, run ibmcloud resource tags.
```
ibmcloud resource tag-attach --resource-name <cluster_name> --tag-names <tag1,tag2>
```
If you have more than one resource of the same name in your IBM Cloud account, the error message lists the resource CRNs and details, and instructs you to try again with the --resource-idoption.

Adding labels to existing worker pools

You can assign a worker pool a label when you create the worker pool, or later by following these steps. After a worker pool is labeled, all existing and subsequent worker nodes get this label. You might use labels to deploy specific workloads only to worker nodes in the worker pool, such as edge nodes for load balancer network traffic.

Do not include personal information in your labels. Learn more about securing your personal information when you work with Kubernetes resources.

Before you begin: Access your Red Hat OpenShift cluster.

List the worker pools in your cluster.

ibmcloud oc worker-pool ls --cluster <cluster_name_or_ID>

List the existing custom labels on worker nodes in the worker pool that you want to label.
```
ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <pool>
```
Label the worker pool with a key=value label. When you set a worker pool label, all the existing custom labels are replaced. To keep any existing custom labels on the worker pool, include those labels with this option.

You can also rename an existing label by assigning the same key a new value. However, don't modify the worker pool or worker node labels that are provided by default because these labels are required for worker pools to function properly. Modify only custom labels that you previously added.
```
ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label <key=value>
```
Example to set <key>: <value> as a new custom label in a worker pool with existing labels team: DevOps and app: test:
```
ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label <key=value> --label team=DevOps --label app=test
```
Verify that the worker pool and worker node have the key=value label that you assigned.
- To check worker pools:
```
ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
```
- To check worker nodes:
  1. List the worker nodes in the worker pool and note the Private IP.
```
ibmcloud oc worker ls --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
```
  2. Review the Labels field of the output.
```
oc describe node <worker_node_private_IP>
```
    Example output for an added label (app=test):
```
Labels:   app=test
arch=amd64
...
```
    Example output for a removed label (the app=test label is gone):
```
Labels:   arch=amd64
...
```
Optional: To remove an individual label from a worker pool, you can run the ibmcloud oc worker-pool label set command with only the custom labels that you want to keep. To remove all custom labels from a worker pool, you can run the ibmcloud oc worker-pool label rm command.

Do not remove the worker pool and worker node labels that are provided by default because these labels are required for worker pools to function properly. Remove only custom labels that you previously added.

Example to keep only the team: DevOps and app: test labels and remove all other custom labels from a worker pool:
```
ibmcloud oc worker-pool label set --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --label team=DevOps --label app=test
```
Example to remove all custom label from a worker pool:
```
ibmcloud oc worker-pool label rm --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
```

After you label your worker pool, you can use the label in your app deployments so that your workloads run on only these worker nodes, or taints to prevent deployments from running on these worker nodes.