Tags Policy
Last updated
Was this helpful?
v0.7
Last updated
Was this helpful?
Managing resources in Kubernetes often requires categorizing and grouping resources for better visibility and analysis. A common use case is cost allocation. By analyzing Kubernetes labels, teams can identify which departments consume the most resources. However, this is only possible if the relevant tags are propagated as Kubernetes labels.
The Tags Policy feature in Devtron allows you to enforce a tag that must be provided before application creation or before deployment to an environment. For example, you can create a tag named team and if it is propagated as labels to Kubernetes resources, you can easily audit the team-wise usage and resource consumption by its tag. Additionally, you can enforce deployment-specific rules for your applications if required tags are missing.
Go to Global Configurations → Tags Policy.
Click + Add Tag.
Suggested tags/Mandatory tags - You can either suggest tags or make them mandatory when creating applications:
If you want the person creating an application to compulsarily provide a tag, use Mandatory tags. Mandatory tags have two consequences:
Blocks application creation if the required tag is not provided.
Blocks deployment if restriction is enforced.
Select Project(s) - To mandate a tag, you must provide a project where this policy should apply. All applications in the project will require the mandatory tag to be entered. Whereas, suggested tags are shown as suggestions globally (i.e., for all apps).
Tag Key - Enter the key from the key-value pair (tag), e.g., Business Unit, Team, Owner.
Value Choices - Here, you can create a list of values for the key-value pair (tag). A tag value can be a free text or you can restrict it to a set of values for the user to choose from.
You may enable Allow Custom Input to give the user a choice to enter their own value if it is unavailable in the list. Or you may skip creating the list of choices altogether so that your user can enter their own value.
Description - Write a brief description explaining the significance of the tag.
Allow/Block Deployments - Mandatory tags additionally let you define what should happen if users do not configure them in the intended projects:
Allow deployments - Use this option if you want to allow the user to deploy an existing application where mandatory tags are not configured yet.
Block deployment stages of all environments - This will prevent the user from deploying an existing application to all environments if mandatory tags are not configured.
In suggested tags: When you enable/disable tag propagation, users can still disable/enable it during app creation, ensuring its tags propagate to associated Kubernetes resources.
In mandatory tags: When you enable/disable tag propagation, users do not get the option to change the propagation setting.
(Optional) Click the + option to create more suggested tags or more mandatory tags in one go.
Click Save to create the tag(s).
You can edit an existing tag key to do the following:
Modify the tag key
Add/remove value choices
Tweak the description
Change deployment restrictions
Add or remove projects
Convert Tags from Suggested to Mandatory (or vice versa)
Enable/Disable the propagation of tags
Once done, click Update to apply the changes.
You may use the checkboxes to add/remove projects from multiple tags at once as shown below.
If you delete a 'Suggested Tag', it will no longer show up as a suggestion to your users while adding tags. If it's a 'Mandatory Tag', the deployment rules (if any, associated with that tag) will no longer be enforced.
However, this action will not delete the applied tag from existing applications.
If you wish to delete multiple tags, you may use the checkboxes to select the tags and delete them from the floating widget as shown below.
The mandatory tag is available for users to configure after they select the project in the app creation page. It is marked by a red asterisk.
For an existing application, users can configure it from the Overview page of the application.
In a project where mandatory tags are enabled, if the user does not provide values for the mandatory tags, the user cannot create an app in that project.
Users can see a dropdown list of your suggested tags while creating a new app or on the Overview page of an existing application.
The same is true for auto-triggering deployment pipelines. A new image available after the build stage will not auto-trigger the deployment pipeline due to the missing mandatory tags.
If you just want to offer tag suggestions, use Suggested tags. These will appear as when adding tags to applications globally, and users can optionally use them if needed.
Block deployment stages of prod environments - Use this option if you want to prevent the user from deploying an existing application to , if mandatory tags are not configured.
Block deployment stages of non-prod enviroments - Use this option if you want to prevent the user from deploying an existing application to , if mandatory tags are not configured.
Propagate Tag - By default, tags assigned to applications in Devtron are not automatically propagated to Kubernetes resources as labels. For more information on how labels function in Kubernetes, refer to the .
If an existing application belongs to a project where mandatory tags are enabled along with deployment restrictions, if the user does not provide values for the mandatory tags, they cannot deploy that app to the intended environment (check step 9 of ).
Similarly, if deployment restrictions apply due to missing mandatory tags, users cannot deploy apps to the intended environment from the .
If a user attempts to that contains applications with missing mandatory tags, the deployment will be blocked if restrictions apply.
