Standard Pod Labels Convention

Beginner

Apply consistent labels to all Kubernetes resources using the recommended label taxonomy — app.kubernetes.io labels for identification, versioning, and component classification.

File Patterns

**/*.yaml**/*.yml**/k8s/****/kubernetes/****/manifests/**

This rule applies to files matching the patterns above.

Rule Content

rule-content.md

# Standard Pod Labels Convention

## Rule
All Kubernetes resources MUST include the standard `app.kubernetes.io` label set for consistent identification, selection, and tooling integration.

## Required Labels
```yaml
metadata:
  labels:
    app.kubernetes.io/name: myapp          # Application name
    app.kubernetes.io/instance: myapp-prod # Unique instance identifier
    app.kubernetes.io/version: "2.1.0"     # Application version
    app.kubernetes.io/component: api       # Component within architecture
    app.kubernetes.io/part-of: platform    # Higher-level application
    app.kubernetes.io/managed-by: helm     # Tool managing this resource
```

## Good Examples
```yaml
# API Deployment
metadata:
  name: payment-api
  labels:
    app.kubernetes.io/name: payment-api
    app.kubernetes.io/instance: payment-api-prod
    app.kubernetes.io/version: "3.2.1"
    app.kubernetes.io/component: api
    app.kubernetes.io/part-of: payment-platform
    app.kubernetes.io/managed-by: argocd
    team: payments
    environment: production

# Database StatefulSet
metadata:
  name: payment-db
  labels:
    app.kubernetes.io/name: payment-db
    app.kubernetes.io/instance: payment-db-prod
    app.kubernetes.io/version: "16.2"
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: payment-platform
    app.kubernetes.io/managed-by: helm
```

## Bad Examples
```yaml
# BAD: No labels
metadata:
  name: my-deployment

# BAD: Non-standard labels only
metadata:
  labels:
    app: myapp
    role: backend

# BAD: Missing version and component
metadata:
  labels:
    app.kubernetes.io/name: myapp
```

## Why Labels Matter
- **Service selection**: Services use label selectors to route traffic
- **Monitoring**: Prometheus discovers targets via labels
- **Cost allocation**: Labels enable per-team/per-app cost tracking
- **GitOps**: ArgoCD and Flux use labels for resource management

## Enforcement
- Use OPA Gatekeeper or Kyverno to require minimum label set
- Helm chart templates should include labels by default
- CI validation to reject manifests without required labels

FAQ

Discussion

Loading comments...

# Standard Pod Labels Convention ## Rule All Kubernetes resources MUST include the standard `app.kubernetes.io` label set for consistent identification, selection, and tooling integration. ## Required Labels ```yaml metadata: labels: app.kubernetes.io/name: myapp # Application name app.kubernetes.io/instance: myapp-prod # Unique instance identifier app.kubernetes.io/version: "2.1.0" # Application version app.kubernetes.io/component: api # Component within architecture app.kubernetes.io/part-of: platform # Higher-level application app.kubernetes.io/managed-by: helm # Tool managing this resource ``` ## Good Examples ```yaml # API Deployment metadata: name: payment-api labels: app.kubernetes.io/name: payment-api app.kubernetes.io/instance: payment-api-prod app.kubernetes.io/version: "3.2.1" app.kubernetes.io/component: api app.kubernetes.io/part-of: payment-platform app.kubernetes.io/managed-by: argocd team: payments environment: production # Database StatefulSet metadata: name: payment-db labels: app.kubernetes.io/name: payment-db app.kubernetes.io/instance: payment-db-prod app.kubernetes.io/version: "16.2" app.kubernetes.io/component: database app.kubernetes.io/part-of: payment-platform app.kubernetes.io/managed-by: helm ``` ## Bad Examples ```yaml # BAD: No labels metadata: name: my-deployment # BAD: Non-standard labels only metadata: labels: app: myapp role: backend # BAD: Missing version and component metadata: labels: app.kubernetes.io/name: myapp ``` ## Why Labels Matter - **Service selection**: Services use label selectors to route traffic - **Monitoring**: Prometheus discovers targets via labels - **Cost allocation**: Labels enable per-team/per-app cost tracking - **GitOps**: ArgoCD and Flux use labels for resource management ## Enforcement - Use OPA Gatekeeper or Kyverno to require minimum label set - Helm chart templates should include labels by default - CI validation to reject manifests without required labels