The Auto-Labeler Operator provides dynamic, rule-driven classification for Kubernetes resources. It watches Pods, Nodes, and other workload objects, evaluates them against user-defined policies, and applies labels that represent workloads’ characteristics, behaviors, or metadata. These labels can later be consumed by scheduling components or policy systems.
The operator enables platform teams to enforce consistent labeling, create intelligent scheduling hints, and build a foundation for higher-level automation.
- Provide a CRD-driven labeling engine for Pods, Nodes, and other Kubernetes resources.
- Support both static metadata classification and dynamic behavior-driven classification.
- Maintain idempotent, conflict-aware label patching.
- Enable downstream systems (e.g., schedulers, cost allocators, governance engines) to use labels as first-class signals.
- Serve as a general-purpose platform component, not tied to a specific domain such as ML or GitOps.
Users define ClassificationRule objects describing:
- the resource kinds to target
- match criteria (images, resources, annotations, namespaces, behavior)
- labels to apply
- conflict-resolution strategy
The operator applies labels based on:
- resource metadata
- resource specifications
- container images
- namespace properties
- resource requests/limits
- optional runtime metrics (future extension)
Initial support:
- Pods
- Nodes
Future extensions:
- Deployments
- Jobs
- StatefulSets
- PVCs
- Namespaces
- Only patches labels that belong to the Auto-Labeler.
- Avoids overwriting user-defined labels.
- Supports merging labels from multiple policies.
Policies can be configured to:
- overwrite
- merge
- ignore conflicts
- report conflicts via status
Each ClassificationRule maintains:
- matchedResourceCount
- lastReconciled
- conflicts
- lastError
apiVersion: labeling.example.com/v1alpha1
kind: ClassificationRule
metadata:
name: cpu-heavy-detector
spec:
targetKind: Pod
match:
resourceRequests:
cpu: "> 1"
images:
- "*/compute-*"
labels:
workloadProfile: "cpu-heavy"
schedulingHint: "isolation-preferred"
conflictPolicy: Merge- RuleController: Watches ClassificationRule objects.
- PodClassifier: Applies rules to Pods.
- NodeClassifier: Applies rules to Nodes.
- Policy evaluator
- Resource indexer
- Label patch manager
- Optional metrics ingestion (future)
- Basic CRD definition
- Pod classification
- Label patch logic
- Rule status reporting
- Node classification
- Conflict resolution
- Multi-policy merging
- Resource behavior classification (metrics-based)
- Namespace-level defaults
- Webhook for creation-time labeling
- Integration points for external schedulers
- Advanced heuristics
- Cost/capacity-aware classification
cmd/
controller-manager/
pkg/
apis/
labeling.example.com/
v1alpha1/
controllers/
rule_controller.go
pod_classifier.go
node_classifier.go
internal/
evaluator/
patcher/
matcher/
config/
crd/
manager/
rbac/
- Integration with custom scheduler
- Traffic-aware or load-aware classification
- Label-based compliance enforcement
- Multi-cluster rule propagation
Apache 2.0 (recommended)