Merge pull request #186839 from erik-ha-msft/erikha-aks-reserved-labels

laurabren · web-flow · commit a437abb7cf44 · 2022-03-24T13:39:12.000-07:00
Initial creation of use-labels.md
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -226,6 +226,8 @@
           href: kubernetes-portal.md
         - name: Use tags
           href: use-tags.md
+        - name: Use labels
+          href: use-labels.md
     - name: Security and authentication
       items:
         - name: Overview of Defender for Containers
diff --git a/articles/aks/use-labels.md b/articles/aks/use-labels.md
@@ -0,0 +1,194 @@
+---
+title: Use labels in an Azure Kubernetes Service (AKS) cluster
+description: Learn how to use labels in an Azure Kubernetes Service (AKS) cluster.
+author: erik-ha-msft
+ms.author: erikha
+ms.service: container-service
+ms.topic: how-to 
+ms.date: 03/03/2022
+ms.custom: template-how-to
+#Customer intent: As a cluster operator, I want to learn how to use labels in an AKS cluster so that I can set scheduling rules for nodes.
+---
+
+# Use labels in an Azure Kubernetes Service (AKS) cluster
+
+If you have multiple node pools, you may want to add a label during node pool creation. [These labels][kubernetes-labels] are visible in Kubernetes for handling scheduling rules for nodes. You can add labels to a node pool anytime, and they'll be set on all nodes in the node pool.
+
+In this how-to guide, you'll learn how to use labels in an AKS cluster.
+
+## Prerequisites
+
+You need the Azure CLI version 2.2.0 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
+
+## Create an AKS cluster with a label
+
+To create an AKS cluster with a label, use [az aks create][az-aks-create]. Specify the `--node-labels` parameter to set your labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax].
+
+```azurecli-interactive
+az aks create \
+    --resource-group myResourceGroup \
+    --name myAKSCluster \
+    --node-count 2 \
+    --nodepool-labels dept=IT costcenter=9000
+```   
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=9000" -e "dept=IT"
+```
+
+## Create a node pool with a label
+
+To create a node pool with a label, use [az aks nodepool add][az-aks-nodepool-add]. Specify the name *labelnp* and use the `--labels` parameter to specify *dept=HR* and *costcenter=5000* for labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax]
+
+```azurecli-interactive
+az aks nodepool add \
+    --resource-group myResourceGroup \
+    --cluster-name myAKSCluster \
+    --name labelnp \
+    --node-count 1 \
+    --labels dept=HR costcenter=5000 \
+    --no-wait
+```
+
+The following example output from the [az aks nodepool list][az-aks-nodepool-list] command shows that *labelnp* is *Creating* nodes with the specified *nodeLabels*:
+
+```azurecli
+az aks nodepool list -g myResourceGroup --cluster-name myAKSCluster
+
+```output
+[
+  {
+    ...
+    "count": 1,
+    ...
+    "name": "labelnp",
+    "orchestratorVersion": "1.15.7",
+    ...
+    "provisioningState": "Creating",
+    ...
+    "nodeLabels":  {
+      "costcenter": "5000",
+      "dept": "HR"
+    },
+    ...
+  },
+ ...
+]
+```
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=5000" -e "dept=HR"
+```
+
+## Updating labels on existing node pools
+
+To update a label on existing node pools, use [az aks nodepool update][az-aks-nodepool-update]. Updating labels on existing node pools will overwrite the old labels with the new labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax].
+
+```azurecli-interactive
+az aks nodepool update \
+    --resource-group myResourceGroup \
+    --cluster-name myAKSCluster \
+    --name labelnp \
+    --labels dept=ACCT costcenter=6000 \
+    --no-wait
+```
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=6000" -e "dept=ACCT"
+```
+
+## Unavailable labels
+
+### Reserved system labels
+
+Since the [2021-08-19 AKS release][aks-release-2021-gh], Azure Kubernetes Service (AKS) has stopped the ability to make changes to AKS reserved labels. Attempting to change these labels will result in an error message.
+
+The following labels are reserved for use by AKS. *Virtual node usage* specifies if these labels could be a supported system feature on virtual nodes. 
+
+Some properties that these system features change aren't available on the virtual nodes, because they require modifying the host.
+
+| Label | Value | Example/Options | Virtual node usage |
+| ---- | --- | --- | --- |
+| kubernetes.azure.com/agentpool | \<agent pool name> | nodepool1 | Same |
+| kubernetes.io/arch | amd64 | runtime.GOARCH | N/A |
+| kubernetes.io/os | \<OS Type> | Linux/Windows | Same |
+| node.kubernetes.io/instance-type | \<VM size> | Standard_NC6 | Virtual |
+| topology.kubernetes.io/region | \<Azure region> | westus2 | Same |
+| topology.kubernetes.io/zone | \<Azure zone> | 0 | Same |
+| kubernetes.azure.com/cluster | \<MC_RgName> | MC_aks_myAKSCluster_westus2 | Same |
+| kubernetes.azure.com/mode | \<mode> | User or system | User |
+| kubernetes.azure.com/role | agent | Agent | Same |
+| kubernetes.azure.com/scalesetpriority | \<VMSS priority> | Spot or regular | N/A |
+| kubernetes.io/hostname | \<hostname> | aks-nodepool-00000000-vmss000000 | Same |
+| kubernetes.azure.com/storageprofile | \<OS disk storage profile> | Managed | N/A |
+| kubernetes.azure.com/storagetier | \<OS disk storage tier> | Premium_LRS | N/A |
+| kubernetes.azure.com/instance-sku | \<SKU family> | Standard_N | Virtual |
+| kubernetes.azure.com/node-image-version | \<VHD version> | AKSUbuntu-1804-2020.03.05 | Virtual node version |
+| kubernetes.azure.com/subnet | \<nodepool subnet name> | subnetName | Virtual node subnet name |
+| kubernetes.azure.com/vnet | \<nodepool vnet name> | vnetName | Virtual node virtual network |
+| kubernetes.azure.com/ppg  | \<nodepool ppg name> | ppgName | N/A |
+| kubernetes.azure.com/encrypted-set | \<nodepool encrypted-set name> | encrypted-set-name | N/A |
+| kubernetes.azure.com/accelerator | \<accelerator> | nvidia | N/A |
+| kubernetes.azure.com/fips_enabled | \<is fips enabled?> | true | N/A |
+| kubernetes.azure.com/os-sku | \<os/sku> | [Create or update OS SKU][create-or-update-os-sku] | Linux |
+
+* *Same* is included in places where the expected values for the labels don't differ between a standard node pool and a virtual node pool. As virtual node pods don't expose any underlying virtual machine (VM), the VM SKU values are replaced with the SKU *Virtual*.
+* *Virtual node version* refers to the current version of the [virtual Kubelet-ACI connector release][virtual-kubelet-release].
+* *Virtual node subnet name* is the name of the subnet where virtual node pods are deployed into Azure Container Instance (ACI).
+* *Virtual node virtual network* is the name of the virtual network, which contains the subnet where virtual node pods are deployed on ACI.
+
+### Reserved prefixes
+
+The following list of prefixes are reserved for usage by AKS and can't be used for any node. 
+
+* kubernetes.azure.com/
+* kubernetes.io/
+
+For additional reserved prefixes, see [Kubernetes well-known labels, annotations, and taints][kubernetes-well-known-labels].
+
+### Deprecated labels
+
+The following labels are planned for deprecation with the release of [Kubernetes v1.24][aks-release-calendar]. Customers should change any label references to the recommended substitute. 
+
+| Label | Recommended substitute | Maintainer |
+| --- | --- | --- |
+| failure-domain.beta.kubernetes.io/region | topology.kubernetes.io/region | [Kubernetes][kubernetes-labels]
+| failure-domain.beta.kubernetes.io/zone | topology.kubernetes.io/zone | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/arch | kubernetes.io/arch | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/instance-type | node.kubernetes.io/instance-type | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/os  | kubernetes.io/os | [Kubernetes][kubernetes-labels]
+| node-role.kubernetes.io/agent* | kubernetes.azure.com/role=agent | Azure Kubernetes Service
+| kubernetes.io/role* | kubernetes.azure.com/role=agent | Azure Kubernetes Service
+| Agentpool* | kubernetes.azure.com/agentpool | Azure Kubernetes Service
+| Storageprofile* | kubernetes.azure.com/storageprofile | Azure Kubernetes Service
+| Storagetier* | kubernetes.azure.com/storagetier | Azure Kubernetes Service
+| Accelerator* | kubernetes.azure.com/accelerator | Azure Kubernetes Service
+
+*Newly deprecated. For more information, see [Release Notes][aks-release-notes-gh] on when these labels will no longer be maintained.
+
+## Next steps
+
+Learn more about Kubernetes labels at the [Kubernetes labels documentation][kubernetes-labels].
+
+<!-- LINKS - external -->
+[aks-release-2021-gh]: https://github.com/Azure/AKS/releases/tag/2021-08-19
+[aks-release-notes-gh]: https://github.com/Azure/AKS/releases
+[kubernetes-labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+[kubernetes-label-syntax]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
+[kubernetes-well-known-labels]: https://kubernetes.io/docs/reference/labels-annotations-taints/
+[virtual-kubelet-release]: https://github.com/virtual-kubelet/azure-aci/releases
+
+<!-- LINKS - internal -->
+[aks-release-calendar]: ./supported-kubernetes-versions.md#aks-kubernetes-release-calendar
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-nodepool-add]: /cli/azure/aks#az-aks-nodepool-add
+[az-aks-nodepool-list]: /cli/azure/aks/nodepool#az-aks-nodepool-list
+[az-aks-nodepool-update]: /cli/azure/aks/nodepool#az-aks-nodepool-update
+[create-or-update-os-sku]: /rest/api/aks/agent-pools/create-or-update#ossku
+[install-azure-cli]: /cli/azure/install-azure-cli
