Create project tags

Tags provide a way to create business attributes for projects to logically organize them. You create tag key-value pairs to provide a mechanism to group projects based on characteristics you define. For example, you can create a tag with the key ENV and the value prod to indicate the project is in a production environment.

This document is for IT administrators within the platform administrator group, who are responsible for organizing and managing projects in a Google Distributed Cloud (GDC) air-gapped universe. For more information, see Audiences for GDC air-gapped documentation.

Before you begin

1. To get the permissions that you need to create a tag, ask your Organization IAM Admin to grant you the Tag Admin (tag-admin) role.

2. Set an environment variable for the zonal management API server kubeconfig file:

   export KUBECONFIG=MANAGEMENT_API_SERVER
   

   Replace MANAGEMENT_API_SERVER with the path to the kubeconfig file for the zonal management API server. For more information about generating a kubeconfig file for the API server in your targeted zone, see Zonal management API server resources.

3. Review the following tag key-value pair rules before creating a tag:

   • Tag key names must be unique within a GDC zone.
   • Tag value names can be the same, as long as they're attached to different tag keys.
   • Tag key names must not contain the string -tv.
   • Tag value names must not contain the string tv-.
   • The following rules apply to both keys and values:
     • Maximum of 25 characters in length.
     • Contains only letters, numbers, hyphens.
     • Starts with a letter.
     • Must not start with the prefix g-, such as g-project.
     • Must not contain the string -tv-.
     • Must not end with the string -system. The -system suffix is reserved for tags created by the GDC system.

Create a tag key-value pair

To create a tag key-value pair, complete the following steps:

1. Create and apply the TagKey custom resource to the platform namespace:

   kubectl apply -f --kubeconfig ${KUBECONFIG} - <<EOF
   apiVersion: resourcemanager.gdc.goog/v1alpha1
   kind: TagKey
   metadata:
     name: TAG_KEY_NAME
     namespace: platform
   spec: {}
   EOF
   

   Replace TAG_KEY_NAME with the name of the tag key.

2. Create and apply the TagValue custom resource to the tag key:

   kubectl apply -f --kubeconfig ${KUBECONFIG} - <<EOF
   apiVersion: resourcemanager.gdc.goog/v1alpha1
   kind: TagValue
   metadata:
     name: TAG_VALUE_NAME
     namespace: g-t-TAG_KEY_NAME
   spec: {}
   EOF
   

   Replace the following:

   • TAG_VALUE_NAME: the name of the tag value.
   • TAG_KEY_NAME: the name of the tag key you created in the previous step. The namespace for the tag value must be set to the system-created tag key management namespace.

3. Verify the new tag key is available:

   kubectl get tagkey TAG_KEY_NAME \
       --kubeconfig ${KUBECONFIG} \
       --namespace platform
   

   The output is similar to the following:

     NAME          AGE
     my-tagkey     5m
   

4. Verify the new tag value is available:

   kubectl get tagvalue TAG_VALUE_NAME \
       --kubeconfig ${KUBECONFIG} \
       --namespace g-t-TAG_KEY_NAME
   

   The output is similar to the following:

     NAME          AGE
     my-tagvalue   6m
   

After you create a tag key-value pair, you must add it to a project for the tag to take effect.

What's next

• Manage project tags
• Design access boundaries between resources
• Design permissioning setup