Labels and annotations v1

Resources in Kubernetes are organized in a flat structure, with no hierarchical information or relationship between them. However, such resources and objects can be linked together and put in relationship through labels and annotations.


For more information, see the Kubernetes documentation on annotations and labels.

In brief:

  • An annotation is used to assign additional non-identifying information to resources with the goal of facilitating integration with external tools.
  • A label is used to group objects and query them through the Kubernetes native selector capability.

You can select one or more labels or annotations to use in your EDB Postgres for Kubernetes deployments. Then you need to configure the operator so that when you define these labels or annotations in a cluster's metadata, they're inherited by all resources created by it (including pods).


Label and annotation inheritance is the technique adopted by EDB Postgres for Kubernetes instead of alternative approaches such as pod templates.

Predefined labels

These predefined labels are managed by EDB Postgres for Kubernetes. : The date of the backup in ISO 8601 format (YYYYMMDD) : Backup identifier, available only on Backup and VolumeSnapshot resources : The year/month when a backup was taken : The timeline of the instance when a backup was taken : The year a backup was taken : Name of the cluster : Applied to a Backup resource if the backup is the first one created from a ScheduledBackup object having immediate set to true : Name of the PostgreSQL instance (replaces the old and deprecated postgresql label) : Role of the job (that is, import, initdb, join, ...) : Whether the backup is online (hot) or taken when Postgres is down (cold)

postgresql : deprecated, Name of the PostgreSQL instance. Use instead : Distinguishes pods dedicated to pooler deployment from those used for database instances : Name of the PgBouncer pooler : Purpose of the PVC, such as PG_DATA or PG_WAL : Available on ConfigMap and Secret resources. When set to true, a change in the resource is automatically reloaded by the operator.

role - deprecated : Whether the instance running in a pod is a primary or a replica. This label is deprecated, you should use instead. : When available, name of the ScheduledBackup resource that created a given Backup object : Whether the instance running in a pod is a primary or a replica.

Predefined annotations

These predefined annotations are managed by EDB Postgres for Kubernetes.* : Name of the AppArmor profile to apply to the named container. See AppArmor for details. : The time a backup ended. : The WAL at the conclusion of a backup. : The time a backup started. : The WAL at the start of a backup. : Filter to control the coredump of Postgres processes, expressed with a bitmask. By default it's set to 0x31 to exclude shared memory segments from the dump. See PostgreSQL core dumps for more information. : Manifest of the Cluster owning this resource (such as a PVC). This label replaces the old, deprecated label. : List of the instances that need to be fenced, expressed in JSON format. The whole cluster is fenced if the list contains the * element. : Applied to a Cluster resource for testing purposes only, to simulate the behavior of barman-cloud-backup prior to version 3.4 (Jan 2023) when the --name option wasn't available. : The hash value of the resource. : Applied to a Cluster resource to control the declarative hibernation feature. Allowed values are on and off. : Pull secrets managed by the operator and automatically set in the ServiceAccount resources for each Postgres cluster. : On a pod resource, identifies the serial number of the instance within the Postgres cluster. : Version of the operator. : Output of the pg_controldata command. This annotation replaces the old, deprecated annotation. : Deprecated, as the annotation now also contains the pod environment. : Snapshot of the spec of the pod generated by the operator. This annotation replaces the old, deprecated annotation. : Hash of the pooler resource. : Current status of the PVC: initializing, ready, or detached. : When set to disabled on a Cluster, the operator prevents instances from being restarted in case of drift in the PodSpec. PodSpec drift could be due, for example, to:

 - Changes to topology or affinity
 - Change of scheduler
 - Change to volumes or containers : When set to disabled on a Cluster, the operator prevents the reconciliation loop from running. : Contains the latest cluster reload time. reload is triggered by the user through a plugin. : When set to true on a Cluster resource, the operator disables the check that ensures that the WAL archive is empty before writing data. Use at your own risk. : When set to true on a Cluster resource, the operator disables WAL archiving. This will set archive_mode to off and require a restart of all PostgreSQL instances. Use at your own risk. : The time a snapshot started. : The time a snapshot was marked as ready to use. : When available, the time of last requested restart of a Postgres cluster.


By default, no label or annotation defined in the cluster's metadata is inherited by the associated resources. To enable label/annotation inheritance, follow the instructions provided in Operator configuration.

The following continues from that example and limits it to the following:

  • Annotations: categories
  • Labels: app, environment, and workload

Feel free to select the names that most suit your context for both annotations and labels. You can also use wildcards in naming and adopt strategies like using mycompany/* for all labels or setting annotations starting with mycompany/ to be inherited.

Defining cluster's metadata

When defining the cluster, before any resource is deployed, you can set the metadata as follows:

kind: Cluster
  name: cluster-example
    categories: database
    environment: production
    workload: database
    app: sso
     # ... <snip>

Once the cluster is deployed, you can verify, for example, that the labels were correctly set in the pods:

kubectl get pods --show-labels

Current limitations

Currently, EDB Postgres for Kubernetes doesn't automatically propagate labels or annotations deletions. Therefore, when an annotation or label is removed from a cluster that was previously propagated to the underlying pods, the operator doesn't remove it on the associated resources.