Resource labels
From version 22.3.0, Seqera supports resource labels in compute environments and other elements of your Seqera instance. This offers a flexible tagging system for annotation and tracking of the cloud services consumed by a run.
Resource labels are sent to the service provider for each cloud compute environment in key=value format.
Resource labels are applied to elements during:
- Compute environment creation with Batch Forge
- Submission
- Execution
Create and apply labels
Resource labels can be created, applied, and edited by a workspace admin or owner. When applying a label, users can select from existing labels or add new labels on the fly.
Resource labels applied to a compute environment
Admins can assign a set of resource labels when creating a compute environment. All runs executed using the compute environment will be tagged with its resource labels. Resource labels applied to a compute environment are displayed on the compute environment details page.
Apply resource labels when you create a new compute environment.
Once the compute environment has been created, its resource labels cannot be edited.
If a resource label is applied to a compute environment, all runs in that compute environment will inherit it. Likewise, all cloud resources generated during the workflow execution will be tagged with the same resource label.
Resource labels applied to pipelines, actions, and runs
Available from Seqera Platform version 22.4.0
Admins can override the default resource labels inherited from the compute environment when creating and editing pipelines, actions, and runs on the fly. The custom resource labels associated with each element will propagate to the associated resources in the cloud environment without altering the default resource labels associated with the compute environment.
When an admin adds or edits the resource labels associated with a pipeline, action, or run, the submission and execution time resource labels are altered. This does not affect the resource labels for resources spawned at (compute environment) creation time.
For example, the resource label name=ce1 is set during AWS Batch compute environment creation. If you create the resource label pipeline=pipeline1 while creating a pipeline which uses the same AWS Batch compute environment, the EC2 instances associated with that compute environment will still contain only the name=ce1 label, while the Job Definitions associated with the pipeline will inherit the pipeline=pipeline1 resource label.
If a maintainer changes the compute environment associated with a pipeline or run, the Resource labels field is updated with the resource labels from the new compute environment.
Search and filter with labels
Search and filter pipelines and runs using one or more resource labels. The resource label search uses a label:key=value format.
Overview of resource labels in a workspace
Select a workspace's Settings tab to view all the resource labels used in that workspace. Resource labels can only be edited or deleted by admins and only if they're not already associated with any resource. This applies to resource labels associated with compute environments and runs. When you add or edit a resource label, you can optionally set the "Use as default in compute environment form" option. Workspace default resource labels are prefilled in the Resource labels field when creating a new compute environment in that workspace.
The deletion of a resource label from a workspace has no influence on the cloud environment.
Resource label propagation to cloud environments
You can't assign multiple resource labels, using the same key, to the same resource — regardless of whether this option is supported by the destination cloud provider.
Resource labels are only available for cloud environments that use a resource tagging system. Seqera supports AWS, Google Batch, Google Life Sciences, Azure, and Kubernetes. HPC compute environments do not support resource labels.
Note that the cloud provider credentials you use must have the appropriate roles or permissions to tag resources in your environment.
When a run is executed in a compute environment with associated resource labels, Seqera Platform propagates the labels to a set of resources (listed below), while Nextflow distributes the labels for the resources spawned at runtime.
If the compute environment is created through Forge, the compute environment will propagate the tags to the resources generated by the Forge execution.
Resource label propagation is one-way and not synchronized with the cloud environment. This means that Seqera attaches tags to cloud resources, but isn't aware if those tags are changed or deleted directly in the cloud environment.
AWS
When the compute environment is created with Forge, the following resources will be tagged using the labels associated with the compute environment:
Forge creation time
- FSX Filesystems (does not cascade to files)
- EFS Filesystems (does not cascade to files)
- Batch Compute Environment
- Batch Queue(s)
- ComputeResource (EC2 instances, including EBS volumes)
- Service role
- Spot Fleet role
- Execution role
- Instance Profile role
- Launch template
Submission time
- Jobs and Job Definitions
- Tasks (via the propagateTagsparameter on Job Definitions)
Execution time
- Work Tasks (via the propagateTagsparameter on Job Definitions)
At execution time, when the jobs are submitted to Batch, the requests are set up to propagate tags to all the instances and volumes created by the head job.
The forge-policy.json file contains the roles needed for Batch Forge-created AWS compute environments to tag AWS resources. Specifically, the required roles are iam:TagRole, iam:TagInstanceProfile, and batch:TagResource.
To view and manage the resource labels applied to AWS resources by Seqera and Nextflow, go to the AWS Tag Editor (as an administrative user) and follow these steps:
Under Find resources to tag, search for the resource label key and value in the relevant search fields under Tags. Your search can be further refined by AWS region and resource type. Then select Search resources. Resource search results display all the resources tagged with your given resource label key and/or value.
Include Seqera resource labels in AWS billing reports
To include the cost information associated with your resource labels in your AWS billing reports:
- Activate the associated tags in the AWS Billing and Cost Management console. Newly-applied tags may take up to 24 hours to appear on your cost allocation tags page.
- When your tags are activated and displayed in Billing and Cost Management > Cost allocation tags, you can apply them when you create cost allocation reports.
AWS limits
- Resource label keys and values must contain a minimum of 2 and a maximum of 39 alphanumeric characters (each), separated by dashes or underscores.
- The key and value cannot begin or end with dashes -or underscores_.
- The key and value cannot contain a consecutive combination of -or_characters (--,__,-_, etc.)
- A maximum of 25 resource labels can be applied to each resource.
- A maximum of 1000 resource labels can be used in each workspace.
- Keys and values cannot start with awsoruser, as these are reserved prefixes appended to tags by AWS.
- Keys and values are case-sensitive in AWS.
See here for more information on AWS resource tagging.
Google Batch and Google Life Sciences
When the compute environment is created with Forge, the following resources will be tagged using the labels associated with the compute environment:
Submission time
- Job (Batch)
- RunPipeline (Life Sciences)
Execution time
- AllocationPolicy (Batch)
- VirtualMachine (Life Sciences)
- RunPipeline (Life Sciences)
GCP limits
- Resource label keys and values must contain a minimum of 2 and a maximum of 39 alphanumeric characters (each), separated by dashes or underscores.
- The key and value cannot begin or end with dashes -or underscores_.
- The key and value cannot contain a consecutive combination of -or_characters (--,__,-_, etc.)
- A maximum of 25 resource labels can be applied to each resource.
- A maximum of 1000 resource labels can be used in each workspace.
- Keys and values in Google Cloud Resource Manager may contain only lowercase letters. Resource labels created with uppercase characters are changed to lowercase before propagating to Google Cloud.
See here for more information on Google Cloud Resource Manager labeling.
Azure
The labeling system on Azure Cloud uses the term metadata to refer to resource and other labels
When creating an Azure Batch compute environment with Forge, resource labels are added to the Pool parameters — this adds set of key=value metadata pairs to the Azure Batch Pool.
Azure limits
- Resource label keys and values must contain a minimum of 2 and a maximum of 39 alphanumeric characters (each), separated by dashes or underscores.
- The key and value cannot begin or end with dashes -or underscores_.
- The key and value cannot contain a consecutive combination of -or_characters (--,__,-_, etc.)
- A maximum of 25 resource labels can be applied to each resource.
- A maximum of 1000 resource labels can be used in each workspace.
- Keys are case-insensitive, but values are case-sensitive.
- Microsoft advises against using a non-English language in your resource labels, as this can lead to decoding progress failure while loading your VM's metadata.
See here for more information on Azure Resource Manager tagging.
Kubernetes
Both the Head pod and Work pod specs will contain the set of labels associated with the compute environment in addition to the standard labels applied by Seqera Platform and Nextflow.
Currently, tagging with resource labels is not available for the files created during a workflow execution. The cloud instances are the elements being tagged.
The following resources will be tagged using the labels associated with the compute environment:
Forge creation time
- Deployment
- PodTemplate
Submission time
- Head Pod Metadata
Execution time
- Run Pod Metadata
Kubernetes limits
- Resource label keys and values must contain a minimum of 2 and a maximum of 39 alphanumeric characters (each), separated by dashes or underscores.
- The key and value cannot begin or end with dashes -or underscores_.
- The key and value cannot contain a consecutive combination of -or_characters (--,__,-_, etc.)
- A maximum of 25 resource labels can be applied to each resource.
- A maximum of 1000 resource labels can be used in each workspace.
See here for more information on Kubernetes object labeling.