Support for tagging VMs and containers (and potentially other stuff...)

ashleyghooper · November 30, 2025, 9:10pm

I have done some googling and didn’t find any mention of tags on VMs/containers being a thing. ChatGPT told me that groups could be an option but I can only find info on cluster groups.

What I have in mind is integrations to Incus from downstream systems that would use this metadata e.g. to perform actions - add to monitoring, enroll in a CMDB, etc - specifically to provide information such as the application system/software, the environment (Dev, Prod), etc.

edit: the ability to use key/value attributes (application: kafka, owner: integration, env: prod) against instances would be preferable to simple, static string tags.

abiosoft · November 30, 2025, 9:29pm

I think metadata can be an option.

ashleyghooper · November 30, 2025, 9:32pm

Thank you @abiosoft. That looks like exactly what I was looking for.

incus config metadata edit hostname

Then set via the properties map. I knew there had to be something like this.

edit: actually, looking a bit further, it appears that those properties might be limited in terms of what keys can be used. Perhaps there’s another area where arbitrary K/Vs can be set against instances?

ashleyghooper · November 30, 2025, 9:40pm

I went ahead and tried it, and it allowed me to set an arbitrary property.

$ sudo incus config metadata show ddclient
architecture: x86_64
creation_date: 1764054241
expiry_date: 0
properties:
  myprop: myvalue
templates: {}

So next question will be - is this the correct/idiomatic way to handle this requirement?

ashleyghooper · November 30, 2025, 9:54pm

And one further question would be how to apply these properties via Terraform. I tried as below but it doesn’t accept properties.

locals {
  instance_props = {
    ddclient = {
      myprop             = "myvalue"
    }
  }
}

...
[within `incus_instance` resource block]

  config = {
    "boot.autostart"   = true
    "limits.cpu"       = 1
    "security.nesting" = true
    "properties"       = jsonencode(local.instance_props["ddclient"])
  }

The plan looked good, but I got this error. So it’s probably my understanding of the data model that is not right. I haven’t had time to get familiar with the Incus API yet, but will work on it.

incus_instance.ddclient: Modifying... [name=ddclient]
╷
│ Error: Failed to update instance "ddclient"
│
│   with incus_instance.ddclient,
│   on ddclient.tf line 10, in resource "incus_instance" "ddclient":
│   10: resource "incus_instance" "ddclient" {
│
│ Invalid config: Unknown configuration key: properties
╵

abiosoft · November 30, 2025, 10:01pm

Maybe setting the properties is yet to be implemented in the terraform provider.

stgraber · November 30, 2025, 11:47pm

Don’t you just want to set user.XYZ config keys?

incus config set MY-INSTANCE user.application=kafka user.owner=integration, user.env=prod

You can then easily use those for filtering, for example:

incus list user.env=prod

ashleyghooper · November 30, 2025, 11:57pm

Thanks @stgraber. Yes, that looks like it’ll do the job.

So in the incus_instance resource in Terraform, we ended up with this:

  config = {
    "boot.autostart"   = true
    "limits.cpu"       = 1
    "security.nesting" = true
    "user.app"         = "ddclient"
    "user.env"         = "prod"
  }

I am then able to list instances via those user.* config keys and their values, or retrieve the value for a single VM as below:

$ sudo incus config get ddclient user.env
prod

stgraber · November 30, 2025, 11:58pm

Yep, that’s the way to go. We support user.XYZ basically on everything that has a config key, not just instances.

ashleyghooper · December 1, 2025, 4:14am

Am I correct in understanding that the only way to view these user.* config keys in the Incus web UI would be by switching to the YAML configuration view for an instance?

stgraber · December 1, 2025, 4:29am

Yeah, you can filter with them using user.foo=bar in the instance search, but they don’t appear anywhere other than in YAML.

Feel free to file an issue at GitHub - zabbly/incus-ui-canonical: Fork of canonical/lxd-ui for use with Incus (gets rebased frequently) as making them more visible would make a lot of sense, at least on instances.

I think we probably would want them showing up on the instance page as User properties and then similarly in the configuration so they can be seen and set without having to use the YAML view.

@presztak ^

ashleyghooper · December 1, 2025, 4:32am

Thanks again @stgraber. That would be fantastic if we could expose this very useful context to administrators using the UI.

I think having a dedicated section for these config entries as you propose would also help with discoverability for the tagging/metadata side.

ashleyghooper · December 1, 2025, 7:25am

I’ve logged this:

github.com/zabbly/incus-ui-canonical

Expose user config entries (user.*) in the UI

opened 07:23AM - 01 Dec 25 UTC

ashleyghooper

Incus administrators can create config entries (key/value pairs) against instanc…es (and other types of resources) via the API or command line, e.g.: ```sh incus config set MY-INSTANCE user.application=kafka user.owner=integration user.env=prod ``` These appear under the main `config` map and can then be consumed by other systems for automation or reporting purposes. However, when viewing an instance in the UI, currently the only way to find them is by switching to the YAML Configuration view. If we were to add a section for these user properties, perhaps on the Overview page, it would be very helpful for administrators to see at a glance some information about the server, e.g. whether it is in production or not, what software it hosts, or any other details we might want to record against the instance. Having a dedicated section could also help with discoverability - I was looking for some kind of instance tagging or metadata feature and googled a bit but didn't find it and so asked on the linuxcontainers.org forums. As a side note, in terms of ergonomics, I was thinking something like the below would be nicer: ```yaml user_properties: env: prod application: kafka owner: integration ``` Rather than: ```yaml user.env: prod user.application: kafka user.owner: integration ``` However, that's more about the Incus/LXD internals and history rather than the UI.