Topic Owner Label Must Be a Team Slug

Every topic must carry an owner label that resolves to a real team in the IdP / Backstage catalog.

“We need data ownership tied to Backstage — every topic, every consumer group, mapped to a real team in our IdP.”

Rationale

Without a mandatory owner label, no one can answer the auditor question "who owns this topic?" on a multi-team cluster. Anonymous topics accumulate, schemas drift, and incident response stalls because nobody knows whom to page. An owner label is the cheapest governance control with the highest audit payoff.

Pattern

metadata.labels.owner matches ^[a-z][a-z0-9-]{1,38}$

Examples

metadata.labels.owner: payments-platform

metadata.labels.owner: fraud-detection

no owner label

metadata.labels.owner: john.smith

metadata.labels.owner: TBD

Parameters

Name	Default	Description
`owner_pattern`	`"^[a-z][a-z0-9-]{1,38}$"`	Regex an owner value must match (team slug, not a person).
`label_key`	`"owner"`	Metadata label key carrying the owning team.

Implementation

Drop this YAML into Conduktor Console as a ResourcePolicy, then link it from an ApplicationInstance, Application, or KafkaCluster.

Conduktor ResourcePolicy

# Conduktor self-service ResourcePolicy
# Schema: https://docs.conduktor.io/platform/reference/resource-reference/self-service/#resourcepolicy
---
apiVersion: self-serve/v1
kind: ResourcePolicy
metadata:
  name: topic-owner-slug-required
spec:
  targetKind: Topic
  description: Every topic must declare metadata.labels.owner as a team slug
  rules:
    - condition: 'has(metadata.labels) && "owner" in metadata.labels && metadata.labels["owner"].matches("^[a-z][a-z0-9-]{1,38}$")'
      errorMessage: "Topic must set metadata.labels.owner to a team slug (e.g. payments-platform), not a person or TBD"

Related policies

Try Conduktor Console

Enforce policies like this across your team — central audit history, pre-commit guardrails, ApplicationInstance bindings. 5-min Docker install.

Get Started →