Overview
Why Use Version Selectors?
Version selector rules help you:- Enforce release channels - Only stable versions in production
- Block bad versions - Prevent known-bad releases from deploying
- Naming conventions - Require specific version formats
- Feature flags - Control rollout of experimental features
- Context-aware filtering - Use environment, resource, or deployment data to make dynamic version decisions
Configuration
- Terraform
- API
Properties
A CEL expression (string) or JSON selector (object) to match allowed versions.
CEL expressions have access to
version, environment, resource, and
deployment variables, enabling context-aware version filtering.Human-readable explanation of the rule. Shown to users when a version is
blocked.
CEL Expression Variables
When using CEL expressions, you have access to the following variables:Version Fields
Environment Fields
Resource Fields
Deployment Fields
The CEL environment includes standard extensions (string functions, math, etc.)
and all entity fields are accessible as map keys.
Common Patterns
Stable Versions Only
Block pre-release versions from production:Semantic Version Pattern
Require semantic versioning format:Release Channel by Metadata
Use version metadata for release channels:Major Version Restriction
Restrict major version changes:Context-Aware Version Filtering
Use environment or resource data to dynamically filter versions. This is uniquely powerful because the selector has access to all four entity types:Branch-Based Filtering
Only deploy versions from the main branch:Feature Flag Versions
Control feature rollout by version metadata and resource:JSON Selector Format
As an alternative to CEL expressions, you can use JSON selectors that match against the version object:JSON Selector Operators
JSON selectors only match against the
version object. For cross-entity
filtering (e.g., using environment or resource data), use CEL expressions
instead.Best Practices
Environment Guidelines
Recommendations
- ✅ Use
descriptionto explain why versions are restricted - ✅ Prefer CEL expressions for context-aware filtering (access to environment, resource, deployment)
- ✅ Use metadata for release channels instead of parsing tags
- ✅ Document blocked versions with links to issues
- ✅ Test selectors in lower environments first
- ✅ Start permissive and tighten over time
Anti-Patterns
- ❌ Overly complex regex patterns
- ❌ Blocking without documentation
- ❌ Inconsistent version tagging conventions
- ❌ Forgetting to update blocked version lists
Next Steps
- Policies Overview - Learn about policy structure
- Environment Progression - Control promotion flow
- Version Cooldown - Batch frequent releases