-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add exclusion rules to filter unwanted events (#259)
* Add exclusion rules to filter unwanted events * Add json logic error handling * Fix format/imports with goimport * Rework tests to cater for out of order events Looks like the ordering for events received from the channel is non-deterministic. I had changed the tests in this PR to expect events in an exact order, which passed reliably on my local machine but failed when run by the GitHub Actions workflow. In this commit I've reverted the existing big picture test (the one with no exclusion rules) to not check the payload, and modified the new test (including an exclusion rule) to: a) wait 1 second for all events to be received on the channel b) verify that the excluded event is not received regardless of order c) verify that the expected number of events is received * Fix format
- Loading branch information
Showing
9 changed files
with
254 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -165,6 +165,64 @@ Open your browser to http://localhost:9090. | |
|
||
An example of a useful query is [rate(kubewatch_event_count[5m])](<http://localhost:9090/graph?g0.range_input=1h&g0.expr=rate(kubewatch_event_count%5B1m%5D)&g0.tab=0>) | ||
|
||
## Event filtering | ||
|
||
Events can be excluded from Sloop by adding `exclusionRules` to the config file: | ||
|
||
``` | ||
{ | ||
"defaultNamespace": "default", | ||
"defaultKind": "Pod", | ||
"defaultLookback": "1h", | ||
[...] | ||
"exclusionRules": { | ||
"_all": [ | ||
{"==": [ { "var": "metadata.namespace" }, "kube-system" ]} | ||
], | ||
"Pod": [ | ||
{"==": [ { "var": "metadata.name" }, "sloop-0" ]} | ||
], | ||
"Job": [ | ||
{"in": [ { "var": "metadata.name" }, [ "cron1", "cron3" ] ]} | ||
] | ||
} | ||
}` | ||
``` | ||
|
||
Adding rules can help to reduce resources consumed by Sloop and remove unwanted noise from the UI for events that are of no interest. | ||
|
||
### Limiting rules to specific kinds | ||
|
||
* Rules under the special key `_all` are evaluated against events for objects of any kind | ||
* Rules under any other key are evaluated only against objects whose kind matches the key, e.g. `Pod` only applies to pods, `Job` only applies to jobs etc. | ||
|
||
### Rule format and supported operations | ||
|
||
Rules should follow the [JsonLogic](https://jsonlogic.com) format and are evaluated against the json representation of the Kubernetes API object related to the event (see below). | ||
|
||
Available operators, such as `==` and `in` shown above, are documented [here](https://jsonlogic.com/operations.html). | ||
|
||
### Data available to rule logic | ||
|
||
Kubernetes API conventions for [objects](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#objects) require the following keys to exist in the json data for all resources, all of which can be referenced in rules: | ||
|
||
* `metadata` | ||
* `spec` | ||
* `status` | ||
|
||
Some commonly useful fields under the `metadata` [object](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#ObjectMeta) are: | ||
|
||
* `name` | ||
* `namespace` | ||
* `labels` | ||
|
||
#### Type specific data | ||
|
||
Some resources contain additional type-specific fields, for example `PersistentVolumeClaimSpec` objects have fields named `selector` and `storageClassName`. | ||
|
||
Type specific fields for each object and their corresponding keys in the object json representation are documented in the [core API](https://pkg.go.dev/k8s.io/[email protected]/core/v1), e.g. for `PersistentVolumeClaimSpec` objects the documentation is [here](https://pkg.go.dev/k8s.io/[email protected]/core/v1#PersistentVolumeClaimSpec). | ||
|
||
## Contributing | ||
|
||
Refer to [CONTRIBUTING.md](CONTRIBUTING.md)<br> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters